IT Summit - Fall
Wednesday-Thursday, September 11-12, 2019
SynerComm's 17th Annual IT Conference, at Potawatomi Hotel & Casino
Upcoming Sessions
Information Subject to Change
Click on a track to filter the results below
Keynote: Quad - IT Improving the Bottom Line: disruptive thinking and technologies (AI + BPM)
Wednesday • 1:30PM - 2:15PM
• Room: Serenity
- Title
- Quad - IT Improving the Bottom Line: disruptive thinking and technologies (AI + BPM)
- Abstract
- In this keynote session Steve Jaeger, Quad CIO will share some thought-provoking use cases and opportunities that they discovered to change business as usual, leveraging disruptive thinking and technologies (AI) to positively impact the bottom line and customer perceptions.
- Speaker
- Steve Jaeger Details
- Presented by
-
- Presentation
- Request by Email
How Machine Learning Actually Works for Risk Based Authentication
Wednesday • 2:20PM - 3:00PM
• Room: Inspire
- Title
- How Machine Learning Actually Works for Risk Based Authentication
- Abstract
- The future of security revolves around security automation and machine learning. While this sounds nice at face value, building a strategy around identity and access management requires a plan. Idaptive will discuss a proven IAM Framework to provide Zero Trust Security. Continuous authentication is the gold standard of IAM however it only works when there is balance between security and user productivity. During this session we’ll dive into how risk based decisions are use to create rock solid MFA and SSO solutions along with a demo of real life solutions in practice.
- Speaker
- Brian Krause Details
- Presented by
-
- Presentation
- Download
Visibility, to what end?
Wednesday • 2:20PM - 3:00PM
• Room: Prosperity
- Title
- Visibility, to what end?
- Abstract
- This session looks to challenge your current way of thinking about Visibility Projects. You may often hear the words "I really need to see what is on my network" but have you ever asked why network visibility is important? Digging past the surface of your current visibility project may lead to more value than you realize for you and your organization.
- Speaker
- Shane Coleman Details
- Presented by
-
- Presentation
- Download
Operationalizing the NIST Cybersecurity Framework (CSF) and successfully navigating the managed security services market
Wednesday • 2:20PM - 3:00PM
• Room: Serenity
- Title
- Operationalizing the NIST Cybersecurity Framework (CSF) and successfully navigating the managed security services market
- Abstract
Alright, let's address the elephant in the room. Frameworks aren't known for being page turners - even when they're shortened into seven characters like the NIST CSF. But there are some things you do because they're "good" for you - like going to the doctor, eating well and exercising. The NIST CSF is like that. While we can't turn the NIST CSF into the latest best seller (sorry!), we can give you a quick tour and show you exactly how you can positively affect your NIST CSF ratings - both now ... and over the long term.
Next, we will explore how to successfully naviagate the confusing managed security services landscape and the emergence of MDRs and the due diligence questions you need to ask to align expectations and measure value.
- Speaker
- Bruce Potter Details
- Presented by
-
- Presentation
- Download
Thought Leadership Roundtable
Wednesday • 3:15PM - 5:30PM
• Room: Harmony
- Title
- Thought Leadership Roundtable
- Abstract
- SynerComm moderated session where we will openly discuss today’s IT challenges and share lessons learned while exploring viable strategies with your peers and industry visionaries. *Reserved for company executives and an optional team member.
- Speaker
- Mark Sollazo; Kirk Hanratty Details
- Presented by
-
- Presentation
- Request by Email
Keys to operationalizing a Framework or avoiding common pitfalls and making it relevant and effective today and in the future
Wednesday • 3:15PM - 3:55PM
• Room: Inspire
- Title
- Keys to operationalizing a Framework or avoiding common pitfalls and making it relevant and effective today and in the future
- Abstract
- Compliance doesn't equal security and security doesn't equal compliance.
- Speaker
- Bill Curtis, Jeff Lemmermann, Paul Hendler Details
- Presented by
-
- Presentation
- Download
Pentest Post-Mortems - What Should Keep You Up At Night!
Wednesday • 3:15PM - 3:55PM
• Room: Prosperity
- Title
- Pentest Post-Mortems - What Should Keep You Up At Night!
- Abstract
- We've always said that security is everyone's job, but never has that been more true. This talk will focus on the critical lessons learned from over 10 years of penetration testing. Brian has led, participated in, and reviewed the reports from hundreds of penetration tests. Perhaps not too surprising, the discovered flaws and vulnerabilities are not unique to industry or even company size. Join us for a review of the weaknesses that should keep you up at night. There will be plenty of opportunity to discuss these concerns and others with Brian and your fellow attendees.
- Speaker
- Brian Judd Details
- Presented by
-
- Presentation
- Download
Cloud Architecture: When and How to go Cloud
Wednesday • 3:15PM - 3:55PM
• Room: Serenity
- Title
- Cloud Architecture: When and How to go Cloud
- Abstract
This presentation will take a business-meets-technical approach to cloud hosting. The focus areas of this presentation are:
- When does it make sense to migrate applications to the cloud?
- What do we need to do to prepare?
- How does an organization go about a cloud deployment?
For some organizations, the time to migrate applications to the cloud was 2012. For others it might be 2019 or beyond. Knowing the costs, capabilities, and limitations of cloud platforms along with readying your teams with proper support and training is the key to success.
- Speaker
- Aaron Howell; William Kiley Details
- Presented by
-
- Presentation
- Download
Cloud Defense: The Azure and Office 365 Battleground
Wednesday • 4:00PM - 4:40PM
• Room: Inspire
- Title
- Cloud Defense: The Azure and Office 365 Battleground
- Abstract
This presentation will look at what moving corporate email systems to the Microsoft cloud means in terms of security against attacks to steal data and deny services. Three primary areas of focus will make up the presentation:
- What Microsoft Secure Score is and what it isn't
- The role Microsoft Azure plays in all Office 365 corporate deployments
- How to assess and set proper controls in the Azure and Office 365 environment
Moving from an on premise to a cloud-based environment only changes who owns the physical equipment that houses your information. It doesn't change the fundamentals of protecting that information. Attendees will hear about the latest attack tactics against Azure and Office 365, why they are working, and what defense strategies can stop these attacks.
During the session, we will discuss the Microsoft Secure Score analysis, ways to leverage what it tells us, and why additional steps are essential to protecting the system. We will review how Microsoft Azure interacts with the Office 365 implementation and look at assessing and improving the important settings to defend the confidentiality, integrity, and accessibility the system and its data.
- Speaker
- Jeff Lemmermann Details
- Presented by
-
- Presentation
- Download
Maturing Your SDLC: BSIMM Framework
Wednesday • 4:00PM - 4:40PM
• Room: Prosperity
- Title
- Maturing Your SDLC: BSIMM Framework
- Abstract
In this presentation, the speaker introduces a series of talks surrounding the concept of a secure software development life cycle (S-SDLC). Software teams are not strangers to frameworks. They offer powerful libraries, opinionated design patterns, and robust communities that can improve the quality and efficiency of your teams product(s). What if that concept could be applied to the practices surrounding software security?
Join us to explore the concept of a security framework for software development using BSIMM.
- Speaker
- William Kiley Details
- Presented by
-
- Presentation
- Download
A Risk Assessment Primer. Laying out what an organization should do to prepare for and effectively participate in an information systems risk assessment.
Wednesday • 4:00PM - 4:40PM
• Room: Serenity
- Title
- A Risk Assessment Primer. Laying out what an organization should do to prepare for and effectively participate in an information systems risk assessment.
- Abstract
- In this session you will learn inventory characteristics, data worth, and controls maturity against the CIS Top 20. If you're not thinking this way and not considering these things you better get going.
- Speaker
- Bill Curtis Details
- Presented by
-
- Presentation
- Download
Cloud Defense: AWS Common Findings & Mitigating Controls
Wednesday • 4:45PM - 5:25PM
• Room: Inspire
- Title
- Cloud Defense: AWS Common Findings & Mitigating Controls
- Abstract
- In this presentation, we will cover pitfalls in application deployments with enterprise cloud providers. How can we prepare, protect, clean-up, and mitigate properly to get the best possible experience with our provider(s)?
- Speaker
- Aaron Howell Details
- Presented by
-
- Presentation
- Download
Maturing Your SDLC: Static & Dynamic Testing
Wednesday • 4:45PM - 5:25PM
• Room: Prosperity
- Title
- Maturing Your SDLC: Static & Dynamic Testing
- Abstract
- In this presentation, the speaker builds on Chapter 1 of the series which outlined the components of a modern software development life cycle (SDLC). This time, the speaker focuses on one area: automated security testing. What can it do for my business? What are some of options and examples? What does it require to set up and maintain, and is it worth it?
- Speaker
- William Kiley Details
- Presented by
-
- Presentation
- Download
Failure is not an Option: Managing Digital Debt
Wednesday • 4:45PM - 5:25PM
• Room: Serenity
- Title
- Failure is not an Option: Managing Digital Debt
- Abstract
- Join us to discuss just what "digital debt" is, what it means in the world of digital transformation, and how your organization can manage the debt, rather than being managed by it.
- Speaker
- Marc Spindt Details
- Presented by
-
- Presentation
- Download
Keynote: Strategies and Lessons Learned from Recent Breaches: Are You Making the Same Mistakes?
Thursday • 9:00AM - 9:45AM
• Room: Serenity
- Title
- Strategies and Lessons Learned from Recent Breaches: Are You Making the Same Mistakes?
- Abstract
- 2019 will be a banner year for data breaches—we are on pace to have the most records disclosed, ever. In this session, Justin will share lessons from the legal side of the data breach world, including what happens when an entity has insufficient security controls, a disorganized incident response process, fails to preserve evidence, receives inquiries from regulators, and fields angry data breach victim calls. From all of this, Justin will offer insights into how not to become the next data breach victim, how to navigate a data breach when it inevitably occurs, how to mitigate risk with cyberliability insurance, and the legal considerations that permeate incident response.
- Speaker
- Justin Webb Details
- Presented by
-
- Presentation
- Request by Email
Bringing Artificial Intelligence to Access and Wireless Networking
Thursday • 10:30AM - 11:10AM
• Room: Harmony
- Title
- Bringing Artificial Intelligence to Access and Wireless Networking
- Abstract
Mist Systems has brought AI to wireless networking. We have combined data scientists and cloud architects with decades of wireless domain expertise to build the first truly innovative WLAN platform in over a decade. At the core of our solution is the Mist cloud, purpose-built on a microservices architecture for rapid deployment of new services without impacting existing services. Mist is now part of Juniper and is extending its AI platform to the network at large.
Companies of all sizes can take advantage of Mist's AI-driven solution that delivers the following:
- Wi-Fi and access networking that is predictable, reliable and measurable
- Wired and Wireless operations that are simple and cost effective
- Location services that deliver amazing new wireless experiences
- Speaker
- Tom Wilburn Details
- Presented by
-
- Presentation
- Download
Five Critical Elements of Endpoint Security
Thursday • 10:30AM - 11:10AM
• Room: Prosperity
- Title
- Five Critical Elements of Endpoint Security
- Abstract
Endpoint security is one of the most critical components of a cybersecurity strategy. The 2018 SANS Endpoint Security Survey Report found that more than 80 percent of known breaches involved an endpoint. Nearly every one of these endpoints had some form of endpoint protection installed, which failed to live up to the challenge of today's adversary. Unfortunately, for those responsible for protecting their organizations' endpoints, it has never been more challenging to select the best solution for the job.
In this presentation, Scott Taschler of CrowdStrike provides an overview of the 5 critical elements of endpoint protection required to effectively protect an organization against today's modern threats.
- Speaker
- Scott Taschler Details
- Presented by
-
- Presentation
- Download
Why Network Detection and Response is necessary
Thursday • 10:30AM - 11:10AM
• Room: Serenity
- Title
- Why Network Detection and Response is necessary
- Abstract
- Malware authors have not been resting on their laurels: new evasion techniques and file-less malware are beginning to cause real impact on enterprise networks. Traditional detection tools are being bypassed, and the exponential growth of traffic both inside and outside your walls make your security team’s job to find the needle in the haystack a hard game to win. Network detection and response (NDR) tools combine both AI and machine learning with behavioral analytics to connect the dots for your security staff. NDR empowers your threat hunters with real threat intelligence and actionable insights to events in real- or near real-time. This talk will explain how we got to this stage, and where NDR may fit inside your castle walls.
- Speaker
- Richard Henderson Details
- Presented by
-
- Presentation
- Download
Pentest Post-Mortems - What Should Keep You Up At Night!
Thursday • 11:15AM - 11:55AM
• Room: Harmony
- Title
- Pentest Post-Mortems - What Should Keep You Up At Night!
- Abstract
- We've always said that security is everyone's job, but never has that been more true. This talk will focus on the critical lessons learned from over 10 years of penetration testing. Brian has led, participated in, and reviewed the reports from hundreds of penetration tests. Perhaps not too surprising, the discovered flaws and vulnerabilities are not unique to industry or even company size. Join us for a review of the weaknesses that should keep you up at night. There will be plenty of opportunity to discuss these concerns and others with Brian and your fellow attendees.
- Speaker
- Brian Judd Details
- Presented by
-
- Presentation
- Download
A Risk Assessment Primer. Laying out what an organization should do to prepare for and effectively participate in an information systems risk assessment.
Thursday • 11:15AM - 11:55AM
• Room: Prosperity
- Title
- A Risk Assessment Primer. Laying out what an organization should do to prepare for and effectively participate in an information systems risk assessment.
- Abstract
- In this session you will learn inventory characteristics, data worth, and controls maturity against the CIS Top 20. If you're not thinking this way and not considering these things you better get going.
- Speaker
- Bill Curtis Details
- Presented by
-
- Presentation
- Download
Cloud Architecture: When and How to go Cloud
Thursday • 11:15AM - 11:55AM
• Room: Serenity
- Title
- Cloud Architecture: When and How to go Cloud
- Abstract
This presentation will take a business-meets-technical approach to cloud hosting. The focus areas of this presentation are:
- When does it make sense to migrate applications to the cloud?
- What do we need to do to prepare?
- How does an organization go about a cloud deployment?
For some organizations, the time to migrate applications to the cloud was 2012. For others it might be 2019 or beyond. Knowing the costs, capabilities, and limitations of cloud platforms along with readying your teams with proper support and training is the key to success.
- Speaker
- Aaron Howell; William Kiley Details
- Presented by
-
- Presentation
- Download
Balancing Security and Privacy in the Age of AI
Thursday • 1:30PM - 2:15PM
• Room: Harmony
- Title
- Balancing Security and Privacy in the Age of AI
- Abstract
- While technological innovations bring us new options for better security, we must constantly evaluate how they affect our privacy. For example, with cheaper, better cameras, we can have surveillance, but we lose some privacy. When traveling by plane, we let security x-ray our bags for assurance of security. We make the same considerations for securing our organizations. Today, the number one threat vector is email security, where hackers are targeting employee communications. We need better ways of monitoring communications, but no one wants anyone going through their emails, documents, slack, etc. With the age of AI - we have new opportunities where machines can analyze the communications in an automated fashion, and flag issues for security, without violating privacy. In this talk, learn how new techniques using deep learning and natural language understanding (NLU) deliver better security without sacrificing privacy.
- Speaker
- Melinda Marks Details
- Presented by
-
- Presentation
- Download
5 Top CASB Use Cases
Thursday • 1:30PM - 2:15PM
• Room: Prosperity
- Title
- 5 Top CASB Use Cases
- Abstract
Cloud and mobile usage has skyrocketed in many enterprises, introducing many new risks to corporate data. Cloud access security brokers (CASBs) have quickly become go-to solutions for securing apps like Office 365, Salesforce, and AWS.
However, the wide ranging capabilities of a CASB can make it difficult to identify which use cases are most relevant to your organization's needs and how these platforms solve critical challenges. In this session we will identify the five most common CASB use cases.
- Speaker
- Jon Peppler Details
- Presented by
-
- Presentation
- Download
Next Generation Secure Access
Thursday • 1:30PM - 2:15PM
• Room: Serenity
- Title
- Next Generation Secure Access
- Abstract
- Traditional security perimeters have shifted and organizations must be able to extend dynamic, on-demand application access to users without compromising security or user experience. By enabling secure “verified” user and device access to only authorized applications, Pulse Software Defined Perimeter helps customers reduce their exposure to advanced threats, while simplifying connectivity and improving experience.
- Speaker
- Ashur Kanoon Details
- Presented by
-
- Presentation
- Download
Keys to operationalizing a Framework or avoiding common pitfalls and making it relevant and effective today and in the future
Thursday • 2:20PM - 3:05PM
• Room: Harmony
- Title
- Keys to operationalizing a Framework or avoiding common pitfalls and making it relevant and effective today and in the future
- Abstract
- Compliance doesn't equal security and security doesn't equal compliance.
- Speaker
- Bill Curtis, Jeff Lemmermann, Paul Hendler Details
- Presented by
-
- Presentation
- Download
Maturing Your SDLC: BSIMM Framework
Thursday • 2:20PM - 3:05PM
• Room: Inspire
- Title
- Maturing Your SDLC: BSIMM Framework
- Abstract
In this presentation, the speaker introduces a series of talks surrounding the concept of a secure software development life cycle (S-SDLC). Software teams are not strangers to frameworks. They offer powerful libraries, opinionated design patterns, and robust communities that can improve the quality and efficiency of your teams product(s). What if that concept could be applied to the practices surrounding software security?
Join us to explore the concept of a security framework for software development using BSIMM.
- Speaker
- William Kiley Details
- Presented by
-
- Presentation
- Download
Cloud Defense: AWS Common Findings & Mitigating Controls
Thursday • 2:20PM - 3:05PM
• Room: Serenity
- Title
- Cloud Defense: AWS Common Findings & Mitigating Controls
- Abstract
- In this presentation, we will cover pitfalls in application deployments with enterprise cloud providers. How can we prepare, protect, clean-up, and mitigate properly to get the best possible experience with our provider(s)?
- Speaker
- Aaron Howell Details
- Presented by
-
- Presentation
- Download
Failure is not an Option: Managing Digital Debt
Thursday • 3:20PM - 4:05PM
• Room: Harmony
- Title
- Failure is not an Option: Managing Digital Debt
- Abstract
- Join us to discuss just what "digital debt" is, what it means in the world of digital transformation, and how your organization can manage the debt, rather than being managed by it.
- Speaker
- Marc Spindt Details
- Presented by
-
- Presentation
- Download
Maturing Your SDLC: Static & Dynamic Testing
Thursday • 3:20PM - 4:05PM
• Room: Inspire
- Title
- Maturing Your SDLC: Static & Dynamic Testing
- Abstract
- In this presentation, the speaker builds on Chapter 1 of the series which outlined the components of a modern software development life cycle (SDLC). This time, the speaker focuses on one area: automated security testing. What can it do for my business? What are some of options and examples? What does it require to set up and maintain, and is it worth it?
- Speaker
- William Kiley Details
- Presented by
-
- Presentation
- Download
Cloud Defense: The Azure and Office 365 Battleground
Thursday • 3:20PM - 4:05PM
• Room: Prosperity
- Title
- Cloud Defense: The Azure and Office 365 Battleground
- Abstract
This presentation will look at what moving corporate email systems to the Microsoft cloud means in terms of security against attacks to steal data and deny services. Three primary areas of focus will make up the presentation:
- What Microsoft Secure Score is and what it isn't
- The role Microsoft Azure plays in all Office 365 corporate deployments
- How to assess and set proper controls in the Azure and Office 365 environment
Moving from an on premise to a cloud-based environment only changes who owns the physical equipment that houses your information. It doesn't change the fundamentals of protecting that information. Attendees will hear about the latest attack tactics against Azure and Office 365, why they are working, and what defense strategies can stop these attacks.
During the session, we will discuss the Microsoft Secure Score analysis, ways to leverage what it tells us, and why additional steps are essential to protecting the system. We will review how Microsoft Azure interacts with the Office 365 implementation and look at assessing and improving the important settings to defend the confidentiality, integrity, and accessibility the system and its data.
- Speaker
- Jeff Lemmermann Details
- Presented by
-
- Presentation
- Download
Speaker Details
Steve Jaeger
Chief Information Officer
Quad
Bio
Steve's substantial leadership at Quad/Graphics has propelled him to the role of Executive Vice President.
As President of Direct Marketing, Steve manages the subsidiaries' business operations and sets strategic direction.
As Chief Information Officer, he guides the strategic direction of the company's Information Technology division. His duties include directing the development and deployment of Smartools, systems and applications that help employees and clients do their jobs better, faster and more cost-effectively, and development of advanced software applications to assist clients with workflow and data management needs.
Steve became acquainted with Quad while working in Finishing during college breaks. He joined the company's Information Systems division (later renamed Information Technology) full time in 1994 and was named into management two years later. He has held roles of increasing responsibility ever since. Steve worked as a systems integration manager at Andersen Consulting (now Accenture).
A graduate of the University of Wisconsin-Whitewater, Steve has a bachelor's degree in operations management.
Speaker Details
Brian Krause
Director of Worldwide Channels
Idaptive
Bio
Brian helps partners build global identity practices. This includes defining markets, building identity strategies tailored to industry segment needs and implementing a plan to manage the full lifecycle of a proper IAM project.
Speaker Details
Shane Coleman
Director of Systems Engineering
Forescout Technologies
Bio
Shane Coleman is the Director of Systems Engineering for Forescout's Central US and Canada Region. With 20 years of Network and Application Security experience from organizations including CCC Information Services, Checkpoint Software and F5 Networks, he brings an interesting perspective to the evolving landscape of Cybersecurity. Shane holds a Master's of Science in Operations & Technology Management from the Illinois Institute of Technology, ISC2's CISSP Certification and is based in Chicago, IL.
Speaker Details
Bruce Potter
Chief Information Security Officer
Expel
Bio
Bruce Potter is Expel's (expel.io) chief information security officer (CISO). He's responsible for cyber risk management and ensuring the secure operations of Expel's services. He also remains perpetually frustrated that employees pronounce CISO not-the-way-he-wants.
Previously, Bruce co-founded Ponte Technologies, a cybersecurity research and engineering company that worked with organizations ranging from hedge funds to intelligence agencies. Bruce sold Ponte Technologies to the KeyW Corporation where he served as CTO for two years.
In another life, Bruce founded the Shmoo Group and helps run the yearly hacker conference, ShmooCon (shmoocon.org), in Washington, DC. Bruce has co-authored several books and written numerous articles on security (or the lack thereof). He is a regular speaker at conferences including DefCon, Blackhat, and O'Reilly Security as well as private events at the United States Military Academy, the Library of Congress and other government agencies.
Speaker Details
Bill Curtis, Jeff Lemmermann, Paul Hendler
CISSP, CISA, CCSP, QSA, Managing Consultant; CPA, CISA, CITP, C|EH, Information Assurance Consultant; CISSP, CISA, QSA, Sr. Information Assurance Consultant
SynerComm
Bio
Bill Curtis
History
As an accomplished Information Technology leader, Bill offers a wealth of expertise garnered from a successful and progressive 30+ year career in Information Systems, Systems Auditing and Program Management.
Prior to working with SynerComm, Bill spent seven years with Caterpillar, Inc., a $65B publicly traded global enterprise, supplying strategic direction and tactical leadership for a team of domestic and international professionals supporting and executing IT, Information Security and 6-Sigma based projects.
Responsibilities
Bill began his tenure with SynerComm as an Information Assurance Consultant. His responsibilities in this role included conducting security audits and information security program assessment and development.
After 5-years with the organization Bill stepped into a Managing Consultant role. In this role Bill oversees the team engaging clients in the development, assessment and maturing of their information security program.
Jeff Lemmermann
History
Jeff has more than 20 years of experience implementing and developing IT solutions with a proven record of accomplishment, developing a risk services practice for a public accounting firm, and working as a consultant in many industries including banking, healthcare, and construction. He worked for 21 years in public accounting, gaining valuable audit experience with clients of all sizes. He continues to assist in the development of the CPA and CITP credential programs.
Prior to joining SynerComm, Jeff served for 5 years as the CIO for a manufacturing company, delivering company-wide key performance Indicators through data integrations, developing IT audit and assessment programs, and securing environments to protect information assets.
Responsibilities
Jeff began his tenure with SynerComm as an Information Assurance Consultant. His responsibilities in this role include: conducting information program security audits, information security policy development, incident response and business continuity planning consulting, and security awareness training.
Jeff has experience working with a variety of frameworks and compliance requirements, including NIST, PCI, and SOC related audits.
He currently speaks on information security topics for several professional groups and is part of the editorial board for the Wisconsin CPA magazine, On Balance.
Paul Hendler
History
Paul Hendler has over nineteen years of information technology (IT) experience, with additional experience in security controls from his time serving as a United States Naval Officer. Prior to working with SynerComm, Paul worked as a Security Consultant to advise and assess financial, state government and industrial institutions on all components within the area of information security. In addition, Paul spent several years as an Information Security Officer (ISO) with federal medical providers, delivering deployment of the entire NIST 800-53 control framework, to meet compliance with FISMA and the HIPAA security rule. Within his role as an ISO, he took part in leading the information security program and successfully passed multiple certification and accreditation (C & A) audits and inspections, resulting in recognition of several business best practices under his direct management. He has also worked in enterprise environments, assessing and enhancing defensive security postures.
Responsibilities
As a Senior Information Assurance Consultant with SynerComm, Paul reviews and advises on FISMA and NIST based security controls to assist with constructing System Security Plans (SSP). He performs information security audits, risk assessments, vulnerability assessments, PCI-DSS assessments and information security controls assessments. He also advises clients on the deployment of security controls, information security program management and how to use policy and procedures to support those efforts and programs.
Speaker Details
Brian Judd
Vice President - Information Assurance
SynerComm
Bio
History
Brian has over 20 years of information technology (IT) experience including 15 years in security with SynerComm. He holds a Master of Science in Information Assurance and continues to maintain his accredited certifications. Prior to SynerComm, Brian spent 4 years specializing in IP telephony and networking. He has also worked as a Network Consultant for the networking manufacturer 3Com after starting his career in structured cabling design.
Brian began his tenure with SynerComm as a Systems Engineer. His initial responsibilities included supporting and implementing security solutions from vendors like Check Point, Juniper, and Blue Coat. His information assurance interests quickly landed him a role in helping build SynerComm's AssureIT consulting and penetration testing practices.
Responsibilities
With a decade's experience performing IT audits, vulnerability assessments, and penetration tests, Brian's role transitioned into management. While keeping his technical edge, Brian now leads the AssureIT team of assessors, penetration testers, and consultants. Brian is also a member of SynerComm's executive leadership team.Despite being in management, Brian still loves to "get his hands dirty". You will often find him helping out on penetration tests and volunteering his expertise in cracking passwords.
Speaker Details
Aaron Howell; William Kiley
Information Solutions Consultant; Managing Consultant - DevSecOps
SynerComm
Speaker Details
Jeff Lemmermann
CPA, CISA, CITP, C|EH, Information Assurance Consultant
SynerComm
Bio
History
Jeff has more than 20 years of experience implementing and developing IT solutions with a proven record of accomplishment, developing a risk services practice for a public accounting firm, and working as a consultant in many industries including banking, healthcare, and construction. He worked for 21 years in public accounting, gaining valuable audit experience with clients of all sizes. He continues to assist in the development of the CPA and CITP credential programs.
Prior to joining SynerComm, Jeff served for 5 years as the CIO for a manufacturing company, delivering company-wide key performance Indicators through data integrations, developing IT audit and assessment programs, and securing environments to protect information assets.
Responsibilities
Jeff began his tenure with SynerComm as an Information Assurance Consultant. His responsibilities in this role include: conducting information program security audits, information security policy development, incident response and business continuity planning consulting, and security awareness training.
Jeff has experience working with a variety of frameworks and compliance requirements, including NIST, PCI, and SOC related audits.
He currently speaks on information security topics for several professional groups and is part of the editorial board for the Wisconsin CPA magazine, On Balance.
Speaker Details
William Kiley
Managing Consultant - DevSecOps
SynerComm
Speaker Details
Bill Curtis
CISSP, CISA, CCSP, QSA, Managing Consultant
SynerComm
Bio
History
As an accomplished Information Technology leader, Bill offers a wealth of expertise garnered from a successful and progressive 30+ year career in Information Systems, Systems Auditing and Program Management.
Prior to working with SynerComm, Bill spent seven years with Caterpillar, Inc., a $65B publicly traded global enterprise, supplying strategic direction and tactical leadership for a team of domestic and international professionals supporting and executing IT, Information Security and 6-Sigma based projects.
Responsibilities
Bill began his tenure with SynerComm as an Information Assurance Consultant. His responsibilities in this role included conducting security audits and information security program assessment and development.
After 5-years with the organization Bill stepped into a Managing Consultant role. In this role Bill oversees the team engaging clients in the development, assessment and maturing of their information security program.
Speaker Details
Aaron Howell
Information Solutions Consultant
SynerComm
Bio
Aaron has participated in the complete project lifecycle for Information Technology projects, designing and implementing multiple solutions across various platforms. Aaron is a "Full Stack" consultant experienced with Scripting & Development, Cloud & Systems, and Network & Security.
Aaron designs, builds, implements, operates and supports a broad array of IT solutions and environments. Aaron has facilitated effective transitions from on-premises-only to hybrid on-premises/cloud infrastructure with SynerComm customers. He develops innovative and future-looking orchestration and automation solutions. Aaron's background, skills and innovation help SynerComm's customers solve some of their toughest IT problems.
Speaker Details
William Kiley
Managing Consultant - DevSecOps
SynerComm
Speaker Details
Marc Spindt
Vice President - Services
SynerComm
Speaker Details
Justin Webb
Data Privacy & Cybersecurity Attorney / Chief Information Security Officer
Godfrey & Kahn, S.C.
Bio
Justin P. Webb is co-chair of Godfrey & Kahn S.C.'s Data Privacy & Cybersecurity Practice Group and is the firm's Chief Information Security Officer. His work includes advising clients on compliance with national and international privacy and data security laws, data breach prevention and response, cybersecurity and privacy due diligence in M&A, and negotiating software and technology agreements. Justin holds the Certified Information Privacy Professional/US (CIPP/US) certification from the International Association of Privacy Professionals. Prior to practicing law, Justin was the Information Security Officer for a national university, and held certifications in incident response, digital forensics, penetration testing, and website defense.
Speaker Details
Tom Wilburn
VP Worldwide Sales
MIST a Juniper Networks Company
Bio
Tom Wilburn is responsible for Mist’s global field operations. He has extensive experience in the wireless and networking industry.
Tom had earlier served as Vice President of Cisco’s global enterprise networking sales organization, responsible for routing, switching and wireless products. Tom was part of the leadership team for Airespace, a wireless company acquired by Cisco in 2005. Tom led sales for Cisco’s wireless business which at its peak achieved global share of 65% of the enterprise wireless market. In 2012, Tom was part of the team that acquired Meraki and was responsible for go-to-market of the combined Cisco-Meraki portfolio.
Tom previously held sales leadership roles at startups Xylan and CrossComm and served as Senior Vice President of Alcatel’s North American Enterprise Business.
Speaker Details
Scott Taschler
Director of Product Marketing
CrowdStrike
Bio
Scott is a 20+ year veteran of the cyber security industry, with a strong focus on optimizing workflows in the security operations center. In his current role as Director of Product Marketing for CrowdStrike, Scott works with organizations all around the globe to understand the biggest barriers to productivity, and to drive thought leadership on optimizing incident response and threat hunting. Prior to CrowdStrike, Scott spent 14 years as a technical leader for McAfee, gaining deep expertise in SIEM, incident response, threat intelligence, and other building blocks to a successful SOC. Scott is based in Minneapolis, MN.
Speaker Details
Richard Henderson
Head of Global Threat Intelligence
Lastline
Bio
Richard Henderson is Head of Global Threat Intelligence, where he is responsible for trend-spotting, industry-watching, and evangelizing the unique capabilities of Lastline’s technologies. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground. He is a researcher and regular presenter at conferences and events and was lauded by a former US DHS undersecretary for cybersecurity as having an “insightful view” on the current state of cybersecurity. Richard was one of the first researchers in the world to defeat Apple’s TouchID fingerprint sensor on the iPhone 5S. He has taught courses on radio interception techniques multiple times at the DEFCON hacker conference. Richard is a regular writer and contributor to many publications including BankInfoSecurity, Forbes, Dark Reading, and CSO.
Speaker Details
Brian Judd
Vice President - Information Assurance
SynerComm
Bio
History
Brian has over 20 years of information technology (IT) experience including 15 years in security with SynerComm. He holds a Master of Science in Information Assurance and continues to maintain his accredited certifications. Prior to SynerComm, Brian spent 4 years specializing in IP telephony and networking. He has also worked as a Network Consultant for the networking manufacturer 3Com after starting his career in structured cabling design.
Brian began his tenure with SynerComm as a Systems Engineer. His initial responsibilities included supporting and implementing security solutions from vendors like Check Point, Juniper, and Blue Coat. His information assurance interests quickly landed him a role in helping build SynerComm's AssureIT consulting and penetration testing practices.
Responsibilities
With a decade's experience performing IT audits, vulnerability assessments, and penetration tests, Brian's role transitioned into management. While keeping his technical edge, Brian now leads the AssureIT team of assessors, penetration testers, and consultants. Brian is also a member of SynerComm's executive leadership team.Despite being in management, Brian still loves to "get his hands dirty". You will often find him helping out on penetration tests and volunteering his expertise in cracking passwords.
Speaker Details
Bill Curtis
CISSP, CISA, CCSP, QSA, Managing Consultant
SynerComm
Bio
History
As an accomplished Information Technology leader, Bill offers a wealth of expertise garnered from a successful and progressive 30+ year career in Information Systems, Systems Auditing and Program Management.
Prior to working with SynerComm, Bill spent seven years with Caterpillar, Inc., a $65B publicly traded global enterprise, supplying strategic direction and tactical leadership for a team of domestic and international professionals supporting and executing IT, Information Security and 6-Sigma based projects.
Responsibilities
Bill began his tenure with SynerComm as an Information Assurance Consultant. His responsibilities in this role included conducting security audits and information security program assessment and development.
After 5-years with the organization Bill stepped into a Managing Consultant role. In this role Bill oversees the team engaging clients in the development, assessment and maturing of their information security program.
Speaker Details
Aaron Howell; William Kiley
Information Solutions Consultant; Managing Consultant - DevSecOps
SynerComm
Speaker Details
Melinda Marks
VP of Marketing
Armorblox
Bio
With more than 20 years experience in strategy and marketing for high tech companies, Melinda is VP of Marketing for Armorblox. She is passionate about building strong brands and driving revenue, most recently serving as VP of Marketing for Styra, and previously launching container security vendor StackRox out of stealth mode. Previously, she led product marketing and strategy teams at Tenable, influencing product roadmap, acquisition plans, business development, and sales. She also led global communications for Qualys, up to and following its IPO. Prior to Qualys, she spent six years at VMware, where she led PR for its full portfolio of virtualization solutions, built the company's customer reference program, and served as a core member to the VMworld planning team. Melinda is a board member for the Synopsys Outreach Foundation, a member of IEEE, and has led media training workshops for engineers and researchers. Melinda has a bachelor's degree in English from U.C. Berkeley.
Speaker Details
Jon Peppler
VP Worldwide Channels
Bitglass
Speaker Details
Ashur Kanoon
Senior Director of Product Development
Pulse Secure
Bio
Ashur Kanoon is a senior director of product management at Pulse Secure. He is an industry veteran with more than 15 years of experience across a broad range of platforms and technologies with a primary focus on network security, mobility, and access. His current work focuses on secure remote access, policy enforcement, and mobility. He manages the new SDP product along with Pulse One. He also advises on licensing. In this role he has worked with some of the world’s largest private and public organizations across all verticals. Prior to Pulse Secure, Ashur spent many years at Juniper Networks and Cisco Systems. Ashur has a bachelor's degree in computer information systems and a master of business administration.
Speaker Details
Bill Curtis, Jeff Lemmermann, Paul Hendler
CISSP, CISA, CCSP, QSA, Managing Consultant; CPA, CISA, CITP, C|EH, Information Assurance Consultant; CISSP, CISA, QSA, Sr. Information Assurance Consultant
SynerComm
Bio
Bill Curtis
History
As an accomplished Information Technology leader, Bill offers a wealth of expertise garnered from a successful and progressive 30+ year career in Information Systems, Systems Auditing and Program Management.
Prior to working with SynerComm, Bill spent seven years with Caterpillar, Inc., a $65B publicly traded global enterprise, supplying strategic direction and tactical leadership for a team of domestic and international professionals supporting and executing IT, Information Security and 6-Sigma based projects.
Responsibilities
Bill began his tenure with SynerComm as an Information Assurance Consultant. His responsibilities in this role included conducting security audits and information security program assessment and development.
After 5-years with the organization Bill stepped into a Managing Consultant role. In this role Bill oversees the team engaging clients in the development, assessment and maturing of their information security program.
Jeff Lemmermann
History
Jeff has more than 20 years of experience implementing and developing IT solutions with a proven record of accomplishment, developing a risk services practice for a public accounting firm, and working as a consultant in many industries including banking, healthcare, and construction. He worked for 21 years in public accounting, gaining valuable audit experience with clients of all sizes. He continues to assist in the development of the CPA and CITP credential programs.
Prior to joining SynerComm, Jeff served for 5 years as the CIO for a manufacturing company, delivering company-wide key performance Indicators through data integrations, developing IT audit and assessment programs, and securing environments to protect information assets.
Responsibilities
Jeff began his tenure with SynerComm as an Information Assurance Consultant. His responsibilities in this role include: conducting information program security audits, information security policy development, incident response and business continuity planning consulting, and security awareness training.
Jeff has experience working with a variety of frameworks and compliance requirements, including NIST, PCI, and SOC related audits.
He currently speaks on information security topics for several professional groups and is part of the editorial board for the Wisconsin CPA magazine, On Balance.
Paul Hendler
History
Paul Hendler has over nineteen years of information technology (IT) experience, with additional experience in security controls from his time serving as a United States Naval Officer. Prior to working with SynerComm, Paul worked as a Security Consultant to advise and assess financial, state government and industrial institutions on all components within the area of information security. In addition, Paul spent several years as an Information Security Officer (ISO) with federal medical providers, delivering deployment of the entire NIST 800-53 control framework, to meet compliance with FISMA and the HIPAA security rule. Within his role as an ISO, he took part in leading the information security program and successfully passed multiple certification and accreditation (C & A) audits and inspections, resulting in recognition of several business best practices under his direct management. He has also worked in enterprise environments, assessing and enhancing defensive security postures.
Responsibilities
As a Senior Information Assurance Consultant with SynerComm, Paul reviews and advises on FISMA and NIST based security controls to assist with constructing System Security Plans (SSP). He performs information security audits, risk assessments, vulnerability assessments, PCI-DSS assessments and information security controls assessments. He also advises clients on the deployment of security controls, information security program management and how to use policy and procedures to support those efforts and programs.
Speaker Details
William Kiley
Managing Consultant - DevSecOps
SynerComm
Speaker Details
Aaron Howell
Information Solutions Consultant
SynerComm
Bio
Aaron has participated in the complete project lifecycle for Information Technology projects, designing and implementing multiple solutions across various platforms. Aaron is a "Full Stack" consultant experienced with Scripting & Development, Cloud & Systems, and Network & Security.
Aaron designs, builds, implements, operates and supports a broad array of IT solutions and environments. Aaron has facilitated effective transitions from on-premises-only to hybrid on-premises/cloud infrastructure with SynerComm customers. He develops innovative and future-looking orchestration and automation solutions. Aaron's background, skills and innovation help SynerComm's customers solve some of their toughest IT problems.
Speaker Details
Marc Spindt
Vice President - Services
SynerComm
Speaker Details
William Kiley
Managing Consultant - DevSecOps
SynerComm
Speaker Details
Jeff Lemmermann
CPA, CISA, CITP, C|EH, Information Assurance Consultant
SynerComm
Bio
History
Jeff has more than 20 years of experience implementing and developing IT solutions with a proven record of accomplishment, developing a risk services practice for a public accounting firm, and working as a consultant in many industries including banking, healthcare, and construction. He worked for 21 years in public accounting, gaining valuable audit experience with clients of all sizes. He continues to assist in the development of the CPA and CITP credential programs.
Prior to joining SynerComm, Jeff served for 5 years as the CIO for a manufacturing company, delivering company-wide key performance Indicators through data integrations, developing IT audit and assessment programs, and securing environments to protect information assets.
Responsibilities
Jeff began his tenure with SynerComm as an Information Assurance Consultant. His responsibilities in this role include: conducting information program security audits, information security policy development, incident response and business continuity planning consulting, and security awareness training.
Jeff has experience working with a variety of frameworks and compliance requirements, including NIST, PCI, and SOC related audits.
He currently speaks on information security topics for several professional groups and is part of the editorial board for the Wisconsin CPA magazine, On Balance.
