googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 19, 2023
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:30 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Cybersecurity and Cyber Risk Economics: Part 1
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: Magnolia

    It seems like every week there is a new cybersecurity incident making headlines. With so much negative attention, it is easy to see why some people–especially regulators–believe that cybersecurity is “failing,” but such a broad sentiment couldn’t be further from the truth. The truth is, neither the internet as a whole nor any of its connected entities will ever be 100% “secure.” While people realize this, the incidents and other failures loom large, even in the face of great silent successes. In reality, cybersecurity programs have complexities and nuances that matter, and our field must get better at communicating the concepts of complexity, risk, and economics.

    This course is structured into four parts:

    Session 1 – Cybersecurity Economics:
    This session will provide a broad coverage of economic concepts and issues in managing a cybersecurity program. Key topics include: Concepts and Overview; Willingness to Accept/Willingness to Pay; Scarcity; Cognitive Biases; Perception of Risk; Benefit-Cost Analysis; Perverse Incentives; Unintended Consequences.

    Session 2 – Cybersecurity Risks:
    This session will cover key cybersecurity-related risk discussion that incorporates history, risk in external disciplines, mathematical concepts, and more. Key concepts covered will include: The Risk Equation (frequency, impact, threats, vulnerabilities); Risk Heuristics; Estimating Value and Loss; the Attacker’s Equation; Calibrating Risk Matrices; Key Risk Indicators; Cyber Risk Quantification.

    Session 3 – Cybersecurity Controls:
    This session will focus on the core disciplines of cybersecurity operations – identity management, vulnerability management, trust management, and threat management. It will highlight their goals and objectives, administrative processes, and technical solutions. Key concepts covered: Frameworks; RACI Matrices; Four Disciplines; Managing Resources – Time and Costs of People Process and Technologies. Examples: Benefit-Cost Analyses; Automation Justification; Return on Security Investment.

    Session 4 – Cybersecurity Metrics and Measures:
    This session will tie the sessions together by applying the economics, risk, financial, and technical elements together with a full program that begins with operational details and rolls them up into a full strategic cybersecurity plan suitable to discuss with executives and board of directors. Key concepts covered will include: Cybersecurity Efficacy; Receiver Operating Characteristic (ROC) Curves; Asset and Activity Classification; Top Ten Strategic Metrics; The One Metric to Rule Them All.

    Our field is at a key point in its history. It is time to demonstrate cybersecurity leadership by creating programs that are diligent and not negligent; provide compliance with applicable regulations; and demonstrate the efficiency and effectiveness necessary to align with business objectives.

    These sessions will be packed with examples, exercises, and anecdotes. Limited seating is available on a first-come, first-served basis. Sorry, no recording will be allowed.

    7:30 am
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 1
    • session level icon
    An Overview of US and Global Privacy Laws
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: Maple

    This SecureWorld PLUS course will focus on key privacy laws and concepts, and how to implement privacy into your organization. The main components that the course will cover include:

    1. Overview of US and Global Privacy Laws
    2. Building an Effective and Practical Privacy and Security compliance program
    3. Creating a process to respond to data subject rights
    4. Addressing key privacy concepts: data minimization, privacy by design, data protection impact assessments, responding to privacy breaches.

    Increasingly, each country, and even each state, is providing unique legal solutions to data privacy and information security. For businesses that cross borders, both national and domestic, this creates distinct challenges to building effective solutions that address legal requirements while also allowing a business to innovate and evolve. These changing privacy, security and technology requirements are impacting the growth and innovation within companies, requiring strategic decisions regarding risk, legal liability, and strategic planning.

    Often, understanding the requirements of the law, and translating those requirements into technological solutions can be challenging. However, companies that are operationalizing privacy and information security within their organizations are able to address these evolving legal requirements while balancing growth and new opportunities. This workshop will provide in-depth understanding of those legal requirements, and provide a framework to help the industry incorporate privacy and security within their operations so that the law can work hand-in-hand with the business, and not become a barrier for the businesses growth and evolution.

    The course will include both lecture and hands-on exercises. The goal is for attendees to take away tools and strategies to bring this conversation to their teams and departments.

    Session 1 of the course will start with an overview of general privacy and security legal and policy principles, and then will focus on the key laws and regulatory decisions that are pushing the privacy and security legal landscape, including the European Union’s General Data Protection Regulation (“GDPR”), the Federal Trade Commission (“FTC”) rules and regulations, the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and the various U.S. state privacy laws. Using these laws, we will discuss case studies, and how to communicate, plan, and strategize on products and solutions that
    incorporate privacy and security requirements.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    ISSA Delaware Valley Chapter Meeting
    • session level icon
    Open to all attendees
    speaker photo
    President, ISSA Delaware Valley Chapter
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: Parkview Ballroom
    Come join chapter members to network, learn about ISSA, and meet your local chapter board members.
    8:00 am
    WiCyS Delaware Valley Affiliate Meeting
    • session level icon
    Open to all attendees
    speaker photo
    Board President, WiCyS Delaware Valley Affiliate
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: Laurel East
    Come join chapter members to network, learn about WiCyS, and meet your local chapter board members.
    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Remaining Resilient and Identifying the Next Transformation Facing Cybersecurity Professionals
    speaker photo
    VP, CISO, TE Connectivity
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am
    Location / Room: Chop House

    Join this invitation-only meeting for SecureWorld Philadelphia Advisory Council members to discuss:

    • The next transformation that is going to “bite cybersecurity professionals in the @ss” and the shifts to take note of in the cybersecurity landscape
    • What transformations are coming in the next 5-10 years that cybersecurity professionals, and business leaders in general, should be thinking about
    • Resilience. How do we stress the importance of resilience when it comes to data centers?
    • What keeps cybersecurity professionals like you up at night is what you can’t even imagine is coming next.

    Come prepared to add to the discussion. The more voices, the better. At 1:15 p.m. on Day 2, moderator Todd Bearman will lead a discussion open to all attendees where he will share what your closed-door meeting discussed and invite robust Q&A from those in attendance.

    9:00 am
    ChatGPT and Other AI Products: What Are the Implications for Cybersecurity?
    • session level icon
    speaker photo
    President, WiCyS Delaware Valley Affiliate
    speaker photo
    Certified Ethical Hacker
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater
    This session explores how AI-powered language models like ChatGPT are transforming the cybersecurity industry. Our presenters will discuss how these models can be used to identify and prevent cyber attacks by analyzing vast amounts of data and detecting patterns that human analysts might miss. They will also examine the potential ethical concerns and limitations of using AI in cybersecurity.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    Incident Response: How to Triage Real and False Alarms
    • session level icon
    speaker photo
    Former CISO, ActBlue Technical Services
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: Parkview Ballroom

    One of the biggest challenges in incident response is triaging real and false cybersecurity alarms. Come ready to hear tips to help you triage cybersecurity alarms effectively, including:

    • Establishing a baseline
    • Using multiple detection methods
    • Analyzing the source of the alarm
    • Validating the alarm
    • Prioritizing incidents
    • Responding appropriately
    • Learning from false alarms
    10:15 am
    Debunking Common Myths About XDR
    • session level icon
    speaker photo
    Chief Cybersecurity Evangelist & Head of Technical Marketing, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: Laurel West

    There has been a tremendous buzz across the cybersecurity community about the emerging technology known as XDR (eXtended Detection & Response). Unfortunately for the practitioner, there has yet to be a single definition widely accepted by both analysts and vendors purporting to be knowledgeable on the subject. What is XDR and why should I consider the technology in my enterprise security stack? What should I expect from vendors who claim to have built the perfect mousetrap? What is reality, and what is just hype? This session will walk through some generally accepted value statements associated with XDR, while attempting to debunk a few common myths that continue to muddy the water for security teams.

    10:15 am
    Get Ready 'Cause Here It Comes: Preparing for the Looming PCI 4.0 Compliance Deadline
    • session level icon
    speaker photo
    Director of Governance & Compliance, Risk Advisory Services, AccessIT Group
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: Laurel East

    With the release of PCI 4.0, the clock has started ticking for companies and service providers that must be PCI compliant to transition to the new framework. With the compliance deadline less than two years off, now is the time to “get ready” and close the gaps for standards you’re not currently meeting.

