- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, November 6, 20247:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 1vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
7:30 am[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 1Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amToday’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)The Surprising List of CISO Top ConcernsCISO, AAA WashingtonRegistration Level:- VIP / Exclusive
8:00 am - 8:45 amTaking a cross-section of recent surveys (ISC2 , Dark Reading, PwC), arguably the top CISO concerns—not “priorities” but “concerns”—are third-party security risks, data manipulation, and burnout. Together, these represent the true CISO-level risks, compared to what’s in the news on a daily basis: AI, ransomware, supply chain and insider risks, cyber warfare, nation-state actors, etc. In this private, closed-door discussion, we challenge whether these three concerns are a correct and complete list, and discuss how/why they differ from those other top CISO priorities. The goal is to walk away with a new-look “to-do list” for your job versus the one with which you walked in.
This roundtable discussion is for our Advisory Council members only.
8:00 amSecuring the Supply ChainRegistration Level:- Open Sessions
8:00 am - 8:45 amA discussion of managing third-party risk and how to manage expectations and contracts with vendors.
8:00 amISC2 Seattle Chapter Meeting and Panel DiscussionOpen to all attendeesRegistration Level:- Open Sessions
8:00 am - 8:45 amMore details to come.
8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] The Hidden Costs of Cybersecurity: Unveiling the True Price of ProtectionCISO, REIGlobal Head of Cybersecurity, Expedia GroupSVP & Global CISO, ProvidenceExecutive Director, National Cybersecurity AllianceRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterWith cyber threats evolving at an unprecedented pace, organizations are increasingly aware of the need for robust cybersecurity measures. However, the true cost of cybersecurity extends far beyond the visible expenses of software licenses and security personnel. This keynote panel delves into the often-overlooked aspects of cybersecurity that can significantly impact an organization’s bottom line and operational efficiency. The panel explores:
- The multifaceted nature of cybersecurity costs, beginning with the critical yet often underestimated areas of incident response (IR) readiness and preparedness.
- The importance of comprehensive business continuity planning, highlighting how inadequate planning can lead to substantial financial losses and reputational damage. The panel cites real-world examples, including the recent CrowdStrike outage, to illustrate the cascading effects of service disruptions on both providers and their clients.
- The legal aspects of cybersecurity, exploring how regulatory compliance, potential liabilities, and the cost of legal counsel in the aftermath of a breach contribute to the hidden costs of security. Don’t forget the often-underestimated impact of third-party risk and the importance of robust vendor management practices.
- How to challenge the conventional wisdom of relying heavily on a single security vendor, advocating for a diversified approach that can enhance resilience and reduce dependency risks. The panel also addresses the counterintuitive problem of implementing too many security controls, which can paradoxically slow recovery efforts after an incident and increase operational complexity.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 am1 + 1 = 3: Strengthening Security & Technology Post AcquisitionCIO, KORE SoftwareRegistration Level:- Conference Pass
10:15 am - 11:00 amAnyone in technology who has been through a merger or an acquisition, on either side, has experienced that weight of the deal closing and the reality setting in of truly combining companies. You start meeting people, learning about systems, discovering skeletons in the closet, putting together a plan and, before you know it, 6 months are gone – and nothing has gotten done. This presentation addresses some of the real-world challenges of post-merger integration, defines a framework and best practices for you to follow, and calls out some of the common pitfalls to avoid. Having been through multiple transactions (at one point 3 in a 12-month period), Hoffman hopes to be able to leave attendees with a foundation to not only have a successful integration but come out of the process with a team and technology landscape that is stronger than before.
10:15 am[Panel] Beyond the Single Point of FailureLessons from Recent Vendor Incidents and Strategies for ResiliencePartner - Data Protection, Privacy & Security Group, K&L GatesBoard Member, Cybersecurity Leader, Angel InvestorCISO, DAT Freight & AnalyticsHead of Security Engineering & Architecture, DAT Freight & LogisticsRegistration Level:- Conference Pass
10:15 am - 11:00 amRecent incidents involving major cybersecurity vendors like CrowdStrike and Microsoft have highlighted the critical issue of single-point failures in our digital defense ecosystems. This panel session delves into the aftermath of these events and explores the broader implications for organizational cybersecurity strategies. Our expert panel discusses:
- The dangers of over-reliance on single vendors: Exploring the risks associated with putting all your security eggs in one basket.
- Developing a multi-vendor strategy: Balancing the benefits of integrated solutions with the need for redundancy and resilience.
- Incident response planning: Preparing for vendor-related outages or failures as part of your overall cybersecurity strategy.
- Future outlook: How the industry might evolve to address these challenges.
Gain valuable insights into creating more resilient security architectures that can withstand vendor-specific incidents.
10:15 amUnmasking Deception: Harnessing Data Analytics for Robust Fraud Detection and PreventionSecurity Advisor, SplunkRegistration Level:- Open Sessions
10:15 am - 11:00 amThe anti-fraud effort continues to grow in complexity and it requires analytics-based insights. An optimized approach for identification and mitigation is needed. Learn to analyze data at the speed of the business.
10:15 amGenerative AI in Cybersecurity: Evolving Threats and DefensesRegistration Level:- Open Sessions
10:15 am - 11:00 amDiscover the benefits and challenges facing cybersecurity programs in the age of Generative Artificial Intelligence (AI). In this session, we will delve into the dynamic landscape of Generative AI, exploring how it increases the capabilities and capacities of attackers and defenders alike. Gain insights into emerging threats and organizational defense strategies tailored to combat the ever-evolving nature of AI-driven cyberattacks. Join us to stay ahead of the curve and fortify your defenses in the age of Generative AI.
11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amExploiting People: Phishing, Social Engineering, and Con ArtistsBISO & Sr. Director of Security, SalesforceRegistration Level:- Conference Pass
11:10 am - 11:55 amWe have all heard about Phishing, Spear Phishing, Social Engineering, and various new threats like deepfake videos, and AI voice / video fakes. We all need to defend against them for sure, but what are they and why do they work? What are the best ways to stop or reduce these threats and their impact on our lives and our businesses? This talk discusses the human aspects of con jobs, and how we can catch them or reduce their impact on our businesses and lives.
11:10 amHacking the Boardroom: How to Secure Their Attention While Securing Your OrgSr. Director, Security GRC & Trust Assurance, DocusignVP, Head of Internal Audit, DocusignRegistration Level:- Conference Pass
11:10 am - 11:55 amCybersecurity is no longer just an IT issue; it’s a boardroom buzzword. But how do you get the board to care about firewalls and phishing without their eyes glazing over? Enter this session, your crash course in translating cyber-speak into something the C-suite will actually understand (and maybe even enjoy).
This session breaks down how to turn terrifying tactical tech talk into a blueprint for boardroom brilliance. Learn how to frame cyber threats as business risks, sell the ROI of that new security software, and align your pitch with corporate goals – all without triggering a “404: Audience Not Found” error.
Prepare for some laughs, a lot of lightbulb moments, and the confidence to make your next boardroom chat a smash hit. Whether you’re a cybersecurity wizard or just trying to avoid a crash-and-burn presentation, this talk helps you bridge the gap between the server room and the boardroom.
11:10 amCybersecurity in Real-Time: Gaining Insights from Adversary Infrastructure and ActivitiesRegistration Level:- Open Sessions
11:10 am - 11:55 amLearn techniques used in John’s threat research that can address common dilemmas faced by analysts in Security Operations teams. These moments of “well that sure would’ve been nice to know” is what inspired the topic for this presentation today: Threat Hunting.11:10 am[Panel] Unveiling the Hidden Threat Landscape and Unmasking Digital VillainsRegistration Level:- Open Sessions
11:10 am - 11:55 amIn the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.
Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the ever-expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.
Our panel provides a comprehensive overview of the current threat landscape.
12:00 pm[Lunch Keynote] Drag Racing & Cybersecurity: The CrossoverAssociate CISO, St. Luke's University Health NetworkRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterYou’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.
12:00 pmAdvisory Council Lunch Roundtable (VIP / Invite Only)Building Your Cybersecurity Community: Connections and Career GrowthInformation Security Officer, AstrumURegistration Level:- VIP / Exclusive
12:00 pm - 12:45 pmDeveloping meaningful professional relationships and strategically managing your career are vital for success and advancement in the fast-moving cybersecurity ecosystem. Connections are critical in our lives – we cannot do it alone. This closed-door, interactive session provides perspectives and frameworks for expanding your network both internally and across the industry. Come ready to share and hear proven approaches for becoming a trusted advisor to business leaders while raising the profile of your security team. We’ll discuss techniques to foster connections through conferences, media, and writing while aligning activities to your long-term career roadmap. Participants will leave ready to proactively network with purpose, find and become mentors and sponsors, and chart a fulfilling career trajectory in cybersecurity.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmThe CISO-CFO-GC Relationship: Building Trust to Move the Business ForwardCOO & CFOCISO & Chief Trust OfficerRegistration Level:- Conference Pass
1:15 pm - 2:00 pmAsk any executive leader and they will underscore how important trust is in the go-to-market motion. Today, CISOs can move beyond traditional risk management to drive strategic value as trust owners and architects. As industries such as technology, healthcare, retail, and aerospace evolve, the ability to evidence and communicate trustworthiness is increasingly critical to sustaining market leadership. In this session, a CISO and Chief Trust Officer and an experienced global technology CFO discuss how data protection leaders can align their roles through strategic partnerships with CFOs and General Counsels. Together as the Trust Triad, they elevate trust from a compliance-focused program to a strategic advantage that supports and protects stakeholder, customer, and investor value. Whether your organization operates in sectors with inherited trust (e.g., finance, healthcare, or government), or where trust must be intentionally manufactured (e.g., technology, retail, or aerospace), this session provides practical strategies to align trust investments with strategic value outcomes.
The discussion will also touch on quantifying value impact of trust, managing diverse value stakeholder, implementing trust culture, and positioning demonstrable trust as a catalyst for the acceleration of the value journey. Tailored for enterprise data protection leaders, this talk offers insights to enhance your influence within the organization and align your practice to the accountable business.
1:15 pmAI-Driven Cybersecurity Education: The Education Game ChangerProgram Management Director, Academic Programs, UW Continuum College (UWC2), University of WashingtonCurriculum Developer and Integrator, NCAE Co-Op, Norwich UniversityRegistration Level:- Conference Pass
1:15 pm - 2:00 pmGet ready to dive into the future of cybersecurity education! Join us for an electrifying session that showcases how AI is revolutionizing the way we train the next generation of cybersecurity professionals. Alejandro Ayala and Lalitha Subramanian unveil the cutting-edge ‘CyberEd in a Box’ program – a dynamic blend of AI-driven personalization and ethical training that’s closing the gap between academia and industry.
Discover how tools like ChatGPT are used to create tailored learning experiences that not only boost technical skills but also instill the moral integrity needed to tackle real-world cyber threats. With proven results in student performance and engagement, this innovative program is set to redefine the standards of cybersecurity education.
Don’t miss out on this opportunity to see how AI is bridging the gap and shaping the future of the cybersecurity workforce. Be part of the conversation that’s turning heads and setting the stage for a new era in education.
1:15 pm[Panel] Securing the Cloud Fortress: Revealing Defense Strategies for the CloudCTO, TufinCTO, Washington State Department of Labor and IndustriesRegistration Level:- Open Sessions
1:15 pm - 2:00 pmIn the ever-expanding digital universe, the cloud has emerged as a powerful tool, enabling organizations to store data, access applications, and operate their businesses with unprecedented agility. However, this vast digital fortress, like any other, is not without its vulnerabilities. Join us as we delve into the realm of cloud security, exploring the hidden defenses employed by cybersecurity superheroes to safeguard the cloud and its inhabitants.
Our panel of cloud security experts shed light on the unique challenges and strategies involved in protecting cloud-based environments. They discuss the shared responsibility model, the role of cloud providers and customers, and the evolving tools and techniques employed to secure the cloud.
Our panel provides a comprehensive overview of cloud security, empowering attendees to understand the hidden defenses of the cloud and strengthen their cloud security posture. Learn how to identify and mitigate cloud-based threats, implement robust access controls, and effectively manage cloud security risks.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmCISO Liability After SolarWinds and UberSenior Attorney, Clark Hill LLPRegistration Level:- Conference Pass
2:10 pm - 2:55 pmA new era of government criminal prosecution of C-suite executives began in 2022. That year, Uber’s former Chief Security Officer was convicted of criminal obstruction of justice for failing to disclose a breach to the FTC during an ongoing investigation. In 2023, the SEC brought criminal charges against SolarWinds’ CISO for fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices. In July 2024, a federal judge tossed most, but not all, of the SEC’s charges against SolarWinds and its CISO. This session discusses the prosecutions of the Uber and SolarWinds CISOs and examines the contours of CISO personal liability following those landmark (and likely more to come) prosecutions.
2:10 pmManaging AI Platform Risk: How Security and Engineering Partner to Deliver Trusted ModelsSr. Director, BISO, SalesforceDirector of Software Engineering, SalesforcePrincipal Security, Generative AI and Cloud Security, SalesforceLead Product Security Engineer, SalesforceDirector of Strategy & Operations, AI Platform, SalesforceRegistration Level:- Conference Pass
2:10 pm - 2:55 pmThis panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.
2:10 pmISC2 Seattle Chapter Meeting and Panel DiscussionSecuring Success: The Impact of Networking, Education, and Certifications in CybersecuritySecretary & Webmaster, ISC2 Seattle ChapterVice President, ISC2 Seattle ChapterTreasurer, ISC2 Seattle ChapterDirector at Large, ISC2 Seattle ChapterPresident, ISC2 Seattle ChapterRegistration Level:- Open Sessions
2:10 pm - 2:55 pmThis panel discusses the challenges of breaking into cybersecurity and highlights new Certified in Cybersecurity opportunities from the ISC2 Global and how Seattle ISC2 Chapter supports this initiative. Our panelists further discuss the importance of networking, continuing professional development, seeking educational opportunities and being smart about the right certifications in the area of your expertise.
Join us to learn more about how networking, continuous education, getting certifications and joining professional organization(s) can strengthen your position to secure your next professional role and advance your career.
3:00 pmNetworking BreakRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmHappy HourRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: Exhibitor HallJoin your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.
3:30 pmCLOSING KEYNOTERegistration Level:- Open Sessions
3:30 pm - 4:15 pmLocation / Room: Keynote Theater3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 2vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
3:45 pm[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 2Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmToday’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
- Thursday, November 7, 20247:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 3vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
7:30 am[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 3Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
7:30 am - 9:00 amToday’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAre You in a Dysfunctional Relationship with the HR Department?Executive Director, National Cybersecurity AllianceRegistration Level:- Open Sessions
8:00 am - 8:45 amWhen HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization.
For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team?
This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats.
8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Registration Level:- VIP / Exclusive
8:00 am - 8:45 amThis roundtable discussion is for our Advisory Council members only.
8:00 amInfraGard Washington State Chapter Meeting with Guest SpeakerOpen to all attendeesRegistration Level:- Open Sessions
8:00 am - 8:45 amMore details to come.
8:45 amNetworking BreakRegistration Level:- Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] How CISOs Can Elevate Influence and Become a Business DriverSr. Director, BISO, SalesforceVP, Chief Technology & Security Officer, The Greenbrier CompaniesCISO, Pacific Blue Cross & PBC SolutionsCISO, AAA WashingtonRegistration Level:- Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterFor today’s CISOs, it’s no longer enough to be just technical experts. This panel of top-level cybersecurity professionals representing the regions of Vancouver, B.C., Bozeman, Seattle, and Portland breaks away from talking about the tired mantra of “speaking the language of the business” and instead dives into practical, real-world examples of how security leaders have successfully navigated the business landscape.
The discussion focuses on actionable strategies and tactics that have helped CISOs gain influence, secure funding, and elevate cybersecurity from a technical function to a critical business driver. Walk away with specific metrics, communication techniques, and actionable insights that have been proven to work in the real world—offering practical takeaways that can be implemented immediately. Get ready for a session that goes beyond the theory and delivers tangible answers to the challenges CISOs face today.
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:15 am[Panel] Building Trusted Partnerships to Enable Secure ProductsSr. Director, BISO, SalesforceBISO & Sr. Director of Security, SalesforceBISO & Sr. Director of Security, SalesforceRegistration Level:- Conference Pass
10:15 am - 11:00 amIn today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.
Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:
- Establishing trust in the supply chain
- Collaborative approaches to secure software development
- The role of transparency in building and maintaining trust
- Balancing intellectual property concerns with security needs
- Leveraging partnerships for more effective incident response
- Case studies of successful security-focused partnerships
10:15 am[Panel] ASPIRE Your Approach: Repay Engineering by Investing in Application SecurityCISO, LTKCISO, ValonHead of Security Assurance and Operations, DAT Freight & AnalyticsVP, Cybersecurity , Roper Technologies, Inc.CISO, DAT Freight & AnalyticsRegistration Level:- Conference Pass
10:15 am - 11:00 amChallenges with engineering moving faster with their CI/CD pipelines, releases, and environment updates still need security involved to adopt and scale. Security investments often increasingly create friction within the organization. This session helps security professionals look at their AppSec program with a “more investment is good” model. This mantra allows security and engineering—and the business—to scale with quality, speed, and innovation that improves security and fosters better engineering partnerships.
10:15 amBouncing Back from Cyber Calamity: Crafting Watertight Business Continuity PlansRegistration Level:- Open Sessions
10:15 am - 11:00 amBusiness continuity and disaster recovery planning are crucial to help organizations prepare for and recover from cyberattacks or data breaches. This session provides an overview of key strategies and best practices for developing a robust cyber resilience plan. Topics will include conducting a business impact analysis to prioritize critical systems and data, implementing comprehensive backup solutions, formulating incident response procedures, assessing supply chain vulnerabilities, retaining talent, and testing existing plans. Whether preparing for widespread ransomware attacks or isolated system failures, organizations must architect cyber resilience to minimize disruption and bounce back better than before.11:00 amNetworking BreakRegistration Level:- Open Sessions
11:00 am - 11:10 amLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 am[Panel] Navigating the AI Frontier: Developing Robust Strategies and Governance PoliciesDirector of Educational Technology, West Point Grey Academy, Vancouver BCDirector, Information Security, KP LLCVP, AI Risk Governance , Goldman SachsRegistration Level:- Conference Pass
11:10 am - 11:55 amAs AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.
Our distinguished panelists will delve into:
- The current state of AI adoption across various industries and its impact on cybersecurity
- Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
- Designing governance frameworks that ensure responsible AI use while fostering innovation
- Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
- Regulatory landscape and compliance requirements for AI implementation
- Best practices for data management and protection in AI-driven environments
- Ethical considerations in AI development and deployment
- Strategies for building AI literacy within organizations
- Future trends and preparing for the evolving AI landscape
Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.
11:10 amManaging the Massive Changes to Privacy Law in the U.S.Partner - Data Protection, Privacy & Security Group, K&L GatesRegistration Level:- Conference Pass
11:10 am - 11:55 amSession description coming soon.
11:10 am[Panel] Elevating Security and Incident Response Through Threat Intelligence, Cloud Resilience, and AI InnovationsRegistration Level:- Open Sessions
11:10 am - 11:55 amThe battle between cybersecurity defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face; and how to deal with them once. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.
Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.
And SHOULD a breach or ransomware attack occur, the response to an incident is as important as trying to keep the bad actors out in the first place.
12:00 pm[Lunch Keynote] End Game First: A Leadership Strategy for Navigating a CrisisMike Lefever, Member, U.S. Global Leadership Coalition's National Security Advisory Council; EVP of National Security, Concentric Advisors; Executive Chairman, Illuminate; Former Commander and Senior Military Representative, Office of the U.S. Defense; Representative to Pakistan, U.S. Embassy, IslamabadRegistration Level:- Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterThe summer CrowdStrike-Microsoft outage was the first time many businesses were forced to navigate a crisis of epic proportions. Whether your business faced exceptional obstacles during this time or has endured adversity before, the reality is undeniable: crisis is inevitable.
Like financial management and project planning, crisis navigation is a skill vital for survival, sustainability, and—most importantly—success. No one knows this better than Mike LeFever. He is a retired Vice Admiral with leadership experience in high-risk security environments and translates his unique experiences in military and corporate life into a framework for navigating crises and anticipating next steps before conflict becomes un-survivable.
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Registration Level:- VIP / Exclusive
12:00 pm - 12:45 pmModerated discussion for SecureWorld Advisory Council members. By invite only.
12:45 pmNetworking BreakRegistration Level:- Open Sessions
12:45 pm - 1:15 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmCybersecurity Challenges for Small and Medium BusinessesDirector of Cybersecurity and Infrastructure, Mud Bay, Inc.Registration Level:- Conference Pass
1:15 pm - 2:00 pmSmall and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this talk, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise.
We cover the following topics:
- The state of SMB cybersecurity in the U.S.
- The cost and impact of cyber breaches on SMBs
- The main cyber threats and vulnerabilities that SMBs face
- The best practices and frameworks for SMB cybersecurity
- The steps to build or improve your cybersecurity program
Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.
1:15 pmBuilding Out Information Security Programs: You're Hired as the CISO, Now What?Registration Level:- Conference Pass
1:15 pm - 2:00 pmNew CISOs and experienced CISOs new to organizations face the challenge of building out new, or building upon existing, cybersecurity programs. This peer exchange among CISOs will dive into their approach to building foundational cybersecurity strategies.
1:15 pmHow TIAA Is Addressing the Cybersecurity Skill Shortage InternallySr. Lead Information Security Business Manager, TIAARegistration Level:- Open Sessions
1:15 pm - 2:00 pmThis presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.
1:15 pm[Panel] The Secret Potential of AI and ML: Empowering Cyber Superheroes with Artificial IntelligenceBusiness Information Security Officer (BISO), T-Mobile USARegistration Level:- Open Sessions
1:15 pm - 2:00 pmArtificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.
Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.
Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmNavigating the Future: Cognitive Computing in the New Age of AIChief Technology Officer, Alma Mater Society of UBC, VancouverRegistration Level:- Conference Pass
2:10 pm - 2:55 pmCognitive computing represents a revolutionary shift in artificial intelligence, aiming to create a universal algorithm that mirrors the human brain’s capabilities. This advancement enhances our ability to solve diverse problems and paves the way for unprecedented innovations. Imagine a future where humans and machines work in perfect harmony, combining their strengths to achieve remarkable feats. With cognitive computing, this future is not just a possibility; it’s an inevitability, ushering in a new era of intelligence and collaboration.
2:10 pmA Journey Toward Zero TrustSolutions Architect, Washington Technology Solutions (WaTech)Registration Level:- Conference Pass
2:10 pm - 2:55 pmThe State of Washington has developed and is implementing a roadmap that incorporates a Secure Access Service Edge framework, Secure Service Edge (SSE) capabilities, and zero trust practices to solve a multifaceted problem set driving the need to evolve towards zero-trust. This session will provide a comprehensive overview of how Washington State is converging network and security capabilities using SD-WAN, NGFWs, and SSE to secure its hybrid, multi-cloud, digital ecosystem. Come meet the technologists that have coined the term Cloud Government Network, referring to how the state intends to secure its virtual data centers across the three major Cloud Service Providers.
2:10 pmPartnering with Industry to Protect Our Way of LifeDirector, Region 10, DHS CISARegistration Level:- Open Sessions
2:10 pm - 2:55 pmThe cyber threats facing the United States are growing increasingly sophisticated. To combat these threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is partnering with industry on a range of priorities and products to bolster our cyber defenses. By working together, we can defend U.S. cyberspace and protect our way of life.
3:00 pmNetworking Break and Dash for PrizesRegistration Level:- Open Sessions
3:00 pm - 3:30 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:45 pm[PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0 - Part 4vCISO, Cyber Risk Opportunities LLCRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmHave you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?
In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.
You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:
- What are the components of the framework?
- Why is the framework is valuable?
- What type of organizations can use the framework?
Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.
You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.
Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.
We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.
3:45 pm[PLUS Course] Preventing, Detecting, Responding, and Recovering from a Ransomware Attack: Part 4Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:45 pm - 5:15 pmToday’s ransomware attacks have a severe impact on the operating capability of organizations. If an organization is prepared and has functional back-ups, restoring affected systems could take hours. If an organization is not prepared, restoring systems could take weeks to return to full operating capacity. Organizations cannot 100% prevent ransomware attacks. The best thing you can do is assume you will be hit and have plans in place that focus on planning, protecting, detecting, responding, and recovering from an attack.
This course helps organizations design, build, operate, and maintain a comprehensive ransomware program. The key areas of focus include:
- How to prepare the organization for a ransomware attack by understanding the stages of a human-operated ransomware attack (initial access, privilege escalation, lateral movement, exfiltration, and encryption), maintaining and securing back-ups, detecting and mitigating vulnerabilities, cybersecurity training and education, and a detailed incident response plan;
- How to protect the organization from a ransomware attack by implementing an asset management solution, deploying endpoint detection and response capability, establishing a zero-trust architecture, maintaining email and DNS filtering, hardening systems based on secure configurations, managing user accounts and privileged accounts;
- How to detect a ransomware attack in the early stages with continuous security monitoring, anomaly detection, and threat intelligence solutions;
- How to respond to a ransomware attack by isolating impacted systems, malware eradication / containment, focusing on critical assets; and
- How to recover from a ransomware attack with minimal downtime and data loss by restoring from back-ups, initiating recovery efforts, and reporting the incident.
The class is based on best practices and guidance detailed in the U.S. CISA #StopRansomware Guide. The guide includes two primary resources: Part 1: Ransomware and Data Extortion Prevention Best Practices; Part 2: Ransomware and Data Extortion Response Checklist. Part 1 provides guidance for all organizations to reduce the impact and likelihood of ransomware incidents and data extortion, including best practices to prepare for, prevent, and mitigate these incidents. Prevention best practices are grouped by common initial access vectors. Part 2 includes a checklist of best practices for responding to these incidents.
- Akamai TechnologiesBooth: 200
Akamai powers and protects life online. Leading companies choose Akamai to build, deliver, and secure digital experiences. With the most distributed compute platform—cloud to edge—customers can build modern apps while keeping experiences closer to users and threats farther away. Learn about Akamai’s security, compute, and delivery solutions at akamai.com.
- AxoniusBooth: 200
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
- BlumiraBooth: TBD
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility.
Blumira’s cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Azure, Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisco FTD and many others.
- Cato NetworksBooth: 440
Cato Networks pioneered the convergence of networking and security into the cloud. Aligned with Gartner’s Secure Access Service Edge (SASE) and Security Service Edge (SSE) frameworks, Cato’s vision is to deliver a next generation secure network architecture that eliminates the complexity, costs, and risks associated with legacy IT approaches based on disjointed point solutions. With Cato, organizations securely and optimally connect any user to any application anywhere on the globe. Our cloud-native architecture enables Cato to rapidly deploy new capabilities and maintain optimum security posture, without any effort from the IT teams. With Cato, your IT organization and your business are ready for whatever comes next. For more information, visit https://www.catonetworks.com.
- Check Point Software TechnologiesBooth: TBD
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- CriblBooth: 200
Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables techprofessionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future.
Founded in 2018, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.
- CyberArk SoftwareBooth: 200
CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.
- DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 10Booth: TBD
Through CISA’s efforts to understand and advise on cyber and physical risks to the Nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, physical and communications security, and, in turn, strengthen national resilience.
Led by Regional Director Patrick J. Massey, based in Seattle, Washington, CISA’s Region 10 staff provides cybersecurity, physical infrastructure security, chemical security, and sector outreach services to 271 Tribal Nations and the following states: Alaska, Idaho, Oregon, and Washington.
Region 10 personnel carry out CISA’s five priorities:
- Improve supply chain security against cyber threats from malicious actors and the rollout of 5G technologies;
- Harden federal networks (the civilian .gov domain);
- Reduce risk at soft targets;
- Enhance election security; and
- Protect critical infrastructure that includes industrial control systems and the processes that provide vital services in critical infrastructure.
- EndaceBooth: 275
Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.
- EntrustBooth: 360
Entrust keeps the world moving safely by enabling trusted identities, payments and data protection around the globe. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, or accessing corporate networks. With our unmatched breadth of digital security and credential issuance solutions, it’s no wonder the world’s most entrusted organizations trust us.
- F5Booth: 200
F5 provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, telecommunications, and software defined networking (SDN) deployments to successfully deliver applications and services to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends
- FastlyBooth: 200
Expectations for websites and apps are at an all-time high. If they aren’t fast, secure, and highly personalized, users take their business elsewhere. But today’s most innovative companies are thriving by meeting this challenge head on: they’re choosing Fastly and an investment in their developers.
With Fastly’s powerful edge cloud platform, developers get the tools they need to build the most groundbreaking apps — all optimized for speed, security, and scale — so businesses can effectively transform to compete in today’s markets. Together, we’re building the future of the web.
- ForeScout Technologies, Inc.Booth: 200
ForeScout Technologies, Inc. has pioneered an agentless approach to network security to address the explosive growth of the Internet of Things (IoT), cloud computing and operational technologies (OT). We offer a highly scalable, heterogeneous platform that provides Global 2000 enterprises and government agencies with agentless visibility and control of today’s vast array of physical and virtual devices the instant they connect to the network. Our technology continuously assesses, remediates and monitors devices and works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. As of June 30, 2018, more than 2,900 customers in over 80 countries improve their network security and compliance posture with ForeScout solutions.
- FortinetBooth: 420
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- Google CloudBooth: 130
Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.
- IllumioBooth: 160
We built the Illumio Adaptive Security Platform (ASP)™ to provide unprecedented visualization and control of enterprise applications. Our system constantly inspects and adapts to the computing environment it is protecting, without pause.
Moreover, since 75 percent of computing interactions never leave the data center, our customers can now have complete visibility behind the firewall, whether it is running in their data center or the vibrant public cloud services of Amazon Web Services, Microsoft Azure, Google Compute Engine, Rackspace, and many others. - Immersive LabsBooth: 200
The leader in people-centric cyber resilience.
- Washington State InfraGardBooth: TBD
InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.
The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”
- ISC2 Seattle ChapterBooth: TBD
Bringing like-minded professionals together in the Greater Puget Sound region to discuss current tactics, techniques, and procedures within cybersecurity.
- ISSA Puget Sound ChapterBooth: TBD
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.
- KeysightBooth: 225
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
- National Cybersecurity AllianceBooth: TBD
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- OptivBooth: 200
Optiv is a security solutions integrator delivering end-to-end cybersecurity solutions that help clients maximize and communicate the effectiveness of their cybersecurity programs. Optiv starts with core requirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization, and ongoing measurement. Learn more at https://www.optiv.com.
- OrdrBooth: TBD
In the hyper-connected enterprise, in which everything from simple IoT devices to complex multi-million-dollar systems are connected, traditional agent-based and human-generated security models simply cannot scale. Ordr solves this problem, providing enterprises with complete visibility and exhaustive control over every class of network-connected device and system. The Ordr Systems Control Engine is the only purpose-built solution to fully map the device flow genome at massive scale, using machine learning to completely and continuously inspect, classify and baseline the behavior of every device. Ordr’s software architecture is unique in its ability to process enormous quantities of data in real-time, using sophisticated AI to deliver closed loop security, automatically generating policies for each class of device and implementing those policies directly through the organization’s existing multi-vendor network and security infrastructure.
- Phosphorus CybersecurityBooth: 200
Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Extended Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates.
- Robert HalfBooth: 270
Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.
- RubrikBooth: TBD
Rubrik, the Zero Trust Data Security Company, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery and orchestrated application recovery. This means data is ready at all times so you can recover the data you need and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.
- SilverfortBooth: 200
Silverfort protects enterprises from data breaches, cyber attacks and insider threats, by preventing credential compromise and misuse across the entire corporate network and cloud infrastructure. Silverfort leverages patent-pending technology to seamlessly harden the basic authentication and access mechanisms used by all client devices and services, instantly equipping them with the latest authentication and access protection technology without any change or integration.
- SnykBooth: 210
Snyk is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.
- SplunkBooth: TBD
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
- TenableBooth: 200
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- TevoraBooth: 320
Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.
- TufinBooth: 260
As the market leader of award-winning Security Policy Orchestration solutions, Tufin provides enterprises with the ability to streamline the management of security policies across complex, heterogeneous environments. With more than 2,000 customers, Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely. It assures business continuity with a tight security posture, rapid service delivery and regulatory compliance across physical, private, public and hybrid cloud environments.
- Varonis Systems, Inc.Booth: 180
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.
- WizBooth: 430
We’re on a mission to help organizations effectively reduce risks in their Cloud environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights that don’t waste time.
Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and DevOps teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches. For more information, visit www.wiz.io.
- WiCyS Western Washington AffiliateBooth: TBD
- Zero NetworksBooth: 150
Zero Networks fixes the root cause of most successful cyberattacks – overly open networks and excessive logon permissions – with a simple, fully automated platform for zero trust segmentation and remote access. Zero Networks learns and automatically restricts network and user access to what’s strictly essential, leveraging multi-factor authentication to stop attacks from spreading.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- William Lidster, ModeratorCISO, AAA Washington
William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization. William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.
In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.
Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.
William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.
- Panel Discussion
- Mike HughesCISO, REI
As the Chief Information Security Officer at REI, I lead a team of cybersecurity professionals who are passionate about protecting the company's data, systems, and customers. I have over 10 years of experience in cybersecurity, spanning various domains such as incident response, forensics, malware analysis, network security, and data protection.
My mission is to bring honesty, transparency, and integrity to the cybersecurity function, and to partner with other technology and business teams to ensure a balanced and pragmatic approach to our common goals. I leverage my expertise in cybersecurity strategy, policy, governance, and risk management to enable REI's growth and innovation. I also foster a culture of security awareness, education, and empowerment across the organization.
- Ambrish SrivastavaGlobal Head of Cybersecurity, Expedia Group
Highly experienced & technically proficient leader with extensive experience in security engineering, product development, operations and compliance. Laser focused on Security architecture, design & implementation, risk reduction, compliance & business orientation. Strong cross-functional skills due to extensive experience in Information Security, Production Support, Software Security and Compliance, Infrastructure and Project Management. Experienced in Cloud Security, System Administration, Networking, Project Management, Process Re- engineering. Result oriented, with a demonstrated ability to effectively respond to changing demands
- Adam ZollerSVP & Global CISO, Providence
Adam Zoller is the Chief Information Security Officer for Providence, a system of passionate providers focused on partnering with people to simplify health care. With 50+ hospitals, 1000+ clinics, and hundreds of locally driven programs administered by over 120,000+ caregivers, Providence is improving the health of communities, especially the poor and vulnerable. In this role, Adam is responsible for driving information security strategy and execution across the organization's information ecosystem
- Lisa Plaggemier, ModeratorExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Matt HoffmannCIO, KORE Software
Matt Hoffmann is a technology executive with 20+ years in the industry working across development, privacy. security, IT, infrastructure and devops. Throughout his career he has primarily worked with private-equity backed SaaS companies and has been the point person on multiple mergers and acquisitions on both the buy and sell side. In his current role as CIO of KORE Software, he manages engineering, devops, IT and security for a market leading product suite that serves professional sports and entertainment organizations. Working with some of the largest sports and entertainment teams and venues in the world has given him the opportunity to be hands-on with real-world data privacy challenges, large scale infrastructure projects and high-consequence security deployments.
- Jake Bernstein, Esq.Partner - Data Protection, Privacy & Security Group, K&L Gates
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Vanessa PeguerosBoard Member, Cybersecurity Leader, Angel Investor
Vanessa is an accomplished technology executive with over 30 years of experience. Currently she serves as a Corporate Board Director of the public company Liveperson (NASDAQ: LPSN), Boeing Employee Credit Union, and Prisidio. Formerly she was on the board of Carbon Black (NASDAQ: CBLK) and was part of the transaction to sell Carbon Black to VMware. Vanessa is also very active in angel investing and is a venture partner for Flying Fish Partners.
Vanessa has held senior leadership positions at organizations such as DocuSign, Expedia, U.S. Bank, and AT&T Wireless. Her expertise spans various domains, including technology architecture and engineering, risk management, cybersecurity, and compliance. Vanessa has a proven track record of successfully building and leading high-performance cybersecurity teams, implementing robust security frameworks and controls, and driving cultural change to foster a strong security mindset within organizations.
Vanessa's educational background includes a MBA from Stanford University, MS in Telecommunication from the University of Colorado, Boulder and a BS in Engineering from UC Berkeley. She also holds various cybersecurity certifications including CISSP, CRISC, CISM, and GSEC. Relative to her board work, she holds the National Association of Corporate Directors (NACD) Director Professionalism certification.
- Erika VossCISO, DAT Freight & Analytics
Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One,
Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that
drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command
of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and
execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies,
procedures, and best practices for security, including application security, access control, authentication, third party risk management,
and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has
successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud
security practices contributing to the following successes:● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
identifying opportunities to reinforce the company’s security posture.
● Engages directly with customers, providing information and guidance on the company’s security posture.
● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements,
including SOC2, PCI, SOX, and other industry regulations.Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations
in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth.
Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration
and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College. - Jake Rasko, ModeratorHead of Security Engineering & Architecture, DAT Freight & Logistics
Jake Rasko is a passionate technology leader with an unwavering belief in the transformative power of technology to change the world. With a diverse career spanning both IT and Security, he has honed his expertise in building, running, and maintaining critical infrastructure securely at a global scale.
Over the course of Jake’s professional journey, he has been a part of notable organizations such as Cruise, Salesforce, and most recently, HashiCorp. Now, as the Head of Security Engineering and Architecture at DAT Freight & Analytics, he is dedicated to building a more secure future for the nation’s supply chain.
With a career that began at the help desk and has since soared to leadership positions in global technology companies, Jake exemplifies the power of continuous growth and learning in the technology industry. His journey is a testament to his adaptability, vision, and unwavering commitment to leveraging technology for positive change.
- Elizabeth SchaedlerSecurity Advisor, Splunk
Elizabeth Schaedler is a Splunk Security Advisor and works with customers to develop strategies aligning security and business risks, and how to use risk-based-alerting to address fraud. Elizabeth has an expansive 20-year data center and security background and has spent time in the HPC world in senior positions at Cray Research, HP, RSA, Sun Microsystems, and IBM. She lives in Portland, Oregon, and she and her husband are currently spending their free time clearing out Legos and Barbies left behind by two adult children.
- Brian SheaBISO & Sr. Director of Security, Salesforce
Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.
- Adedolapo (Ade) GonzalezSr. Director, Security GRC & Trust Assurance, Docusign
Ade Gonzalez is a Senior Director of Security GRC and Data Security in Docusign. With over 15 years of experience, her expertise spans across building/managing high-performing teams and delivering board-critical programs around Security Governance, Strategy, Risk, Compliance, Data Protection and Cloud Security across various industries (financial services, technology, insurance and so on).
She also has experience working in different regions across the globe with established presence in South Africa, Ireland, UK and US. She holds a Masters (Cum Laude) in Computer Engineering, majoring in Artificial Intelligence. During her spare time, she enjoys travelling, food, exercising/fitness-related activities and spending quality time with her family, especially with her 3-year-old daughter and miniature-schnauzer.
- Michelle Linders WagnerVP, Head of Internal Audit, Docusign
Michelle Linders Wagner, a seasoned risk management executive, brings 25+ years of experience in enhancing compliance and risk posture for Fortune 500 firms. With cyber, compliance, and audit expertise, she builds high performing teams, swiftly identifying fit for purpose solutions that align with business strategy. While she is currently loving her job as the Head of Internal Audit at Docusign, Michelle has loved her prior positions, as well. At Deloitte, she transformed the global risk function; as an executive at Costco, she ran the second line of defense where she matured the global governance, risk, and compliance function; and at SAP, she drove high-priority risk and governance initiatives. Committed to excellence, Michelle excels in leading teams to solve intricate risk challenges.
- Panel Discussion
- Krista ArndtAssociate CISO, St. Luke's University Health Network
Krista Arndt is the Associate CISO at SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day to day operational effectiveness. Krista has been working in information security in various capacities for more than 15 years. In her previous roles, Krista assisted with developing and leading security programs in national healthcare, crypto, finance, and the Department of Defense. She currently holds her CISM and CRISC certifications and NHRA competition driver's license.
Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council, and is Marketing Committee Chair for Women in CyberSecurity (WiCyS) Delaware Valley Affiliate. Through this service, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.
When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.
- Marc Menninger, ModeratorInformation Security Officer, AstrumU
- John GardinerCOO & CFO
- Sabino MarquezCISO & Chief Trust Officer
Sabino Marquez' approach to leading cybersecurity as a ‘Trust Product Practice’ has led to substantial returns on security investments, higher value-generation velocity, and enhanced equity valuations. Sabino leads the Trust Product organization as a go-to-market leader, working alongside the productive business to enable and defend value, and transforming stakeholder Trust into a powerful tool for competitive differentiation. Within his key areas of focus, Sabino ensures robust protection mechanisms are in place for stakeholder interests while also leveraging organizational Trust as a distinct advantage in a competitive market landscape. His work has not only brought him recognition as ‘2023 C100 Winner’, but he is also an esteemed thought leader who frequently shares insights in Security Magazine, The Wall Street Journal, and Cyber Security Tribe.
- Lalitha SubramanianProgram Management Director, Academic Programs, UW Continuum College (UWC2), University of Washington
Lalitha Subramanian, Program Management Director at University of Washington Continuum College, has over a couple of decades of experience designing, developing, and delivering large-scale learning and development strategies and certification programs that empower working professionals build the right strengths, skills, and behaviors for organizational success and career progression. She has proven success coaching industry experts, university instructors, and private company leaders to evolve educational offerings, in the adoption of new technologies with accessibility standards, and has designed exemplary learner-driven digital education offerings to meet the needs of a dynamic global marketplace. Her expertise in educational pedagogical practices incorporating DEIBJ best practices for both in-class and virtual/online environments have been recognized at unit, university and at a national level.
- Alejandro AyalaCurriculum Developer and Integrator, NCAE Co-Op, Norwich University
Alejandro Ayala is a rising professional in the field of cybersecurity, pursuing a PhD in 2025 through an NSF Fellowship. Alejandro currently serves as a technical lead, ensuring program integration across multiple universities and industry. Alejandro contributes to the University of Washington’s Certificate in Risk Management in multiple roles. He is the co-founder and President of CyberAlumni, a community of practice focused on continuous professional cybersecurity education across the NCAE Schools. Alejandro has published in the Colloquium for Information Systems Security Education (CISSE), Springer Journal, Future Technologies Conference, and the Human Computer Interaction International Conference innovations in cybersecurity education.
- Panel Discussion
- Erez TadmorCTO, Tufin
Erez Tadmor holds a two-decade career in the ever-evolving information security field, marked by his diverse background in managing various product portfolios and verticals. His expertise spans cloud and network security, automation & orchestration, IAM, fraud detection and prevention. As Tufin's Field CTO, he bridges the gap between customers, marketing, and product teams, educating stakeholders on network security technologies, cybersecurity best practices and Tufin's solutions. Erez holds a track record of strong leadership in both enterprise and startups cybersecurity product management and strategy development.
- Mukesh Dixit, ModeratorCTO, Washington State Department of Labor and Industries
Chief Technology Officer at Washington State Department of Labor and Industries. Expert level grasp on IT Security governance and management of security in application, infrastructure and cloud domains. Spearheaded teams to do FedRAMP assessments of major cloud service provider giants in the industry. Certifications include CISSP, CCSP, CISA, PCIP, PMP, and AWS-SAA. Formerly PCI-QSA certified with a PCI assessor.
- Chirag PatelSenior Attorney, Clark Hill LLP
Chirag H. Patel is a solution-oriented technology and commercial attorney with extensive experience in emerging technologies, artificial intelligence (AI), data privacy, cybersecurity, contracts, e-commerce, and trade secrets. His multi-channel experience encompasses compliance, transactional review, and litigation.
Chirag’s practice spans diverse industries, including software, e-commerce, cryptocurrency, healthcare, financial services (traditional and FinTech), cannabis, commercial construction, and hospitality sectors.
His litigation practice includes multimillion-dollar contract disputes, high-stakes consumer class actions, and novel technology issues. Recent cases include national data breach class actions, privacy and wiretapping claims (CIPA), AI discrimination claims, software service (SaaS) and implementation contract disputes, business email compromise, cryptocurrency injunctions, and right of publicity of cases.
Chirag’s compliance practice focuses on AI, data privacy, and e-commerce. This includes development and advising on AU Acceptable Use Policies (AUPs), AI Audits, data privacy laws, and ecommerce laws. Among other regulatory regimes, Chirag has advised clients on compliance with the HIPPA Privacy Rule, the California Restore Online Shoppers Confidence Act (ROSCA), California Consumer Privacy Act (CCPA), California Automatic Renewal Law (CARL), and Federal Trade Commission (FTC) regulations.
Chirag has experience with commercial contract review and transactions. He conducts master contract reviews in various industry settings covering issues such as intellectual property rights, data ownership, and terms of service. He also has full-cycle M&A experience, including conducting privacy and cybersecurity due diligence.
- Maggie AmatoSr. Director, BISO, Salesforce
Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.
- Karim FanadkaDirector of Software Engineering, Salesforce
- Mozdeh KoushkiPrincipal Security, Generative AI and Cloud Security, Salesforce
- Kaustubh SarkarLead Product Security Engineer, Salesforce
- Erik Warfel, ModeratorDirector of Strategy & Operations, AI Platform, Salesforce
- Jake Bernstein, Esq.Vice President, ISC2 Seattle Chapter
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Agnieszka (Agnes) GossTreasurer, ISC2 Seattle Chapter
- Jean PawlukDirector at Large, ISC2 Seattle Chapter
Jean is an Executive Consultant, ISSA Distinguished Fellow, and honored as a 2015 SC Magazine “Woman of Influence”. With a global focus on strategy, architecture, and technology in the high tech and financial industries, she alternates between technical and executive leadership roles. Once focused on security and cryptography for the financial industry, her current focus is on the use and abuse of blockchains, augmented reality, and the Internet of Things (IoT).
- Frank SimorjayPresident, ISC2 Seattle Chapter
Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)
- Happy Hour
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Lisa PlaggemierExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Maggie AmatoSr. Director, BISO, Salesforce
Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.
- Erika CarraraVP, Chief Technology & Security Officer, The Greenbrier Companies
Erika Carrara is a seasoned cybersecurity and technology expert with over two decades of experience. Skilled at helping businesses navigate cyber risks, data governance, and digital transformation, Erika has led several corporations through a security maturity curve in the defense industrial base, federal sector, and twice in manufacturing, now at Greenbrier. She is an expert in security governance, compliance, privacy, and digital systemic risk.
In her role as Chief Technology & Security Officer, Erika presents at all board meetings, providing information and guidance on cyber protection and resiliency. As a Boardroom Qualified Technology Expert (QTE), she works closely with the board's enterprise risk and audit committee and C-Suite, providing updates on the materiality of cybersecurity risks and incidents. Erika has enhanced security governance at Wabtec by strengthening the company's governance framework, establishing effective risk management processes, conducting frequent risk assessments, and providing strategic guidance to the board and C-Suite on cyber risk matters. She maintains a pulse on the regulatory landscape, overseeing adherence to cybersecurity regulations, industry standards, and data protection laws in the 53 countries where Wabtec operates.
A Native American and veteran, Erika is passionate about championing DEI and social programs/causes. She advocates for gender diversity through education, industry sharing, and career development. As a values-based leader, Erika demonstrates diplomacy, flexibility, and a deep commitment to life-affirming principles such as honesty, integrity, trust, and compassion for others.
- Rob DavidsonCISO, Pacific Blue Cross & PBC Solutions
Rob Davidson brings many years of experience to his role as Chief Information Security Officer at Pacific Blue Cross and Pacific Blue Cross Solutions. His career started with Dell Canada and has progressed though several senior strategic and leadership positions at industry-defining organizations such as Microsoft and Hootsuite. Prior to his recent return to Vancouver, Rob worked through an extended tenure at Microsoft, from the original basics of networking through the launch of the Global Azure Cloud services.
Rob holds an Executive MBA and maintains his original CISSP certification. He enjoys the opportunity to share with and learn from others who are like-minded in his passion for the Security of People, Information, and Technology.
In addition to his core work, you will also find him engaged in Board of Directors (and Board advisory) positions, volunteer opportunities, and working to mentor and assist the next generation of security professionals.
- William Lidster, ModeratorCISO, AAA Washington
William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization. William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.
In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.
Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.
William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.
- Maggie AmatoSr. Director, BISO, Salesforce
Maggie Amato is a dynamic cybersecurity leader with deep expertise in cloud security, AI security, and risk management across technology, healthcare, and federal sectors. As the Business Information Security Officer (BISO) for AI Cloud + CRM Apps at Salesforce, she plays an integral role in advising two Chief Technology Officers on holistic risk management strategies that align with the evolving demands of cutting-edge technologies. Throughout her career, Maggie has been at the forefront of innovation, leading the development of AI-specific security programs, advancing cloud security initiatives at Aetna, and forging impactful public-private partnerships in healthcare. Her leadership and strategic vision have consistently driven transformative security solutions that strengthen organizational resilience.
- Gowri QuickBISO & Sr. Director of Security, Salesforce
Gowri is a mission-driven, people-centric senior cybersecurity leader with 15 years of experience in Threat Intelligence, Security Operations, Risk Management, and Compliance. As a former FBI agent, Gowri proudly served her country and has also worked in Corporate Security. She holds a Master's Degree in Information Science from the University at Buffalo. Currently, Gowri serves as a Business Information Security Officer (BISO) at Salesforce, advising the President of the Customer Success Group on information security matters. In this role, she represents the Chief Trust Officer when partnering with executive leadership to promote cybersecurity across the Enterprise units.
- Brian Shea, ModeratorBISO & Sr. Director of Security, Salesforce
Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations and Supportand. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and has published 2 books and 3 industry papers on security.
- Nazira CarlageCISO, LTK
A proven senior security leader that drives business-centric innovation through strategy, empowering independence, and inspiring the next generation of enterprise growth from small to large enterprise. Experienced security strategist from Cloud to Enterprise Architecture, change/transitional management, application security, product development, vulnerability assessment, security operations, security engineering, process improvement, and enterprise transformation. A visionary who serves as a catalyst for sustainable change by empowering organizations and people in achieving breakthrough results as they travel to secure digital transformations. A leader that nurtures and empowers teams through communication in fostering cross-functional collaboration and achieving the organization’s goals. A driver of continuous improvement who eliminates single points of failure, transforming complex obstacles into tangible solutions.
- Cynthia DamianCISO, Valon
- Becky FrickerHead of Security Assurance and Operations, DAT Freight & Analytics
Becky Fricker is the Director of Information Security at DAT Freight & Analytics, where she plays a pivotal role in protecting the company’s digital infrastructure. She oversees Security Operations and Product Security, including areas such as Endpoint Protection and Response, Continuous Threat Exposure Management, Incident Response, and Network Security. Becky holds a Certified Information Systems Security Professional (CISSP) certification, a globally recognized credential that demonstrates her ability to design, implement, and manage a robust cybersecurity program.
Her extensive background in cybersecurity began with 13 years of service in the NJ Air National Guard, where she held critical roles such as Installation Spectrum Manager and Installation Security Systems Manager. After transitioning to the civilian sector, Becky continued to build her expertise as a Network Security Engineer at Cooper University Health Care. She later took on senior roles in the financial sector and at one of Southern California’s largest utility companies, focusing on information security within critical infrastructure.
Her academic credentials include an Associate of Science in Electronic Systems Technology, a Bachelor of Arts in Communication and Media Studies, and a Master of Science in Information Technology, specializing in Cybersecurity. Known for her adaptability, mentorship, and strong communication skills, Becky is an invaluable member of the DAT team, continuously driving improvements in the company’s information security programs.
- Karine ThibaultVP, Cybersecurity , Roper Technologies, Inc.
- Erika Voss, ModeratorCISO, DAT Freight & Analytics
Erika Voss offers two decades of extraordinary success in a series of high level roles at top tier companies that include Capital One,
Salesforce, Oracle Public Cloud, Microsoft Corporation and Amazon Web Services.Erika’s invaluable expertise and broad business range have powered a history of developing successful process improvements that
drive productivity, reliability, and client satisfaction. Such traits have consistently enabled Erika to achieve an impressive command
of the skills needed to manage ongoing business planning processes while developing strategies to meet future challenges.Upon being named as Vice President of Information Security for DAT Freight & Analytics, Erika will lead vision, strategy, and
execution for all facets of security for this Fortune 500 Supply Chain Logistics corporation, while defining and revising policies,
procedures, and best practices for security, including application security, access control, authentication, third party risk management,
and intrusion detection. Dr.. Voss has dedicated herself and her vision as a leader who engages in projects with an “All-In” attitude.With a forte for successfully building strong teams and holding a key role leading all facets of finance and strategy, Dr. Voss has
successfully positioned companies, as a leading expert in its field with respect foundational security basics, fraud, identity, and cloud
security practices contributing to the following successes:● Effectively manages a team of product and application security engineers, architects, and DevSecOps personnel, continually
identifying opportunities to reinforce the company’s security posture.
● Engages directly with customers, providing information and guidance on the company’s security posture.
● Served as the CISO of the company’s cybersecurity program in line with all industry standards and regulatory requirements,
including SOC2, PCI, SOX, and other industry regulations.Combining her proven business instinct with an unprecedented disciplinary work ethic, Erika has continuously exceeded expectations
in high stake environments throughout her career positioning herself as a key member of each company and a driving force for growth.
Erika holds a Ph.D. in Cybersecurity from Northcentral University, as well as a Master of Science Degree in Security Administration
and a Bachelor of Science Degree in Computer Operations Technology from Southwestern College. - Panel Discussion
- Dr. Peter HolowkaDirector of Educational Technology, West Point Grey Academy, Vancouver BC
Dr. Peter Holowka is passionate about digital transformation and technology leadership, particularly in education. His doctoral research was in cloud computing adoption and organizational leadership. His professional work and academic research centre on the digital transformation journey, particularly the journey from legacy systems towards the cloud. He has received multiple awards for leadership and academic excellence. He was recognized as Member of the Year by the CIO Association of Canada, and currently serves as the Past President of the Vancouver Chapter. Beginning his career as a network and web design specialist, Dr. Holowka also advises a number of businesses, educational institutions, and not-for-profit organizations.
- Aaron HuntDirector, Information Security, KP LLC
An Information Security leader with experience establishing resilient security strategies and procedures enhancing the corporate security posture, through evaluation of risk, promoting security awareness and privacy training, management of incident response, managing relationships with customers and business partners, and ensuring continued compliance through internal, customer and certification security audits.
A proven leader, skilled in managing network and application operations, knowledgeable in many collaboration and web environments and successfully managed services and large scale projects. Experienced in several security frameworks, including ISO 27001, PCI DSS, HITRUST, NIST 800-53, HIPAA, GDPR and SOC.
- Brittany WeinsteinVP, AI Risk Governance , Goldman Sachs
Passionate risk and security leader committed to safeguarding the digital landscape with extensive experience in critical infrastructure. Experienced in regulatory compliance across the United States, Europe, and Asia. My passion lies in shaping strategic directions and implementing robust controls meticulously tailored to meet regulatory requirements.
Beyond my technical expertise, I'm devoted to advancing the role of women in security. I actively promote inclusivity in the workplace and offer mentorship to empower aspiring professionals.
Let's unite our strengths and collaborate to create a safer world together.
- Jake Bernstein, Esq.Partner - Data Protection, Privacy & Security Group, K&L Gates
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Panel Discussion
- Mike LeFeverMike Lefever, Member, U.S. Global Leadership Coalition's National Security Advisory Council; EVP of National Security, Concentric Advisors; Executive Chairman, Illuminate; Former Commander and Senior Military Representative, Office of the U.S. Defense; Representative to Pakistan, U.S. Embassy, Islamabad
Vice Admiral (Ret.) Mike LeFever, USN, currently serves as Chief Executive Officer for Concentric. Concentric is a risk management consultancy that specializes in delivering strategic security and intelligence services. In
addition, he is a member of the network of national security experts for “The Cipher Brief,” a digital based conversation platform to connect the private sector with leading security experts.Previously, Mike was the Chief Operating Officer for IOMAXIS, a US technology company specializing in cyber, communications, and computing solutions, and services. He also worked as a senior advisor, mentor, and
speaker at the McChrystal Group, a leadership and management firm, engaging with senior executives across multinational companies on leadership, strategy, and change management.Reflecting his deep experience with and commitment to developing high performance leaders and teams, Mike also served as a Performance Ambassador and Speaker for Liminal Collective and Arena Labs and as a
senior advisor and mentor for leaders in private industry; the USG’s National Defense University senior level national strategy, leadership, and warfighting courses; and USG Joint Forces. He is also a member of the
board of advisors at the National Security Institute at George Mason University, Antonin Scalia Law School and a participant on the Atlantic Council Counterterrorism Study Group.Mike retired from the United States Navy after over 38 years of service, finishing his military career as the Director of Strategic Operational Planning at the National Counterterrorism Center, within the Office of the
Director of National Intelligence. He also served as both the Commander of the Office of Defense Representative in Pakistan and the Commander of the Joint Task Force in Pakistan, leading all US Armed Forces in Pakistan between 2008-2011.Throughout his career, Mike served in Navy and Joint leadership and command positions at every level. He led disaster relief and humanitarian efforts, the full spectrum of warfare operations, and counterterrorism and
counterinsurgency operations. Renowned for his effectiveness in navigating cross-cultural, complex, and international environments and building high performance teams, his leadership was directly responsible for
numerous significant achievements that protected and enhanced the national security of the United States. The hallmark of LeFever’s leadership was his commitment to build and promote lasting partnerships between
the US and its key allies and coalition partners. - Scott BensonDirector of Cybersecurity and Infrastructure, Mud Bay, Inc.
Scott Benson is the Director of Cybersecurity and Infrastructure at Mud Bay, with over 25 years of experience in the field. He holds certifications such as CISSP, CEH, and PCIP. Scott leads a team responsible for cybersecurity, infrastructure, and help desk services, ensuring successful business outcomes and compliance with industry standards. He has a strong background in risk management, cloud security, and cybersecurity strategies.
- Kathryn PattersonSr. Lead Information Security Business Manager, TIAA
Kathryn Patterson supports the Global Cybersecurity & Fraud Management organization at TIAA. In prior roles, she managed 3rd Pty Assessment, Regulatory Exam Mgmt and Audit support, and RCSA. Her career spans three industries: healthcare, telecommunications, and financial services, with additional background in program management, business resiliency and internal investigations. She prioritizes collaboration with business partners on best practices, communications, training, and development. Kathryn holds a BA in Organizational Leadership from the University of Oklahoma with a concentration in Criminal Investigations and Intelligence Analysis.
- Panel Discussion
- Kevin Murphy, ModeratorBusiness Information Security Officer (BISO), T-Mobile USA
Kevin has more than 25 years of experience in threat intelligence and information security. He was the VP of cybersecurity operations and governance at IOActive.com, a retired NSA intelligence officer, the former director of Windows security architecture at Microsoft, and shipped Windows 10 (not by myself). He holds the CISM, CISSP, CGEIT security certifications.
- Hong-Lok LiChief Technology Officer, Alma Mater Society of UBC, Vancouver
Hong-Lok Li is the Chief Technology Officer at the Alma Mater Society of UBC Vancouver (representing 60,000+ UBC students). He has a strong technical background and 20+ years of experience in large organizations in a multi-platform, integrated computing environment. Hong is a Chartered Engineer (CEng) who earned his Master of Science (MSc.) in AI and Networking at the University of Essex in the United Kingdom. He is also a BCS (British Computer Society) assessor for the Chartered Engineer (CEng) Assessment. Hong believes in fostering a culture of innovation and collaboration and is always passionate about deploying technology to ensure resource optimization and operational excellence.
- Andrew JohnsonSolutions Architect, Washington Technology Solutions (WaTech)
Andrew Johnson is a Solutions Architect based in Olympia, WA. Andrew serves as the Principal Architect overseeing the state’s adoption of zero trust, Secure Access Service Edge, SD-WAN, and Secure Service Edge. Andrew is responsible to interconnect state government with cloud-based resources and external business partners. Andrew spearheads the state's adoption of new technologies enabling state government to leverage cutting-edge technology in serving the residents of Washington State. Additionally, Andrew modernized the state's DNS system, transitioning it to a hybrid DNS solution that handles both on-premise and cloud-based queries. Andrew is a retired Army Signal Warrant Officer.
- Patrick MasseyDirector, Region 10, DHS CISA
Patrick Massey serves as the Regional Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Region 10 office in Seattle. CISA is committed to improving the security and resiliency of our nation’s infrastructure through collaboration with critical infrastructure owner/operators, governments, industry, and other stakeholders.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join your local cybersecurity community for learning and professional growth!