Bertrum Carroll, (CISSP, CISA, and CISM), is an experienced Chief Information Security Officer providing information security leadership. Bertrum is currently in the insurance industry as a CISO and experienced in executive level information security leadership in industries including manufacturing, consumer package goods, and financial services. Bertrum retired from the US Army Reserve having served in various roles while rising to the rank of Lieutenant Colonel. Bertrum has successfully developed and implemented information security programs, strategies, and tactics to protect the information processing interest of national as well as global level publicly traded companies. As a seasoned CISO, Bertrum is well versed in providing common sense information security value from the board room to the entry level staff member.

Mic McCully is a Field CTO that has spent his career evangelizing security software as a business enablement solution within not only some of the earliest security startup companies but also with some of the world's largest security software organizations. His security diversity throughout his tenure has led to experience in multiple disciplines including application security, mobile security, data level security and network security. His firm belief is that security isn’t just a “necessary evil” but can truly be an enabling solution to a business’s success. At Snyk, he is a Field Director within the Snyk CTO Field Organization focused on the Snyk Code product sharing Snyk’s unique vision and approach to solving cloud native application security.

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal training. He is the author of three SANS Institute classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.

Kevin is also very involved in the open source community and runs a number of open source projects. These include SamuraiWTF (a web pen-testing environment), Laudanum (a collection of injectable web payloads), Yokoso (an infrastructure fingerprinting project), and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.

In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and is a former member of the 501st Legion (a worldwide Star Wars costuming charity organization comprised of and operated by Star Wars fans).

The rapidly expanding use of open-source software is causing cybersecurity thought leaders to ponder how to more effectively reduce vulnerabilities across the entire software ecosystem. For instance, a recent report by the Institute for Security & Technology (IST) advocates for a shared responsibility model around open-source software security, as well as further support for software development frameworks, policies and licenses, and a more progressive approach to vulnerability management and mitigation. Other recommendations include VM measures that comply with existing risk assessment structures; more efficient patching and better cooperation between public and private stakeholders. This session will take us through the key takeovers from IST’s report, from the perspective of one of its authors.

With more than 27 years of experience in data networking and information security, Mark brings a wealth of technology experience and understanding to his organization. He currently leads the Professional Services, Technical Support, and Engineering Escalation teams for Invicti.

Mark co-authored several patents in information security and has served as a contributing member of several information security industry standards including the Trusted Computing Group (TCG) Trusted Network Connect (TNC) workgroup. Mark leverages his experience to mentor and guide those starting careers in information security.

Prior to his current position, Mark has served a variety of roles, including service and support, marketing, sales management, and technology leadership with established companies and startups. Mark is often a guest lecturer at universities and industry events.

Kate MacLean is the Sr. Director of Product Marketing at Lacework. Prior to Lacework, she spent half a decade at Cisco, where she led product and content marketing for the networking giant's cloud security business. MacLean previously spent nearly seven years at RSA Security, where she worked her way up to being a senior strategic accounts marketing manager. MacLean began her career as a marketing leadership development associate for storage giant EMC.

Keith Busby is Director of the Division of Security & Privacy Compliance at the Centers for Medicare & Medicaid Services. His prior role at the organization was Director of the Division of Security & Privacy. He was previously the director of information technology security within the School District of Philadelphia.

Managing a career built on diverse experience, Keith has been a part of the military, industrial, educational and now government workspaces. He jokes that he has been one of the top cybersecurity experts in his own household, and is a participation trophy award winner for backyard BBQ.

As Vice President and CISO, Thien La leads the global enterprise cybersecurity program focused on protecting GHX customer and company-sensitive information from cyberthreats. He has over two decades of experience in the fields of information security and risk management, specializing in secure cloud migration, security architecture, data analytics and blockchain. Thien has spent the majority of his career building and transforming global, large-scale teams and programs within industry verticals, including healthcare and financial services.

Prior to joining GHX in May 2022, Thien was Vice President, Cyber Security Innovation, Architecture, Engineering and Risk Governance for Humana, leading the company’s security architecture and innovation strategy, secure cloud design, and engineering support for many security technologies. Before Humana, he was CISO for Wellmark Blue Cross Blue Shield, responsible for the cybersecurity strategy and operational effectiveness of information security controls across the enterprise.

During his career, Thien has also held leadership roles in cybersecurity, information security and risk management at Bank of America, SunGard Data Systems, and Goldman Sachs.

Matt Ramsey is the CIO at BlueHalo, a portfolio company of Arlington Capital Partners. In that role, he drives the company’s information technology and cybersecurity strategy to support the business and its processes. Matt has spent 35 years supporting the government and commercial sectors with unique technology solutions to enable offensive and defensive operations. He started his career at the USG where he worked in various roles from deploying with a national-level tactical Incident Response Team, to developing and deploying technology, to supporting human-enabled operations while living overseas. Thereafter, Matt transitioned into the commercial sector to pursue new adventures. As the founder and CEO, he built and transacted his technology company (Excivity, Inc.) to Arlington Capital and BlueHalo in early 2020. Matt is an active member of The Economic Club of Washington, D.C. along with its Scholars to Leaders program.

Dustin C. Childs serves as the Head of Threat Awareness for Trend Micro’s Zero Day Initiative (ZDI), which is the world’s largest vendor-agnostic bug bounty program. Dustin began his infosec journey in the late 1990s at the Air Force Information Warfare Center. Following his time working for the government, Mr. Childs worked in the Microsoft Trustworthy Computing group, where he served as a case manager in the Microsoft Security Response Center (MSRC) with a focus on addressing vulnerabilities in the Windows operating system and in Microsoft’s developer tools. In his current role, Mr. Childs gathers and analyzes threat intelligence from various Trend Micro and open-source resources to understand and communicate risk to enterprises. He also creates, implements, and oversees internal and external communications programs that promote the work of ZDI and its researchers.

Keith Busby is Director of the Division of Security & Privacy Compliance at the Centers for Medicare & Medicaid Services. His prior role at the organization was Director of the Division of Security & Privacy. He was previously the director of information technology security within the School District of Philadelphia.

Managing a career built on diverse experience, Keith has been a part of the military, industrial, educational and now government workspaces. He jokes that he has been one of the top cybersecurity experts in his own household, and is a participation trophy award winner for backyard BBQ.

Matt Ramsey is the CIO at BlueHalo, a portfolio company of Arlington Capital Partners. In that role, he drives the company’s information technology and cybersecurity strategy to support the business and its processes. Matt has spent 35 years supporting the government and commercial sectors with unique technology solutions to enable offensive and defensive operations. He started his career at the USG where he worked in various roles from deploying with a national-level tactical Incident Response Team, to developing and deploying technology, to supporting human-enabled operations while living overseas. Thereafter, Matt transitioned into the commercial sector to pursue new adventures. As the founder and CEO, he built and transacted his technology company (Excivity, Inc.) to Arlington Capital and BlueHalo in early 2020. Matt is an active member of The Economic Club of Washington, D.C. along with its Scholars to Leaders program.

As Vice President and CISO, Thien La leads the global enterprise cybersecurity program focused on protecting GHX customer and company-sensitive information from cyberthreats. He has over two decades of experience in the fields of information security and risk management, specializing in secure cloud migration, security architecture, data analytics and blockchain. Thien has spent the majority of his career building and transforming global, large-scale teams and programs within industry verticals, including healthcare and financial services.

Prior to joining GHX in May 2022, Thien was Vice President, Cyber Security Innovation, Architecture, Engineering and Risk Governance for Humana, leading the company’s security architecture and innovation strategy, secure cloud design, and engineering support for many security technologies. Before Humana, he was CISO for Wellmark Blue Cross Blue Shield, responsible for the cybersecurity strategy and operational effectiveness of information security controls across the enterprise.

During his career, Thien has also held leadership roles in cybersecurity, information security and risk management at Bank of America, SunGard Data Systems, and Goldman Sachs.

Nick’s passions revolve around cybersecurity and extreme sports, and he currently works in the OT/ICS space as a Vulnerability Analyst and Researcher for the Global Threat Intelligence team at Dragos.

Logan is a Principal Vulnerability Analyst at Dragos and a Board Member of the Norfolk State University Information Assurance Research Education and Development Institute (IA-REDI) and holds an MS in Computer Science from the Georgia Institute of Technology. Before Dragos, Logan was a Cyber Security Engineer at Sandia National Laboratories for over four years.

Yair is a Security Analyst in Vulcan’s esteemed Research Team. As a key member of Vulcan’s renowned ‘Voyager18’ Research Team, Yair specializes in analyzing data from both the Vulcan platform and external sources to offer an enhanced and comprehensive understanding of customers’ cyber risk mitigation and vulnerability remediation intelligence.
With a background in marketing, Yair also plays a crucial role in fostering the relationship between the Vulcan Research team and Vulcan Marketing teams. By collaborating closely with both teams, Yair helps facilitate the provision of free tools and cutting-edge insights on the latest cyber risk trends. This includes an in-depth exploration of new attack types and proactive vulnerability remediation strategies.
Yair’s unique blend of expertise in security analysis and marketing enables him to bridge the gap between technical insights and effective communication. By distilling complex cyber risk data into actionable information, Yair contributes to empowering organizations to make informed decisions and strengthen their security posture.

Dror Malovany is a Cyber Research Product Manager at Vulcan, where he actively participates in research initiatives within the Cyber Security ecosystem. With a strong background in product management, Dror has a proven track record of successfully launching security AI and data products in multiple startups, starting from ideation to market adoption. He has worked closely with customers, incorporating their feedback and addressing their challenges to ensure the development of high-quality solutions.
Before joining Vulcan, Dror spent 10 years at the Microsoft R&D center, where he held various roles as a product manager and developer. During this time, he contributed to the development of several security platforms. Dror began his career as a software developer at Whlae Communication, which was later acquired by Microsoft.