    Join this session to learn about:

    • The key changes in the recent PCI 4.0 update and what your organization needs to do to prepare
    • How to leverage compliance to help your organization become more secure.
    11:10 am
    Small but Mighty: Building the Next Generation of Cybersecurity Professionals with Limited Resources
    • session level icon
    speaker photo
    Founder & Executive Director, Cybersecurity Gatebreakers Foundation
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: Parkview Ballroom
    There are simply not enough people in the field of information security. According to the U.S. Department of Commerce, there are over half a million unfilled cybersecurity jobs in the U.S. Around the world, that number swells to an estimated 3.5 million jobs unfilled.
    Unfortunately, business leaders are constrained in their investment in the next generation of security professionals; security is, ultimately, a cost center. How then, with our limited budgets, time, and energy, can leaders build the next generation of cybersecurity professionals? After all, the cybersecurity professionals that we hire and train today will be the grizzled veterans that we need in the future.
    This session tackles practical tips and industry-proven methods for finding, training, and benefiting from incredible junior-level cybersecurity professionals for your growing information security team.
    11:10 am
    Covering Your Cyber Assets
    • session level icon
    speaker photo
    Consultant, Cyber Risk Solutions Team, WTW
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: Laurel West
    The cyber insurance market has gone through dramatic change over the past few years, with rapidly increasing rates and restricting coverages. Join a former CISO and cyber insurance underwriter to discuss the current market environment, where it may be going, and what you can do to improve your own coverages and pricing.
    11:10 am
    [Panel] There's a Bad Moon on the Rise – Are You Ready?
    • session level icon
    Identifying the Current Threat Landscape
    speaker photo
    Principal Partner Sales Engineer, Contrast Security
    speaker photo
    Senior Field Sales Engineer, WithSecure
    speaker photo
    Partner Sales Manager, Expel
    speaker photo
    Regional Sales Engineer, CrowdStrike
    speaker photo
    VP, CISO, TE Connectivity
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: Laurel East

    Like the main character in the 1981 horror movie, An American Werewolf in London, cybercriminals continue to morph into something evil, lurking in the night (and day) to cause harm to people, organizations, and governments. Cue the Creedence Clearwater Revival song, Bad Moon Rising.

    The cybersecurity community is smart and more than capable of thwarting bad actors, fangs and all. They have tools, technologies, partnerships across private and public entities, and solution vendors to help them along the way. Don’t forget about the consultants working hard to stay ahead of those wanting to do harm, as well.

    Hear our panelists’ views on the current threat landscape, solutions they have to offer, and ideas they have for turning a bad moon into a harvest moon.

    12:00 pm
    [Lunch Keynote] Transforming Information Security for Businesses of All Sizes
    • session level icon
    speaker photo
    CTO, Center for Internet Security
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    In order to combat cyber threats for organizations of all sizes and the supply chain, how information security is delivered and managed requires transformation. The burden of securing systems and networks has long been placed on the end organization, resulting in a distributed management requirement that does not scale. Requirements placed on the end organization exacerbate the burden, whereas “shift left,” setting requirements on the vendor, can alleviate it. Industry has a unique opportunity to aid a positive transformation to better scale security for solutions, with an aim towards improving the overall security posture and reducing the security professional deficit. Innovation to deploy security following scalable architectural patterns for security management is paramount.

    12:00 pm
    Advisory Council Lunch Roundtable (VIP / Invite Only)
    • session level icon
    New State Privacy Laws Go Into Effect This Year – Are You Ready?
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    speaker photo
    CEO & CISO, River Birch Data Security Consulting
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: Chop House
    Come ready to discuss the five new privacy laws going into effect in 2023 in California, Utah, Virginia, Connecticut, and Colorado. How you are preparing, and what do they mean for you as security professionals? We’ll even have an attorney in the room to answer questions. In addition, we’ll tackle the topic of the many security compliance standards customers are requiring of companies and cybersecurity professionals (ISO, NIST, HITRUST, etc.) We’ll discuss what strategies, automation, and/or tools are working best for us.
    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    [Panel] Pearls of Wisdom from Pioneering Females in Cybersecurity
    • session level icon
    speaker photo
    CISO, United Musculoskeletal Partners
    speaker photo
    Founder & CEO, Cyber Job Central
    speaker photo
    Enterprise Cloud Security — Product Lead, UnitedHealth Group
    speaker photo
    President, WiCyS Delaware Valley Affiliate
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: Parkview Ballroom

    Our panelists share how they’ve managed to carve out successful careers in cybersecurity, including sharing networking techniques and tips for women just breaking into cybersecurity and those looking to move up the career ladder.

    1:15 pm
    [Panel] Hitting the Right Note with Your Network Security
    • session level icon
    Developing an Incident Response Plan
    speaker photo
    Lead Cybersecurity Consultant, vCISO, AccessIT Group
    speaker photo
    Global Security Strategist, Check Point Software Technologies
    speaker photo
    Regional Sales Director – Northeast & Mid-Atlantic, BlackBerry
    speaker photo
    FIS, Director, Information Security & Risk Officer
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Laurel East

    A new attack vector (or two or eight) is identified daily, and who knows what is coming down the pike from those with nefarious intentions. How do cybersecurity professionals keep up and strike the right note in their symphony of defenses? Cybersecurity teams must have solid Incident Response (IR) plans in place to mitigate these attacks.

    Our panel of experts reveals the instruments—tools, technologies, and systems—they have to offer so that cybersecurity band members are all playing the same tune on behalf of their organizations. They’ll identify current threats and solutions for each so public and private entities have an IR plan that balances defense and offense, creating a beautiful song.

    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:30 pm
    Taking a Proactive Approach to a Theoretical Incident
    • session level icon
    speaker photo
    CISO, Flagship Credit Acceptance
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: Parkview Ballroom

    Incidents don’t have to be major headline makers to significantly alter the security posture of an organization. This session walks through, theoretically, how an attacker might access a company’s system, what they will try to do while they are in it, and appropriate ways for the cybersecurity team and the business to react to the incident. The session answers, proactively, what the business could do differently to reduce potential impact and react faster.

    2:30 pm
    BarCode Podcast Recording: CISOs Riff on the Latest in Cybersecurity
    • session level icon
    speaker photo
    Founder, The BarCode Podcast
    speaker photo
    CISO, PENN Entertainment
    speaker photo
    CISO, United Musculoskeletal Partners
    speaker photo
    Director of Global Information Security Operations, Crown Holdings
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: Laurel East
    Join this live recording of the BarCode podcast, a happy hour-style audio engagement that “sits at the intersection of cybersecurity and bar room banter.” Host and Founder Chris Glanden will interview SecureWorld Philadelphia speakers and guests throughout the session, and include Q&A from the audience, for a recording that will air the week following the conference.
    2:30 pm
    Cloud Security Alliance Chapter Meeting
    • session level icon
    Underutilized Cloud Security Toolbox
    speaker photo
    Sr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: Laurel West
    Do you have too many security tools for cloud, some native, some purchased, some extended from data center? Are these just for compliance check or are you able to get meaningful data and visibility to monitor, secure and automatically remediate the issues? Are you grappling with native vs. COTS (Commercial Off The Shelf) security tools? This session will address those questions and provide a clear guidance to monitor and secure the infrastructure and applications in the cloud.
    3:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:15 pm
    Happy Hour
    • session level icon
    Sponsored by BitLyft and Corelight
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 5:00 pm
    Location / Room: Exhibitor Floor

    Join your peers for conversation and complimentary beer, wine, and soda. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.

    Generously sponsored by BitLyft and Corelight. Please visit BitLyft in booth 125 and Corelight in booth 195 to receive a drink ticket.
        

    3:45 pm
    Keeping Score: The Power of Delivering Security-Centric Dashboards to Business Leaders
    • session level icon
    speaker photo
    Sr. Director, Information Security, Addepar
    speaker photo
    VP, Cyber Analytics, BlackRock
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: Keynote Theater
    This presentation delivers a compelling argument for aggregating business facing security metrics into department specific dashboards. We discuss best practices for communicating these dashboards to ensure their use amongst business department leaders driving further integration between security teams and business departments. Done properly, these dashboards increase connectivity between InfoSec teams and the business and allow department leaders to focus on their specific security priorities. The presentation also provides a technical framework for the creation of these dashboards with example metrics that practitioners can implement immediately.
    3:45 pm
    [PLUS Course] Cybersecurity and Cyber Risk Economics: Part 2
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: Magnolia

    Session 2 – Cybersecurity Risks:
    This session will cover key cybersecurity-related risk discussion that incorporates history, risk in external disciplines, mathematical concepts, and more. Key concepts covered will include: The Risk Equation (frequency, impact, threats, vulnerabilities); Risk Heuristics; Estimating Value and Loss; the Attacker’s Equation; Calibrating Risk Matrices; Key Risk Indicators; Cyber Risk Quantification.

