Platinum Sponsors
Gold Sponsors
Silver Sponsors

Register for CSA Fall Summit!

Awesome speakers, 6 CPE credits, breakfast, lunch, beer and vendor giveaways!  
Register Here!
2017 CSA Fall Summit Schedule
  1. 7:45-8:30 am
    Registration and Breakfast
    Ball Room A & B
  2. 8:30-8:45 am
    Opening Announcements
    Ball Room A & B
    Al Bartron, President CSA Colorado
  3. 8:45-9:45 am
    Ball Room A & B
    David McCurdy, CTO State of Colorado
  4. 9:45 - 10:00 am
    Morning Break
  5. 10:00 - 10:45 am
    Technical Track: Practical AWS Security - presentation and live demo
    Ball Room C
    Scott Hogg, CTO GTRi
  6. 10:00 - 10:45 am
    Business Track: Security and Automation: Can they work together? Can we survive if they don’t?
    Ball Room D
    Rob Randell, Director Security & Risk Practice Service Now
  7. 10:00 - 10:45 am
    Privacy Track: Healthcare, HIPAA, and the Cloud
    Ball Room E
    Drew Labbo, CEO HIPAA GURU
  8. 10:50 - 11:35 am
    Technical Track: IT/Network Operations concepts and strategies to improve the production of your Cloud
    Ball Room C
    Joe Dietz, Network Security Professional
  9. 10:50 - 11:35 am
    Business Track: Cloud Best Practices
    Ball Room D
    Brian Lewis, Senior Cloud Services Evangelist CenturyLink
  10. 10:50 - 11:35 am
    Privacy Track: Privacy 101
    Ball Room E
    Deb Shinbein Howitt, Director Privacy & IP Attorney
  11. 11:35 - 12:45 pm
    Ball Room A & B
  12. 12:45 - 1:30 pm
    Technical Track: Beyond Bearer: Token Binding as the Foundation for a More Secure Web
    Ball Room C
    Brian Campbell, Distinguished Engineer Ping Identity
  13. 12:45 - 1:30 pm
    Business Track: The Psychology of Cloud Adoption and Implications for Security
    Ball Room D
    Chad Hoffman, Security Analyst Crocs
  14. 12:45 - 1:30 pm
    Privacy Track: GDPR
    Ball Room E
    Carlin Dornbusch, CISO American CyberSecurity Management
  15. 1:35 - 2:20 pm
    Technical Track: What are You Afraid of?
    Ball Room C
    Tyler Warren, Senior Security Architect, Prologis
  16. 1:35 - 2:20 pm
    Business Track: CASB
    Ball Room D
    Matt Clark, Senior SE Netskope
  17. 1:35 - 2:20 pm
    Privacy Track: Privacy by Design
    Ball Room E
    Austin Chambers, Data Privacy and Security Lewis Bess Williams & Wesse
  18. 2:20 - 2:35 pm
    Afternoon cookies & coffee
    Ball Room A & B
  19. 2:35 - 3:20 pm
    Technical Track: Planning for Successful Security Projects
    Ball Room C
    Merlin Namuth, BISO Reed Group
  20. 2:35 - 3:20 pm
    Business Track: Change is Simply an Act of Survival - How can we predict the future when we're shackled to the past?
    Ball Room D
    Bil Harmer, CISO Zscaler
  21. 2:35 - 3:20 pm
    Privacy Track: Key Distribution in Containers
    Ball Room E
    Alan Robertson, Software Engineer Charter Communications
  22. 3:30 - 4:30 pm
    Cloud Security Panel Discussion
    Ball Room A & B
    Moderator: Mark Weatherford Panelist: Jonathan Trull, Sr Director Cyber Microsoft Hadar Freehling, SE Security & Network VMware Christopher Hein, Engineering Manager, Google
  23. 4:30 - 5:30 pm
    Wrap up, vendor prizes & beer social
    Ball Room A & B
    Christopher Hein, Customer Engineering Manager Google

CSA Fall Summit
Speaker Bios

CSA is proud to present speakers from the State of Colorado, Azure, CenturyLink, Crocs, NetSkope, ServiceNow, Charter Communications, GTRI, Ping Identity, Zscaler, Netskope and more!   
Register today!  Early registration discounts only last until October 31, 2017.
  1. David McCurdy
    8:45-9:45am Keynote Speaker: David McCurdy - CTO State of Colorado
    David McCurdy is an accomplished professional and thought leader who has been sought after to speak both nationally and abroad. Before joining the public sector in September 2014, he acquired more than 17 years’ experience working in IT as a programmer, system engineer, architect, and executive across the telecommunications, finance, healthcare fields. David spent the past ten years at Catholic Health Initiatives (CHI) during which time CHI grew from a holding company to one of the largest healthcare systems in the country and provided over $715 million in charity care in the year 2013 alone. In his roles as CHI’s Associate Vice President and Chief Enterprise Architect, David led a 1,000 person IT organization that serviced hospitals and clinics across the country and was responsible for setting standards and strategic direction of IT. His key accomplishments include the build out of three primary data centers, centralization and reorganization of IT, the build out of new ERP and business management...
  2. David McCurdy
    10:00-10:45am Scott Hogg, CTO GTRI
    Scott Hogg is the Chief Technology Officer for Global Technology Resources, Inc. (GTRI) and has been a network computing consultant for over 25 years. Scott provides network engineering, security consulting, and training services to his clients, focusing on creating reliable, high-performance, secure, manageable, and cost effective network solutions. He has a B.S. in Computer Science from Colorado State University, a M.S. in Telecommunications from the University of Colorado, along with his CCIE (#5133), CISSP (#4610), among many other vendor and industry certifications.
  3. David McCurdy
    10:00-10:45am Rob Randell, Director Security & Risk Practice Service Now
    Rob Randell is a Director in the Security and Risk Practice at ServiceNow with over 22 years’ experience in IT and over 19 years in Security. Rob’s current role is leading a team of Solutions Consultants at ServiceNow who help our customers understand how to address security incident and vulnerability response in a faster and more efficient way. Rob is a regular speaker at different events from local ISSA Meetings to larger security conferences such as the RSA Conference. Rob’s career has been deep into information security through several avenues- virtualization security and micro segmentation through the hypervisor at VMware, endpoint memory based protection with startup Determina (acquired by VMware), anti-malware at Webroot and prior to that Vericept which was the original player in the DLP space.
  4. David McCurdy
    10:00-10:45am Drew Labbo, CEO HIPAA GURU
    Drew Labbo is owner and principal of RMHG, which offers HIPAA consulting and HIPAA advisory services. Drew has over 19 year experience with information security and technology and over 12 years' experience as a Privacy and Data Security Officer. He is an expert on HIPAA Privacy and Security Rule regulations as well as HITECH and Omnibus regulatory updates. Drew's recommendations are guided by his education in health administration and experience and leadership integrating privacy and security controls with health information technology infrastructure and applications, as well as treatment, payment, operations, and human subjects research workflows and processes.
  5. David McCurdy
    10:50-11:35am Joe Dietz Network Security Professional
    Joe Dietz is a technology focused senior level IT security professional, with the excellent balance of business experience and knowledge of systems/network security. Over ten years of hands on security experience working with large enterprise Internet gateway environments. A unique ability to see across many different technologies and bring together business groups to deliver innovative solutions as a savvied marketer.
  6. David McCurdy
    10:50-11:35am Brian Lewis, Senior Cloud Services Evangelist
    Brian Lewis a Principal in CenturyLink’s Hybrid IT practice will be discussing best practices around cloud management. He will be going into elements of the cloud that cloud providers sometimes shy away from. Brian will be covering Cost visibility, Governance, and Security in a multi-cloud and hybrid world. Brian will be diving into multi-cloud management, and specifically CenturyLink’s Cloud Application Manager. Cloud Application Manager facilitates customer IT transformation by orchestrating the delivery of infrastructure, applications, and services across hybrid deployments and multiple clouds. Manage any infrastructure from a single interface by utilizing the platform's inherent features, including Application Lifecycle Management, as well as Managed Services Anywhere and deployment of CenturyLink Dedicated Cloud Compute, CenturyLink Public Cloud, VMWare, Azure, or AWS cloud instances.
  7. David McCurdy
    10:50-11:35am Deb Shinbein Howitt, Director Privacy & IP Attorney
    Attorney focused on data privacy/security law (policies, data breaches, compliance, and more), Internet law, technology licensing and development agreements, digital marketing, content development and distribution, strategic alliances, e-commerce issues, copyright protection and analysis, sweepstakes and contests, professional service agreements, and various other commercial contracts. Former adjunct professor (Information Privacy Law) at University of Colorado Law School.
  8. David McCurdy
    12:45-1:30pm Brian Campbell, Distinguished Engineer Ping Identity
    As a Distinguished Engineer for Ping Identity, Brian Campbell aspires to one day know what a Distinguished Engineer actually does for a living. In the meantime, he's tried to make himself useful with little things like designing and building much of PingFederate, the product that put Ping Identity on the map, and creating the popular open source JWT library jose4j. When not making himself useful, he contributes to various identity and security standards including a two-year stint as co-chair of the OASIS Security Services Technical Committee (SAML) and ongoing contributions to OAuth, JOSE and Token Binding in the IETF as well as OpenID Connect. He holds a B.A., magna cum laude, in Computer Science from Amherst College in Massachusetts. Despite spending four years in the state, he has to look up how to spell "Massachusetts" every time he writes it.
  9. David McCurdy
    12:45-1:30pm Chad Hoffman, Security Analyst Crocs
    Principles by which I live: • Always use the right tool for the job, but never say a job can’t be done because I don’t have the right tools. • People first, technology second. • To solve the problem I need the whole story from top to bottom and to understand how it all works together. • Upgrade to improve functionality. • Question everything and follow orders.
  10. David McCurdy
    12:45-1:30pm Carlin Dornbusch, CISO American CyberSecurity Management
    Worried about GDPR? Wondering if you need to be concerned about GDPR? Are you worried about how secure your SDLC is or if your company will be listed in the next breach report? It certainly makes sense to be concerned about your privacy posture and your security maturity. Maybe there are ways to exceed the expectations of your Board, or innovate in such a way that you can use your security or privacy program as a differentiation or competitive advantage. Maybe there are easier ways to expand your business overseas. By leveraging new delivery models and technologies, businesses are able to not only reduce costs but also "Build in Security". And with new global privacy requirements it is now time to also consider "Privacy by Design". I'm glad to connect and discuss how my experience and expertise can assist your business with these challenges.
  11. David McCurdy
    1:35-2:20pm Tyler Warren, Senior Security Architect, Prologis
    Over nineteen years of experience in IT, security, and telecommunications. I have a strong technical background and eight years of managing technical employees. My technical and security background allow me make strategic business decisions to assist in cost reduction and improved IT support and customer service for the business. I excel at working with and building teams of people to overcome technical and business issues.
  12. David McCurdy
    1:35-2:20pm Matt Clark, Senior SE Netskope
    Cloud Security Alliance President, Southwest Chapter University of Phoenix
  13. David McCurdy
    1:35-2:20pm Austin Chambers, Data Privacy and Security Attorney Lewis Bess Williams & Wesse
    Attorney with practice focused on domestic and international privacy, information security, emerging technology, and tech transactions. Client/work experience in government and private industry, in diverse industry verticals, and at different stages of development.
  14. David McCurdy
    2:35-3:20pm Merlin Namuth, BISO Reed Group
    Merlin Namuth is the Business Information Security Officer at ReedGroup. Namuth has over 22 years of IT experience with the last 19 years focused in security. His experience in security is comprised of building and running numerous security programs, program management, managing incident response teams, computer forensics, compliance, and architecture and engineering complex security solutions. Namuth serves on the cyber risk advisory board at Pepperdine University where he also guest lectures. Merlin currently serves on the Board of Directors at iEmpathize, a nonprofit organization focused on educating people about human trafficking. He has presented at several conferences, including having presented at RSA three times -- domestically and internationally. He holds the PMP, CISSP, GCFA and GCIH certifications.
  15. David McCurdy
    2:35-3:20pm Bill Harmer, CISO Zscaler
    Bil has been in the IT industry for 30 years. He has been at the forefront of the Internet since 1995 and his work in security began in 1998. He has led security for startups, Government and well established Financial Institutions. In 2007 he pioneered the use of the SAS70 coupled with ISO to create a trusted security audit methodology used by the SaaS industry until the introduction of the SOC2. He has presented on Security and Privacy in Canada, Europe and the US at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance. He has been interviewed by and has written for various publications such as Dark Reading, Data Informed, SecureWorld and Security Intelligence. His vision and technical abilities have been used on advisory boards for Adallom, Trust Science, ShieldX, Resolve and Integris. He has served as Chief Security Office for GoodData, VP Security & Global Privacy Officer for the Cloud Division of SAP and now serves as a Strategist for Zscaler where he runs the Office of the CISO for the Americas.
  16. David McCurdy
    2:35-3:20pm Alan Robertson, Software Engineer Charter Communications
    I founded the Linux-HA project, the Assimilation Monitoring Project and am an internationally known expert on high-availability systems, discovery and monitoring, and a frequently requested speaker on High-Availability, IT Discovery, Cybersecurity, Monitoring and Linux. I've founded and managed projects - open and closed source, local developers, and across the world. I've architected software systems, designed, coded, tested, and written automated test tools. I've also worked in data centers as a high-level administrator, planner, etc. I've written software for communications controllers, for mainframes, for numerous operating systems (typically UNIX-like), for backup systems, for data dictionary type applications, databases, device drivers, compilers, monitoring systems, and lots of other things. I've programmed in dozens of languages - most commonly C, Perl, Python, C++. A distinguishing characteristic of all the places that I've worked is that I always make my organization better than it was before I joined. I might have made it better in processes, in culture, in performance of our goals, in technology or all of the above - it's who I am. I like doing things that are ambitious. If someone thinks it's impossible, then I'm probably interested. A number of projects that I created became far more successful than seemed possible. Specialties: High-Availability Systems, Scalability, IT Discovery, Monitoring, Open Source Software, OSS project leadership, debugging, architecture, testing, customer relationships, public speaking, technical evangelism.
  17. David McCurdy
    3:30-4:30pm Mark Weatherford, SVP & Chief Cybersecurity Strategist vArmour
    Mark Weatherford is Senior Vice President and Chief Cybersecurity Strategist at vArmour. He has more than 20 years of security operations leadership and executive-level policy experience in some of the largest and most critical public and private sector organizations in the world. At vArmour, Mark focuses on helping customers understand the rapidly evolving cybersecurity needs of the cloud and 21st century data center technologies. Prior to joining vArmour, he was a Principal at The Chertoff Group where he worked with businesses and organizations around the world create strategic security programs. In 2011, Mr. Weatherford was appointed by President Obama as the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity and before DHS, he was the Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program and worked with electric utility companies across North America. Prior to NERC, Mr. Weatherford was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and was also the first Chief Information Security Officer for the State of Colorado, where he was appointed by two successive governors. As a former U.S. Navy Cryptologic Officer, Mr. Weatherford led the United States Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT). Mr. Weatherford serves on the Board of Directors of the Center for Cyber and Homeland Security at the George Washington University, the Board of Directors at the National Cybersecurity Center, and is a Distinguished Fellow at the Poneman Institute. He is a Senior Advisor to The Chertoff Group and on the Executive Advisory Boards at AlertEnterprise, BitGlass, Chevron, Coalfire, and Cylance. He is also a member of an advisory group on Cyber-Enabled Economic Warfare at the Foundation for Defense of Democracies in Washington DC. He earned a bachelor’s degree from the University of Arizona, a master’s degree from the Naval Postgraduate School and holds the Certified Information Systems Security Professional (CISSP) certification. He was awarded SC Magazine’s “CSO of the Year” award in 2010, named one of the “10 Most Influential People in Government Information Security” by GovInfoSecurity in both 2012 and 2013 and was selected for the 2013 CSO Compass Award for leadership achievements in the security community. I like doing things that are ambitious. If someone thinks it's impossible, then I'm probably interested. A number of projects that I created became far more successful than seemed possible. Specialties: High-Availability Systems, Scalability, IT Discovery, Monitoring, Open Source Software, OSS project leadership, debugging, architecture, testing, customer relationships, public speaking, technical evangelism.
  18. David McCurdy
    3:30-4:30pm Jonathan Trull, Sr Director Cyber Microsoft
    Seasoned cyber security executive who is passionate about leveraging new and innovative approaches and technologies to holistically address the information security and privacy needs of businesses, governments, and educational institutions around the world. Advocate for using public-private partnerships and technological innovations to solve complex problems and make the Internet a safe place for all to work and play. Recognized security innovator and recently named as one of the “People Who Made a Difference in Cybersecurity” by the SANS Institute. Dedicated to teaching and mentoring the next generation of cyber security professionals
  19. David McCurdy
    3:30-4:30pm Hadar Freehling, SE Security & Network VMware
    Hadar Freehling is a Staff Security Specialist at VMware with over 15 years experience in IT and Security. Freehling’s current role is to advise VMware customers on security-related aspects of virtualization. Before coming to VMWare, Hadar worked as a Security Operations Manager at Agilent where he directed a team of security engineers managing everything from incident response to forensics. Prior to Agilent, Freehling was security architect at First Data Corporation helping keep your credit card data safe. He has also worked as a PCI QSA and SOX 404 consultant. Hadar holds a master’s degree in Information Assurance from Norwich University as well as the CISSP and CISA certifications.
  20. David McCurdy
    3:30-4:30pm Christopher Hein, Customer Engineering Manager Google
    Working to change the way people work. Shouldn't people enjoy their jobs? Shouldn't the tools that they use empower them to do more? Shouldn't LinkedIn summaries contain more questions? My day-to-day job is to talk about Google products that work in the enterprise space. I work with companies to figure out how to better enable their employees with technology. Whether that's developers who shouldn't be worrying about setting up development environments or executive admins who can't keep everything straight with the tools they have available. I'm passionate about disruptive technology, the internet of things, scotch, and SAAS technologies. Technology Specialties (also known as buzz words) - Big Data - Translation: your company now has Terabytes of data. How the heck do you figure out what any of it means? - Cloud Computing - Why are you building/managing server racks? Seriously, why? - Enterprise Search - How silly is it that you can find a random blog post about David Hasselhoff and not the document you were working on last week at work? - Team Collaboration Tools - Can you honestly say that your tools make it easy (heck encouraged) to collaborate? - Family IT Support - Have you tried turning it off and on again?