- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, September 18, 20197:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amAdvisory Council Breakfast – (VIP / INVITE ONLY)Topic: How Mature is your Cybersecurity Incident Response Plan?Registration Level:- VIP / Exclusive
8:00 am - 9:15 amLocation / Room: 1058:00 amSecureWorld PLUS Part 1 - Cyber Defense Ineffectiveness and What We Can Do About ItEarn 16 CPEs With This in-Depth 3-Part CourseCEO, Blue Goat CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 360Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.
“Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa
Throughout this training session, Christian Espinosa will candidly discuss the following key elements:
- Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
- Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
- Motivations, breaches, and primary tactics used by attackers.
- Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.
During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.
Meet the Trainer:
Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.8:00 am[SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkEarn 16 CPEs With This in-Depth 3-Part CourseSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 370The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:30 amCybersecurity and Industrial Control SystemsCybersecurity Compliance Manager, Electric Power Systems InternationalRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 241This session will cover the special challenges of cybersecurity in Industrial Control Systems (ICS), the lack of available training, and how to find people to fill the void.
8:30 amBuilding Resilience in a Smart NationSTAR Program Director, Cloud Security AllianceRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 230Smart cities harness digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges—presenting a huge opportunity but risk as well. To become the world’s “smart nation,” a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of the world’s 9 billion people will be city-dwellers by 2050, it’s vital we ensure cities provide a safe and pleasant environment that is sustainable and resilient to change.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)8:30 amThird-Party Risk: Creating and Managing a Program that Works!Managing Director, UHY ConsultingRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 240Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.
9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 am[OPENING KEYNOTE] Catching Cyber CriminalsInvestigative Techniques to Identify Modern Threat Actors and the Clues They Leave Behind During Data BreachesSecurity Researcher and Pentester, Author "Hunting Cyber Criminals"Registration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterThis keynote will provide insight into modern threat groups like The Dark Overlord, MABNA, and Gnostic Players. The discussion will detail the formation of the groups, information on their structure, their core members, the tactics behind their attacks, and why their attacks are so successful.
As a precursor to my upcoming book, “Hunting Cyber Criminals,” I will convey confidential information I have gathered in my personal dealings with these criminals, and provide an inside look at several of the companies they have breached and the many clues they unknowingly leave behind.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:00 amAdvisory Council LUNCH RoundTable: (VIP / Invite Only)Topic: Prioritization of Top 20 Critical Security ControlsRegistration Level:- VIP / Exclusive
11:00 am - 1:00 pmLocation / Room: 105This session is for our Advisory Council members only.
11:15 am(ISC)2 Chapter Meeting and Guest Presentation - Open to All AttendeesTopic: AI and Machine Learning for Information SecuritySystem VP & CISO, SSM HealthRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 240Interested in your local associations? Join (ISC)2 for their chapter meeting and guest presentation. This opportunity is open to all attendees.
Presentation:
Self-learning Artificial Intelligence, also known as Machine Learning (ML), is changing the world. From skillfully optimizing store shelves to deftly influencing us to click on ads, ML is here to help. 35% of Amazon’s revenue is generated by its ML insightfully recommending products to you and me. Come learn how intelligent machines make decisions, just like you or I do, but only faster and more accurately because it’s really good at math (!).11:15 amOpening the Door to InfoSecSr. Threat Intelligence Analyst, BAE SystemsRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 230This presentation is about personal experiences over my year as an intern to an associate cybersecurity intelligence analyst. Going from a dev team, to a red team, and eventually blue team. Highlighting industry struggles as a female (first and only female of each of these teams) trying to get an entry level position and trying to close my own skill gap. Also highlighting personal struggles as well as technical struggles.
11:15 amZeek and Ye Shall Find: How to Build a Zeek Cluster at Washington UniversityInformation Security Manager, Washington University in St. LouisMIM, Network Engineer 3, Washington University in St. LouisRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 231Washington University has been using Zeek (formerly called BRO) for five years now. We recently moved from using SPAN sessions monitoring just north/south traffic, to building a TAP network to monitor both north/south and east/west traffic. We will look at the tools and hardware necessary to build the TAP network and the Zeek cluster. We will also look at some of the data that Zeek produces right out of the box.
11:15 am[Radware] Cybersecurity Pushed to the LimitSystems Engineer, RadwareRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 241Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
• The threat landscape deep dive—the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for12:15 pm[LUNCH KEYNOTE] Storytelling 4 CybersecurityVP & CISO, QuickbaseRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterToday, the industry struggles to articulate the most pressing risks facing a business, leading to every security control becoming a critical security control.
The end result is an expensive, frustrating, and enigmatic cybersecurity program; and with a rapidly changing threat landscape, security fatigue sets in quickly. In order to win business support, we must be able to tell a compelling cybersecurity security story readily consumable by all.
In this session, we’ll leverage a little communication theory 101 and audience-centered delivery techniques to create an influential cybersecurity story with an emotional, relatable hook.
1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Panelists:
Ron Winward, Radware
Daniel Conrad, One Identity
Matt Modica, BJC
Chris Schoen, Keysight/Ixia
Chris Sears, Securonix
Adam Bacia, SailPoint
Moderator: Montez Fitzpatrick, Navvis Healthcare1:15 pmPanel: You Got Burned, Now What? (Incident Response)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 230We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
Panelists:
Adam Gates, Malwarebytes
Vinny Troia, NightLion Security
David Harrier, EHI
Ronald Pipkins, Alert Logic
Moderator: Priscilla Jacks, U.S. Bank2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
3:00 pmLegal Issues in AI, IoT and the Cloud of the FutureProfessor, Researcher, Lawyer, EducationRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 241AI, IoT and the Cloud are no doubt changing the way we live in the future. This presentation discusses current and predicted legal issues in AI, IoT and the Cloud into the future. Legal areas cover privacy and security law, marketing law, and tech law more generally. Trends in how AI, IoT and the Cloud will be used in the future will be married with the potential legal issues that may present themselves in that context. This will permit insight into how the law may evolve in these areas and how we can be ready for our cyber future from this perspective. 3:00 pmTop 10 Activities to Avoid Identity Theft / Financial FraudSVP, Information Security, CitiBankRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 240In the increasingly online world we live in, many people are concerned about having their identity stolen. A few simple precautions can go a long way to avoiding the hassle of identity theft. Join us as we explore ten action steps that we as consumers can take to lower the likelihood and impact of identity theft.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)3:00 pmCISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?Founder & Managing Director, Whiteboard Venture PartnersCISO, Veterans United Home LoansCISO & SVP, First BankCIO/CISO, Grasshopper BankRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: 230The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.
3:00 pmSecureWorld PLUS Part 2 - Cyber Defense Ineffectiveness and What We Can Do About ItSecureWorld PLUS Registrants ONLYCEO, Blue Goat CyberRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: 360Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.
“Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa
Throughout this training session, Christian Espinosa will candidly discuss the following key elements:
- Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
- Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
- Motivations, breaches, and primary tactics used by attackers.
- Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.
During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.
Meet the Trainer:
Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.3:00 pm[SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: 370The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
- Thursday, September 19, 20187:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amSecureWorld PLUS Part 3 - Cyber Defense Ineffectiveness and What We Can Do About ItCEO, Blue Goat CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 360Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.
“Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa
Throughout this training session, Christian Espinosa will candidly discuss the following key elements:
- Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
- Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
- Motivations, breaches, and primary tactics used by attackers.
- Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.
During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.
Meet the Trainer:
Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.8:00 am[SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: 370The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:30 amInfraGard Chapter Meeting and Guest Presentation - Open to all AttendeesTopic: Cybersecurity CareersVice President, Cybersecurity, Centene CorporationRegistration Level:- Open Sessions
8:30 am - 9:15 amLocation / Room: Keynote TheaterJoin InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.
Presentation:
Everyone has an opinion on what certification is best and what degree is or is not essential in cybersecurity. Alan will provide insight on cybersecurity roles, the security certifications that matter for many of these roles, what type of training is truly valued by hiring managers and what key skills matter.8:30 amBehavioral Defense Using the MITRE ATT&CK FrameworkSr. Security Incident Response Consultant, AflacRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 230Indicators of Compromise (IOC) have been a mainstay of security defense, but companies still get hacked. One of the problems with IOCs is that they are only good for a short space of time. A miscreant can create a new domain, use it for 12 hours and then never use it again. Defenders need to stop thinking of bad domains or bad IP addresses and start focusing on the behavior of the miscreants. Using the MITRE ATT&CK Framework, we will discuss current attack techniques and how defenders can identify gaps in security coverage.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)8:30 amCurrent and Proposed Privacy Regulations and How It Affects SecurityCISO & SVP, First BankRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 240GDPR and CCPA are two of the many privacy standards that are affecting organizations. How will these regulations impact your organization and where should cryptography and monitoring be used? What are some future regulation and standards around privacy and security that will impact how enterprises’ and individuals’ data may be protected?
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 am[OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical DefenseSpecial Agent, Global Investigative Operations Center, United States Secret ServiceRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterThe average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
10:15 amMark Gelhardt Book Signing in the CyberLounge on the Exhibitor FloorQuantities are limited and will be distributed on a first-come, first-served basis.Registration Level:- Open Sessions
10:15 am - 12:00 pmLocation / Room: CyberLoungeMark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
Find him in the CyberLounge on the Exhibitor Floor at the following times:
10:15 a.m. – 12:00 p.m.
1:00-1:15 p.m.
BOOK SYNOPSIS:
Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.
11:00 amAdvisory Council Round Table: (VIP / INVITE ONLY)Topic: Privacy Versus Security (CCPA, GDPR, DevOpsSec)Registration Level:- VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: 10511:15 amDeconstructing Chaos: A Look at the Threat Beyond the ComputerCyber Threat Intelligence Engineer, Pathfinder IntelRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 231Discussions on cyber threats typically don’t go beyond the computer system. Rarely, is the lone hacker or group and their intent come to light. In their attempt to understand cyber threats, security professionals typically grasp the minimalist understanding of “Bad Guys Do Bad Things.” Information Security Professionals sometimes lock themselves into a reactive state, and patching holes in a wall about to break. This is discussion will look beyond the computer threat, at the hacker, and what motivates them and try to create professionals who can see beyond the indicators, vulnerabilities and exploits, and find the proactive thinkers, organizations need.
11:15 am7 Ways to Boost InfoSec’s Influence (and Yours) by Communicating DifferentlyDirector of Media & Content, Podcast Host, SecureWorldRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 230Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.
11:15 amOpportunity and Risk: How Open APIs Are Transforming BankingSupervisory Cybersecurity Analyst, Federal Reserve BoardRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 241Do you know what an Open API is? The data shows the majority of Americans don’t. Open/ public application programming interfaces (APIs) are the engine that power Open Banking, something that has transformed banking around the world the last couple of years. It is on the radar of banks in the United States and in practice in some. Open APIs enable the exchange of customer data with other parties in a simple and secure way, facilitating rapid innovation in products and services. Countries are creating laws and regulation around this practice. This innovation and opportunity potentially carries security risk.
11:15 amCloud Security Alliance Chapter Meeting and Guest Presentation (Open to all Attendees)Topic: Same Problems but No Servers - Pragmatic Security in a Code-Centric CloudCo-Founder , Protego LabsRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 240Interested in local associations? Join Cloud Security Alliance for their chapter meeting and guest presentation. This is open to all attendees.
Presentation:
Serverless architectures like AWS Lambda are a developer’s playground- no barriers and faster deployments. However, it can be a nightmare for security teams, often losing visibility and control. In this talk, we will explore how both teams can embrace cloud-native applications and embrace the challenge.
Presentation Level: TECHNICAL (deeper dive including TTPs)12:00 pmAdvisory Council LUNCH Round Table - (VIP / Invite Only)Topic: Zero Trust, What’s the Big Deal?Registration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: 10512:15 pm[LUNCH KEYNOTE] How to Manage Your Own Career to Get to the TopCIO, Georgia State Defense Force, Former CIO, The White HouseRegistration Level:- Open Sessions
12:15 pm - 1:15 pmLocation / Room: Keynote TheaterDo you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you! 1:15 pmPanel: Shifting Landscape of Attack VectorsRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterIf one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
Panelists:
Brian Louire, Mars
Diego Maldonado Leonardo, DRS
Teri Green, The Fantas Techs
James Norberg, FCS Financial
Moderator: Tim Grace, Mueller Prost1:15 pmPanel: The Battle for the Endpoint Continues (Endpoint Security)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 230What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.
Panelists:
Jon Stitzel, Ameren
Bob Brown, First Busey Bank
Gary Chan, FBISTLCAAA
Chris Pittman, Cylance
Moderator: Mike Kissel, Schnucks2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: SecureWorld Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmDash for Prizes & CyberHuntRegistration Level:- Open Sessions
2:30 pm - 2:45 pmLocation / Room: SecureWorld Exhibitor FloorBe sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win
3:00 pmMoving from InfoSec Technician to InfoSec LeadershipCISO, Veterans United Home LoansRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 240Are you a technician feeling the call towards leadership? Are you just interested in learning more about leadership? Just being a good tech is no guarantee of being a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge.
Come to this session and join in a conversation about the path from the Information Security Technical role to an Information Security Leadership role. Learn the right Knowledge that will be Powerful in helping you become a great Information Security Leader!
Presentation Level:
MANAGERIAL (security and business leaders)3:00 pmCode(break;)ers: Cultivating More Inclusive Pathways to TechnologyInformation Security Officer, Medical College of WisconsinRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 241The security industry, much like the American workforce as a whole, is facing a crisis: job growth is outpacing traditional higher education’s output of viable, job-ready candidates, and coding bootcamps and online programs have become costly and exclusive. Employers across markets must revamp the way they recruit, hire and train tech talent in order to move the industry forward. Maria Laura Tarabillo and Ronald Williamson, along with other regional experts, will explore how looking past the barriers of conventional education opens doors for those traditionally marginalized while providing employers reliable ways to find and hire talent, thus creating an economic talent pipeline.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)3:00 pmTOO BIG TO FAIL / too small to worry: A Study of Why Security Is a Concern to Every Size of BusinessDirector of Technology Risk Advisory Services, Mueller ProstRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 230Organizational executives have many concerns, and cybersecurity initiatives are often a low priority until something happens. Can a large business employ a “too big to fail” strategy? Can a small business employ a “too small to worry” strategy? This session will examine evolving strategies of large organizations dealing with security breaches, and why they may or may not be concerned if they are a target. Conversely, small companies may consider themselves too small to be a target, and therefore think they do not need to worry about cybersecurity. We will examine why large organizations may employ a less than optimal strategy for cybersecurity protection. What are the effects on their client base, industry standards, regulatory compliance, negative press, and financial data? We will then compare that strategy to a small business strategy of being too small to worry about being a target. The session will cover real-life examples of the effects of cybersecurity breaches on both large and small business, and why everybody should be working proactively to protect their organizations.
We will wrap up with strategies of how to protect an organization, including outlining steps to building a lasting cybersecurity strategy for breach prevention.
Presentation Level: MANAGERIAL (security and business leaders)
- Alert LogicBooth: 320
Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.
- Alpine SecurityBooth: 650
Alpine Security is a Service Disabled Veteran owned Small Business. We have extensive experience with security audits, regulatory compliance audits, vulnerability assessments, penetration testing (network, application, web application, and physical), social engineering, incident response, digital forensics, and user awareness & technical training. Our team members are Industry Certified, bring vast project experience, highly educated, trusted, and experienced. We have been on United States government red teams and have experience with military cyber operations – offensive and defensive. Our team is also well-versed and experienced with commercial security assessments, audits, penetration testing, risk assessments, and incident response. We have performed penetration tests and assessments for numerous industries, including aerospace & defense, education, healthcare, financial, energy, and oil & gas. Our extensive experience in high-risk and complex environments ensures we are prepared to test your environment, regardless of the risk-level or complexity. We’ve been tested under fire.
- ApricornBooth: 500
Founded in 1983, Apricorn designs, manufactures, and supports storage innovations with your data’s security as our top priority. Our unique, patented approach is centered on being 100% hardware-encrypted, software-free, and cross-platform compatible. Trusted by numerous state, national, and international governments, as well as small and large corporations alike, Apricorn delivers advanced data security innovations designed to address today’s threats, as well as tomorrow’s.
- <Booth: 330
- Burwood Group, Inc.Booth: 120
Burwood Group, Inc. is an IT consulting and integration firm. We help forward-thinking leaders design, use, and manage technology to transform their business and improve outcomes. Our services in consulting, technology, and operations are rooted in business alignment and technical expertise in cloud, automation, security, and collaboration.
- Cloud Security Alliance (CSA)Booth: 410
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
- Comodo CybersecurityBooth: 630
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
- CorelightBooth: 430
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- CyberUpBooth: 300
Our mission is to close the cybersecurity skills gap by training the workforce of today and inspiring the workforce of tomorrow.
- EC-CouncilBooth:
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- ECTFBooth:
As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.
- Express ScriptsBooth: 160
Headquartered in St. Louis, Express Scripts is a healthcare technology company providing integrated pharmacy benefit management services. We put medicine within reach of eighty-three million people by aligning with plan sponsors, taking bold action and delivering patient-centered care to make better health more affordable and accessible. It’s more than what you think. As an organization that deals with highly sensitive patient information, we are committed to protecting the clients, patients, and companies we serve from security breaches and cyber-attacks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while leveraging internal and external threat intelligence to continuously improve our security posture.
- FBI St. Louis Citizens Academy Alumni AssociationBooth:
Join the FBI St. Louis Citizens Academy Alumni Association (FBISTLCAAA) membership any time after graduating from the FBI Citizens Academy! FBISTLCAAA membership provides access to education in the areas of Federal Law Enforcement, to network with others, to participate in fun events, and to promote a safe and informed St. Louis community.
Each member of the FBI St. Louis Citizens Academy Alumni Association is a graduate of an eight-week FBI Citizens Academy course in which the curriculum focuses on federal law enforcement issues and challenges. The FBISTLCAAA was established in 2006 with a local membership of FBI Citizens Academy Graduates. - GemaltoBooth: 100
Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.
- InfraGard St. Louis Members AllianceBooth: 150
InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.
- ISACA St. LouisBooth:
As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.
Meetings are generally held the 3rd Wednesday of the month between September and May.
- ISC2 St. Louis ChapterBooth: 620
As a regional chapter of ISC2, located in St. Louis and serving the St. Louis Metro area, the mission of the St. Louis Region/Scott AFB ISC2 Chapter is to provide members and other security professionals with the opportunity to share knowledge, grow professionally, raise security awareness and advance information security in local communities around the world.
- Ixia, a Keysight BusinessBooth: 340
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- MalwarebytesBooth: 200
Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.
- Midwest Cybersecurity AllianceBooth: 400
Let MCSA help you prepare for the inevitable. Join our community to get access to insider best practices and new cutting edge approaches to developing cyber security programs and combating cyber attackers. To learn more about MCSA membership, contact us at info@MidwestCyber.org.
- MimecastBooth: 440
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- <Booth: 130
- OWASPBooth: 350
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
- ProcessUnityBooth: 600
ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.
- Professional Education Technology & Leadership CenterBooth: 140
- ProofpointBooth: 450
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- RadwareBooth: 310
Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.
- SailPointBooth: 610
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SecureAuthBooth: 420
SecureAuth enables the most secure and passwordless, continuous authentication experience for everyone, everywhere. The patented AI/ML technology allows frictionless access to any file and any application across your heterogenous environment. The platform extends the security of your IdP or it can be used as an end-to-end solution.
- SecuronixBooth: 460
Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.
- Saint Louis University Workforce CenterBooth: 660
The Workforce Center was established in 2013 to address the skill needs of our modern and fast-paced workplaces. Powered by top-ranked Saint Louis University, the Workforce Center provides premier training solutions to corporations and individuals nationwide. With a mission to fulfill the needs of modern organizations, the Center offers a range of training topics including Cyber Security, Project Management, Agile, Analytics, Software Engineering and more.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- Washington University in St. LouisBooth: 140
Washington University in St. Louis (WashU, or WUSTL) is a private research university in St. Louis, Missouri. Founded in 1853, and named after George Washington, the university has students and faculty from all 50 U.S. states and more than 120 countries. As of 2017, 24 Nobel laureates in economics, physiology and medicine, chemistry, and physics have been affiliated with Washington University, nine having done the major part of their pioneering research at the university.
- Christian EspinosaCEO, Blue Goat Cyber
Christian Espinosa is the CEO & Founder of Blue Goat Cyber and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a U.S. Air Force veteran with a BS in Engineering from the U.S. Air Force Academy and an MBA from Webster University. He holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Craig ReedsCybersecurity Compliance Manager, Electric Power Systems International
Craig Reeds has been involved with Cybersecurity since before there was a name for it. During his time in the IT field, he has been responsible for Cyber Security, Cyber Vulnerability Assessments, Penetration Testing, Risk Identification and Management, Business Continuity/Disaster Recovery and Change Management. In his role as a NERC Compliance Senior Consultant he helps to protect the North American Power Grid. Craig hold both a CISSP and the CRISC certifications as well as degrees a BS in Information Systems from Maryville and an MBA from Webster University.
- John DiMariaSTAR Program Director, Cloud Security Alliance
John DiMaria has 30 years of successful experience in Standards and Management System Development, including Information Systems, Business Continuity, and Quality. John was one of the innovators and co-founders of the CSA STAR program for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook, and a working group member and key contributor to the NIST Cybersecurity Framework. He currently manages all facets of the CSA STAR Program which includes security, privacy, continuous monitoring, and development of new solutions.
- David BartonManaging Director, UHY Consulting
David Barton is a Managing Director with UHY Consulting and practice leader of the Technology, Risk, and Compliance practice, which provides cybersecurity consulting and compliance services focused around information technology. He has over 30 years of practical experience in information systems and technology risk and controls.
David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution.
David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer. - Vinny TroiaSecurity Researcher and Pentester, Author "Hunting Cyber Criminals"
Founder and Principal Security Consultant of Night Lion Security, Vinny Troia brings 20+ years of IT security and development experience. He is also a featured speaker on ABC, CNBC, and Fox News.
"One afternoon, I drafted an email to the CEO and CISO of a major airline company. The title read – URGENT – Data breach in your network. During our phone conversation later that evening, I proceeded to tell the security admin that I received word from a dark web contact that sensitive data from their network was about to go on sale later that week. Working in tandem with my dark web contacts and the company’s security team, we were able to identify the hacker’s position within their network, turned off their access, and closed the vulnerabilities that allowed them to gain access. This is the kind of thing I do day in and day out, and I love my job." - Vinny Troia
- Gary S. ChanSystem VP & CISO, SSM Health
Gary S. Chan helps organizations innovate, stay secure, and meet compliance using information security as the vehicle. He has architected anti-fraud systems for state agencies, led the information security teams for a large-cap technology company, leads the information security department for a large multi-state healthcare system, owns an information security consulting company, and is an evaluator and mentor for cybersecurity start-ups. He served as President of the FBI St. Louis Citizens Academy Alumni Association and is on the board of the Greater St. Louis Area Association of Certified Fraud Examiners. An adaptable individual with international experience, Gary has been based out of Asia, Europe, and the U.S. and has a refined ability to resolve conflict through negotiations and mediations. He holds four security certifications and a degree in Electrical Engineering & Computer Science from MIT.
- Alexis WombleSr. Threat Intelligence Analyst, BAE Systems
Alexis Womble is a Sr. Threat Intelligence Analyst at BAE Systems. Previously, she was a Cybersecurity Intelligence Analyst at Express Scripts, where she interned for a year in an EOCC automation development role, Attack Simulation role, and an Intelligence role. She is also a recent grad from Missouri Baptist University, where she can still be found backstage assisting in theater stage management even as an alumnus. Outside of this, she likes to break things, be up to date on all the InfoSec news and secrets, as well as practice social engineering with anyone who has fun with it.
- Brian AllenInformation Security Manager, Washington University in St. Louis
Brian Allen started in IT as a unix/security admin in 2000, and has been working in security at Washington University for 13 years. Before WashU, he was a Unix Admin at the University of Maryland for four years and then a Security Administrator at UMSL for two years.
- Joseph MarentetteMIM, Network Engineer 3, Washington University in St. Louis
Joe Marentette, MIM (WashU IT Network Engineer 3), has worked for the university for over 20 years. Joe leads the design and engineering of the WashU enterprise network and the research network. Joe has a long history of collaboration with the Information Security department, and most recently built the data collection network to capture networking traffic for security analysis by the Zeek cluster.
- Frank LeyvaSystems Engineer, Radware
Frank Leyva is a Systems Engineer with Radware, a market leader in cybersecurity with a focus on Network and Application level availability, and security. Prior to that, he was a subject matter expert in network security defense with a leading anti-malware company, performing advanced threat analysis, deep packet inspection, and creating hacker profiles for after attack reports. His skillset spans across all infrastructures, from on premise, physical, and virtual, to cloud, ISP, hosting, and carrier grade networks. He has spoken at many engagements with security partners, vendors, and C-level executives, continuously striving to stay up to date with current security trends, vulnerabilities, and exploits. As a prior service Marine, he is a member of LinkedIn Vets, and is also a member of InfraGard North Texas chapter, Dallas Hackers Association, and is an advisory board member for Navarro College.
- Rebecca HarnessVP & CISO, Quickbase
Rebecca Harness is VP & Chief Information Security Officer for Quickbase. Rebecca has an established 25-year career in information technology with the past twelve years specifically focused on information security and compliance. An accomplished entrepreneur, Rebecca has founded and led two successful technology startups over the course of her career, and serves as President of ISACA St. Louis. Rebecca is an alumnus of Hastings College, holds several technology and security certifications, and recently received a Master of Science in Information Security Engineering (MSISE) from SANS Technology Institute.
- Dr. Raj SachdevProfessor, Researcher, Lawyer, Education
Dr. Raj Sachdev is a professor, researcher, and internationally qualified lawyer (USA and England/Wales). He holds several degrees in business and law and has guest spoken at such institutions as Oxford, Cambridge, Stanford and major industry conferences including having given a TEDx talk. Over the last 15 years, he has taught 50+ different courses at other institutions including some as a part-time instructor at Stanford. He was formerly a visiting researcher at UC Berkeley.
Sachdev is the Dean of the Robert W. Plaster School of Business at Columbia College, where he has been faculty since 2017 and served as chair of the business department since 2018.
- John NewcomerSVP, Information Security, CitiBank
John Newcomer is currently Senior Vice President of Information Security at CitiBank, a top-10 national mortgage lender. He has eight years of experience in the information security field, with 17 years prior in IT.
- Abhijit SolankiFounder & Managing Director, Whiteboard Venture Partners
Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.
- Randy RawCISO, Veterans United Home Loans
Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.
- Marc AshworthCISO & SVP, First Bank
Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected professional with over 25 years of experience in cyber and physical security, IT/security architecture, business and departmental strategy, budgeting, project management and is a public speaker. He is a board member of St. Louis Chapter of InfraGard and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, and Security+, Ashworth currently oversees First Bank’s Information Security Department and the Network Services Department. You may reach him at Marc.Ashworth@fbol.com or Marc@AshworthCorp.com.
- Jeff KenneyCIO/CISO, Grasshopper Bank
30+ years IT and Information Security practice. CIO/CISO at the first digital commercial bank in the US. Previously served as the Global Head of Wealth Technology for Thomson Reuters wealth management business line. Lead a team of over 380 developers and technologists supporting the TR BETA, BETA Online, and Thomson One products. Previously the Financial Services Advisory practice lead for the Midwest at EY. Served 3 years as the CISO for First Bank in St Louis, MO. Other roles in engineering, technology, and consulting. Mentor with SixThirty Cyber in St. Louis, helping early stage security startups grow. Retired USAF Lt Colonel, with 24 years in Intelligence and Cyber.
- Christian EspinosaCEO, Blue Goat Cyber
Christian Espinosa is the CEO & Founder of Blue Goat Cyber and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a U.S. Air Force veteran with a BS in Engineering from the U.S. Air Force Academy and an MBA from Webster University. He holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Christian EspinosaCEO, Blue Goat Cyber
Christian Espinosa is the CEO & Founder of Blue Goat Cyber and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a U.S. Air Force veteran with a BS in Engineering from the U.S. Air Force Academy and an MBA from Webster University. He holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Alan BerryVice President, Cybersecurity, Centene Corporation
Alan Berry is the Vice President for Cybersecurity at Centene Corporation. He leads the Cyber Incident Response, Security Strategy, and Threat and Vulnerability Management teams, as well as the Business Resilience and Crisis Management teams. Alan brings 30 years of experience in cyber operations, communications, and command and control. Prior to joining Centene in November of 2017, Alan led the Disaster Recovery team at CVS Health, where he proactively restructured the teams and technologies involved with disaster response for the Fortune 7 company. Alan is also an Air Force veteran, serving just shy of 26 years in various positions in cyber and communications. This included the Director of Communications (CIO) for Air Forces Central, Commander of the 624th Operations Center (the AF’s command and control center for their global networks), and the Chief of Staff for Air Forces Cyber at Fort Meade, MD. Additionally, Alan is on the St. Louis InfraGard chapter board and on the Cybersecurity Education Advisory Board at Washington University.
- Beth YoungSr. Security Incident Response Consultant, Aflac
Beth Young has 20 years of cyber security experience. She is currently a Senior Security Incident Response Consultant with Aflac. Beth has previously worked for a financial services company and for one of the Information Sharing and Analysis centers. She just completed her Masters in Applied Data Science from Syracuse University. She has previously given talks at Secure World St Louis, EDUCAUSE, BSidesKC and MOREnet security conferences. Beth is the founder of the BSidesSpfd conference.
- Marc AshworthCISO & SVP, First Bank
Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected professional with over 25 years of experience in cyber and physical security, IT/security architecture, business and departmental strategy, budgeting, project management and is a public speaker. He is a board member of St. Louis Chapter of InfraGard and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, and Security+, Ashworth currently oversees First Bank’s Information Security Department and the Network Services Department. You may reach him at Marc.Ashworth@fbol.com or Marc@AshworthCorp.com.
- Christopher McMahonSpecial Agent, Global Investigative Operations Center, United States Secret Service
Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.
- Book Signing
- Daniel StiegmanCyber Threat Intelligence Engineer, Pathfinder Intel
Daniel is a 15-year Intelligence Professional, with a career in US Army Intelligence and the National Geospatial Agency. His primary focus has been in Counter-Terrorism, Asymmetrical Warfare, and Intelligence Analysis methodology. Daniel was a national-level instructor in All Source Intelligence Analysis and has written several published white papers on threats and threat methodology. Daniel now works as the Cyber Threat Intelligence Engineer for one of the largest private companies in the U.S. and is the Founder and Intelligence Lead of a non-profit that helps locate missing and exploited children.
- Bruce SussmanDirector of Media & Content, Podcast Host, SecureWorld
Emmy-winning journalist Bruce Sussman spent more than 20 years on TV screens in Portland, Oregon. During his "second career," he became fascinated by cybersecurity while working with CISOs at Gartner. He joined SecureWorld in 2017 to help grow its media division. Currently, he hosts the Remote Sessions daily web conference series and SecureWorld podcast published each Tuesday, and oversees news content for secureworldexpo.com. Sussman graduated from the University of Missouri School of Journalism back in the dark ages. Message him on LinkedIn if you'd like to connect!
- Don PetersonSupervisory Cybersecurity Analyst, Federal Reserve Board
Don Peterson is a Supervisory Cybersecurity Analyst for the Federal Reserve System, based out of the Federal Reserve Bank- St. Louis. He is tasked with overseeing the supervision of the largest and most systemically important financial institutions in the United States with assets of $100B+. His duties also include participating in the development of Federal Reserve and international cybersecurity policy and guidance. He sits on multiple System steering groups involving cybersecurity, technology, and intelligence within the Federal Reserve.
His past roles in technology and security span several sectors including Technology, Law Enforcement, Medical, and Higher Education. His research has involved Automated Machine Translation (AMT) of Arabic dialects to English and counterintelligence involving extremist groups. He is a member of several industry groups that include InfraGard, ECTF, Cloud Security Alliance, OWASP, and the IEEE. He holds several certifications and a Master’s of Cybersecurity Management (MSCM) from the McKelvey School of Engineering at Washington University in St. Louis.
- TJ GonenCo-Founder , Protego Labs
TJ is a subject matter expert on cloud security who has decades of experience solving enterprise problems with innovative solutions. His current project, Protego Labs, is two years in the making. With Protego, TJ has developed an award-winning platform that automates security for serverless applications. The combination of reduced development time, increased control, and optimal visibility makes the company's product one of a kind. TJ is a superb public speaker who can simultaneously engage an executive and a technical audience in depth.
- Mark GelhardtCIO, Georgia State Defense Force, Former CIO, The White House
Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.
- Randy RawCISO, Veterans United Home Loans
Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.
- Ronald WilliamsonInformation Security Officer, Medical College of Wisconsin
Ronald Williamson has over 20 years’ experience in Information Technology and Information Security. He has held roles within the banking, retail, and healthcare industry. Currently, he is Information Security Officer at the Medical College of Wisconsin. Driven by a belief in promoting a strategic vision and utilizing best practices to accomplish compliant and auditable information security controls and procedures, Ronald has a vast understanding of the risks facing information managers today.
- Timothy GraceDirector of Technology Risk Advisory Services, Mueller Prost
Timothy M. Grace, CIA, CISA, CISM, CRISC, Director of Technology Risk Advisory Services - As the Technology Risk Advisory Services leader for Mueller Prost. Tim brings more than 30 years of business experience delivering solutions that drive business innovation, optimization, and change within world class organizations. He is a leader in the fields of cybersecurity, information technology, internal audit, privacy, compliance, and risk management. Tim has brought best practices to global organizations and helped drive solutions that strengthen and enhance current technology practices. Through innovation and process improvement, Tim has been able to drive change to ensure organizations remain focused on key business issues. His deep information technology background and deep understanding of business processes allowed him to bring technology and business processes together.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes