Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 17, 2021
    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    9:00 am
    [Keynote] Taking a Fresh Look at Ransomware Risk Management
    • session level icon
    speaker photo
    Privacy & Security Officer, Connect for Health Colorado
    speaker photo
    Chief Security & Technology Officer, Beckage Law
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am

    A surge in successful ransomware attacks and a spike in related news headlines have security leaders, the C-Suite, and boards asking the same question: are we doing enough to mitigate our ransomware risk? As a result, many security teams are taking a fresh look at ransomware risk management, from defense to response. Join this panel discussion to consider ideas and strategies which you can apply at your own organization including how you can communicate these efforts to executive leadership.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:00 am
    Suing the CISO: No Longer a Hypothetical
    • session level icon
    speaker photo
    Interim CISO, University of Chicago Medical Center; CSO, Trexin Group
    speaker photo
    Co-Founder & Managing Partner, XPAN Law Partners
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    A group of investors is suing SolarWinds following its supply chain cyberattack and naming the CISO in the lawsuit. They accuse him, and the company, of embracing “intentional or severely reckless deceit on investors” because of alleged claims about the company’s cybersecurity. Join this conversation between a Chief Information Security Officer and a cyber attorney to explore the impacts. How could this case alter future lawsuits? Is additional insurance needed for some security leaders? Is this the start of a trend or a one-off lawsuit? Plus, hear what other cybersecurity professionals are saying and share your opinion on this legal development.

    10:00 am
    Phishing: Is It Time to Cut Bait and Go Home?
    • session level icon
    speaker photo
    Americas Lead for Secure Culture Activation, Ernst & Young LLP
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    With phishing being an omnipresent threat to organizations, the strategy and execution of your phishing program can have a dramatic effect on reducing your risk of compromise. However, many organizations approach their program the same way: multiple assessments, pop-up training, computer-based training, and associated collateral material.

    But the question remains, “Is it time to cut bait and go home?” Does it work? This session will discuss human behavior, strategies you haven’t tried, and new approaches to teaching your population about the risk of phishing.

    10:00 am
    Practical Considerations When Verifying Your Vendors' Cybersecurity Controls
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    As businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain.

    Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:45 am
    Going Passwordless: Authentication Fact or Fiction?
    • session level icon
    speaker photo
    Director of Cybersecurity & Compliance, Focus on the Family
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Are your internal customers tired of passwords? Are you tired of easily breaking their passwords? Well, look no further. Passwordless authentication is upon us and can be achieved for multi-factor authentication (MFA), while making our internal customers happy. How is this possible? Come and listen with your colleagues as I share how we rolled it out, describe the lessons learned, and share who the players are.

    Passwords are one of the most loathed controls in the wild. If you can’t beat ’em, join ’em. Learn who the passwordless alphas are and the lessons learned to achieve a win-win strategy within your company.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:45 am
    What's the True Cost of Acquisition? Leveraging Cybersecurity Due Diligence in M&A
    • session level icon
    speaker photo
    Director, Cybersecurity Due Diligence, RSM US
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Organizations continue to expand their market share, grow their presence in new markets, and enhance their capabilities and offerings through mergers with other organizations and acquiring companies. While mergers and acquisitions (M&A) bring a breadth of new services, solutions, products, and revenue streams into the acquiring organization, leadership needs to understand the target organization’s cybersecurity posture in order to determine the target’s cybersecurity capabilities and potential future state investments required to improve the target’s cybersecurity posture and address potential risks. This presentation will explore some of the industry trends, considerations, and common cybersecurity risk areas to review during M&A due diligence.

    Presentation level: MANAGERIAL (security and business leaders)

    10:45 am
    Managing Insider Risk without Compromising Speed of Business
    • session level icon
    speaker photo
    Security Community Evangelist, Manager, Code42
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    As companies double down on time to innovation, time to market, and time to revenue, they are inherently introducing more risk from the inside. The more cloud-based, collaborative, and fast an organization becomes, the greater the Insider Risks posed to its people, technology, and data. The upside is that cloud collaboration tools make employees more productive. The downside is that these same tools make it easier to exfiltrate data.

