August 21 - 23, 2019
Marriott Georgetown, Washington, DC

Day 1, August 21, 2019

10:45 am - 11:25 am Registration

11:25 am - 11:35 am Orientation

11:35 am - 11:45 am Thoughtexchange Welcome — App Introduction

During this segment, attendees will learn how to glean greater insights from business partners using the
Thoughtexchange social learning tool. Later in the Exchange, we will put these insights to action by developing
solutions to ultimately improve financial operations.

11:45 am - 11:55 am Chairperson's Opening Remarks

The sheer number of connected devices continues to grow and with it so do the security challenges. Powered by the convenience and benefits the Internet of Things (IoT)  can deliver; the devices continue to permeate all aspects of enterprise and personal existence without necessarily concerns over potential consequences and  related security and privacy concerns. Hackers continue to deploy sophisticated attack methodologies to bypass existing security measures. Common attacks include: ransomware, which prevents the legitimate user from accessing a device or network and malware which infects known device vulnerabilities.

In this session explore:

•Gaining visibility and classifying all connected devices
•Detecting real-time alerts about cyber attacks
•Instilling proactive prevention including micro-segmentation of the enterprise network


David Barker

Director, Smart Product Security
Stanley Black & Decker


Chris Wolski

Chief Information Security Officer
Herman Miller, Inc.

12:30 pm - 1:30 pm Networking Lunch

1:30 pm - 2:05 pm True Security Partnerships- Speaking the Language of Business and Technology

Edward Liebig - Vice President Security Operations and Strategy, Charter Communications
Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.

Join this session to learn:

• Engaging, managing, and exceeding expectations
• Top-down focus on risk management
• Evolving roles of the CISO, CIRO, and CIOs

Edward Liebig

Vice President Security Operations and Strategy
Charter Communications

2:05 pm - 2:35 pm Business Meetings

2:35 pm - 3:05 pm Business Meetings

3:05 pm - 3:35 pm Business Meetings

3:35 pm - 3:50 pm Networking Break


3:55 pm - 4:45 pm The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
Erich Kron - Security Awareness Advocate, KnowBe4
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.

Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by common criminals, to sophisticated social engineering and online scams. Additionally, he'll look at how you can ethically use the very same levers when educating your users.

Key Takeaways:

•The Perception vs. Reality Dilemma
•Understanding the OODA (Observe, Orient, Decide, Act) Loop
•How social engineers and scam artists achieve their goals by subverting critical thinking steps
•How can you defend your organization and create your human firewall


Erich Kron

Security Awareness Advocate


3:55 pm - 4:45 pm Future Proofing Industrial Control Systems
Industrial control systems serve as an integral part of critical infrastructure, empowering vital sectors including electricity, oil and gas, water, transportation, manufacturing, and chemical manufacturing. Effectively addressing ICS cybersecurity, necessitates a comprehensive understanding of current security challenges and available mitigation tools.  Defense-in-depth allows a flexible framework to strengthen security posture and help to defend against cybersecurity threats and vulnerabilities. Legacy systems used  protocols that were difficult to hack, but with the convergence of IT and ICS architectures, recent high profile breaches have shown the potential risk. Organizations must get creative in their defense and apply layered approaches that make targets less attractive and attainable: 

•Implementing strategies for securing control system environments
•Investigating how threat actors can carry out attacks and the potential impact on industrial controls
•Evolving control systems management and security practices

3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!

Ignite Sessions

4:35 pm - 4:45 pm Yikes! I have too Many Security Tools and not Enough Skilled Resources

4:45 pm - 4:55 pm How Real-Time Asset Intelligence Enables Full Posture Control

4:55 pm - 5:05 pm Placeholder Session for SafeGuard Cyber

The global cyber security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session three cybersecurity vendors will convey the benefits of their technologies to a panel of three security executives. The CISOs will follow up with questions, advice on go-to-market strategies and how to cut through the noise to increase market traction and adoption by the security team. 

Panel: Real-Time Emerging Tech Take

5:05 pm - 5:50 pm Making the Case for Deception as Practical Cyber Defense Solution

Making the Case for Deception as Practical Cyber Defense Solution

Deception is a potentially powerful, but underutilized cyber security technology. Currently, many CISOs evaluating cyber tool stacks think deception is too costly and impractical. In this session, PacketViper founder and CEO Francesco Trama will share a different perspective and client experiences on internal and external facing deception technology acting earlier in the cyber kill chain to greatly strengthen a dynamic defense posture.

5:05 pm - 5:50 pm Bolstering Mitigation in the Cloud

As it gets harder to keep up with infrastructure and the amount of data in need of protection continues to increase, the prospects of cloud security seem brighter. What are the benefits? What are the realities? Can we build a secure cloud infrastructure?

Placeholder session for BitDam

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement. 

5:50 pm - 6:40 pm Practitioner Roundtables

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.

6:45 pm - 7:15 pm Networking Reception