August 21 - 23, 2019
Marriott Georgetown, Washington, DC

Day Two: Thursday, August 22, 2019

7:40 am - 8:10 am Breakfast

8:10 am - 8:15 am Chairperson’s Opening Remarks

8:15 am - 8:50 am Cloud AI, Jet Packs and Minority Report Keyboards: Critical Cyber Leadership Priorities and Issues from 2020 to 2025

Security trends, attack vectors and emerging technology continue to evolve in the changing security landscape. In this dynamic keynote, explore changing leadership priorities and benchmark practical solutions.
Brett Mueller, Chief Information Security Officer at Transamerica

Brett Mueller

Chief Information Security Officer

The global cyber security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session three cybersecurity vendors will convey the benefits of their technologies to a panel of three security executives. The CISOs will follow up with questions, advice on go-to-market strategies and how to cut through the noise to increase market traction and adoption by the security team.

Real-Time Emerging Tech Take


8:50 am - 9:35 am Making the Case for Deception as Practical Cyber Defense Solution
Deception is a potentially powerful, but underutilized cyber security technology. Currently, many CISOs evaluating cyber tool stacks think deception is too costly and impractical. In this session, PacketViper founder and CEO Francesco Trama will share a different perspective and client experiences on internal and external facing deception technology acting earlier in the cyber kill chain to greatly strengthen a dynamic defense posture
Francesco (Frank) Trama, CEO at PacketViper

Francesco (Frank) Trama



8:50 am - 9:35 am Malware Protection: Staying Ahead of Hackers
Despite the heavy investment in cybersecurity, protection from never-seen-before cyber threats is still a key challenge for most organizations. Why? Because current solutions are based on knowledge of previous attacks, limiting their ability to detect unknown threats.
BitDam introduces a whole new approach to detecting content-borne threats pre-delivery. Its attack-agnostic technology provides remarkably higher protection - from both known and unknown threats - with no need for security updates.
If you are looking for a ground-breaking technology that will change the way you think about your cyber defenses, join us in this session. You will learn:
·         How BitDam makes Email, Cloud Storage and Instant Messaging platforms safe to click
·         Why BitDam detects malware that bypass other solutions
·         How organizations save millions using this approach
Doug Wick, VP of Product & Marketing at ALTR

Doug Wick

VP of Product & Marketing

Due to their multi-vector nature, defending against sophisticated cyber heists launched as Advanced Persistent Threats, or APTs, requires seamless configuration and integration of solutions across your digital estates. With critical assets like consumer-facing applications, SWIFT and ATM servers, BFSIs are a prime target for APTs, as demonstrated by the Cosmos bank cyberheist.

Join us to learn:

  • The difference between APT cyber heists and opportunistic attacks
  • Where traditional testing methods fall short 
  • How objective KPI metrics enhance security ROI
Eran Abramovitz, VP Sales Americas at Cymulate

Eran Abramovitz

VP Sales Americas

Robert Lautsch, Vice President, Chief Information Security Officer at Rite Aid

Robert Lautsch

Vice President, Chief Information Security Officer
Rite Aid

Leo Howell, Chief Information Security Officer at University of Oregon

Leo Howell

Chief Information Security Officer
University of Oregon

9:35 am - 10:05 am Embracing the Privacy Imperative- Navigating Regulations and Requirements

Companies must navigate complex and rapidly evolving data privacy regulations and compliance requirements. Various state, national and global regulations along with high profile breaches have made consumers look deeper at which data they share and with whom. The panel will explore the evolving patchwork of privacy and security regulations and how they affect big data, Artificial Intelligence, advertising and litigation.  In this discussion, explore the emerging world of privacy with data as a currency. Look at who owns and controls the flow and use of data.  This session will discuss planning, preparedness and response to evolving compliance requirements including operational, strategic and proactive communications.
In this session:
·         Integrating privacy by design
·         Empowering privacy in enterprise risk management
Determining which state regulations to apply
Lauren Heyndrickx, Chief Information Security Officer at JCPenney

Lauren Heyndrickx

Chief Information Security Officer

Michele Thomas, Chief Information Security Officer at NHTSA

Michele Thomas

Chief Information Security Officer

Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

10:05 am - 10:25 am How Real-Time Asset Intelligence Enables Full Posture Control

Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

10:05 am - 10:25 am Innovating without Fear- Security Best Practices

10:25 am - 10:40 am Networking Break

10:40 am - 11:10 am Business Meetings

11:10 am - 11:40 am Business Meetings

11:40 am - 12:10 pm Business Meetings


12:10 pm - 12:55 pm Bolstering Third Party Risk Management Sponsored by Area 1 Security
With the common practice of utilizing vendors for various business transactions, having a clear understanding of the risk of sharing data is necessary. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and other current and pending regulations.  Non-compliance includes stiff fines and breach notification requirements.
This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
        Adjusting access levels for third party user and system accounts
        Securing development of application integrations; including firewall configuration
Increasing industry collaboration and engagement to prioritize security


12:10 pm - 12:55 pm CMMI® Institute: Building Resilience Through a Risk-Based ‘Cybermaturity’ Approach
The CMMI Institute interviewed CISOs/CSOs seeking
to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to
provide a holistic solution that seeks to align
pragmatic insights with business objectives, the
CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that
can support organization of varying complexity and
security demands while providing a clear
understanding of the priorities an organization should attack first.
Key Takeaways:
  • Understand the challenges global
organizations are facing and how leading
organizations are solving
  • Understand a risk-based approach for
prioritizing investment for organizations
with varying complexity and security
  • Understand the CMMI Institute’s holistic
approach of assessing the maturity of an
organization’s security capability maturity

12:55 pm - 1:55 pm Networking Lunch

1:55 pm - 2:25 pm Planning for the Future- The Next-Gen CISO

It’s no secret that we need more cybersecurity professionals to keep our organizations safe and secure. What’s even more challenging? Finding the next generation of cybersecurity leadership. Join Kirsten Davies as she shares her strategies for developing effective and successful teams for the future. In this session you will:
  • Discover how you can tap into energy and ideas that millennials bring to the table
  • Learn how to uncover hidden talent in your team and your enterprise
  • Find out how to create a powerful pipeline that can deal with the expanding threat landscape and your expanding enterprise-wide role
Assess your team’s skill sets to enhance skills multiplication, skills transfer, and talent mobility.
Kirsten Davies, Chief Information Security Officer at Estée Lauder Companies

Kirsten Davies

Chief Information Security Officer
Estée Lauder Companies

Roundtable Discussions- Please choose your topic and join the relevant discussion.

2:25 pm - 3:10 pm Zero Trust Access: Five Steps to Securing the Extended Enterprise

 The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps. 

Zoe Lindsey, Advocacy Manager at Duo

Zoe Lindsey

Advocacy Manager

2:25 pm - 3:10 pm Gaining Protection and Visibility for Your Greatest Security Risk

Security protection starts with people. In this session explore effective security and compliance solutions to protect people across channels including email, web, the cloud and social media. The session will explore types of threats and ways to protect data, people and ecosystems.

This roundtable will be a discussion on:

  • Defending your threat vector through orchestrated responses
  • Getting visibility into where sensitive data is exposed
  • Educating your people through advanced threat simulations
  • Securing external digital channels


3:15 pm - 4:00 pm Achieving Risk Tolerance Through Solid Risk Frameworks
Concise, clear communication is essential to identify risk tolerance and the key assets that must be protected.  Frameworks such as NIST CSF provide a common language of communication for stakeholders. Breach contingency planning and communications are as important as breach prevention. But strengthening relationships with legal, HR, PR and other stakeholders often is pushed away with focus resting on breach prevention.

In this session:
  • Developing and practicing contingency planning
  • Utilizing risk frameworks for communications in a common language
Exploring impact of changing legal and regulatory requirements


3:15 pm - 4:00 pm How Programmable Data Security and Governance Addresses Insider Breach and Privacy Threats
With the DevSecOps movement, security is moving more and more into the world of application development. By working with developers to embed data security into new applications or retrofitting old ones, not only is data security and privacy protected by design, it also becomes portable so workloads can move into any infrastructure and maintain that level of protection.

Doug Wick, VP of Product & Marketing at ALTR

Doug Wick

VP of Product & Marketing

4:00 pm - 4:10 pm Networking Break

4:10 pm - 4:40 pm Business Meetings

4:40 pm - 5:10 pm Business Meetings

5:10 pm - 5:40 pm Business Meetings

What are the main priorities of a security executive when hit by a breach?  Will the incident response and disaster recovery plans really work?  Ruben Chacon outlines his key learnings facing a major cyber-crisis in a global enterprise setting.
In this keynote, Ruben Chacon provides insights into:
  • How malware incidents may unfold
  • Crisis management before, during and after the breach
  • Key priorities while responding and recovering
  • Ensuring  communication flows with stakeholders
Ruben Chacon, Vice President and Chief Information Security Officer at Constellation Brands Inc.

Ruben Chacon

Vice President and Chief Information Security Officer
Constellation Brands Inc.

6:30 pm - 7:00 pm Networking Reception