Chief Information Security Officer (CISO) and Vice President (VP) of Information Security
Dr. Garrett Smiley currently provides oversight and governance for all information and cyber related compliance, risk management, and security within Serco, Inc. The major areas of focus thus far include protecting unclassified federal government data on the technical estate (e.g., DoD CMMC/DFARS 252.204-7012/NIST SP 800-171/171A compliance), helping to maintain our Special Security Agreement (SSA) with the Defense Counterintelligence and Security Agency (DCSA), and increasing overall security for systems.
Curriculum Development – Developed and published dozens of IT and InfoSec related e-learning materials including books, Computer Based Training (CBT)/Learning Management Systems (LMS) courses, exam banks, instructor’s guides, hands-on labs, presentations, and video courses
Cyber Scorecards – increased compliance scores for several agencies as much as 79% in just several months’ time
Dissertation Chair – helped dozens of students earn their PhDs in business and technically focused areas for the past six years
Information Assurance (IA) – Obtained and maintained Authority to Operate (ATO) for hundreds of federal systems
Professional Certification – managed seven of the professional certification programs for (ISC)2, including the CISSP, the gold standard in the InfoSec industry
Professional Development – earned five degrees, including four IT and InfoSec focused degrees ending with a PhD as well as maintaining roughly 50 professional certifications
Program Development – established dozens of programs from scratch for disciplines such as Information Assurance and Supply Chain Risk
We all remember the famous phrase of Andreessen Horowitz, “Software is Eating the world”. It was definitely true at the time, but times have changed. It’s APIs that are now eating the world. Using APIs to expose core business functionality and facilitate service-to-service communication has become standard. Not only it gives us several control points but also makes it easier to deal with complex modern applications. Although, these modern API-driven applications come with their issues like design complexity, visibility, communication, security, etc. One of the major challenges here is properly securing APIs.
It is becoming increasingly urgent as API-related attacks are impacting companies across nearly all sectors, resulting in skyrocketing costs for businesses. In the U.S. alone, the average annual API-related cyber loss is estimated to be USD $12-23 billion. One of the best ways to deal with this is making API security a part of your SDLC.
API Security testing is one of the ways to do that. API security testing helps in finding vulnerabilities in very early stages, giving developers and Product security engineers more time and context to build the resilient systems. In this talk, I’ll show you how to easily integrate API security testing into your SDLC, to build secure applications and APIs using various OSS and Enterprise tools.
Gelhardt Group LLC
Author of “My Time at the Clinton White House” & well-known keynote speaker. Colonel Mark Gelhardt has over 45 years of experience in executive level management both Information Technology & Cyber Security. A retired Army Officer and Combat Veteran. While in the service Colonel Gelhardt was the CIO/CISO of the Clinton White House where he managed all the classified Automation and Telecommunications for the President, VP, the White House Staff, and the Secret Service.
Since joining the private sector Mark has held positions that includes – CIO/CSO at World Airways (largest US wide body, long hall, charter airline). CTO/CISO at InterCall/West (world’s largest conferencing company). CISO at TravelClick – a global SaaS company in the Hospitality space. As a consultant Mark was the Acting CISO for both NCR and the Georgia Lottery. As a contractor Mark was the Program Manager (PMO) for a large classified contract with the CDC. Currently, Mark is the SVP Global Technology Governance for US Bank/Elavon.
As a volunteer Colonel Mark Gelhardt is the Chief Information Officer (CIO) for the Georgia State Defense Force (GSDF).
Mark is a well-known Author and Keynote Speaker. He speaks on a wide range of topics to include; The White House, Politics, Leadership, Mentorship, Motivational, Information Technology, Cyber Security, Global Governance, Risk and Compliance, and many other topics.
Everyone says there is a technology personnel shortage, but I don’t agree. There are tons of people that want to get into CyberSecurity or Technology. We need to help retired military, college interns, and more into our space and understand we can teach or train those people into what we need. Some of our issues center around old hiring practices and rules given to us by Human Resources and Equal Opportunity rules/laws. Our hiring practices are all about skills, certificates, work history, and not about the person, their personality, and their potential. We also do not teach our hiring managers how to interview people for potential, for what they can learn, or for who they are as a person. We are so worried about being sued for asking different questions to different individuals during our interview process then we are about getting the right person.
CSO at MedeAnalytics
Eric is currently the CSO at MedeAnalytics, a leading Cloud Computing company delivering services for the healthcare system (including hospitals, physician practices, and payers). He has extensive experience working in operations and information security for Cloud Computing companies, including taking Salesforce.com through ISO 27001 certification during his 2 year stint as Information Security Director and running operations for two other Cloud Computing companies, Netfile and Grassroots Enterprise. His experience stretches beyond US borders as he spent two years in New Zealand leading the National Information Security and Business Continuity practice for KPMG and then working for NTT/Dimension Data in New Zealand and Singapore where he led the Incident Response and Computer Forensics practice for Asia/Pac. Eric has published articles on Information Security and IT in various magazines including Computerworld, SC Magazine, Inside Homeland Security, and Windows NT Systems, has presented training programs in many countries around the world, and is a regular speaker at industry events in the United States, Asia, and Oceania.
Universities have dropped the ball on secure coding, but that doesn’t mean the CISO should follow suit. The CISO must become sleuth extraordinaire to understand how disparate SaaS and PaaS solutions are integrated into the development process to improve velocity – and then secure those systems, ferret out the open source integrated into applications (including the most devilish of code snippets lacking appropriate attribution or undisclosed copy left licenses) – and then provide attribution and remove the offending licenses, and find the projects at infancy and integrate early with product management to build security in (no more bolt-on security Band-Aids). In this session we will investigate new tooling that will uncover what was previously hidden, integrate process while improving development velocity, inject security earlier into the project (sometimes even invisibly), and still deliver the traditional application vulnerability management and pen testing that is expected by the clients. Quality takes a leap forward and customer/stakeholder relations improve. Is this possible? It sounds too good to be true. Welcome to the next step of partnering with development – security enables warp speed application development…no speed bumps or stop signs (unless you want to remind them, occasionally, who’s in charge).
Panelist, Managing a Remote Workforce & Creating a Culture of Security
Sridhar is a hands-on technical leader who has led the migration of systems and applications to the Cloud for EIM in 2016. The migration to Cloud was just a start, it opened a great aperture to embrace several opportunities to improve the overall business and technical landscape of EIM.
Sridhar holds a Bachelor’s in Mechanical Engineering from India and has a dual Master’s in Technology Management and Business Administration from Stevens Institute of Technology, New Jersey. He is a certified Project Management Professional and a certified CISO.
In the year 2021, Sridhar was awarded ‘CIO Of The Year’ by Tampa Bay Business Journal.
Managing Director, PMP
Richard Young is the Managing Director of RJY Group, LLC. Mr. Young is a retired Marine veteran with more than 35 years of experience in Project Management, Transportation, and Logistics. He spent twenty years of honorable active service in the United States Marine Corps as a Transportation Chief/Officer. He has previously provided support to various Department of Defense (DOD) entities overseeing their Logistics and Asset Management Functions. His current role has him focused on the facilities maintenance of critical assets for multiple entities that include the DOD, Veterans Affairs, the National Oceanic & Atmospheric Administration (NOAA), and has a presence in 18 states plus the District of Columbia.
With his vast experience in government contracts and project management, Mr. Young is in charge of all aspects of daily and corporate operations for RJY Group including but not limited to operational policies and procedures, business and strategic initiatives, business development, project management, scheduling, procurement, quality control, safety, and closeout documentation.
He maintains an excellent reputation with customers and subcontractors to ensure there is clear communication as well as timely and successful completion of every project. His commitment to safety and accountability has earned both RJY Group and Mr. Young a stellar reputation within the industry with clients, subcontractors, and contracted personnel.
His unbending work ethic has allowed RJY Group to excel in facility operations while remaining customer-centric.
Security organizations are facing challenges and risks on a daily basis. With the complexity of managing so many different tools, it takes immense effort to derive clear consistent insights from them and answer simple everyday questions such as “How is our security program performing?”and “How does it compare to last year? Last Quarter?” It requires the meticulous gathering and inputting of data, the analysis and the synthesizing of information, and the translation of findings so that results from investigations can be meaningful to others in the business. All this distracts the CISO from the most significant element of their job: improving security.
In her presentation titled, “Horror Board Meeting Preparation – Enough with the Old Way. In with the New Way,” SeeMetrics CEO & Founder Shirley Salzman will share stories of global security leaders preparing data for board meetings – including SeeMetrics advisor and former Netflix CISO, Jason Chan; SeeMetrics advisor and cyber expert Sounil Yu; and others. Shirley will describe how they faced the challenge of conveying KPIs and performance measures to senior leadership
For organizations with few — or zero — security measures, building a security strategy may appear daunting. Any CISO that wants to get started should focus on developing security maturity to holistically improve security across the board.
Join Blumira’s Matthew Warner, CTO and Co-Founder, to give you practical, actionable (and nonjudgmental!) advice on how to improve your organization’s security maturity, starting at step one. You’ll learn:
Tom Huang is current a team member of the McGann Group, a small security consulting LLC in Raleigh NC. He is a former Customer Engineer for Microsoft specializing in Modern Desktops and cloud security, Security Solution Architect for BB&T (Triust Financial) and U.S. Postal Service (31 years of service).
Tom’s focus is on Endpoint security and cloud security specializing in Windows 10 and Windows 11 and hardening Endpoints. He also has some knowledge in vulnerability assessment and corporate cyber security awareness training policies and techniques.
He graduated summa cum laude with a bachelors’ degree in Information Technology and have been working in the IT realm for over 22 years with the last 10 in Cyber Security.
His Certifications include the CISSP, MCT, MCP and other Microsoft Certifications. Tom and wife Sandra enjoy travel, family time (3 grown children and 6 granddaughters), and Tom enjoys bowling and golf as his hobbies.
CEO and Co-Founder of Shift5
Josh Lospinoso is the CEO and Co-Founder of Shift5, an OT cybersecurity company that protects planes, trains and defense systems from cyberattacks and improves functional efficiency by providing operators with visibility into the data that powers their longest-lived assets. Shift5 is the first-ever OT cybersecurity and observability solution that enables operators to make data-informed decisions to improve resiliency and operations of fleets.
Prior to founding Shift5, Josh pioneered red team operations for the U.S. military as one of 40 people hand-selected to set up the U.S. Cyber Command, the nation’s most elite unit of cyber defenders. There, he commanded offensive cyber operations, built nation state-grade hacking tools, and formed close relationships with the likes of Four Star General Paul Nakasone, and CISA Director Jen Easterly.
Josh is also the author of C++ Crash Course (No Starch Press, 2019), dozens of peer-reviewed journal articles spanning multiple disciplines and multiple patents. Josh earned a B.S. in Economics and Operations Research from the United States Military Academy and a Ph.D in Statistics from the University of Oxford, where he was a Rhodes Scholar.
Train service outages that keep commuters from work. Shipping interruptions that leave store shelves empty. Faulty GPS data that throws planes and ships off course. These are the hazards of cyberattacks targeting critical transportation infrastructure.
Attack tools have advanced and targets have expanded to include cyber-physical assets associated with the supply chain, like cargo systems and transportation hubs. Meanwhile, critical transportation systems and military platforms that have played a key role in the defense of Ukraine, are increasingly in the crosshairs of cyberattacks.
These systems use operational technology (OT) to power their fleets and the most critical and sensitive functions, like engine and transmission controllers; braking systems; power/electrical controls; command and control displays; and weapon system controls. Their infrastructure is built on older technology that was designed for reliability and longevity, not resiliency. They are also connected to outward-facing networks instead of isolated ones, creating a complex convergence of OT and IT environments. Just last year we witnessed the Toronto public transportation agency hit by a ransomware attack that took down several systems used by drivers and commuters alike, impacting the bottom line. We also witnessed a breach take place on the New York Metropolitan Transportation Authority (MTA) systems.Thankfully no one was harmed, but attacks on cyber-physical operations within transportation systems can cause untold disruption to civil society and harm to citizens, as well as shift the balance of power in military conflict and geo-political matters. Never before have these OT systems been so vulnerable.
In this session, Josh Lospinoso, CEO and co-founder of Shift5, will delve into the risks facing critical transportation infrastructure as an emerging cyber battle ground, why securing operational technology that controls the movement of trains and planes is complex, lags behind IT security and has incredibly high stakes if left unsecured– as well as what that means for operators responsible for securing their fleets. He’ll also provide practical recommendations for how governments and industry can best prepare for and defend against threats to critical transportation infrastructure.
Audience members will walk away with greater visibility into the attack environment within transportation infrastructure, as well as solutions and best practices to help this segment of infrastructure from cyberattacks. This includes public-private collaboration to address growing cyber risks by promoting technology advances, alliances, security standard development, training and improved OT cybersecurity education opportunities.
Cyber Security Consultant, McGann Consulting Group
Chief Information Security Officer, SAI360
Senior Product Director, EC-Council
Director of Information Security and Privacy, Sonesta Hotels
Director - Cyber Security | Risk AdvisoryDirector - Cyber Security | Risk Advisory, Deloitte UK
Client advised of data leakage but would not disclose how it came to know of breach or specify data involved. Case study details complex investigative activities and ultimate findings. Echoing Tina Turner’s “What’s love got to do with it?” this talk will get to the very ‘heart’ of the matter.
Key investigative challenges discussed: – Limited leads from which to build a case – Vast quantity of data to interrogate – High visibility among leadership due to strategic importance of customer – Pressure for expedited response – Language and cultural differences – Data retention issues – Technical literacy among key stakeholders – Large pool of potential suspects – ‘Need-to-know’ principle limiting collaborative efforts – Pressure to manage costs of investigation – Privacy and confidentiality issues – Cross border data flows and multitude of egress points for exfiltration.
Key post mortem takeaways and insights: – Managing complex and highly sensitive global projects with accountability to executive – Maintaining high quality outcomes whilst managing costs, time, and resource utilization efficiently – Managing cross-cultural differences and strategies for enabling bridge-building among interdisciplinary stakeholders from diverse backgrounds.
VP Analytics, Pythian
CISOs will learn how they can effectively influence data governance programs, how they structure their own organization to be data-centric in their approach and what technology architectures will be needed to support future data governance & consumption needs.
The primary asset for most organizations is their data. Data drives consumer engagement, product development, marketing analytics and future product investment and decisions. This value means data is also the primary risk to an organization – The loss, unauthorized change or exploitation of data can leave an organization with negative reputation or legal consequences.
The need to balance the value of data with risk is bringing new prominence to holistic data governance programs that act as an organization enabler. Holistic data governance programs are where organizations ensure that new regulatory obligations, consumer expectations, product features and data exchanges with third parties are managed to minimize risk and maximize the value exploited from an organizations data. Effective data governance programs work to define policies & enable engineers and product teams through data literacy programs to effectively build systems that create and leverage data.
The role of the CISO and their organization is evolving to become more data centric. They are a powerful voice in data governance programs to ensure alignment between corporate security policies and data creation & consumption needs. An effective CISO will influence policies and architectures for data creation, storage, process and protection. The engaged CISO will work to align their learning and development requirements with that of the holistic data governance programs so that data literacy programs are impactful and enable engineers with the tools & knowledge needed to build modern competitive platforms that exploit the value of data while meeting legal and regulatory obligations and consumer privacy obligations.
Regional CSO, AXA
We’ve been witnessing a continuous increase in complexity of the security threat landscape for years and kept adding solutions to our Security Stacks in response. Now when we look at the stack, it stands tall like a Skyscraper! When will it end? Is it sustainable to keep adding to the stack? Join Bruno Fonseca on his trials and tribulations trying to manage a Security Stack.
Cybersecurity & Privacy Attorney / Keynote Speaker / National News Analyst / Adjunct Law Professor, Drexel University's Thomas R. Kline School of Law
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|