- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, April 17, 20247:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: MagnoliaHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
7:30 am[PLUS Course] Navigating the Cybersecurity Landscape: Tools and Tactics for Modern Defenses - Part 1Mastering OSINT with MaltegoCybersecurity Specialist and Founder of The Valander GroupRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: MapleUnveiling Digital Footprints: Mastering OSINT with Maltego
In the digital age, the ability to gather information from publicly available sources is invaluable for cybersecurity professionals. This presentation introduces participants to the powerful capabilities of Maltego, a renowned tool for conducting open source intelligence (OSINT). Attendees will explore how Maltego can be leveraged to uncover and visualize complex networks of information from diverse data sources, enabling more effective threat intelligence, incident response, and security assessments. Through live demonstrations, we will illustrate the process of gathering, linking, and analyzing data, showcasing Maltego’s utility in identifying vulnerabilities and potential threats. Participants will leave with a solid foundation in OSINT principles and hands-on experience in utilizing Maltego to enhance their cybersecurity strategies.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite Only)AI and Machine Learning: Is It Hype or Help?Director of Cybersecurity / CISO, The Bancorp BankRegistration Level:- VIP / Exclusive
8:00 am - 8:45 amLocation / Room: Revolution ChophouseArtificial intelligence has been heralded as a transformative technology across industries, but has it lived up to the hype in cybersecurity? In this lively roundtable discussion for Advisory Council members and VIPs, come ready to debate the pros, cons, and limitations of AI-driven cyber defenses. Let’s analyze real-world examples of AI failures and successes in combating malware, insider threats, fraud, and more. Is AI advancing cybersecurity or is it just a glorified buzzword? How can we overcome data quality, bias, and transparency challenges? What guardrails are needed to ensure AI is designed and deployed ethically? Bring your critical perspectives as we closely examine if AI is fulfilling its cybersecurity promise or just industry hype.
8:00 amJoint Meeting of CSA, InfraGard, ISACA, ISC2, ISSA, and WiCySUnited We Stand: Associations Align to Elevate the Cybersecurity ProfessionBoard Director, Membership, Cloud Security Alliance, Delaware Valley ChapterPresident, ISC2 Philadelphia ChapterBoard President/Strategic Development Committee Chair, Philadelphia InfraGardFirst VP, Board of Directors, ISACA Philadelphia ChapterPresident, WiCyS Delaware Valley AffiliatePresident, ISSA Delaware Valley ChapterRegistration Level:- Open Sessions
8:00 am - 8:45 amLocation / Room: Laurel EastGet an inside look as representatives from CSA, InfraGard, ISACA, ISC2, ISSA, and WiCyS share insights on actively shaping the future of the profession and nurturing the diverse cybersecurity workforce. With an increasingly interconnected risk landscape, collaboration across organizational boundaries is more vital than ever. This session highlights how associations are combining efforts to rise above silos and fragmentation. From developing unified skills frameworks to strengthening ethical principles, hear about cooperative initiatives underway and planned for the future.8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Drag Racing & Cybersecurity: The CrossoverAssociate CISO, St. Luke's University Health NetworkRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterYou’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 am[Panel] Beyond Premiums and Policies: Cyber Insurance UnlockedCEO & Founder, Fischer Law, LLCSenior Counsel, TittmannWeixCyber Practice Leader, Graham Company, a Marsh & McLennan Agency LLC CompanyAVP, eRisk Underwriting, Crum & ForsterRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: Laurel EastCyber insurance has rapidly shifted from a niche product to an essential risk mitigation strategy. But maximizing its value requires moving beyond basic coverage into holistic cyber resilience planning. This panel pulls back the curtain on the evolving cyber insurance landscape.
Join industry experts as they decode myths and demystify the assessment, underwriting, and claims processes. You’ll gain clarity on navigating the complex cyber insurance ecosystem and avoiding costly pitfalls. Explore how organizations can strategically align cyber insurance with broader risk management programs for a unified resilience posture. Panelists discuss real-world examples of policy limits getting maximized through robust incident response planning, data backups, and other resilience best practices.
10:15 amThe Hitchhiker's Guide to a Cybersecurity Data ProgramVP, Cyber Analytics, BlackRockVP, Cyber Observability, BlackRockRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: Keynote TheaterDo you want to discover the best practices and tools for security data program? Do you want some options to help bring value to your security data, make sense of it, and either alert or make analytics on it? Do you want to learn more about data tiering and understanding how to efficiently store security data? If you answered yes to any of these questions, then this session is for you. Join us as we take you on a journey through the Cyber Security Data universe, where you will learn how to monitor, measure, and improve your analytics and observability within security.
10:15 amGenerative AI in Cybersecurity: Evolving Threats and DefensesVP, Professional Services, AccessIT GroupRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: Laurel WestDiscover the benefits and challenges facing cybersecurity programs in the age of Generative Artificial Intelligence (AI). In this session, we will delve into the dynamic landscape of Generative AI, exploring how it increases the capabilities and capacities of attackers and defenders alike. Gain insights into emerging threats and organizational defense strategies tailored to combat the ever-evolving nature of AI-driven cyberattacks. Join us to stay ahead of the curve and fortify your defenses in the age of Generative AI.
10:15 am[Panel] Unveiling the Threat Landscape and Unmasking Digital VillainsSr. Solutions Architect, OktaPublic Sector CTO, LookoutCRO, VeritiDeputy Chief Analyst, Mandiant Intelligence, Google CloudSystem Director, IT Security Operations, Main Line HealthDevSecOps Lead, VanguardRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: Parkview BallroomIn the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.
Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.
Our panel provides a comprehensive overview of the current threat landscape.
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amCyber Safety Is Patient SafetyExecutive Director, Health Sector Coordinating Council Cybersecurity Working GroupRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: Laurel WestIn February 2024, the Health Sector Coordinating Council (HSCC) – an industry-led public-private partnership for critical infrastructure protection – released its Health Industry Cybersecurity Five-Year Strategic Plan. It provides a prescription for moving healthcare cybersecurity from critical condition to stable condition. The White House has identified healthcare as one of the Top 3 priority critical infrastructure sectors in the fight against cybersecurity threats. The HSCC partners with the U.S. Department of Health and Human Services and the DHS Cybersecurity and Infrastructure Security agency to develop best practices, policies, and operational support for health providers, medical device and pharmaceutical companies, plans and payers, health IT and public health to strengthen the security and resiliency of the sector and ultimately, patient safety.In this session, the Executive Director of the HSCC Cybersecurity Working Group breaks down the Strategic Plan, further explaining why it is a wellness plan by the sector, for the sector, with support from the government. Hear about how healthcare cybersecurity is responding to the cybersecurity challenges to protect healthcare data, clinical and manufacturing operations, and patient safety.11:10 amGuardians of the Digital Pantheon: Achieving Equilibrium between Cybersecurity and Compliance in the Modern OlympusCISO, Penn EntertainmentRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: Keynote TheaterLet’s dive into today’s digital landscape where organizations face the dual challenge of safeguarding their systems against evolved cyber threats while ensuring compliance with the ever-expanding regulatory landscape. Much like the battles between heroes and villains in Greek Mythology, there’s challenges lurking around every corner and the delicate equilibrium required to strike the right balance can be arduous. From navigating compliance frameworks to fortifying defenses against evolving threats, this session spotlights the critical need for harmony in the pursuit of a resilient and secure digital landscape. Gain insights, hear strategies, and discover the art of achieving equilibrium in cybersecurity – one in which security and compliance work hand in hand.
11:10 amCybersecurity in Real-Time: Gaining Insights from Adversary Infrastructure and ActivitiesSr. Security Evangelist, Team CymruRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: Laurel EastLearn techniques used in John’s threat research that can address common dilemmas faced by analysts in Security Operations teams. These moments of “well that sure would’ve been nice to know” is what inspired the topic for this presentation today: Threat Hunting.11:10 amImpacts of AI in SecurityGlobal Field CISO, SentinelOneRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: Parkview BallroomAbstract: Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important tools of defense, leaders must balance the overwhelming speed and accuracy advantage of AI with the need for measured and intuitive interactions with a real-world human element.Join this session to discuss:- What these trends mean for the hands-on practitioner
- What happens when the velocity of innovation outpaces the capabilities of human intellect
- The evolving role of automation in the effective practice of securing our digital world
12:00 pm[Lunch Keynote] Moving from CISO to CIRO: A Journey into the BoardroomOperating Partner | CISO, Welsh, Carson, Anderson & StoweRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterChief Information Security Officers are asking to report directly to the board. Before we can report to the board, we need to be able to articulate risks, not just cyber risks, but business risks, geopolitical risks, industry risks, regulatory risks, and more. This talk positions the security leader to use risks as the foundation of the InfoSec program to help mature the role from CISO to CIRO.
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)The State of Cybersecurity in 2024: The Good, the Bad, and the UnknownvCISO, Cyber Risk Opportunities LLCRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: Revolution ChophouseThe bad actors are getting more sophisticated. A new “hybrid war” landscape thanks to the Ukraine-Russia war and the Israel-Hamas war. Current and developing vectors for attacks: BEC, malware, phishing, DDoS, spyware, ransomware, and more. Join this VIP lunch roundtable to rub elbows and commiserate with CISO peers and invited guests to share ideas, best practices, and lessons learned in the fight to keep the public and private sectors safe from cybercrime. And let’s not forget the challenge of filling the cybersecurity talent pipeline; and new pressures on CISOs with the SEC pointing fingers their way.12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmBuilding Your Personal Board of Directors for Women in CyberChief of Cybersecurity, Region 3, DHS CISACISO, TrinseoCISO, Radian Group Inc.Information Security Analyst, Federal Reserve Bank of PhiladelphiaRegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: Parkview BallroomIn the dynamic and evolving field of cybersecurity, the importance of mentorship and guidance cannot be overstated, especially for women professionals navigating their careers in this domain. This session explores the significance of mentorship, networking, and creating a support system within the industry. Led by experienced women leaders in cybersecurity, this session aims to provide insights, share personal experiences, and offer strategies to empower women in building their own network of advisors, mentors, and allies. Join us for an inspiring session focused on fostering career growth, resilience, and success for women in the cybersecurity field.1:15 pmFight Shadow IT by Using Third-Party Risk Management as an EnablerSecurity Architecture Lead, Convenience RetailRegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: Laurel WestIt’s difficult to manage third-party risk when security teams aren’t involved in the vendor process, intentionally or unintentionally. By positioning security as a partner and the Third Party Risk Management process as an enabler instead of another hoop to jump through, you can gain a foothold in helping secure your organization against third parties, and reduce the amount of shadow IT. This session covers how to recast conversations and partnerships within the organization to better integrate TPRM while enabling technology users and increasing security.1:15 pm[Panel] Securing the Cloud Fortress: Revealing Defense Strategies for the CloudDirector, Enterprise Security Architecture, TE ConnectivityPrincipal Solutions Engineer, LaceworkSolutions Architect, CyberArkSr. Product Marketing Manager, Arctic WolfFounder & CTO, Contrast SecurityCISO, Flagship Credit AcceptanceRegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: Laurel EastIn the ever-expanding digital universe, the cloud has emerged as a powerful tool, enabling organizations to store data, access applications, and operate their businesses with unprecedented agility. However, this vast digital fortress, like any other, is not without its vulnerabilities. Join us as we delve into the realm of cloud security, exploring the hidden defenses employed by cybersecurity superheroes to safeguard the cloud and its inhabitants.
