Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 17, 2021
    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    9:00 am
    [Keynote] Taking a Fresh Look at Ransomware Risk Management
    • session level icon
    speaker photo
    Vice President, Information Security Officer, Prologis
    speaker photo
    Privacy & Security Officer, Connect for Health Colorado
    speaker photo
    Director of Cyber Security, Denver Water
    speaker photo
    Director, Information Security & Cyber Risk, ZOLL Medical Corporation
    speaker photo
    Chief Security & Technology Officer, Beckage Law
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am

    A surge in successful ransomware attacks and a spike in related news headlines have security leaders, the C-Suite, and boards asking the same question: are we doing enough to mitigate our ransomware risk? As a result, many security teams are taking a fresh look at ransomware risk management, from defense to response. Join this panel discussion to consider ideas and strategies which you can apply at your own organization including how you can communicate these efforts to executive leadership.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:00 am
    Suing the CISO: No Longer a Hypothetical
    • session level icon
    speaker photo
    Interim CISO, University of Chicago Medical Center; CSO, Trexin Group
    speaker photo
    Co-Founder & Managing Partner, XPAN Law Partners
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    A group of investors is suing SolarWinds following its supply chain cyberattack and naming the CISO in the lawsuit. They accuse him, and the company, of embracing “intentional or severely reckless deceit on investors” because of alleged claims about the company’s cybersecurity. Join this conversation between a Chief Information Security Officer and a cyber attorney to explore the impacts. How could this case alter future lawsuits? Is additional insurance needed for some security leaders? Is this the start of a trend or a one-off lawsuit? Plus, hear what other cybersecurity professionals are saying and share your opinion on this legal development.

    10:00 am
    Phishing: Is It Time to Cut Bait and Go Home?
    • session level icon
    speaker photo
    Americas Lead for Secure Culture Activation, Ernst & Young LLP
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    With phishing being an omnipresent threat to organizations, the strategy and execution of your phishing program can have a dramatic effect on reducing your risk of compromise. However, many organizations approach their program the same way: multiple assessments, pop-up training, computer-based training, and associated collateral material.

    But the question remains, “Is it time to cut bait and go home?” Does it work? This session will discuss human behavior, strategies you haven’t tried, and new approaches to teaching your population about the risk of phishing.

    10:00 am
    Application Security: A Multi-Pronged Approach
    • session level icon
    speaker photo
    Security Solutions Architect, Radware
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    If you’re reading this, it’s probably because you’ve been responsible at some level, or at some point in time, for protecting your enterprise applications. We are all aware that applications are subject to attackers’ attempts to either take an application offline or exfiltrate data from the application for sale on the Dark Web. So, how can you prevent application downtime or data exfiltration? Join us to look at the state of the art technologies used to prevent the most advanced attacks.

    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:45 am
    Going Passwordless: Authentication Fact or Fiction?
    • session level icon
    speaker photo
    Director of Cybersecurity & Compliance, Focus on the Family
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Are your internal customers tired of passwords? Are you tired of easily breaking their passwords? Well, look no further. Passwordless authentication is upon us and can be achieved for multi-factor authentication (MFA), while making our internal customers happy. How is this possible? Come and listen with your colleagues as I share how we rolled it out, describe the lessons learned, and share who the players are.

    Passwords are one of the most loathed controls in the wild. If you can’t beat ’em, join ’em. Learn who the passwordless alphas are and the lessons learned to achieve a win-win strategy within your company.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:45 am
    What's the True Cost of Acquisition? Leveraging Cybersecurity Due Diligence in M&A
    • session level icon
    speaker photo
    Director, Cybersecurity Due Diligence, RSM US
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Organizations continue to expand their market share, grow their presence in new markets, and enhance their capabilities and offerings through mergers with other organizations and acquiring companies. While mergers and acquisitions (M&A) bring a breadth of new services, solutions, products, and revenue streams into the acquiring organization, leadership needs to understand the target organization’s cybersecurity posture in order to determine the target’s cybersecurity capabilities and potential future state investments required to improve the target’s cybersecurity posture and address potential risks. This presentation will explore some of the industry trends, considerations, and common cybersecurity risk areas to review during M&A due diligence.

