August 21 - 23, 2019
Marriott Georgetown, Washington, DC

Day One: Wednesday, August 21, 2019

10:30 am - 11:10 am Registration

11:10 am - 11:20 am Orientation

11:20 am - 11:30 am Thoughtexchange Welcome — App Introduction

During this segment, attendees will learn how to glean greater insights from business partners using the
Thoughtexchange social learning tool. Later in the Exchange, we will put these insights to action by developing
solutions to ultimately improve financial operations.

11:30 am - 11:35 am Chairperson's Opening Remarks

Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.

Join this session to learn:

  • Engaging, managing, and exceeding expectations
  • Top-down focus on risk management
  • Evolving roles of the CISO, CIRO, and CIOs

Robert Lautsch, Vice President, Chief Information Security Officer at Rite Aid

Robert Lautsch

Vice President, Chief Information Security Officer
Rite Aid

Jeff Wagner, Chief Information Security Officer, Farm Production and Conservation at USDA

Jeff Wagner

Chief Information Security Officer, Farm Production and Conservation

12:15 pm - 1:30 pm Collaborative and Courageous Leadership

Learn how innovative and dynamic leaders are leading the way by having courageous conversations within their organization. Discover how organizations are creating a culture that promotes openness, transparency and collaboration by empowering their employees to share their voice and consider the thoughts and ideas of others; shifting the corporate paradigm from closed and knowing to open and learning. In this session you’ll learn what collaborative and courageous leadership means to you and those around you. 

12:30 pm - 1:30 pm Networking Lunch

1:30 pm - 2:05 pm Overcoming Security Challenges Created by the Internet of Things

The sheer number of connected devices continues to grow and with it so do the security challenges. Powered by the convenience and benefits the Internet of Things (IoT) can deliver; the devices continue to permeate all aspects of enterprise and personal existence without necessarily concerns over potential consequences and related security and privacy concerns. Hackers continue to deploy sophisticated attack methodologies to bypass existing security measures. Common attacks include: ransomware, which prevents the legitimate user from accessing a device or network and malware which infects known device vulnerabilities.

In this session explore:

  • Gaining visibility and classifying all connected devices
  • Detecting real-time alerts about cyber attacks
  • Instilling proactive prevention including micro-segmentation of the enterprise network

David Barker, Director, Smart Product Security at Stanley Black & Decker

David Barker

Director, Smart Product Security
Stanley Black & Decker

Hunter Saklad, Chief Information Officer at Sleep Number

Hunter Saklad

Chief Information Officer
Sleep Number

2:05 pm - 2:35 pm Solving Real World Problems with AI

In this session discover insights on applying artificial intelligence to solve complex, real-word problems. Data fusion, analytics, and reporting to advanced algorithms, simulations, and machine learning to drive optimization and enable timely, deeply insightful decision-making across the enterprise are some of the ways this is achieved.


2:40 pm - 3:25 pm The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.

Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by common criminals, to sophisticated social engineering and online scams. Additionally, he'll look at how you can ethically use the very same levers when educating your users.

Key Takeaways:

·         The Perception vs. Reality Dilemma
·         Understanding the OODA (Observe, Orient, Decide, Act) Loop
·         How social engineers and scam artists achieve their goals by subverting critical thinking steps
·         How can you defend your organization and create your human firewall
Erich Kron, Security Awareness Advocate at KnowBe4

Erich Kron

Security Awareness Advocate


2:40 pm - 3:25 pm Adversary Oriented Security
 In modern environments, the corporate security program utilizes an increasingly complex inter-relationship of people, processes, and technology in detection and response operations.  However, incident response capabilities must be balanced against budgetary constraints and other requirements the security program must meet. How do you measure the effectiveness of your incident response program, and the investments your organization has made? What measure of confidence do you have in your organization’s ability to detect and respond to the worst of circumstances? These are not questions that can be answered by yet another technical solution, yet are critical in understanding how your organization is oriented against the adversary.
This discussion will include:
  • Programs that can be utilized to measure the efficacy of the security and incident response technology, people and processes.
  • Identifying deficiencies in enterprise adversary detection programs, and pursue continuous improvement in organization-wide detection capability.

Methods to determining new investments to be made in incident response capabilities. 
David McGuire, CEO at SpecterOps

David McGuire


3:25 pm - 3:40 pm Networking Break

3:40 pm - 4:10 pm Business Meetings

4:10 pm - 4:40 pm Business Meetings

4:40 pm - 5:10 pm Business Meetings

5:10 pm - 5:40 pm Defending Against Disgruntled Employees, Worms and DDOS Attacks

Reactive and proactive security methods do not have to be mutually exclusive — we must plan how to respond when an intrusion does occur, whether it comes from worms and viruses, DDOS attacks, social engineering or even from disgruntled employees with insider knowledge of the network. For comprehensive defense, a reactive security strategy should be paired with a proactive strategy and effective tools for uncovering, identifying, and responding to potential threats before they have the chance to damage a company. Every business needs to decide the appropriate mix of resources to devote to proactive security measures (to deter attacks), and reactive measures (to respond to attacks that get through).
Mark Ramsey, Chief Information Security Officer at ASSA ABLOY-Americas

Mark Ramsey

Chief Information Security Officer

3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!

Ignite Sessions

5:40 pm - 6:00 pm Yikes! I have too Many Security Tools and not Enough Skilled Resources

5:40 pm - 6:00 pm Defending Against the Worst-Intended Hackers

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement. 

6:00 pm - 7:00 pm Practitioner Roundtables

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement. 

7:00 pm - 7:30 pm Networking Reception Sponsored by Area 1 Security