Our panel of cloud security experts shed light on the unique challenges and strategies involved in protecting cloud-based environments. They discuss the shared responsibility model, the role of cloud providers and customers, and the evolving tools and techniques employed to secure the cloud.
Our panel provides a comprehensive overview of cloud security, empowering attendees to understand the hidden defenses of the cloud and strengthen their cloud security posture. Learn how to identify and mitigate cloud-based threats, implement robust access controls, and effectively manage cloud security risks.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmCracking, Hacking, Protecting, and Understanding PasswordsCybersecurity Specialist and Founder of The Valander GroupRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: ParkviewPasswords remain one of the most fundamental and widely used authentication methods, but also one of the most vulnerable. This session dives deep into the current state of password security, covering the latest techniques and tools used by both attackers and defenders.
The session explores the latest password-cracking methods, from brute-force attacks to sophisticated dictionary and hybrid approaches. Learn how to assess the strength of passwords and identify weak spots in password policies.
On the defensive side, hear best practices for password management, including password managers, multi-factor authentication, and new password alternatives like biometrics and password-less authentication. Also learn techniques for effective password education and training end-users.
2:10 pmElevating Your Security Awareness Program: Case Study of What Worked (and What Didn't)Director of Cybersecurity / CISO, The Bancorp BankRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: Laurel EastEmployee security awareness has grown to be a critical part of a comprehensive security program. As a result, employees are inundated with phishing campaigns, security notices and redundant annual training sessions leading to many employees being overwhelmed and complacent when dealing with the training content. This session will present a case study of how the Bancorp Cybersecurity GRC team was able to design and implement a security awareness program that, through the use of gamification, rewards and competition, was able to increase participation, provide relevant and useful content, and maintain the momentum throughout the year. At the conclusion of the session, we will present our Top 10 recommendations on how to raise the level of your security awareness program. Hopefully, you will find these very helpful in the development of your security awareness program.
2:10 pm[Panel] The Cybersecurity Staffing Problem: Is There a Talent Shortage, a Hiring Problem, or Both?Chief of Cybersecurity, Region 3, DHS CISAExecutive Director of Product Security, JPMorgan Chase & Co.Information Risk, Governance, and Resilience Executive, Hudson's Bay Company (Former)Founder & CEO, Cyber Job CentralRegistration Level:- Open Sessions
2:10 pm - 2:55 pmLocation / Room: Laurel WestJoin this session to hear from an experienced cybersecurity recruiter and InfoSec practitioners to discuss the issues of why positions on cyber teams are so hard to fill and what some solutions are. What’s are the traditional tools used to hire and what are the differences – including internal and external recruiting, job boards, LinkedIn, other social media channels, and more. The panel will examine common hiring and recruiting roadblocks, including job descriptions, buzz words, ATS, resume spamming, and finding time to schedule interviews and make offers. Learn how to advertise effective job titles, realistic job descriptions, and leaning on technology to making vetting candidates easier. Job seekers will learn what successful resumes include and how to network effectively.3:00 pmNetworking BreakRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmHappy HourRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: Exhibitor HallJoin your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.
3:30 pm[Closing Keynote] Unmasking Cyber Villains: A BarCode PodcastAssociate CISO, St. Luke's University Health NetworkCISO, Penn EntertainmentVP of IT, Visit PhiladelphiaFounder, The BarCode PodcastRegistration Level:- Open Sessions
3:30 pm - 4:15 pmLocation / Room: Keynote TheaterWhen we think of cyber villains, it’s the ransomware gangs, malware distributors, and identity thieves doing the most obvious dirty work. Not many think of the villains that reside within corporate walls. Yes, insider threats do exist, but often they are unintended due to uneducated and assuming executives, lazy end users, non-paying cyber insurance companies, and over aggressive sales reps. There may be no malicious intent, but there can be severe consequences. These internal actors, whether through ignorance, apathy, or greed, frequently undermine cybersecurity efforts. In this “live” podcast session for future replay, our panelists identify the real cyber villains, as well as ones who seem to battle us on a different level. Who are the real villains? And who are the real heroes? It’s time to unmask the personalities, powers, and positions of cyber villains.3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: MagnoliaHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
3:45 pm[PLUS Course] Navigating the Cybersecurity Landscape: Tools and Tactics for Modern Defenses - Part 2Network Information Gathering with NmapCybersecurity Specialist and Founder of The Valander GroupRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: MapleMapping the Unknown: Network Discovery and Security with Nmap
Understanding the layout and vulnerabilities of your network is a critical first step in safeguarding against cyber threats. This session focuses on Nmap, the gold standard tool for network discovery and security auditing. Attendees will learn the fundamentals of Nmap, including its various scanning techniques, options, and the interpretation of its output for actionable intelligence. Through practical examples, participants will be guided on how to effectively use Nmap for comprehensive network scans, service detection, and vulnerability assessment. This presentation aims to equip cybersecurity practitioners with the knowledge to use Nmap as a potent tool in their security toolkit, enhancing their ability to detect and respond to potential network vulnerabilities.
- Thursday, April 18, 20247:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: MagnoliaHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
7:30 am[PLUS Course] Navigating the Cybersecurity Landscape: Tools and Tactics for Modern Defenses - Part 3Web Vulnerability Assessment with Burp SuiteCybersecurity Specialist and Founder of The Valander GroupRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amLocation / Room: MapleFortifying Web Applications: Penetration Testing with Burp Suite
In the realm of web application security, Burp Suite stands out as an indispensable tool for identifying vulnerabilities. This presentation delves into the capabilities of Burp Suite, from initial mapping and analysis of an application’s attack surface to finding and exploiting security flaws. Attendees will gain insights into setting up and utilizing the Burp Suite environment, employing its various tools for effective penetration testing, and understanding its role in securing web applications. Demonstrations will provide a hands-on look at conducting automated and manual testing, enhancing the skills needed to uncover and mitigate web application vulnerabilities. This session is designed to empower participants with the expertise to use Burp Suite as a critical component of their cybersecurity defenses.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)Massaging the Mind: Forging Sustainable Security Leadership and TeamsCISO, Penn EntertainmentRegistration Level:- VIP / Exclusive
8:00 am - 8:45 amLocation / Room: Revolution ChophouseHow do we achieve work-life balance as cybersecurity leaders, and how do we make sure our teams are doing the same? Come join this closed-door discussion with your Advisory Council peers and VIP guests and be ready to share your thoughts and ideas for thriving, not just surviving, a profession that lends itself to its share of stress.
This roundtable discussion is for our Advisory Council members only.
8:00 amDeception as a Tool in Your Cybersecurity PlaybookSpecial Presentation in Cooperation with Philadelphia InfraGardComputer Scientist, FBI Cyber Division HQ (Former)Registration Level:- Open Sessions
8:00 am - 8:45 amLocation / Room: Parkview BallroomConventional tools and practices are not always sufficient to secure the assets you are charged with protecting. In his presentation, former FBI Computer Scientist Dr. Russell Handorf describes a real-world dilemma where it was necessary to add an element of deception to protect an asset. He then ties that experience into how deception can—and should—be customized and applied to IT environments in order to deter and degrade the capabilities of adversaries.
8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Converge 2024: Outcome-Driven Cybersecurity TransformationCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLCFounding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)CIO, Morgan, Lewis & Bockius LLPRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterThe cybersecurity landscape is no longer defined by APTs and static defenses; it’s a dynamic battlefield where agility, strategic insights and creative risk reduction executed with technical veracity drive differentiating outcomes. Our co-presenters provide differentiating insights at the intersection of national defense, global security trends, and cybersecurity risk management.
This session helps you reimagine your security posture and provides you with a battle plan to protect your organizational assets. Col. Leighton and VJ delve into the defining trends of cybersecurity transformation, including using AI to shift from detection to prediction; addressing the evolving human factor risk with advanced security training and creating a culture of security; embracing integration and breaking down siloed data and disparate tools; and building future-proof defenses with automation and threat intelligence platforms.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 am[Panel] Stories from the Front Lines of the Ransomware Pandemic in HealthcareExecutive Director, Health Sector Coordinating Council Cybersecurity Working GroupCISO, Temple HealthCISO, ChristianaCare Health SystemCISO, Main Line HealthFounder, Armstrong Risk Management LLCRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: Laurel EastOur panelists draw on the lessons learned from hundreds of ransomware incidents at hospitals – and there’s no sign of incidents slowing down. The panelists take attendees on a historical journey that includes a variety of strange scenarios — ransomware combined with insider threat; the EHR is not encrypted but the hospital is still down; the decryption keys worked but the data is still unusable.The session uncovers topics, including:- Adopting a whole-organization approach to ransomware preparedness
- Asking the question, to pay or not to pay?
- What constitutes a data breach?
- How has ransomware evolved, and what can we expect next?