    Presentation level: MANAGERIAL (security and business leaders)

    10:45 am
    Managing Insider Risk without Compromising Speed of Business
    • session level icon
    speaker photo
    Security Community Evangelist, Manager, Code42
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    As companies double down on time to innovation, time to market, and time to revenue, they are inherently introducing more risk from the inside. The more cloud-based, collaborative, and fast an organization becomes, the greater the Insider Risks posed to its people, technology, and data. The upside is that cloud collaboration tools make employees more productive. The downside is that these same tools make it easier to exfiltrate data.

    Adding to the complexities of working from home and off the corporate network, more employees are routinely using unauthorized devices, tools, and cloud-based applications to share files and ideas with colleagues.

    Join us to discuss the growing Insider Risk problem and how the right data protection methods can set security teams up for success, without slowing down company productivity.

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    11:30 am
    InfoSec and DevOps: Security Practitioners and Software Engineering
    • session level icon
    speaker photo
    Sr. IT Security Engineer, UnitedHealth Group
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    A summation of the journey by one information security practitioner into the world of DevOps. In particular, we’ll cover the importance of security practitioners walking towards the direction of DevOps (instead of waiting on DevOps to walk towards InfoSec). Importantly, as DevOps improves its ability to shift left, security professionals are left with a choice: either shift left with their software engineering colleagues or run the risk of becoming obsolete.

    Investment by security practitioners in improved understanding of software engineering best practice rewards both the enterprise and the individual.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:30 am
    Policies, Standards, Processes: Using a Free CSF to Create IS Policy Documents
    • session level icon
    speaker photo
    Information Security Manager of GRC, Emergent Holdings
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Running an information security organization is often very reactive. As you fight your way through the jungle of chaos, you realize that you need rules, regulations, and controls to build a fortress to shelter your valuables against risks and threats. But how do you begin to get and keep everything under control? With your information security policy documents, of course. Creating usable policy documents is very tricky if you don’t know where to start or how to make them meaningful and enforceable. In this session:

    • We will discuss the differences between a policy, standard, process, and guideline.
    • You will receive an overview of how to use the free version of the HITRUST CSF to create Information Security policy documents.
    • We will view a sample of a policy and standard created from the free version of the HITRUST CSF.
    11:30 am
    Conquering Cloud Complexity
    • session level icon
    speaker photo
    CTO, RedSeal Networks
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Cloud security is hard, not least because cloud platforms change so quickly.  This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes.

    12:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    12:15 pm
    Reasoning and Analysis in Incident Response
    • session level icon
    speaker photo
    Cybersecurity Specialist, Infoscitex Corporation
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    A brief examination of data analysis methodologies for investigation in Incident Response. Three data analysis techniques will be presented:

    1. Analysis of Competing Hypothesis
    2. Cone of Plausibility
    3. Timeline Analysis

    Analysis of Competing Hypotheses is an analytic process that can help multiple analysts reason through an incident. It helps you to the appropriate hypothesis to further investigate when you have disparate options. It includes visualization, probability and cognitive psychology methods.

    The process is as follows:
    Hypothesis
    Evidence
    Refinement
    Inconsistency
    Sensitivity
    Conclusions and Evaluation

    I will also show Structured Analysis of Competing Hypothesis, a more advanced method. Cone of Plausibility is scenario-based. Timeline Analysis is graphical.

    Presentation level: TECHNICAL (deeper dive including TTPs)

    12:15 pm
    Human + Machine: The Future of Passwords
    • session level icon
    speaker photo
    VP of Product Management, Solutions, 1Password
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    Biometrics and other methods promise a passwordless future. But is the future of the password really so simple? How can you prepare for that future, whatever it holds? This session will cover:

    • The passwordless future
    • The rise of secret sprawl
    • Building visibility into your platform
    • Integrating with existing technologies
    12:15 pm
    [Panel] Ransomware: Myths, Pitfalls, and New Insights
    • session level icon
    speaker photo
    VP, Global Services Technical Operations, BlackBerry
    speaker photo
    Director, Sales Engineering, LogRhythm
    speaker photo
    Principal Security Architect, Gigamon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    One thing we have learned over the past 18 months is that ransomware is very lucrative. Backups and cyber insurance have you covered, right? Not so fast. Misinformation abounds around digital extortion. Join our panel of experts as they unpack some of the myths and pitfalls around ransomware and offer valuable insight on how to keep your company out of the headlines!

    1:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    Business Email Compromise: Real Stories and Practical Defense
    • session level icon
    speaker photo
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service
    speaker photo
    Assistant Special Agent in Charge, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Business Email Compromise (BEC) remains rampant, with annual losses in the billions of dollars. Every type of organization is at risk. During this presentation, we’ll discuss key things your organization and people should know about this cybercrime, plus the most effective way to respond in hopes of recovering some of the losses.

    1:15 pm
    How Deception Technology Works to Level the Playing Field
    • session level icon
    speaker photo
    Chief Risk and Innovation Officer, MRS BPO, LLC
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    The greatest threat to an enterprise is the length of time it takes to uncover an attack and then discover what has breached. Deception Technology provides a unique way to find, identify and enable a quick response to hacking without delays. This technology provides an early warning system that can function at multiple levels to serve as a sophisticated trip wire, which helps mitigate or prevent theft of data and associated damage. Discover how using this technology allows the tables to be turned on the attackers, so that they can be watched, their behavior analyzed and their targets identified.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    1:15 pm
    [Panel] Cloud: Power and Peril
    • session level icon
    speaker photo
    CISO, Check Point Software Technologies
    speaker photo
    DevSecOps Engineer, Automox
    speaker photo
    Global Principal Engineer, Corelight
    speaker photo
    Sr. Systems Engineer, Arctic Wolf
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    We are making history now, in the cloud. Organizations are utilizing cloud at record levels, revealing its power like never before. However, much of this shift was forced, and fast, which increased risk. And attackers are shifting, too. Join this panel as we unpack the power of the cloud and also its peril: current challenges, threats, and pitfalls.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:15 pm
    [Keynote] Cyber Insurance: Driving the Future of Cybersecurity Improvements
    • session level icon
    speaker photo
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
    speaker photo
    Cyber Liability National Practice Leader, RLI Insurance Company
    speaker photo
    Chief Underwriting Officer, Measured Analytics and Insurance
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    What will drive the next big wave of information security improvements at U.S. organizations? Instead of regulation, it may be insurance. A two-pronged evolution is underway. Insurance policies are suddenly becoming more prescriptive for organizations, often requiring companies meet certain cybersecurity benchmarks before a policy can be written. At the same time, “InsureTech” is emerging on the scene. This involves a new breed of insurance company that provides cyber coverage and also scans the insured’s environment to constantly monitor for IT and cyber risk. Join this keynote panel as we discuss this evolution and look at future impacts of cyber insurance on security leaders and their teams.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

Exhibitors
  • 1Password
    Booth:

    1Password is a privacy-focused password manager that keeps you safe online. 1Password is the world’s most-loved password manager. By combining industry-leading security and award-winning design, the company provides private, secure, and user-friendly password management to businesses and consumers globally. More than 80,000 business customers, including IBM, Slack, PagerDuty, and GitLab, trust 1Password as their enterprise password manager.

  • Arctic Wolf Networks
    Booth:

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • Automox
    Booth:

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • BlackBerry
    Booth:

    BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including more than 175M cars on the road today. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear—to secure a connected future you can trust.

    BlackBerry. Intelligent Security. Everywhere.

    For more information, visit BlackBerry.com and follow @BlackBerry.

  • Check Point Software Technologies Inc.
    Booth:

    Check Point Software Technologies Inc. is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Code42
    Booth:

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • Cybercrime Support Network
    Booth:

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • Gigamon
    Booth:

    Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.

  • IntSights
    Booth:

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • LogRhythm
    Booth:

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Radware
    Booth:

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • RangeForce
    Booth:

    RangeForce offers interactive and hands-on cybersecurity training experiences. Upskill your team to close the cybersecurity skills gap in your organization.

  • RedSeal
    Booth:

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Sue Lapierre
    Vice President, Information Security Officer, Prologis
  • speaker photo
    Michael Stephen
    Privacy & Security Officer, Connect for Health Colorado

    Former network security architect and geek with 20 years' IT experience, almost all doing InfoSec. Background in telecommunications, healthcare, state & local government, financial, and retail. Implemented multiple compliance and privacy programs and CISSP/SABSA certified. Currently Privacy & Security Officer for Connect for Health CO, the Healthcare Exchange for Colorado.

  • speaker photo
    Tung Nguyen
    Director of Cyber Security, Denver Water
  • speaker photo
    Tim Williams
    Director, Information Security & Cyber Risk, ZOLL Medical Corporation
  • speaker photo
    Sam Masiello
    Chief Security & Technology Officer, Beckage Law

    Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Prior to Beckage, he served as the CISO at Gates Corporation, where he was responsible for the company's data security, risk, and global compliance initiatives. Before that, he was CISO at TeleTech, where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which included many Fortune 500 companies.

    Sam has also been the Chief Security Officer, Head of Application Security, and Head of Security Research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA), and a member of the Anti-Phishing Working Group (APWG).

  • speaker photo
    Glenn Kapetansky
    Interim CISO, University of Chicago Medical Center; CSO, Trexin Group

    Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.

    Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).

  • speaker photo
    Rebecca Rakoski
    Co-Founder & Managing Partner, XPAN Law Partners

    Rebecca L. Rakoski, Esq., is the managing partner at XPAN Law Partners. Rebecca counsels and defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. She manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to aggressively mitigate her client's litigation risks. As an experienced litigator, she has handled hundreds of matters in state and federal courts. Rebecca advises her clients on a proactive, multi-jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She works with clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

    As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section, and also served on the Complex Business Litigation Committee that drafted and revised the Court Rules involving electronic discovery in complex litigation matters. She has been appointed in several litigation matters by the New Jersey Superior Court as a Discovery Special Master.

    Rebecca is on the Board of Governors for Temple University Health Systems, and is an adjunct professor at Drexel University’s Thomas R. Kline School of Law and Rowan University.

  • speaker photo
    Alexandra Panaretos
    Americas Lead for Secure Culture Activation, Ernst & Young LLP

    Alexandra is the Americas Cybersecurity Lead for Secure Culture Activation at Ernst & Young LLP. With a background in broadcasting and operational security, she specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. In addition, she volunteers in her free time with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety.

  • speaker photo
    James McGril
    Security Solutions Architect, Radware

    James is a Security Solutions Architect and one of Radware’s thought leaders in Network and Application Security. He's been with Radware for nearly 10 years. James is a self-described geek and enjoys learning about application security and building web applications using the latest technologies. In his off time, James enjoys hiking, surfing, and playing guitar.

  • speaker photo
    Rhett Saunders
    Director of Cybersecurity & Compliance, Focus on the Family

    Before coming to Focus on the Family, Rhett served the Federal Reserve, and while there, led regular Enterprise Risk Management discussions between the Federal Reserve and U.S. Treasury with a focus on cybersecurity. He is a former NSA cryptoanalyst and a U.S. Army veteran, having served multiple joint intelligence communities, both foreign and domestic government agencies in international locations.

    Rhett is a public speaker on the topic of privacy and identity theft prevention. He lectures on cybersecurity and cryptography topics at University of Colorado Colorado Springs (UCCS) and Flatiron School. He also serves on the SecureWorld Advisory Council. Rhett earned a Master of Business Administration from LeTourneau University and holds the CISSP credential.

  • speaker photo
    Toby Zimmerer
    Director, Cybersecurity Due Diligence, RSM US

    Toby Zimmerer is a Director of Cybersecurity Due Diligence in the Transaction Advisory Services Practice of RSM US, where he assists organizations with identifying and addressing the potential cybersecurity risks during mergers and acquisitions. He has over 22 years of professional experience developing information security strategies, designing information security programs, developing information security solutions and lead teams with deploying and operating information security programs. Toby has an MBA, a B.S. in Electrical Engineering, a CISSP certification, a CCSK from the Cloud Security Alliance and is a U.S. Navy veteran.

  • speaker photo
    Riley Bruce
    Security Community Evangelist, Manager, Code42

    Riley is a Security Community Evangelist at Code42, where he enjoys educating Security and IT teams through engaging technical content and presentation. Previously, Riley served in both customer support and customer education roles at Code42. In his spare time, he enjoys photography, travel, and relaxing at the lake in northern Wisconsin with his pug Mimi.

