March 24 - 26, 2019
InterContinental San Diego, San Diego, CA

Day 2: Monday, March 25th

8:00 am - 8:30 am Networking Breakfast

8:30 am - 8:35 am Chairperson's Remarks

Harry O'Laughlin, CISO at California Department of Insurance

Harry O'Laughlin

CISO
California Department of Insurance

8:35 am - 9:10 am Proactive Approaches to Security with Evolving Technology and Emerging Threats

In the current digital transformation- technology is often the business. Through collaboration, transparency and risk awareness, organizations can leverage networked economies and create new opportunities.  Security needs to be an integral piece of business processes.  Examine the careful balance of people, processes, tools and culture, needed to excel in a world where cyber security breaches are an ever-present part of enterprise risk management and regularly evolving technology. Discuss new ways of approaching security for effective risk management that align with corporate culture and business goals as environment changes rapidly. In this session, learn: 
•Looking at entire tool sets; what already exists and where they are in the cloud
•Implementing new tools, tightening up and making more consistent contractual requirements
•Quantifying the level of vulnerability and creating opportunities for remediation
•Changing how applications are developed
•Gaining visibility and classifying all connected devices

John Kirkwood, Global CISO at Albertsons

John Kirkwood

Global CISO
Albertsons

9:10 am - 9:40 am CISOs Guide to the GDPR and California CPA

The GDPR changed the way CISOs think about privacy risk management and since its enforcement date, the regulation has been a catalyst for new data protection laws across the globe like California's new Consumer Privacy Act. In this session, we’ll breakdown the requirements and importance of the GDPR and CCPA for CISOs.  We’ll provide practical tips and lessons learned tackling privacy risk and share how privacy management fits into an organization’s security ecosystem.
Kevin Kiley, Vice President at One Trust

Kevin Kiley

Vice President
One Trust

9:40 am - 9:45 am Transition

Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

9:45 am - 10:10 am A. Addressing the Acceleration of Magecart and Formjacking Web Session Attacks
Magecart and formjacking attacks may be the single biggest threat facing digital commerce today. Recent evidence points to nearly 5000 websites being compromised per month.   The problem is that 3rd party JavaScript tools, integrated onto every website, provide the 3rd party, or an attacker who has compromised the website supply chain, with nearly unlimited access to every element of a web page during a customer browser session. Websites typically integrate dozens of these3rd party services to deliver rich experiences, features and analytics that result in a more compelling website. These attacks are attractive to threat actors since they scale very effectively allowing the attacker to impact every website served the 3rd party code
Joshua Jones, Senior Director, Technical Solutions at Source Defense

Joshua Jones

Senior Director, Technical Solutions
Source Defense

Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

9:45 am - 10:10 am Autonomous Cars are the New Reality. Are you Ready for Autonomous Training?
Over the past decade we’ve lowered our expectations of awareness training programs, and changing cybersecurity culture in organizations have become an unattainable goal. All the techniques we’ve used require substantial time and human effort to operate, but yield mediocre results. If you are an innovative CISO trying to accomplish more with less, join us to learn how a Machine-Learning powered platform can be leveraged to perfect human learning and build corporate resilience.

In this session you will learn:
•The methodology behind Machine-Learning based cybersecurity training 
•Data analysis demonstration on how machine-based training “moves the needle”
•How to achieve 400% improvement in corporate resilience toward phishing attacks in just 12 months 
Shlomi Gian, CEO at CybeReady

Shlomi Gian

CEO
CybeReady

10:10 am - 10:25 am Networking Break



10:25 am - 10:55 am Business Meetings

10:55 am - 11:25 am Business Meetings

11:25 am - 11:55 am Business Meetings

11:55 am - 12:00 pm Transition

Master Class

12:00 pm - 12:45 pm The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.

Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by common criminals, to sophisticated social engineering and online scams. Additionally, he'll look at how you can ethically use the very same levers when educating your users.

Key Takeaways:

•The Perception vs. Reality Dilemma
•Understanding the OODA (Observe, Orient, Decide, Act) Loop
•How social engineers and scam artists achieve their goals by subverting critical thinking steps
•How can you defend your organization and create your human firewall

Master Class

12:00 pm - 12:45 pm CMMI® Institute: Building Resilience Through a Risk-Based ‘Cybermaturity’ Approach
The CMMI Institute interviewed CISOs/CSOs seeking to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to provide a holistic solution that seeks to align pragmatic insights with business objectives, the CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that can support organization of varying complexity and security demands while providing a clear understanding of the priorities an organization should attack first.

Key Takeaways
•Understand the challenges global organizations are facing and how leading organizations are solving
•Understand a risk-based approach for prioritizing investment for organizations with varying complexity and security demands
•Understand the CMMI Institute’s holistic approach of assessing the maturity of an organization’s security capability maturity



12:45 pm - 1:45 pm Networking Lunch

1:45 pm - 1:50 pm Transition

Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn:
•Engaging, managing, and exceeding expectations
•Top-down focus on risk management
•Evolving roles of the CISO, CIRO, and CIOs

Mike Novak, VP & CIO at Hakkasan Group

Mike Novak

VP & CIO
Hakkasan Group

David Alexander, Chief Information Security Officer at Los Angeles Department of Water and Power

David Alexander

Chief Information Security Officer
Los Angeles Department of Water and Power

Leda Muller, CISO/AD of Support Services at Stanford University; Residential and Dining Enterprises

Leda Muller

CISO/AD of Support Services
Stanford University; Residential and Dining Enterprises

2:40 pm - 3:40 pm Practitioner Roundtables


Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.

3:40 pm - 3:55 pm Networking Break



3:55 pm - 4:25 pm Business Meetings

4:25 pm - 4:55 pm Business Meetings

4:55 pm - 5:25 pm Business Meetings

5:25 pm - 5:30 pm Transition

5:30 pm - 6:15 pm Authentication & Data Analytics at the Core of Modern Security


Strengthening authentication, the first line of defense, is important as cyber crime continues to grow. Innovation and usability are keys to successful delivery of information security. Compare benefits and shortfalls of authentication methodologies and how to limit a hacker’s access.  
Attend this session to explore:

•Reducing the risks with de-centralization (shifting authentication and fortifying access)
•Deter, detect and mitigate breaches with innovative combinations of identity and analytics
•Navigating in an open-access environment with legacy applications, IoT and remote applications

Omar Chaudhry, Chief Information Security Engineer at MITRE Corporation

Omar Chaudhry

Chief Information Security Engineer
MITRE Corporation

Harry O'Laughlin, CISO at California Department of Insurance

Harry O'Laughlin

CISO
California Department of Insurance

6:15 pm - 6:20 pm Chairperson's Closing Remarks

6:20 pm - 6:50 pm Networking Reception