10:15 amBouncing Back from Cyber Calamity: Crafting Watertight Business Continuity PlansCISO & CPO, Cooper University Health CareRegistration Level:- Conference Pass
10:15 am - 11:00 amLocation / Room: Laurel WestBusiness continuity and disaster recovery planning are crucial to help organizations prepare for and recover from cyberattacks or data breaches. This session provides an overview of key strategies and best practices for developing a robust cyber resilience plan. Topics will include conducting a business impact analysis to prioritize critical systems and data, implementing comprehensive backup solutions, formulating incident response procedures, assessing supply chain vulnerabilities, retaining talent, and testing existing plans. Whether preparing for widespread ransomware attacks or isolated system failures, organizations must architect cyber resilience to minimize disruption and bounce back better than before.10:15 amTransform Networking & Security with Zero Trust ArchitectureCTO in Residence, ZscalerRegistration Level:- Open Sessions
10:15 am - 11:00 amLocation / Room: Parkview BallroomLearn how zero trust architecture secures users, workloads, and IoT/OT devices by addressing critical security shortcomings of legacy network architecture. This session covers key steps in a phased zero trust transformation journey as well as advice for winning the support of organizational leadership. Join this session and learn to:- Recognize issues inherent to routable networks
-
Identify initial steps and key phases of zero trust transformation
-
Demystify zero trust architecture for business leaders
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 am[Panel] Resilience: The Role of Cyber Incident ResponseDevSecOps Lead, VanguardDirector of Cybersecurity / CISO, The Bancorp BankInformation Risk, Governance, and Resilience Executive, Hudson's Bay Company (Former)Executive Director, National Cybersecurity AllianceRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: Laurel EastWith increasing regulatory scrutiny such as the SEC disclosure requirements and the increasing number of cyber incidents, cyber incident response planning is key to enterprise resilience. A strong cybersecurity posture requires a robust governance, risk, and compliance program. Practicing good cyber hygiene, identifying vulnerabilities, timely patching, endpoint protection, policies, standards, training, and awareness, go hand in hand with an effective and tested incident response plan. This helps manage the risk of cyber incidents that could lead to a disruption. This panel session discusses the key elements of a cyber incident response plan; and how you can ensure that it is actionable. Learn about the importance of clear roles and responsibilities and communication protocols, tested via regular tabletops with impactful and plausible scenarios.11:10 amA Journey to Zero TrustCISO, Flagship Credit AcceptanceRegistration Level:- Conference Pass
11:10 am - 11:55 amLocation / Room: Laurel WestSession description coming soon.
11:10 am[Panel] The Secret Potential of AI and ML: Empowering Cyber Superheroes with Artificial IntelligenceGrowth Technologies Evangelist, Check Point Software TechnologiesAVP, North America, ForcepointSr. Technical Director, Skybox SecurityCTO, Americas, Pure StoragePrincipal Solutions Consultant, SailPointPresident, ISSA Delaware Valley ChapterRegistration Level:- Open Sessions
11:10 am - 11:55 amLocation / Room: Parkview BallroomArtificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.
Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.
Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.
12:00 pm[Lunch Keynote] Managing CISO Culpability and Risk Management TransparencyVP, CISO, TE ConnectivityRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterOn the one hand, CISOs need to protect themselves. On the other hand, they need to better include executives in managing the risks cybersecurity leaders face. They (management) can’t be involved with the minutia CISOs deal with every day, but the aggregated risks are out of their line of sight until something goes wrong. Some mature companies have good programs in showing leadership the decisions and trade-offs made, but most are left to manage it and only report the super big issues up the leadership ladder. This keynote explores a better way to let management and the board know how prepared CISOs and their teams really are; and examines why it isn’t happening as much as it should. Learn how to protect your career, get more funding, and really let the business understand the risks when they own the technology.
12:00 pmAdvisory Council Roundtable Lunch – (VIP / Invite only)Building Your Cybersecurity Community: Connections and Career GrowthCISO, ChristianaCare Health SystemRegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmLocation / Room: Revolution ChophouseDeveloping meaningful professional relationships and strategically managing your career are vital for success and advancement in the fast-moving cybersecurity ecosystem. Connections are critical in our lives – we cannot do it alone. This closed-door, interactive session provides perspectives and frameworks for expanding your network both internally and across the industry. Come ready to share and hear proven approaches for becoming a trusted advisor to business leaders while raising the profile of your security team. We’ll discuss techniques to foster connections through conferences, media, and writing while aligning activities to your long-term career roadmap. Participants will leave ready to proactively network with purpose, find and become mentors and sponsors, and chart a fulfilling career trajectory in cybersecurity.12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmThe Far Left of Bang: Embracing Secure by DesignChief of Cybersecurity, Region 3, DHS CISARegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: Laurel WestConsider this: You wouldn’t drive your kids in a car without seat belts, airbags, or anti-lock brakes, would you? So, why would you acquire technology that lacks basic security and safety features, especially for critical infrastructure? By drawing a parallel between the non-negotiable safety standards in automotive design and the need for built-in security in technology, in this session we will challenge the traditional approach to cybersecurity. Advocating for a paradigm shift that prioritizes long-term security, safety, and resilience in our digital world ensures the same in our physical world.
In the ever-evolving landscape of cybersecurity our focus often gravitates towards patching vulnerabilities, addressing emerging threats, and responding to cyber incidents. This session will discuss ways to significantly reduce the risk to your systems and networks, illustrated through real-world incidents. We advocate for a proactive shift to the “far left of bang”—the critical, yet often overlooked, development stage before technology products reach the market. We’ll explore CISA’s commitment to advancing technology that is “secure by design,” integrating essential features such as memory-safe programming languages, multi-factor authentication, and security logging from the start, without additional costs.
From this session, you will understand how enterprises and critical infrastructure team can start demanding secure by design technology. And you will feel empowered and equipped to challenge the status quo of the technology we develop and use today!
1:15 pm[Panel] Communications Boot Camp: How to Effectively Address LeadershipSecurity Architecture Lead, Convenience RetailDeputy CISO / Sr. Director, Governance, Risk & Compliance, TE ConnectivityDirector, Information Security, CubeSmartRegistration Level:- Conference Pass
1:15 pm - 2:00 pmLocation / Room: Laurel EastAs cybersecurity professionals, we often find ourselves needing to communicate complex technical issues to non-technical business leaders and executives. This can be a daunting challenge, but effective communication is crucial for getting buy-in, securing resources, and driving strategic security initiatives.
In this panel session, seasoned cybersecurity leaders share their insights and best practices for engaging with the C-suite and board of directors. It covers techniques for translating technical jargon into business-friendly language, demonstrating the financial and reputational impacts of cyber risks, and aligning security priorities with organizational goals.
Learn how to become better storytellers, build trusted advisor relationships, and persuasively advocate for the resources and support needed to protect their organizations. Whether you’re a CISO, security manager, or aspiring leader, this session equips you with the communication skills to drive meaningful change from the top down.
1:15 pmFrom Risk-Based Vulnerability Management to Exposure ManagementVice President, Hive ProRegistration Level:- Open Sessions
1:15 pm - 2:00 pmLocation / Room: Parkview BallroomThe traditional approach of Risk-Based Vulnerability Management (RBVM) is critical for prioritizing vulnerabilities but frequently misses providing a full threat landscape perspective. It often overlooks the comprehensive risk assessment of vulnerabilities and assets and the importance of compensatory controls. Transitioning towards proactive exposure management through Continuous Threat Exposure Management (CTEM) offers a solution to these challenges, advocating for a more encompassing approach to cyber resilience.
Gartner predicts that by 2026, organizations that align their security investments with a CTEM program will experience two-thirds fewer breaches. This forecast highlights the pivotal role of CTEM in advancing cyber resilience strategies, moving beyond the conventional scopes of RBVM. Join Hive Pro’s former Gartner Analyst, Zaira Pirzada, for an engaging webinar that navigates the critical shift from RBVM to Proactive Exposure Management.
This session will focus on:
- RBVM’s shortfall in providing a comprehensive view of the threat landscape and its overlook of compensatory controls.
- An overview of CTEM as a strategic approach that fills these gaps, aiming for a more effective risk management and security enhancement.
- Implementing CTEM strategies for a holistic and proactive cybersecurity posture.
This presentation targets cybersecurity professionals aiming to refine their threat management approach by integrating a broader risk perspective and compensatory measures for a robust security framework.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmThe GPT of Teaching: How Teaching Part-Time Can Transform Your Cybersecurity CareerCybersecurity Teaching Professor and Pentesting Project Lead, Drexel UniversityRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: Laurel WestTeaching cybersecurity, even part-time, can greatly add technical and professional skills to your cybersecurity career portfolio. Hear how teaching can lead you in applying new technologies (such as ChatGPT) to the field, exploring new cybersecurity tools, communicating complex concepts in simple terms, and developing leadership skills. Explore how teaching can lead to cybersecurity contributions such as bug bounties, vulnerability disclosures, entries in the Google Hacking Database (GHDB), National Vulnerability Database (NVD) entries, new hacking tools, cybersecurity conference papers, and new partnerships. This session examines initial steps that you can take to get cybersecurity teaching experience that in turn boosts your cybersecurity career.2:10 pmProtecting Against OT and IoT ThreatsCISO, TrinseoRegistration Level:- Conference Pass
2:10 pm - 2:55 pmLocation / Room: Laurel EastAs Operational Technology (OT) and the Internet of Things (IoT) become integral components of organizational infrastructures, the cybersecurity landscape expands into uncharted territory. This session is dedicated to unraveling the intricacies of safeguarding against threats in the OT and IoT realms. Explore strategies for protecting critical infrastructure, manufacturing processes, and interconnected devices from evolving cyber threats. Industry experts share insights, case studies, and practical approaches to fortify defenses, emphasizing the unique challenges posed by the convergence of OT and IoT. Join this comprehensive discussion on securing the future of interconnected technologies in the face of emerging cyber risks.
2:10 pmSecurity Alert Management: How to Manage Your Alerts without Losing Your MindVP, Threat Detection Management, BlackRockVP, Incident Response, BlackRockRegistration Level:- Open Sessions
2:10 pm - 2:55 pmLocation / Room: Parkview BallroomAlerting is essential for security monitoring, but it can also be overwhelming, distracting, and confusing to monitor the health and progress of alerts. How can you manage your alerts effectively without losing your mind? In this presentation, you will learn how to apply best practices and techniques for alert management, strategies, and ideas for monitoring your alerts to ensure their health. Learn how to generate metrics to show the alerts are working, and build a workflow/process for onboarding them. Don’t let your alerts drive you crazy; learn how to manage them like a pro.
3:00 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:30 pm[Closing Keynote] Building a Stronger InfoSec CommunityVP of IT, Visit PhiladelphiaRegistration Level:- Open Sessions
3:30 pm - 4:15 pmLocation / Room: Keynote TheaterThe strength of community is our greatest asset when it comes to cybersecurity. This session aims to inspire and mobilize cybersecurity professionals to foster a more robust and collaborative InfoSec community. Keith shares insights on the vital components of a strong cybersecurity community, including the roles of practitioners, business leaders, government entities, educators, students, and entrepreneurs.This talk delves into the multifaceted challenges faced by cybersecurity professionals, such as the rising sophistication of cyber-attacks, increased regulatory compliance, and the growing reliance on technology. Hear actionable strategies to build individual networks, integrate with other groups, empower each other, and the importance of mentorship. Keith addresses critical issues like diversity in cybersecurity, attracting and retaining talent, and improving the standing of cybersecurity within organizations.3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: MagnoliaHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
3:45 pm[PLUS Course] Navigating the Cybersecurity Landscape: Tools and Tactics for Modern Defenses - Part 4Digital Forensics with CSI LinuxCybersecurity Specialist and Founder of The Valander GroupRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmLocation / Room: MapleSolving Cyber Mysteries: Forensic Investigations with CSI Linux
The digital landscape is fraught with complex cybercrimes that demand sophisticated tools for investigation. This presentation introduces CSI Linux, a comprehensive toolkit designed for digital forensics and investigative tasks. Participants will explore how CSI Linux equips professionals with the necessary tools to conduct thorough investigations, from data recovery to analysis of digital evidence. The session will cover the suite’s capabilities in gathering intelligence, analyzing malware, and cracking passwords, among other forensic activities. Through case studies and live demonstrations, attendees will learn how to apply CSI Linux tools in real-world scenarios, enhancing their investigative skills and bolstering their cybersecurity toolset for combating digital threats.
- Abnormal SecurityBooth: 240
Abnormal is the most precise human behavior security engine for blocking all email attacks, including phishing, malware, ransomware, social engineering, executive impersonation, supply chain compromise, internal account compromise, spam, and graymail.
Secure email gateways and built-in Microsoft and Google security struggle to block email attacks that pass reputation checks, have no URLs or attachments, and appear to come from trusted sources.Only Abnormal uses behavioral AI to profile known good behavior and analyzes over 45,000 signals to detect anomalies that deviate from these baselines, delivering maximum protection for global enterprises.
- AccessIT GroupBooth: 240
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- Akamai TechnologiesBooth: 250
Akamai powers and protects life online. Leading companies choose Akamai to build, deliver, and secure digital experiences. With the most distributed compute platform—cloud to edge—customers can build modern apps while keeping experiences closer to users and threats farther away. Learn about Akamai’s security, compute, and delivery solutions at akamai.com.
- Arctic Wolf NetworksBooth: 220
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- AxoniusBooth: 240
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
- BARR AdvisoryBooth: 175
At BARR Advisory, P.A. (“BARR Advisory”), we empower innovative technology and cloud service providers to anticipate, navigate, and respond to issues related to risk, cybersecurity, and compliance. Businesses looking for the accessibility of a boutique firm with the tools and expertise of a global consulting firm will find a partner in us.
We take the complexity out of security and compliance, and work with you to create an infrastructure built on accountability and trust. Let’s work together to give your organization’s stakeholders a reason to trust.
- Binary DefenseBooth: 105
Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.
- BrinqaBooth: 250
Brinqa is a leading provider of unified risk management – enabling stakeholders, governance organizations, and infrastructure and security teams to effectively manage technology risk at the speed of business. Brinqa software and cloud services leverage an organization’s existing investment in systems, security, and governance programs to identify, measure, manage and monitor risk. With Brinqa, organizations are reducing response time to emerging threats, impact to business, and technology risk and compliance costs by over 50% through real-time risk analytics, automated risk assessments, prioritized remediation, actionable insights and improved communication.
- Cato NetworksBooth: 110
Cato Networks pioneered the convergence of networking and security into the cloud. Aligned with Gartner’s Secure Access Service Edge (SASE) and Security Service Edge (SSE) frameworks, Cato’s vision is to deliver a next generation secure network architecture that eliminates the complexity, costs, and risks associated with legacy IT approaches based on disjointed point solutions. With Cato, organizations securely and optimally connect any user to any application anywhere on the globe. Our cloud-native architecture enables Cato to rapidly deploy new capabilities and maintain optimum security posture, without any effort from the IT teams. With Cato, your IT organization and your business are ready for whatever comes next. For more information, visit https://www.catonetworks.com.
- Check Point Software TechnologiesBooth: 235
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- Cloud Security Alliance Delaware Valley Chapter (CSA-DV)Booth: By Registration
Cloud Security Alliance Delaware Valley Chapter (CSA-DV) is a not-for-profit organization for people interested in education, training and possible certification in cloud security. We seek to improve the understanding of cloud security and to promote the interaction of both professionals and students in order to discuss current trends and topics within the industry.
OUR PURPOSE:To promote cloud security best practices within the Greater Philadelphia region, to educate about cloud computing, identify its risks, methods to secure it, and to continually provide opportunities for the development of cloud security professionals.
- Cloud Security Alliance Lehigh Valley ChapterBooth: By Registration
- Contrast SecurityBooth: 240
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
- CriblBooth: 240
Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables techprofessionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future.
Founded in 2018, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.
- CrowdStrikeBooth: 205
CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes, and technologies that drive modern enterprise, delivering superior protection, better performance, reduced complexity, and immediate time-to-value. CrowdStrike secures the most critical areas of enterprise risk—endpoints and cloud workloads, identity, and data—to keep organizations ahead of today’s adversaries and stop breaches.
- CyberArk SoftwareBooth: 310
CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
- EfficientIPBooth: 355
EfficientIP is a network security and automation company, specializing in DNS-DHCP-IPAM (DDI). We promote business continuity and we help organizations drive business efficiency through agile, secure and reliable network infrastructures. Our unified management framework for DNS-DHCP-IPAM (DDI) and network configurations ensures end-to-end visibility, consistency control and advanced automation. Our unique 360° DNS security solution protects data confidentiality and application access. EfficientIP is the world’s first DDI vendor to have released patented and award-winning innovation features to secure against threats to the DNS infrastructure: specific DNS security solutions that can protect against volumetric attacks (Zero-Day, DoS, data exfiltration), even when the source is not identified.
- F5Booth: 250
F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends
- ForcepointBooth: 300
Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.
- Google CloudBooth: 305
Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.
- Hive ProBooth: 120
Continuous Threat Exposure Management Solution
Hive Pro is a recognized and trusted vendor in Threat Exposure Management, delivering a purpose-built platform to identify, manage, and resolve vulnerabilities and threats across your entire digital landscape. Only Hive Pro can give Security, IT, Business and DevOps teams the full spectrum of their cyber threat exposure and the means to actionably reduce it from one platform and one interface.
Uni5 Xposure delivers a unified view of your cyber risks and all actionable pathways to resolve vulnerabilities and neutralize threats. By combining the power of infrastructure scanners, vulnerability assessment, risk prioritization, security control validation and remediation, Uni5 Xposure fortifies your cyber resiliency and preparedness.
- InfobloxBooth: 240
Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.
- Philadelphia InfraGard Members AllianceBooth: By Registration
InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.
- ISACA PhiladelphiaBooth: By Registration
The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.
- ISC2 Philadelphia ChapterBooth: By Registration
Welcome to the ISC2 Philadelphia Chapter, your trusted hub for cybersecurity excellence in the City of Brotherly Love. As a local chapter of the esteemed International Information System Security Certification Consortium (ISC2), we are dedicated to advancing the cybersecurity profession and building a robust community of security enthusiasts, professionals, and experts in the Greater Philadelphia area. We come from a wide range of industries but share a passion of promoting cybersecurity knowledge, facilitating professional growth, and fostering connections among individuals who share a passion for safeguarding our digital world.
- ISSA Delaware ValleyBooth: By Registration
Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.” - KeysightBooth: 165
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
- KiteworksBooth: 250
Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. To this end, we created a platform that delivers content governance, compliance, and protection to customers. The platform unifies, tracks, controls and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.
- LaceworkBooth: 210
Lacework automates security across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.
- LookoutBooth: 135
Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.
- MimecastBooth: 160
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- National Cybersecurity AllianceBooth: By Registration
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- OktaBooth: 315
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- OptivBooth: 250
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- Palo Alto NetworksBooth: 145
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.
- Pure Storage, Inc.Booth: 140
Pure Storage is pioneering a new class of enterprise storage that has been designed from the ground up to take full advantage of flash memory. The company’s products accelerate random I/O-intensive applications like server virtualization, desktop virtualization (VDI), database (OLTP, rich analytics/OLAP, SQL, NoSQL), and cloudcomputing.
Pure Storage makes it cost-effective to broadly deploy flash within the data center, enabling organizations to manage growth within existing power and space constraints. Launching later this year, the company’s products are in private beta with select customers. Pure Storage is funded by Greylock Partners and Sutter Hill Ventures.
- Recorded FutureBooth: 240
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- Red CanaryBooth: 230
Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attacks. As a security operations ally, we arm businesses of all sizes with outcome-focused solutions to quickly identify and shut down attacks from adversaries. Security teams can make a measurable improvement to security operations within minutes.
- Red River + CloudflareBooth: 100
Red River’s Security Practice has nearly 20 years of experience helping federal and enterprise customers strengthen their security stance with strategically-integrated data- and network-centric physical and cyber security solutions designed to protect critical assets, enable situational awareness and simplify security management. We not only hold the coveted Cisco Master Security Specialization, but our highly-certified experts use a balanced approach that blends leading-edge technology, systems, policies and proven processes to deliver secure, effective solutions that offer complete protection and long-term value to our customers. For more information, visit: https://redriver.com/.
Cloudflare is a global network designed to make everything you connect to the internet secure, private, fast, and reliable.
- Secure your websites, APIs, and Internet applications.
- Protect corporate networks, employees, and devices.
- Write and deploy code that runs on the network edge.
For more information, visit https://www.cloudflare.com/.
- SailPointBooth: 325
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- Searchlight CyberBooth: 130
We provide organizations with relevant and actionable dark web threat intelligence to help them identify and prevent criminal activity.
Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research.
Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.
- SecurityScorecardBooth: 240
SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.
- SentinelOneBooth: 215
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- SemperisBooth: 250
Semperis is the pioneer of identity-driven cyber resilience for cross-cloud and hybrid environments. The company provides cyber preparedness, incident response, and disaster recovery solutions for enterprise directory services—the keys to the kingdom. Semperis’ patented technology for Microsoft Active Directory protects over 40 million identities from cyberattacks, data breaches, and operational errors. Semperis solutions are accredited by Microsoft and recognized by Gartner. Semperis is headquartered in New Jersey and operates internationally, with its research and development team distributed between San Francisco and Tel Aviv.
- SentraBooth: 115
Sentra’s multi-cloud data security platform, discovers, classifies, and prioritizes the most business-critical data security risks for organizations, enabling more effective, faster remediation and compliance adherence.
Specializing in Data Security Posture Management (DSPM), Sentra ensures that the correct security posture moves with sensitive cloud data.
By automatically detecting vulnerabilities, misconfigurations, over-permissions, unauthorized access, data duplication, and more – Sentra empowers data handlers to work freely and safely with public cloud data, while leveraging rich insights to drive business growth and innovation. - Skybox SecurityBooth: 150
Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.
- SynopsysBooth: 250
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- Team CymruBooth: 320
Team Cymru’s mission is to save and improve human lives. We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.
Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.
Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.
Since 2005, our reputation remains unchallenged.
- ThreatLockerBooth: 265
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- VaronisBooth: 225
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.
- VeracodeBooth: 250
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Using powerful AI trained on a carefully curated, trusted dataset from experience analyzing trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means.
- VeritiBooth: 155
Veriti is a fast-growing security infrastructure innovator that helps organizations maximize their security posture while ensuring business uptime.
Integrated with the entire security stack, Veriti provides a consolidated management layer that continually and proactively monitors exposure to threats and provides actionable remediation paths for security gaps and high-risk vulnerabilities across the organization’s infrastructure and attack surface.
- Vulcan CyberBooth: 170
Vulcan Cyber® breaks down organizational cyber risk into measurable, manageable processes to help security teams go beyond their scan data and actually reduce risk. With powerful prioritization, orchestration and mitigation capabilities, the Vulcan Cyber risk management SaaS platform provides clear solutions to help manage risk effectively. Vulcan enhances teams’ existing cyber environments by connecting with all the tools they already use, supporting every stage of the cyber security lifecycle across cloud, IT and application attack surfaces. The unique capability of the Vulcan Cyber platform has garnered Vulcan recognition as a 2019 Gartner Cool Vendor and as a 2020 RSA Conference Innovation Sandbox finalist.
- WiCyS Delaware ValleyBooth: By Registration
Women make up only 11% of the cyber security workforce. With such low representation, it is essential that we advocate for and assist women as they navigate through the cyber security industry.
Philadelphia Women & Cyber Security’s Mission: To provide opportunities to advance careers for professionals in Cyber Security through education, mentoring, and networking. A Supportive community for women in cyber security that works to promote and encourage women to develop their careers. We are open to any support for our mission from any gender. Come to the next Philadelphia Women and Cyber Security’s event to get to know other like-minded, female cyber security professionals in the area. We will discuss industry best practices, the latest security trends and solutions, and share lessons we’ve learned over the years. For more information, contact wicysdelawarevalley@wicys.org.
- ZscalerBooth: 200
Zscaler’s Cloud-delivered security solution provides policy-based secure internet access for any employee, on any device, anywhere. Our proxy and scanning scalability ensures ultra-low latency in a 100% SaaS security solution requiring no hardware, software or desktop all while providing complete control over security, policy and DLP.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Eric Robuck, InstructorCybersecurity Specialist and Founder of The Valander Group
Eric Robuck is a seasoned cybersecurity expert with over two decades of experience in the industry. As the owner and founder of The Valander Group, he leads a team of top-notch business experts dedicated to providing comprehensive cybersecurity solutions for business owners.
Eric's extensive military background as a Warrant Officer focused on information technology and security has equipped him with the necessary skills and knowledge to handle complex cybersecurity challenges. He has a deep understanding of programming, database design, electronic information transfer, and project management, which allows him to develop and implement effective cybersecurity strategies for his clients.
Eric holds multiple professional certifications, including the CISSP, CEH, Security+, and AWS Practitioner. He has done masters work in Cybersecurity and leadership in Cyber Security to further enhance his knowledge and skills. Eric's expertise in cybersecurity makes him an invaluable asset to businesses looking to protect themselves from cyber threats.
When he's not working, Eric enjoys spending time with his family and staying active on the golf course. With his impressive track record and diverse skillset, Eric is a force to be reckoned with in the world of cybersecurity, and his clients trust him to keep their businesses safe from cyber-attacks.
- Tony Meholic, ModeratorDirector of Cybersecurity / CISO, The Bancorp Bank
Anthony is currently Director of Cybersecurity, Chief Security Officer at The Bancorp Inc. in Wilmington, Delaware. He has worked extensively with application development including creation of simulation software for emergency medical providers, work with local government agencies on EMS trending and metrics and customized user interfaces for medical diagnostic software. His experience in Information Security at The Bancorp, JPMorgan Chase, Citibank and Republic Bank in Philadelphia included detailed work on encryption key management, security reviews, risk assessments and security testing for financial institutions. He has been responsible for the creation and implementation of numerous information security programs such as: Mapping of the Cybersecurity program to the NIST Cybersecurity Framework and FFIEC Self-Assessment Tool, Vendor Management, project security reviews, customized encryption key management, establishment of an internal penetration testing program, comprehensive risk assessment, and vulnerability management. Anthony is a graduate of Michigan State University and has over 20 years of IT experience. He is a regular speaker at international information security conferences and is a frequent trainer for a variety of federal agencies. Anthony has authored numerous articles for Tech Target, Information Security Magazine and Hackin9 Magazine.
- Brian CederdahlBoard Director, Membership, Cloud Security Alliance, Delaware Valley Chapter
Brian has more than 25 years of technology expertise in IT Infrastructure, cybersecurity, semiconductor, and systems sales with Appgate, Rackspace, RealCloud, CoreSite, and Verizon Terremark. He is a graduate of Villanova University with B.S. in Electrical Engineering.
- Ed JowettPresident, ISC2 Philadelphia Chapter
- Chris A. Quintanilla, CISSPBoard President/Strategic Development Committee Chair, Philadelphia InfraGard
Chris has over 25 years’ experience in the IT field and is a Certified Information Systems Security Professional (CISSP). He has served as a senior project manager and engineer for several federal and municipal governments’ IT projects, as a network and systems engineer for IBM's Education and Training Division, and as an adjunct faculty member at the Pennsylvania Institute of Technology. Chris leverages his associations with federal law enforcement along with his IT background to advise clients on matters of information security, works with them to implement best practices to safeguard critical systems and sensitive information, and assists victims and law enforcement after malicious acts occur. Chris has been appointed by three different U.S. Presidents and two different Governors as a US Selective Service Board Member. He is also an information systems officer in the US Coast Guard Auxiliary.
- Kelly RogersFirst VP, Board of Directors, ISACA Philadelphia Chapter
Kelly also serves as the Business Information Security Lead (BISO) at Blackbaud.
- Donna RossPresident, WiCyS Delaware Valley Affiliate
Dynamic leader and board member demonstrating over 20 years of diverse risk, compliance, information security, technology, and operations experience within the manufacturing, insurance, banking, financial services, and retail sector. Adept in developing and implementing strategic technology and risk solutions, performing research and analysis to keep employer advised regarding emerging technologies and management of risk. Security and DEI evangelist.
- Scott Laliberte, ModeratorPresident, ISSA Delaware Valley Chapter
Scott Laliberte, President of ISSA Delaware Valley Chapter for over 10 years, has grown the chapter significantly by creating a collaborative community for Cyber Security professionals to share their knowledge and experience and satisfy their CPE needs. Scott also leads Protiviti’s Emerging Technology practice where he enables clients to leverage emerging technologies to solve complex business problems and manage risk. His team specializes in many technology areas including Artificial Intelligence (AI) and Machine Learning, Internet of Things (IoT), Cloud, Blockchain, and Quantum Computing. In previous roles, Scott was the Global leader of Protiviti’s Cyber Security Practice.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Jordan FischerCEO & Founder, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Shevani JaisinghSenior Counsel, TittmannWeix
- Margaux WeinraubCyber Practice Leader, Graham Company, a Marsh & McLennan Agency LLC Company
- Katie Crowley, ModeratorAVP, eRisk Underwriting, Crum & Forster
- Jim BearceVP, Professional Services, AccessIT Group
James Bearce is Vice President of Professional Services at AccessIT Group. Jim brings more than 20 years of information technology and cybersecurity development, operations and leadership experience in the financial services industry, and in cybersecurity advisory and managed services.
Prior to joining AccessIT Group, Jim was responsible for leading client engagements to build global security capabilities, served as an Interim Chief Information Security Officer for clients across multiple industries, and advised client Boards of Directors regarding technology and security challenges facing their organizations.
Jim has built and led security teams distributed across North & South America, Europe and the Asia/Pacific regions focused on the detection of cyberthreats, investigation of cybersecurity incidents, and reduction of attack vectors in complex organizations. In a previous role with Vigilant, Inc., he was responsible for the development of security managed services capabilities that contributed to the acquisition of Vigilant by Deloitte & Touche LLP.
Jim holds a Master of Science degree in Information Security & Assurance from Norwich University as well as multiple information security certifications
- Chul ChoiSr. Solutions Architect, Okta
For more than 25 years, Mr. Choi has been involved in more than 100 security and identity management projects. His experience spans multiple industries and public segment entities. He has served diverse roles in these IAM programs and holds a patent for entitlement management. Since 2019, he has been working as a Senior Solutions Architect for Okta.
- Jim CoylePublic Sector CTO, Lookout
Jim Coyle is the U.S. public sector CTO at Lookout Security, utilizing his 20+ years of knowledge and expertise to help close the security gap many government agencies and organizations face today. A cybersecurity industry thought leader exploring geo-political cyber related issues, the latest threats and defense strategies, as well as industry trends providing insights through his career. Jim is currently responsible for leading the charge to redesign and revolutionize cybersecurity programs of customers to battle today's threats.
- Luke McNamaraDeputy Chief Analyst, Mandiant Intelligence, Google Cloud
Luke McNamara is the Deputy Chief Analyst with Mandiant Intelligence, with over a decade of experience in cyber threat intelligence focusing on emerging threats and trends. His research has appeared in Bloomberg, CNBC, CNN, The Hill, The Nikkei, Lawfare, and other media outlets. Luke has presented at security conferences such as RSAC and Black Hat and hosts Mandiant’s Defenders Advantage podcast.
In previous roles at FireEye, Luke led and produced research for FireEye's Strategic Analysis Team, delivering insights into macro cyber threat trends for executive clients. Before its acquisition by FireEye, Luke was an intelligence consultant and analyst at iSIGHT Partners. As a Cyber Espionage Analyst at iSIGHT Partners, his work involved tracking nation state threat activity targeting public and private sector enterprises from Russia, China, North Korea, and Iran. Prior to working in cybersecurity, he supported intelligence programs in the defense sector as a contractor, culminating in a tour on the counterinsurgency advisory group for the commander of the NATO/ISAF mission in Afghanistan.
Luke McNamara holds a master’s degree from Columbia University's School of International and Public Affairs and an undergraduate degree from Patrick Henry College.
- Kevin WernerSystem Director, IT Security Operations, Main Line Health
Kevin is the System Director of Security Operations at Main Line Health, a mid-sized hospital system in Suburban Philadelphia, where his team oversees all non-GRC aspects of information security. He has more than a decade of information security experience and is a licensed attorney in Pennsylvania and New Jersey. He currently holds a CISSP certification as well as a CIPP/US certification. Kevin went to the College of the Holy Cross in Worcester, MA, for undergrad with a degree in Philosophy, and attended the Villanova University School of Law.
- Chris Guarino, ModeratorDevSecOps Lead, Vanguard
- Greg GarciaExecutive Director, Health Sector Coordinating Council Cybersecurity Working Group
Greg served as former (and nation's first) Assistant Secretary for Cybersecurity and Communications at the U.S. Department of Homeland Security, appointed by President Bush in 2006. He also led the Financial Services Sector Coordinating Council, and served in Congress and senior industry executive roles in technology and security.
- David LingenfelterCISO, Penn Entertainment
David Lingenfelter is the Chief Information Security Officer at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.
Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.
As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.
- John BrownSr. Security Evangelist, Team Cymru
John Brown is a Senior Security Evangelist and member of the Team Cymru Outreach team. Prior to joining Team Cymru, he was CTO of a regional ISP that provided Internet and Voice services via fiber optic and microwave technologies. Mr. Brown has actively been involved with Internet technologies since 1984, when as a high school student he connected via the local University’s UNIX systems. He has held senior technical training and customer support engineering roles at various companies in Silicon Valley. He is an active entrepreneur, having founded several successful technology companies. Mr. Brown was the principal networking and technical engineer for ICANN’s L-Root DNS server, part of the global critical DNS infrastructure. Mr. Brown is a past authorized instructor for ISC2's CISSP program and Mikrotik Routers. He is passionate about protecting the Internet from cyber criminals, teaching and passing on knowledge to others so that the Internet remains an open and safe for the world. When not helping protect Clouds, he actively teaches people how to fly in and around clouds as a Flight Instructor.
- Chris BoehmGlobal Field CISO, SentinelOne
Chris Boehm currently works as the Global Field CISO at SentinelOne. As a cybersecurity thought leader, he drives strategy and works closely with some of the largest organizations in the world. Prior to SentinelOne, he was a Senior Product Manager at Microsoft in the Azure Security engineering division. In his 5 years at Microsoft, he focused on driving product strategy and delivering strategic customer enablement. Chris worked closely with the Microsoft Cyber Defense Operations Center (CDOC) and Microsoft Threat Intelligence team (MSTIC) to work side by side on research and enablement to create a more intuitive investigation experience for Security Operations Centers.
- Bill BowmanOperating Partner | CISO, Welsh, Carson, Anderson & Stowe
Bill Bowman has been the first CISO at five different organizations over the last 20 years. He has been in Educational Technology, Financial Technology, and B2B Growth companies. He was the founding President for the (ISC)2 Eastern Massachusetts organization 10 years ago. Bill lives in Framingham with his wife and five children.
As CISO, Mr. Bowman is responsible for managing the global responsibilities associated with Information Security, Physical Security, Privacy, Disaster Recovery, Business Continuity, Incident Response, and Insurance. Mr. Bowman has successfully implemented PCI-DSS, SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 27017, and ISO 27018. Specialties: Executive Core Qualifications: Leading Change, Leading People, Results Driven (Metrics), Risk based decision making, Business/Industry Acumen, Building Coalitions. Management development, Talent development Technical Qualifications: Information Security, IT & business risk, IT governance & compliance (SOX 404), Regulatory compliance (GDPR), DR/BC, Mobility, Networking, Cloud security, Cloud privacy, Application vulnerability management, and other technical and non-technical related items.
- Kip Boyle, ModeratorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Tammy KlotzCISO, Trinseo
Tammy Klotz is a vibrant and accomplished executive with over three decades of diverse experience in the manufacturing industry, specializing in cybersecurity and transformational leadership. She offers keen expertise in navigating mergers, acquisitions, and divestitures within both publicly-traded and privately-held companies and is seasoned in security, risk, and compliance leadership. Tammy brings a dynamic and positive approach to problem solving, excelling in simplifying intricate IT and cybersecurity concepts and facilitating pragmatic, non-technical dialogues that resonate with business executives. She is recognized as a strong, knowledgeable, thoughtful security executive who excels in public speaking and thought leadership, striving to empower others through knowledge sharing.
- Donna RossCISO, Radian Group Inc.
Dynamic leader and board member demonstrating over 20 years of diverse risk, compliance, information security, technology, and operations experience within the manufacturing, insurance, banking, financial services, and retail sector. Adept in developing and implementing strategic technology and risk solutions, performing research and analysis to keep employer advised regarding emerging technologies and management of risk. Security and DEI evangelist.
- Molly Dodge, ModeratorInformation Security Analyst, Federal Reserve Bank of Philadelphia
- Chris BaroneSecurity Architecture Lead, Convenience Retail
Currently the Lead Security Architect at Wawa, Chris has had multiple roles developing process and evangelizing security functions to the rest of the organization. Chris' undergraduate degree is from Drexel University, and he holds a Master's in Cybersecurity Strategy from George Washington University.
- Niculae (Masu) BaicoianuDirector, Enterprise Security Architecture, TE Connectivity
- Bjorn BoePrincipal Solutions Engineer, Lacework
Bjorn is a Principal Solutions Engineer at Lacework with over 20 years experience helping customers find better ways to build, run, manage and secure their software workloads.
- Sule TatarSr. Product Marketing Manager, Arctic Wolf
Sule Tatar is a Senior Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.
- Bryan Bechard, ModeratorCISO, Flagship Credit Acceptance
Bryan is a 20+ year InfoSec career professional currently serving as CISO for an auto finance company and teaching the next generation of InfoSec pros.
- Eric RobuckCybersecurity Specialist and Founder of The Valander Group
Eric Robuck is a seasoned cybersecurity expert with over two decades of experience in the industry. As the owner and founder of The Valander Group, he leads a team of top-notch business experts dedicated to providing comprehensive cybersecurity solutions for business owners.
Eric's extensive military background as a Warrant Officer focused on information technology and security has equipped him with the necessary skills and knowledge to handle complex cybersecurity challenges. He has a deep understanding of programming, database design, electronic information transfer, and project management, which allows him to develop and implement effective cybersecurity strategies for his clients.
Eric holds multiple professional certifications, including the CISSP, CEH, Security+, and AWS Practitioner. He has done masters work in Cybersecurity and leadership in Cyber Security to further enhance his knowledge and skills. Eric's expertise in cybersecurity makes him an invaluable asset to businesses looking to protect themselves from cyber threats.
When he's not working, Eric enjoys spending time with his family and staying active on the golf course. With his impressive track record and diverse skillset, Eric is a force to be reckoned with in the world of cybersecurity, and his clients trust him to keep their businesses safe from cyber-attacks.
- Tony MeholicDirector of Cybersecurity / CISO, The Bancorp Bank
Anthony is currently Director of Cybersecurity, Chief Security Officer at The Bancorp Inc. in Wilmington, Delaware. He has worked extensively with application development including creation of simulation software for emergency medical providers, work with local government agencies on EMS trending and metrics and customized user interfaces for medical diagnostic software. His experience in Information Security at The Bancorp, JPMorgan Chase, Citibank and Republic Bank in Philadelphia included detailed work on encryption key management, security reviews, risk assessments and security testing for financial institutions. He has been responsible for the creation and implementation of numerous information security programs such as: Mapping of the Cybersecurity program to the NIST Cybersecurity Framework and FFIEC Self-Assessment Tool, Vendor Management, project security reviews, customized encryption key management, establishment of an internal penetration testing program, comprehensive risk assessment, and vulnerability management. Anthony is a graduate of Michigan State University and has over 20 years of IT experience. He is a regular speaker at international information security conferences and is a frequent trainer for a variety of federal agencies. Anthony has authored numerous articles for Tech Target, Information Security Magazine and Hackin9 Magazine.
- Derek FisherExecutive Director of Product Security, JPMorgan Chase & Co.
- Sara RicciInformation Risk, Governance, and Resilience Executive, Hudson's Bay Company (Former)
Sara Ricci is an accomplished executive with a proven track record in global leadership roles, building new capabilities and enhancing organizational resilience. She is experienced in Risk Management and Technology Enablement in highly regulated financial and energy sectors. Sara excels at building trust and credibility with executives, clearly communicating risk concepts and strategies in non-technical terms to help drive business results.
As a Risk and Resilience leader, Sara leverages prior experience as Head of Information Risk Governance and Resilience at HBC and senior leadership roles at HCL Technologies, New York Power Authority, JP Morgan Chase, Citi, Bank of America and UBS. She has led global implementations of governance, risk management and compliance programs, aligning risk and reward with business strategy, specializing in Operational Risk, IT Risk, Information Security, Business Continuity, Enterprise Risk, Third Party Risk, Operational Resilience, Enterprise Resource Planning, Software development and Business Process improvements.
Sara actively collaborates across organizations and helped develop industry guidance for the financial and energy sectors, including maturity models in Resilience and Cybersecurity, whitepapers and benchmarking studies in Risk Appetite and Resiliency. MBA (Finance and Management), CRISC, CDPSE, CBCP, HSEEP, SCR.
- Happy Hour
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- David LingenfelterCISO, Penn Entertainment
David Lingenfelter is the Chief Information Security Officer at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.
Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.
As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.
- Keith McMenaminVP of IT, Visit Philadelphia
Keith McMenamin is the Vice President of Information Technology at VISIT PHILADELPHIA®, the region’s official tourism marketing agency. In his 17 years with VISIT PHILADELPHIA®, Mr. McMenamin is credited with building and securing the technical infrastructure for an award-winning organization that was responsible for creating $11 billion dollars in economic impact for the city of Philadelphia in 2022. Over the years, he quickly became a trusted advisor to C-Suite executives along with evolving into the “go-to tech guy” for friends and colleagues in the local tourism marketing and media industries. Keith is a regular speaker and panelist at national industry conferences, volunteer at local schools and founder of the Philly Tech Council.
Outside of the office Keith enjoys playing sports, spending time with his family and taking long vacations to Southern California.
- Chris Glanden, HostFounder, The BarCode Podcast
Chris Glanden is an experienced cybersecurity strategist and the Founder & CEO of BarCode Security, a full-service consulting firm he launched in November 2023. Through BarCode, Glanden provides advisory services, pentesting, training, and incident response with a team of seasoned industry experts.
In 2020, Glanden started the BarCode Security podcast to have engaging discussions with global cybersecurity leaders. As COVID restrictions lifted, he took the show on the road nationwide, recording live at venues like private yachts, tech meetups, and hacker conventions. The podcast and live events aim to educate on diverse perspectives in cybersecurity leadership and culture.
Concurrently, Glanden is producing his first documentary film “Inhuman,” focused on weaponized AI, slated for release in 2024. His approach across projects combines the technical aspects of cybersecurity with a creative and entertainment angle, emphasizing the importance of understanding the human side in establishing efficient security programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Eric Robuck, InstructorCybersecurity Specialist and Founder of The Valander Group
Eric Robuck is a seasoned cybersecurity expert with over two decades of experience in the industry. As the owner and founder of The Valander Group, he leads a team of top-notch business experts dedicated to providing comprehensive cybersecurity solutions for business owners.
Eric's extensive military background as a Warrant Officer focused on information technology and security has equipped him with the necessary skills and knowledge to handle complex cybersecurity challenges. He has a deep understanding of programming, database design, electronic information transfer, and project management, which allows him to develop and implement effective cybersecurity strategies for his clients.
Eric holds multiple professional certifications, including the CISSP, CEH, Security+, and AWS Practitioner. He has done masters work in Cybersecurity and leadership in Cyber Security to further enhance his knowledge and skills. Eric's expertise in cybersecurity makes him an invaluable asset to businesses looking to protect themselves from cyber threats.
When he's not working, Eric enjoys spending time with his family and staying active on the golf course. With his impressive track record and diverse skillset, Eric is a force to be reckoned with in the world of cybersecurity, and his clients trust him to keep their businesses safe from cyber-attacks.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Eric Robuck, InstructorCybersecurity Specialist and Founder of The Valander Group
Eric Robuck is a seasoned cybersecurity expert with over two decades of experience in the industry. As the owner and founder of The Valander Group, he leads a team of top-notch business experts dedicated to providing comprehensive cybersecurity solutions for business owners.
Eric's extensive military background as a Warrant Officer focused on information technology and security has equipped him with the necessary skills and knowledge to handle complex cybersecurity challenges. He has a deep understanding of programming, database design, electronic information transfer, and project management, which allows him to develop and implement effective cybersecurity strategies for his clients.
Eric holds multiple professional certifications, including the CISSP, CEH, Security+, and AWS Practitioner. He has done masters work in Cybersecurity and leadership in Cyber Security to further enhance his knowledge and skills. Eric's expertise in cybersecurity makes him an invaluable asset to businesses looking to protect themselves from cyber threats.
When he's not working, Eric enjoys spending time with his family and staying active on the golf course. With his impressive track record and diverse skillset, Eric is a force to be reckoned with in the world of cybersecurity, and his clients trust him to keep their businesses safe from cyber-attacks.
- David Lingenfelter, ModeratorCISO, Penn Entertainment
David Lingenfelter is the Chief Information Security Officer at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.
Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.
As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.
- Dr. Russell Handorf, Guest SpeakerComputer Scientist, FBI Cyber Division HQ (Former)
- Col. Cedric LeightonCNN Military Analyst; U.S. Air Force (Ret.); Chairman, Cedric Leighton Associates, LLC
Cedric Leighton is a CNN Military Analyst and a retired United States Air Force Colonel. On CNN, he has provided incisive commentaries on the Israel-Hamas War, the War in Ukraine, the U.S. withdrawal from Afghanistan, and numerous other conflicts around the world. His analysis has been seen by millions of viewers around the world and provided much needed context to some of the most pressing national security issues of our time. As a U.S. Air Force officer, Colonel Leighton served at U.S. Special Operations Command, the Joint Staff, and the National Security Agency, where he helped train the nation's cyber warriors. A Middle East combat veteran, he is the recipient of numerous military awards, including the Defense Superior Service Medal and the Bronze Star. After serving 26 years as a U.S. Air Force Intelligence Officer, Col. Leighton founded a strategic risk consultancy and became the co-founder of CYFORIX, where he advises multinational businesses on developing better cyber strategies designed to reduce risk and unpredictability.
- VJ ViswanathanFounding Partner, CYFORIX (Former CISO & Sr. Executive at Keurig Dr Pepper, Comcast, HD Supply, and GE)
VJ Viswanathan is a seasoned technology executive recognized and awarded for innovation, business capability transformation, and thoughtful mentorship. Most recently, VJ is the founding partner at CYFORIX, a global cybersecurity research, advisory, and strategic consulting firm delivering solutions to public and private sectors. He also serves as the CEO at TORQE, a specialized advisory firm focused on analytics, automation, and convergent technologies. VJ is the co-host of ELEVATEINTEL, a podcast series at the nexus of technology, social, and defense.
With more than 25 years of pioneering enterprise technology, cybersecurity, privacy, and compliance & risk management experience, VJ has a detailed track record of designing, implementing, and leading highly successful programs, products, and services at multinational Fortune 100 brands spanning CPG, telecom, media, supply chain, healthcare, and finance segments. As a strategic thought leader, VJ has delivered the first of its kind "Supply Chain Security" & “Omni-channel Risk Management” frameworks. As a published author and featured keynote speaker at global industry events, he approaches disruptive digital paradigms with innovation, creativity, and active collaboration with his key industry peers, researchers, national & international law enforcement, and defense groups.
VJ is an active mentor at various incubators and accelerators groups, serves as an advisory board member for growth stage companies. As a strategic adviser to VC & PE firms, he specializes in developing market analysis, competitive product road maps, and guides in opportunity mapping. As a board member and subject matter advisor to CEOs and corporate directors, VJ evaluates and audits enterprise technology and cybersecurity programs for veracity and operational effectiveness.
VJ is passionate about animal rights and giving back to the technology and security industry. He has created a rescue and foster care group for large breed dogs. He is actively engaged with academic institutions and purpose-driven professional groups like Minorities in Cyber Security, where he serves as a board member and chair of mentorship programs to develop the next generation talent through coaching and facilitating scholarships for technology and cybersecurity education.
- Steve Naphy, ModeratorCIO, Morgan, Lewis & Bockius LLP
Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.
- Greg GarciaExecutive Director, Health Sector Coordinating Council Cybersecurity Working Group
Greg served as former (and nation's first) Assistant Secretary for Cybersecurity and Communications at the U.S. Department of Homeland Security, appointed by President Bush in 2006. He also led the Financial Services Sector Coordinating Council, and served in Congress and senior industry executive roles in technology and security.
- Hugo LaiCISO, Temple Health
- Anahi SantiagoCISO, ChristianaCare Health System
Anahi Santiago is the Chief Information Security Officer at ChristianaCare Health System, the largest healthcare provider in the state of Delaware. Prior to CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO, Anahi has overall responsibility for the organization's cybersecurity and assurance program. She leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety.
- Aaron WeismannCISO, Main Line Health
- Justin Armstrong, ModeratorFounder, Armstrong Risk Management LLC
Justin Armstrong is a security, privacy, and regulatory compliance consultant with over 25 years of experience in the Healthcare Industry. He worked as a vCISO at FractionalCISO, managed security at Healthcare Cybersecurity startup Tausight, and led Product Security at MEDITECH, a top three Electronic Health Record vendor. He has engaged with Hospitals in nearly 100 ransomware incidents.
Recently he founded Armstrong Risk Management to provide guidance on security, privacy, and regulatory compliance to companies large and small.
He holds the CISSP and HCISPP certifications and obtained his Masters in Cybersecurity Leadership at Brandeis University.
- Phil CurranCISO & CPO, Cooper University Health Care
Phil Curran has more than 25 years of experience in information security and privacy in the military, government and private sectors. As the Chief Information Assurance Officer and Chief Privacy Officer at Cooper University Health Care in Camden NJ, he is responsible for managing governance and regulatory compliance, risk assessment and management, threat intelligence and vulnerability assessment, privacy and security investigations, business continuity, and awareness and training. He has served on the Health Information Trust Alliance (HITRUST) task force to integrate privacy controls in the Common Security Framework and the development of the ISC2 Health Care Information Security and Privacy Practitioner. Phil serves on the Executive Committee for Secure World – Philadelphia and the Philadelphia and New Jersey Chapters of the CISO Executive Network. He has spoken on Information Security and Privacy issues at Secure World and HIMSS Privacy and Security.
