Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 17, 2021
    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    9:00 am
    [Keynote] Taking a Fresh Look at Ransomware Risk Management
    • session level icon
    speaker photo
    Privacy & Security Officer, Connect for Health Colorado
    speaker photo
    Chief Security & Technology Officer, Beckage Law
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am

    A surge in successful ransomware attacks and a spike in related news headlines have security leaders, the C-Suite, and boards asking the same question: are we doing enough to mitigate our ransomware risk? As a result, many security teams are taking a fresh look at ransomware risk management, from defense to response. Join this panel discussion to consider ideas and strategies which you can apply at your own organization including how you can communicate these efforts to executive leadership.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:00 am
    Suing the CISO: No Longer a Hypothetical
    • session level icon
    speaker photo
    Interim CISO, University of Chicago Medical Center; CSO, Trexin Group
    speaker photo
    Co-Founder & Managing Partner, XPAN Law Partners
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    A group of investors is suing SolarWinds following its supply chain cyberattack and naming the CISO in the lawsuit. They accuse him, and the company, of embracing “intentional or severely reckless deceit on investors” because of alleged claims about the company’s cybersecurity. Join this conversation between a Chief Information Security Officer and a cyber attorney to explore the impacts. How could this case alter future lawsuits? Is additional insurance needed for some security leaders? Is this the start of a trend or a one-off lawsuit? Plus, hear what other cybersecurity professionals are saying and share your opinion on this legal development.

    10:00 am
    Is It Time to Cut Bait and Go Home?
    • session level icon
    speaker photo
    Americas Lead for Secure Culture Activation, Ernst & Young LLP
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    With phishing being an omnipresent threat to organizations, the strategy and execution of your phishing program can have a dramatic effect on reducing your risk of compromise. However, many organizations approach their program the same way: multiple assessments, pop-up training, computer-based training, and associated collateral material.

    But the question remains, “Is it time to cut bait and go home?” Does it work? This session will discuss human behavior, strategies you haven’t tried, and new approaches to teaching your population about the risk of phishing.

    10:00 am
    Practical Considerations When Verifying Your Vendors' Cybersecurity Controls
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    As businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain.

    Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:45 am
    Going Passwordless: Authentication Fact or Fiction?
    • session level icon
    speaker photo
    Director of Cybersecurity & Compliance, Focus on the Family
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Are your internal customers tired of passwords? Are you tired of easily breaking their passwords? Well, look no further. Passwordless authentication is upon us and can be achieved for multi-factor authentication (MFA), while making our internal customers happy. How is this possible? Come and listen with your colleagues as I share how we rolled it out, describe the lessons learned, and share who the players are.

    Passwords are one of the most loathed controls in the wild. If you can’t beat ’em, join ’em. Learn who the passwordless alphas are and the lessons learned to achieve a win-win strategy within your company.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:45 am
    What's the True Cost of Acquisition? Leveraging Cybersecurity Due Diligence in M&A
    • session level icon
    speaker photo
    Director, Cybersecurity Due Diligence, RSM US
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Organizations continue to expand their market share, grow their presence in new markets, and enhance their capabilities and offerings through mergers with other organizations and acquiring companies. While mergers and acquisitions (M&A) bring a breadth of new services, solutions, products, and revenue streams into the acquiring organization, leadership needs to understand the target organization’s cybersecurity posture in order to determine the target’s cybersecurity capabilities and potential future state investments required to improve the target’s cybersecurity posture and address potential risks. This presentation will explore some of the industry trends, considerations, and common cybersecurity risk areas to review during M&A due diligence.

    Presentation level: MANAGERIAL (security and business leaders)

    10:45 am
    Insider Threats: A Multi-Pronged Approach to Protecting Your Organization
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am
    Insider threats are a real danger and cannot be overlooked. While deploying the latest secure system to fight against cyber threats is a decent strategy, you must also implement an effective insider threat system for an overall cybersecurity solution. An insider threat program cannot be brought off the shelf, but is a continuous process to identify and detect an incident as it occurs.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    11:30 am
    InfoSec and DevOps: Security Practitioners and Software Engineering
    • session level icon
    speaker photo
    Sr. IT Security Engineer, UnitedHealth Group
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    A summation of the journey by one information security practitioner into the world of DevOps. In particular, we’ll cover the importance of security practitioners walking towards the direction of DevOps (instead of waiting on DevOps to walk towards InfoSec). Importantly, as DevOps improves its ability to shift left, security professionals are left with a choice: either shift left with their software engineering colleagues or run the risk of becoming obsolete.

    Investment by security practitioners in improved understanding of software engineering best practice rewards both the enterprise and the individual.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:30 am
    Are You Ready for the Convergence of IIoT, OT, and IT Security?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Business transformation and drive for smart factory initiatives has placed demands on business leaders to leverage relevant technologies to achieve the desire end goal of operational excellence. The technologies such as industrial internet of things (IIoT) are being layered on top of manufacturing floor machinery to provide that needed insight into business operations and productivity. These improvement and perceived operational excellence have come with cyber security risks which were not a common place in manufacturing space previously. It for this reason that there is now a convergence between operation technology (OT), Industrial internet of things (IIoT) and IT. This intersection is becoming very evident in manufactural, supply chain and traditional production organization or companies.

    Most of these manufacturing machineries were never directly connected to the ethernet networks and as such the risk was very minimal. In some cases, these organizations had organized security based on perimeter controls such as data center firewalls, site firewalls, floor firewalls that provide segmentation or microsegment between corporate IT and manufacturing operation technology (OT space). However, if the individual devices that are connected on the OT side become compromised and the threat has access to that communication link, a hacker can push malicious data, cause denial of service (DoS), or introduce malware or viruses to the entire network — even if there is a secure communication link. There are many ways to run into problems on the OT/IoT front if companies are not careful in their network design security implementation. These increase the risk and a re-thinking of how to architect security appropriately to meet the ever-evolving threat landscape with relevant implications to OT/IIoT and larger enterprise network.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:30 am
    Ransomware Incident Command and Lessons Learned for Managers
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    This presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.

    12:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    12:15 pm
    Hey, Information Security: Be Part of the Digital Transformation or Be Left Behind!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    “Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust.

    Join this session to learn how you can:
    •  Embed security into your culture, technologies and processes
    •  Empower innovation and expedite time-to-market through consistent security risk governance
    •  Assess the impacts, goals and methods of likely cyber attacks and incidents
    •  Align IT and security professionals with business objectives and risk tolerance
    •  Prepare now for effective detection and response to reduce business impacts of incidents

    Presentation level: MANAGERIAL (security and business leaders)

    12:15 pm
    Leveraging the Three Lines of Defense to Improve Your Security Position
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Depending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
    Presentation Level: MANAGERIAL (security and business leaders)
    12:15 pm
    [Panel] Ransomware: Myths, Pitfalls, and New Insights
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    One thing we have learned over the past 18 months is that ransomware is very lucrative. Backups and cyber insurance have you covered, right? Not so fast. Misinformation abounds around digital extortion. Join our panel of experts as they unpack some of the myths and pitfalls around ransomware and offer valuable insight on how to keep your company out of the headlines!

    12:15 pm
    Executive Roundtable
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:15 pm - 1:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.

    1:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    Moving from Individual Contributor to Cybersecurity Leader
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Are you feeling the call towards cybersecurity leadership? Just being a good technologist is no guarantee you will be a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge.

    Join in this conversation about the path from the Information Security technical role to an Information Security leadership role. Learn the right knowledge that will be powerful in helping advance your career up the ranks of security leadership!

    1:15 pm
    Ethical Hacking and Cyber Ecosystems: Anticipating the Predators
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    In an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    1:15 pm
    [Panel] Cloud: Power and Peril
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    We are making history now, in the cloud. Organizations are utilizing cloud at record levels, revealing its power like never before. However, much of this shift was forced, and fast, which increased risk. And attackers are shifting, too. Join this panel as we unpack the power of the cloud and also its peril: current challenges, threats, and pitfalls.

    1:15 pm
    Executive Roundtable
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    1:15 pm - 2:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:15 pm
    [Keynote] Cyber Insurance: Driving the Future of Cybersecurity Improvements
    • session level icon
    speaker photo
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    What will drive the next big wave of information security improvements at U.S. organizations? Instead of regulation, it may be insurance. A two-pronged evolution is underway. Insurance policies are suddenly becoming more prescriptive for organizations, often requiring companies meet certain cybersecurity benchmarks before a policy can be written. At the same time, “InsureTech” is emerging on the scene. This involves a new breed of insurance company that provides cyber coverage and also scans the insured’s environment to constantly monitor for IT and cyber risk. Join this keynote panel as we discuss this evolution and look at future impacts of cyber insurance on security leaders and their teams.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

Exhibitors
  • Automox
    Booth:

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • BlackBerry
    Booth:

    BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including more than 175M cars on the road today. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear—to secure a connected future you can trust.

    BlackBerry. Intelligent Security. Everywhere.

    For more information, visit BlackBerry.com and follow @BlackBerry.

  • Check Point Software Technologies Inc.
    Booth:

    Check Point Software Technologies Inc. is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Code42
    Booth:

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • Cybercrime Support Network
    Booth:

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • Fortinet
    Booth:

    Fortinet secures the largest enterprise, service provider, and government organizations around the world. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 300,000 customers trust Fortinet to protect their businesses.

  • Gigamon
    Booth:

    Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.

  • LogRhythm
    Booth:

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • RedSeal
    Booth:

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Michael Stephen
    Privacy & Security Officer, Connect for Health Colorado

    Former network security architect and geek with 20 years' IT experience, almost all doing InfoSec. Background in telecommunications, healthcare, state & local government, financial, and retail. Implemented multiple compliance and privacy programs and CISSP/SABSA certified. Currently Privacy & Security Officer for Connect for Health CO, the Healthcare Exchange for Colorado.

  • speaker photo
    Sam Masiello
    Chief Security & Technology Officer, Beckage Law

    Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Prior to Beckage, he served as the CISO at Gates Corporation, where he was responsible for the company's data security, risk, and global compliance initiatives. Before that, he was CISO at TeleTech, where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which included many Fortune 500 companies.

    Sam has also been the Chief Security Officer, Head of Application Security, and Head of Security Research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA), and a member of the Anti-Phishing Working Group (APWG).

  • speaker photo
    Glenn Kapetansky
    Interim CISO, University of Chicago Medical Center; CSO, Trexin Group

    Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.

    Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).

  • speaker photo
    Rebecca Rakoski
    Co-Founder & Managing Partner, XPAN Law Partners

    Rebecca L. Rakoski, Esq., is the managing partner at XPAN Law Partners. Rebecca counsels and defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. She manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to aggressively mitigate her client's litigation risks. As an experienced litigator, she has handled hundreds of matters in state and federal courts. Rebecca advises her clients on a proactive, multi-jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She works with clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

    As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section, and also served on the Complex Business Litigation Committee that drafted and revised the Court Rules involving electronic discovery in complex litigation matters. She has been appointed in several litigation matters by the New Jersey Superior Court as a Discovery Special Master.

    Rebecca is on the Board of Governors for Temple University Health Systems, and is an adjunct professor at Drexel University’s Thomas R. Kline School of Law and Rowan University.

  • speaker photo
    Alexandra Panaretos
    Americas Lead for Secure Culture Activation, Ernst & Young LLP

    Alexandra is the Americas Cybersecurity Lead for Secure Culture Activation at Ernst & Young LLP. With a background in broadcasting and operational security, she specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. In addition, she volunteers in her free time with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety.

  • speaker photo
    Rhett Saunders
    Director of Cybersecurity & Compliance, Focus on the Family

    Before coming to Focus on the Family, Rhett served the Federal Reserve, and while there, led regular Enterprise Risk Management discussions between the Federal Reserve and U.S. Treasury with a focus on cybersecurity. He is a former NSA cryptoanalyst and a U.S. Army veteran, having served multiple joint intelligence communities, both foreign and domestic government agencies in international locations.

    Rhett is a public speaker on the topic of privacy and identity theft prevention. He lectures on cybersecurity and cryptography topics at University of Colorado Colorado Springs (UCCS) and Flatiron School. He also serves on the SecureWorld Advisory Council. Rhett earned a Master of Business Administration from LeTourneau University and holds the CISSP credential.

  • speaker photo
    Toby Zimmerer
    Director, Cybersecurity Due Diligence, RSM US

    Toby Zimmerer is a Director of Cybersecurity Due Diligence in the Transaction Advisory Services Practice of RSM US, where he assists organizations with identifying and addressing the potential cybersecurity risks during mergers and acquisitions. He has over 22 years of professional experience developing information security strategies, designing information security programs, developing information security solutions and lead teams with deploying and operating information security programs. Toby has an MBA, a B.S. in Electrical Engineering, a CISSP certification, a CCSK from the Cloud Security Alliance and is a U.S. Navy veteran.

  • speaker photo
    John Prewett
    Sr. IT Security Engineer, UnitedHealth Group

    John Prewett is a security technologist with over 20 years’ experience helping private sector, government agencies, and educational institutions identify risk and improve their security postures. John's latest passion is code writing, software engineering best practice, and otherwise improving the overall relationship between security practitioners and application developers. Outside of work, John cherishes early morning walks with his wife (during which time they solve all the world's problems), completing home improvement projects, and generally enjoying the beautiful state (Colorado) in which he and his family live.

  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Shawn E. Tuma
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Panel Discussion
Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Learn and connect virtually

Join your InfoSec peers for high-quality training and collaboration. Sign up today!