    Adding to the complexities of working from home and off the corporate network, more employees are routinely using unauthorized devices, tools, and cloud-based applications to share files and ideas with colleagues.

    Join us to discuss the growing Insider Risk problem and how the right data protection methods can set security teams up for success, without slowing down company productivity.

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    11:30 am
    InfoSec and DevOps: Security Practitioners and Software Engineering
    • session level icon
    speaker photo
    Sr. IT Security Engineer, UnitedHealth Group
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    A summation of the journey by one information security practitioner into the world of DevOps. In particular, we’ll cover the importance of security practitioners walking towards the direction of DevOps (instead of waiting on DevOps to walk towards InfoSec). Importantly, as DevOps improves its ability to shift left, security professionals are left with a choice: either shift left with their software engineering colleagues or run the risk of becoming obsolete.

    Investment by security practitioners in improved understanding of software engineering best practice rewards both the enterprise and the individual.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:30 am
    Policies, Standards, Processes: Using a Free CSF to Create IS Policy Documents
    • session level icon
    speaker photo
    Information Security Manager of GRC, Emergent Holdings
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Running an information security organization is often very reactive. As you fight your way through the jungle of chaos, you realize that you need rules, regulations, and controls to build a fortress to shelter your valuables against risks and threats. But how do you begin to get and keep everything under control? With your information security policy documents, of course. Creating usable policy documents is very tricky if you don’t know where to start or how to make them meaningful and enforceable. In this session:

    • We will discuss the differences between a policy, standard, process, and guideline.
    • You will receive an overview of how to use the free version of the HITRUST CSF to create Information Security policy documents.
    • We will view a sample of a policy and standard created from the free version of the HITRUST CSF.
    11:30 am
    Ransomware Incident Command and Lessons Learned for Managers
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    This presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.

    12:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    12:15 pm
    Reasoning and Analysis in Incident Response
    • session level icon
    speaker photo
    Cybersecurity Specialist, Infoscitex Corporation
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    A brief examination of data analysis methodologies for investigation in Incident Response. Three data analysis techniques will be presented:

    1. Analysis of Competing Hypothesis
    2. Cone of Plausibility
    3. Timeline Analysis

    Analysis of Competing Hypotheses is an analytic process that can help multiple analysts reason through an incident. It helps you to the appropriate hypothesis to further investigate when you have disparate options. It includes visualization, probability and cognitive psychology methods.

    The process is as follows:
    Hypothesis
    Evidence
    Refinement
    Inconsistency
    Sensitivity
    Conclusions and Evaluation

    I will also show Structured Analysis of Competing Hypothesis, a more advanced method. Cone of Plausibility is scenario-based. Timeline Analysis is graphical.

    Presentation level: TECHNICAL (deeper dive including TTPs)

    12:15 pm
    Human + Machine: The Future of Passwords
    • session level icon
    speaker photo
    VP of Product Management, Solutions, 1Password
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    Biometrics and other methods promise a passwordless future. But is the future of the password really so simple? How can you prepare for that future, whatever it holds? This session will cover:

    • The passwordless future
    • The rise of secret sprawl
    • Building visibility into your platform
    • Integrating with existing technologies
    12:15 pm
    Leveraging the Three Lines of Defense to Improve Your Security Position
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Depending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
    Presentation Level: MANAGERIAL (security and business leaders)
    12:15 pm
    [Panel] Ransomware: Myths, Pitfalls, and New Insights
    • session level icon
    speaker photo
    VP, Global Services Technical Operations, BlackBerry
    speaker photo
    Director, Sales Engineering, LogRhythm
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    One thing we have learned over the past 18 months is that ransomware is very lucrative. Backups and cyber insurance have you covered, right? Not so fast. Misinformation abounds around digital extortion. Join our panel of experts as they unpack some of the myths and pitfalls around ransomware and offer valuable insight on how to keep your company out of the headlines!