- Chris GuarinoDevSecOps Lead, Vanguard
- Tony MeholicDirector of Cybersecurity / CISO, The Bancorp Bank
Anthony is currently Director of Cybersecurity, Chief Security Officer at The Bancorp Inc. in Wilmington, Delaware. He has worked extensively with application development including creation of simulation software for emergency medical providers, work with local government agencies on EMS trending and metrics and customized user interfaces for medical diagnostic software. His experience in Information Security at The Bancorp, JPMorgan Chase, Citibank and Republic Bank in Philadelphia included detailed work on encryption key management, security reviews, risk assessments and security testing for financial institutions. He has been responsible for the creation and implementation of numerous information security programs such as: Mapping of the Cybersecurity program to the NIST Cybersecurity Framework and FFIEC Self-Assessment Tool, Vendor Management, project security reviews, customized encryption key management, establishment of an internal penetration testing program, comprehensive risk assessment, and vulnerability management. Anthony is a graduate of Michigan State University and has over 20 years of IT experience. He is a regular speaker at international information security conferences and is a frequent trainer for a variety of federal agencies. Anthony has authored numerous articles for Tech Target, Information Security Magazine and Hackin9 Magazine.
- Sara RicciInformation Risk, Governance, and Resilience Executive, Hudson's Bay Company (Former)
Sara Ricci is an accomplished executive with a proven track record in global leadership roles, building new capabilities and enhancing organizational resilience. She is experienced in Risk Management and Technology Enablement in highly regulated financial and energy sectors. Sara excels at building trust and credibility with executives, clearly communicating risk concepts and strategies in non-technical terms to help drive business results.
As a Risk and Resilience leader, Sara leverages prior experience as Head of Information Risk Governance and Resilience at HBC and senior leadership roles at HCL Technologies, New York Power Authority, JP Morgan Chase, Citi, Bank of America and UBS. She has led global implementations of governance, risk management and compliance programs, aligning risk and reward with business strategy, specializing in Operational Risk, IT Risk, Information Security, Business Continuity, Enterprise Risk, Third Party Risk, Operational Resilience, Enterprise Resource Planning, Software development and Business Process improvements.
Sara actively collaborates across organizations and helped develop industry guidance for the financial and energy sectors, including maturity models in Resilience and Cybersecurity, whitepapers and benchmarking studies in Risk Appetite and Resiliency. MBA (Finance and Management), CRISC, CDPSE, CBCP, HSEEP, SCR.
- Lisa Plaggemier, ModeratorExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Bryan BechardCISO, Flagship Credit Acceptance
Bryan is a 20+ year InfoSec career professional currently serving as CISO for an auto finance company and teaching the next generation of InfoSec pros.
- Grant AsplundGrowth Technologies Evangelist, Check Point Software Technologies
For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.
- Dr. Howard GoodmanSr. Technical Director, Skybox Security
Howard Goodman, with a distinguished career spanning two decades, has emerged as a pivotal figure in cybersecurity, seamlessly integrating strategic planning with hands-on cybersecurity applications across numerous sectors. His significant contributions to organizations like Skybox Security highlight his prowess in navigating through the intricate realms of cybersecurity. A U.S. Navy veteran and holder of a Ph.D. in Cyber Operations, specializing in meticulously formulating and implementing security strategies.
Throughout his journey, he has consistently demonstrated a steadfast ability to deliver tangible results, adeptly crafting strategies while precisely evaluating the risks, issues, and benefits of long-term initiatives. His unique talent lies in skillfully communicating complex technical concepts to both senior executives and non-technical stakeholders, ensuring a thorough understanding of the projects and strategies under his leadership. Dr. Goodman's trajectory in the field reveals a leader who not only navigates through the complexities of the digital and cybersecurity domain but also stands as a reliable guide, ensuring strategic and secure operations in all his endeavors.
- Andy StoneCTO, Americas, Pure Storage
Andy Stone is an accomplished IT executive with a passion for technology and creating innovative solutions that solve business problems and deliver results. As CTO, Americas, at Pure Storage, Andy is focused on delivering next-gen data storage and protection technologies that help companies get better insights, improve time-to-market, and make breakthroughs.
- Steve ToolePrincipal Solutions Consultant, SailPoint
Steve Toole is a Principal Solutions Consultant with SailPoint Technologies. With almost 20 years' of Identity Security experience, he is responsible for helping clients around the world understand Identity Security and how to apply it to achieve business goals and objectives.
- Scott Laliberte, ModeratorPresident, ISSA Delaware Valley Chapter
Scott Laliberte, President of ISSA Delaware Valley Chapter for over 10 years, has grown the chapter significantly by creating a collaborative community for Cyber Security professionals to share their knowledge and experience and satisfy their CPE needs. Scott also leads Protiviti’s Emerging Technology practice where he enables clients to leverage emerging technologies to solve complex business problems and manage risk. His team specializes in many technology areas including Artificial Intelligence (AI) and Machine Learning, Internet of Things (IoT), Cloud, Blockchain, and Quantum Computing. In previous roles, Scott was the Global leader of Protiviti’s Cyber Security Practice.
- Todd BearmanVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Anahi Santiago, ModeratorCISO, ChristianaCare Health System
Anahi Santiago is the Chief Information Security Officer at ChristianaCare Health System, the largest healthcare provider in the state of Delaware. Prior to CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO, Anahi has overall responsibility for the organization's cybersecurity and assurance program. She leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety.
- Chris BaroneSecurity Architecture Lead, Convenience Retail
Currently the Lead Security Architect at Wawa, Chris has had multiple roles developing process and evangelizing security functions to the rest of the organization. Chris' undergraduate degree is from Drexel University, and he holds a Master's in Cybersecurity Strategy from George Washington University.
- Brandi BurtonDeputy CISO / Sr. Director, Governance, Risk & Compliance, TE Connectivity
Brandi Burton has more than 25 years experience in information and cyber security, with a specialty in technology risk management. Brandi has successfully helped companies in various industries design and lead information security and risk management programs that enable the organization's business strategies while meeting stakeholder expectations and regulatory obligations. Brandi pairs her expertise in information security with a keen business acumen in order to bridge the gap between geek speak and awesome business outcomes.
- Paul Lynch, ModeratorDirector, Information Security, CubeSmart
Paul Lynch, who has more than 20 years of experience in information technology, is Director of Information Security and Infrastructure for CubeSmart Self Storage. He has established security governance programs and best practices for government, non-profit, private, and publicly traded organizations ranging from technology startup to city. He holds several information security certifications, including Certified CISO, CISSP, ISSMP, and CCSP. He has served as a subject matter expert for EC-Council and (ISC)2, specializing in security governance and cloud security. He serves on the Customer Advisory Board for eSentire.
- Zaira PirzadaVice President, Hive Pro
Zaira Pirzada is the VP of Product Marketing at Hive Pro. Prior to joining Hive Pro, she was a Security Analyst with Gartner, Inc., covering the DLP, File Analysis, and Data Masking markets. Zaira was also featured on CBS as a main actress in the prime-time television show “Hunted”, Wired for her technical acumen, and is currently a popular-selling poet and performer.
- Thomas HeverinCybersecurity Teaching Professor and Pentesting Project Lead, Drexel University
Former Navy researcher turned cybersecurity educator, Dr. Thomas Heverin ignites minds at The Baldwin School, an all-girls college preparatory school, and Drexel University. He empowers future ethical hackers, sparks innovation with tools like ChatGPT, and uncovers critical ICS vulnerabilities. Google hacks, new hacking modules, new GPTs, and cybersecurity research papers, are just his realm of discovery. A champion of diversity in STEM (Girls Who Code, Black Girls Code, TechGirlz), Thomas brings his Ph.D. and CISSP knowledge to inspire the next generation of cybersecurity professionals.
- Tammy KlotzCISO, Trinseo
Tammy Klotz is a vibrant and accomplished executive with over three decades of diverse experience in the manufacturing industry, specializing in cybersecurity and transformational leadership. She offers keen expertise in navigating mergers, acquisitions, and divestitures within both publicly-traded and privately-held companies and is seasoned in security, risk, and compliance leadership. Tammy brings a dynamic and positive approach to problem solving, excelling in simplifying intricate IT and cybersecurity concepts and facilitating pragmatic, non-technical dialogues that resonate with business executives. She is recognized as a strong, knowledgeable, thoughtful security executive who excels in public speaking and thought leadership, striving to empower others through knowledge sharing.
- Keith McMenaminVP of IT, Visit Philadelphia
Keith McMenamin is the Vice President of Information Technology at VISIT PHILADELPHIA®, the region’s official tourism marketing agency. In his 17 years with VISIT PHILADELPHIA®, Mr. McMenamin is credited with building and securing the technical infrastructure for an award-winning organization that was responsible for creating $11 billion dollars in economic impact for the city of Philadelphia in 2022. Over the years, he quickly became a trusted advisor to C-Suite executives along with evolving into the “go-to tech guy” for friends and colleagues in the local tourism marketing and media industries. Keith is a regular speaker and panelist at national industry conferences, volunteer at local schools and founder of the Philly Tech Council.
Outside of the office Keith enjoys playing sports, spending time with his family and taking long vacations to Southern California.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Eric Robuck, InstructorCybersecurity Specialist and Founder of The Valander Group
Eric Robuck is a seasoned cybersecurity expert with over two decades of experience in the industry. As the owner and founder of The Valander Group, he leads a team of top-notch business experts dedicated to providing comprehensive cybersecurity solutions for business owners.
Eric's extensive military background as a Warrant Officer focused on information technology and security has equipped him with the necessary skills and knowledge to handle complex cybersecurity challenges. He has a deep understanding of programming, database design, electronic information transfer, and project management, which allows him to develop and implement effective cybersecurity strategies for his clients.
Eric holds multiple professional certifications, including the CISSP, CEH, Security+, and AWS Practitioner. He has done masters work in Cybersecurity and leadership in Cyber Security to further enhance his knowledge and skills. Eric's expertise in cybersecurity makes him an invaluable asset to businesses looking to protect themselves from cyber threats.
When he's not working, Eric enjoys spending time with his family and staying active on the golf course. With his impressive track record and diverse skillset, Eric is a force to be reckoned with in the world of cybersecurity, and his clients trust him to keep their businesses safe from cyber-attacks.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes