ISSA

Keynote
Randy Trzeciak is Technical Manager of CERT's Enterprise Threat and Vulnerability Management Team and the Director of CERT's national Insider Threat Center at Carnegie Mellon University's Software Engineering Institute. The team's mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing and conducting information security assessments; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. Randy has over 27 years' experience in a wide-range of topics including: insider threat, cybersecurity, software engineering, project management, information security, and database design, development, and maintenance. In addition to his role with CERT, he also has a dual appointment as Program Director for the Masters of Science in Information Security Policy and Management (MSISPM) program and CERT professor at Carnegie Mellon's Heinz College, Graduate School of Information Systems and Management. Randy holds an MS in Management from the University of Maryland and a BS in Management Information Systems and a BA in Business Administration from Geneva College.

Mr. Randall Trzeciak
will be in the following session(s):

Opening Keynote - Building an Effective Insider Risk Mitigation Program
06/01/18 : 8:30AM - 9:30AM

View the Agenda
Speakers
Jeff Cook is a Principal for the SOC practice at Coalfire and a seasoned information assurance and public accounting professional with over eight years of IT audit and consulting experience and over sixteen (16) years of experience in public accounting and auditing. Mr. Cook has worked extensively on SOC via the AICPA and has supported both SOC 1 and SOC 2 engagements in addition to providing IT audit support for traditional financial statement audits. In addition, he has functional knowledge of NIST standards, FISMA, and FedRAMP.

Jeff is involved with the AICPA, volunteering with development of the SOC and CITP programs. Currently, Jeff is a part of the SOC 2 working group, helping to develop the 2017 version of the AICPA SOC 2 guide. In June 2016, Jeff was a recipient of the AICPA IMTA Standing Ovation Award for outstanding professional achievement in the IT specialization area. In 2018, Jeff will be appointed to the Maryland CPA association Board of Directors as well as the AICPA CITP credential committee.


Jeff Cook
will be in the following session(s):

Evaluating AICPA SOC Reports: A Security Manager's Guide to Understanding SOC Reporting
06/01/18 : 9:45AM - 10:35AM

View the Agenda
Prem Jadhwani, Chief Technology Officer (CTO), brings 20 years of experience working in the enterprise IT space with both commercial and Federal customers to Government Acquisitions, Inc. (GAI). As CTO, Mr. Jadhwani provides solution vision, strategy, though leadership, and subject matter expertise around data centers, cyber security, cloud computing, data analytics, mobile and wireless, IoT, SDN and other emerging technologies.

Mr. Jadhwani has served as a Commissioner for TechAmerica Cloud and Big Data Commission. He has published numerous papers and is an active speaker at industry conference. He holds an MS in Computer Science from Illinois Institute of Technology, an MBA in Marketing & Strategy from Stuart School of Business in Chicago, and has completed coursework for a Ph.D. in Cyber Security from George Mason University. He also holds 100+ reputable certifications including CISSP, CISM, CISA, CEH, CCNP, VCP, ITIL, GCIH, and GSLC and is a professional Cyber Security Trainer and sought-after speaker and panelist.


Prem Jadhwani
will be in the following session(s):

Intellectual Point - Architecting Next-Gen SOC based on Machine Intelligence & Hyperconverged Infrastructure Solutions
06/01/18 : 1:30PM - 2:20PM

View the Agenda
Charles is a 12-year veteran of the information security industry, and currently serves as a Security Specialist for Forcepoint's User Entity and Behavior Analytics group. Charles is a recognized industry expert on data security and has worked extensively on solving complex security problems for both the public and private sector. Charles is an active participant in the security community, holding numerous certifications, including a CISSP, and has spoken in front of the UN Cybersecurity Sub-Council and the National Retail Federation. Prior to working with Forcepoint, Charles was part of Hewlett Packard Enterprise's Security Products division where he managed a global team of sales and security architects and was the Chief Architect for Symantec's Vontu DLP Division.

Charles Keane
will be in the following session(s):

Forcepoint - Unlocking the power of Risk Adaptive Data Protection
06/01/18 : 3:30PM - 4:20PM

View the Agenda
Kevin Kennedy joined Malwarebytes to provide senior-level, pre-sales technical support in the Northeast. Previous stints included Ziften, an Endpoint Detection & Response vendor, and 10 years at Symantec/Veritas. Specific areas of concentration included channel enablement and public sector customers.

Kevin Kennedy
will be in the following session(s):

Criminal Threats & Techniques: State of Malware
06/01/18 : 2:30PM - 3:20PM

View the Agenda
Ray Mills is an Enterprise Sales Executive and has been at Thycotic for almost three years, before that Ray worked for two startups in the backup and disaster recovery space. He worked with a Fortune 1000 and Global 2000 organizations that are looking for ways to better manage and secure their privileged access and assist as they create security programs that allow them to prevent both internal and external attacks that target their most critical data.

Ray Mills
will be in the following session(s):

Thycotic - Anatomy of a Privileged Account Breach
06/01/18 : 1:30PM - 2:20PM

View the Agenda
Mr. Michael Misumi became the Chief Information Officer of the Johns Hopkins University Applied Physics Laboratory on January 3, 2008. In addition to serving as the CIO, Mr. Misumi is a Department Head leading a 300-person department that manages IT applications and infrastructure for APL, while also serving on the front lines of cyber-protection, securing APL networks from hackers and other outside threats. As the nation's largest University Affiliated Research Center (UARC), APL performs research and development on behalf of the Department of Defense, the intelligence community, the National Aeronautics and Space Administration, and other federal agencies. The Laboratory has more than 6,000 staff members who are making critical contributions to a wide variety of nationally and globally significant technical and scientific challenges.

Prior to joining APL he was at the RAND Corp. in Santa Monica, Calif., where he was deputy CIO. He led the operational Cyber Strategy development and has over 20 years experience developing information technology strategy, security operations, project portfolio management, network operations, data center operations, desktop administration and personnel management.

Mr. Misumi is the APL Cyber Response Incident Lead and has led a Cyber Security review of all of Johns Hopkins institutions. In addition to his APL responsibilities, he leads the Navy UARC Cyber Security Task Force, serves on the US Strategic Command's (USSTRACOM) Strategic Advisory Group (SAG) IT Task Force and the Computer Advisory Committee for Oakridge National Laboratory, and is a Board Member for the Howard County School System Cyber Security program.

Mr. Misumi earned a BA and MBA from the University of California, Los Angeles.


Michael Misumi
will be in the following session(s):

An Operational Cyber Security Perspective on Emerging Challenges
06/01/18 : 3:30PM - 4:20PM

View the Agenda
Bharanendra (Bernie) leads the DoD practice and has delivered solutions in areas of Cloud, Big Data and Cybersecurity. Before REAN, Bernie has worked in DCSSP Inc and AWS. At AWS, he was a key member of the Public sector business development and sales management team that was responsible to ensure success in building and migrating applications, software and services onto AWS.

Bernie Nallamotu
will be in the following session(s):

Cybersecurity at Scale
06/01/18 : 9:45AM - 10:35AM

View the Agenda
Jack D Oden, acting as a leader/contributor to a 10-year, $200 million contract, provides consulting services to government customers on cyber security in the area of industrial control systems for mission-critical infrastructure. In addition, he provides similar consulting services to commercial customers. He advises the customers on application of and compliance with legal, regulatory, and policy requirements, such as National Institute of Standards and Technology (NIST) Special Publications (SP) 800-53 and 800-82, and related documents. Mr. Oden leads a team of three other SMEs, who add their expertise in the areas of Windows, Linux, threat analysis, and networking, to advise in the specific area of cyber security for supervisory control and data acquisition, energy management control, and other building management systems. These systems support multiple sites around the world, from single buildings to multi-building campuses which total over a half billion square feet of facilities. Mr. Oden writes strategies, implementation plans, and other cyber security-related plans and procedures. He leads discussions about topics related to cyber security of industrial control systems, supporting customer representatives in making both strategic and tactical decisions. He conducts and directs site surveys and security assessments of customer facilities and writes and edits reports of those surveys and assessments. Mr. Oden assists the customer in developing priority lists of the tasks needed to improve cyber security and writes statements of work and supporting independent cost estimates for requests for proposal to acquire contracts completing the tasks, and evaluates the contractors designs and customer commissioning of the work.

Jack is a self-motivated, energetic, and accomplished team player with twenty years' experience in negotiating system improvements between users and engineers; developing projects; and acquiring, operating, analyzing, designing, and programming quality, user-oriented systems. Seventeen years' experience in hands-on leadership. He has ten years' experience in managing business development efforts for a premiere organization performing cutting edge research and development and performing engineering, design, implementation, certification, and accreditation to advance U. S. national security. Jack has eight years' experience in various aspects of cyber security including oversight of an integrator/developer, standing up and managing a cyber security operation center, and setting up an industrial control system security testing and training center. Managed various aspects of twenty-five projects over twenty-five years. Directed all facets of two full-scale computer operations. Managed a cyber-security operation center. He directed engineering support for technical product sales force. He planned and directed construction of a 67,000 square foot facility for an information system security operation to include four SCIFs totaling 21,000 square feet. Jack holds a Top Secret/SCI clearance for government security work. He holds certifications as a Project Management Professional, an Information Security Systems Professional, a Global Industrial Cyber Security Professional, and a SCADA Security Architect, as well as a Master's Degree in Business Administration.


Jack Oden
will be in the following session(s):

Introduction to ICS Security
06/01/18 : 9:45AM - 10:35AM

View the Agenda
Christopher Porter is the CISO for Fannie Mae. In this role, he helps to communicate the importance of information security across the enterprise and to mature and innovate Fannie Mae's defense and response capabilities. Porter has over 15 years of experience in IT and security industries. His background includes work as an economist, network and system administration, information security consultant and researcher. In his previous role at Verizon, Porter was a lead analyst and author of Verizon's Data Breach Investigations Report series. He was also the co-creator of the VERIS Framework (Vocabulary for Event Recording and Incident Sharing) which allows organizations to collect and report security incident metrics in a standard and repeatable manner. Porter has a bachelor's degree in Economics and Psychology from the University of Virginia. He also earned his master's degree in Management of Information Technology from the University of Virginia's McIntire School of Commerce. Porter is a member of the Advisory Board for the McIntire School of Commerce M.S. in MIT Advisory Board at the University of Virginia as well as the Board of Directors at the FAIR Institute.

Chris Porter
will be in the following session(s):

Building a Crown Jewels Protection Program
06/01/18 : 10:45AM - 11:35AM

View the Agenda
Gleb Reznik is Vice President and head of Cloud Security at Capital One. In this role, he is responsible for establishing and leading the cloud security strategy and enhancing the capabilities to safeguard Capital One's cloud deployments.

Gleb has spent the majority of his career developing and implementing cost effective information security practices, secure infrastructure solutions, and corporate security policies for Fortune 500 companies. Gleb holds a Bachelor's Degree from Rochester Institute of Technology, where he focused on IT administration and Information Security. He also holds a number of professional certifications, including CISSP, CISM, and CRISC.


Gleb Reznik
will be in the following session(s):

Enabling the Business: Technology Transformation and Cloud Migration
06/01/18 : 12:30PM - 1:20PM

View the Agenda
An 25-yr INFOSEC veteran, Sondra Schneider is President & Founder of Security University a non-degree granting institution of higher education, woman owned small business located in Herndon VA, Certified to Operate by SCHEV. Since 1999 SU's mission is to train the IT professionals to be a Qualified CyberSecurity Professional with validated hands-on cyber security skills. The "Q/ISP" Qualified/ Information Security Professional Certificate Program of Mastery uses escalating hands-on labs and live ranges to qualify and validate the performance based "hands-on" security certification and credential of Mastery. The QISP classes (Q/EH Qualified/ Ethical Hacker, Q/SA /Security Analyst- Q/PTL /Pen Tester, Q/FE /Forensic Investigator, Q/ND /Network Defender) and Q/IAP classes, (Q/AAP Qualified/ Access, Authentication and PKI, Q/SP, Qualified/ Security Policy, Q/CandA Qualified RMF/ Certifications and Accreditation classes - Navy Validator approved) certs & credentials are NSA CNSS 4011, 4012, 4103A, 4015, and 4016A approved.
October 2013 SU was awarded a 3 yr 2.75M TAACCCT Round 3 Grant. CSEAL Team X Grant Project: CyberSecurity Stacked Education Achievement Lattice: Addressing the Cybersecurity Professional Shortage via TAA-Affected Workers and Military Veterans. SU trained 847 participants for free., who earned 1660 industry recognized credentials, certifications and Certificates of Mastery are employed in high wage in-demand cybersecurity jobs greater than $100K
SU has 5 approved Qualified/ Certificate Programs of Mastery are Q/ISP Qualified/ Information Security Professional Certification and Q/IAP- Qualified/ Information Assurance Professional Certification, Q/WP, Q/SSE and Q/CND and are NICE & NSA CNSS 4011, 4012, 4103A, 4015, and 4016A approved [The Information Assurance Courseware Evaluation (IACE) program of the National Security Agency (NSA) has validated that Security University's Qualified/ Information Security Professional Certification Credential courseware (s) (Q/ISP) Qualified/ Information Assurance Professional Certification Credential courseware (s) (Q/IAP) (Q/CND) meets all elements of the Committee on National Security Systems (CNSS) National Training Standards]
In 2005 Ms. Schneider was awarded "Entrepreneur of the year" for the First Annual Woman of Innovation Awards from the CT Technology Council. She is an active advisor for the CT Technology Counsel, AFCEA DC Cyber Security Symposium, StrikeForce Technologies, Grid Data Security and 3 computer security (start-up) technology companies as well as a frequent speaker at computer security and wireless industry events. She is a founding member of the NYC HTCIA and IETF, and works closely with the vendor community to remain current with new security technologies to keep the Q/ISP and other SU Certifications a step of ahead in Certification Accreditation.

AWARDS:
2016 Cybersecurity Educator of the Year.
2014 SC Magazine Finalist Best Professional Training Program
2011 SC Magazine Best Professional Training Program
2005 awarded "Entrepreneur of the year" for the First Annual Woman of Innovation Awards from the CT Technology Council

Sondra specializes in password and identity management - access, authentication and PKI systems, biometrics, wireless networks and wireless security, network perimeter architecture and security, vulnerability auditing, intrusion detection, and broad band networks. Prior to founding Security University, she was a founding partner of the first information security consulting practice located in New York City ( since acquired by Price Waterhouse/True Secure) where she developed information security consulting, training & certifications processes for Fortune 500 customers. In her tenure at ATT, Sondra developed and managed 300M in Federal IA/IS consulting projects. Ms. Schneider has been a pioneer in information security technologies since 1990 when she began her career delivering 45 mega bit broadband services along the eastern seaboard for first implementation of the "internet" with MFS DataNet. While with MFS DataNet she was part of the team that built the first "downstream ISP provider" market - AOL, PSI Net & Earthlink, Compuserve etc.

After MFS DataNet was acquired in 1991, she left to pursue a new Internet role at ATT as the first ATT Internet Specialist where she used her MFS Datanet internet skills to create and deliver the first internet sites for ATT. Ms Schneider was tasked with educating large (10M+) ATT client accounts about internet access as a business process tool. And in 1995 she was involved with the first ATT branded firewall (Site Patrol) from BBN to protect corporate networks as they deployed Internet access across closed networks. In 1996, she accepted the Director of Business Development position in the Northeast for the WheelGroup Corporation ( since acquired by CISCO in 1997) , where she was responsible for the "introduction and implementatio


Sondra Schneinder
will be in the following session(s):

Cybersecurity Apprenticeship Program at the State of Virginia
06/01/18 : 12:30PM - 1:20PM

View the Agenda
Carter Schoenberg is the President and Chief Executive Officer of HEMISPHERE Cyber Risk Management. Mr. Schoenberg is a Certified Information System Security Professional (CISSP) with over 24 years of combined experience in criminal investigations, cyber threat intelligence, cyber security, risk management, and cyber law. He is a cyber risk subject matter expert supporting government and commercial markets to better define how to evaluate cyber risk profiles and define better criteria for mitigating risk.

Mr. Schoenberg has taught criminal justice and cyber coursework including, cybercrime, terrorism, technology for law enforcement, digital forensics, and cyber law. Starting his career in law enforcement as a homicide detective, he rapidly advanced in the private sector providing cyber risk guidance to both public and private sectors. His work products have been actively used by the U.S. Departments of Homeland Security and Defense, the Information Sharing and Analysis Center (ISAC) communities, and the Georgia Bar Association for Continuing Learning Educational (CLE) credits on the topic of cybersecurity risk and liability. His expertise is profiled at conferences including: NAIC Annual Conference, ISC2, SecureWorld Expo, ISSA, Latin American Insurance & Reinsurance Forum, and InfosecWorld.

Mr. Schoenberg is a featured contributor to CSO Magazine each month under the column "The Cyber Insurance Forum" located at: https://www.csoonline.com/blog/the-cyber-insurance-forum/


Carter Schoenberg, CISSP
will be in the following session(s):

Cyber Risk Implications Fiduciary Responsbility & Standard of Care
06/01/18 : 2:30PM - 3:20PM

View the Agenda
Michael Sutton has dedicated his career to conducting leading-edge security research, building world-class security teams, and educating others on a variety of security topics. As CISO, Michael drives internal security and heads Zscaler's Office of the CISO. Zscaler has built a massive, globally distributed security cloud, trusted by thousands of organizations in 185 countries. Internal security is a critical focus requiring 24x7x365 monitoring from internal and external resources.

The Office of the CISO team engages with security executives at a peer level to drive best practices and facilitate industry-wide collaboration on emerging security topics. The Office of the CISO is also responsible for providing subject matter expertise through speaking engagements, blogging, and media collaboration.


Michael Sutton
will be in the following session(s):

Zscaler - I Was Blind But Now I See: Tackling Visibility
06/01/18 : 12:30PM - 1:20PM

View the Agenda
Jason Taule is a 25+ year veteran of the information assurance and cybersecurity industry who has worked in both the intelligence community and commercial sectors first consulting to Federal agencies and then serving as inside Chief Security Office / Chief Privacy Officer both within the Government and at large systems integrators like General Dynamics and CSC. He helped build the original DARPA CERT, was responsible for the first computer security programs at the VA and NASA, authored the Maryland Data Privacy Law, led a multi-million dollar global cyber security practice for a large international consulting firm, ran the team responsible for HIPAA complaint investigations for OCR for 3 years, and for the last 17 years has been a luminary in the US Health IT space supporting numerous OpDivs in DHHS.
Mr. Taule is a graduate of the FBI Citizen's Academy, is member of the Homeland Security Preparation and Response Team, is an active member of the HITRUST Alliance, serves on the Advisory Board of the Howard County Economic Development Authority Technology Council, is the driving force behind the HoCo CISO In Residence program, currently sits on the DHHS/CMS Information Security and Privacy Workgroup, the FBI Cyber Health Work Group, the US Health IT Standards Committee's Transport and Security Workgroup and is a White House invitee to the Security Policy Roundtable for the President's Precision Medicine Initiative.
Jason Taule is currently the Chief Security and Privacy Officer for FEi Systems, a leading Heath IT company that designs, builds, hosts, and maintains health IT solutions for federal and state government agencies including Medicare, SAMHSA, ACL, OCR, DoD, VA, and most state Medicaid programs.

Experience Profile
As FEi's Chief Security and Privacy Officer, Jason Taule is responsible for the information security, risk management, and privacy strategy, policy, and governance program for the company. Mr. Taule is a member of the senior management team and his leadership contributions have advanced the science and practice of information security and risk management. With passion and integrity, his communication/interpersonal skills and numerous accomplishments as a security specialist earned him recognition as Industry Luminary. Ever mindful of the need to balance security with utility, he has successfully adapted security controls in countless real-world implementations; this pragmatism leads many to consider him the voice of reason. His unique background enables him to incorporate both business and technical perspectives in integrated solutions.
Mr. Taule also serves as Principal System Security Officer for customer facing systems/projects and/or oversees the work of SSOs for all company projects and he has final authority for all regulatory (HIPAA, FISMA, etc.) security artifacts produced (i.e., Risk Assessments, System Security Plans, Contingency Plans, After Action Reports, Certification and Accreditation (C&A) packages, etc.). Mr. Taule provides security architecture and solutions support to ensure adherence to applicable security standards and guidelines. Finally, Mr. Taule coordinates a centralized program to identify, report (e.g., POA&M), manage, and ultimately close any Corrective Action Plans (CAPs) that may arise from periodic self-assessments and/or the many third party audits to which we are subject.

Education
_ MSB, Information Technology Management, Johns Hopkins University, Baltimore MD, 1993
_ BBA, Business Management, College of William and Mary, Williamsburg VA, 1987
Certifications
_ Certified Chief Information Security Officer (C|CISO), EC-Council
_ Certified Data Protection Specialist (CDPS), Data Management Institute
_ Certified Homeland Security (CHS) - Level III, ACFEI
_ Certified in Risk and Information Systems Control (CRISC), ISACA
_ Certified in the Governance of Enterprise IT (CGEIT), ISACA
_ Certified Information Security Manager (CISM), ISACA
_ Certified Management Consultant (CMC), Institute of Management Consultants
_ HealthCare Information Security and Privacy Practitioner, (ISC)2
_ INFOSEC Assessment Methodology (IAM), National Security Agency


Jason Taule
will be in the following session(s):

Supply Chain Management: The call is NOT coming from inside the house!
06/01/18 : 10:45AM - 11:35AM

View the Agenda
Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 8 years and created the OWASP Top 10, OWASP Enterprise Security API,OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Jeff Williams
will be in the following session(s):

Getting Started with DevSecOps
06/01/18 : 10:45AM - 11:35AM

View the Agenda
Tyrone E. Wilson is an information security professional with 22 years of experience in information technology and systems configuration, and network security. Wilson also has extensive knowledge in computer network defense, vulnerability assessments, cyber threat analysis, and incident response. Currently, Wilson is the Founder and President of Cover6 Solutions; which teaches companies and professionals various aspects of information security, penetration testing, and IPv6. Additionally, Tyrone is the organizer of a three cyber security meetup groups with the most popular being a 5,000+ person group called The D.C. Cyber Security Professionals. Founded in 2012, the D.C. Cyber Security Professionals Group's dedication to providing networking opportunities, informative discussions and educational sessions on all things cyber, has allowed the group to grow strong while providing a real benefit to the cyber community. @tywilson21

Tyrone Wilson
will be in the following session(s):

Performing Passive Reconnaissance
06/01/18 : 1:30PM - 2:20PM

View the Agenda