August 21 - 23, 2019
Marriott Georgetown, Washington, DC

Day One: Wednesday, August 21, 2019

10:30 am - 11:10 am Registration



11:10 am - 11:20 am Orientation

11:20 am - 11:30 am Thoughtexchange Welcome — App Introduction

During this segment, attendees will learn how to glean greater insights from business partners using the
Thoughtexchange social learning tool. Later in the Exchange, we will put these insights to action by developing
solutions to ultimately improve financial operations.

11:30 am - 11:35 am Chairperson's Opening Remarks

Mark Ramsey, Chief Information Security Officer at ASSA ABLOY-Americas

Mark Ramsey

Chief Information Security Officer
ASSA ABLOY-Americas

Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.

Join this session to learn:

  • Engaging, managing, and exceeding expectations
  • Top-down focus on risk management
  • Evolving roles of the CISO, CIRO, and CIOs

Robert Lautsch, Vice President, Chief Information Security Officer at Rite Aid

Robert Lautsch

Vice President, Chief Information Security Officer
Rite Aid

Jeff Wagner, Chief Information Security Officer, Farm Production and Conservation at USDA

Jeff Wagner

Chief Information Security Officer, Farm Production and Conservation
USDA

Vikas Mahajan, Senior Director, Information Security Operations at American Red Cross

Vikas Mahajan

Senior Director, Information Security Operations
American Red Cross

12:15 pm - 1:30 pm Creating a Culture of Data Security & Privacy

Learn how innovative and dynamic leaders are leading the way by having courageous conversations within their organization. Discover how organizations are creating a culture that promotes openness, transparency and collaboration by empowering their employees to share their voice and consider the thoughts and ideas of others; shifting the corporate paradigm from closed and knowing to open and learning. In this session you’ll learn what collaborative and courageous leadership means to you and those around you. 
Chris Mussell, Director Information Security and Privacy at Thoughtexchange

Chris Mussell

Director Information Security and Privacy
Thoughtexchange

12:30 pm - 1:30 pm Welcome Lunch




The sheer number of connected devices continues to grow and with it so do the security challenges. Powered by the convenience and benefits the Internet of Things (IoT) can deliver; the devices continue to permeate all aspects of enterprise and personal existence without necessarily concerns over potential consequences and related security and privacy concerns. Hackers continue to deploy sophisticated attack methodologies to bypass existing security measures. Common attacks include: ransomware, which prevents the legitimate user from accessing a device or network and malware which infects known device vulnerabilities.

In this session explore:

  • Gaining visibility and classifying all connected devices
  • Detecting real-time alerts about cyber attacks
  • Instilling proactive prevention including micro-segmentation of the enterprise network

Dr. Nnake Nweke PhD,JD, Chief Risk Officer at United States Agency for Global Media

Dr. Nnake Nweke PhD,JD

Chief Risk Officer
United States Agency for Global Media

David Barker, Director, Smart Product Security at Stanley Black & Decker

David Barker

Director, Smart Product Security
Stanley Black & Decker

Hunter Saklad, Chief Information Officer at Sleep Number

Hunter Saklad

Chief Information Officer
Sleep Number

2:05 pm - 2:35 pm The Path to Transformation via ML

In this session you will be exposed to lessons learned by QOMPLX on how to transform your business and security operations with ML.  This session will cover a proven process of transforming a security organization from a cost center into your organizations central hub for analytics and business value generation.  We will cover the journey from strategic goals alignment, to data capture, data analysis, to the ultimate goal of leveraging ML to drive decisioning.  This will be a no holds barred crash course in data transformation.
John Schrader, Director, Cyber Services Operations at Qomplx

John Schrader

Director, Cyber Services Operations
Qomplx

MasterClass

2:40 pm - 3:25 pm The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.

Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by common criminals, to sophisticated social engineering and online scams. Additionally, he'll look at how you can ethically use the very same levers when educating your users.

Key Takeaways:

·         The Perception vs. Reality Dilemma
·         Understanding the OODA (Observe, Orient, Decide, Act) Loop
·         How social engineers and scam artists achieve their goals by subverting critical thinking steps
·         How can you defend your organization and create your human firewall
Erich Kron, Security Awareness Advocate at KnowBe4

Erich Kron

Security Awareness Advocate
KnowBe4

BrainWeave

2:40 pm - 3:25 pm Adversary Oriented Security
 In modern environments, the corporate security program utilizes an increasingly complex inter-relationship of people, processes, and technology in detection and response operations.  However, incident response capabilities must be balanced against budgetary constraints and other requirements the security program must meet. How do you measure the effectiveness of your incident response program, and the investments your organization has made? What measure of confidence do you have in your organization’s ability to detect and respond to the worst of circumstances? These are not questions that can be answered by yet another technical solution, yet are critical in understanding how your organization is oriented against the adversary.
 
 
This discussion will include:
  • Programs that can be utilized to measure the efficacy of the security and incident response technology, people and processes.
  • Identifying deficiencies in enterprise adversary detection programs, and pursue continuous improvement in organization-wide detection capability.

Methods to determining new investments to be made in incident response capabilities. 
David McGuire, CEO at SpecterOps

David McGuire

CEO
SpecterOps

3:25 pm - 3:40 pm Networking Break

3:40 pm - 4:10 pm Business Meetings

4:10 pm - 4:40 pm Business Meetings

4:40 pm - 5:10 pm Business Meetings

5:10 pm - 5:40 pm Reactive vs Proactive Security – A Balancing Act for CISOs

Reactive and proactive security methods do not have to be mutually exclusive — we must plan how to respond when an intrusion does occur, whether it comes from worms and viruses, DDOS attacks, social engineering or even from disgruntled employees with insider knowledge of the network. For comprehensive defense, a reactive security strategy should be paired with a proactive strategy and effective tools for uncovering, identifying, and responding to potential threats before they have the chance to damage a company. Every business needs to decide the appropriate mix of resources to devote to proactive security measures (to deter attacks), and reactive measures (to respond to attacks that get through).
Mark Ramsey, Chief Information Security Officer at ASSA ABLOY-Americas

Mark Ramsey

Chief Information Security Officer
ASSA ABLOY-Americas

3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!

Ignite Sessions

Ignite Session

5:40 pm - 6:00 pm SOARing above Security Operations’ Biggest Challenges



Dennis Shaya, GM at Siemplify

Dennis Shaya

GM
Siemplify

Ignite Session

5:40 pm - 6:00 pm The Industrial Revolution of Penetration Testing
All the drawbacks of manual penetration testing, cost-efficiency, time, and scope limitations, have now been solved.

A major leap in technology has, for the first time, enabled machine-based penetration testing. 
Now, with a click of a button, you can perform daily pen-tests without the need for third-party consultants.  

Explore how to implement automated penetration testing and its effect on the world of risk validation.


Aviv Cohen, CMO at Pcysys

Aviv Cohen

CMO
Pcysys

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement. 

6:00 pm - 7:00 pm Practitioner Roundtables

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement. 

7:00 pm - 7:30 pm Networking Reception Sponsored by Area 1 Security