    12:15 pm
    Executive Roundtable
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:15 pm - 1:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.

    1:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    Moving from Individual Contributor to Cybersecurity Leader
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Are you feeling the call towards cybersecurity leadership? Just being a good technologist is no guarantee you will be a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge.

    Join in this conversation about the path from the Information Security technical role to an Information Security leadership role. Learn the right knowledge that will be powerful in helping advance your career up the ranks of security leadership!

    1:15 pm
    Ethical Hacking and Cyber Ecosystems: Anticipating the Predators
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    In an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    1:15 pm
    [Panel] Cloud: Power and Peril
    • session level icon
    speaker photo
    CISO, IntSights
    speaker photo
    Director of Information Security and Research, Automox
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    We are making history now, in the cloud. Organizations are utilizing cloud at record levels, revealing its power like never before. However, much of this shift was forced, and fast, which increased risk. And attackers are shifting, too. Join this panel as we unpack the power of the cloud and also its peril: current challenges, threats, and pitfalls.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:15 pm
    [Keynote] Cyber Insurance: Driving the Future of Cybersecurity Improvements
    • session level icon
    speaker photo
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
    speaker photo
    Cyber Liability National Practice Leader, RLI Insurance Company
    speaker photo
    Chief Underwriting Officer, Measured Analytics and Insurance
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    What will drive the next big wave of information security improvements at U.S. organizations? Instead of regulation, it may be insurance. A two-pronged evolution is underway. Insurance policies are suddenly becoming more prescriptive for organizations, often requiring companies meet certain cybersecurity benchmarks before a policy can be written. At the same time, “InsureTech” is emerging on the scene. This involves a new breed of insurance company that provides cyber coverage and also scans the insured’s environment to constantly monitor for IT and cyber risk. Join this keynote panel as we discuss this evolution and look at future impacts of cyber insurance on security leaders and their teams.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

Exhibitors
  • 1Password
    Booth:

    1Password is a privacy-focused password manager that keeps you safe online.
    1Password is the world’s most-loved password manager. By combining industry-leading security and award-winning design, the company provides private, secure, and user-friendly password management to businesses and consumers globally. More than 80,000 business customers, including IBM, Slack, PagerDuty, and GitLab, trust 1Password as their enterprise password manager.

  • Automox
    Booth:

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • BlackBerry
    Booth:

    BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including more than 175M cars on the road today. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear—to secure a connected future you can trust.

    BlackBerry. Intelligent Security. Everywhere.

    For more information, visit BlackBerry.com and follow @BlackBerry.

  • Check Point Software Technologies Inc.
    Booth:

    Check Point Software Technologies Inc. is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Code42
    Booth:

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • Cybercrime Support Network
    Booth:

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • Fortinet
    Booth:

    Fortinet secures the largest enterprise, service provider, and government organizations around the world. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 300,000 customers trust Fortinet to protect their businesses.

  • Gigamon
    Booth:

    Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.

  • LogRhythm
    Booth:

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Radware
    Booth:

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • RedSeal
    Booth:

    By focusing on cybersecurity fundamentals, RedSeal helps government agencies and Global 2000 companies measurably reduce their cyber risk. With RedSeal’s cyber terrain analytics platform and professional services, enterprises improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Michael Stephen
    Privacy & Security Officer, Connect for Health Colorado

    Former network security architect and geek with 20 years' IT experience, almost all doing InfoSec. Background in telecommunications, healthcare, state & local government, financial, and retail. Implemented multiple compliance and privacy programs and CISSP/SABSA certified. Currently Privacy & Security Officer for Connect for Health CO, the Healthcare Exchange for Colorado.

  • speaker photo
    Sam Masiello
    Chief Security & Technology Officer, Beckage Law

    Sam Masiello has been working with email, messaging, and fighting internet pollution for over 25 years. Prior to Beckage, he served as the CISO at Gates Corporation, where he was responsible for the company's data security, risk, and global compliance initiatives. Before that, he was CISO at TeleTech, where he oversaw the protection of employee, consumer, and customer data for all of the organization's clients, which included many Fortune 500 companies.

