Day 1: Monday, December 4th

11:00 AM - 12:00 PM Welcome Brunch & Registration

12:00 PM - 12:15 PM Sponsor Orientation

12:00 PM - 12:15 PM Delegate Orientation

12:15 PM - 12:30 PM Ice Breaker

12:30 PM - 12:40 PM Chairperson’s Opening Remarks

There is an urgent need to innovate on the part of the business. The reality of today’s business mandates a more agile and innovative approach to security. The old guard of draconian security focused on technology, compliance, and boundaries of protection is no longer effective and has prevented security from having a seat at the business table. All this, when a shift in the threat landscape, and a real impact to the bottom line have negatively affected most organizations. This presentation will deep dive into practical, attainable and effective methods to shift the mentality and allow security organizations to function at the speed of business. Such important topics include the use of practical lightweight risk management, the need for a dynamic workforce, and material shift in focus from technology to business alignment.


Juan Gomez-Sanchez

Chief Security Officer

Margarita R. Santiago

Sr. Security Risk & Compliance Manager
Lennar Corporation

Plenary Session

1:40 PM - 2:10 PM Ransomware Stories from the Front Lines

Thomas Pace, Principal Consultant — Incident Response, Cylance Consulting
Ever wonder how ransomware negotiations look? How much they actually cost? How successful the negotiations are? In this talk Thomas Pace will answer all of these questions and more. Thomas will discuss multiple ransomware cases that he has handled personally that have made him laugh, cringe and cry. From attackers sending the wrong decryption keys to having to acquire Bitcoin in a very non-traditional manner, Thomas will walk everyone through the highs and mostly lows of dealing with a ransomware incident.


Thomas Pace

Principal Consultant — Incident Response
Cylance Consulting

Ignite Session A

2:10 PM - 2:30 PM A. Evolution of Phishing: The Current State of Attacks and Countermeasures

Mucteba Celik, CTO, RevBits
With the rapid growth in phishing emails and increased sophistication leading to successful attacks, how effective are the current solutions? What will the future bring to combat phishing attacks?

Mucteba Celik


Ignite Session B

2:10 PM - 2:30 PM Third Party Vendor Risk-- What's My Exposure?

Matt Shepherd, Vice President, Information Security & Privacy, MindPoint Group


Matt Shepherd

Vice President, Information Security & Privacy
MindPoint Group

2:30 PM - 2:45 PM Networking Break

2:45 PM - 3:15 PM Business Meetings

3:15 PM - 3:45 PM Business Meetings

Master Class A1:

3:50 PM - 4:35 PM Best Practices and Future Direction of Security Awareness Training

Erich Kron, Security Awareness Advocate, KnowBe4
Why do cybercriminals target enterprise organizations? “It’s where the money is!”

Leverage effective security awareness and behavior management practices to strengthen your human firewall and gain greater organizational resilience.

Ignoring the human side of cybersecurity will leave your organization and customers vulnerable. Reported numbers may fluctuate from industry study to industry study, but they all agree on one thing: cybercriminals are successfully and consistently exploiting human nature to accomplish their goals. Employees are often the last line of defense between a sophisticated cyber-scam and your systems, data, and customers.

Prudent security leaders know that security awareness and training is key to strengthening their ‘human firewall’ – but they often don’t know where to start. This session will provide practical security awareness and behavior management tips, outline how and where tools are helpful, and discuss emerging industry trends.


Erich Kron

Security Awareness Advocate

Master Class A2:

3:50 PM - 4:35 PM Securing the Privileged Pathway—The Most Travelled Cyber Attack Route

Barak Feldman, National Director for the Privileged Account Security, CyberArk
Traditionally, much of the focus of a corporation’s InfoSec efforts have been placed on ensuring that the perimeter is secure. Recent attacks have shown an alarming shift from perimeter-based attacks to ones that originate inside the corporate network using privileged accounts. Once hackers establish a privileged foothold, they gain unfettered access to elevate privileges and move about the network freely without detection. Understanding this widely used method of attack is essential to developing ways to mitigate the risk. In this session, we’ll

• Review a case study demonstrating abuse of privileged credentials

•Discuss how privilege is used in these attacks

• Discuss effective prevention strategies

Barak Feldman

National Director for the Privileged Account Security

4:40 PM - 5:10 PM Business Meetings

5:10 PM - 5:40 PM Business Meeting

5:40 PM - 6:10 PM Business Meetings

Roundtable 1

6:15 PM - 7:00 PM Security Education and Awareness

Chris Gay, CISO, Southeastern Grocers

Chris Gay

Southeastern Grocers

Roundtable 2

6:15 PM - 7:00 PM Implementing and Innovating True Cloud Security

Michael Raeder, CISO, OrbitalATK


Michael Raeder


Roundtable 3

6:15 PM - 7:00 PM Developing and Sustaining a Cyber Security Risk Framework

Nazmul Islam, CIO, School of Medicine UAB at The University of Alabama at Birmingham


Nazmul Islam

School of Medicine UAB at The University of Alabama at Birmingham

7:00 PM - 8:00 PM Birds of Feather Networking Cocktail Discussion