googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 6, 2024
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:15 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    7:30 am
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 1
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast (VIP / Invite only)
    • session level icon
    The Surprising List of CISO Top Concerns
    speaker photo
    CISO, AAA Washington
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am

    Taking a cross-section of recent surveys (ISC2 , Dark Reading, PwC), arguably the top CISO concerns—not “priorities” but “concerns”—are third-party security risks, data manipulation, and burnout. Together, these represent the true CISO-level risks, compared to what’s in the news on a daily basis: AI, ransomware, supply chain and insider risks, cyber warfare, nation-state actors, etc. In this private, closed-door discussion, we challenge whether these three concerns are a correct and complete list, and discuss how/why they differ from those other top CISO priorities. The goal is to walk away with a new-look “to-do list” for your job versus the one with which you walked in.

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    Securing the Supply Chain
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    A discussion of managing third-party risk and how to manage expectations and contracts with vendors.

    8:00 am
    ISC2 Seattle Chapter Meeting and Panel Discussion
    • session level icon
    Open to all attendees
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    More details to come.

    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] The Hidden Costs of Cybersecurity: Unveiling the True Price of Protection
    • session level icon
    speaker photo
    CISO, REI
    speaker photo
    Global Head of Cybersecurity, Expedia Group
    speaker photo
    SVP & Global CISO, Providence
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    With cyber threats evolving at an unprecedented pace, organizations are increasingly aware of the need for robust cybersecurity measures. However, the true cost of cybersecurity extends far beyond the visible expenses of software licenses and security personnel. This keynote panel delves into the often-overlooked aspects of cybersecurity that can significantly impact an organization’s bottom line and operational efficiency. The panel explores:

    • The multifaceted nature of cybersecurity costs, beginning with the critical yet often underestimated areas of incident response (IR) readiness and preparedness.
    • The importance of comprehensive business continuity planning, highlighting how inadequate planning can lead to substantial financial losses and reputational damage. The panel cites real-world examples, including the recent CrowdStrike outage, to illustrate the cascading effects of service disruptions on both providers and their clients.
    • The legal aspects of cybersecurity, exploring how regulatory compliance, potential liabilities, and the cost of legal counsel in the aftermath of a breach contribute to the hidden costs of security. Don’t forget the often-underestimated impact of third-party risk and the importance of robust vendor management practices.
    • How to challenge the conventional wisdom of relying heavily on a single security vendor, advocating for a diversified approach that can enhance resilience and reduce dependency risks. The panel also addresses the counterintuitive problem of implementing too many security controls, which can paradoxically slow recovery efforts after an incident and increase operational complexity.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    1 + 1 = 3: Strengthening Security & Technology Post Acquisition
    • session level icon
    speaker photo
    CIO, KORE Software
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Anyone in technology who has been through a merger or an acquisition, on either side, has experienced that weight of the deal closing and the reality setting in of truly combining companies. You start meeting people, learning about systems, discovering skeletons in the closet, putting together a plan and, before you know it, 6 months are gone – and nothing has gotten done. This presentation addresses some of the real-world challenges of post-merger integration, defines a framework and best practices for you to follow, and calls out some of the common pitfalls to avoid. Having been through multiple transactions (at one point 3 in a 12-month period), Hoffman hopes to be able to leave attendees with a foundation to not only have a successful integration but come out of the process with a team and technology landscape that is stronger than before.

    10:15 am
    [Panel] Beyond the Single Point of Failure
    • session level icon
    Lessons from Recent Vendor Incidents and Strategies for Resilience
    speaker photo
    Partner - Data Protection, Privacy & Security Group, K&L Gates
    speaker photo
    Board Member, Cybersecurity Leader, Angel Investor
    speaker photo
    CISO, DAT Freight & Analytics
    speaker photo
    Head of Security Engineering & Architecture, DAT Freight & Logistics
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Recent incidents involving major cybersecurity vendors like CrowdStrike and Microsoft have highlighted the critical issue of single-point failures in our digital defense ecosystems. This panel session delves into the aftermath of these events and explores the broader implications for organizational cybersecurity strategies. Our expert panel discusses:

    • The dangers of over-reliance on single vendors: Exploring the risks associated with putting all your security eggs in one basket.
    • Developing a multi-vendor strategy: Balancing the benefits of integrated solutions with the need for redundancy and resilience.
    • Incident response planning: Preparing for vendor-related outages or failures as part of your overall cybersecurity strategy.
    • Future outlook: How the industry might evolve to address these challenges.

    Gain valuable insights into creating more resilient security architectures that can withstand vendor-specific incidents.

    10:15 am
    Unmasking Deception: Harnessing Data Analytics for Robust Fraud Detection and Prevention
    • session level icon
    speaker photo
    Security Advisor, Splunk
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    The anti-fraud effort continues to grow in complexity and it requires analytics-based insights. An optimized approach for identification and mitigation is needed. Learn to analyze data at the speed of the business.

    10:15 am
    Generative AI in Cybersecurity: Evolving Threats and Defenses
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am

    Discover the benefits and challenges facing cybersecurity programs in the age of Generative Artificial Intelligence (AI). In this session, we will delve into the dynamic landscape of Generative AI, exploring how it increases the capabilities and capacities of attackers and defenders alike. Gain insights into emerging threats and organizational defense strategies tailored to combat the ever-evolving nature of AI-driven cyberattacks. Join us to stay ahead of the curve and fortify your defenses in the age of Generative AI.

    11:00 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    Exploiting People: Phishing, Social Engineering, and Con Artists
    • session level icon
    speaker photo
    BISO & Sr. Director of Security, Salesforce
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    We have all heard about Phishing, Spear Phishing, Social Engineering, and various new threats like deepfake videos, and AI voice / video fakes.  We all need to defend against them for sure, but what are they and why do they work?  What are the best ways to stop or reduce these threats and their impact on our lives and our businesses?  This talk discusses the human aspects of con jobs, and how we can catch them or reduce their impact on our businesses and lives.

    11:10 am
    Hacking the Boardroom: How to Secure Their Attention While Securing Your Org
    • session level icon
    speaker photo
    Sr. Director, Security GRC & Trust Assurance, Docusign
    speaker photo
    VP, Head of Internal Audit, Docusign
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    Cybersecurity is no longer just an IT issue; it’s a boardroom buzzword. But how do you get the board to care about firewalls and phishing without their eyes glazing over? Enter this session, your crash course in translating cyber-speak into something the C-suite will actually understand (and maybe even enjoy).

    This session breaks down how to turn terrifying tactical tech talk into a blueprint for boardroom brilliance. Learn how to frame cyber threats as business risks, sell the ROI of that new security software, and align your pitch with corporate goals – all without triggering a “404: Audience Not Found” error.

    Prepare for some laughs, a lot of lightbulb moments, and the confidence to make your next boardroom chat a smash hit. Whether you’re a cybersecurity wizard or just trying to avoid a crash-and-burn presentation, this talk helps you bridge the gap between the server room and the boardroom.

    11:10 am
    Cybersecurity in Real-Time: Gaining Insights from Adversary Infrastructure and Activities
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Learn techniques used in John’s threat research that can address common dilemmas faced by analysts in Security Operations teams. These moments of “well that sure would’ve been nice to know” is what inspired the topic for this presentation today: Threat Hunting.
    11:10 am
    [Panel] Unveiling the Hidden Threat Landscape and Unmasking Digital Villains
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

    Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the ever-expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

    Our panel provides a comprehensive overview of the current threat landscape.

    12:00 pm
    [Lunch Keynote] Drag Racing & Cybersecurity: The Crossover
    • session level icon
    speaker photo
    Associate CISO, St. Luke's University Health Network
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    You’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.

    12:00 pm
    Advisory Council Lunch Roundtable (VIP / Invite Only)
    • session level icon
    Building Your Cybersecurity Community: Connections and Career Growth
    speaker photo
    Information Security Officer, AstrumU
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    Developing meaningful professional relationships and strategically managing your career are vital for success and advancement in the fast-moving cybersecurity ecosystem. Connections are critical in our lives – we cannot do it alone. This closed-door, interactive session provides perspectives and frameworks for expanding your network both internally and across the industry. Come ready to share and hear proven approaches for becoming a trusted advisor to business leaders while raising the profile of your security team. We’ll discuss techniques to foster connections through conferences, media, and writing while aligning activities to your long-term career roadmap. Participants will leave ready to proactively network with purpose, find and become mentors and sponsors, and chart a fulfilling career trajectory in cybersecurity.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    The CISO-CFO-GC Relationship: Building Trust to Move the Business Forward
    • session level icon
    speaker photo
    COO & CFO
    speaker photo
    CISO & Chief Trust Officer
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm

    Ask any executive leader and they will underscore how important trust is in the go-to-market motion. Today, CISOs can move beyond traditional risk management to drive strategic value as trust owners and architects. As industries such as technology, healthcare, retail, and aerospace evolve, the ability to evidence and communicate trustworthiness is increasingly critical to sustaining market leadership. In this session, a CISO and Chief Trust Officer and an experienced global technology CFO discuss how data protection leaders can align their roles through strategic partnerships with CFOs and General Counsels. Together as the Trust Triad, they elevate trust from a compliance-focused program to a strategic advantage that supports and protects stakeholder, customer, and investor value. Whether your organization operates in sectors with inherited trust (e.g., finance, healthcare, or government), or where trust must be intentionally manufactured (e.g., technology, retail, or aerospace), this session provides practical strategies to align trust investments with strategic value outcomes.

    The discussion will also touch on quantifying value impact of trust, managing diverse value stakeholder, implementing trust culture, and positioning demonstrable trust as a catalyst for the acceleration of the value journey. Tailored for enterprise data protection leaders, this talk offers insights to enhance your influence within the organization and align your practice to the accountable business.

    1:15 pm
    AI-Driven Cybersecurity Education: The Education Game Changer
    • session level icon
    speaker photo
    Program Management Director, Academic Programs, UW Continuum College (UWC2), University of Washington
    speaker photo
    Curriculum Developer and Integrator, NCAE Co-Op, Norwich University
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm

    Get ready to dive into the future of cybersecurity education! Join us for an electrifying session that showcases how AI is revolutionizing the way we train the next generation of cybersecurity professionals. Alejandro Ayala and Lalitha Subramanian unveil the cutting-edge ‘CyberEd in a Box’ program – a dynamic blend of AI-driven personalization and ethical training that’s closing the gap between academia and industry.

    Discover how tools like ChatGPT are used to create tailored learning experiences that not only boost technical skills but also instill the moral integrity needed to tackle real-world cyber threats. With proven results in student performance and engagement, this innovative program is set to redefine the standards of cybersecurity education.

    Don’t miss out on this opportunity to see how AI is bridging the gap and shaping the future of the cybersecurity workforce. Be part of the conversation that’s turning heads and setting the stage for a new era in education.

    1:15 pm
    [Panel] Securing the Cloud Fortress: Revealing Defense Strategies for the Cloud
    • session level icon
    speaker photo
    CTO, Tufin
    speaker photo
    CTO, Washington State Department of Labor and Industries
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    In the ever-expanding digital universe, the cloud has emerged as a powerful tool, enabling organizations to store data, access applications, and operate their businesses with unprecedented agility. However, this vast digital fortress, like any other, is not without its vulnerabilities. Join us as we delve into the realm of cloud security, exploring the hidden defenses employed by cybersecurity superheroes to safeguard the cloud and its inhabitants.

    Our panel of cloud security experts shed light on the unique challenges and strategies involved in protecting cloud-based environments. They discuss the shared responsibility model, the role of cloud providers and customers, and the evolving tools and techniques employed to secure the cloud.

    Our panel provides a comprehensive overview of cloud security, empowering attendees to understand the hidden defenses of the cloud and strengthen their cloud security posture. Learn how to identify and mitigate cloud-based threats, implement robust access controls, and effectively manage cloud security risks.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:10 pm
    CISO Liability After SolarWinds and Uber
    • session level icon
    speaker photo
    Senior Attorney, Clark Hill LLP
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    A new era of government criminal prosecution of C-suite executives began in 2022. That year, Uber’s former Chief Security Officer was convicted of criminal obstruction of justice for failing to disclose a breach to the FTC during an ongoing investigation. In 2023, the SEC brought criminal charges against SolarWinds’ CISO for fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices. In July 2024, a federal judge tossed most, but not all, of the SEC’s charges against SolarWinds and its CISO. This session discusses the prosecutions of the Uber and SolarWinds CISOs and examines the contours of CISO personal liability following those landmark (and likely more to come) prosecutions.

    2:10 pm
    Managing AI Platform Risk: How Security and Engineering Partner to Deliver Trusted Models
    • session level icon
    speaker photo
    Sr. Director, BISO, Salesforce
    speaker photo
    Director of Software Engineering, Salesforce
    speaker photo
    Principal Security, Generative AI and Cloud Security, Salesforce
    speaker photo
    Lead Product Security Engineer, Salesforce
    speaker photo
    Director of Strategy & Operations, AI Platform, Salesforce
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    This panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.

    2:10 pm
    ISC2 Seattle Chapter Meeting and Panel Discussion
    • session level icon
    Securing Success: The Impact of Networking, Education, and Certifications in Cybersecurity
    speaker photo
    Secretary & Webmaster, ISC2 Seattle Chapter
    speaker photo
    Vice President, ISC2 Seattle Chapter
    speaker photo
    Treasurer, ISC2 Seattle Chapter
    speaker photo
    Director at Large, ISC2 Seattle Chapter
    speaker photo
    President, ISC2 Seattle Chapter
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm

    This panel discusses the challenges of breaking into cybersecurity and highlights new Certified in Cybersecurity opportunities from the ISC2 Global and how Seattle ISC2 Chapter supports this initiative. Our panelists further discuss the importance of networking, continuing professional development, seeking educational opportunities and being smart about the right certifications in the area of your expertise.

    Join us to learn more about how networking, continuous education, getting certifications and joining professional organization(s) can strengthen your position to secure your next professional role and advance your career.

    3:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:30 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:00 pm
    Happy Hour
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Join your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.

     

    3:30 pm
    CLOSING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 4:15 pm
    Location / Room: Keynote Theater
    3:45 pm
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    3:45 pm
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 2
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

  • Thursday, November 7, 2024
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:15 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    7:30 am
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 3
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Are You in a Dysfunctional Relationship with the HR Department?
    • session level icon
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    When HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization.

    For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team?

    This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats.

    8:00 am
    Advisory Council Roundtable Breakfast – (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am

    This roundtable discussion is for our Advisory Council members only.

    8:00 am
    InfraGard Washington State Chapter Meeting with Guest Speaker
    • session level icon
    Open to all attendees
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    More details to come.

    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] How CISOs Can Elevate Influence and Become a Business Driver
    • session level icon
    speaker photo
    Sr. Director, BISO, Salesforce
    speaker photo
    VP, Chief Technology & Security Officer, The Greenbrier Companies
    speaker photo
    CISO, Pacific Blue Cross & PBC Solutions
    speaker photo
    CISO, AAA Washington
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    For today’s CISOs, it’s no longer enough to be just technical experts. This panel of top-level cybersecurity professionals representing the regions of Vancouver, B.C., Bozeman, Seattle, and Portland breaks away from talking about the tired mantra of “speaking the language of the business” and instead dives into practical, real-world examples of how security leaders have successfully navigated the business landscape.

    The discussion focuses on actionable strategies and tactics that have helped CISOs gain influence, secure funding, and elevate cybersecurity from a technical function to a critical business driver. Walk away with specific metrics, communication techniques, and actionable insights that have been proven to work in the real world—offering practical takeaways that can be implemented immediately. Get ready for a session that goes beyond the theory and delivers tangible answers to the challenges CISOs face today.

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    [Panel] Building Trusted Partnerships to Enable Secure Products
    • session level icon
    speaker photo
    Sr. Director, BISO, Salesforce
    speaker photo
    BISO & Sr. Director of Security, Salesforce
    speaker photo
    BISO & Sr. Director of Security, Salesforce
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    In today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.

    Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:

    • Establishing trust in the supply chain
    • Collaborative approaches to secure software development
    • The role of transparency in building and maintaining trust
    • Balancing intellectual property concerns with security needs
    • Leveraging partnerships for more effective incident response
    • Case studies of successful security-focused partnerships
    10:15 am
    [Panel] ASPIRE Your Approach: Repay Engineering by Investing in Application Security
    • session level icon
    speaker photo
    CISO, Valon
    speaker photo
    Head of Security Assurance and Operations, DAT Freight & Analytics
    speaker photo
    VP, Cybersecurity , Roper Technologies, Inc.
    speaker photo
    CISO, DAT Freight & Analytics
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am

    Challenges with engineering moving faster with their CI/CD pipelines, releases, and environment updates still need security involved to adopt and scale. Security investments often increasingly create friction within the organization. This session helps security professionals look at their AppSec program with a “more investment is good” model. This mantra allows security and engineering—and the business—to scale with quality, speed, and innovation that improves security and fosters better engineering partnerships.

    10:15 am
    Bouncing Back from Cyber Calamity: Crafting Watertight Business Continuity Plans
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Business continuity and disaster recovery planning are crucial to help organizations prepare for and recover from cyberattacks or data breaches. This session provides an overview of key strategies and best practices for developing a robust cyber resilience plan. Topics will include conducting a business impact analysis to prioritize critical systems and data, implementing comprehensive backup solutions, formulating incident response procedures, assessing supply chain vulnerabilities, retaining talent, and testing existing plans. Whether preparing for widespread ransomware attacks or isolated system failures, organizations must architect cyber resilience to minimize disruption and bounce back better than before.
    11:00 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    [Panel] Navigating the AI Frontier: Developing Robust Strategies and Governance Policies
    • session level icon
    speaker photo
    Director of Educational Technology, West Point Grey Academy, Vancouver BC
    speaker photo
    Director, Information Security, KP LLC
    speaker photo
    VP, AI Risk Governance , Goldman Sachs
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    As AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.

    Our distinguished panelists will delve into:

    • The current state of AI adoption across various industries and its impact on cybersecurity
    • Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
    • Designing governance frameworks that ensure responsible AI use while fostering innovation
    • Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
    • Regulatory landscape and compliance requirements for AI implementation
    • Best practices for data management and protection in AI-driven environments
    • Ethical considerations in AI development and deployment
    • Strategies for building AI literacy within organizations
    • Future trends and preparing for the evolving AI landscape

    Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.

    11:10 am
    Managing the Massive Changes to Privacy Law in the U.S.
    • session level icon
    speaker photo
    Partner - Data Protection, Privacy & Security Group, K&L Gates
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am

    Session description coming soon.

    11:10 am
    [Panel] Elevating Security and Incident Response Through Threat Intelligence, Cloud Resilience, and AI Innovations
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am

    The battle between cybersecurity defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face; and how to deal with them once. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.

    Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.

    And SHOULD a breach or ransomware attack occur, the response to an incident is as important as trying to keep the bad actors out in the first place.

    12:00 pm
    [Lunch Keynote] End Game First: A Leadership Strategy for Navigating a Crisis
    • session level icon
    speaker photo
    Mike Lefever, Member, U.S. Global Leadership Coalition's National Security Advisory Council; EVP of National Security, Concentric Advisors; Executive Chairman, Illuminate; Former Commander and Senior Military Representative, Office of the U.S. Defense; Representative to Pakistan, U.S. Embassy, Islamabad
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    The summer CrowdStrike-Microsoft outage was the first time many businesses were forced to navigate a crisis of epic proportions. Whether your business faced exceptional obstacles during this time or has endured adversity before, the reality is undeniable: crisis is inevitable.

    Like financial management and project planning, crisis navigation is a skill vital for survival, sustainability, and—most importantly—success. No one knows this better than Mike LeFever. He is a retired Vice Admiral with leadership experience in high-risk security environments and translates his unique experiences in military and corporate life into a framework for navigating crises and anticipating next steps before conflict becomes un-survivable.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Cybersecurity Challenges for Small and Medium Businesses
    • session level icon
    speaker photo
    Director of Cybersecurity and Infrastructure, Mud Bay, Inc.
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm

    Small and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this talk, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise.

    We cover the following topics:

    • The state of SMB cybersecurity in the U.S.
    • The cost and impact of cyber breaches on SMBs
    • The main cyber threats and vulnerabilities that SMBs face
    • The best practices and frameworks for SMB cybersecurity
    • The steps to build or improve your cybersecurity program

    Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.

    1:15 pm
    Building Out Information Security Programs: You're Hired as the CISO, Now What?
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm

    New CISOs and experienced CISOs new to organizations face the challenge of building out new, or building upon existing, cybersecurity programs. This peer exchange among CISOs will dive into their approach to building foundational cybersecurity strategies.

    1:15 pm
    How TIAA Is Addressing the Cybersecurity Skill Shortage Internally
    • session level icon
    speaker photo
    Sr. Lead Information Security Business Manager, TIAA
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    This presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.

    1:15 pm
    [Panel] The Secret Potential of AI and ML: Empowering Cyber Superheroes with Artificial Intelligence
    • session level icon
    speaker photo
    Business Information Security Officer (BISO), T-Mobile USA
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Artificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.

    Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.

    Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:10 pm
    Navigating the Future: Cognitive Computing in the New Age of AI
    • session level icon
    speaker photo
    Chief Technology Officer, Alma Mater Society of UBC, Vancouver
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    Cognitive computing represents a revolutionary shift in artificial intelligence, aiming to create a universal algorithm that mirrors the human brain’s capabilities. This advancement enhances our ability to solve diverse problems and paves the way for unprecedented innovations. Imagine a future where humans and machines work in perfect harmony, combining their strengths to achieve remarkable feats. With cognitive computing, this future is not just a possibility; it’s an inevitability, ushering in a new era of intelligence and collaboration.

    2:10 pm
    A Journey Toward Zero Trust
    • session level icon
    speaker photo
    Solutions Architect, Washington Technology Solutions (WaTech)
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm

    The State of Washington has developed and is implementing a roadmap that incorporates a Secure Access Service Edge framework, Secure Service Edge (SSE) capabilities, and zero trust practices to solve a multifaceted problem set driving the need to evolve towards zero-trust. This session will provide a comprehensive overview of how Washington State is converging network and security capabilities using SD-WAN, NGFWs, and SSE to secure its hybrid, multi-cloud, digital ecosystem. Come meet the technologists that have coined the term Cloud Government Network, referring to how the state intends to secure its virtual data centers across the three major Cloud Service Providers.

    2:10 pm
    Partnering with Industry to Protect Our Way of Life
    • session level icon
    speaker photo
    Director, Region 10, DHS CISA
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm

    The cyber threats facing the United States are growing increasingly sophisticated. To combat these threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is partnering with industry on a range of priorities and products to bolster our cyber defenses.  By working together, we can defend U.S. cyberspace and protect our way of life.

    3:00 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:30 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:45 pm
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

    3:45 pm
    [PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 4
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    Today’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.

    This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:

    1. How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
    2.  How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
    3. How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
    4. How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
    5. How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.

    The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.

Exhibitors
  • Akamai Technologies
    Booth: 200

    Akamai powers and protects life online. Leading companies choose Akamai to build, deliver, and secure digital experiences. With the most distributed compute platform—cloud to edge—customers can build modern apps while keeping experiences closer to users and threats farther away. Learn about Akamai’s security, compute, and delivery solutions at akamai.com.

  • Axonius
    Booth: 200

    Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.

  • Blumira
    Booth: TBD

    Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility.

    Blumira’s cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Azure, Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisco FTD and many others.

  • Cato Networks
    Booth: 440

    Cato Networks pioneered the convergence of networking and security into the cloud. Aligned with Gartner’s Secure Access Service Edge (SASE) and Security Service Edge (SSE) frameworks, Cato’s vision is to deliver a next generation secure network architecture that eliminates the complexity, costs, and risks associated with legacy IT approaches based on disjointed point solutions. With Cato, organizations securely and optimally connect any user to any application anywhere on the globe. Our cloud-native architecture enables Cato to rapidly deploy new capabilities and maintain optimum security posture, without any effort from the IT teams. With Cato, your IT organization and your business are ready for whatever comes next. For more information, visit https://www.catonetworks.com.

  • Check Point Software Technologies
    Booth: TBD

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cribl
    Booth: 200

    Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables techprofessionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future.

    Founded in 2018, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.

  • CyberArk Software
    Booth: 200

    CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

  • DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 10
    Booth: TBD

    Through CISA’s efforts to understand and advise on cyber and physical risks to the Nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, physical and communications security, and, in turn, strengthen national resilience.

    Led by Regional Director Patrick J. Massey, based in Seattle, Washington, CISA’s Region 10 staff provides cybersecurity, physical infrastructure security, chemical security, and sector outreach services to 271 Tribal Nations and the following states: Alaska, Idaho, Oregon, and Washington.

    Region 10 personnel carry out CISA’s five priorities:

    • Improve supply chain security against cyber threats from malicious actors and the rollout of 5G technologies;
    • Harden federal networks (the civilian .gov domain);
    • Reduce risk at soft targets;
    • Enhance election security; and
    • Protect critical infrastructure that includes industrial control systems and the processes that provide vital services in critical infrastructure.
  • Endace
    Booth: 275

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Entrust
    Booth: 360

    Entrust keeps the world moving safely by enabling trusted identities, payments and data protection around the globe. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, or accessing corporate networks. With our unmatched breadth of digital security and credential issuance solutions, it’s no wonder the world’s most entrusted organizations trust us.

  • F5
    Booth: 200

    F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends

  • Fastly
    Booth: 200

    Expectations for websites and apps are at an all-time high. If they aren’t fast, secure, and highly personalized, users take their business elsewhere. But today’s most innovative companies are thriving by meeting this challenge head on: they’re choosing Fastly and an investment in their developers.

    With Fastly’s powerful edge cloud platform, developers get the tools they need to build the most groundbreaking apps — all optimized for speed, security, and scale — so businesses can effectively transform to compete in today’s markets. Together, we’re building the future of the web.

  • ForeScout Technologies, Inc.
    Booth: 200

    ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.

  • Fortinet
    Booth: 420

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Google Cloud
    Booth: 130

    Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.

  • Illumio
    Booth: 160

    We built the Illumio Adaptive Security Platform (ASP)™ to provide unprecedented visualization and control of enterprise applications. Our system constantly inspects and adapts to the computing environment it is protecting, without pause.
    Moreover, since 75 percent of computing interactions never leave the data center, our customers can now have complete visibility behind the firewall, whether it is running in their data center or the vibrant public cloud services of Amazon Web Services, Microsoft Azure, Google Compute Engine, Rackspace, and many others.

  • Immersive Labs
    Booth: 200

    The leader in people-centric cyber resilience.

  • Washington State InfraGard
    Booth: TBD

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISC2 Seattle Chapter
    Booth: TBD

    Bringing like-minded professionals together in the Greater Puget Sound region to discuss current tactics, techniques, and procedures within cybersecurity.

  • ISSA Puget Sound Chapter
    Booth: TBD

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • Keysight
    Booth: 225

    Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems;  patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.

  • National Cybersecurity Alliance
    Booth: TBD

    Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.

  • Optiv
    Booth: 200

    Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.

  • Ordr
    Booth: TBD

    In the hyper-connected enterprise, in which everything from simple IoT devices to complex multi-million-dollar systems are connected, traditional agent-based and human-generated security models simply cannot scale. Ordr solves this problem, providing enterprises with complete visibility and exhaustive control over every class of network-connected device and system. The Ordr Systems Control Engine is the only purpose-built solution to fully map the device flow genome at massive scale, using machine learning to completely and continuously inspect, classify and baseline the behavior of every device. Ordr’s software architecture is unique in its ability to process enormous quantities of data in real-time, using sophisticated AI to deliver closed loop security, automatically generating policies for each class of device and implementing those policies directly through the organization’s existing multi-vendor network and security infrastructure.

  • Phosphorus Cybersecurity
    Booth: 200

    Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Extended Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates.

  • Robert Half
    Booth: 270

    Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.

  • Rubrik
    Booth: TBD

    Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.

  • Silverfort
    Booth: 200

    Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.

  • Snyk
    Booth: 210

    Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.

  • Splunk
    Booth: TBD

    Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.

  • Tenable
    Booth: 200

    Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

  • Tevora
    Booth: 320

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Tufin
    Booth: 260

    As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.

  • Varonis Systems, Inc.
    Booth: 180

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Wiz
    Booth: 430

    We’re on a mission to help organizations effectively reduce risks in their Cloud environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights  that don’t waste time.

    Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and DevOps teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches. For more information, visit www.wiz.io.

  • WiCyS Western Washington Affiliate
    Booth: TBD
  • Zero Networks
    Booth: 150

    Zero Networks fixes the root cause of most successful cyberattacks – overly open networks and excessive logon permissions – with a simple, fully automated platform for zero trust segmentation and remote access. Zero Networks learns and automatically restricts network and user access to what’s strictly essential, leveraging multi-factor authentication to stop attacks from spreading.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    William Lidster, Moderator
    CISO, AAA Washington

    William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.

    In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

    Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

    William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

  • speaker photo
    Panel Discussion
  • speaker photo
    Mike Hughes
    CISO, REI

    As the Chief Information Security Officer at REI, I lead a team of cybersecurity professionals who are passionate about protecting the company's data, systems, and customers. I have over 10 years of experience in cybersecurity, spanning various domains such as incident response, forensics, malware analysis, network security, and data protection.

    My mission is to bring honesty, transparency, and integrity to the cybersecurity function, and to partner with other technology and business teams to ensure a balanced and pragmatic approach to our common goals. I leverage my expertise in cybersecurity strategy, policy, governance, and risk management to enable REI's growth and innovation. I also foster a culture of security awareness, education, and empowerment across the organization.

  • speaker photo
    Ambrish Srivastava
    Global Head of Cybersecurity, Expedia Group

    Highly experienced & technically proficient leader with extensive experience in security engineering, product development, operations and compliance. Laser focused on Security architecture, design & implementation, risk reduction, compliance & business orientation. Strong cross-functional skills due to extensive experience in Information Security, Production Support, Software Security and Compliance, Infrastructure and Project Management. Experienced in Cloud Security, System Administration, Networking, Project Management, Process Re- engineering. Result oriented, with a demonstrated ability to effectively respond to changing demands

  • speaker photo
    Adam Zoller
    SVP & Global CISO, Providence

    Adam Zoller is the Chief Information Security Officer for Providence, a system of passionate providers focused on partnering with people to simplify health care. With 50+ hospitals, 1000+ clinics, and hundreds of locally driven programs administered by over 120,000+ caregivers, Providence is improving the health of communities, especially the poor and vulnerable. In this role, Adam is responsible for driving information security strategy and execution across the organization's information ecosystem

  • speaker photo
    Lisa Plaggemier, Moderator
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Matt Hoffmann
    CIO, KORE Software

    Matt Hoffmann is a technology executive with 20+ years in the industry working across development, privacy. security, IT, infrastructure and devops. Throughout his career he has primarily worked with private-equity backed SaaS companies and has been the point person on multiple mergers and acquisitions on both the buy and sell side. In his current role as CIO of KORE Software, he manages engineering, devops, IT and security for a market leading product suite that serves professional sports and entertainment organizations. Working with some of the largest sports and entertainment teams and venues in the world has given him the opportunity to be hands-on with real-world data privacy challenges, large scale infrastructure projects and high-consequence security deployments.

  • speaker photo
    Jake Bernstein, Esq.
    Partner - Data Protection, Privacy & Security Group, K&L Gates

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Vanessa Pegueros
    Board Member, Cybersecurity Leader, Angel Investor

    Vanessa is an accomplished technology executive with over 30 years of experience. Currently she serves as a Corporate Board Director of the public company Liveperson (NASDAQ: LPSN), Boeing Employee Credit Union, and Prisidio. Formerly she was on the board of Carbon Black (NASDAQ: CBLK) and was part of the transaction to sell Carbon Black to VMware. Vanessa is also very active in angel investing and is a venture partner for Flying Fish Partners.

    Vanessa has held senior leadership positions at organizations such as DocuSign, Expedia, U.S. Bank, and AT&T Wireless. Her expertise spans various domains, including technology architecture and engineering, risk management, cybersecurity, and compliance. Vanessa has a proven track record of successfully building and leading high-performance cybersecurity teams, implementing robust security frameworks and controls, and driving cultural change to foster a strong security mindset within organizations.

    Vanessa's educational background includes a MBA from Stanford University, MS in Telecommunication from the University of Colorado, Boulder and a BS in Engineering from UC Berkeley. She also holds various cybersecurity certifications including CISSP, CRISC, CISM, and GSEC. Relative to her board work, she holds the National Association of Corporate Directors (NACD) Director Professionalism certification.

  • speaker photo
    Erika Voss
    CISO, DAT Freight & Analytics

    Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One,
    Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.

    Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that
    drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command
    of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.

    Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and
    execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies,
    procedures, and best practices for security, including application security, access control, authentication, third party risk management,
    and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.

    With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has
    successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud
    security practices contributing to the following successes:

    ● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
    identifying opportunities to reinforce the company’s security posture.
    ● Engages directly with customers, providing information and guidance on the company’s security posture.
    ● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements,
    including SOC2, PCI, SOX, and other industry regulations.

    Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations
    in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth.
    Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration
    and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College.

  • speaker photo
    Jake Rasko, Moderator
    Head of Security Engineering & Architecture, DAT Freight & Logistics

    Jake Rasko is a passionate technology leader with an unwavering belief in the transformative power of technology to change the world. With a diverse career spanning both IT and Security, he has honed his expertise in building, running, and maintaining critical infrastructure securely at a global scale.

    Over the course of Jake’s professional journey, he has been a part of notable organizations such as Cruise, Salesforce, and most recently, HashiCorp. Now, as the Head of Security Engineering and Architecture at DAT Freight & Analytics, he is dedicated to building a more secure future for the nation’s supply chain.

    With a career that began at the help desk and has since soared to leadership positions in global technology companies, Jake exemplifies the power of continuous growth and learning in the technology industry. His journey is a testament to his adaptability, vision, and unwavering commitment to leveraging technology for positive change.

  • speaker photo
    Elizabeth Schaedler
    Security Advisor, Splunk

    Elizabeth Schaedler is a Splunk Security Advisor and works with customers to develop strategies aligning security and business risks, and how to use risk-based-alerting to address fraud. Elizabeth has an expansive 20-year data center and security background and has spent time in the HPC world in senior positions at Cray Research, HP, RSA, Sun Microsystems, and IBM. She lives in Portland, Oregon, and she and her husband are currently spending their free time clearing out Legos and Barbies left behind by two adult children.

  • speaker photo
    Brian Shea
    BISO & Sr. Director of Security, Salesforce

    Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.

  • speaker photo
    Adedolapo (Ade) Gonzalez
    Sr. Director, Security GRC & Trust Assurance, Docusign

    Ade Gonzalez is a Senior Director of Security GRC and Data Security in Docusign. With over 15 years of experience, her expertise spans across building/managing high-performing teams and delivering board-critical programs around Security Governance, Strategy, Risk, Compliance, Data Protection and Cloud Security across various industries (financial services, technology, insurance and so on).

    She also has experience working in different regions across the globe with established presence in South Africa, Ireland, UK and US. She holds a Masters (Cum Laude) in Computer Engineering, majoring in Artificial Intelligence. During her spare time, she enjoys travelling, food, exercising/fitness-related activities and spending quality time with her family, especially with her 3-year-old daughter and miniature-schnauzer.

  • speaker photo
    Michelle Linders Wagner
    VP, Head of Internal Audit, Docusign

    Michelle Linders Wagner, a seasoned risk management executive, brings 25+ years of experience in enhancing compliance and risk posture for Fortune 500 firms. With cyber, compliance, and audit expertise, she builds high performing teams, swiftly identifying fit for purpose solutions that align with business strategy. While she is currently loving her job as the Head of Internal Audit at Docusign, Michelle has loved her prior positions, as well. At Deloitte, she transformed the global risk function; as an executive at Costco, she ran the second line of defense where she matured the global governance, risk, and compliance function; and at SAP, she drove high-priority risk and governance initiatives. Committed to excellence, Michelle excels in leading teams to solve intricate risk challenges.

  • speaker photo
    Panel Discussion
  • speaker photo
    Krista Arndt
    Associate CISO, St. Luke's University Health Network

    Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.

    Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.

    When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.

  • speaker photo
    Marc Menninger, Moderator
    Information Security Officer, AstrumU
  • speaker photo
    John Gardiner
    COO & CFO
  • speaker photo
    Sabino Marquez
    CISO & Chief Trust Officer

    Sabino Marquez' approach to leading cybersecurity as a ‘Trust Product Practice’ has led to substantial returns on security investments, higher value-generation velocity, and enhanced equity valuations. Sabino leads the Trust Product organization as a go-to-market leader, working alongside the productive business to enable and defend value, and transforming stakeholder Trust into a powerful tool for competitive differentiation. Within his key areas of focus, Sabino ensures robust protection mechanisms are in place for stakeholder interests while also leveraging organizational Trust as a distinct advantage in a competitive market landscape. His work has not only brought him recognition as ‘2023 C100 Winner’, but he is also an esteemed thought leader who frequently shares insights in Security Magazine, The Wall Street Journal, and Cyber Security Tribe.

  • speaker photo
    Lalitha Subramanian
    Program Management Director, Academic Programs, UW Continuum College (UWC2), University of Washington

    Lalitha Subramanian, Program Management Director at University of Washington Continuum College, has over a couple of decades of experience designing, developing, and delivering large-scale learning and development strategies and certification programs that empower working professionals build the right strengths, skills, and behaviors for organizational success and career progression. She has proven success coaching industry experts, university instructors, and private company leaders to evolve educational offerings, in the adoption of new technologies with accessibility standards, and has designed exemplary learner-driven digital education offerings to meet the needs of a dynamic global marketplace. Her expertise in educational pedagogical practices incorporating DEIBJ best practices for both in-class and virtual/online environments have been recognized at unit, university and at a national level.

  • speaker photo
    Alejandro Ayala
    Curriculum Developer and Integrator, NCAE Co-Op, Norwich University

    Alejandro Ayala is a rising professional in the field of cybersecurity, pursuing a PhD in 2025 through an NSF Fellowship. Alejandro currently serves as a technical lead, ensuring program integration across multiple universities and industry. Alejandro contributes to the University of Washington’s Certificate in Risk Management in multiple roles. He is the co-founder and President of CyberAlumni, a community of practice focused on continuous professional cybersecurity education across the NCAE Schools. Alejandro has published in the Colloquium for Information Systems Security Education (CISSE), Springer Journal, Future Technologies Conference, and the Human Computer Interaction International Conference innovations in cybersecurity education.

  • speaker photo
    Panel Discussion
  • speaker photo
    Erez Tadmor
    CTO, Tufin

    Erez Tadmor holds a two-decade career in the ever-evolving information security field, marked by his diverse background in managing various product portfolios and verticals. His expertise spans cloud and network security, automation & orchestration, IAM, fraud detection and prevention. As Tufin's Field CTO, he bridges the gap between customers, marketing, and product teams, educating stakeholders on network security technologies, cybersecurity best practices and Tufin's solutions. Erez holds a track record of strong leadership in both enterprise and startups cybersecurity product management and strategy development.

  • speaker photo
    Mukesh Dixit, Moderator
    CTO, Washington State Department of Labor and Industries

    Chief Technology Officer at Washington State Department of Labor and Industries. Expert level grasp on IT Security governance and management of security in application, infrastructure and cloud domains. Spearheaded teams to do FedRAMP assessments of major cloud service provider giants in the industry. Certifications include CISSP, CCSP, CISA, PCIP, PMP, and AWS-SAA. Formerly PCI-QSA certified with a PCI assessor.

  • speaker photo
    Chirag Patel
    Senior Attorney, Clark Hill LLP

    Chirag H. Patel is a solution-oriented technology and commercial attorney with extensive experience in emerging technologies, artificial intelligence (AI), data privacy, cybersecurity, contracts, e-commerce, and trade secrets. His multi-channel experience encompasses compliance, transactional review, and litigation.

    Chirag’s practice spans diverse industries, including software, e-commerce, cryptocurrency, healthcare, financial services (traditional and FinTech), cannabis, commercial construction, and hospitality sectors.

    His litigation practice includes multimillion-dollar contract disputes, high-stakes consumer class actions, and novel technology issues. Recent cases include national data breach class actions, privacy and wiretapping claims (CIPA), AI discrimination claims, software service (SaaS) and implementation contract disputes, business email compromise, cryptocurrency injunctions, and right of publicity of cases.

    Chirag’s compliance practice focuses on AI, data privacy, and e-commerce. This includes development and advising on AU Acceptable Use Policies (AUPs), AI Audits, data privacy laws, and ecommerce laws. Among other regulatory regimes, Chirag has advised clients on compliance with the HIPPA Privacy Rule, the California Restore Online Shoppers Confidence Act (ROSCA), California Consumer Privacy Act (CCPA), California Automatic Renewal Law (CARL), and Federal Trade Commission (FTC) regulations.

    Chirag has experience with commercial contract review and transactions. He conducts master contract reviews in various industry settings covering issues such as intellectual property rights, data ownership, and terms of service. He also has full-cycle M&A experience, including conducting privacy and cybersecurity due diligence.

  • speaker photo
    Maggie Amato
    Sr. Director, BISO, Salesforce

    Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.

  • speaker photo
    Karim Fanadka
    Director of Software Engineering, Salesforce
  • speaker photo
    Mozdeh Koushki
    Principal Security, Generative AI and Cloud Security, Salesforce
  • speaker photo
    Kaustubh Sarkar
    Lead Product Security Engineer, Salesforce
  • speaker photo
    Erik Warfel, Moderator
    Director of Strategy & Operations, AI Platform, Salesforce
  • speaker photo
    Stephen Bellville
    Secretary & Webmaster, ISC2 Seattle Chapter
  • speaker photo
    Jake Bernstein, Esq.
    Vice President, ISC2 Seattle Chapter

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Agnieszka (Agnes) Goss
    Treasurer, ISC2 Seattle Chapter
  • speaker photo
    Jean Pawluk
    Director at Large, ISC2 Seattle Chapter

    Jean is an Executive Consultant, ISSA Distinguished Fellow, and honored as a 2015 SC Magazine “Woman of Influence”. With a global focus on strategy, architecture, and technology in the high tech and financial industries, she alternates between technical and executive leadership roles. Once focused on security and cryptography for the financial industry, her current focus is on the use and abuse of blockchains, augmented reality, and the Internet of Things (IoT).

  • speaker photo
    Frank Simorjay
    President, ISC2 Seattle Chapter

    Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)

  • speaker photo
    Happy Hour
  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Lisa Plaggemier
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Maggie Amato
    Sr. Director, BISO, Salesforce

    Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.

  • speaker photo
    Erika Carrara
    VP, Chief Technology & Security Officer, The Greenbrier Companies

    Erika Carrara is a seasoned cybersecurity and technology expert with over two decades of experience. Skilled at helping businesses navigate cyber risks, data governance, and digital transformation, Erika has led several corporations through a security maturity curve in the defense industrial base, federal sector, and twice in manufacturing, now at Greenbrier. She is an expert in security governance, compliance, privacy, and digital systemic risk.

    In her role as Chief Technology & Security Officer, Erika presents at all board meetings, providing information and guidance on cyber protection and resiliency. As a Boardroom Qualified Technology Expert (QTE), she works closely with the board's enterprise risk and audit committee and C-Suite, providing updates on the materiality of cybersecurity risks and incidents. Erika has enhanced security governance at Wabtec by strengthening the company's governance framework, establishing effective risk management processes, conducting frequent risk assessments, and providing strategic guidance to the board and C-Suite on cyber risk matters. She maintains a pulse on the regulatory landscape, overseeing adherence to cybersecurity regulations, industry standards, and data protection laws in the 53 countries where Wabtec operates.

    A Native American and veteran, Erika is passionate about championing DEI and social programs/causes. She advocates for gender diversity through education, industry sharing, and career development. As a values-based leader, Erika demonstrates diplomacy, flexibility, and a deep commitment to life-affirming principles such as honesty, integrity, trust, and compassion for others.

  • speaker photo
    Rob Davidson
    CISO, Pacific Blue Cross & PBC Solutions

    Rob Davidson brings many years of experience to his role as Chief Information Security Officer at Pacific Blue Cross and Pacific Blue Cross Solutions. His career started with Dell Canada and has progressed though several senior strategic and leadership positions at industry-defining organizations such as Microsoft and Hootsuite. Prior to his recent return to Vancouver, Rob worked through an extended tenure at Microsoft, from the original basics of networking through the launch of the Global Azure Cloud services.

    Rob holds an Executive MBA and maintains his original CISSP certification. He enjoys the opportunity to share with and learn from others who are like-minded in his passion for the Security of People, Information, and Technology.

    In addition to his core work, you will also find him engaged in Board of Directors (and Board advisory) positions, volunteer opportunities, and working to mentor and assist the next generation of security professionals.

  • speaker photo
    William Lidster, Moderator
    CISO, AAA Washington

    William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.

    In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

    Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

    William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

  • speaker photo
    Maggie Amato
    Sr. Director, BISO, Salesforce

    Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.

  • speaker photo
    Gowri Quick
    BISO & Sr. Director of Security, Salesforce

    Gowri is a mission-driven, people-centric senior cybersecurity leader with 15 years of experience in Threat Intelligence, Security Operations, Risk Management, and Compliance. As a former FBI agent, Gowri proudly served her country and has also worked in Corporate Security. She holds a Master's Degree in Information Science from the University at Buffalo. Currently, Gowri serves as a Business Information Security Officer (BISO) at Salesforce, advising the President of the Customer Success Group on information security matters. In this role, she represents the Chief Trust Officer when partnering with executive leadership to promote cybersecurity across the Enterprise units.

  • speaker photo
    Brian Shea, Moderator
    BISO & Sr. Director of Security, Salesforce

    Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.

  • speaker photo
    Nazira Carlage
    CISO, LTK

    A proven senior security leader that drives business-centric innovation through strategy, empowering independence, and inspiring the next generation of enterprise growth from small to large enterprise. Experienced security strategist from Cloud to Enterprise Architecture, change/transitional management, application security, product development, vulnerability assessment, security operations, security engineering, process improvement, and enterprise transformation. A visionary who serves as a catalyst for sustainable change by empowering organizations and people in achieving breakthrough results as they travel to secure digital transformations. A leader that nurtures and empowers teams through communication in fostering cross-functional collaboration and achieving the organization’s goals. A driver of continuous improvement who eliminates single points of failure, transforming complex obstacles into tangible solutions.

  • speaker photo
    Cynthia Damian
    CISO, Valon
  • speaker photo
    Becky Fricker
    Head of Security Assurance and Operations, DAT Freight & Analytics

    Becky Fricker is the Director of Information Security at DAT Freight & Analytics, where she plays a pivotal role in protecting the company’s digital infrastructure. She oversees Security Operations and Product Security, including areas such as Endpoint Protection and Response, Continuous Threat Exposure Management, Incident Response, and Network Security. Becky holds a Certified Information Systems Security Professional (CISSP) certification, a globally recognized credential that demonstrates her ability to design, implement, and manage a robust cybersecurity program.

    Her extensive background in cybersecurity began with 13 years of service in the NJ Air National Guard, where she held critical roles such as Installation Spectrum Manager and Installation Security Systems Manager. After transitioning to the civilian sector, Becky continued to build her expertise as a Network Security Engineer at Cooper University Health Care. She later took on senior roles in the financial sector and at one of Southern California’s largest utility companies, focusing on information security within critical infrastructure.

    Her academic credentials include an Associate of Science in Electronic Systems Technology, a Bachelor of Arts in Communication and Media Studies, and a Master of Science in Information Technology, specializing in Cybersecurity. Known for her adaptability, mentorship, and strong communication skills, Becky is an invaluable member of the DAT team, continuously driving improvements in the company’s information security programs.

  • speaker photo
    Karine Thibault
    VP, Cybersecurity , Roper Technologies, Inc.
  • speaker photo
    Erika Voss, Moderator
    CISO, DAT Freight & Analytics

    Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One,
    Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.

    Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that
    drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command
    of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.

    Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and
    execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies,
    procedures, and best practices for security, including application security, access control, authentication, third party risk management,
    and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.

    With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has
    successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud
    security practices contributing to the following successes:

    ● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
    identifying opportunities to reinforce the company’s security posture.
    ● Engages directly with customers, providing information and guidance on the company’s security posture.
    ● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements,
    including SOC2, PCI, SOX, and other industry regulations.

    Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations
    in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth.
    Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration
    and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College.

  • speaker photo
    Panel Discussion
  • speaker photo
    Dr. Peter Holowka
    Director of Educational Technology, West Point Grey Academy, Vancouver BC

    Dr. Peter Holowka is passionate about digital transformation and technology leadership, particularly in education. His doctoral research was in cloud computing adoption and organizational leadership. His professional work and academic research centre on the digital transformation journey, particularly the journey from legacy systems towards the cloud. He has received multiple awards for leadership and academic excellence. He was recognized as Member of the Year by the CIO Association of Canada, and currently serves as the Past President of the Vancouver Chapter. Beginning his career as a network and web design specialist, Dr. Holowka also advises a number of businesses, educational institutions, and not-for-profit organizations.

  • speaker photo
    Aaron Hunt
    Director, Information Security, KP LLC

    An Information Security leader with experience establishing resilient security strategies and procedures enhancing the corporate security posture, through evaluation of risk, promoting security awareness and privacy training, management of incident response, managing relationships with customers and business partners, and ensuring continued compliance through internal, customer and certification security audits.

    A proven leader, skilled in managing network and application operations, knowledgeable in many collaboration and web environments and successfully managed services and large scale projects. Experienced in several security frameworks, including ISO 27001, PCI DSS, HITRUST, NIST 800-53, HIPAA, GDPR and SOC.

  • speaker photo
    Brittany Weinstein
    VP, AI Risk Governance , Goldman Sachs

    Passionate risk and security leader committed to safeguarding the digital landscape with extensive experience in critical infrastructure. Experienced in regulatory compliance across the United States, Europe, and Asia. My passion lies in shaping strategic directions and implementing robust controls meticulously tailored to meet regulatory requirements.

    Beyond my technical expertise, I'm devoted to advancing the role of women in security. I actively promote inclusivity in the workplace and offer mentorship to empower aspiring professionals.

    Let's unite our strengths and collaborate to create a safer world together.

  • speaker photo
    Jake Bernstein, Esq.
    Partner - Data Protection, Privacy & Security Group, K&L Gates

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Panel Discussion
  • speaker photo
    Mike LeFever
    Mike Lefever, Member, U.S. Global Leadership Coalition's National Security Advisory Council; EVP of National Security, Concentric Advisors; Executive Chairman, Illuminate; Former Commander and Senior Military Representative, Office of the U.S. Defense; Representative to Pakistan, U.S. Embassy, Islamabad

    Vice Admiral (Ret.) Mike LeFever, USN, currently serves as Chief Executive Officer for Concentric. Concentric is a risk management consultancy that specializes in delivering strategic security and intelligence services. In
    addition, he is a member of the network of national security experts for “The Cipher Brief,” a digital based conversation platform to connect the private sector with leading security experts.

    Previously, Mike was the Chief Operating Officer for IOMAXIS, a US technology company specializing in cyber, communications, and computing solutions, and services. He also worked as a senior advisor, mentor, and
    speaker at the McChrystal Group, a leadership and management firm, engaging with senior executives across multinational companies on leadership, strategy, and change management.

    Reflecting his deep experience with and commitment to developing high performance leaders and teams, Mike also served as a Performance Ambassador and Speaker for Liminal Collective and Arena Labs and as a
    senior advisor and mentor for leaders in private industry; the USG’s National Defense University senior level national strategy, leadership, and warfighting courses; and USG Joint Forces. He is also a member of the
    board of advisors at the National Security Institute at George Mason University, Antonin Scalia Law School and a participant on the Atlantic Council Counterterrorism Study Group.

    Mike retired from the United States Navy after over 38 years of service, finishing his military career as the Director of Strategic Operational Planning at the National Counterterrorism Center, within the Office of the
    Director of National Intelligence. He also served as both the Commander of the Office of Defense Representative in Pakistan and the Commander of the Joint Task Force in Pakistan, leading all US Armed Forces in Pakistan between 2008-2011.

    Throughout his career, Mike served in Navy and Joint leadership and command positions at every level. He led disaster relief and humanitarian efforts, the full spectrum of warfare operations, and counterterrorism and
    counterinsurgency operations. Renowned for his effectiveness in navigating cross-cultural, complex, and international environments and building high performance teams, his leadership was directly responsible for
    numerous significant achievements that protected and enhanced the national security of the United States. The hallmark of LeFever’s leadership was his commitment to build and promote lasting partnerships between
    the US and its key allies and coalition partners.

  • speaker photo
    Scott Benson
    Director of Cybersecurity and Infrastructure, Mud Bay, Inc.

    Scott Benson is the Director of Cybersecurity and Infrastructure at Mud Bay, with over 25 years of experience in the field. He holds certifications such as CISSP, CEH, and PCIP. Scott leads a team responsible for cybersecurity, infrastructure, and help desk services, ensuring successful business outcomes and compliance with industry standards. He has a strong background in risk management, cloud security, and cybersecurity strategies.

  • speaker photo
    Kathryn Patterson
    Sr. Lead Information Security Business Manager, TIAA

    Kathryn Patterson supports the Global Cybersecurity & Fraud Management organization at TIAA. In prior roles, she managed 3rd Pty Assessment, Regulatory Exam Mgmt and Audit support, and RCSA. Her career spans three industries: healthcare, telecommunications, and financial services, with additional background in program management, business resiliency and internal investigations. She prioritizes collaboration with business partners on best practices, communications, training, and development. Kathryn holds a BA in Organizational Leadership from the University of Oklahoma with a concentration in Criminal Investigations and Intelligence Analysis.

  • speaker photo
    Panel Discussion
  • speaker photo
    Kevin Murphy, Moderator
    Business Information Security Officer (BISO), T-Mobile USA

    Kevin has more than 25 years of experience in threat intelligence and information security. He was the VP of cybersecurity operations and governance at IOActive.com, a retired NSA intelligence officer, the former director of Windows security architecture at Microsoft, and shipped Windows 10 (not by myself). He holds the CISM, CISSP, CGEIT security certifications.

  • speaker photo
    Hong-Lok Li
    Chief Technology Officer, Alma Mater Society of UBC, Vancouver

    Hong-Lok Li is the Chief Technology Officer at the Alma Mater Society of UBC Vancouver (representing 60,000+ UBC students). He has a strong technical background and 20+ years of experience in large organizations in a multi-platform, integrated computing environment. Hong is a Chartered Engineer (CEng) who earned his Master of Science (MSc.) in AI and Networking at the University of Essex in the United Kingdom. He is also a BCS (British Computer Society) assessor for the Chartered Engineer (CEng) Assessment. Hong believes in fostering a culture of innovation and collaboration and is always passionate about deploying technology to ensure resource optimization and operational excellence.

  • speaker photo
    Andrew Johnson
    Solutions Architect, Washington Technology Solutions (WaTech)

    Andrew Johnson is a Solutions Architect based in Olympia, WA. Andrew serves as the Principal Architect overseeing the state’s adoption of zero trust, Secure Access Service Edge, SD-WAN, and Secure Service Edge. Andrew is responsible to interconnect state government with cloud-based resources and external business partners. Andrew spearheads the state's adoption of new technologies enabling state government to leverage cutting-edge technology in serving the residents of Washington State. Additionally, Andrew modernized the state's DNS system, transitioning it to a hybrid DNS solution that handles both on-premise and cloud-based queries. Andrew is a retired Army Signal Warrant Officer.

  • speaker photo
    Patrick Massey
    Director, Region 10, DHS CISA

    Patrick Massey serves as the Regional Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Region 10 office in Seattle. CISA is committed to improving the security and resiliency of our nation’s infrastructure through collaboration with critical infrastructure owner/operators, governments, industry, and other stakeholders.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Best practices & solutions, straight from the source

Join your local cybersecurity community for learning and professional growth!