    Sam has also been the Chief Security Officer, Head of Application Security, and Head of Security Research at companies such as Groupon, Return Path, and McAfee. He currently serves as Director-at-Large of The Coalition Against Unsolicited Commercial Email (CAUCE), National Advisory Board Member for SecureWorld, and is an Executive Board Member of Colorado Cyber. He has previously served as a member of the Board of Directors for the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), the Steering Committee of the Online Trust Alliance (OTA), and a member of the Anti-Phishing Working Group (APWG).

  • speaker photo
    Glenn Kapetansky
    Interim CISO, University of Chicago Medical Center; CSO, Trexin Group

    Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.

    Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).

  • speaker photo
    Rebecca Rakoski
    Co-Founder & Managing Partner, XPAN Law Partners

    Rebecca L. Rakoski, Esq., is the managing partner at XPAN Law Partners. Rebecca counsels and defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. She manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to aggressively mitigate her client's litigation risks. As an experienced litigator, she has handled hundreds of matters in state and federal courts. Rebecca advises her clients on a proactive, multi-jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She works with clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

    As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section, and also served on the Complex Business Litigation Committee that drafted and revised the Court Rules involving electronic discovery in complex litigation matters. She has been appointed in several litigation matters by the New Jersey Superior Court as a Discovery Special Master.

    Rebecca is on the Board of Governors for Temple University Health Systems, and is an adjunct professor at Drexel University’s Thomas R. Kline School of Law and Rowan University.

  • speaker photo
    Alexandra Panaretos
    Americas Lead for Secure Culture Activation, Ernst & Young LLP

    Alexandra is the Americas Cybersecurity Lead for Secure Culture Activation at Ernst & Young LLP. With a background in broadcasting and operational security, she specializes in secure communications and education, awareness program development, the psychology of social engineering, human-based risk mitigation, and behavior analytics. She has over 12 years of experience developing and implementing security awareness, communication, and education strategies in Fortune 50/100 companies and other global enterprises. In addition, she volunteers in her free time with local law enforcement agencies educating parents, community groups, and youth organizations on information security and social media safety.

  • speaker photo
    Rhett Saunders
    Director of Cybersecurity & Compliance, Focus on the Family

    Before coming to Focus on the Family, Rhett served the Federal Reserve, and while there, led regular Enterprise Risk Management discussions between the Federal Reserve and U.S. Treasury with a focus on cybersecurity. He is a former NSA cryptoanalyst and a U.S. Army veteran, having served multiple joint intelligence communities, both foreign and domestic government agencies in international locations.

    Rhett is a public speaker on the topic of privacy and identity theft prevention. He lectures on cybersecurity and cryptography topics at University of Colorado Colorado Springs (UCCS) and Flatiron School. He also serves on the SecureWorld Advisory Council. Rhett earned a Master of Business Administration from LeTourneau University and holds the CISSP credential.

  • speaker photo
    Toby Zimmerer
    Director, Cybersecurity Due Diligence, RSM US

    Toby Zimmerer is a Director of Cybersecurity Due Diligence in the Transaction Advisory Services Practice of RSM US, where he assists organizations with identifying and addressing the potential cybersecurity risks during mergers and acquisitions. He has over 22 years of professional experience developing information security strategies, designing information security programs, developing information security solutions and lead teams with deploying and operating information security programs. Toby has an MBA, a B.S. in Electrical Engineering, a CISSP certification, a CCSK from the Cloud Security Alliance and is a U.S. Navy veteran.

  • speaker photo
    Riley Bruce
    Security Community Evangelist, Manager, Code42

    Riley is a Security Community Evangelist at Code42, where he enjoys educating Security and IT teams through engaging technical content and presentation. Previously, Riley served in both customer support and customer education roles at Code42. In his spare time, he enjoys photography, travel, and relaxing at the lake in northern Wisconsin with his pug Mimi.

  • speaker photo
    John Prewett
    Sr. IT Security Engineer, UnitedHealth Group

    John Prewett is a security technologist with over 20 years’ experience helping private sector, government agencies, and educational institutions identify risk and improve their security postures. John's latest passion is code writing, software engineering best practice, and otherwise improving the overall relationship between security practitioners and application developers. Outside of work, John cherishes early morning walks with his wife (during which time they solve all the world's problems), completing home improvement projects, and generally enjoying the beautiful state (Colorado) in which he and his family live.

  • speaker photo
    Marcia Mangold
    Information Security Manager of GRC, Emergent Holdings

    Marcia Mangold is the Manager of Information Security Governance, Risk and Compliance for Emergent Holdings, Inc. Marcia has spent the past 17+ years using her abilities to be a business enabler for IT and IS, and has worked for several organizations, including IBM, GE, and Blue Cross Blue Shield of Michigan. Marcia focuses on Information Security awareness training, risk, and policy lifecycle management. Marcia is a Certified Information Systems Security Professional (CISSP), a founding board meeting of the local (ISC)2 chapter, a proud member of the Michigan InfraGard chapter, and a board member of ISSA. In addition, Marcia was a contributing NIST Big Data Public Working Group member for the Special Publication (NIST SP) - 1500-4, Big Data Interoperability Framework: Volume 4, Security and Privacy.

  • speaker photo
    Keith Chapman
    Cybersecurity Specialist, Infoscitex Corporation

    Keith has been a team lead for a security operations center, where he was a mentor and an incident response and threat intelligence subject matter expert and facilitated tabletop exercises. He currently works in a GRC role. He has the CISSP and Certified Threat Intelligence Analyst certifications. He also serves as a Cyber Teen Education chair for an international nonprofit.

  • speaker photo
    Troy Kitch
    VP of Product Management, Solutions, 1Password
  • speaker photo
    Panel Discussion
  • speaker photo
    Tony Lee
    VP, Global Services Technical Operations, BlackBerry
  • speaker photo
    Richard Bakos
    Director, Sales Engineering, LogRhythm
  • speaker photo
    Panel Discussion
  • speaker photo
    Cindi Carter
    CISO, IntSights

    Prior to IntSights, Cindi served as Vice President and Chief Security Officer at MedeAnalytics, where she oversaw global enterprise security. Her mission encompassed creating a culture that places high value on securing and protecting MedeAnalytics and the clients’ information entrusted to them.

    Cindi has built and matured both cyber and physical security practices at The University of Michigan Health System and Cerner Corporation. More recently, Cindi served as the Deputy Chief Information Security Officer at Blue Cross and Blue Shield of Kansas City. Cindi is the founding President of Women in Security-Kansas City, a non-profit organization with the mission to support women at all career levels in Information Security, and serves as an Advisory Board member within the security industry.

  • speaker photo
    Christopher Hass
    Director of Information Security and Research, Automox

    Chris Hass is an extremely driven and proven information security professional with extensive experience in Malware Reverse Engineering, Threat Intelligence, and Offensive Security Operations. In his current role, Chris serves as Director of Information Security and Research at Automox. In addition to being a former cybersecurity analyst for the NSA, he also served as a principal research engineer at LogRhythm and helped fight off malware authors using AI/ML at Cylance. His unique experience makes him adept at understanding today's current threat landscape, and works passionately to secure Automox and its customers from today's cyber attacks.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Sean Scranton
    Cyber Liability National Practice Leader, RLI Insurance Company

    Cyber Liability National Practice Leader (current).
    IT Security / IT Auditor at RLI for 8 years.
    Network / security consulting / auditor for financial institutions, government for 9 years.
    Network / firewall administrator in healthcare for 7 years.

    Designations - CPCU, RPLU+, CISSP, CISM, CISA, CRISC, CSXF, MBA

  • speaker photo
    Steven Anderson
    Chief Underwriting Officer, Measured Analytics and Insurance
Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Learn and connect virtually

Join your InfoSec peers for high-quality training and collaboration. Sign up today!