Jeff brings more than 30 years of hands-on cybersecurity intelligence and cybersecurity operations experience including engagements with the Department of Defense (DOD), Department of Energy (DOE), and NASA. More recently Jeff has served as CISO at Blue Team Alpha, where he educated customers on the current threat landscape and served as an advocate for the need of a strong cybersecurity practice.
Bob Reny is a recent addition to the CTO team at Exabeam. His 27 years of experience in information technology starting in systems administration and security in the US Air Force. This started a path for all things security, focusing on computer and networks. Bob has done network security design, firewall architecture, IPS deployment, network access control and end point security architecture. Large program security include zero trust, Operational Architecture safety/security. His expertise has supported customer organizations public and private. This covers scaling for many large federal agencies, global 1000 companies in many business verticals across finance, utilities, service, and technology. Bob has been a CISSP for the past almost 22 years and continues to help organizations evaluate the broad security policy to streamline Security Operations Center activities. This includes improving cross-functional processes for change management, incident response, event escalation, and response.
Paul Steen is a Principal Solutions Engineering at Imperva, Inc. a provider of Application, API, and Data Security solutions. In this role, Paul works with Imperva’s largest customers in North America. Paul also works with customers to understand application and data security trends and how best to manage application and data security and the obligations that accompany the associated compliance requirements.
Paul has spent more than 25 years in the Application and Data Security space. In his more than 15 years with Imperva, he has held a variety of roles including Global Product Strategist. He also spent time managing pre-sales teams in the US, as well as Asia Pacific. Prior to joining Imperva, Paul worked in a variety of technical roles at Check Point Software Technology Ltd., including security engineering and, partner and end-user instruction
Paul is a frequent speaker at key IT security events such as RSA Conference, AusCert, OWASP, AISA. He has also trained professional security related certifications in over 35 countries and lectured on IT security subjects at established schools and university around the world.
Merlin Namuth is Chief Information Security Officer at REPAY, a high growth fintech company. Namuth has over 27 years of IT experience – last 24 years focused in security. His comprehensive experience spanning several industries includes leading 5 different security programs, creating strategy and building security programs from the ground up, mergers and acquisitions, managing incident response teams, computer forensics, compliance, architecture, and engineering complex security solutions both on-prem and in the Cloud. Namuth is an Adjunct Faculty in the Cybersecurity Executive Program at California State University – Northride and also serves as an advisor to security startup companies. He has presented at numerous conferences, including RSA both domestically and internationally and been interviewed on renowned security podcasts.
David Cundiff is a renowned cybersecurity expert and the VP, of Services and Solutions atf Eclypsium, a leading provider of firmware and hardware security solutions. With over two decades of experience in the industry, David has made significant contributions to the field of cybersecurity and has played a pivotal role in helping organizations mitigate risks associated with various cybersecurity needs.
As the VP of Services and Solutions at Eclypsium, David is responsible for leading the development of innovative solutions to protect organizations from firmware-based attacks. He works closely with a team of talented architects, engineers and researchers to analyze, identify, mitigate and respond to vulnerabilities in firmware and develop cutting-edge security measures to defend against them.
David’s expertise extends to various areas of cybersecurity, including embedded systems, firmware security, supply chain risk management, incident response, and threat intelligence. He has a deep understanding of the complexities and challenges involved in securing hardware and firmware throughout the technology ecosystem.
Throughout his career, David has been instrumental in raising awareness about the critical role firmware plays in overall system security. He has delivered presentations at industry conferences and events, sharing his knowledge and insights on security best practices, emerging threats, and the importance of a holistic approach to cybersecurity.
Prior to joining Eclypsium, David held leadership positions in prominent cybersecurity companies, where he spearheaded the development of groundbreaking security solutions. His extensive industry experience and technical expertise have earned him a reputation as a trusted advisor and thought leader in the field.
