Conference Agenda

1 p.m. to 4 p.m.

SPECIAL SESSION: Workforce Development Forum

There are thousands of inspired professionals building a resilient network against millions of cyber breaches every day.  They are in science and engineering, industry and academia, multi-national corporations and small business, service and manufacturing, investments and policy-making… How do you recruit, retain, upskill and adapt an educated workforce so that they will make their best impact within the organization?

As part of the Workforce Develop Forum, CyberCon will host special session on Women at the Cyber Frontline highlighting the impact and influence this diverse group of employees is bringing to the cybersecurity industry.


Scott Young, President, SynEd

1 p.m. to 4 p.m.

SPECIAL SESSION: Power & Utility CISO Forum

CyberCon’s CISO Forum will provide CISO leaders in the power and utility industry and their leadership teams with shared learnings and best practices from some of the leading CISOs. The forum will feature peer-level presentations and discussions on such topics as strategy & leadership, IT/OT vulnerabilities, supply chain and AI & ML solutions. This forum is designed to arm and strengthen the information security leadership team within power and utility companies who are responsible for safeguarding their company from cyberattacks.

4:30 p.m. to 7:30 p.m.

Opening Evening Reception in Exhibit Hall

Featuring 100+ Exhibitors and the Emerging “Tech Pavilion”

Enjoy complimentary food and drinks while networking with power and utility industry leaders and cybersecurity professionals during the CyberCon Opening Reception.

The Opening Reception is also the official opening of the “Tech Pavilion”, a unique venue where some of the brightest minds from U.S. academic institutons and national laboratories will be showcasing next generation technologies for combatting cyber threats.

7:30 a.m. to 8:30 a.m.

Registration, Breakfast and Networking in the Exhibit Hall

8:30 a.m. to 8:35 a.m.

Welcome Address

8:35 a.m. to 9 a.m.

Keynote Speaker

John McLaughlin, Distinguished Practitioner-in-Residence – Philip Merrill Center for Strategic Studies, John Hopkins; former Deputy Director, Central Intelligence Agency 

9 a.m. to 10 a.m.

View from the C-Suite

Utilities handle millions of cyber threats every day — some are repelled, some are breached. What is the C-Suite doing to protect themselves from risk? What are they doing to repel the next wave of attacks? What are their biggest challenges and how do they keep their board engaged?


Barry K. Worthington, Executive Director, United States Energy Association

10 a.m. to 10:30 a.m.

Networking Break

10:30 a.m. to 11:30 a.m.

Cybersecurity as National Security

In an instant, a cyber breach could bring our nation to its knees. How do U.S. federal agencies approach the challenges of security? What does resilience mean and how is it achieved? And more importantly, what else needs to be done?


– Major General Stephen Hager, Deputy Commander of Operations – Cyber National Mission Force and Mobilization Assistant to the Commander, U.S. Cyber Command 

11:35 a.m. to 12:40 p.m.

Luncheon with Keynote Speaker

12:45 p.m. – 1:45 p.m.

Keynote Speaker

1:45 p.m. to 2:15 p.m.

Networking Break

2:15 p.m. to 3:15 p.m.

Behind the Veil: Separating Fact from Fiction in Cyber Warfare

The risk of cyber attacks to the energy sector appears overwhelming. Is this level of fear justified? What should power and utility companies do to prepare for attacks that may be coming? This panel features experts and executives who have first-hand experience addressing these questions and can share lessons learned for taking reasonable steps to prepare for the future.


– Irving Lachow, Deputy Director – Cyber Strategy & Execution, The MITRE Corporation 

– Brian Barrios, Director – Threat Management and Intel, Southern Company 

– Evan Wolff, Co-Chair – Privacy and Cybersecurity Group, Crowell & Moring 

3:15 p.m. to 3:45 p.m.

Making Cyber Policy

Making policy is a lot like making sausages, but in the case of the former, we need to know the messy details. What works? What doesn’t? More importantly, how can we do it better?


Don Proctor, Founder & CEO, Bk97 Digital; former Senior Vice President and Lead – Cybersecurity Task Force, Cisco


– Trey Herr, Director of Cyber Statecraft Initiative, Atlantic Council

– David Whitehead, COO, Schweitzer Engineering Laboratories 

– Sheila Slocum Hollis, Of Counsel, Duane Morris LLP  and  Chair – Board of Directors, United States Energy Association

3:45 p.m. to 4:15 p.m.

Networking Break

4:15 p.m. to 5:15 p.m.

The Ultimate Risk? The Third Party of Your Third Party

The rise of the extended enterprise has lead to companies to rely on a network of third-party vendors to provide them with organizational value and competitive advantage. The use of these third (and fourth) parties in your supply chain or for data handling creates potential risks that can be compounded by these third-party weaknesses. As the perimeter of the your organization grows, how do you properly vet the third and fourth-party vendors who will have access to your data without being subject to your internal risk management process?


– Dan Burke, Director of Third-Party Risk, DocuSign


– Ray Espinoza, Director of Security,

– Dave Jones, Information Security Architect, Cisco

– Michelle Koblas, Manager – Customer Security Engagement, AppDynamics

– Ketan Nilangekar, CEO, ThreatWatch 

5 p.m. to 7 p.m.

Reception in Exhibit Hall

7:30 a.m. to 8:30 a.m.

Registration, Breakfast and Networking in the Exhibit Hall

8:30 a.m. to 8:35 a.m.

Welcome Address

8:35 a.m. to 9:30 a.m.

Case Study: A Tale of Two Cyber Exercises

Cybersecurity for the power sector got real on December 23, 2015, when hackers successfully coordinated attacks on information systems and operations of three Ukrainian utilities. Since then, thought leaders created war-game like scenarios that simulated a wide variety of attacks. This panel offers a closer look at how the first great cyber-attack informed the Jack Voltaic exercise in Houston, the CES-21 exercise in Southern California, and the next generation of cyber-scenarios.


– Randolph Bell, Director – Global Energy Center, Atlantic Council 


Laura Lee, Vice President of Training, By Light

– Zach Tudor, Associate Laboratory Director – National and Homeland Security, Idaho National Lab

9:30 a.m. to 10:30 a.m.

Risk Management Considerations

How is cyber risk interpreted and managed? What metrics are used? Is it consistent with the approach taken by the power sector? More than just standards compliance, continuous assured operations are needed so are we transforming the industry culture quickly enough to get ahead of bad actors? What can the industry do to mitigate, avoid and transfer risk.


Sheila Zuehlke, Former Major General and Mobilization Assistant, United States Air Force; President, Z-Cube, LLC


– Bob Butler, Senior Vice President – Critical Infrastructure Protection, AECOM

– Tom Finan, Director – Cyber Risk Solutions – North America, Willis Towers Watson

– Justine Phillips, Partner, Sheppard Mullin

– Eric Trapp, Vice President – Security & Technology and Chief Security Officer, Sempra Energy

10:30 a.m. to 11:00 a.m.

Networking Break

11:00 a.m. to 12:00 p.m.

Securing an Interconnected World

A breach in one link can have dire consequences throughout an entire supply chain. How do we protect individual parts of an interconnected infrastructure from cyber threats? Can we? What new dimensions of cybersecurity does cloud computing add to this equation? Experts from public and private sectors will discuss the strategies they use to answer these questions.


– Leo Simonovich, President and Global Head, Industrial Cyber and Digital Security, Siemens Gas and Power

– David Victor, Professor, School of Global Policy and Strategy, University of California San Diego

– Tobias Whitney, Technical Executive, Electric Power Research Institute (EPRI) 

11:30 a.m. to 12 p.m.

Closing Remarks and Conclusion of CyberCon