August 21 - 23, 2019
Marriott Georgetown, Washington, DC

Day Two: Thursday, August 22, 2019

7:40 am - 8:15 am Breakfast Peer-to-Peer Meetings


8:15 am - 8:20 am Chairperson’s Opening Remarks

Lauren Heyndrickx, Chief Information Security Officer at JCPenney

Lauren Heyndrickx

Chief Information Security Officer

8:20 am - 8:55 am Cloud AI, Jet Packs and Minority Report Keyboards: Critical Cyber Leadership Priorities and Issues from 2020 to 2025

Security trends, attack vectors and emerging technology continue to evolve in the changing security landscape. In this dynamic keynote, explore changing leadership priorities and benchmark practical solutions.
Brett Mueller, Chief Information Security Officer at Transamerica

Brett Mueller

Chief Information Security Officer

The global cyber security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session three cybersecurity vendors will convey the benefits of their technologies to a panel of three security executives. The CISOs will follow up with questions, advice on go-to-market strategies and how to cut through the noise to increase market traction and adoption by the security team.

Real-Time Emerging Tech Take


8:55 am - 9:40 am Making the Case for Deception as Practical Cyber Defense Solution
Deception is a potentially powerful, but underutilized cyber security technology. Currently, many CISOs evaluating cyber tool stacks think deception is too costly and impractical. In this session, PacketViper founder and CEO Francesco Trama will share a different perspective and client experiences on internal and external facing deception technology acting earlier in the cyber kill chain to greatly strengthen a dynamic defense posture


8:55 am - 9:40 am Malware Protection: Staying Ahead of Hackers
Despite the heavy investment in cybersecurity, protection from never-seen-before cyber threats is still a key challenge for most organizations. Why? Because current solutions are based on knowledge of previous attacks, limiting their ability to detect unknown threats.
BitDam introduces a whole new approach to detecting content-borne threats pre-delivery. Its attack-agnostic technology provides remarkably higher protection - from both known and unknown threats - with no need for security updates.
If you are looking for a ground-breaking technology that will change the way you think about your cyber defenses, join us in this session. You will learn:
·         How BitDam makes Email, Cloud Storage and Instant Messaging platforms safe to click
·         Why BitDam detects malware that bypass other solutions
·         How organizations save millions using this approach
Douglas Stasko, Director of Sales – East at BitDam

Douglas Stasko

Director of Sales – East

Due to their multi-vector nature, defending against sophisticated cyber heists launched as Advanced Persistent Threats, or APTs, requires seamless configuration and integration of solutions across your digital estates. With critical assets like consumer-facing applications, SWIFT and ATM servers, BFSIs are a prime target for APTs, as demonstrated by the Cosmos bank cyberheist.

Join us to learn:

  • The difference between APT cyber heists and opportunistic attacks
  • Where traditional testing methods fall short 
  • How objective KPI metrics enhance security ROI
Eran Abramovitz, VP Sales Americas at Cymulate

Eran Abramovitz

VP Sales Americas

Robert Lautsch, Vice President, Chief Information Security Officer at Rite Aid

Robert Lautsch

Vice President, Chief Information Security Officer
Rite Aid

Leo Howell, Chief Information Security Officer at University of Oregon

Leo Howell

Chief Information Security Officer
University of Oregon

Michael Phillips, Chief Security Risk Officer at Cheniere Energy

Michael Phillips

Chief Security Risk Officer
Cheniere Energy

Companies must navigate complex and rapidly evolving data privacy regulations and compliance requirements. Various state, national and global regulations along with high profile breaches have made consumers look deeper at which data they share and with whom. The panel will explore the evolving patchwork of privacy and security regulations and how they affect big data, Artificial Intelligence, advertising and litigation.  In this discussion, explore the emerging world of privacy with data as a currency. Look at who owns and controls the flow and use of data.  This session will discuss planning, preparedness and response to evolving compliance requirements including operational, strategic and proactive communications.
In this session:
·         Integrating privacy by design
·         Empowering privacy in enterprise risk management
Determining which state regulations to apply
Lauren Heyndrickx, Chief Information Security Officer at JCPenney

Lauren Heyndrickx

Chief Information Security Officer

Michele Thomas, Chief Information Security Officer at NHTSA

Michele Thomas

Chief Information Security Officer

Dr. Nnake Nweke PhD,JD, Chief Risk Officer at United States Agency for Global Media

Dr. Nnake Nweke PhD,JD

Chief Risk Officer
United States Agency for Global Media

Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

10:15 am - 10:25 am How Real-Time Asset Intelligence Enables Full Posture Control
In order to understand the business risk associated with critical systems and applications one needs to understand the state of controls within the ecosystem. This means absolute knowledge of physical and virtual devices on the network inclusive of access, configuration and protective controls. Forescout provides a continuous, real-time, and extendable device visibility platform to enable posture consistency and measurement from campus to datacenter to cloud. Key learnings you will take away from this session include:

  • How to achieve continuous control of inventory – real-time, reconciled, and trusted CMDB accuracy 
  • Why 100% compliance to basic posture configurations should be the goal
  • How to coordinate dynamic, unified network segmentation planning and enforcement

Ellen Sundra, Vice President Of Americas at Systems Engineering

Ellen Sundra

Vice President Of Americas
Systems Engineering

Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

10:25 am - 10:35 am Security or Revenue? Aligning Security to Business Strategy to Drive Success
SafeGuard Cyber

Courtney Modecki, VP of New Markets at SafeGuard Cyber

Courtney Modecki

VP of New Markets
SafeGuard Cyber

10:35 am - 10:50 am Networking Break

Duo Security

10:50 am - 11:20 am Business Meetings

11:20 am - 11:50 am Business Meetings

11:50 am - 12:20 pm Business Meetings


12:25 pm - 1:10 pm Cyber Criminals Have an Ally- You
Phishing is big business. Threat actors easily craft attacks that impersonate executives, evade the best security defenses, downloading exploits that infect systems, harvesting credentials from unsuspecting victims and causing billions of dollars of damage every year.
But fundamental to the attacker's success is a core principle: let's target the Human and take advantage of their inherent trust and desire to contribute to their organization’s success, their team’s success and ultimately their own success. 
By focusing on the Human, phishing attacks are easily bypassing existing defenses. And based on what is ongoing, it is clear that we are failing this war. To win this war, we need an ally that is better and more powerful than the ally the Cybercriminals have.
We need better Machines.
Join this interactive session for a discussion on:
  • How attackers construct campaigns to easily bypass existing automated and human defenses?
  • How attacks are increasingly being masked as legitimate business communications?
  • What is the balance of Human vs Machine defense against Human-focused Attacks?
  • Who should be primary in this exceedingly sophisticated battle?
  • Are their learnings that we as Cybersecurity professionals, should be taking from other industries facing similar dichotomies (eg: Aircraft Systems, Autonomous Vehicles, Medical Imaging Systems etc.)?
  • What best practices can we bring to bear against this seemingly intractable problem?
Shalabh Mohan, Vice President Product and Marketing at Area 1

Shalabh Mohan

Vice President Product and Marketing
Area 1


12:25 pm - 1:10 pm CMMI® Institute: Building Resilience Through a Risk-Based ‘Cybermaturity’ Approach
CMMI Institute
The CMMI Institute interviewed CISOs/CSOs seeking
to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to
provide a holistic solution that seeks to align
pragmatic insights with business objectives, the
CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that
can support organization of varying complexity and
security demands while providing a clear
understanding of the priorities an organization should attack first.
Key Takeaways:
  • Understand the challenges global
organizations are facing and how leading
organizations are solving
  • Understand a risk-based approach for
prioritizing investment for organizations
with varying complexity and security
  • Understand the CMMI Institute’s holistic
approach of assessing the maturity of an
organization’s security capability maturity

Doug Grindstaff, Senior Vice President Cybersecurity Solutions at CMMI Institute

Doug Grindstaff

Senior Vice President Cybersecurity Solutions
CMMI Institute

1:10 pm - 2:10 pm Networking Lunch

2:15 pm - 2:45 pm Planning for the Future- The Next-Gen CISO

It’s no secret that we need more cybersecurity professionals to keep our organizations safe and secure. What’s even more challenging? Finding the next generation of cybersecurity leadership. Join Kirsten Davies as she shares her strategies for developing effective and successful teams for the future. In this session you will:
  • Discover how you can tap into energy and ideas that millennials bring to the table
  • Learn how to uncover hidden talent in your team and your enterprise
  • Find out how to create a powerful pipeline that can deal with the expanding threat landscape and your expanding enterprise-wide role
Assess your team’s skill sets to enhance skills multiplication, skills transfer, and talent mobility.
Kirsten Davies, Chief Information Security Officer at Estée Lauder Companies

Kirsten Davies

Chief Information Security Officer
Estée Lauder Companies

Roundtable Discussions- Please choose your topic and join the relevant discussion.


2:45 pm - 3:45 pm Zero Trust Access: Five Steps to Securing the Extended Enterprise
Duo Security
 The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps. 

Zoe Lindsey, Advocacy Manager at Duo

Zoe Lindsey

Advocacy Manager


2:45 pm - 3:45 pm Protecting Your VIPs and VAPs (Very Attacked People) in the Cloud
There has been a material shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. 
In this session, we’ll explore strategies for gaining visibility and mitigating risk in a people-centric threat landscape. You’ll learn how to build a security program & maturity model around protecting people, why nearly all threat actors have shifted away from technical exploits to compromise their targets, how organizations can leverage threat data to understand which people and departments are highly targeted, and how to design effective protection for highly attacked, highly vulnerable, and highly privileged users.

Ashan Willy, SVP, Systems Engineering and Customer Success at Proofpoint

Ashan Willy

SVP, Systems Engineering and Customer Success


3:45 pm - 4:30 pm Internet Isolation: A Key Requirement for the Modern Security Architecture
Modern security technologies are unable to protect companies.  The industry seems to have accepted that prevention fails, and detection and response are the answer.  The problem is once prevention fails, it’s too late, and detection is bound to fail as well.  Internet isolation disrupts this paradigm, and it is a key requirement for any organizations modern security architecture. 
In this session:
•Learn how to eliminate phishing and malware breaches 100% 
•Understand how Internet isolation can separate enterprise networks from the public web while providing seamless Internet access to employees 
•Discover how to measure the volume of phishing links and malicious sites that bypass existing defenses including when users click or visit links from emails 
Session By Menlo Security

Garrett Bechler, Manager, Systems Engineering-East at Menlo Security

Garrett Bechler

Manager, Systems Engineering-East
Menlo Security


3:45 pm - 4:30 pm How Programmable Data Security and Governance Addresses Insider Breach and Privacy Threats
ALTR Solutions
With the DevSecOps movement, security is moving more and more into the world of application development. By working with developers to embed data security into new applications or retrofitting old ones, not only is data security and privacy protected by design, it also becomes portable so workloads can move into any infrastructure and maintain that level of protection.

Doug Wick, VP of Product & Marketing at ALTR

Doug Wick

VP of Product & Marketing

4:30 pm - 4:40 pm Networking Break

Duo Security

4:40 pm - 5:10 pm Business Meetings

5:10 pm - 5:40 pm Business Meetings

5:40 pm - 6:10 pm Business Meetings

6:15 pm - 7:00 pm Evaluation Criteria for Cloud Access Security Brokers (CASBs)

Cloud computing is ubiquitous and forms the foundation for digital transformation to facilitate business change. Cloud technologies introduce dissolving perimeters, service delivery via software, and a sophisticated threat landscape. This session will discuss the selection criteria for one of the many security controls - Cloud Access Security Broker (CASB). Hear about drivers, selection criteria, and how to effectively evaluate CASBs.
Les Correia, Director Global Risk & Security at Estée Lauder Companies

Les Correia

Director Global Risk & Security
Estée Lauder Companies

7:00 pm - 7:30 pm Networking Reception

Sponsored by Menlo Security