googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, September 18, 2019
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Topic: How Mature is your Cybersecurity Incident Response Plan?
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: 105
    8:00 am
    SecureWorld PLUS Part 1 - Cyber Defense Ineffectiveness and What We Can Do About It
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CEO, Blue Goat Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 360

    Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.

    “Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa

    Throughout this training session, Christian Espinosa will candidly discuss the following key elements:

    • Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
    • Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
    • Motivations, breaches, and primary tactics used by attackers.
    • Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.

    During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.

    Meet the Trainer:
    Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 370

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    Cybersecurity and Industrial Control Systems
    • session level icon
    speaker photo
    Cybersecurity Compliance Manager, Electric Power Systems International
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 241

    This session will cover the special challenges of cybersecurity in Industrial Control Systems (ICS), the lack of available training, and how to find people to fill the void.

    8:30 am
    Building Resilience in a Smart Nation
    • session level icon
    speaker photo
    STAR Program Director, Cloud Security Alliance
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 230

    Smart cities harness digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges—presenting a huge opportunity but risk as well. To become the world’s “smart nation,” a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of the world’s 9 billion people will be city-dwellers by 2050, it’s vital we ensure cities provide a safe and pleasant environment that is sustainable and resilient to change.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    8:30 am
    Third-Party Risk: Creating and Managing a Program that Works!
    • session level icon
    speaker photo
    Managing Director, UHY Consulting
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 240

    Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

     

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    [OPENING KEYNOTE] Catching Cyber Criminals
    • session level icon
    Investigative Techniques to Identify Modern Threat Actors and the Clues They Leave Behind During Data Breaches
    speaker photo
    Security Researcher and Pentester, Author "Hunting Cyber Criminals"
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    This keynote will provide insight into modern threat groups like The Dark Overlord, MABNA, and Gnostic Players. The discussion will detail the formation of the groups, information on their structure, their core members, the tactics behind their attacks, and why their attacks are so successful.

    As a precursor to my upcoming book, “Hunting Cyber Criminals,” I will convey confidential information I have gathered in my personal dealings with these criminals, and provide an inside look at several of the companies they have breached and the many clues they unknowingly leave behind.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council LUNCH RoundTable: (VIP / Invite Only)
    • session level icon
    Topic: Prioritization of Top 20 Critical Security Controls
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 1:00 pm
    Location / Room: 105

    This session is for our Advisory Council members only.

    11:15 am
    (ISC)2 Chapter Meeting and Guest Presentation - Open to All Attendees
    • session level icon
    Topic: AI and Machine Learning for Information Security
    speaker photo
    System VP & CISO, SSM Health
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 240

    Interested in your local associations? Join (ISC)2 for their chapter meeting and guest presentation. This opportunity is open to all attendees.
    Presentation:
    Self-learning Artificial Intelligence, also known as Machine Learning (ML), is changing the world.  From skillfully optimizing store shelves to deftly influencing us to click on ads, ML is here to help.  35% of Amazon’s revenue is generated by its ML insightfully recommending products to you and me.  Come learn how intelligent machines make decisions, just like you or I do, but only faster and more accurately because it’s really good at math (!).

     

     

    11:15 am
    Opening the Door to InfoSec
    • session level icon
    speaker photo
    Sr. Threat Intelligence Analyst, BAE Systems
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 230

    This presentation is about personal experiences over my year as an intern to an associate cybersecurity intelligence analyst. Going from a dev team, to a red team, and eventually blue team. Highlighting industry struggles as a female (first and only female of each of these teams) trying to get an entry level position and trying to close my own skill gap. Also highlighting personal struggles as well as technical struggles.

    11:15 am
    Zeek and Ye Shall Find: How to Build a Zeek Cluster at Washington University
    • session level icon
    speaker photo
    Information Security Manager, Washington University in St. Louis
    speaker photo
    MIM, Network Engineer 3, Washington University in St. Louis
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 231

    Washington University has been using Zeek (formerly called BRO) for five years now. We recently moved from using SPAN sessions monitoring just north/south traffic, to building a TAP network to monitor both north/south and east/west traffic. We will look at the tools and hardware necessary to build the TAP network and the Zeek cluster. We will also look at some of the data that Zeek produces right out of the box.

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Systems Engineer, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 241

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    12:15 pm
    [LUNCH KEYNOTE] Storytelling 4 Cybersecurity
    • session level icon
    speaker photo
    VP & CISO, Quickbase
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Today, the industry struggles to articulate the most pressing risks facing a business, leading to every security control becoming a critical security control.

    The end result is an expensive, frustrating, and enigmatic cybersecurity program; and with a rapidly changing threat landscape, security fatigue sets in quickly. In order to win business support, we must be able to tell a compelling cybersecurity security story readily consumable by all.

    In this session, we’ll leverage a little communication theory 101 and audience-centered delivery techniques to create an influential cybersecurity story with an emotional, relatable hook.