David is a passionate advocate for collaboration and information sharing within the cybersecurity community. He actively participates in industry working groups and forums, contributing to the advancement of cybersecurity standards and practices. His contributions have been recognized and appreciated by his peers, and he continues to make significant contributions to the field through his research and thought leadership.
Rob is a Senior Systems Engineer for Versa Networks. He has over 25 years of experience in the field of technology and cybersecurity. Rob has previously served in many roles, including admin, support, consultant, and SE for companies that deliver Virtualization, Cloud, Networking, and Security. A large portion of his time was spent consulting with the US Department of Defense. His passion for security keeps him up to date on where the industry is and where it is going. His varied experience and daily conversations with businesses of all sizes allow him to see security solutions’ practical implications.
Daniel Smallwood is a Threat Researcher and Engineer with LiveAction who has spent over 20 years supporting security enterprises in both the federal and private sectors. His experience includes engineering and operations for the USAF CERT, DISA, as well as combatant commands EUCOM/AFRICOM. More recently he has been on the ground floor of several security startups engineering solutions and conducting threat research for Click Security (acquired by AlertLogic), JASK (acquired by Sumo Logic), and IronNet Cybersecurity.
I provide leadership to an Information Security Team to continuously assess business’s protection needs, analyze risks, design, implement, maintain, and monitor the security controls and events to ensure the Confidentiality, Integrity, and Availability of mission’s supporting information and information processing systems.
Data and information security professional looking to connect with other industry professionals to share knowledge, uplift and support each other.
Denver Cybersecurity Conference
Thursday, June 1, 2023
Live In Person @ DoubleTree Denver Tech Center
In Person | Virtual | Hybrid
Earn up to 10 CPE credits
About the Event
FutureCon Events brings high-level Cyber Security Training discovering cutting-edge security approaches, managing risk in the ever-changing threat of the cybersecurity workforce.
Join us as we talk with a panel of C-level executives who have effectively mitigated the risk of Cyber Attacks.
Educating C-suite executives and CISOs (chief information security officers) on the global cybercrime epidemic, and how to build Cyber Resilient organizations.
“Cybersecurity is no longer just an IT problem”
Gain the latest knowledge you need to enable applications while keeping your computing environment secure from advanced Cyber Threats. Demo the newest technology, and interact with the world’s security leaders and gain other pressing topics of interest to the information security community.
The FutureCon community will keep you updated on the future of the Cyberworld and allow you to interact with your peers and the world’s security leaders.
For sponsorship opportunities email sales@futureconevents.com
Keynote Speaker
"Truths - Myths - Maybes"
Merlin Namuth
Chief Information Security Officer REPAY - Realtime Electronic Payments
Accomplished Information Security Leader – 26 years IT experience with the past 23 years focused on Information Security
I started my career in hands-on systems and network administration roles and worked my way up to building and leading security programs in small and medium sized companies. In addition, I architected and engineered multi-million dollar complex security solutions spanning several global locations. My passions include continuous improvement of security programs and creating healthy, productive teams. I have years of experience working with executive and senior leadership, including company owners. I not only enjoy leading security teams and working with the business on security initiatives, but I also stay current with emerging security technologies.
CISO/Industry Leader Panel
“Cybersecurity Leaders and Experts on Current Cyberthreats and Practices”
Merlin Namuth
Chief Information Security Officer
REPAY - Realtime Electronic Payments
Mohamed Malki
Entreprise Security Architecture , Director
State of Colorado Governor's Office of Information Technology
Cody Burrows
CISO/Penetration Tester/Architect/Engineer, Cyber Perimeter Security
| VP - Director of Security Assurance, CXLoyalty (JP Morgan Chase
Dr. Michael Hutchison
Vice President; Information Security
Bank of America
Quintana Patterson
IT Clinical and Compliance Manager
University of Colorado Anschutz Medical Campus
Platinum Sponsors
Lumu Technologies is a cyber-security company that illuminates threats, attacks, and adversaries affecting enterprises worldwide. Using actionable intelligence, Lumu provides a radical way to secure networks by enhancing and augmenting existing defense capabilities established over the past 25 years.
LiveAction provides end-to-end visibility for network security and performance. By relying on a single source of truth – the packets – LiveAction gives modern enterprises the confidence needed to ensure the network is securely meeting business objectives, providing full network visibility to better inform NetOps and SecOps, and reducing the overall cost of network and security operations. By unifying and simplifying the source of collection, inspection, presentation, and analysis of network traffic, LiveAction empowers network and security professionals to proactively and quickly identify, troubleshoot, and resolve issues across increasingly large and complex networks. To learn more about LiveAction, visit https://www.liveaction.com.
Gold Sponsors
Exabeam is a global cybersecurity leader that created New-Scale SIEMTM for advancing security operations. Built for security people by security people, we reduce business risk and elevate human performance. The powerful combination of our cloud-scale security log management, behavioral analytics, and automated investigation experience gives security operations an unprecedented advantage over adversaries including insider threats, nation states, and other cyber criminals. We Detect the UndetectableTM by understanding normal behavior, even as normal keeps changing – giving security operations teams a holistic view of incidents for faster, more complete response. Learn more at www.exabeam.com.
Eclypsium is a supply chain security platform that builds trust in every device by identifying, verifying and fortifying software, firmware and hardware throughout enterprise infrastructure. Eclypsium’s platform monitors critical assets from chip to cloud and mitigates risk throughout the asset lifecycle. Powered by world-class research team, Eclypsium was named as Gartner Cool Vendor, and a winner of Fast Company’s most innovative security companies, CNBC Upstart 100 and Baby Black Unicorn awards.
Versa is the modern secure network. Available via the cloud, on-premises, or as a blended combination of both, Versa SASE connects Enterprise branches, teleworkers, and end users securely and reliably to applications in the cloud or data centers around the world.
Silver Sponsors
Rubrik, the Zero Trust Data Security Company™, delivers data security and operational resilience for enterprises. Rubrik’s big idea is to provide data security and data protection on a single platform, including: Zero Trust Data Protection, ransomware investigation, incident containment, sensitive data discovery, and orchestrated application recovery. This means data is ready at all times so you can recover the data you need, and avoid paying a ransom. Because when you secure your data, you secure your applications, and you secure your business.
Cavelo helps businesses achieve attack surface management with automated data discovery, classification and reporting. Its cloud compatible cyber asset attack surface management (CAASM) platform continuously scans, identifies, classifies and reports on sensitive data across the organization, simplifying compliance reporting, vulnerability management and risk remediation.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.
For more information, go to synopsys.com/software
trackd.com is a modern patch management platform with a unique twist. Our solution records the experience of vulnerability remediation practitioners after they’ve applied a given patch (i.e. did it break something?), anonymizes that data, and then shares it in real-time with all other trackd platform users. The data enables remediation teams to identify the small percentage of patches that are likely to break something, as well as those with little or no history of disruption that can be considered strong candidates for auto-patching.
Data Theorem prevents AppSec data breaches. We provide SAST, DAST, & RASP for API Security, Web Security, Mobile Security, and Cloud Security. Our products provide Inventory (Discovery), Security Testing (SAST/DAST), and Active Protection (RASP) for APIs (RESTful, GraphQL, gRPC, and SOAP), mobile apps (iOS, Android, React Native, Flutter), Web Apps (Web 2.0 & Single Page Apps), & Cloud Apps + CSPM (Serverless Lambda, Google Cloud Functions, Azure Functions). Data Theorem is headquartered in Palo Alto, CA., with offices in New York, Chicago, Boston, Paris, and London. For more information visit https://www.datatheorem.com.
HelpSystems has long been known for helping organizations become more secure and autonomous. However, over the years, our customers have shared with us that it has gotten harder and harder to protect their data. As technology plays an increasingly important role in the way organizations operate, cyberthreats are evolving to become more powerful than ever before. If there’s one thing we’ve learned from being in an industry where the only constant is change, it’s that being adaptable is the best way to grow in the right direction. So we’ve listened to our customers’ concerns, problem-solved, and delivered with impressive results. Consequently, we’re a different company today — one that is tackling cybersecurity head-on.
That’s why HelpSystems is now Fortra, your cybersecurity ally. We’re bringing the same people-first support and best-in-class portfolio that you’ve come to expect from HelpSystems, only now we’re unified through the mission of providing solutions to organizations’ seemingly unsolvable cybersecurity problems. We offer leading solutions like data security, infrastructure protection, managed services, and threat research and intelligence. Throughout every step of our customers’ journeys, our experts are determined to help increase security maturity while decreasing the operational burden that comes with it. Because our team puts the same level of care into protecting our customers’ peace of mind as their precious data. We’re driven by the belief that nothing is unsolvable. We’re tenacious in our pursuit of a better future for cybersecurity.
We are Fortra.
BlackBerry is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.
Azul, provider of the Java platform for the modern cloud enterprise, is the only company 100% focused on Java. Millions of Java developers, hundreds of millions of devices, and the world’s most highly regarded businesses trust Azul to power their applications with exceptional capabilities, performance, security, value, and success. Azul’s customers include 27% of the Fortune 100, 50% of Forbes Top 10 World’s Most Valuable Brands, all 10 of the world’s Top 10 financial trading companies, and leading brands like Avaya, Bazaarvoice, BMW, Credit Suisse, Deutsche Telekom, LG, Mastercard, Mizuho, Priceline, Salesforce, Software AG, and Workday. Learn more at azul.com and follow us @azulsystems.
Sprocket Security was founded to improve the way we approach cybersecurity. Currently the industry performs services in a timeboxed, or point-in-time approach. We think this is fundamentally flawed. We protect your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.
Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. NodeZero, our autonomous penetration testing solution, enables organizations to continuously assess the security posture of their enterprise, including external, identity, on-prem, IoT, and cloud attack surfaces. Like APTs, ransomware, and other threat actors, our algorithms discover and fingerprint your attack surface, identifying the ways exploitable vulnerabilities, misconfigurations, harvested credentials, and dangerous product defaults can be chained together to facilitate a compromise. NodeZero is a true self-service SaaS offering that is safe to run in production and requires no persistent or credentialed agents. You will see your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited. Founded in 2019 by industry, US Special Operations, and US National Security veterans, Horizon3.ai is headquartered in San Francisco, CA, and made in the USA.
Partners
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 168,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry.
The Pan Asian American Business Council (“PAABC”) is a non-profit organization consisting of Asian American businesses that would like to promote and grow their own and other Asian American businesses.
To enable Asian American owned businesses to develop and grow.
Founded in 2012, the Women’s Society of Cyberjutsu (WSC) is a National 501(c)3 non-profit community, focused on empowering women to succeed in the cybersecurity industry. WSC’s mission is to advance women in cybersecurity careers by providing programs and partnerships that promote hands-on training, networking, education, mentoring, resource-sharing and other professional opportunities.
WSC serves thousands of women across the globe by bringing awareness to, and advancing careers in, cybersecurity. The WSC community includes information security professionals, IT professionals, programmers, computer scientists and engineers, as well as women wanting to explore and join the field. Recognizing the importance of encouraging girls to embrace a future in STEM-related professions through its Cyberjutsu Girls Academy, WSC provides a unique hands-on curriculum focused on securing information technology. For more information, visit http://www.womenscyberjutsu.org.
We put our heart and soul into this Cybersecurity Conference directory.
Way back in 2013 we had another website called “Concise Courses” which used to market and sell InfoSec training courses. We published a blog post listing all the upcoming InfoSec Conferences of that year, and Google loved the resource and put us right to the top of the search engines. That ‘accidental’ occurrence spawned this directory which is maintained by a small team comprising of Henry Dalziel and Charles Villaneuva and a bunch of freelance programmers.
What We Do:
We list, literally, every single Information Security conference, event and seminar within every niche in Cybersecurity.
We have a dedicated team that maintains our in-house tech stack, directory, and data curation.
Agenda
Times are subject to change
Opening Introductions | Check In | Networking
Presentation
The power of Threat - Informed Defense
Threat-informed defense is a strategic approach to cybersecurity that combines threat intelligence with traditional security measures and threat analysis. During this presentation you’ll learn how to form a strategy that can proactively identify threats before they can cause damage or disruption.
Networking
Sponsor Networking Time
Presentation
The Science of Normal: Changing cybersecurity and your poker game
You wouldn’t play poker blind, so why search for cyberthreats without analytics?
Searching data lakes for cybersecurity threats or vulnerable assets without using scaled analytics is like playing a round of poker while blindfolded! You always want the upper hand, so in this talk, you’ll learn how security related content including pre-built reports, dashboards, and visualizations can handle common security and compliance requirements. Analytics ensure sound security postures so organizations don’t fold to cyber threats.
By simplifying the review of an enterprise data lake using easily implemented data science with scaled analytics, you can eliminate blind spots and significantly improve your organization’s cybersecurity framework. We’ll also show you how the SOC can extract the most value from security data, plus we’ll share many more stealth tips for your advantage.
Presentation
API’s: The Users Best Friend but Your Data’s Worst Nightmare
API’s have exploded over the last couple of years as the pandemic changed the way organizations do business and how they relate to their users. This has served to drastically increase the number of doors open to the Data. But what hasn’t changed is the target. With Data still in the crosshairs, the challenge of protecting that data has increased accordingly.
Learn what organizations are doing today to mitigate the threat to Data from the exponential increase in access to that data via the explosion of API’s and API access points.
Networking
Sponsor Networking Time
Lunch
Keynote
"Truths - Myths - Maybes"
Networking
Sponsor Networking Time
Presentation
The Guide to Digital and Device Supply Chain Security
In today’s interconnected world, the digital and device supply chain has become increasingly complex, making it more vulnerable to security threats and attacks. As organizations rely on a myriad of devices and software to drive their operations, ensuring the integrity and security of the supply chain is paramount.
In this session, we will cover:
-
Introduction to the digital and device supply chain: Understanding the interconnected ecosystem of hardware, software, and services
-
Understanding the Attack Surface Below the OS: Identifying potential weak points and vulnerabilities in the supply chain
-
Best practices for supply chain security: Proactive measures to strengthen security, including risk assessments, secure sourcing, verification and authentication processes, and supply chain visibility.
Presentation
How to be Unhackable
Every business desires to be unhackable. Even air-gapped environments have data leakage, but there are proven steps that can significantly limit your exposure without causing undue irritation to your staff. In this session, we will review these proven solutions and which ones must be implemented today.
Networking
Sponsor Networking Time
Presentation
Stories from the Front Lines: SOC Edition
There’s never a dull moment in the Security Operations Center (SOC). In this session, Daniel Smallwood shares some of the most interesting security incidents he’s encountered during his 20-year career as a threat researcher and engineer in the federal and private sectors. These include:
- The Case of the Missing Hard Drive: Lessons Learned from Handling an Insider Threat
- From the UK to Aliens to Pink Floyd: The British Hacker Story
- The Network is Overrun with Coin Miners: How to Approach an Overwhelming Breach
Daniel discusses not only the story of what happened, but the tools and techniques used and developed that brought success.
Networking
Sponsor Networking Time
Panel Discussion
“Cybersecurity Leaders and Experts on Current Cyberthreats and Practices”
Mohamed Malki
Entreprise Security Architecture , Director State of Colorado Governor's Office of Information Technology
Cody Burrows
CISO/Penetration Tester/Architect/Engineer, Cyber Perimeter Security | VP - Director of Security Assurance, CXLoyalty (JP Morgan Chase