  • speaker photo
    John Prewett
    Sr. IT Security Engineer, UnitedHealth Group

    John Prewett is a security technologist with over 20 years’ experience helping private sector, government agencies, and educational institutions identify risk and improve their security postures. John's latest passion is code writing, software engineering best practice, and otherwise improving the overall relationship between security practitioners and application developers. Outside of work, John cherishes early morning walks with his wife (during which time they solve all the world's problems), completing home improvement projects, and generally enjoying the beautiful state (Colorado) in which he and his family live.

  • speaker photo
    Marcia Mangold
    Information Security Manager of GRC, Emergent Holdings

    Marcia Mangold is the Manager of Information Security Governance, Risk and Compliance for Emergent Holdings, Inc. Marcia has spent the past 17+ years using her abilities to be a business enabler for IT and IS, and has worked for several organizations, including IBM, GE, and Blue Cross Blue Shield of Michigan. Marcia focuses on Information Security awareness training, risk, and policy lifecycle management. Marcia is a Certified Information Systems Security Professional (CISSP), a founding board meeting of the local (ISC)2 chapter, a proud member of the Michigan InfraGard chapter, and a board member of ISSA. In addition, Marcia was a contributing NIST Big Data Public Working Group member for the Special Publication (NIST SP) - 1500-4, Big Data Interoperability Framework: Volume 4, Security and Privacy.

  • speaker photo
    Mike Lloyd
    CTO, RedSeal Networks

    Dr. Mike Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike Lloyd was Chief Technology Officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer.

    Dr. Mike Lloyd holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.

  • speaker photo
    Keith Chapman
    Cybersecurity Specialist, Infoscitex Corporation

    Keith has been a team lead for a security operations center, where he was a mentor and an incident response and threat intelligence subject matter expert and facilitated tabletop exercises. He currently works in a GRC role. He has the CISSP and Certified Threat Intelligence Analyst certifications. He also serves as a Cyber Teen Education chair for an international nonprofit.

  • speaker photo
    Troy Kitch
    VP of Product Management, Solutions, 1Password
  • speaker photo
    Tony Lee
    VP, Global Services Technical Operations, BlackBerry
  • speaker photo
    Richard Bakos
    Director, Sales Engineering, LogRhythm
  • speaker photo
    Greg Maples
    Principal Security Architect, Gigamon

    Greg Maples, CISSP, is Principal Security Architect for Gigamon. He has been involved in computer networking since his involvement in the original ARPANet project that became the Internet. He has been specializing in security protocols and web/DDOS issues for many years, and has more recently been focusing on threat detection in a Zero-Trust world.

  • speaker photo
    Stephen Dougherty
    Financial Fraud Investigator, Global Investigative Operations Center, U.S. Secret Service

    Stephen Dougherty has over a decade of investigative experience. His career as a Financial Fraud Investigator in support of the federal government has played a pivotal role in criminal investigations, surrounding cyber-enabled financial crime, money laundering, human trafficking, identity theft, healthcare fraud, embezzlement, tax/government program fraud, dark web crimes, among others. Stephen’s main area of expertise is combatting money laundering in all its forms. Aside from this, Stephen has been proactive in identifying new and future trends in the world of financial crime. Such trends include the cyber security nexus of financial crimes and its ever-growing relationship in major financial crimes such as Business Email Compromise and the rise of the dark web and the use of virtual currency as a vehicle for facilitation of financial crimes. Stephen has been a leader and a mentor to other investigators teaching them how to uncover fraud internally and externally. Stephen is currently an investigator contracted to the U.S. Secret Service’s Global Investigative Operations Center (GIOC) in Washington D.C.

  • speaker photo
    Michael Johns
    Assistant Special Agent in Charge, United States Secret Service

    Michael brings over 24 years of experience with the Secret Service that includes leadership roles both in the protective arena and investigative front. Currently, he leads the Secret Service's Outreach Program, focusing on private and public sector partner growth. He is also the Executive Director for the Secret Service's Cyber Investigative Advisory Board. Michael has B.A. in Political Science from Virginia Tech and is currently enrolled in Carnegie Mellon's CISO school.

  • speaker photo
    Michael Meyer
    Chief Risk and Innovation Officer, MRS BPO, LLC

    Michael Meyer, MPSTM, CISSP, CIPP/US, CIPM, FIP, CISM, CRVPM II, CRISC, CISA, is the Chief Risk and Innovation Officer of MRS BPO. He is responsible for overseeing the company’s enterprise innovation, risk management and security initiatives for its Fortune clients. Michael has been with MRS for over 20 years and previously served in the Chief Security and Chief Information Officer roles. He has a Master’s degree in Technology Management from Georgetown University and a Bachelor’s degree in Computer Science from Rutgers University. Prior to MRS, he owned a consulting company, taught secure government systems globally and was in Military Intelligence.

  • speaker photo
    Cindi Carter
    CISO, Check Point Software Technologies

    Cindi Carter is a global, multi-industry Cybersecurity and Information Technology Executive with more than 15 years of experience as a transformational leader for both startups and enterprises. Cindi’s expertise includes building Cybersecurity practices in highly regulated industries, turning strategic goals into actionable outcomes, influencing a “secure from the start” culture, developing secure architecture & engineering platforms, and highly collaborative engagement (C-Suite, Board, Clients and Industry) for managing risk.

    At Check Point Software Technologies, Cindi is a Chief Information Security Officer in the Office of the CISO, committed to helping other CISOs achieve success in both strategic and tactical initiatives and contributing to Check Point’s own security practices. Cindi possesses a firm grasp of the challenges surrounding the security, privacy, and risk management landscape, and is a trusted advisor within Check Point as well as for our customers. More recently, Cindi was the CISO for IntSights Cyber Threat Intelligence, where she was responsible for driving the company’s internal security initiatives, as well as serving as an external-facing advisor and subject matter expert in the areas of threat intelligence, cybersecurity resilience and risk management. Cindi also served as VP and Chief Security Officer at MedeAnalytics, a healthcare analytics software-as-a-service (SaaS) leader; prior to that Cindi was the Deputy Chief Information Security Officer at Blue Cross and Blue Shield of Kansas City.

    Industry Collaboration Cindi is the founding President of Women in Security - Kansas City. She was honored as part of SC Media magazine’s “Women to Watch in Cyber Security” list, and was also featured in Cybersecurity Venture’s book, “Women Know Cyber: 100 Fascinating Females Fighting Cybercrime.” She presents at nationwide conferences, local chapters, and webinars including SecureWorld, RSA Conference, HIMSS, Evanta CxO Summit, and B-Sides. Cindi holds several recognized IT, security, and project management certifications and has a Master of Science degree in Information Technology and a Bachelor of Science degree in Management Information Systems, both from Central Michigan University.

  • speaker photo
    Tom Bowyer
    DevSecOps Engineer, Automox

    Tom Bowyer is a versatile Security Engineer who enjoys working with engineering, product, and infrastructure teams to ensure safe and efficient code lands in production. He has extensive experience deploying, securing and breaking SaaS applications on different operating systems and cloud hosting providers. Tom also enjoys building and breaking CI/CD pipelines, and automating away security work with Python.

  • speaker photo
    Alex Kirk
    Global Principal Engineer, Corelight

    Alex Kirk is an open source security veteran, with a combined 17 years at Sourcefire, Cisco, Tenable, and now Corelight, where he serves as Global Principal for Suricata. Formerly a malware zookeeper and IDS signature writer, today he spends his time helping SOC analysts and advising on security policy for government agencies, universities, and large corporations around the world.

  • speaker photo
    Nick Olmsted
    Sr. Systems Engineer, Arctic Wolf

    Nick Olmsted is a senior systems engineer with Arctic Wolf who brings 19 years of experience architecting, implementing, and developing secure technology solutions for enterprises. Nick started his career as a developer learning how to develop secure applications for clients around the globe. He then moved into a systems engineer role to help educate customers on how cyber threats exist for businesses of all sizes and insights into security trends in the market. Nick holds a CISSP certification and when not helping customers, Nick enjoys walks with his two Australian shepherds and watching his young children play with technology that he could only dream of as a kid.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Sean Scranton
    Cyber Liability National Practice Leader, RLI Insurance Company

    Cyber Liability National Practice Leader (current).
    IT Security / IT Auditor at RLI for 8 years.
    Network / security consulting / auditor for financial institutions, government for 9 years.
    Network / firewall administrator in healthcare for 7 years.

    Designations - CPCU, RPLU+, CISSP, CISM, CISA, CRISC, CSXF, MBA

  • speaker photo
    Steven Anderson
    Chief Underwriting Officer, Measured Analytics and Insurance
Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store