googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Thursday, October 22, 2020
    8:00 am
    Executive Roundtable [VIP invite only]
    • session level icon
    Discussion topic: Remote Workforce—Lessons Learned
    speaker photo
    CISO, The University of Texas System
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am

    This session is for Advisory Council members only.

    Companies had no real choice as we all moved to the “new normal” and a fledgling at home workforce due to the coronavirus outbreak. If you stop and think about it, it was quite the feat—a massive cloud migration the likes of which had never been seen before. Now that things are somewhat settled into a pattern, what are you discovering that should have been done differently? Realizing that a lot of the same things need to be done? How is the network perimeter now? How many devices are suddenly on your networks? IoT devices from the remote workers piggybacking on the home connections? What are the legal challenges now (think reasonable security)? We’ll take a deep dive into lessons learned with a remote workforce.

    8:30 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:00 am
    [Opening Keynote] Panel: Different Perspectives on Cybersecurity in Oil and Gas
    • session level icon
    speaker photo
    Executive Director, ONG-ISAC
    speaker photo
    Sr. Director, IT Security & Compliance at Enterprise Products, Chairman, ONG-ISAC
    speaker photo
    Information Security Advisor, Devon Energy Corporation
    speaker photo
    Cyber Security Threat Analyst, Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC)
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:00 am
    Hey, Information Security: Be Part of the Digital Transformation or Be Left Behind!
    • session level icon
    speaker photo
    Director, Information Security Education & Consulting, Harvard University
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am
    “Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust.

    Join this session to learn how you can:
    •  Embed security into your culture, technologies and processes
    •  Empower innovation and expedite time-to-market through consistent security risk governance
    •  Assess the impacts, goals and methods of likely cyber attacks and incidents
    •  Align IT and security professionals with business objectives and risk tolerance
    •  Prepare now for effective detection and response to reduce business impacts of incidents

    Presentation level: MANAGERIAL (security and business leaders)

    10:00 am
    Taming the Third-Party Risk Beast
    • session level icon
    speaker photo
    CISO, SecureLink
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    These days, with the number of vendors and other third parties putting their tentacles into your systems and networks, you can feel like you are fighting a multi-headed hydra in trying to limit third-party risk in your IT systems. In this talk, we will discuss the nature of this beast and how to tame it using best practices, technical controls, and good review processes. We will walk through a well-designed vendor management program, including inventorying, risk assessing, on-boarding and off-boarding processes, and audit procedures that will help you tame every hairy, scary vendor on your network so that their weakest links are not yours.

    10:00 am
    A 'ToR' of the Three Ds: Dark Web, Deep Web, Dark Net
    • session level icon
    speaker photo
    Sr. Director, Cyber Security, Acumatica, Inc.
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    This is a first-hand account into the WILD of the internet. We always hear about the “Dark Web” and how various services advertise the use of such a resource, but what does that mean? Better yet, what does it look like? This presentation will demonstrate where “various” types of activity—i.e., personal identifiable information, transaction information, and other related content—reside.

    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:45 am
    Inside the Mind of a Threat Actor: Beyond Pentesting
    • session level icon
    speaker photo
    Lead Curriculum Developer, Point3 Federal
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Red team is a commonly misunderstood offensive security discipline. Red team has been used as a general term for all areas of offensive security, just as blue team for defensive security. True red teaming goes beyond pentesting and into more adversarial emulation. While there are overlapping skills, there are differences that will be discussed as Phillip shares his experience of going from a pentester to a red teamer. In this talk, you will learn about the different areas that make up red team operations, common tools, and the path to becoming a red teamer.