     

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Ron Winward, Radware
    Daniel Conrad, One Identity
    Matt Modica, BJC
    Chris Schoen, Keysight/Ixia
    Chris Sears, Securonix
    Adam Bacia, SailPoint
    Moderator: Montez Fitzpatrick, Navvis Healthcare

    1:15 pm
    Panel: You Got Burned, Now What? (Incident Response)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 230

    We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
    Panelists:
    Adam Gates, Malwarebytes
    Vinny Troia, NightLion Security
    David Harrier, EHI
    Ronald Pipkins, Alert Logic
    Moderator: Priscilla Jacks, U.S. Bank

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Legal Issues in AI, IoT and the Cloud of the Future
    • session level icon
    speaker photo
    Professor, Researcher, Lawyer, Education
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 241
    AI, IoT and the Cloud are no doubt changing the way we live in the future. This presentation discusses current and predicted legal issues in AI, IoT and the Cloud into the future. Legal areas cover privacy and security law, marketing law, and tech law more generally. Trends in how AI, IoT and the Cloud will be used in the future will be married with the potential legal issues that may present themselves in that context. This will permit insight into how the law may evolve in these areas and how we can be ready for our cyber future from this perspective.
    3:00 pm
    Top 10 Activities to Avoid Identity Theft / Financial Fraud
    • session level icon
    speaker photo
    SVP, Information Security, CitiBank
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 240
    In the increasingly online world we live in, many people are concerned about having their identity stolen. A few simple precautions can go a long way to avoiding the hassle of identity theft. Join us as we explore ten action steps that we as consumers can take to lower the likelihood and impact of identity theft.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    3:00 pm
    CISO Ventures Panel: Are Cybersecurity Startups Meeting Expectations of Buyers Taking a Risk on Them?
    • session level icon
    speaker photo
    Founder & Managing Director, Whiteboard Venture Partners
    speaker photo
    CISO, Veterans United Home Loans
    speaker photo
    CISO & SVP, First Bank
    speaker photo
    CIO/CISO, Grasshopper Bank
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: 230

    The number of cyber startups is growing exponentially, with 4300+ cybersecurity companies worldwide including several private “unicorns”. With so many startups engaged in helping organizations achieve cybersecurity outcomes, how do organizational decision makers think about the risks involved in working with them? A panel of CXOs will share their expectations of and experiences with cybersecurity startups, including how they use solutions from startups to meet existing and emerging cybersecurity challenges.

     

    3:00 pm
    SecureWorld PLUS Part 2 - Cyber Defense Ineffectiveness and What We Can Do About It
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CEO, Blue Goat Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 360

    Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.

    “Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa

    Throughout this training session, Christian Espinosa will candidly discuss the following key elements:

    • Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
    • Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
    • Motivations, breaches, and primary tactics used by attackers.
    • Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.

    During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.

    Meet the Trainer:
    Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: 370

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
  • Thursday, September 19, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    SecureWorld PLUS Part 3 - Cyber Defense Ineffectiveness and What We Can Do About It
    • session level icon
    speaker photo
    CEO, Blue Goat Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 360

    Alpine Security CEO, Christian Espinosa, a bronze sponsor of SecureWorld Chicago, hosts SecureWorld Plus training session on Cyber Defense Ineffectiveness and What We Can Do About It. Attendees will be exposed to data gathered from real-world penetration tests, audits, and incident responses, bringing attention to the current state of cyber defense. Attendees will become familiar with the top 5 trending cybersecurity misconceptions and learn actionable solutions and tools to approach cyber defense and to create a more secure world. Upon completion of this 6-hour training session, attendees will be eligible to receive 12 CPE’s.

    “Ransomware & cyber extortion are effective because organizations blindly implement controls without a risk-based strategy, have poor cybersecurity awareness, and have difficulty determining the validity of ‘incriminating data’ used for cyber extortion.” -Christian Espinosa

    Throughout this training session, Christian Espinosa will candidly discuss the following key elements:

    • Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it?
    • Data gathered from real-world penetration tests, audits, and incident responses to focus on the current state of cyber defense.
    • Motivations, breaches, and primary tactics used by attackers.
    • Opportunities and solutions to address common issues such as how more organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse.

    During this training session, you can expect to participate in group activities and discussions. Be open to new ideas and approaches. We can learn from each other.

    Meet the Trainer:
    Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: 370

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:30 am
    InfraGard Chapter Meeting and Guest Presentation - Open to all Attendees
    • session level icon
    Topic: Cybersecurity Careers
    speaker photo
    Vice President, Cybersecurity, Centene Corporation
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Keynote Theater

    Join InfraGard for their chapter meeting and guest presentation. This session is for InfraGard members and all attendees interested in the local association. This is also a great networking opportunity.
    Presentation:
    Everyone has an opinion on what certification is best and what degree is or is not essential in cybersecurity.  Alan will provide insight on cybersecurity roles, the security certifications that matter for many of these roles, what type of training is truly valued by hiring managers and what key skills matter.

     

    8:30 am
    Behavioral Defense Using the MITRE ATT&CK Framework
    • session level icon
    speaker photo
    Sr. Security Incident Response Consultant, Aflac
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 230
    Indicators of Compromise (IOC) have been a mainstay of security defense, but companies still get hacked. One of the problems with IOCs is that they are only good for a short space of time. A miscreant can create a new domain, use it for 12 hours and then never use it again. Defenders need to stop thinking of bad domains or bad IP addresses and start focusing on the behavior of the miscreants. Using the MITRE ATT&CK Framework, we will discuss current attack techniques and how defenders can identify gaps in security coverage.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

     

    8:30 am
    Current and Proposed Privacy Regulations and How It Affects Security
    • session level icon
    speaker photo
    CISO & SVP, First Bank
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: 240

    GDPR and CCPA are two of the many privacy standards that are affecting organizations. How will these regulations impact your organization and where should cryptography and monitoring be used? What are some future regulation and standards around privacy and security that will impact how enterprises’ and individuals’ data may be protected?
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    [OPENING KEYNOTE] Business Email Compromise: Real World Stories and Practical Defense
    • session level icon
    speaker photo
    Special Agent, Global Investigative Operations Center, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. That kind of math explains why BEC is rampant, and every type of organization is at risk. During this presentation, hear from the point person on BEC cases investigated by the U.S. Secret Service. He’ll share true crime examples of and practical steps for defense against BEC losses, which now stand at $13.5 billion in the last six years.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    10:15 am
    Mark Gelhardt Book Signing in the CyberLounge on the Exhibitor Floor
    • session level icon
    Quantities are limited and will be distributed on a first-come, first-served basis.
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 12:00 pm
    Location / Room: CyberLounge

    Mark Gelhardt will be signing copies of his book, “My Time at The Clinton White House.”
    Find him in the CyberLounge on the Exhibitor Floor at the following times:
    10:15 a.m. – 12:00 p.m.
    1:00-1:15 p.m.
    BOOK SYNOPSIS:
    Colonel Mark Gelhardt had an atypical military career that landed him in The White House next to the President of the United States, where he was responsible for the last link of communications between the President and the rest of the U.S. government. While a Lieutenant Colonel (LTC) in the Army, Mark was selected by top federal officials to be the Commander of the Data Systems Unit, as part of the White House Communications Agency. In this position, he supported the President as the Chief Information Officer (CIO) for all classified IT used by The White House. LTC Gelhardt served at the White House for over four years (1995-1999), working with President Clinton and his staff almost every day, both on the White House grounds and traveling worldwide. This gave him unfettered access to the inner workings of The White House and the Presidency. Since retiring from the Army in 2001, Mark has been asked by many people about his time at The White House. Mark has many stories about what happened behind closed doors, and proudly speaks about the outstanding support done by the fantastic military members that support the Commander-in-Chief. Mark has taken the time to chronicle his experiences about his day-to-day job at The White House, as well as some of the funny stories he picked up along the way. Please enjoy this non-political book with surprising behind-the-scenes stories. I hope they provide you with some insight to the wonderful military members that work so hard to keep you safe every day in support the of President and Commander-in-Chief.

    11:00 am
    Advisory Council Round Table: (VIP / INVITE ONLY)
    • session level icon
    Topic: Privacy Versus Security (CCPA, GDPR, DevOpsSec)
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: 105
    11:15 am
    Deconstructing Chaos: A Look at the Threat Beyond the Computer
    • session level icon
    speaker photo
    Cyber Threat Intelligence Engineer, Pathfinder Intel
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 231
    Discussions on cyber threats typically don’t go beyond the computer system. Rarely, is the lone hacker or group and their intent come to light. In their attempt to understand cyber threats, security professionals typically grasp the minimalist understanding of “Bad Guys Do Bad Things.” Information Security Professionals sometimes lock themselves into a reactive state, and patching holes in a wall about to break.

    This is discussion will look beyond the computer threat, at the hacker, and what motivates them and try to create professionals who can see beyond the indicators, vulnerabilities and exploits, and find the proactive thinkers, organizations need.

    11:15 am
    7 Ways to Boost InfoSec’s Influence (and Yours) by Communicating Differently
    • session level icon
    speaker photo
    Director of Media & Content, Podcast Host, SecureWorld
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 230

    Grow your personal influence, your leadership possibilities and move your InfoSec objectives forward (faster) by thinking differently about how you communicate. Whether your audience is the board, your team, or any part of the business, this session will help you and your communication stand out. Lead by a long-time TV reporter turned cybersecurity journalist who shares a framework for powerful communication you can implement immediately.

    11:15 am
    Opportunity and Risk: How Open APIs Are Transforming Banking
    • session level icon
    speaker photo
    Supervisory Cybersecurity Analyst, Federal Reserve Board
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: 241

    Do you know what an Open API is? The data shows the majority of Americans don’t. Open/ public application programming interfaces (APIs) are the engine that power Open Banking, something that has transformed banking around the world the last couple of years. It is on the radar of banks in the United States and in practice in some. Open APIs enable the exchange of customer data with other parties in a simple and secure way, facilitating rapid innovation in products and services. Countries are creating laws and regulation around this practice. This innovation and opportunity potentially carries security risk.

    11:15 am
    Cloud Security Alliance Chapter Meeting and Guest Presentation (Open to all Attendees)
    • session level icon
    Topic: Same Problems but No Servers - Pragmatic Security in a Code-Centric Cloud
    speaker photo
    Co-Founder , Protego Labs
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: 240

    Interested in local associations? Join Cloud Security Alliance for their chapter meeting and guest presentation. This is open to all attendees.
    Presentation:
    Serverless architectures like AWS Lambda are a developer’s playground- no barriers and faster deployments. However, it can be a nightmare for security teams, often losing visibility and control. In this talk, we will explore how both teams can embrace cloud-native applications and embrace the challenge.
    Presentation Level:  TECHNICAL (deeper dive including TTPs)

    12:00 pm
    Advisory Council LUNCH Round Table - (VIP / Invite Only)
    • session level icon
    Topic: Zero Trust, What’s the Big Deal?
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: 105
    12:15 pm
    [LUNCH KEYNOTE] How to Manage Your Own Career to Get to the Top
    • session level icon
    speaker photo
    CIO, Georgia State Defense Force, Former CIO, The White House
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:15 pm
    Location / Room: Keynote Theater
    Do you have a plan for your future? Why not? You are the leader of your own destiny! You need to look at where you are, where you want to go, and have a plan to get there. We will talk about how to develop a plan, what to think about, and how to put one foot in front of the other to get to your end goal. We will also talk about how to manage up to your boss to get what you need to help you in your own career. Col. Mark Gelhardt made it to The White House managing his own career, and stood next to the President of the United States. He will tell you how he did it; if he can do it, so can you!

     

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Brian Louire, Mars
    Diego Maldonado Leonardo, DRS
    Teri Green, The Fantas Techs
    James Norberg, FCS Financial
    Moderator: Tim Grace, Mueller Prost

    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: 230

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.
    Panelists:
    Jon Stitzel, Ameren
    Bob Brown, First Busey Bank
    Gary Chan, FBISTLCAAA
    Chris Pittman, Cylance
    Moderator: Mike Kissel, Schnucks

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: SecureWorld Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: SecureWorld Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Moving from InfoSec Technician to InfoSec Leadership
    • session level icon
    speaker photo
    CISO, Veterans United Home Loans
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 240

    Are you a technician feeling the call towards leadership? Are you just interested in learning more about leadership? Just being a good tech is no guarantee of being a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge.

    Come to this session and join in a conversation about the path from the Information Security Technical role to an Information Security Leadership role. Learn the right Knowledge that will be Powerful in helping you become a great Information Security Leader!

    Presentation Level:
    MANAGERIAL (security and business leaders)

    3:00 pm
    Code(break;)ers: Cultivating More Inclusive Pathways to Technology
    • session level icon
    speaker photo
    Information Security Officer, Medical College of Wisconsin
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 241

    The security industry, much like the American workforce as a whole, is facing a crisis: job growth is outpacing traditional higher education’s output of viable, job-ready candidates, and coding bootcamps and online programs have become costly and exclusive. Employers across markets must revamp the way they recruit, hire and train tech talent in order to move the industry forward. Maria Laura Tarabillo and Ronald Williamson, along with other regional experts, will explore how looking past the barriers of conventional education opens doors for those traditionally marginalized while providing employers reliable ways to find and hire talent, thus creating an economic talent pipeline.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    TOO BIG TO FAIL / too small to worry: A Study of Why Security Is a Concern to Every Size of Business
    • session level icon
    speaker photo
    Director of Technology Risk Advisory Services, Mueller Prost
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: 230
    Organizational executives have many concerns, and cybersecurity initiatives are often a low priority until something happens. Can a large business employ a “too big to fail” strategy? Can a small business employ a “too small to worry” strategy? This session will examine evolving strategies of large organizations dealing with security breaches, and why they may or may not be concerned if they are a target. Conversely, small companies may consider themselves too small to be a target, and therefore think they do not need to worry about cybersecurity.

    We will examine why large organizations may employ a less than optimal strategy for cybersecurity protection. What are the effects on their client base, industry standards, regulatory compliance, negative press, and financial data? We will then compare that strategy to a small business strategy of being too small to worry about being a target. The session will cover real-life examples of the effects of cybersecurity breaches on both large and small business, and why everybody should be working proactively to protect their organizations.

    We will wrap up with strategies of how to protect an organization, including outlining steps to building a lasting cybersecurity strategy for breach prevention.
    Presentation Level: MANAGERIAL (security and business leaders)

Exhibitors
  • Alert Logic
    Booth: 320

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Alpine Security
    Booth: 650

    Alpine Security is a Service Disabled Veteran owned Small Business. We have extensive experience with security audits, regulatory compliance audits, vulnerability assessments, penetration testing (network, application, web application, and physical), social engineering, incident response, digital forensics, and user awareness & technical training.  Our team members are Industry Certified, bring vast project experience, highly educated, trusted, and experienced.  We have been on United States government red teams and have experience with military cyber operations – offensive and defensive.  Our team is also well-versed and experienced with commercial security assessments, audits, penetration testing, risk assessments, and incident response.  We have performed penetration tests and assessments for numerous industries, including aerospace & defense, education, healthcare, financial, energy, and oil & gas.  Our extensive experience in high-risk and complex environments ensures we are prepared to test your environment, regardless of the risk-level or complexity.  We’ve been tested under fire.

  • Apricorn
    Booth: 500

    Founded in 1983, Apricorn designs, manufactures, and supports storage innovations with your data’s security as our top priority. Our unique, patented approach is centered on being 100% hardware-encrypted, software-free, and cross-platform compatible. Trusted by numerous state, national, and international governments, as well as small and large corporations alike, Apricorn delivers advanced data security innovations designed to address today’s threats, as well as tomorrow’s.

  • Booth: 330
  • Burwood Group, Inc.
    Booth: 120

    Burwood Group, Inc. is an IT consulting and integration firm. We help forward-thinking leaders design, use, and manage technology to transform their business and improve outcomes. Our services in consulting, technology, and operations are rooted in business alignment and technical expertise in cloud, automation, security, and collaboration.

  • Cloud Security Alliance (CSA)
    Booth: 410

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Comodo Cybersecurity
    Booth: 630

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • Corelight
    Booth: 430

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • CyberUp
    Booth: 300

    Our mission is to close the cybersecurity skills gap by training the workforce of today and inspiring the workforce of tomorrow.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • ECTF
    Booth:

    As a result of the amalgamation of advanced technology and the Internet, both the quantity and sophistication of cybercrimes targeting U.S. financial institutions and critical infrastructure have increased. Today, criminal trends show an increased use of phishing emails, account takeovers, malicious software, hacking attacks and network intrusions resulting in significant data breaches. To protect the nation’s financial infrastructure from cyber and financial criminals, the Secret Service has adopted a multipronged approach.

  • Express Scripts
    Booth: 160

    Headquartered in St. Louis, Express Scripts is a healthcare technology company providing integrated pharmacy benefit management services. We put medicine within reach of eighty-three million people by aligning with plan sponsors, taking bold action and delivering patient-centered care to make better health more affordable and accessible. It’s more than what you think. As an organization that deals with highly sensitive patient information, we are committed to protecting the clients, patients, and companies we serve from security breaches and cyber-attacks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while leveraging internal and external threat intelligence to continuously improve our security posture.

  • FBI St. Louis Citizens Academy Alumni Association
    Booth:

    Join the FBI St. Louis Citizens Academy Alumni Association (FBISTLCAAA) membership any time after graduating from the FBI Citizens Academy!  FBISTLCAAA membership provides access to education in the areas of Federal Law Enforcement, to network with others, to participate in fun events, and to promote a safe and informed St. Louis community.
    Each member of the FBI St. Louis Citizens Academy Alumni Association is a graduate of an eight-week FBI Citizens Academy course in which the curriculum focuses on federal law enforcement issues and challenges. The FBISTLCAAA was established in 2006 with a local membership of FBI Citizens Academy Graduates.

  • Gemalto
    Booth: 100

    Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.

  • InfraGard St. Louis Members Alliance
    Booth: 150

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • ISACA St. Louis
    Booth:

    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the region.

    Meetings are generally held the 3rd Wednesday of the month between September and May.

  • ISC2 St. Louis Chapter
    Booth: 620

    As a regional chapter of ISC2, located in St. Louis and serving the St. Louis Metro area, the mission of the St. Louis Region/Scott AFB ISC2 Chapter is to provide members and other security professionals with the opportunity to share knowledge, grow professionally, raise security awareness and advance information security in local communities around the world.

  • Ixia, a Keysight Business
    Booth: 340

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Malwarebytes
    Booth: 200

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.

  • Midwest Cybersecurity Alliance
    Booth: 400

    Let MCSA help you prepare for the inevitable. Join our community to get access to insider best practices and new cutting edge approaches to developing cyber security programs and combating cyber attackers. To learn more about MCSA membership, contact us at info@MidwestCyber.org.

  • Mimecast
    Booth: 440

    Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.

  • Booth: 130
  • OWASP
    Booth: 350

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • ProcessUnity
    Booth: 600

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources.

  • Professional Education Technology & Leadership Center
    Booth: 140
  • Proofpoint
    Booth: 450

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Radware
    Booth: 310

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • SailPoint
    Booth: 610

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • SecureAuth
    Booth: 420

    SecureAuth enables the most secure and passwordless, continuous authentication experience for everyone, everywhere. The patented AI/ML technology allows frictionless access to any file and any application across your heterogenous environment. The platform extends the security of your IdP or it can be used as an end-to-end solution.

  • Securonix
    Booth: 460

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • Saint Louis University Workforce Center
    Booth: 660

    The Workforce Center was established in 2013 to address the skill needs of our modern and fast-paced workplaces. Powered by top-ranked Saint Louis University, the Workforce Center provides premier training solutions to corporations and individuals nationwide. With a mission to fulfill the needs of modern organizations, the Center offers a range of training topics including Cyber SecurityProject ManagementAgileAnalyticsSoftware Engineering and more.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Washington University in St. Louis
    Booth: 140

    Washington University in St. Louis (WashU, or WUSTL) is a private research university in St. Louis, Missouri. Founded in 1853, and named after George Washington, the university has students and faculty from all 50 U.S. states and more than 120 countries. As of 2017, 24 Nobel laureates in economics, physiology and medicine, chemistry, and physics have been affiliated with Washington University, nine having done the major part of their pioneering research at the university.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Christian Espinosa
    CEO, Blue Goat Cyber

    Christian Espinosa is the CEO & Founder of Blue Goat Cyber and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a U.S. Air Force veteran with a BS in Engineering from the U.S. Air Force Academy and an MBA from Webster University. He holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Craig Reeds
    Cybersecurity Compliance Manager, Electric Power Systems International

    Craig Reeds has been involved with Cybersecurity since before there was a name for it. During his time in the IT field, he has been responsible for Cyber Security, Cyber Vulnerability Assessments, Penetration Testing, Risk Identification and Management, Business Continuity/Disaster Recovery and Change Management. In his role as a NERC Compliance Senior Consultant he helps to protect the North American Power Grid. Craig hold both a CISSP and the CRISC certifications as well as degrees a BS in Information Systems from Maryville and an MBA from Webster University.

  • speaker photo
    John DiMaria
    STAR Program Director, Cloud Security Alliance

    John DiMaria has 30 years of successful experience in Standards and Management System Development, including Information Systems, Business Continuity, and Quality. John was one of the innovators and co-founders of the CSA STAR program for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook, and a working group member and key contributor to the NIST Cybersecurity Framework. He currently manages all facets of the CSA STAR Program which includes security, privacy, continuous monitoring, and development of new solutions.

  • speaker photo
    David Barton
    Managing Director, UHY Consulting

    David Barton is a Managing Director with UHY Consulting and practice leader of the Technology, Risk, and Compliance practice, which provides cybersecurity consulting and compliance services focused around information technology. He has over 30 years of practical experience in information systems and technology risk and controls.
    David is frequently asked to speak at national and regional events, such as SecureWorld and the Cloud Security Alliance Congress. He is the primary author of the CSA position paper on AICPA Service Organization Control Reports. He regularly provides his input and opinions for national publications such as Compliance Week, Accounting Today, and the Atlanta Journal Constitution.
    David holds an MBA and BS in Business Administration from Appalachian State University. He is Certified in Risk and Information Systems Control (CRISC), received the Certified Information Systems Auditor (CISA) designation in 1988, and is a member of the Atlanta chapter of the Cloud Security Alliance. David has active civic memberships with the Atlanta chapter of the Porsche Club of America and the Tire Rack Street Survival® program for teen driver education. He is also a certified high-performance driving instructor and former Porsche Club racer.

  • speaker photo
    Vinny Troia
    Security Researcher and Pentester, Author "Hunting Cyber Criminals"

    Founder and Principal Security Consultant of Night Lion Security, Vinny Troia brings 20+ years of IT security and development experience. He is also a featured speaker on ABC, CNBC, and Fox News.

    "One afternoon, I drafted an email to the CEO and CISO of a major airline company. The title read – URGENT – Data breach in your network. During our phone conversation later that evening, I proceeded to tell the security admin that I received word from a dark web contact that sensitive data from their network was about to go on sale later that week. Working in tandem with my dark web contacts and the company’s security team, we were able to identify the hacker’s position within their network, turned off their access, and closed the vulnerabilities that allowed them to gain access. This is the kind of thing I do day in and day out, and I love my job." - Vinny Troia

  • speaker photo
    Gary S. Chan
    System VP & CISO, SSM Health

    Gary S. Chan helps organizations innovate, stay secure, and meet compliance using information security as the vehicle. He has architected anti-fraud systems for state agencies, led the information security teams for a large-cap technology company, leads the information security department for a large multi-state healthcare system, owns an information security consulting company, and is an evaluator and mentor for cybersecurity start-ups. He served as President of the FBI St. Louis Citizens Academy Alumni Association and is on the board of the Greater St. Louis Area Association of Certified Fraud Examiners. An adaptable individual with international experience, Gary has been based out of Asia, Europe, and the U.S. and has a refined ability to resolve conflict through negotiations and mediations. He holds four security certifications and a degree in Electrical Engineering & Computer Science from MIT.

  • speaker photo
    Alexis Womble
    Sr. Threat Intelligence Analyst, BAE Systems

    Alexis Womble is a Sr. Threat Intelligence Analyst at BAE Systems. Previously, she was a Cybersecurity Intelligence Analyst at Express Scripts, where she interned for a year in an EOCC automation development role, Attack Simulation role, and an Intelligence role. She is also a recent grad from Missouri Baptist University, where she can still be found backstage assisting in theater stage management even as an alumnus. Outside of this, she likes to break things, be up to date on all the InfoSec news and secrets, as well as practice social engineering with anyone who has fun with it.

  • speaker photo
    Brian Allen
    Information Security Manager, Washington University in St. Louis

    Brian Allen started in IT as a unix/security admin in 2000, and has been working in security at Washington University for 13 years. Before WashU, he was a Unix Admin at the University of Maryland for four years and then a Security Administrator at UMSL for two years.

  • speaker photo
    Joseph Marentette
    MIM, Network Engineer 3, Washington University in St. Louis

    Joe Marentette, MIM (WashU IT Network Engineer 3), has worked for the university for over 20 years. Joe leads the design and engineering of the WashU enterprise network and the research network. Joe has a long history of collaboration with the Information Security department, and most recently built the data collection network to capture networking traffic for security analysis by the Zeek cluster.

  • speaker photo
    Frank Leyva
    Systems Engineer, Radware

    Frank Leyva is a Systems Engineer with Radware, a market leader in cybersecurity with a focus on Network and Application level availability, and security. Prior to that, he was a subject matter expert in network security defense with a leading anti-malware company, performing advanced threat analysis, deep packet inspection, and creating hacker profiles for after attack reports. His skillset spans across all infrastructures, from on premise, physical, and virtual, to cloud, ISP, hosting, and carrier grade networks. He has spoken at many engagements with security partners, vendors, and C-level executives, continuously striving to stay up to date with current security trends, vulnerabilities, and exploits. As a prior service Marine, he is a member of LinkedIn Vets, and is also a member of InfraGard North Texas chapter, Dallas Hackers Association, and is an advisory board member for Navarro College.

  • speaker photo
    Rebecca Harness
    VP & CISO, Quickbase

    Rebecca Harness is VP & Chief Information Security Officer for Quickbase. Rebecca has an established 25-year career in information technology with the past twelve years specifically focused on information security and compliance. An accomplished entrepreneur, Rebecca has founded and led two successful technology startups over the course of her career, and serves as President of ISACA St. Louis. Rebecca is an alumnus of Hastings College, holds several technology and security certifications, and recently received a Master of Science in Information Security Engineering (MSISE) from SANS Technology Institute.

  • speaker photo
    Dr. Raj Sachdev
    Professor, Researcher, Lawyer, Education

    Dr. Raj Sachdev is a professor, researcher, and‎ internationally qualified lawyer (USA and England/Wales). He holds‎ several degrees in business and law and has guest spoken at such institutions as Oxford, Cambridge, Stanford and major industry conferences including having given a TEDx talk. Over the last 15‎ years, he has taught 50‎+ different courses at other institutions including some as a part-time‎ instructor at Stanford. He was formerly a visiting researcher at UC Berkeley.

    Sachdev is the Dean of the Robert W. Plaster School of Business at Columbia College, where he has been faculty since 2017 and served as chair of the business department since 2018.

  • speaker photo
    John Newcomer
    SVP, Information Security, CitiBank

    John Newcomer is currently Senior Vice President of Information Security at CitiBank, a top-10 national mortgage lender. He has eight years of experience in the information security field, with 17 years prior in IT.

  • speaker photo
    Abhijit Solanki
    Founder & Managing Director, Whiteboard Venture Partners

    Abhijit Solanki is the founder of Whiteboard Venture Partners, an early stage venture capital firm helping entrepreneurs achieve their whiteboard dreams.

  • speaker photo
    Randy Raw
    CISO, Veterans United Home Loans

    Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.

  • speaker photo
    Marc Ashworth
    CISO & SVP, First Bank

    Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected professional with over 25 years of experience in cyber and physical security, IT/security architecture, business and departmental strategy, budgeting, project management and is a public speaker. He is a board member of St. Louis Chapter of InfraGard and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, and Security+, Ashworth currently oversees First Bank’s Information Security Department and the Network Services Department. You may reach him at Marc.Ashworth@fbol.com or Marc@AshworthCorp.com.

  • speaker photo
    Jeff Kenney
    CIO/CISO, Grasshopper Bank

    30+ years IT and Information Security practice. CIO/CISO at the first digital commercial bank in the US. Previously served as the Global Head of Wealth Technology for Thomson Reuters wealth management business line. Lead a team of over 380 developers and technologists supporting the TR BETA, BETA Online, and Thomson One products. Previously the Financial Services Advisory practice lead for the Midwest at EY. Served 3 years as the CISO for First Bank in St Louis, MO. Other roles in engineering, technology, and consulting. Mentor with SixThirty Cyber in St. Louis, helping early stage security startups grow. Retired USAF Lt Colonel, with 24 years in Intelligence and Cyber.

  • speaker photo
    Christian Espinosa
    CEO, Blue Goat Cyber

    Christian Espinosa is the CEO & Founder of Blue Goat Cyber and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a U.S. Air Force veteran with a BS in Engineering from the U.S. Air Force Academy and an MBA from Webster University. He holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Christian Espinosa
    CEO, Blue Goat Cyber

    Christian Espinosa is the CEO & Founder of Blue Goat Cyber and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a U.S. Air Force veteran with a BS in Engineering from the U.S. Air Force Academy and an MBA from Webster University. He holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Alan Berry
    Vice President, Cybersecurity, Centene Corporation

    Alan Berry is the Vice President for Cybersecurity at Centene Corporation. He leads the Cyber Incident Response, Security Strategy, and Threat and Vulnerability Management teams, as well as the Business Resilience and Crisis Management teams. Alan brings 30 years of experience in cyber operations, communications, and command and control. Prior to joining Centene in November of 2017, Alan led the Disaster Recovery team at CVS Health, where he proactively restructured the teams and technologies involved with disaster response for the Fortune 7 company. Alan is also an Air Force veteran, serving just shy of 26 years in various positions in cyber and communications. This included the Director of Communications (CIO) for Air Forces Central, Commander of the 624th Operations Center (the AF’s command and control center for their global networks), and the Chief of Staff for Air Forces Cyber at Fort Meade, MD. Additionally, Alan is on the St. Louis InfraGard chapter board and on the Cybersecurity Education Advisory Board at Washington University.

  • speaker photo
    Beth Young
    Sr. Security Incident Response Consultant, Aflac

    Beth Young has 20 years of cyber security experience. She is currently a Senior Security Incident Response Consultant with Aflac. Beth has previously worked for a financial services company and for one of the Information Sharing and Analysis centers. She just completed her Masters in Applied Data Science from Syracuse University. She has previously given talks at Secure World St Louis, EDUCAUSE, BSidesKC and MOREnet security conferences. Beth is the founder of the BSidesSpfd conference.

  • speaker photo
    Marc Ashworth
    CISO & SVP, First Bank

    Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected professional with over 25 years of experience in cyber and physical security, IT/security architecture, business and departmental strategy, budgeting, project management and is a public speaker. He is a board member of St. Louis Chapter of InfraGard and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, and Security+, Ashworth currently oversees First Bank’s Information Security Department and the Network Services Department. You may reach him at Marc.Ashworth@fbol.com or Marc@AshworthCorp.com.

  • speaker photo
    Christopher McMahon
    Special Agent, Global Investigative Operations Center, United States Secret Service

    Chris McMahon is a Special Agent for the United States Secret Service. Prior to joining the Secret Service, Chris was a Prince George’s County, MD Police Officer. Chris is a well-seasoned criminal investigator specializing in cyber-enabled financial fraud, money laundering, credit card/ID fraud among other crimes. Chris began his Secret Service career out of the New York Field Office spending time between the Fraud Squad and Electronic Crimes Task Force where he earned the designation NITRO Agent for specialized training in network intrusions. While in the New York Field Office, Chris ran point on several large-scale multi-national criminal investigations targeting transnational organized crime groups. Chris is currently assigned to the U.S. Secret Service, Global Investigative Operations Center (GIOC) where he specializes in Business Email Compromise schemes and account takeovers focusing on the international nexus of cyber-enabled financial crime.

  • speaker photo
    Book Signing
  • speaker photo
    Daniel Stiegman
    Cyber Threat Intelligence Engineer, Pathfinder Intel

    Daniel is a 15-year Intelligence Professional, with a career in US Army Intelligence and the National Geospatial Agency. His primary focus has been in Counter-Terrorism, Asymmetrical Warfare, and Intelligence Analysis methodology. Daniel was a national-level instructor in All Source Intelligence Analysis and has written several published white papers on threats and threat methodology. Daniel now works as the Cyber Threat Intelligence Engineer for one of the largest private companies in the U.S. and is the Founder and Intelligence Lead of a non-profit that helps locate missing and exploited children.

  • speaker photo
    Bruce Sussman
    Director of Media & Content, Podcast Host, SecureWorld

    Emmy-winning journalist Bruce Sussman spent more than 20 years on TV screens in Portland, Oregon. During his "second career," he became fascinated by cybersecurity while working with CISOs at Gartner. He joined SecureWorld in 2017 to help grow its media division. Currently, he hosts the Remote Sessions daily web conference series and SecureWorld podcast published each Tuesday, and oversees news content for secureworldexpo.com. Sussman graduated from the University of Missouri School of Journalism back in the dark ages. Message him on LinkedIn if you'd like to connect!

  • speaker photo
    Don Peterson
    Supervisory Cybersecurity Analyst, Federal Reserve Board

    Don Peterson is a Supervisory Cybersecurity Analyst for the Federal Reserve System, based out of the Federal Reserve Bank- St. Louis. He is tasked with overseeing the supervision of the largest and most systemically important financial institutions in the United States with assets of $100B+. His duties also include participating in the development of Federal Reserve and international cybersecurity policy and guidance. He sits on multiple System steering groups involving cybersecurity, technology, and intelligence within the Federal Reserve.

    His past roles in technology and security span several sectors including Technology, Law Enforcement, Medical, and Higher Education. His research has involved Automated Machine Translation (AMT) of Arabic dialects to English and counterintelligence involving extremist groups. He is a member of several industry groups that include InfraGard, ECTF, Cloud Security Alliance, OWASP, and the IEEE. He holds several certifications and a Master’s of Cybersecurity Management (MSCM) from the McKelvey School of Engineering at Washington University in St. Louis.

  • speaker photo
    TJ Gonen
    Co-Founder , Protego Labs

    TJ is a subject matter expert on cloud security who has decades of experience solving enterprise problems with innovative solutions. His current project, Protego Labs, is two years in the making. With Protego, TJ has developed an award-winning platform that automates security for serverless applications. The combination of reduced development time, increased control, and optimal visibility makes the company's product one of a kind. TJ is a superb public speaker who can simultaneously engage an executive and a technical audience in depth.

  • speaker photo
    Mark Gelhardt
    CIO, Georgia State Defense Force, Former CIO, The White House

    Colonel Gelhardt, at the pinnacle of his military career was selection to work at The White House as the CIO, supporting President Clinton, the VP, the White House Staff, and the U.S. Secret Service managing all the classified automation and telecommunications. Colonel Gelhardt is a combat veteran. Colonel Gelhardt is a well-known speaker and the author of “My time at the Clinton White House”. Since retiring from active service, Colonel Gelhardt has volunteer with many different service organizations. Currently he is the Chief Information Officer for the Georgia State Defense Force and all volunteer force keeping your state safe.

  • speaker photo
    Randy Raw
    CISO, Veterans United Home Loans

    Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.

  • speaker photo
    Ronald Williamson
    Information Security Officer, Medical College of Wisconsin

    Ronald Williamson has over 20 years’ experience in Information Technology and Information Security. He has held roles within the banking, retail, and healthcare industry. Currently, he is Information Security Officer at the Medical College of Wisconsin. Driven by a belief in promoting a strategic vision and utilizing best practices to accomplish compliant and auditable information security controls and procedures, Ronald has a vast understanding of the risks facing information managers today.

  • speaker photo
    Timothy Grace
    Director of Technology Risk Advisory Services, Mueller Prost

    Timothy M. Grace, CIA, CISA, CISM, CRISC, Director of Technology Risk Advisory Services - As the Technology Risk Advisory Services leader for Mueller Prost. Tim brings more than 30 years of business experience delivering solutions that drive business innovation, optimization, and change within world class organizations. He is a leader in the fields of cybersecurity, information technology, internal audit, privacy, compliance, and risk management. Tim has brought best practices to global organizations and helped drive solutions that strengthen and enhance current technology practices. Through innovation and process improvement, Tim has been able to drive change to ensure organizations remain focused on key business issues. His deep information technology background and deep understanding of business processes allowed him to bring technology and business processes together.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes