The 14th Chief Information Security Officer Exchange

March 22 - 24, 2020 | Omni Los Angeles, Los Angeles, CA

Day 2: Monday, March 23rd

Group 1A

7:30 am - 8:00 am Networking Breakfast

8:00 am - 8:05 am Chairperson's Recap of Day One

8:05 am - 8:45 am Protecting the Keys to the Kingdom from the Unknown Enemies Within Your Organization

Eddie Galang - Chief Information Security Officer, Port of Long Beach
Privileged users have access to a wide array of company data, security controls, workflows, and resources. These advanced permissions enable users to make changes to your cloud environment that can put your organization at extreme security risk and even cover up their tracks in the process. Prevent privileged user abuse by monitoring those who are monitoring your systems. Organizations should start to mitigate the threats utilizing user behavior analytics. 

In this session, you learn: 
  • Discuss insider threats, email phishing training, and proper permission monitoring
  • Delve into your most likely cyber-criminal targets
  • Hear what compliance considerations need to happen to support governance 
  • Explore AI-based analysis of behavioral bio-metric data will be the next major trend in cybersecurity and data protection

Eddie Galang

Chief Information Security Officer
Port of Long Beach

8:45 am - 9:15 am Rising Identity Theft in a Connected World Affects Your Bottom Line

Connected devices and Internet of Things number’s soar into the billions, but are not all configured with security as top of mind. The development if IoT is fierce and quick as demands rise, which always comes with a cost. Common areas for concern is code can be compromised and full of security holes making devices vulnerable. 

In this session, you will: 
  • Learn practical take-away and advice for secure connected and IoT devices
  • Discuss governing security standards to support existing devices and development of future 
  • Explore the explosion of the Internet of Medical Things and wearable devices

9:15 am - 9:45 am Fake News vs. Cyber-security: Cyber Hygiene Is the Reigning Champion

Cyber-security continues to be a hot topic in both media and business. The reasons are evident in that in the last two years, we saw consistent growth in cyber breaches. The intersection of technology and social media make for a much smaller world, it’s easy to share information across borders and sway anyone’s opinion on a matter, making fear and the unknown perfect breeding ground for fake cyber news.

In this session, you will learn:
  • Practical steps taken to adhere to compliance standards, dispose of bots and handling reports from suspicious accounts leading to more awareness about the issue.
  • Explore top social engineering attacks and remedies
  • Discuss how to regulate the truth without infringing on free speech and work diligently to identify and root out the perpetrators

9:45 am - 10:25 am CCPA Is the Future Gold Standard Among Privacy Compliance

Cyber criminals don’t care if you’re compliant. However, your business partners, clients, and vendors are demanding more visibility to avoid being on the front page news. Compliance is impacted by the ever changing and evolving rules and regulations. Many states are implementing compliance standards. One in particular to pay attentions to is from the 5th largest global economy in the world; The California Consumer Privacy Act 2018 effective January 1, 2020. Do you know the impact for your business and how this differs from GDPR?

In this discussion, you will learn:
  • Discover the business drivers for complete transparency and avoiding fines potentially costing millions
  • Learn prescriptive approaches to company correspondences, breach notifications, and deletion of PII data
  • Delve into the definitions relating to consumer vs. data subject and personal data itself
  • Explore the broader exemptions and usage rights for personal data that affects 3rd-party interests
  • Discuss first amendment protection, plus rigid restrictions for commercial data

10:25 am - 10:55 am Business Meetings

10:55 am - 11:25 am Business Meetings

11:25 am - 11:55 am Business Meetings

11:55 am - 12:10 pm Networking Break


12:10 pm - 12:40 pm Protect Your Most Valuable Business Assets from the Cloud
Your security should be consistent wherever your users are, whether at headquarters, branch offices, or on the go. The same goes for your applications, whether in your data center or the cloud. However, maintaining consistent security at different locations, while also ensuring optimum networking and performance, is difficult, especially given the limitations of most networking and security technologies. First-generation cloud-delivered security, such as proxies, DNS filtering, and cloud access security broker proxies provide only limited security capabilities and often result in latency and other performance limitations.

Key Takeaways
  • Deliver protection from multiple locations in a cloud-native infrastructure that dramatically simplifies cloud access and networking – without compromising on security or performance. 
  • Key security and networking outcomes include: most effective methods to secure traffic across all ports and all applications
  • Support for complete networking and security needs for both mobile and remote networks


12:10 pm - 12:40 pm Mobile App Shielding: How to Reduce Fraud, Save Money, and Protect Revenue
Mobile application security is traditionally a balancing act between reducing the risk of malware and preserving a seamless user experience. Too many authentication steps will frustrate the user, and adoption rates will suffer. Fail to provide enough security, and users’ personal assets and data are ripe for the taking.

Key Takeaways
  • How app shielding impacts revenue growth and cost reduction
  • Key considerations when building the business case for app shielding 
  • Assumptions that leave the mobile channel more vulnerable – and how to get internal stakeholders to think differently about mobile security 
  • How to apply the OWASP standards as a benchmark for security 

12:40 pm - 1:40 pm Lunch

1:40 pm - 2:30 pm Practitioner Roundtable Discussions

Earlier in the Exchange, we collected your insights and challenges using Thoughtexchange.  We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.

2:30 pm - 3:15 pm Tech Talks

The global cybersecurity market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session, three emerging cybersecurity vendors will convey the benefits of their unique solutions to the audience while an experienced cyber leader helps spearhead audience participation. The CISOs in the audience will follow up with questions, advice on go-to-market strategies, and how to cut through the noise to increase market traction and adoption by the security team.

3:15 pm - 3:45 pm Business Meetings

3:45 pm - 4:15 pm Business Meetings

4:15 pm - 4:45 pm Business Meeting

4:45 pm - 5:00 pm Networking Break

5:00 pm - 5:50 pm Women in the Workforce: The Synergy of Security Superwomen

As the global cybersecurity workforce shortage continues to deepen, and the threat landscape accelerates with greater complexity, a significant challenge for virtually every data-driven organization will be meeting the evolving information security needs of the business. Currently, women make up only 20% of the cybersecurity workforce, but are a crucial, untapped talent reservoir.  

During this panel, attendees will hear about:
  • Critical cybersecurity career path opportunities for women
  • Lessons learned of “being in the room” and steps taken to elevate careers
  • Future is female; advancing mentorship opportunities
  • Dissolving the gender and workforce gap on cybersecurity leadership teams


5:50 pm - 6:20 pm Imagining Friction-Less Authentication in a Passwordless World
Enterprises and organizations of all types are tasked with providing their users secure access to applications, resources, and sensitive data. At the same time, those users need a friction-less customer experience to increase adoption. IT managers and CISOs must leverage sophisticated and easy-to-deploy solutions to securely authenticate users with the best possible experience.

Key Takeaways 
  • Effectiveness is all about balance with new devices and deploying stronger authentication mechanisms
  • Discover embracing bio-metrics 
  • Dynamic multi-factor authentication allows a lot of flexibility and can accommodate “mass market” variety in a user population


5:50 pm - 6:20 pm The Cybersecurity Trap: Don’t Confuse Compliance with Security
The process to achieve compliance for various industry regulations is costly and time consuming. It’s not as if IT leaders are just arbitrarily checking boxes to say that data in transit is encrypted and that the proper security controls are in place. Proving you’re compliant is much more complicated and it’s easy to fall into the trap of thinking that once you’ve achieved compliance, all the money and effort also results in strong security. Except that’s not the case. As cybersecurity advisers, it’s imperative we separate privacy (individual data collection, permissible use, sharing of data, retention of information) from security (access control & data protection). 

Key Takeaways
  • Prioritize your privacy & compliance initiatives in alignment with your business needs 
  • Assess your privacy programs, policies and detective measures on a regular basis to ensure consistent improvement
  • Improve your understanding of business & security risk to augment your overall security planning

Roundtable Discussions

6:15 pm - 7:00 pm A: Net-Loss Impact of Consumers Defending Their Rights
Any individual who owns a smartphone, laptop, online shopping or interacts with businesses via online methods needs a way to protect themselves against the ramifications of identity fraud should their personal information become compromised. Savvy consumers that are paying attention might agree that relying solely on business to protect one’s personal information is naive, and no longer enough. Given the realities of our increasingly complex, digital world, it behooves businesses to work to protect consumer privacy to avoid legal issues and maintain consumer trust.

During this roundtable discussion, you will explore: 
•Best practices for securing “2nd-party” big data and utilizing synthetic data as protection
•Making regulations like GDPR, CCPA, and emerging state laws restrictions and obligations relating to special data categories an opportunity for consumer centered protection
•Brands that apply the latest security standards are more trusted and protection starts with end-to-end lifecycle protection

Roundtable Discussions

6:15 pm - 7:00 pm B: Establish Company Wide and Deep Security Policies to Support Optimal Cyber-Hygiene
All it takes is an employee to click an insecure link, and your server is no longer secure. Implement a policy to keep employees informed of the latest scams and educate them on how to be vigilant and avoid downloading information from emails they do not recognize. Highlight the fact that their participation will boost efforts to keep an eye out for fraud and attacks.

During this roundtable discussion, you will explore:
•Superior training practices, from Board- Level down 
•Reduce employee confusion about protocols and enforce they are critical part of the security team can make them more invested and more vigilant
•Zero Trust Policy

Roundtable Discussions

6:15 pm - 7:00 pm C: Build Your AI and Blockchain Business Case
A person’s identity, such as their SSN or credit card information, is extremely valuable. As long as people on the black market keep purchasing people’s info and identities, hackers will continue to attack large data stores and take people’s information. Luckily, the implementation of blockchain technology could mitigate much of this issue, but widespread adoption is still ways away.

During this roundtable discussion, you will explore:
•Create a personalized organizational strategy and business case to implement artificial intelligence
•Actionable insights and advice to implement a plan for AI in the enterprise 
•Identify pain points in the value chain- and the blockchain elephant in the room

7:00 pm - 8:00 pm Cocktail Reception

8:00 pm - 9:00 pm Dinner