    Attendees will learn the following:

    • What is offensive security
    • Domains of offensive security from pentesting to red teaming
    • Differences between pentesting and red team
    • How the threat actor mindset is important for exposing possible breaches
    • Learning resources and how to become a red teamer
    10:45 am
    The Hero's Journey: How to Tell the Story of Your Risk-Driven Program
    • session level icon
    speaker photo
    Business Information Security Manager, Wood.
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    The Hero’s Journey is the familiar story we all love to hear about the unlikely hero who answers the call to adventure, is victorious in pursuit of a goal, and returns transformed.  This session will take you on a thrilling adventure: your very own hero’s journey to championing your risk-driven program with useful metrics. It doesn’t matter if you’re the grand poobah who sets strategy, the herder of cats who defines tactics, or the technical guru actually fulfilling operations, we are all the heroes of our own stories.  Let useful metrics be your narrator.

    10:45 am
    Who Accessed Your Data in the Cloud? Your Bosses and Auditors Want to Know
    • session level icon
    speaker photo
    Director, Product Management, Imperva
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Your business is moving data to the cloud without all the security controls mandated for on-prem. After all, the promised economics and business agility are far too attractive for business leaders to ignore. But attackers are after data, auditors demand evidence, and Security is still responsible for protecting data. You need to catch up with that data before attackers and auditors find it, and you need to catch up right now.

    Join Imperva to learn how to reconcile Security’s need for visibility with the business’s need for speed and agility—in minutes. This session will include:

    • Learn the fast path to getting control of your data already in the cloud
    • What capabilities you will have to bring to make cloud DBaaS secure and audit-ready
    • How cloud-native data security can be frictionless to the business’s need for speed
    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:30 am
    The New NIST Phish Scale: Revealing Why End-Users Click
    • session level icon
    speaker photo
    Computer Scientist, Visualization and Usability Group, National Institute of Standards and Technology (NIST)
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:15 pm

    Developed based on over four years of NIST phishing training data, the NIST Phish Scale is a DIY method for rating human phishing detection difficulty—key to understanding variability in phishing click rates. This talk will cover why end-users click, why it’s important to understand phishing detection difficulty, and how to use the NIST Phish Scale. Understanding what emails your end-users are susceptible to will help you better defend against phishing attacks in the wild.

    11:30 am
    Pivoting Your Information Security Program to the New Normal
    • session level icon
    speaker photo
    CISO, Veterans United Home Loans
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:15 pm

    We are living in different times that demand different ways of thinking. Many existing Information Security tools have lost some visibility and viability. How has your thinking changed about your Information Security program? Maybe more importantly, what are you thinking the future will look like and how are you posturing your next purchase, hire, or action to be prepared for the next pivot? We will talk about some questions you should be asking yourself, your team, your peers, and your executives.

    11:30 am
    The DoD’s Cybersecurity Maturity Model Certification (CMMC) Is Coming – Are You Ready?
    • session level icon
    speaker photo
    Treasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation Body
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:15 pm

    Supply chain risks are at the top of everyone’s mind today, and the US Department of Defense (DoD) is no different. That is why the DoD created its Cybersecurity Maturity Model Certification (CMMC). CMMC is a five level, third-party validated maturity certification. CMMC includes both technical and process/procedural requirements. Organizations in the Defense Supply Chain will be required to obtain CMMC certification before contract award. Requests for Proposals (RFPs) containing CMMC requirements are expected in October 2020. This session provides an overview of CMMC and the corresponding industry-led ecosystem that is being created, spearheaded by the CMMC Accreditation Body (CMMC-AB).
    Presentation Level: MANAGERIAL (security and business leaders)

    12:15 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 12:30 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    12:30 pm
    Approaches to Justifying Cybersecurity Projects and Spend
    • session level icon
    speaker photo
    Chief Information Security & Privacy Officer, WorkForce Software
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm

    Feel like you’re not getting enough funding for your security projects or program? Learn to stack the deck in your favor by following four basic rules. Lots of examples will be presented!

    12:30 pm
    Blue-Teaming and Incident Response for the 'Win'
    • session level icon
    speaker photo
    Research Security Officer, Massachusetts Institute of Technology
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm

    Does your company use Windows or is most of the environment Windows? Come to this session to specifically learn the ins and outs of what are the most critical things needed in order to establish a respectable blueteam program at your organization. Do you know what Windows security event log 4688 mean? What about others? What are the event logs that you should know by hand or have a cheat-sheet for? What are some tools that you should be using and how can you automate them to help detect lateral movement. Also, we will be leveraging opensource tools. No, additional $ is not required. Trying harder, building your technical skills and doing proactive threat hunting will help you and your team. “Don’t worry all of this information will be useful for all no matter what level.” Per time permitting, we might also quickly talk about incident response as well, initially. Also, bring your technical questions too during our Q&A session.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    12:30 pm
    [Panel] Threat Landscape in Flux: Emerging Threats
    • session level icon
    speaker photo
    Chief Security Officer, IntSights
    speaker photo
    CISO, SecureLink
    speaker photo
    Director of Technology - Office of the CTO, Imperva
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm

    The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.

    1:00 pm
    Networking Break
    Registration Level:
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    The Changing Legal Enforcement in Cyber and Privacy
    • session level icon
    speaker photo
    Founding Partner & Owner, Fischer Law, LLC
    speaker photo
    Member, Data Privacy & Cybersecurity, Clark Hill Law
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 1:45 pm

    With the changing legislation, here in the U.S. and globally, there is an increasing emphasis on enforcement of data privacy and cybersecurity, both by regulators and individuals. The ability to bring a private right of action by individuals is a sword that data subjects are using to enforce their rights, both in the U.S. and Europe. This session will provide a detailed update on key enforcement actions, with the courts and by agencies, to ensure that companies understand the challenges and their potential liabilities.

    1:15 pm
    [Panel] Remote Workforce: Lessons Learned
    • session level icon
    speaker photo
    Director of Information Security and Research, Automox
    speaker photo
    Sr. Manager, IT Advisory, DHG
    speaker photo
    Deputy CISO, Fortinet
    speaker photo
    Regional Sales Manager, Mailprotector
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 1:45 pm

    Companies had no real choice as we all moved to the “new normal” and a fledgling at home workforce due to the coronavirus outbreak. If you stop and think about it, it was quite the feat—a massive cloud migration the likes of which had never been seen before. Now that things are somewhat settled into a pattern, what are you discovering that should have been done differently? Realizing that a lot of the same things need to be done? How is the network perimeter now? How many devices are suddenly on your networks? IoT devices from the remote workers piggybacking on the home connections? What are the legal challenges now (think reasonable security)? Join us for a panel discussion of security experts.

    1:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:45 pm - 2:00 pm
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:00 pm
    [Closing Keynote] Turning the Tables: Putting Threat Intel to Work Against Attackers
    • session level icon
    speaker photo
    Chief Security Officer, IntSights
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:45 pm

    We read about hacks and breaches on a daily basis, but what do we actually know about these cybercrime groups and how they conduct these attacks?

    In this session, we will dive into a few hacking techniques, demonstrate what types of tools hackers are using today, examine the scope of these attacks, and discuss best practices to protect ourselves and our businesses. During the session, we will review security issues with people, process, and technology, see how OSINT (Open Source Intelligence) is leveraged for social engineering attacks, and review some of the latest attacks seen in the wild. We will close by examining how to operationalize threat intelligence using security frameworks such as MITRE ATT&CK framework in conjunction with cyber threat intelligence best practices.

Exhibitors
  • ACFE Houston
    Booth:

    We are the world’s largest anti-fraud organization and premier provider of anti-fraud training and education. The mission of the ACFE Foundation is to increase the body of anti-fraud knowledge by supporting future anti-fraud professionals worldwide through the funding of the Ritchie-Jennings Memorial Scholarship Program. The scholarship program provides an opportunity for men and women of all ages, races, religions and income levels to advance their education. Many of these outstanding and deserving students go on to become Certified Fraud Examiners.

  • ACP
    Booth:

    ACP is the premier organization for business continuity professionals providing a powerful networking and learning environment for ACPits members. Known for its progressive programs, workshops and symposiums, the organization has become a unifying force in defining and leading the continuously evolving fields of business continuity, disaster recovery, and emergency response (the “profession”). The Organization is strategically aligned with business partners such as DRI International, and BC Management, as well as our corporate sponsors. With a strong presence in North America, ACP has 42 chapters and over 2,300 members. We welcome all individuals, regardless of experience or certification, with an interest in the Profession.

    Founded in 1983, we are an established community of industry experts, educators, practitioners, leaders, facilitators and advocates. Our members view us as connectors and as a vital networking source.

  • Automox
    Booth:

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • Checkmarx Inc.
    Booth:

    Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

  • Cloud Security Alliance (CSA)
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cobalt
    Booth:

    Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • DHG
    Booth:

    Headquartered in Charlotte, NC, DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 13 states, we combine deep experience with a strong commitment to personal service. We are passionate about helping our clients succeed—and we do so through a resourceful approach to solving problems, providing solutions and helping our clients achieve their goals.

    Dedicated client focus and relationships have been and always will be our touchstone. Here at DHG, you’ll receive personalized service provided by a team of professionals who are eager to share their knowledge and experience with you. We draw on our extensive resources to combine comprehensive assurance, tax and advisory services.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Fortinet
    Booth:

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • IntSights
    Booth:

    IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

  • Gigamon
    Booth:

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • Imperva
    Booth:

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • InfraGard Houston
    Booth:

    The Houston Chapter of InfraGard provides members of the Critical Infrastructure community a means to share information to prevent, protect, and defend against hostile acts against Critical Infrastructure and Key Resources (CIKR). InfraGard is designed to address the need for private and public-sector information-sharing mechanisms at both the national and local levels. It is our goal to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical national infrastructures.

  • InfraGard North Texas Members Alliance
    Booth:

    The primary purpose of the InfraGard North Texas Members Alliance is to assist in increasing the security of the United States national infrastructures through ongoing exchanges of information relevant to infrastructure protection and through education, outreach, and similar efforts. In addition to the benefits offered by the national InfraGard organization, there are several ways our local chapter accomplishes these objectives, including:

    • Local quarterly membership meetings focused on infrastructure protection
    • Sector-specific meetings and information exchanges (see Sector Chief Program).
    • Partnerships and discounts to training offerings with other organizations such as ISSA and SecureWorld
    • Networking opportunities with peers within and across all sectors
  • ISACA Houston
    Booth:

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area. We conduct chapter meetings the third Thursday of the month that typically includes a morning or afternoon training along with a luncheon meeting/training. We also sponsor SIG group meetings on the same day. Local seminars are held in the spring and fall that include topics of high relevance to our membership community. Certification training is scheduled before each ISACA exam date based on interest level.

  • ISC2 Dallas-Fort Worth Chapter
    Booth:

    The Dallas-Fort Worth Chapter of ISC2 is based in the DFW area and serves the counties of the Dallas-Fort Worth Metroplex. Members include those with security certifications from ISC2 as well as other professionals practicing or interested in information, software and communications security. Our mission is to advance information security in the DFW area by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects. Our chapter programs provide members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security. We also provide our members with access to a variety of industry resources and educational programs to keep them up to date with the latest advances in technology as well as information assurance.

  • ISSA Fort Worth
    Booth:

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Learn more at the ISSA, International website. The Fort Worth Chapter of ISSA brings all of the benefits of International membership, along with opportunities for experiencing great speakers, local networking, earning CPEs, job prospecting and more.

  • North Texas ISSA
    Booth:

    The Dallas/Fort Worth area has many large corporations, government organizations, and educational institutions. Our membership comes from the network and information systems professionals of these organizations and institutions, as well as vendors of security products. We seek to provide our members with access to information and resources to assist their employers in securing critical information resources. Our monthly luncheon meetings, conferences, and other resources are available to members and non-members alike to assist in educating security practitioners of all types.

  • ISSA South Texas
    Booth:

    The South Texas Chapter of the Information Systems Security Association (ISSA) is a non-profit organization of information security professionals and practitioners. South Texas ISSA provides education forums, publications and peer interaction opportunities which enhance the knowledge, skill and professional growth of its members. This Chapter is affiliated with the international ISSA organization, conforms to its professional and organizational guidelines, and supports the ISSA Code of Ethics. We encourage our members to pursue and maintain formal security certifications in their chosen fields and offer training opportunities to help members meet requirements for continuing education.

  • NinjaRMM
    Booth:

    NinjaRMM is an all-in-one endpoint management platform that helps IT leaders more efficiently manage a geographically diffuse IT infrastructure by enabling their teams to remotely monitor and manage workstations, laptops, servers, and networks. NinjaRMM increases business efficiency by combining monitoring, alerting, patching, antivirus, backup, and IT automation all within a single pane of glass. NinjaRMM has been named a Leader by G2Crowd and rated the #1 RMM across 8 categories, including ease of use, product direction, quality of support and overall satisfaction.

  • RIMS
    Booth:

    The Dallas Fort Worth RIMS Chapter is among the largest most active chapters in the world, making a global and local difference regarding the importance of Risk Management.

  • SecureLink
    Booth:

    SecureLink is a leader in managing secure third-party access and remote support for both enterprise companies and technology providers. SecureLink serves over 400 customers and 30,000 organizations worldwide. World-class companies across multiple industries including healthcare, financial services, legal, gaming and retail rely on SecureLink’s secure, purpose-built platform.

  • SIM Houston
    Booth:

    Recognizing the unique needs of the industry, SIM collects the intellectual capital of IT leaders nationwide and offers the resources you need to do business better. Membership in the SIM Houston Chapter continues to grow as well as the number of activities both in educational, community, and social programs.

  • Spirion
    Booth:

    Spirion is a leading enterprise data management software solution that provides high-precision searches and automated classification of unstructured and structured data with unparalleled accuracy.  Spirion helps businesses reduce their sensitive data footprint and proactively minimize risks, costs and reputational damage of cyberattacks by discovering, classifying, monitoring and protecting sensitive data.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    George Finney
    CISO, The University of Texas System

    George Finney is a Chief Information Security Officer that believes that people are the key to solving our cybersecurity challenges. He is the CEO and founder of Well Aware Security and the CISO for The University of Texas System in Dallas, Texas. George has worked in Cybersecurity for nearly 20 years and has helped startups, global telecommunications firms, and nonprofits improve their security posture. As a part of his passion for education, George has taught cybersecurity at SMU and is the author of several cybersecurity books, including "Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future" and "No More Magic Wands: Transformative Cybersecurity Change for Everyone." George has been recognized by Security Magazine as one of their top cybersecurity leaders in 2018 and is a part of the Texas CISO Council, is a member of the Board of Directors for the Palo Alto Networks FUEL User Group, and is an Advisory Board member for SecureWorld. George holds a Juris Doctorate from SMU and a Bachelor of Arts from St. John's College, as well as multiple cybersecurity certifications including the CISSP, CISM, and CIPP.

  • speaker photo
    Angela Haun
    Executive Director, ONG-ISAC

    Angela Haun became the Executive Director of the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) in September 2018. Ms. Haun joined the ISAC after a 20-year career as a Special Agent with the FBI. She brought extensive experience in cybersecurity and protecting critical assets from her work at the FBI, along with her leadership skills from the Houston InfraGard Chapter, which became the largest in the country while she was the FBI coordinator. Ms. Haun received the award for “InfraGard Coordinator of the Year” from the InfraGard National Members Alliance (INMA) in 2013 and 2016. In September 2018, she received the prestigious “Linda Franklin Award” from the INMA for dedicated service at the local, regional and national level for the FBI’s InfraGard program.

    Since joining the ONG-ISAC, Ms. Haun has launched a successful incentive challenge to increase, reward and recognize member companies’ contributions to the ISAC’s mission. Ms. Haun expanded the ONG-ISAC’s membership with a Strategic Partnership Pilot Program, bringing new organizations, expertise, resources and funding to support the ISAC’s efforts. She has been a subject matter expert speaker, organizer and participant in numerous energy-related conferences, briefings, exercises, meetings, webinars and other events. Ms. Haun is actively pursuing upgraded technologies and additional benefits for ONG-ISAC member analysts and executives.

  • speaker photo
    Stuart Wagner
    Sr. Director, IT Security & Compliance at Enterprise Products, Chairman, ONG-ISAC

    Stuart served as a Board Member of ONG-ISAC for over five years and became Chairman in June 2018. He has attended the FBI CISO Academy, has served as President of the award-winning South Texas Chapter of the Information Systems Security Association (ISSA), and is a member of ISACA and InfraGard. Stuart has developed and led information security programs for multi-billion dollar companies for the past twelve years and is currently the Sr. Director, IT Security and Compliance for one of the largest publicly-traded energy partnerships. His experience includes information security policy development, creating security awareness campaigns, security operations, leading incident response teams, and setting information security strategy.

  • speaker photo
    Travis Herrmann
    Information Security Advisor, Devon Energy Corporation

    Travis has been with Devon Energy for 20 years, being a pioneering member of the Information Security team. Currently, Travis supports the Incident Response, Hunt, and Intelligence functions at Devon, serves on the ONG-ISAC Information Sharing committee, and holds multiple industry security certifications.

  • speaker photo
    Katrina Watts
    Cyber Security Threat Analyst, Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC)

    Katrina Watts works as a Threat Analyst with the ONG-ISAC and focuses on curating and sharing qualitative intelligence related to cyber threats to the oil and natural gas supply chain. Prior to joining the ONG-ISAC, Katrina worked as an Incident Response Analyst for a mid-size corporation and separately as a contractor. Additionally, Katrina has prior experience working in the Legal sector as a Litigation and E-Discovery analyst performing sound data collection, culling and big data analytics. Katrina received her BA from Old Dominion University and currently holds the CISSP designation.

  • speaker photo
    Sandy Silk
    Director, Information Security Education & Consulting, Harvard University

    Sandy Silk is the Director of Information Security Education and Consulting at Harvard University, Founder of Cyber Risk and Resilience Consulting, and a member of the Board of Advisors for the MS in Information Security Leadership at Brandeis University. She excels at bringing together executive leaders, business teams, and IT professionals to align cyber risk management with strategic priorities and culture, risk tolerance levels, and positive customer experience. Sandy is also involved in several WIT organizations and programs. Her prior information security career included positions with Fidelity Investments, Bose Corporation, and Wellington Management Company.

  • speaker photo
    Tony Howlett
    CISO, SecureLink

    Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP and GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO at SecureLink.

  • speaker photo
    Mike Muscatell
    Sr. Director, Cyber Security, Acumatica, Inc.

    Mike Muscatell is a seasoned IT veteran with more than 21 years in the Information Security field. He is a certified ethical hacker (CEH). Was honored as top 100 professionals in the Information Security field by Strathmore's for 2014. Member of a number of security organizations, including InfraGard and the U.S. Chamber of Commerce Cyber Committee.

  • speaker photo
    Phillip Wylie
    Lead Curriculum Developer, Point3 Federal

    Phillip Wylie is the Lead Curriculum Developer for Point3 Federal, Adjunct Instructor at Dallas College, and The Pwn School Project founder. With over 22 years of experience, he has spent the last eight plus years as a pentester. His passion for mentoring and education inspired him to start teaching and to found The Pwn School Project, a bi-monthly cybersecurity educational meetup. Phillip teaches Pentesting and Web App Pentesting at Dallas College. He is a co-host of “The Uncommon Journey” podcast and co-author of “The Pentest Blueprint: Starting a Career as an Ethical Hacker” published by Wiley Publishing.

  • speaker photo
    Karen Lancon
    Business Information Security Manager, Wood.
  • speaker photo
    Ran Rosin
    Director, Product Management, Imperva

    Ran Rosin Joined Imperva two years ago and is currently leading the Cloud Data Security solution. Prior to joining Imperva, Ran founded and lead two start-ups in the area of mobile Application and IoT.

  • speaker photo
    Dr. Shaneé Dawkins
    Computer Scientist, Visualization and Usability Group, National Institute of Standards and Technology (NIST)

    Dr. Shaneé Dawkins is a Computer Scientist in the Visualization and Usability Group at the National Institute of Standards and Technology (NIST). She performs research focusing on human centered design and leads the NIST Phish Scale research effort. Shaneé received her M.S. and Ph.D. in Computer Science at Auburn University, and B.S. in Computer Engineering at North Carolina A&T State University.

  • speaker photo
    Randy Raw
    CISO, Veterans United Home Loans

    Randy Raw is Chief Information Security Officer at Veterans United Home Loans in Columbia, Missouri. He has more than 25 years of experience in both public entities and private industry, having built several Information Security programs from the ground up. He is a proponent of risk-based, layered security measures that utilize both preventative and detective approaches to achieve the right solution for the organization. Randy is a CISSP and is active in the Central Missouri InfoSec community. He has spoken at SecureWorld on many technical topics and turns his focus towards helping others move from the technical trenches to a leadership role.

  • speaker photo
    James Goepel
    Treasurer and Member, Board of Directors, Cybersecurity Maturity Model Certification (CMMC) Accreditation Body

    James Goepel is Treasurer and Member, Board of Directors for the CMMC-AB. He is also an adjunct professor of Cybersecurity at Drexel University and CEO of Fathom Cyber, a trusted agent for senior management and developer of defensible cybersecurity strategies. Jim earned his BSECE from Drexel and his JD and LLM degrees from George Mason University. He worked in the IT and security industries for nearly two decades, including as a Network Administrator for the US House of Representatives and as a lawyer and technologist for a wide range of cybersecurity companies, including system developers, research institutions, and software vendors.

  • speaker photo
    Michael Muha, PhD, CISSP, CISM, CIPM, Certified GDPR Practitioner
    Chief Information Security & Privacy Officer, WorkForce Software

    Mike drove the global expansion of WorkForce Software’s cloud-based workforce management products from one data center to eight across the US, Europe, Canada, and Australia, and directed all compliance efforts (starting with SAS 70 and moving onto SOC 1, ISAE 3402, SOC 2, ISO 27001 certification, and EU-US Privacy Shield certification). Having led the company’s GDPR journey, he’s currently implementing a “Personal Information Management System” and additional global security controls to protect company and customer data.

  • speaker photo
    Roy Wattanasin
    Research Security Officer, Massachusetts Institute of Technology

    Roy Wattanasin is an information security professional. He is an avid speaker providing thought leadership at many conferences and webinars. Roy enjoys incident response and building security programs. He is involved with many computer security groups including the Boston Application Security Conference (BASC), OWASP Boston and other local associations. Roy is a member of multiple advisory groups, including SecureWorld Boston. He was previously an adjunct instructor at Brandeis University as part of the Health and Medical Informatics program. He is the co-founder of the decade-old program.

  • speaker photo
    Etay Maor
    Chief Security Officer, IntSights

    Etay Maor is Chief Security Officer at IntSights. As CSO, Etay leads the security advisory practice at IntSights where he works with CISOs and other senior cybersecurity executives to develop risk management-based cybersecurity programs. Etay has extensive experience in cybersecurity having worked at IBM, Trusteer, and RSA. Etay holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism and is currently a professor at Boston College.

  • speaker photo
    Tony Howlett
    CISO, SecureLink

    Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP and GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO at SecureLink.

  • speaker photo
    Peter Klimek
    Director of Technology - Office of the CTO, Imperva
  • speaker photo
    Jordan Fischer, Instructor
    Founding Partner & Owner, Fischer Law, LLC

    Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.

    Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.

    With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.

    Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.

    In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.

    Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.

    Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.

    HONORS & RECOGNITIONS
    Lawyer on the Fast Track, The Legal Intelligencer (2023)
    Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
    Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
    ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
    SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
    Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
    Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
    European Union ERASMUS Grant Recipient, 2020

    ASSOCIATIONS & MEMBERSHIPS
    American Bar Association, Business Law Fellow, 2020-2022
    American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
    Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
    California Bar Association
    New Jersey Bar Association
    Forbes Business Council Member, 2022
    International Association of Privacy Professionals (IAPP), Member
    University of California, Berkeley, Cybersecurity Lecturer
    former Thomas R. Kline School of Law, Drexel University, Law Professor
    former Chestnut Hill College, Adjunct Professor
    West Chester Friends School, Board Member
    Appointed Fulbright Specialist in Cybersecurity and Data Privacy

    CERTIFICATIONS
    Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
    Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
    Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)

  • speaker photo
    Myriah V. Jaworski, Esq., CIPP/US, CIPP/E
    Member, Data Privacy & Cybersecurity, Clark Hill Law

    Myriah Jaworski is a Member, Data Privacy and Cybersecurity, at Clark Hill Law. She represents clients in data breach actions, technology disputes, and in the defense of consumer class actions and related regulatory investigations stemming from alleged privacy torts and violations of the TCPA, BIPA, IRPA, and other state and federal privacy laws. Myriah also works with clients to devise and implement privacy and security compliance programs and to evaluate and implement new technologies, including enterprise-wide AI and machine learning tools. She is also been recognized as a Super Lawyer® for her Civil Litigation practice in 2018, 2019, 2020, and 2021.

  • speaker photo
    Christopher Hass
    Director of Information Security and Research, Automox

    Chris Hass is an extremely driven and proven information security professional with extensive experience in Malware Reverse Engineering, Threat Intelligence, and Offensive Security Operations. In his current role, Chris serves as Director of Information Security and Research at Automox. In addition to being a former cybersecurity analyst for the NSA, he also served as a principal research engineer at LogRhythm and helped fight off malware authors using AI/ML at Cylance. His unique experience makes him adept at understanding today's current threat landscape, and works passionately to secure Automox and its customers from today's cyber attacks.

  • speaker photo
    Tom Tollerton
    Sr. Manager, IT Advisory, DHG

    Tom has 15+ years of experience in the IT industry, and has extensive experience performing SOC 1 and 2 examinations and reporting, cybersecurity risk assessments, PCI compliance assessments, and system security assessments. Tom is one of DHG’s PCI Qualified Security Assessors and has completed multiple Reports on Compliance for PCI Level 1 merchants and service providers.
    Tom advises on development of holistic security governance and risk management programs integrated into IT and business operations across a wide variety of industries including financial services, retail, technology, healthcare, manufacturing, government contractors, and state and local government agencies.
    Licenses & Certifications:
    • Certified Information Systems Auditor (CISA)
    • Certified Information Systems Security Professional (CISSP)
    • Payment Card Industry Qualified Security Assessor (PCI QSA)
    Education:
    • Florida State University, MBA, Management Information Systems; Bachelor of Science

  • speaker photo
    Renee Tarun
    Deputy CISO, Fortinet
  • speaker photo
    Tom Watson
    Regional Sales Manager, Mailprotector
  • speaker photo
    Etay Maor
    Chief Security Officer, IntSights

    Etay Maor is Chief Security Officer at IntSights. As CSO, Etay leads the security advisory practice at IntSights where he works with CISOs and other senior cybersecurity executives to develop risk management-based cybersecurity programs. Etay has extensive experience in cybersecurity having worked at IBM, Trusteer, and RSA. Etay holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism and is currently a professor at Boston College.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Invest in yourself

Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!