    3:45 pm
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 2
    • session level icon
    Building an Effective and Practical Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: Maple

    Session 2 will focus on the key components of an effective and practical data privacy and information security compliance program. This session will include an overview of key compliance documentation, including policies, procedures, and supporting documentation. We will discuss how to build a program that addresses the regulatory and legal requirements, while also balancing your business’ unique infrastructure and organization.

  • Thursday, April 20, 2023
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:30 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Cybersecurity and Cyber Risk Economics: Part 3
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: Magnolia

    Session 3 – Cybersecurity Controls:
    This session will focus on the core disciplines of cybersecurity operations – identity management, vulnerability management, trust management, and threat management. It will highlight their goals and objectives, administrative processes, and technical solutions. Key concepts covered: Frameworks; RACI Matrices; Four Disciplines; Managing Resources – Time and Costs of People Process and Technologies. Examples: Benefit-Cost Analyses; Automation Justification; Return on Security Investment.

    7:30 am
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 3
    • session level icon
    Operationalizing Your Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am
    Location / Room: Maple

    In Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Special Presentation by the FBI
    • session level icon
    In cooperation with Philadelphia InfraGard
    speaker photo
    Special Agent, FBI
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:50 am
    Location / Room: Parkview Ballroom

    FBI Special Agent Cerena Coughlin provides updates to InfraGard members and guests.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Keeping Up With the Joneses (Standards)
    speaker photo
    Owner, Carmel Consulting LLC
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am
    Location / Room: Chop House

    In this invite-only session for Advisory Council members, we cover the latest updates to cybersecurity standards, including those from the National Institute of Standards and Technology (NIST) and the Cybersecurity Maturity Model Certification (CMMC). We discuss how these standards have evolved over time and the key changes that have been made to them.

    We explore NIST’s cybersecurity framework, which provides a comprehensive set of guidelines, standards, and best practices for managing cybersecurity risks. We discuss the latest versions of the framework, including updates to help organizations better understand and manage cybersecurity risks.

    We also dive into the CMMC, a set of cybersecurity standards developed by the U.S. Department of Defense (DoD) to protect sensitive government data. We discuss the different levels of certification and what they mean for organizations seeking to do business with the DoD.

    9:00 am
    [Opening Keynote] Managing Through Transition: Maximizing the Value of People, Process, and Technologies
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    Transition occurs almost constantly within an organization, perhaps more so in cybersecurity. Add in an acquisition, and the urgency to get people, systems and technologies aligned ramps up considerably. This session explores transition through the CISO lens, including performing a technology analysis and working through a checklist for examining vendor relations and enhancements. This allows the cybersecurity team to know the value of products and services they purchase and use (and what determines renewal or termination of a contract/vendor relationship).

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    Understaffed and Under Pressure
    • session level icon
    speaker photo
    CISO, PENN Entertainment
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: Parkview Ballroom

    Staffing challenges continue to be a pain point for CISOs as they work to build – and keep – teams while staying on top of an ever growing threat landscape.

    The digital world continues to change and grow, companies continue to become more agile, and the speed of delivery continues to increase. Those are just the tip of the iceberg for security leaders when it comes to building and keeping security teams. Lets talk about those challenges and more as we walk through the different options we have as security leaders to build the best team possible.

    10:15 am
    Post-Breach: CISOs, not Just Companies, at Risk
    • session level icon
    speaker photo
    Co-Founder & Managing Partner, XPAN Law Partners
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: Laurel East

    There are few things that people can count on in this world, but lawsuits following data breaches have now become a stalwart post breach. Previously, it was just the company that received (multiple) lawsuits alleging “damages” suffered by data subjects after the data breach. But in the past few years we have also seen the emergence of a new type of lawsuit, one where members of the C-Suite are also being named, personally.

    A group of investors sued SolarWinds following its supply chain cyberattack and named the CISO in the lawsuit. They accused him, and the company, of embracing “intentional or severely reckless deceit on investors” because of alleged claims about the company’s cybersecurity. This session is an interactive discussion that explores the various types of risks posed to companies as a result of these lawsuits. It delves into the insurance implications and experiences related to insurance limits. The session also covers the various new laws and regulations that can impact liability of the company, its C-Suite, and board.

    10:15 am
    Point of Scary: The POS Ecosystem
    • session level icon
    speaker photo
    Director of Cloud Security, Financial Services
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: Laurel West
    We all use point-of-sale (POS) systems on a regular basis and never give much thought to the technology powering these devices. What OS do these devices use? What kind of networking capabilities do they have? When was the last time the OS was patched? What countries do these devices beacon out to? Does the PCI logo emblazoned on the website actually mean anything? Join us as we delve into several different kinds of systems and discover the convergence of hardware, software, APIs, and an ecosystem built on scary.
    11:10 am
    New State Privacy Laws Go Into Effect This Year – Are You Ready?
    • session level icon
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: Laurel West

    Learn about the five new privacy laws going into effect in 2023 in California, Utah, Virginia, Connecticut, and Colorado. This session provides helpful tips and info, including:

    • How to prepare.
    • What the new laws mean for you as security professionals.
    • Information about the many security compliance standards customers are requiring of companies and cybersecurity professionals (ISO, NIST, HITRUST, etc.).
    • What strategies, automation, and/or tools are working to help cybersecurity professionals stay ahead of the laws.

    Come with your questions and feel free to share your input.

    11:10 am
    Protecting Against OT and IoT Threats
    • session level icon
    speaker photo
    SVP, IT, Caesars Entertainment
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: Parkview Ballroom

    There are several steps you can take to protect against cybersecurity threats in OT (Operational Technology) and IoT (Internet of Things) environments. This session explores these steps, including:

    • Developing a comprehensive cybersecurity strategy
    • Segmenting your networks
    • Implementing strong access controls
    • Using encryption
    • Keeping your systems up to date
    • Monitoring your systems
    • Conducting regular training and awareness

    But are IoT security solutions too expensive, or too complicated, to even implement? Come ready to learn and share your thoughts in this interactive session.

    11:10 am
    [Panel] Lucy in the Cloud with Diamonds
    • session level icon
    Securing Your Cloud Environment
    speaker photo
    Solution Engineer, Okta
    speaker photo
    Sales Engineer, Identity and Access Management, Thales
    speaker photo
    Sr. Sales Engineer, Orca Security
    speaker photo
    Sr. Manager, Information Security, Affiliated Distributors
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: Laurel East

    Can you “imagine” if The Beatles, when first starting out, had to deal with having their catalog of music hacked, stolen, and held for ransom simply because it was in an unsecure cloud setting? While it is possible for that to happen with their hit-laden collection of songs today, it’s merely a tiny example of how businesses operate at a minimum in a hybrid cloud environment—many in a cloud-only platform.

    With that comes security issues and another major area which cybersecurity professionals must work diligently to protect.

    Our panel of experts share the good, the bad, and the ugly of operating in a cloud environment, what it takes to make the move to hybrid or multi-cloud successful, how to protect data from insider and outsider threats, and what it takes to provide the support DevOps teams need.

    12:00 pm
    [Lunch Keynote] Achieving Operational Resilience Through Sustainable Cybersecurity
    • session level icon
    speaker photo
    Deputy Regional Director, Region 3, Cybersecurity and Infrastructure Security Agency
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    Despite a global focus on cybersecurity, our critical infrastructure faces an ever-growing and evolving threat environment from both criminal and state actors and is a persistent security challenge. Additionally, our critical infrastructure—which has historically been controlled by manual, physical mechanisms and processes using stand-alone technologies—is increasingly becoming interconnected. The convergence of physical and digital systems increases productivity and cost efficiencies, but it also increases risk of operational and cascading impacts when disruptions occur. Specifically, our critical infrastructure is vulnerable to cyber threats with physical consequences, as well as physical threats with cyber-related consequences. Understanding how to address this cyber-physical convergence while encouraging the adoption of secure-by-design and secure-by-default concepts is vital for building operational resilience and an effective defense against threats of today, as well as those of tomorrow.

    While projects like Shields Up—which enabled CISA to provide urgent guidance in the wake of Russia’s attack on Ukraine—effectively helped organizations adopt a heightened posture, the fact is that our shields will likely be up for the foreseeable future. Maintaining the nation’s cybersecurity posture in the long-term will require governments and industries to continue to work alongside one another and adjust protection efforts when necessary. To that end, CISA is building an understanding of the cyber-physical convergence into the way we operate and working towards operational resilience with what CISA Director Jen Easterly calls a “posture of persistent collaboration” between the public and private sectors as part of growing a culture of sustainable cybersecurity.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    AI and Machine Learning: Is It Hype or Help?
    speaker photo
    VP, Information Security, Genesis HealthCare
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: Chop House
    Now that AI and machine learning have been introduced into security technology, are they worth the hype, or are they helpful tools for cybersecurity professionals? Come ready to join this invite-only gathering of SecureWorld Philadelphia Advisory Council members for an open exchange about the good, the bad and the ugly of artificial intelligence in our profession.
    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Remaining Resilient and Identifying the Next Transformation Facing Cybersecurity Professionals
    • session level icon
    speaker photo
    VP, CISO, TE Connectivity
    speaker photo
    Sr. Director, Governance, Risk and Compliance, TE Connectivity
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm
    Location / Room: Parkview Ballroom

    On Day 1 of the conference, SecureWorld Philadelphia Advisory Council members gathered to discuss:

    • The next transformation that is going to “bite cybersecurity professionals in the @ss” and the shifts to take note of in the cybersecurity landscape
    • What transformations are coming in the next 5-10 years that cybersecurity professionals, and business leaders in general, should be thinking about
    • Resilience. How do we stress the importance of resilience when it comes to data centers?
    • What keeps cybersecurity professionals like you up at night is what you can’t even imagine is coming next.

    Todd Bearman and Brandi Burton will share the insights from the closed-door session and open up the discussion to conference attendees to share their views.

    1:15 pm
    I Can See Clearly Now, the Threats Are Gone
    • session level icon
    Threat Intelligence: The State of InfoSec Today
    speaker photo
    Executive Director, Americas Region, CREST
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Laurel East

    Zero Trust is considered by many to be a marketing buzzword, but what it really alludes to is having good, basic cybersecurity hygiene. It’s what any cybersecurity professional worth their salt has been doing, and does, daily. Ransomware, phishing, and BEC grab the headlines, but your run-of-the-mill cyberattacks can’t be ignored because of the shiny new thing garnering all the attention.

    The CISO is like a musical conductor that must pay attention to all the resources at his or her disposal—be it people, tools, technologies, systems, and more. How is the organization handling security awareness training? What about staffing shortages affecting the organization, or even the vendors with which CISOs and their teams work?

    Join this session to hear insights and takeaways on the state of the information security profession today, including tips for seeing clearly and staying ahead of threats.

    2:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 2:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:30 pm
    Security Awareness: Engaging People and Tracking the Right Metrics
    • session level icon
    speaker photo
    DevSecOps Lead, Vanguard
    Registration Level:
    • session level iconConference Pass
    2:30 pm - 3:15 pm
    Location / Room: Parkview Ballroom

    Security awareness is a critical component of any organization’s security posture. It refers to the process of educating employees and other stakeholders about potential security threats and how to prevent them. Engaging people in security awareness and tracking the right metrics are two essential aspects of building a robust security awareness program.

    Come ready to hear tips for engaging people in security awareness, including making it relevant, interactive, frequent, and mandatory. When it comes to tracking the right metrics for security awareness, learn how to measure participation rates, comprehension, behavior change, and incident rates.

    2:30 pm
    Cloud Security Risks: Is My Cloud Environment Leaking Data?
    • session level icon
    speaker photo
    Director, Information Security, CubeSmart
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: Laurel East
    There has never been a silver bullet to cloud security, and securing the cloud continues to become more and more complex over time. This session provides a general managerial overview of each of the areas of cloud security risk, how to protect your environment, and how to keep your information and resources safe and secure.
    2:30 pm
    ISACA Philadelphia Chapter Meeting
    • session level icon
    Open to all attendees
    speaker photo
    BISO, Blackbaud
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 3:15 pm
    Location / Room: Laurel West
    Come join chapter members to network, learn about ISACA, and meet your local chapter board members.
    3:15 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:45 pm
    [Fireside Chat] Transitioning from CISO to CIO: What Changes?
    • session level icon
    speaker photo
    CIO, Morgan, Lewis & Bockius LLP
    speaker photo
    Board President, WiCyS Delaware Valley Affiliate
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:30 pm
    Location / Room: Keynote Theater

    A talk with Steve Naphy, CIO of Morgan Lewis, about his move from head of InfoSec to Chief Information Officer.

    3:45 pm
    [PLUS Course] Cybersecurity and Cyber Risk Economics: Part 4
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: Magnolia

    Session 4 – Cybersecurity Metrics and Measures:
    This session will tie the sessions together by applying the economics, risk, financial, and technical elements together with a full program that begins with operational details and rolls them up into a full strategic cybersecurity plan suitable to discuss with executives and board of directors. Key concepts covered will include: Cybersecurity Efficacy; Receiver Operating Characteristic (ROC) Curves; Asset and Activity Classification; Top Ten Strategic Metrics; The One Metric to Rule Them All.

    3:45 pm
    [PLUS Course] Operationalizing Privacy Laws into Your Organization: Part 4
    • session level icon
    Operationalizing Your Data Privacy and Information Security Program
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm
    Location / Room: Maple

    In Session 3 and 4, we will focus on operationalizing your Data Privacy and Information Security Program, making it actionable for the teams that will implement the requirements into the organization’s day-to-day operations. With hands-on exercises and discussion, these sessions will provide step-by-step approaches to implementing key areas of your Data Privacy and Information Security Program, including data subject rights, privacy breaches, data protection agreements, cross-border data transfers, data mapping, and data protection impact assessments.

Exhibitors
  • Abnormal Security
    Booth: 330

    Abnormal is the most precise human behavior security engine for blocking all email attacks, including phishing, malware, ransomware, social engineering, executive impersonation, supply chain compromise, internal account compromise, spam, and graymail.
    Secure email gateways and built-in Microsoft and Google security struggle to block email attacks that pass reputation checks, have no URLs or attachments, and appear to come from trusted sources.

    Only Abnormal uses behavioral AI to profile known good behavior and analyzes over 45,000 signals to detect anomalies that deviate from these baselines, delivering maximum protection for global enterprises.

  • AccessIT Group
    Booth: 220

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Atlantic Data Security
    Booth: 200

    Since 1993, Atlantic has been representing industry leading security products to help get customers to an acceptable level of IT security risk. Atlantic works extensively with both large enterprises and SMB markets, understanding their business goals before any solution is recommended. Atlantic’s strict focus ensures that customers receive the highest level of both service and support.

  • Axonius
    Booth: 212

    Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with over 200 security and management solutions, Axonius is deployed in minutes, improving cyber hygiene immediately.

  • BitLyft Security
    Booth: 125

    We help keep your organization safe by illuminating and eliminating cyber threats before they have time to harm you or your customers. We do this by providing a platform that merges the best of people and software for unparalleled protection for your organization. Overcome your cybersecurity challenges of finding talent and technology to protect your organization with BitLyft today.

  • BlackBerry Corporation
    Booth: 220

    BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.

  • Check Point Software Technologies
    Booth: 220

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cloud Security Alliance Delaware Valley Chapter (CSA-DV)
    Booth: Exhibitor Hall Foyer

    Cloud Security Alliance Delaware Valley Chapter (CSA-DV) is a not-for-profit organization for people interested in education, training and possible certification in cloud security. We seek to improve the understanding of cloud security and to promote the interaction of both professionals and students in order to discuss current trends and topics within the industry.

    OUR PURPOSE:

    To promote cloud security best practices within the Greater Philadelphia region, to educate about cloud computing, identify its risks, methods to secure it, and to continually provide opportunities for the development of cloud security professionals.

  • Cloud Security Alliance Lehigh Valley Chapter
    Booth: Exhibitor Hall Foyer
  • Cloudflare
    Booth: 145

    Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications, and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

    Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations—from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

    Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest internet trends and insights at radar.cloudflare.com.

  • Contrast Security
    Booth: 220

    Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

  • Corelight
    Booth: 195

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • CREST
    Booth: 120

    CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST provides internationally recognised accreditations for organisations and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence, and Security Operations Centre (SOC) services.

  • Critical Start
    Booth: 360

    Critical Start Managed Cyber Risk Reduction solutions deliver continuous security cyber risk monitoring and mitigation enabling strong protection against threats. Combined with a team of expert risk mitigators, our platform provides maturity assessments, posture and event analytics, response capabilities, comprehensive threat intelligence, and security workload management capabilities. We help you achieve the highest level of cyber risk reduction for every dollar invested, leading to increased confidence in reaching your desired level of security posture.

  • CrowdStrike
    Booth: 235

    CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.

  • Darktrace
    Booth: 115

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 3
    Booth: n/a

    CISA Region 3, headquartered in Philadelphia, provides cybersecurity and infrastructure security services to seven Tribal Nations and the following states/district: State of Delaware, District of Columbia, State of Maryland, Commonwealth of Pennsylvania, Commonwealth of Virginia, and State of West Virginia.

    Regional Director William J. Ryan leads a cadre of security professionals located throughout the region. Through our efforts to understand and advise on cyber and physical risks to the nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, communications, and physical security and resilience, in turn strengthening national resilience.

  • Envision Technology Advisors
    Booth: 102

    Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.

  • Exabeam
    Booth: 220

    Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.

  • Expel
    Booth: 220

    Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.

  • Gigamon
    Booth: 220

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • ISC2
    Booth: Exhibitor Hall Foyer

    ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.

  • ISACA Philadelphia
    Booth: Exhibitor Hall Foyer

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • ISSA Delaware Valley
    Booth: Exhibitor Hall Foyer

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • Lacework
    Booth: 335

    Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.

  • Noname Security
    Booth: 200

    Noname Security is the only company taking a complete, proactive approach to API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope across three pillars: Posture Management, Runtime Security, and API Security Testing. Noname Security is backed by leading venture capital firms, including Lightspeed, Georgian, The Syndicate Group (TSG), Forgepoint, Next47, Insight Partners, and Cyberstarts, and has raised $220M, achieving “unicorn” status only one year out of stealth.

  • Orca Security
    Booth: 220

    We’re on a mission to make it fast, easy, and cost effective for organizations to address the critical security issues in their AWS, Azure, and GCP estates so that they can operate in the cloud with confidence.

  • Okta
    Booth: 345

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Optiv
    Booth: 135

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • Philadelphia InfraGard Members Alliance
    Booth: Exhibitor Hall Foyer

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • Recorded Future
    Booth: 275

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • ReliaQuest
    Booth: 165

    ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest’s GreyMatter is built on an open XDR architecture and delivered as a service anywhere in the world, anytime of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures. Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.

  • Rubrik
    Booth: 130

    Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.

  • Sayers
    Booth: 210

    At Sayers, we have more than 30 years of experience in providing personalized IT services and solutions. We bring an in-depth knowledge of the most innovative technologies which allows us to diagnose your problems, create a personalized plan, and implement the exact solutions to help your business overcome its most difficult IT challenges. Sayers mission is to help clients solve their business challenges with innovative IT solutions. Our success is founded on building strong relationships with our clients and going above and beyond to help those clients succeed.

  • SecurEnds, Inc
    Booth: 240

    SecurEnds provides companies with a tool to automate user access reviews (UAR) across cloud and on-prem applications to meet SOX, ISO27001, PCI, HIPAA, HITRUST, FFEIC, GDPR, and CCPA audit requirements. Utilizing fuzzy logic to pull data from systems of record (SOR), complimentary identity governance and administration (IGA) solutions, and SaaS-based, custom, and legacy downstream applications, SecurEnds provides a complete, end-to-end process for UAR, then automates it out of the box.

  • SentinelOne
    Booth: 340

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Synopsys
    Booth: 140

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • Sysdig
    Booth: 155

    The Sysdig Secure DevOps Platform provides security to confidently run containers, Kubernetes and cloud services. Only Sysdig has the deep visibility needed to see all threats, vulnerabilities and suspicious activity. With Sysdig you can secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services.

    Sysdig is a SaaS platform, built on an open source stack that includes Falco and sysdig OSS, the open standards for runtime threat detection and response. Hundreds of organizations rely on Sysdig to secure containers, Kubernetes and cloud services.

  • TechTarget
    Booth: n/a

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales
    Booth: 220

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • The Teneo Group
    Booth: 245

    The Teneo Group’s sole focus is IT security engineering. Without that critical security perspective, any project, big or small, can open an organization to at best more risk, and at worst catastrophic.

    Teneo is uniquely qualified to support all areas of the information technology life cycle. We have the technical engineering skills needed to successfully complete the projects at hand and we always consider security first.

    Teneo also designs and maintains systems of several large government and private organizations. Teneo is a certified partner with many security vendors including Check Point, RSA, Blue Coat, Solarwinds, Guidance Software, and Solutionary.

  • ThreatLocker
    Booth: 265

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • WithSecure
    Booth: 375

    WithSecure™ (formerly F-Secure Business) is cybersecurity’s reliable partner. IT service providers, MSSPs and businesses—along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers—trust us for outcome-based cybersecurity that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. WithSecure™ is part of F-Secure Corporation, founded in 1988, and listed on NASDAQ OMX Helsinki Ltd.

  • WiCyS Delaware Valley
    Booth: Exhibitor Hall Foyer

    Women make up only 11% of the cyber security workforce. With such low representation, it is essential that we advocate for and assist women as they navigate through the cyber security industry.

    Philadelphia Women & Cyber Security’s Mission: To provide opportunities to advance careers for professionals in Cyber Security through education, mentoring, and networking. A Supportive community for women in cyber security that works to promote and encourage women to develop their careers. We are open to any support for our mission from any gender. Come to the next Philadelphia Women and Cyber Security’s event to get to know other like-minded, female cyber security professionals in the area. We will discuss industry best practices, the latest security trends and solutions, and share lessons we’ve learned over the years. For more information, contact wicysdelawarevalley@wicys.org.

  • Wiz
    Booth: 230

    We’re on a mission to help organizations effectively reduce risks in their Cloud environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights  that don’t waste time.

    Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and DevOps teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches. For more information, visit www.wiz.io.

  • ZeroFox
    Booth: 150

    Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.

    Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Scott Laliberte, Moderator
    President, ISSA Delaware Valley Chapter

    Scott Laliberte, President of ISSA Delaware Valley Chapter for over 10 years, has grown the chapter significantly by creating a collaborative community for Cyber Security professionals to share their knowledge and experience and satisfy their CPE needs. Scott also leads Protiviti’s Emerging Technology practice where he enables clients to leverage emerging technologies to solve complex business problems and manage risk. His team specializes in many technology areas including Artificial Intelligence (AI) and Machine Learning, Internet of Things (IoT), Cloud, Blockchain, and Quantum Computing. In previous roles, Scott was the Global leader of Protiviti’s Cyber Security Practice.

  • speaker photo
    Nancy Hunter, Moderator
    Board President, WiCyS Delaware Valley Affiliate

    Nancy Hunter is the VP, CISO and Data Privacy Security Officer at the Federal Reserve Bank of Philadelphia. With more than 25 years of experience in technology including 15 years in Information Security, Nancy joined the Federal Reserve Bank in 2017 where is accountable for Information Security Operations and Consulting, Information Risk Management, Records Management, and guides the implementation of the Bank’s data and system privacy program and serves as Bank representative in System data privacy policy setting. Nancy is certified in Risk and Information Systems Controls (CRISC) and holds a B.A. in Mathematics from Temple University.

  • speaker photo
    Todd Bearman, Moderator
    VP, CISO, TE Connectivity

    Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.

    Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
    Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.

    Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.

  • speaker photo
    Donna Ross
    President, WiCyS Delaware Valley Affiliate

    Dynamic leader and board member demonstrating over 20 years of diverse risk, compliance, information security, technology, and operations experience within the manufacturing, insurance, banking, financial services, and retail sector. Adept in developing and implementing strategic technology and risk solutions, performing research and analysis to keep employer advised regarding emerging technologies and management of risk. Security and DEI evangelist.

  • speaker photo
    Eric Robuck
    Certified Ethical Hacker

    Eric Robuck is a seasoned cybersecurity expert with over two decades of experience in the industry. As the owner and founder of The Valander Group, he leads a team of top-notch business experts dedicated to providing comprehensive cybersecurity solutions for business owners.

    Eric's extensive military background as a Warrant Officer focused on information technology and security has equipped him with the necessary skills and knowledge to handle complex cybersecurity challenges. He has a deep understanding of programming, database design, electronic information transfer, and project management, which allows him to develop and implement effective cybersecurity strategies for his clients.

    Eric holds multiple professional certifications, including the CISSP, CEH, Security+, and AWS Practitioner. He has done masters work in Cybersecurity and leadership in Cyber Security to further enhance his knowledge and skills. Eric's expertise in cybersecurity makes him an invaluable asset to businesses looking to protect themselves from cyber threats.

    When he's not working, Eric enjoys spending time with his family and staying active on the golf course. With his impressive track record and diverse skillset, Eric is a force to be reckoned with in the world of cybersecurity, and his clients trust him to keep their businesses safe from cyber-attacks.

  • speaker photo
    Will Rogers
    Former CISO, ActBlue Technical Services
  • speaker photo
    Michael Leland
    Chief Cybersecurity Evangelist & Head of Technical Marketing, SentinelOne

    Michael joined SentinelOne in May 2020 as Head of Technical Marketing where he brings over 25 years of security domain expertise. He is responsible for messaging and strategic development of the XDR product roadmap. Prior to SentinelOne, he held the title of Chief Technical Strategist for McAfee. Michael served formerly as the CTO at NitroSecurity where he was responsible for developing and implementing NitroSecurity's overall SIEM technology vision and roadmap. Michael has held senior technical management positions at Eziaz, Cabletron and Avaya. At Avaya, a global telecommunications equipment and services vendor, he served as CTO where he led the company in its strategic efforts for converged data/voice development initiatives.

  • speaker photo
    Chad Barr
    Director of Governance & Compliance, Risk Advisory Services, AccessIT Group

    Chad Barr is a seasoned leader in the field of information security, currently serving as the Director of Governance, Risk and Compliance (GRC) within the Risk Advisory Service practice at AccessIT Group (AITG). With a proven track record of success, Chad brings a wealth of experience to AccessIT Group.

    As a visionary leader in the realm of cybersecurity, Chad has honed his skills across multiple disciplines, including security engineering, project management, risk management, and compliance. His extensive background underscores his ability to guide organizations toward robust and resilient security postures.

  • speaker photo
    Naomi Buckwalter
    Founder & Executive Director, Cybersecurity Gatebreakers Foundation

    Naomi Buckwalter, CISSP CISM, is the Director of Product Security for Contrast Security and author of the LinkedIn course: “Training today for tomorrow's solutions - Building the Next Generation of Cybersecurity Professionals”. She is also the founder and Executive Director of Cybersecurity Gatebreakers Foundation, a nonprofit dedicated to closing the demand gap in cybersecurity hiring. She has over 20 years' experience in IT and Security and has held roles in Software Engineering, Security Architecture, Security Engineering, and Security Executive Leadership. As a cybersecurity career adviser and mentor for people around the world, her passion is helping people, particularly women, get into cybersecurity. Naomi has two Masters degrees from Villanova University and a Bachelors of Engineering from Stevens Institute of Technology.

  • speaker photo
    Sean Scranton
    Consultant, Cyber Risk Solutions Team, WTW

    Cyber Liability National Practice Leader (current). IT Security / IT Auditor at RLI for eight years. Network / security consulting / auditor for financial institutions, government for nine years. Network / firewall administrator in healthcare for seven years. Designations: CPCU, RPLU+, CISSP, CISM, CISA, CRISC, CSXF, MBA.

  • speaker photo
    Jennifer Galvin
    Principal Partner Sales Engineer, Contrast Security

    Jennifer Galvin is a Principal Channel Sales Engineer at Contrast Security, where she provides technical leadership supporting Contrast Channel Partners to help secure their customer's applications from the inside out. She has helped architect and build many critical application services you may use today. If you've viewed NASDAQ's video wall in Times Square, applied for a minority or women-owned business license in New York, registered for Medicare or Medicaid, registered a drone with the FAA or used Disney FastPass, you are using an application she helped to create. She serves as an expert in the field of Presales Strategy and DevOps and holds a Master of Science Degree in Computer Science from Johns Hopkins University. Jennifer Galvin is local to Washington, DC and is a proud member of Cloudgirls.

  • speaker photo
    Raj Patel
    Senior Field Sales Engineer, WithSecure

    Raj Patel is a Senior Field Sales Engineer with Finland-based cybersecurity firm, WithSecure. His 20 years of experience leading IT projects has focused on analyzing business requirements and customer goals to deliver enterprise solutions with a focus on cloud and cybersecurity technologies.

  • speaker photo
    Stu Saffer
    Partner Sales Manager, Expel

    After spending the first half of his career in fintech, Stu moved into cyber security as a Strategic Global Account Manager with RSA in 2012. Since joining Expel in 2019, Stu has spent time in a variety of roles with clients and partners of all sizes. He currently manages the partner ecosystem in the Northeast.

  • speaker photo
    Robert Young
    Regional Sales Engineer, CrowdStrike

    Robert Young is a Regional Sales Engineer for CrowdStrike in the northeast U.S. territory, with an extensive background in security and IT operations. Over his career, Robert has worked both in the private and public sectors, as the customer and in sales, giving him a deep understanding of the people, processes, and technologies involved in stopping breaches.

  • speaker photo
    Todd Bearman, Moderator
    VP, CISO, TE Connectivity

    Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.

    Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
    Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.

    Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.

  • speaker photo
    Kathleen Moriarty
    CTO, Center for Internet Security

    Kathleen Moriarty, Chief Technology Officer, Center for Internet Security, has over two decades of experience. Formerly as the Security Innovations Principal in Dell Technologies Office of the CTO, Kathleen worked on ecosystems, standards, and strategy. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honor of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018. Named in CyberSecurity Ventures, Top 100 Women Fighting Cybercrime. She is a 2020 Tropaia Award Winner, Outstanding Faculty, Georgetown SCS.

    Kathleen achieved over 20 years of experience driving positive outcomes across Information Technology Leadership, IT Strategy and Vision, Information Security, Risk Management, Incident Handling, Project Management, Large Teams, Process Improvement, and Operations Management in multiple roles with MIT Lincoln Laboratory, Hudson Williams, FactSet Research Systems, and PSINet.

    Kathleen holds a Master of Science Degree in Computer Science from Rensselaer Polytechnic Institute, as well as, a Bachelor of Science Degree in Mathematics from Siena College. Published work: "Transforming Information Security: Optimizing Five Concurrent Trends to Reduce Resource Drain," July 2020.

  • speaker photo
    Jordan Fischer, Special Guest
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Cindy Allen, Moderator
    CEO & CISO, River Birch Data Security Consulting

    Cindy Allen has over 30 years of experience in technology and security and has served as CISO, Privacy Officer, and HIPAA Security Officer for a global organization of roughly 5,000 employees in 8 countries. Prior to this role she was CIO for a Philadelphia-based professional services firm. She holds both CISSP and ITIL Expert certifications as well as a master’s degree in information science.

    Since retiring from full-time employment, Cindy has moved into semi-retirement, focusing on her passion, privacy, and IT compliance. She also aspires to author a book on building effective privacy programs.

  • speaker photo
    Krista Arndt
    CISO, United Musculoskeletal Partners

    Krista Arndt is the Chief Information Security Officer (CISO) at United Musculoskeletal Partners. As the CISO, Krista is responsible for the safety and security of all UMP and its practices' patients and employees. Krista accomplishes this by ensuring continued maturation and providing strategic direction for UMP's information security program in alignment with the business objectives. Additionally, Krista provides oversight of the security program's day to day operational effectiveness.

    Prior to joining UMP, Krista served as the Director of Security Governance, Risk and Compliance for Voyager Digital, a leading cryptocurrency trading platform, where she was responsible for the development, maturation, and maintenance of Voyager's security program. Krista has served in various leadership and operational roles within the information security profession for 14 years within the financial and defense sectors, bringing a deep understanding of how strong security and privacy practices can help enable best in class care and peace of mind for UMP and its practices' patients.

    Krista has a Bachelors Degree in Biology from Felician College and currently holds her Certified in Risk and Information Systems Control (CRISC) and Certified Information Security Manager (CISM) certifications.

    Krista is an active member of ISACA, Infragard's Philadelphia Chapter, as a member of both Neumann University's Business Advisory Council and Women in Cybersecurity-Delaware Valley Affiliate's Membership and Education Committees. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.

  • speaker photo
    Colleen Lennox
    Founder & CEO, Cyber Job Central
  • speaker photo
    Vijaya Rao
    Enterprise Cloud Security — Product Lead, UnitedHealth Group

    Vijaya Rao is a Senior executive with over 25 plus years of experience in the Engineering and Cybersecurity space. She has worked for different fortune 100 companies such as CenturyLink, AOL, JP Morgan Chase, and Google. She also founded the last mile Technology enabled platform called DeliveryCircle, raised multiple rounds of funding and currently serves as the Chairman of the board. In her current role as the Product Leader at UnitedHealth Group, she leads Enterprise Cloud Security. Vijaya is also a Certified CISO.

    Vijaya is an expert at synergizing teams, by setting the vision for excellence and building out team alignment, while ensuring that members have the information, support, and tools necessary for success. She has steered technology organizations of over 200 people, maintaining team cohesion amid significant change while boosting performance and fostering a team culture of collaboration, innovation, and shared success. Vijaya’s core belief is that innovative technology-based solutions should be at the core of every business model. This helps companies achieve a strong ROI and leads to sustainable growth.

    Vijaya loves travelling and volunteering time mentoring young girls into STEM programs. She currently also serves as an advisor for technology start-ups at the University of Delaware (Horn Entrepreneurship program).

  • speaker photo
    Donna Ross, Moderator
    President, WiCyS Delaware Valley Affiliate

    Dynamic leader and board member demonstrating over 20 years of diverse risk, compliance, information security, technology, and operations experience within the manufacturing, insurance, banking, financial services, and retail sector. Adept in developing and implementing strategic technology and risk solutions, performing research and analysis to keep employer advised regarding emerging technologies and management of risk. Security and DEI evangelist.

  • speaker photo
    Brett Price, CISSP, CISM
    Lead Cybersecurity Consultant, vCISO, AccessIT Group

    Brett Price is a Senior Cybersecurity Consultant for the Risk Advisory Services practice at AccessIT Group (AITG). Brett is a knowledgeable cybersecurity consultant with over twenty years of experience and an extensive background in security consulting, network engineering/administration and cybersecurity best practices. Brett’s skills range from analyzing network packet behavior to securing enterprise critical infrastructure with expertise in assessing and consulting on risk management frameworks and standards such as NIST 800-53, NIST CSF, CIS and ISO/IEC 2700X. Brett has experience working with enterprise and mid-market customers across various industry sectors such as healthcare, banking, industrial, retail, pharmaceutical and insurance.

  • speaker photo
    Eddie Doyle
    Global Security Strategist, Check Point Software Technologies

    Eddie Doyle works with enterprise organizations, university think tanks and corporate leaders to articulate the complex subject of cyber security in an engaging manner, championing his customer’s initiatives to fruition and finding the holy grail of cyber security… making cyber a profit center for the business.

    LinkedIn recognizes Eddie’s forté as a keynote speaker and livestreamer of cyber security strategy for the everyday user of technology. Leading Board discussions and attack/defense simulation, Eddie proudly works with executive on disaster recovery planning and holds a global revenue responsibility for a fortune 500 company.

  • speaker photo
    Eric Storm
    Regional Sales Director – Northeast & Mid-Atlantic, BlackBerry

    Eric Storm is the Regional Sales Director for the North East & Mid-Atlantic territories at BlackBerry. He has been a sales leader with BlackBerry for over two years, and his passion has only grown over that time for Cyber Security and the solutions we provide. He has worked in AI and Technology over the last 10+ years at companies such as Citrix and SunGard/FIS, as well as some smaller start-ups. He has led Enterprise Sales, Inside Sales, Business Development, and Marketing for these firms.

    Eric holds a degree from Bucknell University and currently resides in Northern New Jersey, where he was born and raised, with his wife, son, and daughter. Go Giants!

  • speaker photo
    Dan Herrmann, Moderator
    FIS, Director, Information Security & Risk Officer
  • speaker photo
    Bryan Bechard
    CISO, Flagship Credit Acceptance

    Bryan is a 20+ year InfoSec career professional currently serving as CISO for an auto finance company and teaching the next generation of InfoSec pros.

  • speaker photo
    Chris Glanden, Host
    Founder, The BarCode Podcast

    Chris Glanden is an experienced cybersecurity strategist and the Founder & CEO of BarCode Security, a full-service consulting firm he launched in November 2023. Through BarCode, Glanden provides advisory services, pentesting, training, and incident response with a team of seasoned industry experts.

    In 2020, Glanden started the BarCode Security podcast to have engaging discussions with global cybersecurity leaders. As COVID restrictions lifted, he took the show on the road nationwide, recording live at venues like private yachts, tech meetups, and hacker conventions. The podcast and live events aim to educate on diverse perspectives in cybersecurity leadership and culture.

    Concurrently, Glanden is producing his first documentary film “Inhuman,” focused on weaponized AI, slated for release in 2024. His approach across projects combines the technical aspects of cybersecurity with a creative and entertainment angle, emphasizing the importance of understanding the human side in establishing efficient security programs.

  • speaker photo
    David Lingenfelter
    CISO, PENN Entertainment

    David Lingenfelter is the Vice President of Information Security at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.

    Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.

    As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.

  • speaker photo
    Krista Arndt
    CISO, United Musculoskeletal Partners

    Krista Arndt is the Chief Information Security Officer (CISO) at United Musculoskeletal Partners. As the CISO, Krista is responsible for the safety and security of all UMP and its practices' patients and employees. Krista accomplishes this by ensuring continued maturation and providing strategic direction for UMP's information security program in alignment with the business objectives. Additionally, Krista provides oversight of the security program's day to day operational effectiveness.

    Prior to joining UMP, Krista served as the Director of Security Governance, Risk and Compliance for Voyager Digital, a leading cryptocurrency trading platform, where she was responsible for the development, maturation, and maintenance of Voyager's security program. Krista has served in various leadership and operational roles within the information security profession for 14 years within the financial and defense sectors, bringing a deep understanding of how strong security and privacy practices can help enable best in class care and peace of mind for UMP and its practices' patients.

    Krista has a Bachelors Degree in Biology from Felician College and currently holds her Certified in Risk and Information Systems Control (CRISC) and Certified Information Security Manager (CISM) certifications.

    Krista is an active member of ISACA, Infragard's Philadelphia Chapter, as a member of both Neumann University's Business Advisory Council and Women in Cybersecurity-Delaware Valley Affiliate's Membership and Education Committees. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.

  • speaker photo
    Bistra Lutz
    Director of Global Information Security Operations, Crown Holdings

    Bistra has been in information security for 15 years; and all of it she spent in security operations/engineering for various industries from financial, to health care, to consulting; and most recently, manufacturing. Bistra is a passionate blue teamer, likes experimenting with new technologies, and is a team builder with a knack for process improvement. She is currently preoccupied philosophizing about the (scary) generative AI and ZTA.

  • speaker photo
    Vana Khurana
    Sr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley

    Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.

  • speaker photo
    Happy Hour
  • speaker photo
    Richard Israelite
    Sr. Director, Information Security, Addepar

    Richard Israelite is Sr. Director of Information Security at Addepar. He is an information security leader with over 15 years experience building and leading global teams in some of the world’s largest Financial Services firms as well as smaller, cloud native FinTech companies. Christopher Jennings is the head of Cyber Analytics and Data Operations for Information Security at BlackRock. He has held various positions in technology support and software development.

  • speaker photo
    Chris Jennings
    VP, Cyber Analytics, BlackRock
  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Cerena Coughlin
    Special Agent, FBI

    FBI Special Agent Cerena Coughlin is the Employment Recruiter and Applicant Coordinator for the Philadelphia Field Office and local Private Sector Coordinator overseeing InfraGard, a public/private partnership between the FBI and representatives of critical infrastructure. She was a member of the Los Angeles Innocent Images SAFE Team, where she participated in investigations of child exploitation, and was assigned to Counterterrorism squads in Los Angeles and Baltimore and Cyber in Philadelphia. Prior to joining the FBI in March 2001, Coughlin served as Director of Operations for an LA-based non-profit supporting students and educational institutions across the United States.

  • speaker photo
    Cheryl Carmel, Moderator
    Owner, Carmel Consulting LLC

    Ms. Carmel is a member of (ISC)2 where she holds her CISSP, and IAPP where she holds her CIPT. She is a member of InfraGard and has been on the Advisory Council for SecureWorld for many years.

    Ms. Carmel began her career in technology with experience in application development, infrastructure operations, technical support, and teaching. She pivoted to focus on security in 1999. Her most recent role was VP of Security, Privacy, and Compliance at OnSolve where she was responsible for maturing the program to enable successfully implement security controls to meet the rigors of FedRAMP, while maintaining the controls for ISO 27001, HIPAA, and privacy laws. Before that, she was the BISO at FIS (SunGard Financial Systems).

  • speaker photo
    Mark Eggleston, CISSP, GSEC, CHPS
    CISO, CSC

    Mark Eggleston is the chief information security officer (CISO) for CSC, responsible for the global security and privacy program design, operations and continual maturation. As a senior executive specializing in security and privacy program development and management, Mark’s unique background and expertise in information technology, program, and people management have positioned him as a thought leader and frequent industry speaker.

    Mark started his career as a program manager and psychotherapist at a hospital serving children and adolescents. Later, Mr. Eggleston helped develop an internal compliance approach—complete with policies and tools—ensuring a geographically dispersed health care provider organization (across 19 states) complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Mr. Eggleston then transitioned to applying his HIPAA expertise at an HMO where he has implemented many successful security controls and technologies, including single sign-on (SSO), Identity and Access Management (IAM), Cloud Access security broker (CASB), and a vulnerability assessment program.

    Mark received his Bachelor of Science in psychology from Radford University. Later, Mark received both his Master of social work and his post-baccalaureate certificate in management information systems from Virginia Commonwealth University. In addition, Mark holds CHPS, CHPS, and CISSP certifications.

  • speaker photo
    David Lingenfelter
    CISO, PENN Entertainment

    David Lingenfelter is the Vice President of Information Security at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.

    Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.

    As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.

  • speaker photo
    Rebecca Rakoski
    Co-Founder & Managing Partner, XPAN Law Partners

    Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

    Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.

    Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
    As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.

    Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.

    Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.

  • speaker photo
    Aaron Weaver
    Director of Cloud Security, Financial Services

    Aaron Weaver has over 20 years' experience specializing in application and cloud security and providing training sessions at various international industry events. His work includes security consulting, penetration testing, threat modeling, and code reviews. Aaron also enjoys honey bees and recently has been experimenting with hive designs.

  • speaker photo
    Jordan Fischer
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    John Roskoph
    SVP, IT, Caesars Entertainment
  • speaker photo
    Jose Acosta
    Solution Engineer, Okta

    Jose Acosta is a Solution Engineer at Okta, with more than 20 years of experience in the IT industry. He has specialized in Identity and Access Management, Business Analysis, and Software Engineering, honing his skills to become a trusted advisor and subject matter expert in these areas. Jose’s extensive IT experience has equipped him to lead numerous organizations through complex software implementation projects, utilizing technology to drive growth and improve profitability.

  • speaker photo
    Naiche Robison
    Sales Engineer, Identity and Access Management, Thales

    Naiche Robison is a Field Sales Engineer with Thales Group covering their Identity and Access Management Solutions; SafeNet Trusted Access and OneWelcome. With 16yrs of channel/distribution experience covering multiple solutions, Naiche has worked with some of the biggest players in the field from Palo Alto Network’s, to Aruba, and Brocade to provide customer focused solution sets and technical expertise.

  • speaker photo
    Taylor Speaker
    Sr. Sales Engineer, Orca Security

    Taylor Speaker has been working in the information security industry for over 13 years. His experience includes working with organizations in the trading industry, technology startups, in addition to consulting across a wide variety of industries.

  • speaker photo
    Joseph Arahill, Moderator
    Sr. Manager, Information Security, Affiliated Distributors

    Joe Arahill is the Senior Manager of Information Security at Affiliated Distributors (AD). He oversees the people, processes, and technology that secures AD's infrastructure and business systems. Joe started his career in information security for a commercial loan software company, and for most of his career, he has worked in the financial sector, helping to secure systems and meet financial compliance requirements. Joe received his Bachelor of Science in Management of Information Systems and later a Master of Science in Information Assurance from Norwich University. In addition, Joe holds the CISSP and CISA certifications.

  • speaker photo
    Jim Cratty
    Deputy Regional Director, Region 3, Cybersecurity and Infrastructure Security Agency

    James Cratty currently serves as the Deputy Regional Director within DHS CISA Region 3 In this role, he is responsible for the coordination of critical infrastructure protection via the operational delivery of CISA resources to include training, vulnerability assessments, and efforts between the public and private sector to secure and ensure resilient infrastructure. This mission encompasses cyber, physical, communications, and chemical security. James joined CISA in 2017 as a Protective Security Advisor prior to becoming the Region’s Chief of Protective Security.

    Prior to coming to CISA, James served with the U.S. Department of Homeland Security Federal Protective Service (FPS) from 2008 to 2017. He held many leadership positions to include the Deputy Regional Director for FPS Region 3. He was responsible for operational and support aspects of FPS program activities to include a broad range of law enforcement, criminal investigation, physical security, and protective security operations.

    James began his law enforcement career with the Baltimore County Police Department (Baltimore, MD) in 1997. Being a police officer laid the foundation of his views on community involvement and collaboration to effectively provide law enforcement services. He served our country for 21 years as a Commissioned Infantry Officer in the Maryland Army National Guard. He worked over 20 state emergency incidents, always volunteering to lead military response efforts and/or work with the Maryland Emergency Management Agency. He was called to active duty two times post 9/11, the latter for an overseas combat tour for which he received a Bronze Star.

    James graduated with a Bachelor of Arts Degree in Law Enforcement from Towson University (Towson, Maryland).

  • speaker photo
    Michael DaGrossa, Moderator
    VP, Information Security, Genesis HealthCare

    A mission and customer focused Senior Information Technology Risk Management professional with a strong concentration in Computer Security Initiatives, Governance, Risk Management and Forensics. Extensive experience in creating security and risk programs for companies of various industries, sizes, and complexities. Hands-on pen testing, application testing, social engineering and phishing program development and application. Strong threat intelligence background with the ability to decipher tactics, techniques, and procedures to minimize threat profiles across multiple business lines. Extensive experience in strategic systems planning, design and implementation utilizing structured methodologies. Seasoned team leader in successful Business Development and Sales activities possessing a keen ability to present solutions to senior leadership and technical management

  • speaker photo
    Todd Bearman
    VP, CISO, TE Connectivity

    Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.

    Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
    Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.

    Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.

  • speaker photo
    Brandi Burton
    Sr. Director, Governance, Risk and Compliance, TE Connectivity

    Brandi Burton has more than 25 years experience in information and cyber security, with a specialty in technology risk management. Brandi has successfully helped companies in various industries design and lead information security and risk management programs that enable the organization's business strategies while meeting stakeholder expectations and regulatory obligations. Brandi pairs her expertise in information security with a keen business acumen in order to bridge the gap between geek speak and awesome business outcomes.

  • speaker photo
    Tom Brennan
    Executive Director, Americas Region, CREST

    Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.

    As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.

  • speaker photo
    Chris Guarino
    DevSecOps Lead, Vanguard
  • speaker photo
    Paul Lynch
    Director, Information Security, CubeSmart

    Paul Lynch, who has more than 20 years of experience in information technology, is Director of Information Security and Infrastructure for CubeSmart Self Storage. He has established security governance programs and best practices for government, non-profit, private, and publicly traded organizations ranging from technology startup to city. He holds several information security certifications, including Certified CISO, CISSP, ISSMP, and CCSP. He has served as a subject matter expert for EC-Council and (ISC)2, specializing in security governance and cloud security. He serves on the Customer Advisory Board for eSentire.

  • speaker photo
    Kelly Rogers, Host
    BISO, Blackbaud
  • speaker photo
    Steve Naphy
    CIO, Morgan, Lewis & Bockius LLP

    Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.

  • speaker photo
    Nancy Hunter, Moderator
    Board President, WiCyS Delaware Valley Affiliate

    Nancy Hunter is the VP, CISO and Data Privacy Security Officer at the Federal Reserve Bank of Philadelphia. With more than 25 years of experience in technology including 15 years in Information Security, Nancy joined the Federal Reserve Bank in 2017 where is accountable for Information Security Operations and Consulting, Information Risk Management, Records Management, and guides the implementation of the Bank’s data and system privacy program and serves as Bank representative in System data privacy policy setting. Nancy is certified in Risk and Information Systems Controls (CRISC) and holds a B.A. in Mathematics from Temple University.

  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes