N.C. Cybersecurity Awareness Symposium

Column Paragraph

Agenda & Speakers

Tab/Accordion Items

Time Session Related
9:30 a.m. to 11 a.m.

Opening Remarks

Fireside Chat with CISA Executive Director Brandon Wales
Join NCDIT for opening remarks from State Chief Risk Officer Rob Main, Chief Privacy Officer Cherie Givens and a fireside chat with Brandon Wales, executive director of the U.S. Cybersecurity and Infrastructure Security Agency.

Rob Main, State Chief Risk Officer, N.C. Department of Information Technology
Cherie Givens, Chief Privacy Officer, N.C. Department of Information Technology
Brandon Wales, Executive Director, U.S. Cybersecurity & Infrastructure Security Agency

Watch Video of this Presentation

11:15 a.m. to 12:15 p.m.

North Carolina's Joint Cybersecurity Task Force – Protecting the Whole of State
This year, Gov. Roy Cooper issued Executive Order 254, which formally recognizes the N.C. Joint Cybersecurity Task Force as a resource for North Carolina’s critical infrastructure and key resources. Learn more about the task force, how it fits in to the North Carolina’s Whole-of-State Approach to cybersecurity, and how it can partner with your organization to mitigate and respond to cyberthreats.

Randy Cress, Assistant County Manager and Chief Information Officer, Rowan County
Lt. Col. Robert Felicio, Chief Information Officer, N.C. National Guard
Tom McGrath, Cyber Unit Manager, N.C. ISAAC Fusion Center
Carly Sherrod, Deputy State Chief Risk Officer, N.C. Department of Information Technology

Watch Video of this Presentation

 

12:45 p.m. to 1:30 p.m.

The Importance of Diversity in Cyber
The lack of a skilled and trained cybersecurity workforce continues to be a global problem. With the salary demands of the private-sector market, state and local government agencies have an additional concern of being able to compete for highly qualified workers.  Learn about the critical shortages in cybersecurity and why a more diverse and inclusive workforce can help build a talent pipeline that results in overall better business outcomes.

Maria S. Thompson, SLG Executive Government Advisor - Cybersecurity, Amazon Web Services

Watch Video of this Presentation

 

12:45 p.m. to 1:30 p.m.

Stay Informed, Stay Ahead: Threat Intelligence Briefing
As sophisticated adversaries continue to target state and local government, nearly 80% of cyberattacks leverage compromised credentials to gain access and evade detection. These attacks often come via unmanaged or rogue endpoints, legacy systems, supply chain vendors or other attack vectors that are outside the scope of endpoint-centric security controls. Learn more about identity attacks, the adversary landscape and how to mitigate the threat to stay online.

Andrew Scott, Threat Intel Advisor, Public Sector, CrowdStrike

 

1:45 p.m. to 2:15 p.m.

Five Essential Steps for a Proactive & Comprehensive Approach to Network Security
There are multiple components to maintaining online safety, but one that must be a foundational part of any online security program is optimizing network security. Learn about the five essential parts of an effective network cybersecurity program that will provide a strong foundation for you to secure your network and enable your people to stay safe online.

Chris Jensen, Business Development Executive, Tenable

View Presentation Slides

2:30 p.m. to 3:30 p.m.

Building a Better Third-Party Cyber Risk Program
Risk exists whenever vendors, suppliers or other third parties have access to your data. With continuous monitoring, risk and IT professionals can maintain a real-time understanding of the risks they are being exposed to by every vendor in their portfolio, and their vendor’s vendors. Organizations can monitor and protect the data living outside their network in nearly the same way they monitor and protect internally stored data.

Evan Tegethoff, Vice President of Solutions Consulting, BitSight

Watch Video of this Presentation

View Presentation Slides

2:30 p.m. to 3:30 p.m.

Building a Pipeline of Talented North Carolina Cyber Professionals
Cyberthreats are on the rise and always changing, but the workforce to help defend against them cannot keep pace with more than 24,000 cyber-related job openings in North Carolina. In this panel discussion, learn how community colleges and universities in the state are addressing this critical need for workers.

Dr. Thierry Wandji Ketchiozo, Director of Cybersecurity Education, NC State University
Laura Rodgers, Director of Cybersecurity Practice, Secure Computing Institute, NC State University
Dr. Mark Sorrells, Senior Vice President for Academic and Student Services, Fayetteville Technical Community College

Watch Video of this Presentation

View Presentation Slides

3:45 p.m. to 4:30 p.m.

Tipping the Balance: Building Automated Cyber Defense Collaboratives
With the advent of the cloud, machine learning and the ability to transform, normalize and prioritize cyber-related data, security operations centers can now create intelligence workflows to automate event processing from internal security tools with external threat intelligence. This presentation will offer a brief history of the evolution of cyber defense and explore how technology is advancing to the point that collaboration within and between security operations centers will “tip the balance” in favor of defenders.

Paul Kurtz, Chief Cybersecurity Advisor, Splunk

Watch Video of this Presentation

 

3:45 p.m. to 4:45 p.m.

The Danger in Your Devices: Why Your Organization’s Endpoints Are Your Greatest Source of Risk
Government agencies and educational institutions are challenged to secure and manage a new kind of hybrid network that exists not just in the office but anywhere. Your organization is more dispersed than ever, leaving you with an incomplete picture of your risk. Hear how your organization needs to rethink risk as something to gain, not to lose, and learn why it is critical to move beyond basic vulnerability and threat data and calculate a dynamic risk score using key metrics across operational, security and regulatory domains.

Josh Frank, Regional Vice President, Technical Account Management Team, Tanium

Watch Video of this Presentation

View Presentation Slides

Time Session Related
9 a.m. to 10 a.m.

Privacy as the Foundation of All We Do in State Government
Hear from the state's first Chief Privacy Officer, Cherie Givens, as she provides an overview of what a state privacy program means for the state of North Carolina and how the State Privacy Office can support state agencies. Learn what it means to "embed" privacy into your agency's business processes and how we all can strive to be better stewards of the public's data.

Cherie Givens, Chief Privacy Officer, N.C. Department of Information Technology

Watch Video of this Presentation

View Presentation Slides

10:15 a.m. to 11:15 a.m.

Cybersecurity - The Riskiest Landscape:  Making Your Security Awareness Program People-Centric
These are indeed the riskiest times we have ever lived through. Learn about the complex issues we face in the emerging threat landscape. It is now more important than ever before to recognize cybersecurity is not just an IT problem but an “everyone problem.” Building a sustainable security culture and human firewall is critical.

Kathleen Gardner, SACP, Vice President, Customer Relations, KnowBe4
Kristin Hill, Vice President, Customer Relations, KnowBe4

Watch Video of this Presentation

View Presentation Slides

10:15 a.m. to 11:15 a.m. Best Practices & Standardization of Cloud Cybersecurity Verification - An Introduction to StateRAMP
StateRAMP’s mission is to promote cybersecurity best practices through education, advocacy, and policy development to support our members and improve the cyber posture of state and local governments and the citizens they serve.  We work with state and local governments and the cloud cyber security vendors they engage to improve efficiency of process and to assist with effective solicitations and contracts.

Leah McGrath, Executive Director, StateRAMP

Watch Video of this Presentation

View Presentation Slides

11:30 a.m. to 12:15 p.m.

Emerging Cybersecurity Threats
Learn about the latest trends in attack techniques, with a specific focus on threats to North Carolina's critical infrastructure. Find out about the services provided by the N.C. National Guard and the N.C. Joint Cybersecurity Task Force.

Lt. Col. Seth Barun, Cyber/Mission Command Branch Chief, N.C. National Guard

Watch Video of this Presentation

View Presentation Slides

11:30 a.m. to 12:30 p.m.

Play It Safe Online with Secure Code Development: Developing Secure Applications to Protect Organizational Data
This session will investigate aspects of the shared development process within open source tools to ensure that the team is operating in an integrated way and that we also ensure that we are creating code in a secure manner.

Saad Khalid, Senior Solutions Engineer - Public Sector, GitHub/Microsoft

Watch Video of this Presentation

1 p.m. to 2 p.m.

CrowdStrike Endpoint Detection & Response Exercise
Leveraging the Falcon UI, participants will use CrowdStrike’s extensive event database run queries and searches as they answer a series of questions.

CrowdStrike

 

1 p.m. to 2 p.m.

Does IT & Cybersecurity Matter During a Disaster?
Technology is becoming more and more interwoven into public safety’s mission. This technology is often reliant on viable networks and processes to function properly. When these networks and processes are impacted by an emergency incident, it requires a subject matter expert to react. This session will examine an emergency incident from the eyes of an IT subject matter expert and how cybersecurity is often more important than we think.

Greg Hauser, Statewide Interoperability Coordinator and Communications Branch Manager, N.C. Emergency Management
Jeff Martin, Deputy Director of Technology & Innovation, Town of Mooresville

Watch Video of this Presentation

View Presentation Slides

2:15 p.m. to 3:15 p.m.

Grow Your Own SecOps Team
Organizations struggling to hire experienced and qualified security talent can focus on developing their existing IT staff into capable security professionals. This session will encourage attendees to examine a systematic approach to building and maintaining a modern-day cybersecurity workforce.

Isabelle Hertanto, Principal Research Director, Security & Privacy, Info-Tech Research Group

View Presentation Slides

2:15 p.m. to 3:15 p.m.

Considering Maritime Cybersecurity at Non-Maritime Education & Training Institutions
With more than 80% of world trade moving across the sea, the maritime industry plays a strategic role in the world economy and is responsible for a host of critical infrastructure.  As a coastal state with two deep water ports, North Carolina has a vested interest in the state of maritime cybersecurity. It appears that maritime cybersecurity posture lags other sectors. 

Learn about the state of cybersecurity education within the maritime community and consider the possible value that cybersecurity students from non-maritime education and training institutions could bring to bear on maritime cybersecurity. This session explores what additional knowledge these students might need o be ready to enter the maritime cybersecurity workforce and readily contribute.

Ulku Y. Clark, Director, Center for Cyber Defense Education, University of North Carolina Wilmington
Geoff Stoker, Assistant Professor, Congdon School of Supply Chain, Business Analytics and Information Systems, University of North Carolina Wilmington

 

2:30 p.m. to 3 p.m.

Business Continuity & Resilience
Gain an awareness of how to measure the resiliency of your organization’s business continuity management program. What does success look like for your organization? What is the value of a BCM program?

Debora Chance, State IT Business Continuity Management Program Manager, N.C. Department of Information Technology

View Presentation Slides

3:30 p.m. to 4:30 p.m.

Leveraging CISA's Services to Improve Cybersecurity Posture
Learn about the current cyberthreat landscape and how to leverage the U.S. Cybersecurity and Infrastructure Security Agency’s assessment services to improve your organization’s cybersecurity posture and make effective strategic and tactical decisions to reduce exposure to cyberthreats.

William G. Mallette, CISSP, Cybersecurity State Coordinator/Advisor (CSC/A), Region 4 (Mississippi), U.S. Cybersecurity & Infrastructure Security Agency

View Presentation Slides

3:30 p.m. to 4:30 p.m.

The Industrialization of Cyber Crime and What It Means for Digital Transformation
Digital transformation efforts look to engage constituents and customers in exciting new ways, but attackers seek to take advantage of these efforts to further extort and harm organizations. The risks are very real, and the stakes are high. Offense-focused solutions must inform defense-focused solutions. Learn how organizations are securing their digital transformation against the ever-changing cyber-criminal markets. Learn how attackers are evolving and how, as defenders, we must move to maximize our advantages and minimize their return on investment.

Rick McElroy, Principal Cybersecurity Strategist, VMware

Watch Video of this Presentation

Brandon Wales

Brandon Wales, CISA

Brandon Wales is the U.S. Cybersecurity and Infrastructure Security Agency’s first executive director, serving as the senior career executive helping oversee execution of CISA operations. He is responsible for leading long-term strategy development, managing CISA-wide policy initiatives and ensuring effective operational collaboration across the Agency.

From November 2020 through July 2021, Wales was the acting director of CISA, leading the agency’s efforts to defend civilian networks, manage systemic risk to national critical functions and work across both the public and private sectors to raise the security baseline of the nation’s cyber and physical infrastructure. 

During his tenure as acting director, he led the agency’s response to the SolarWinds Orion supply chain attacks, Microsoft Exchange vulnerabilities, the Colonial Pipeline ransomware attack, Pulse Connect Secure vulnerabilities and the Kaseya VSA supply chain ransomware attack, among many others, while completing the stand-up and reorganization of the agency.

Wales previously worked for the Department of Homeland Security. Prior to joining the department in 2005, he was the national security aide to United States Senator Jon Kyl and a senior associate at a Washington-based foreign policy and national security think-tank.

Wales’ contributions have been recognized with an Exceptional Performance Award from the Director of National Intelligence, a U.S. Department of Homeland Security Secretary’s Award for Excellence, and two DHS Distinguished Service Medals, the department’s highest civilian award.

Wales received his bachelor’s degree from George Washington University and his master’s degree from The Johns Hopkins School of Advanced International Studies.


Randy Cress

Randy Cress, Rowan County

With more than 30 years of IT experience, with 22 years of service in local government, Randy Cress is the assistant county manager and chief information officer for Rowan County.

He serves as the president-elect of the North Carolina Local Government Information Systems Association and is one of the organization’s Cyber Strike Team leaders.

He also serves on committees of two boards of the N.C. Department of Information Technology -- the N.C. 911 Board’s Technology Committee as well as the Information Technology Strategy Board’s Cybersecurity and Privacy Committee.

Cress holds a Master of Public Administration from Appalachian State University. He is a 2007 alumnus of the UNC School of Government’s Certified Government Chief Information Officer Program and 2014 alumnus of the Municipal and County Administration program. He also holds various certifications from Cisco, Microsoft and VMware.

Cress’s mantra: Taking interest in all things digital.


Lt. Col. Robert Felicio

Lt. Col. Robert Felicio, N.C. National Guard

Lt. Col. Robert Felicio is the chief information officer of the N.C. National Guard. 

Prior to his service with the National Guard, Felicio was enlisted in the U.S. Army. During his enlisted career, he was deployed from 2004 to 2005 as a mechanic and a motor sergeant with the 105th Engineer Battalion in Iraq during Operation Iraqi Freedom. 

Upon return from deployment, Felicio completed Officer Candidate School in Fort McClellan, Ala., in 2005 and Engineer Officer Basic Course at Ft. Leonard Wood, Mo., in 2006.  

In 2007, he deployed to Iraq as a platoon leader with the 171st Sapper Company. 

Since then, Felicio has been a company commander, battalion operations officer, executive officer, battalion commander and a brigade operations officer and has also held various staff officer positions. 

Felicio has also been assigned to the following units: 881st Engineer Support Company, 505th Engineer Battalion, Joint Forces Headquarters and 91st Cyber Brigade.

Felicio’s military and civilian education includes Information Operations/Warfare, Command and General Staff College, Explosive Ordnance Clearance Agent, Engineer Captain Career Course and Certified Ethical Hacker.

He received a Bachelor of Science in industrial technology from East Carolina University, and a Master of Information Technology Management from Webster University.


Josh Frank

Josh Frank, Tanium

As regional vice president of Tanium's Technical Account Management Team, Josh Frank and his team support U.S. state and local government and education institutions.

Bringing more than 20 years of higher education, commercial and government experience, he has been with Tanium for three years. Prior to joining Tanium, Frank spent seven years in technology leadership roles in higher education.

 


Chris Jensen

Chris Jensen, Tenable

Chris Jensen is the public sector business development manager at Tenable, where he develops and supports strategic cybersecurity initiatives and programs in federal, state and local markets. 

Before joining Tenable in 2017, he served in a broad range of leadership roles in public-sector IT contracting, including business operations, contract and program management, business development and capture.

Jensen began his professional career as an officer in the U.S. Navy. After leaving active service, he served in the U.S. Navy Reserve until his retirement in 2008. 

A graduate of the U.S. Naval Academy, Jensen also holds a Juris Doctor from the George Washington University Law School.


Dr. Thierry Wandji Ketchiozo

Dr. Thierry Wandji Ketchiozo, NC State University

Dr. Thierry Wandji Ketchiozo is the director of Cybersecurity Education in the Department of Computer Science at NC State University. He plays a key role in the university’s Secure Computing Institute, which was founded in 2019 with a goal of enhancing the security and privacy of computing systems through basic and applied research and advancing and delivering cybersecurity education.

Ketchiozo brings extensive experience in private industry, in cybersecurity education and in senior positions as a researcher and software and systems engineer for the U.S. Naval Research Laboratory and Naval Air Systems Command.

He holds a bachelor’s degree from University of Montreal, master’s degrees from Morgan State University and University of Maryland University College and a Ph.D. from George Washington University.


Paul Kurtz

Paul Kurtz, Splunk

Paul Kurtz is an internationally recognized expert on cybersecurity and a co-founder of TruSTAR (acquired by Splunk). He is also a founding board member of the Cloud Security Alliance.

Kurtz began working on cybersecurity at the White House in the late 1990s and served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils under Presidents Bill Clinton and George W. Bush.

Kurtz has held numerous private sector cybersecurity positions, including founder of the Cyber Security Industry Alliance (acquired by Tech America), executive director of SAFECode, managing partner of Good Harbor Consulting in Abu Dhabi and chief information security officer of CyberPoint International.

Kurtz’s work in intelligence analysis, counterterrorism, critical infrastructure protection and non-proliferation of weapons of mass destruction influenced his approach to cybersecurity. Specifically, the fields highlighted the need to build a cloud-based automated exchange platform that addresses the barriers to sharing information while providing immediate value to operators defending networks.


Tom McGrath

Tom McGrath, N.C. Emergency Management

Tom McGrath earned a Bachelor of Science in aerospace engineering from the University of Notre Dame and, following graduation, worked as a senior analytical engineer at Pratt & Whitney Aircraft in East Hartford, Conn.

He entered the FBI Academy in February 1995 and was subsequently assigned as a special agent to the FBI’s Washington Field Office, where he worked on the National Computer Crime Squad – the bureau’s only Cyber Crime Squad at that time – investigating computer intrusion and intellectual property theft.

McGrath transferred to the FBI’s Charlotte Division, Raleigh Resident Agency, where he was the cybercrime task force coordinator investigating computer intrusion, intellectual property theft and child exploitation. He also served as the InfraGard Coordinator for the Charlotte Division.

McGrath subsequently served as the liaison to North Carolina’s Fusion Center, the N.C. Information Sharing and Analysis Center (NC ISAAC), addressing counterterrorism and criminal matters, as well as conducting outreach to the community.

Upon retirement from the FBI, he began a career with the N.C. Department of Public Safety. As the Deputy Homeland Security Chief of NCDPS – Division of Emergency Management – Homeland Security Section, he leads the cyber unit at NC ISAAC, and is a founding member of the N.C. Joint Cybersecurity Task Force.


Laura Rodgers

Laura Rodgers, N.C. Military Business Center

Laura Rodgers is the director of Cybersecurity Practice in the Department of Computer Science at NC State University. She is the technical liaison between industry, government agencies, the Secure Computing Institute and the North Carolina Partnership for Cybersecurity Excellence. She works with these organizations to gain their perspectives and share cybersecurity challenges and solutions.

Prior to joining NC State, Rodgers was the senior cyber compliance manager for the North Carolina Military Business Center, where she helped defense contractors develop cybersecurity compliance programs. Rodgers developed a variety of cybersecurity compliance tools and resources, available at cybernc.us, and hosted a weekly DoD Cybersecurity Compliance course for defense contractors and IT/cyber service providers.

She is the chair of the N.C. Interagency Cybersecurity Coordinating Committee, a group of state-funded agencies, universities and community colleges that provides cybersecurity compliance resources to defense contractors and collaborates in building a cybersecurity ecosystem in North Carolina.

Previously, Rodgers performed business and operations assessments of aerospace contractors for the N.C. Defense Industry Diversification Initiative. She has held a variety of positions in the defense industry, including with Lockheed Martin’s MX and Titan Missile Programs and General Dynamics Information Technology’s urban training programs.

Rodgers attended Oklahoma State University and earned a Bachelor of Science in accounting and a Master of Business Administration. She holds a Data Privacy and Protection Specialist certification and is working toward a CMMC Certified Professional certification.


Andrew Scott

Andrew Scott, CrowdStrike

Andrew Scott is the Strategic Threat Advisor for Public Sector with CrowdStrike’s Strategic Threat Advisory Group, empowering and advising CrowdStrike’s public sector clients on how to transform and mature their security programs through use of threat intelligence.

He specializes in enterprise-level security strategy and program development, security operations and architecture and intelligence analysis.

Prior to joining CrowdStrike, Scott served as the Senior Manager of Threat Intelligence and Security Operations for a CSP serving the federal government. There, he oversaw and drove the continuous security monitoring, incident response and threat intelligence services in support of many U.S. government agencies.

He has also held operational, analytical and executive advisory roles supporting both the private and public sectors.


Carly Sherrod

Carly Sherrod, NCDIT

Carly Sherrod serves as the deputy state chief risk officer with the Enterprise Security and Risk Management Office of the N.C. Department of Information Technology. Sherrod is an Advanced Security Practitioner (CASP) and a joint leader of the recently formalized N.C. Joint Cybersecurity Task Force, an interagency group focused on expanding the Whole-of-State capabilities to support and protect the state’s critical infrastructure.

In her work with the Joint Cybersecurity Task Force and NCDIT, Sherrod responds to cybersecurity incidents, providing threat intelligence, recovery efforts, incident coordination, resource support and consultation. She has responded to more than 60 significant cybersecurity incidents.

Sherrod brings a wealth of experience from the private and public sectors, including more than a decade of public service with North Carolina state government. Her experience includes strategic planning and consulting, information systems and data analytics, academic research, public safety/public health rescue response and administration, threat intelligence, law enforcement support and information security.

Sherrod received her bachelor’s and master’s degrees from the University of North Carolina at Chapel Hill and holds numerous academic, technical and operational certifications. Her publications have appeared in various academic journals, such as Genome Announcements, NCBI, and PNAS.


Dr. Mark A. Sorrells

Dr. Mark A Sorrels, Fayetteville Technical Community College

Dr. Mark A. Sorrells is the Senior Vice President for Academic and Student Services for Fayetteville Technical Community College (FTCC), where he is responsible for coordinating nearly 90 programs of study, corporate and continuing education – as well as student services and academic support – for more than 28,000 students.

Sorrells has been selected by the FTCC Board of Trustees as the next college president, beginning January 1, 2023.

Prior to joining FTCC in January 2019, Sorrells was the senior vice president and chief operating officer at the Golden LEAF Foundation, where he led statewide workforce programs of the GLF Board of Directors. Over his career, he has also served as the executive director of a statewide nonprofit and taught in the North Carolina Community College System.

Sorrells is a co-founder of the Carolina Cyber Network, which is a collaborative of two- and four-year colleges and universities. The CCN is a comprehensive workforce development initiative established to meet the growing talent needs of North Carolina’s public agencies and private businesses.

Sorrells earned his undergraduate and Master of Business Administration degrees from the University of Tennessee and completed his Doctorate in Education at East Carolina University. He is a 1999-2001 William C. Friday Fellow in the Wildacres Leadership Initiative and completed nonprofit and philanthropic leadership programs at Stanford University.


Evan Tegethoff

Evan Tegethoff, Bitsight

Evan Tegethoff is vice president of Consulting Engineering at BitSight. He previously held leadership roles in risk and compliance practice management at Optiv, Accuvant and Forsyth Technologies.

Prior to BitSight, Tegethoff developed third-party risk approaches for numerous large organizations. Additionally, he led consulting teams focused on third-party risk assessment, compliance and risk management.

He holds the CISSP certification and was previously an ISO 27001 Assessor and PCI QSA.


Maria S. Thompson

Maria Thompson, Amazon Web Services

Maria S. Thompson is the State and Local Government Executive Government Advisor - Cybersecurity for Amazon Web Services.  In this role, she brings more than 20 years of experience in information technology, strategic planning, computer network defense and risk management.

Prior to her role with AWS, Thompson served as North Carolina’s first state chief risk and security officer. In her role, she was instrumental in establishing the Whole-of-State Approach to cyber. This included developing and implementing the state’s first Cyber Disruption Plan and the Joint Cybersecurity Task Force.

Thompson also served 20 years in the United States Marine Corps and retired as the cybersecurity chief/information assurance chief for the Marine Corps. Other security roles she held include certification and accreditation lead for the Multi-National Forces – Iraq and senior security engineer in a joint military organization and Security Operations Center lead for a federal agency.

Lt. Col. Seth A. Barun

Lt. Col. Seth Barun, N.C. Army National Guard

Lt. Col. Seth A. Barun is chief of cyber operations at the N.C. Joint Cyber Task Force headquarters in Raleigh and commander of the 113th Special Troops Battalion, Asheboro.

He began his military career in 1995 as a cadet at the U.S. Air Force Academy and was later commissioned after attending the Air Force Aerospace Basic Course. His training also includes the Air Force Undergraduate Space and Missile Training, Air Force 4th Space Operations Satellite Mission Control School, Army Battalion/Brigade S6 Officer course, Army Contractor Officer Representative course, Army Signal Captain’s Career course, Army Command and General Staff Officer course and Army Information Operations course.

Barun holds a Bachelor of Science in social sciences from the U.S. Air Force Academy and a Master of Science in cybersecurity from Purdue University.


Debora Chance

Debora Chance, NCDIT

Debora Chance is program manager for the state of North Carolina’s Business Continuity Management program.

She works with state agencies and other entities on their business continuity and disaster recovery planning as well as the emergency notification solution aligned with the N.C. Department of Information Technology’s Incident Management process.

Chance is co-chair of the Multi-State Information Sharing and Analysis Center’s Business Resiliency Workgroup and helps develop table-top exercises for the MS-ISAC membership.

Chance is a proud native North Carolinian and has been in public service since 2003.


Ulku Yaylacicegi Clark

Ulku Clark, Center for Cyber Defense Education at the University of North Carolina at Wilmington

Ulku Clark is professor of information systems and the director of the Center for Cyber Defense Education at the University of North Carolina Wilmington.

Clark's research interests span information communications technologies, telecom policy, information security, IT productivity, health care IT, quality management and innovative education.

She holds a Master of Science in information technology and management and a Ph.D. in management science with management information systems concentration from the University of Texas at Dallas. 

Her publications have appeared in various academic journals, such as JMIS, IEEE TEM and IMDS.


Kathleen Gardner

Kathleen Gardner, KnowBe4

As vice president of Customer Relations, Kathleen Gardner's primary role is to build value and long-term relationships with KnowBe4's largest clients.

Utilizing her more-than-20 years’ experience as a professional executive, her high energy focus is a combination of marketing, communications, best practices and strategic alignment to exceed client expectations with data-driven results.

Building and maintaining a comprehensive security awareness culture and mitigating risk for the organizations she partners with is her ultimate goal.


Greg Hauser

Greg Hauser, N.C. Division of Emergency Management

Greg Hauser joined the N.C. Division of Emergency Management in April 2018 as the state’s statewide interoperability coordinator. Hauser is also the state’s communications branch manager and the point person for Emergency Support Function 2 activities, alerts and warnings and tactical communications team training, readiness and mobilization.

Hauser also serves as the executive director of the North Carolina Statewide Interoperability Executive Committee, which provides guidance on interoperability to the N.C. State Emergency Response Commission.

Previously, he spent 17 years with the Charlotte Fire Department’s Communications Division and worked his way up the ranks to be the division’s superintendent.

Throughout his career, Hauser has participated in numerous large-scale incidents and events, including communications unit leader for the 2012 Democratic National Convention, Hurricane Irene and Hurricane Matthew. Most recently, he served as communications coordinator during hurricanes Florence, Dorian and Isaias and as an adviser to the communications unit leader for the 2020 Republican National Convention in Charlotte.

Hauser attended the University of New Haven in Connecticut, where he earned a bachelor’s degree in both Fire Investigation and Fire Administration.


Isabelle Hertanto

Isabelle Hertanto, Info-Tech Research Group

Isabelle Hertanto is a principal research director in Info-Tech Research Group’s Security & Privacy practice, with a focus on helping clients align enterprise IT security activities to business objectives through strategic planning, risk and compliance management, policy development, and security program design.

Hertanto has more than 15 years of experience delivering specialized IT services to the security and intelligence community. 

As a former federal officer for Public Safety Canada, Hertanto trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, she has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare and the broader Canadian public sector.

Hertanto has a passion for learning and is an active instructor with University of Toronto’s School of Continuing Studies. She offers a unique perspective on the cyberthreat landscape as well as the evolving legal and cultural frameworks that govern and influence our use of information and technology.


Kristin Hill

Kristin Hill, KnowBe4

As vice president of Customer Relations for KnowBe4, Kristin Hill works with the company’s largest enterprise clients to help their executive teams own the ongoing problem of social engineering. Through quarterly executive business reviews, Hill helps highlight trends and actionable phishing metrics based on recently conducted simulated phishing tests that the executive team can share with key stakeholders and KnowBe4’s board.

Prior to joining KnowBe4, Hill ran Gartner’s CISO Coalition, a community of chief information security officers and security leaders that was formed to provide an outlet for collaboration, challenge sharing, and group problem solving. Security awareness, social engineering and managing the attack surface were common topics among the coalition.


Saad Khalid

Saad Khalid, GitHub/Microsoft

Saad Khalid is a senior solutions engineer with GitHub/Microsoft. He works with hundreds of state agencies across the United States providing DevOps expertise.

Khalid’s previous experience as a software engineer, in addition to his extensive expertise in networking and security, enables him to provide advanced holistic DevSecOps solutions.

Some of his previous work includes developing an advanced machine learning algorithm in use today at Fidelis Cybersecurity. Additionally, he supported various U.S. Department of Defense agencies in their digital transformation and DevOps adoption while at F5 Networks, where he primarily focused on the Defense Information Systems Agency (DISA) and White House Communications Agency (WHCA).


Greg Mallette

Greg Mallette is the U.S. Cybersecurity and Infrastructure Security Agency’s cybersecurity state coordinator in Mississippi. In this role, he serves as a federal cybersecurity risk advisor for state, local, tribal and territorial government and private-sector partners by helping them develop and maintain secure and resilient critical infrastructure. He also facilitates the sharing of cyberthreat information between federal and non-federal entities.

Prior to joining CISA, Mallette was an information system security officer for the National Oceanic and Atmospheric Agency’s National Water Center, where he effectively led the IT security team and was the principal advisor to the director on all matters involving the information system security.

Before joining the federal service, he served 20 years with the U.S. Department of Defense as both an active-duty military member and a civilian contractor. A veteran of multiple military operations, he served in various roles in which he built a reputation as a subject matter expert for successful strategies in cybersecurity, risk management and system accreditation.

Mallette holds a bachelor’s degree in business administration and a Certified Information System Security Professional certification with the International Information System Security Certification Consortium.


Jeff Martin

Jeff Martin is the Deputy Director of Technology & Innovation for Mooresville, N.C. and supports the N.C. Division of Emergency Management as the information technology service leader coordinator. 

Martin has more than 13 years of experience in government IT, managing large infrastructure projects, business continuity and disaster recovery programs and information security services. He is also the Region 4 director for the Information Technology Disaster Resource Center, a nationwide nonprofit organization that provides personnel and equipment to communities affected by disasters.

 

Martin has experience supporting numerous incidents and events, including hurricanes Dorian and Isais, the Haiti earthquakes in 2021 and the Kentucky tornadoes in December 2021. He has also supported several national events, including the 2020 Republican National Convention and 2022 World Games. 

Martin holds several professional certifications including the Certified Business Continuity Professional, Certified Cyber Resilience Professional and Project Management Professional.

 

He earned a Bachelor of Science in Information Technology Management from American Public University and is currently completing his Master of Public Administration with a concentration in Disaster Management from American Public University.


Rick McElroy

Rick McElroy, VMware

Rick McElroy, principal cybersecurity strategist for VMware, has 24 years of information security experience educating and advising organizations on reducing their risk posture and tackling tough security challenges. He has held security positions with the U.S. Department of Defense, and in several industries including retail, insurance, entertainment, cloud computing and higher education.

McElroy’s experience ranges from performing penetration testing to building and leading security programs. He is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CSIM) and Certified in Risk and Information Systems Control (CRISC) and Certified in Cloud Security Knowledge (CCSK).

As a U.S. Marine, McElroy’s work included physical security and counterterrorism services. His current role takes him all over the world working with organizations to improve their security strategies and speaking on security and privacy.


Leah McGrath

Leah McGrath, StateRAMP

Leah McGrath serves as executive director for StateRAMP, a national nonprofit advancing cybersecurity for state and local government. McGrath dedicated more than 1,000 hours in 2020 working alongside Steering Committee members to develop StateRAMP’s governance and policy framework.

Prior to her work with StateRAMP, McGrath held leadership positions in both the public and private sector, including serving as the first deputy mayor of the City of Fishers, Indiana from 2015 until 2019.

In her role, she helped lead modernization efforts and spearheaded city-wide efforts to develop its first long-range comprehensive plan. During her tenure, Fishers transformed from a town into a smart, vibrant, entrepreneurial city and was named in 2017 the No. 1 Best Place to Live in America by Money Magazine.

A graduate of Purdue University, McGrath’s 20-year career has been focused on working to improve government outcomes at the state and local level, helping shepherd government into the digital age, securely and effectively, for the citizens it serves.


Geoff Stoker

Geoff Stoker, University of North Carolina at Wilmington

Geoff Stoker is assistant professor in the Congdon School at the University of North Carolina Wilmington. 

Previously, he worked at CYR3CON, a cybersecurity startup harnessing artificial intelligence to provide an attacker-focused approach to predicting and preventing cyberattacks.

He also served more than 24 years in the U.S. Army, including a four-year tour with the 82nd Airborne Division, as the chief information security officer, and 15 months in Afghanistan protecting coalition networks. 

His service also included three years teaching as an instructor, assistant professor and course director at the United States Military Academy, West Point.

He earned degrees in computer science from West Point (B.S.), University of Virginia (MCS) and University of Maryland, College Park (Ph.D.).