Day Two: Thursday, August 22, 2019
8:10 am - 8:15 am Chairperson’s Opening Remarks
8:15 am - 8:50 am Cloud AI, Jet Packs and Minority Report Keyboards: Critical Cyber Leadership Priorities and Issues from 2020 to 2025
Security trends, attack vectors and emerging technology continue to evolve in the changing security landscape. In this dynamic keynote, explore changing leadership priorities and benchmark practical solutions.
Brett MuellerChief Information Security Officer
The global cyber security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session three cybersecurity vendors will convey the benefits of their technologies to a panel of three security executives. The CISOs will follow up with questions, advice on go-to-market strategies and how to cut through the noise to increase market traction and adoption by the security team.
Real-Time Emerging Tech Take
Panel8:50 am - 9:35 am Making the Case for Deception as Practical Cyber Defense Solution
Deception is a potentially powerful, but underutilized cyber security technology. Currently, many CISOs evaluating cyber tool stacks think deception is too costly and impractical. In this session, PacketViper founder and CEO Francesco Trama will share a different perspective and client experiences on internal and external facing deception technology acting earlier in the cyber kill chain to greatly strengthen a dynamic defense posture
Francesco (Frank) TramaCEO
Panel8:50 am - 9:35 am Malware Protection: Staying Ahead of Hackers
Despite the heavy investment in cybersecurity, protection from never-seen-before cyber threats is still a key challenge for most organizations. Why? Because current solutions are based on knowledge of previous attacks, limiting their ability to detect unknown threats.
BitDam introduces a whole new approach to detecting content-borne threats pre-delivery. Its attack-agnostic technology provides remarkably higher protection - from both known and unknown threats - with no need for security updates.
If you are looking for a ground-breaking technology that will change the way you think about your cyber defenses, join us in this session. You will learn:
· How BitDam makes Email, Cloud Storage and Instant Messaging platforms safe to click
· Why BitDam detects malware that bypass other solutions
· How organizations save millions using this approach
Doug WickVP of Product & Marketing
Panel8:50 am - 9:35 am How to Better Prepare for Sophisticated Cyber Heists
Due to their multi-vector nature, defending against sophisticated cyber heists launched as Advanced Persistent Threats, or APTs, requires seamless configuration and integration of solutions across your digital estates. With critical assets like consumer-facing applications, SWIFT and ATM servers, BFSIs are a prime target for APTs, as demonstrated by the Cosmos bank cyberheist.
Join us to learn:
- The difference between APT cyber heists and opportunistic attacks
- Where traditional testing methods fall short
- How objective KPI metrics enhance security ROI
Eran AbramovitzVP Sales Americas
Robert LautschVice President, Chief Information Security Officer
Leo HowellChief Information Security Officer
University of Oregon
9:35 am - 10:05 am Embracing the Privacy Imperative- Navigating Regulations and Requirements
Companies must navigate complex and rapidly evolving data privacy regulations and compliance requirements. Various state, national and global regulations along with high profile breaches have made consumers look deeper at which data they share and with whom. The panel will explore the evolving patchwork of privacy and security regulations and how they affect big data, Artificial Intelligence, advertising and litigation. In this discussion, explore the emerging world of privacy with data as a currency. Look at who owns and controls the flow and use of data. This session will discuss planning, preparedness and response to evolving compliance requirements including operational, strategic and proactive communications.
In this session:
· Integrating privacy by design
· Empowering privacy in enterprise risk management
Determining which state regulations to apply
Lauren HeyndrickxChief Information Security Officer
Michele ThomasChief Information Security Officer
10:40 am - 11:10 am Business Meetings
11:10 am - 11:40 am Business Meetings
11:40 am - 12:10 pm Business Meetings
BrainWeave12:10 pm - 12:55 pm Bolstering Third Party Risk Management Sponsored by Area 1 Security
With the common practice of utilizing vendors for various business transactions, having a clear understanding of the risk of sharing data is necessary. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and other current and pending regulations. Non-compliance includes stiff fines and breach notification requirements.
This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
• Adjusting access levels for third party user and system accounts
• Securing development of application integrations; including firewall configuration
Increasing industry collaboration and engagement to prioritize security
MasterClass12:10 pm - 12:55 pm CMMI® Institute: Building Resilience Through a Risk-Based ‘Cybermaturity’ Approach
The CMMI Institute interviewed CISOs/CSOs seeking
to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to
provide a holistic solution that seeks to align
pragmatic insights with business objectives, the
CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that
can support organization of varying complexity and
security demands while providing a clear
understanding of the priorities an organization should attack first.
- Understand the challenges global
organizations are facing and how leading
organizations are solving
- Understand a risk-based approach for
prioritizing investment for organizations
with varying complexity and security
- Understand the CMMI Institute’s holistic
approach of assessing the maturity of an
organization’s security capability maturity
12:55 pm - 1:55 pm Networking Lunch
1:55 pm - 2:25 pm Planning for the Future- The Next-Gen CISO
It’s no secret that we need more cybersecurity professionals to keep our organizations safe and secure. What’s even more challenging? Finding the next generation of cybersecurity leadership. Join Kirsten Davies as she shares her strategies for developing effective and successful teams for the future. In this session you will:
- Discover how you can tap into energy and ideas that millennials bring to the table
- Learn how to uncover hidden talent in your team and your enterprise
- Find out how to create a powerful pipeline that can deal with the expanding threat landscape and your expanding enterprise-wide role
Assess your team’s skill sets to enhance skills multiplication, skills transfer, and talent mobility.
Kirsten DaviesChief Information Security Officer
Estée Lauder Companies
Roundtable Discussions- Please choose your topic and join the relevant discussion.
2:25 pm - 3:10 pm Zero Trust Access: Five Steps to Securing the Extended Enterprise
Zoe Lindsey Advocacy Manager Duo
Zoe Lindsey Advocacy Manager Duo
The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps.
Zoe LindseyAdvocacy Manager
2:25 pm - 3:10 pm Gaining Protection and Visibility for Your Greatest Security Risk
Security protection starts with people. In this session explore effective security and compliance solutions to protect people across channels including email, web, the cloud and social media. The session will explore types of threats and ways to protect data, people and ecosystems.
This roundtable will be a discussion on:
- Defending your threat vector through orchestrated responses
- Getting visibility into where sensitive data is exposed
- Educating your people through advanced threat simulations
- Securing external digital channels
BrainWeave3:15 pm - 4:00 pm Achieving Risk Tolerance Through Solid Risk Frameworks
Concise, clear communication is essential to identify risk tolerance and the key assets that must be protected. Frameworks such as NIST CSF provide a common language of communication for stakeholders. Breach contingency planning and communications are as important as breach prevention. But strengthening relationships with legal, HR, PR and other stakeholders often is pushed away with focus resting on breach prevention.
In this session:
- Developing and practicing contingency planning
- Utilizing risk frameworks for communications in a common language
Exploring impact of changing legal and regulatory requirements
MasterClass3:15 pm - 4:00 pm How Programmable Data Security and Governance Addresses Insider Breach and Privacy Threats
With the DevSecOps movement, security is moving more and more into the world of application development. By working with developers to embed data security into new applications or retrofitting old ones, not only is data security and privacy protected by design, it also becomes portable so workloads can move into any infrastructure and maintain that level of protection.
Doug WickVP of Product & Marketing
4:10 pm - 4:40 pm Business Meetings
4:40 pm - 5:10 pm Business Meetings
5:10 pm - 5:40 pm Business Meetings
5:45 pm - 6:30 pm Case Study: Surviving a Breach
What are the main priorities of a security executive when hit by a breach? Will the incident response and disaster recovery plans really work? Ruben Chacon outlines his key learnings facing a major cyber-crisis in a global enterprise setting.
In this keynote, Ruben Chacon provides insights into:
- How malware incidents may unfold
- Crisis management before, during and after the breach
- Key priorities while responding and recovering
- Ensuring communication flows with stakeholders
Ruben ChaconVice President and Chief Information Security Officer
Constellation Brands Inc.