Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive
- Wednesday, April 9, 20257:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] AI Unleashed: Cybersecurity Strategies for an Autonomous Future - Part 1Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
7:30 am - 9:00 amArtificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.
Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.
This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:
Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.
Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.
Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.
Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.
Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1vCISO, Cyber Risk Opportunities LLCRegistration Level:SecureWorld Plus
7:30 am - 9:00 amHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
8:00 amExhibitor Hall openRegistration Level:Open Sessions
8:00 am - 4:15 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)VP, CISO, TE ConnectivityRegistration Level:VIP / Exclusive
8:00 am - 8:45 amModerated discussion for SecureWorld Advisory Council members. By invite only.
8:00 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:00 am - 8:45 amParticipating professional associations and details to be announced.
8:00 amBEC Attacks: The Stealthiest and Most Lucrative ThreatRegistration Level:Open Sessions
8:00 am - 8:45 am8:45 amNetworking BreakRegistration Level:Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] The Hidden Costs of Cybersecurity: Unveiling the True Price of ProtectionRegistration Level:Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterWith cyber threats evolving at an unprecedented pace, organizations are increasingly aware of the need for robust cybersecurity measures. However, the true cost of cybersecurity extends far beyond the visible expenses of software licenses and security personnel. This keynote panel delves into the often-overlooked aspects of cybersecurity that can significantly impact an organization’s bottom line and operational efficiency. The panel explores:
- The multifaceted nature of cybersecurity costs, beginning with the critical yet often underestimated areas of incident response (IR) readiness and preparedness.
- The importance of comprehensive business continuity planning, highlighting how inadequate planning can lead to substantial financial losses and reputational damage. The panel cites real-world examples, including the recent CrowdStrike outage, to illustrate the cascading effects of service disruptions on both providers and their clients.
- The legal aspects of cybersecurity, exploring how regulatory compliance, potential liabilities, and the cost of legal counsel in the aftermath of a breach contribute to the hidden costs of security. Don’t forget the often-underestimated impact of third-party risk and the importance of robust vendor management practices.
- How to challenge the conventional wisdom of relying heavily on a single security vendor, advocating for a diversified approach that can enhance resilience and reduce dependency risks. The panel also addresses the counterintuitive problem of implementing too many security controls, which can paradoxically slow recovery efforts after an incident and increase operational complexity.
9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amEngaging with and Driving Innovation in CybersecurityRegistration Level:Conference Pass
10:15 am - 11:00 amSession description to come.
10:15 am[Panel] Beyond the Single Point of FailureLessons from Recent Vendor Incidents and Strategies for ResilienceRegistration Level:Conference Pass
10:15 am - 11:00 amRecent incidents involving major cybersecurity vendors like CrowdStrike and Microsoft have highlighted the critical issue of single-point failures in our digital defense ecosystems. This panel session delves into the aftermath of these events and explores the broader implications for organizational cybersecurity strategies. Our expert panel discusses:
- The dangers of over-reliance on single vendors: Exploring the risks associated with putting all your security eggs in one basket.
- Developing a multi-vendor strategy: Balancing the benefits of integrated solutions with the need for redundancy and resilience.
- Incident response planning: Preparing for vendor-related outages or failures as part of your overall cybersecurity strategy.
- Future outlook: How the industry might evolve to address these challenges.
Gain valuable insights into creating more resilient security architectures that can withstand vendor-specific incidents.
10:15 amStarting Your Zero Trust Journey on the Right FootRegistration Level:Open Sessions
10:15 am - 11:00 amSession description to come.
10:15 amHarnessing Data Analytics for Robust Fraud Detection and PreventionRegistration Level:Open Sessions
10:15 am - 11:00 amSession description to come.
11:00 amNetworking BreakRegistration Level:Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amMyths, Monsters, and Magic: How to Succeed in CybersecurityCISO, Penn EntertainmentRegistration Level:Conference Pass
11:10 am - 11:55 amRecent surveys have shown that the burnout rate for cybersecurity professions is upwards of 60%. High stress, long hours, rapidly changing landscape, all make the job of a cybersecurity professional difficult on a good day. Add on top of handling the technical aspects of cybersecurity the need to be able to translate what you do into terms that people understand. Because, let’s be honest, no one understands what we do. The less tech savvy people think we’re wizards. Management thinks we’re snake oil salespeople just looking for more budget so we can control everything. So how do you build a successful career in cybersecurity? Pull up a chair and let’s talk about the myths, monsters, and magic behind building a successful career in cybersecurity.
11:10 amNavigating Your Cybersecurity Career: Pathing, Pivots, and ProgressSr. Manager, Information Security, Affiliated DistributorsPresident & CEO, Keysec AdvisorsCybersecurity Specialist & Founder, The Valander GroupInformation Security Analyst, Federal Reserve Bank of PhiladelphiaRegistration Level:Conference Pass
11:10 am - 11:55 amThe cybersecurity field offers a vast range of opportunities, but plotting a successful career path can feel overwhelming. Whether you’re just starting out, looking to pivot mid-career, or considering a move to a new company or role, the journey requires strategic planning and adaptability.
This interactive panel discussion brings together seasoned cybersecurity professionals to share their insights, experiences, and practical advice on moving ahead at any stage of your career in cybersecurity. Key topics include:
- Exploring Career Pathing: Understand the diverse career tracks within cybersecurity, from technical specializations like penetration testing and cloud security to leadership roles like CISO and beyond.
- Mid-Career Pivots: Learn how to navigate transitions—whether switching to a new company, changing roles, or making a full career shift into cybersecurity from another field.
- Building Resilience and Growth: Discover strategies for staying relevant in a fast-paced, ever-changing industry while balancing professional and personal growth.
- Skills That Matter: Identify the technical and soft skills in demand today and how to position yourself as a top candidate for your dream role.
Whether you’re climbing the cybersecurity ladder, considering a lateral move, or looking to redefine your career, this session offers actionable advice and inspiration to take the next step with confidence. Bring your questions and prepare for a candid, thought-provoking discussion about the future of your cybersecurity career.
11:10 amMicro Segmentation: What You Need to KnowRegistration Level:Open Sessions
11:10 am - 11:55 amSession description to come.
11:10 am[Panel] The Evolving Cyber Threat Landscape: Tales of Villains, Heroes, and ResiliencePrincipal Solutions Architect (Cloud Security SME), BitdefenderRegistration Level:Open Sessions
11:10 am - 11:55 amToday’s professionals face challenges reminiscent of classic fairy tales: shadowy villains, unexpected allies, and battles for safety and survival. This panel will delve into the current threat landscape, from ransomware dragons to insider trolls. It will offer insights into the strategies and tools organizations need to craft their own happily ever after in cybersecurity.
12:00 pm[Lunch Keynote] Learning How to Story Tell to Move Cybersecurity ForwardRegistration Level:Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterSession description to come.
12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite Only)Registration Level:VIP / Exclusive
12:00 pm - 12:45 pmModerated discussion for SecureWorld Advisory Council members. By invite only.
12:45 pmNetworking BreakRegistration Level:Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pm[Panel] ASPIRE Your Approach: Repay Engineering by Investing in Application SecurityHead of Security Assurance and Operations, DAT Freight & AnalyticsCISO, DAT Freight & AnalyticsRegistration Level:Conference Pass
1:15 pm - 2:00 pmChallenges with engineering moving faster with their CI/CD pipelines, releases, and environment updates still need security involved to adopt and scale. Security investments often increasingly create friction within the organization. This session helps security professionals look at their AppSec program with a “more investment is good” model. This mantra allows security and engineering—and the business—to scale with quality, speed, and innovation that improves security and fosters better engineering partnerships.
1:15 pmGet to Know, and Get Along with, Your General Counsel and CFORegistration Level:Conference Pass
1:15 pm - 2:00 pmSession description to come.
1:15 pmBuilding a Strong Defense with PCI ComplianceRegistration Level:Open Sessions
1:15 pm - 2:00 pmAs the cybersecurity landscape evolves, the associated PCI requirements supporting those security considerations are also changing. Is your organization well positioned to adapt to the updated guidance issued with version 4.0.1 and the upcoming implementation deadlines for the March 31, 2025, requirements? This presentation explores the essential quick wins for payment card security and PCI compliance related to the new version, 4.0.1, and how to best guard your cardholder data without committing the whole IT team defensive line to compliance-related tasks.
Key topics include:
- Rule Changes: Updates to PCI DSS in version 4.0.1
- Game Footage: Common High-Risk Misses
- Away Games: Future Dated (2025) Requirements
1:15 pm[Panel] Protecting Data and Systems in the CloudRegistration Level:Open Sessions
1:15 pm - 2:00 pmSession description to come.
2:00 pmNetworking BreakRegistration Level:Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmWeaponizing OSINT: The Silent Threat in Social Engineering AttacksCybersecurity Specialist & Founder, The Valander GroupRegistration Level:Conference Pass
2:10 pm - 2:55 pmIn today’s interconnected world, public data has become a powerful weapon in the hands of cybercriminals and ethical hackers alike. This presentation dives deep into how attackers leverage Open-Source Intelligence (OSINT) to craft highly convincing and successful social engineering campaigns. From mining social media profiles and job boards to exploiting organizational leaks and public records, the session explores how seemingly harmless data can be weaponized to gain unauthorized access to systems and sensitive information.
Come ready to witness live demos showcasing OSINT tools, techniques, and real-world social engineering scenarios that highlight the devastating impact of data exposure. Eric provides actionable steps to minimize OSINT risks through employee awareness, privacy hygiene, and security-first organizational policies. By the end of this session, participants will understand why protecting public data is as critical as securing internal networks—and how to do it effectively.
2:10 pmManaging AI Platform Risk: How Security and Engineering Partner to Deliver Trusted ModelsRegistration Level:Conference Pass
2:10 pm - 2:55 pmThis panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.
2:10 pmSecuring Success: The Impact of Networking, Education, and Certifications in CybersecurityRegistration Level:Open Sessions
2:10 pm - 2:55 pmSession description to come.
2:10 pmHow to Build Trustworthy and Secure AI Systems: Key Frameworks & Vulnerabilities You Need to KnowRegistration Level:Open Sessions
2:10 pm - 2:55 pmThe advancements of artificial intelligence (AI) have taken both popular culture and almost every industry by storm, due to the technology’s far-reaching abilities to augment human skills and bring safety and efficiency to several areas of our everyday lives. But these systems also bring with them a wealth of challenges, from ethics to security. We must be just as concerned about an organizations’ use of AI in critical workflows as we should be about LLMs disclosing sensitive data. How we evaluate these systems security, resilience, and robustness will be driven by well-established bedrock principles in both audit and assessments.
3:00 pmNetworking BreakRegistration Level:Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmHappy HourRegistration Level:Open Sessions
3:00 pm - 4:15 pmJoin your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.
3:30 pm[Closing Keynote] The State of Cybersecurity in the RegionRegistration Level:Open Sessions
3:30 pm - 4:15 pmSession description to come.
3:45 pm[PLUS Course] AI Unleashed: Cybersecurity Strategies for an Autonomous Future - Part 2Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmArtificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.
Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.
This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:
Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.
Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.
Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.
Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.
Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2vCISO, Cyber Risk Opportunities LLCRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- Thursday, April 10, 20257:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] AI Unleashed: Cybersecurity Strategies for an Autonomous Future - Part 3Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
7:30 am - 9:00 amArtificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.
Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.
This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:
Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.
Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.
Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.
Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.
Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3vCISO, Cyber Risk Opportunities LLCRegistration Level:SecureWorld Plus
7:30 am - 9:00 amHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
8:00 amExhibitor Hall openRegistration Level:Open Sessions
8:00 am - 4:15 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)CIO, Morgan, Lewis & Bockius LLPRegistration Level:VIP / Exclusive
8:00 am - 8:45 amModerated discussion for SecureWorld Advisory Council members. By invite only.
8:00 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:00 am - 8:45 amParticipating professional associations and details to be announced.
8:00 amBenchmarking Your Cybersecurity FrameworkRegistration Level:Open Sessions
8:00 am - 8:45 amMeasuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.
8:45 amNetworking BreakRegistration Level:Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Digital Cloak and Daggers: Nation-State Threats in an Era of Complex DependenciesVP, CISO, TE ConnectivityVP, Cyber and AI, Azzur GroupCIO, Morgan, Lewis & Bockius LLPExecutive Director of Product Security, JPMorgan Chase & Co.Registration Level:Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterThis panel explores the challenges facing the United States and its Western allies in managing relationships with strategic competitors, particularly China, in an environment where digital threats coexist with economic partnerships. Our speakers examine how nation-states leverage cyber capabilities, intellectual property theft, and digital infrastructure to advance their strategic interests while maintaining essential trade relationships. The discussion focuses on China’s evolving role as both a critical economic partner and a significant security concern, while also addressing emerging threats from other state actors.
Panelists analyze practical approaches to protecting national security interests and critical infrastructure without severing vital international economic ties. Topics include supply chain security, technology transfer concerns, diplomatic strategies for cyber deterrence, and frameworks for selective economic decoupling in critical sectors. The session concludes with recommendations for developing more resilient international relationships that balance security imperatives with economic realities.
9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 amBug Bounties: Tips from the TriagerRegistration Level:Conference Pass
10:15 am - 11:00 amHear directly how someone who has spent years reviewing and prioritizing bug bounty program submissions approaches the task. In this talk, discover how to craft reports that stand out, ensuring your findings are presented for maximum impact and value. Discover the most common pitfalls to avoid, tips on how to structure your reports for clarity and precision, and hear highlights of the key elements triagers focus on to determine the severity and validity of vulnerabilities.
10:15 amInvesting in Your Application Security ProgramsRegistration Level:Conference Pass
10:15 am - 11:00 amSession description to come.
10:15 amBug Bounties: Tips from the TriagerRegistration Level:Open Sessions
10:15 am - 11:00 amHear directly how someone who has spent years reviewing and prioritizing bug bounty program submissions approaches the task. In this talk, discover how to craft reports that stand out, ensuring your findings are presented for maximum impact and value. Discover the most common pitfalls to avoid, tips on how to structure your reports for clarity and precision, and hear highlights of the key elements triagers focus on to determine the severity and validity of vulnerabilities.
10:15 amTabletop Exercises: The Fun KindRegistration Level:Open Sessions
10:15 am - 11:00 amTabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!
This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.
11:00 amNetworking BreakRegistration Level:Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amFrom an Army of One to an Army of a Ton: Creating an Effective Security Awareness ProgramAssociate CISO, St. Luke's University Health NetworkRegistration Level:Conference Pass
11:10 am - 11:55 amThe human element of security is one of the most difficult to predictand therefore to secure. Additionally, one of our biggest challenges is building a security awareness program for those who may have never been subjected to one by understanding the aversion to buying into the security program. We have great written resources and guidance from things like NIST 800-53, but it’s much more challenging to overcome the sociological elements of the human factor that prevent success of security-aware cultures, such as aversion to technology, fear, uncertainty, doubt, and simply non-malicious human error. As security professionals, we may lose sight of the fact that the professionals we support also have other jobs. So learning and focusing on security controls can be stressful and daunting.
Incorporating change management methodologies rooted in the psychology of human behavior, such as ADKAR (Awareness, Desire, Knowledge, Ability, and Reinforcement), can assist us as security professionals in facilitating more impactful cultural change through understanding why employees we support act and react the way they do and what other environmental or social factors may influence their decision-making and thought processes. It can also help us gain buy-in from our leadership, nudging from the bottom up, while leading by example from the top down.
The ADKAR change model has been proven to help individuals understand and accept change so companies can successfully innovate and become more efficient. As security professionals, we have to be conscious that security program costs contribute to the rising costs of healthcare, goods, and services. And we often have to find unique and strategic ways to ingrain ownership of security functions within other departments to augment our limited resources. Building a security ambassador program using these change facilitation concepts will help drive cost-effective ownership of the security program throughout the entire organization, creating a deeper business resilience, reducing risk, and truly leading by example—proving we are stronger together.
11:10 amBuilding Trusted Partnerships to Enable Secure ProductsRegistration Level:Conference Pass
11:10 am - 11:55 amIn today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.
Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:
- Establishing trust in the supply chain
- Collaborative approaches to secure software development
- The role of transparency in building and maintaining trust
- Balancing intellectual property concerns with security needs
- Leveraging partnerships for more effective incident response
- Case studies of successful security-focused partnerships
11:10 amCyber Risk by the Numbers from a Cyber Insurance PerspectiveRegistration Level:Open Sessions
11:10 am - 11:55 amYou’ve experienced a cyber incident. Does cyber insurance really pay? What’s actually a recoverable expense? How can insurance help? And when the insurance does pay, how do you balance the amount of insurance with cybersecurity priorities? In this session, we’ll evaluate the data and dig into recent real-world examples of how cyber insurance pays claims, what’s covered, the role of insurance in incident preparation and response, and how organizations are using analytics in decision-making.
11:10 am[Panel] Improving Incident Response Through Threat Intelligence, Cloud Resilience, and AI InnovationsRegistration Level:Open Sessions
11:10 am - 11:55 amSession description to come.
12:00 pm[Lunch Keynote] A Leadership Strategy for Navigating a CrisisRegistration Level:Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterSession description to come.
12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite Only)Registration Level:VIP / Exclusive
12:00 pm - 12:45 pmModerated discussion for SecureWorld Advisory Council members. By invite only.
12:45 pmNetworking BreakRegistration Level:Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pm[Panel] Privacy Laws: The Latest Updates and Impacts on CybersecurityFounding Partner & Owner, Fischer Law, LLCRegistration Level:Conference Pass
1:15 pm - 2:00 pmSession details to come.
1:15 pmManaging Security and Technology After an AcquisitionRegistration Level:Conference Pass
1:15 pm - 2:00 pmSession description to come.
1:15 pmAddressing the Cybersecurity Skill Shortage Internally and ExternallyRegistration Level:Open Sessions
1:15 pm - 2:00 pmThis presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.
1:15 pm[Panel] The Secret Potential of AI and MLRegistration Level:Open Sessions
1:15 pm - 2:00 pmArtificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.
Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.
Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.
2:00 pmNetworking BreakRegistration Level:Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmCognitive Computing in the New Age of AIRegistration Level:Conference Pass
2:10 pm - 2:55 pmSession description to come.
2:10 pmIntegrating Transformative OT Cybersecurity ProgramsRegistration Level:Conference Pass
2:10 pm - 2:55 pmSession description to come.
2:10 pmSocial Engineering: Training the Human FirewallRegistration Level:Open Sessions
2:10 pm - 2:55 pmPhishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.
2:10 pmNavigating Third-Party Risk and Vendor ResilienceRegistration Level:Open Sessions
2:10 pm - 2:55 pmIn today’s dynamic cyber risk landscape, risk managers must stay informed and adapt their strategies accordingly. Recent global cyber events have had a profound impact on critical functions across multiple sectors, underscoring the gravity of cyber events. Risk managers also face complexities from trends like reliance on third parties and evolving data protection laws.
To successfully navigate these challenges, risk managers are tasked with learning from significant cyber events, implementing best practices for managing third-party cyber risk, and staying updated on privacy regulations. This session assists risk managers in effectively mitigating cyber risks and safeguarding their organizations by discussing strategies for managing third-party cyber risk and providing updates on privacy regulations.
3:00 pmNetworking Break and Dash for PrizesRegistration Level:Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:30 pm[Closing Keynote] Fast-Tack Funding of Your Cyber Initiatives by Focusing on Cyber ResilienceRegistration Level:Open Sessions
3:30 pm - 4:15 pmLocation / Room: Keynote TheaterSession description to come.
3:45 pm[PLUS Course] AI Unleashed: Cybersecurity Strategies for an Autonomous Future - Part 4Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmArtificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.
Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.
This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:
Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.
Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.
Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.
Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.
Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4vCISO, Cyber Risk Opportunities LLCRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
- AccessIT GroupBooth: TBD
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- BitdefenderBooth: 205
Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.
From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.
- Cloud Security Alliance (CSA)Booth: TBD
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- FortinetBooth: 325
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- Google CloudBooth: 200
Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.
- HUMAN SecurityBooth: 105
HUMAN is a cybersecurity company that safeguards 1,200+ brands from digital attacks including bots, fraud and account abuse. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trilliondigital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN.
- Philadelphia InfraGard Members AllianceBooth: TBD
InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.
- ISACA PhiladelphiaBooth: TBD
The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.
- IslandBooth: 435
What if the enterprise had complete control over the browser? What would it mean for security, for productivity, for work itself? Introducing Island, the Enterprise Browser—the ideal enterprise workplace, where work flows freely while remaining fundamentally secure. With the core needs of the enterprise naturally embedded in the browser itself, Island gives organizations complete control, visibility, and governance over the last mile, while delivering the same smooth Chromium-based browser experience users expect. Led by experienced leaders in enterprise security and browser technology and backed by leading venture funds—Insight Partners, Sequoia Capital, Cyberstarts and Stripes Capital—Island is redefining the future of work for some of the largest, most respected enterprises in the world.
- ISSA Delaware ValleyBooth: TBD
Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.” - SentinelOneBooth: 215
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- SilverfortBooth: 220
Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.
- SplunkBooth: 430
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
- TaniumBooth: 320
Tanium defends every team, endpoint and workflow against the largest attack surface in history by delivering the industry’s first convergence of IT management and security operations with a single platform under a new category, Converged Endpoint Management (XEM).
The integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose—to protect critical information and infrastructure.
For more information, visit: https://www.tanium.com.
- ThreatLockerBooth: 170
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- WiCyS Delaware ValleyBooth: TBD
Women make up only 11% of the cyber security workforce. With such low representation, it is essential that we advocate for and assist women as they navigate through the cyber security industry.
Philadelphia Women & Cyber Security’s Mission: To provide opportunities to advance careers for professionals in Cyber Security through education, mentoring, and networking. A Supportive community for women in cyber security that works to promote and encourage women to develop their careers. We are open to any support for our mission from any gender. Come to the next Philadelphia Women and Cyber Security’s event to get to know other like-minded, female cyber security professionals in the area. We will discuss industry best practices, the latest security trends and solutions, and share lessons we’ve learned over the years. For more information, contact wicysdelawarevalley@wicys.org.
- ZscalerBooth: 100
Zscaler is universally recognized as the leader in zero trust. Leveraging the largest security cloud on the planet, Zscaler anticipates, secures, and simplifies the experience of doing business for the world’s most established companies.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Todd Bearman, ModeratorVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Panel Discussion
- David LingenfelterCISO, Penn Entertainment
David Lingenfelter is the Chief Information Security Officer at Penn Entertainment, responsible for ensuring the highest possible level of security for the rapidly changing risk landscape. David manages teams that oversee IT security and compliance for both the retail and digital aspects of the business. David believes that in order to implement a successful security program it’s important for everyone to understand the threats and risks that could adversely impact the business.
Prior to joining Penn Entertainment, David oversaw security for the MaaS360 mobile device management platform at IBM. During his tenure at IBM, David helped onboard and integrate the team supporting MaaS360 as part of the acquisition of Fiberlink Communications into IBM. Prior to the acquisition by IBM, David was the Information Security Officer at Fiberlink Communications working as part of the team that designed and built an early Software as a Service cloud model for its MaaS360 platform. David also led the charge for getting MaaS360 to be the first mobile device management platform certified for use by the federal government under the FedRAMP program.
As a member of the Cloud Security Alliance David was co-chair of the Mobile Working Group culminating in the publication of the “Security Guidance for Critical Areas of Mobile Computing”. David also gave input to early versions of the Cloud Control Matrix and other publications and is a former president of the Delaware Valley chapter of the Cloud Security Alliance. David’s career in IT security has always included a strong emphasis on awareness and understanding of the threats and risks associated with poor security. This passion for helping bring awareness to others and has lead David around the world giving presentations on multiple aspects of IT security and the overall impact on business and personal lives.
- Joseph ArahillSr. Manager, Information Security, Affiliated Distributors
Joe Arahill is the Senior Manager of Information Security at Affiliated Distributors (AD). He oversees the people, processes, and technology that secures AD's infrastructure and business systems. Joe started his career in information security for a commercial loan software company, and for most of his career, he has worked in the financial sector, helping to secure systems and meet financial compliance requirements. Joe received his Bachelor of Science in Management of Information Systems and later a Master of Science in Information Assurance from Norwich University. In addition, Joe holds the CISSP and CISA certifications.
- Patrick KeatingPresident & CEO, Keysec Advisors
- Eric RobuckCybersecurity Specialist & Founder, The Valander Group
Eric Robuck is a cybersecurity powerhouse with over 20 years of experience in the field. As the founder and owner of The Valander Group, he leads a team of elite business experts dedicated to delivering top-notch cybersecurity solutions to business owners.
Eric's military background as a Warrant Officer specializing in information technology and security has honed his expertise in tackling the most complex cybersecurity challenges. With a deep understanding of programming, database design, electronic information transfer, and project management, Eric is uniquely equipped to develop and implement effective cybersecurity strategies for his clients.
Eric's professional certifications are equally impressive, including the CISSP, CEH, Security+, and AWS Practitioner. He has also pursued advanced education through master’s work in Cybersecurity and leadership in Cybersecurity, constantly pushing himself to enhance his skills and knowledge.Beyond his role in the business world, Eric is a passionate educator and serves as a professor at Alvernia University. He teaches Cybersecurity, Programming, and AI, shaping the next generation of professionals with his real-world expertise and forward-thinking approach.
When he's not working or teaching, Eric enjoys spending quality time with his family or staying active on the golf course. With his diverse skill set, proven track record, and unwavering dedication, Eric is a trusted leader in cybersecurity, helping businesses safeguard their information from ever-evolving cyber threats.
- Molly Dodge, ModeratorInformation Security Analyst, Federal Reserve Bank of Philadelphia
Molly Dodge has worked as a cybersecurity analyst in positions focused on risk assessment and awareness, internal training, and outreach. She currently works at the Federal Reserve Bank of Philadelphia, and was previously employed at Penn Medicine, the hospital network owned by the University of Pennsylvania. She is a Penn State graduate and holds a Certified Information Systems Security Professional (CISSP) certification. She lives with her husband and children near Doylestown, Pennsylvania.
- Yasser FuentesPrincipal Solutions Architect (Cloud Security SME), Bitdefender
Yasser is a Principal Solutions Architect (Cloud Security SME) for Bitdefender and Security Practitioner with over 20 years of experience in Information Security. Along his career he has worked for Healthcare Providers, ISPs, MSPs and SOCs, among many other verticals and throughout multiple Information Security Domains. On his previous role as a Product Manager for Cloud Security, he enabled Sales, Technical Teams and Technical Partners and contributed to numerous architectural projects in both private and public sector. Regarding credentials and certifications, he possesses top Security Vendors Certifications such AWS and Azure as well as worldwide recognized credentials such as CISM (ISACA) and CISSP (ISC2).
- HUMAN Representative
- Panel Discussion
- Becky FrickerHead of Security Assurance and Operations, DAT Freight & Analytics
Becky Fricker is the Director of Information Security at DAT Freight & Analytics, where she plays a pivotal role in protecting the company’s digital infrastructure. She oversees Security Operations and Product Security, including areas such as Endpoint Protection and Response, Continuous Threat Exposure Management, Incident Response, and Network Security. Becky holds a Certified Information Systems Security Professional (CISSP) certification, a globally recognized credential that demonstrates her ability to design, implement, and manage a robust cybersecurity program.
Her extensive background in cybersecurity began with 13 years of service in the NJ Air National Guard, where she held critical roles such as Installation Spectrum Manager and Installation Security Systems Manager. After transitioning to the civilian sector, Becky continued to build her expertise as a Network Security Engineer at Cooper University Health Care. She later took on senior roles in the financial sector and at one of Southern California’s largest utility companies, focusing on information security within critical infrastructure.
Her academic credentials include an Associate of Science in Electronic Systems Technology, a Bachelor of Arts in Communication and Media Studies, and a Master of Science in Information Technology, specializing in Cybersecurity. Known for her adaptability, mentorship, and strong communication skills, Becky is an invaluable member of the DAT team, continuously driving improvements in the company’s information security programs.
- Erika Voss, ModeratorCISO, DAT Freight & Analytics
Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One, Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.
Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.
Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies, procedures, and best practices for security, including application security, access control, authentication, third party risk management, and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.
With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud security practices contributing to the following successes:
● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
identifying opportunities to reinforce the company’s security posture.
● Engages directly with customers, providing information and guidance on the company’s security posture.
● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements, including SOC2, PCI, SOX, and other industry regulations.Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth. Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College.
- Panel Discussion
- Eric RobuckCybersecurity Specialist & Founder, The Valander Group
Eric Robuck is a cybersecurity powerhouse with over 20 years of experience in the field. As the founder and owner of The Valander Group, he leads a team of elite business experts dedicated to delivering top-notch cybersecurity solutions to business owners.
Eric's military background as a Warrant Officer specializing in information technology and security has honed his expertise in tackling the most complex cybersecurity challenges. With a deep understanding of programming, database design, electronic information transfer, and project management, Eric is uniquely equipped to develop and implement effective cybersecurity strategies for his clients.
Eric's professional certifications are equally impressive, including the CISSP, CEH, Security+, and AWS Practitioner. He has also pursued advanced education through master’s work in Cybersecurity and leadership in Cybersecurity, constantly pushing himself to enhance his skills and knowledge.Beyond his role in the business world, Eric is a passionate educator and serves as a professor at Alvernia University. He teaches Cybersecurity, Programming, and AI, shaping the next generation of professionals with his real-world expertise and forward-thinking approach.
When he's not working or teaching, Eric enjoys spending quality time with his family or staying active on the golf course. With his diverse skill set, proven track record, and unwavering dedication, Eric is a trusted leader in cybersecurity, helping businesses safeguard their information from ever-evolving cyber threats.
- Happy Hour
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Steve Naphy, ModeratorCIO, Morgan, Lewis & Bockius LLP
Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.
- Todd BearmanVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Mariano MatteiVP, Cyber and AI, Azzur Group
Mariano Mattei, VP of Cybersecurity and AI at Azzur Solutions, is an industry-leading expert with over 30+ years in cybersecurity, underscored by a deep commitment to AI innovation and software engineering excellence. Holding the title of Certified Chief Information Security Officer (CCISO), Mariano has pioneered AI integration within security frameworks across the Biotechnology, Pharmaceuticals, and Medical Device sectors. His proficiency lies in employing AI for advanced threat detection, risk management, and predictive security measures, always ensuring compliance with standards like GDPR and HIPAA. Mariano’s visionary leadership and strategic approach have been instrumental in fostering cybersecurity resilience through cutting-edge AI solutions. He recently graduated from Temple University’s Masters Program for Cyber Defense and Information Assurance.
- Steve NaphyCIO, Morgan, Lewis & Bockius LLP
Steve Naphy serves as Morgan Lewis's Chief Information Officer. In his role, Steve concentrates on leveraging data analytics and process to drive efficiency and effectiveness in both business operations and the delivery of legal services. He has over 20 years of experience working in information technology (IT), including previously running information security at the firm for six years. Prior to joining Morgan Lewis, Steve held significant InfoSec roles in the retail and distribution industry. He holds an M.S. in information systems from Widener University and a B.S. from Drexel University.
- Derek Fisher, ModeratorExecutive Director of Product Security, JPMorgan Chase & Co.
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Panel Discussion
- Jordan Fischer, ModeratorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Panel Discussion
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Hone your skills and connect with your regional peers in InfoSec.
