December 10 - 12, 2018
The Ritz-Carlton, Amelia Island, FL

Monday, December 10, 2018

11:00 am - 11:45 am Registration

11:45 am - 11:55 am Orientation

11:55 am - 12:00 pm Chairperson's Opening Remarks

12:00 pm - 12:30 pm Opening Keynote: Open Apertures and Unauthenticated Input in Non-Traditional Technologies-- Information Security Risks and Protection Strategies

Ian Schneller - Senior Vice President Global Information Security, Bank of America
In this presentation, we will first explore a set of commonly used technologies that may not be closely examined as part of  traditional information security programs.  However, they likely introduce critical risks via open apertures allowing for unauthenticated inputs by anonymous users.  For a moment consider how a malicious user could potentially use modified content on their license plate to exploit a sensitive information system.  In this presentation, I will show you how to see vulnerabilities in a new light in this in this increasingly-connected world. Heavily based upon lessons learned from a 20+ year cyber career in the public sector, this presentation will provide new strategies through exciting examples that will shape how you interpret additional technologies around you and design security controls to uplift your defenses.

Ian Schneller

Senior Vice President Global Information Security
Bank of America

12:30 pm - 1:30 pm Networking Brunch

1:30 pm - 2:05 pm Keynote: Unleash Your Program's Full Potential Through Diversity

Chad Teat - CISO, Floor & Decor
What common trait produces astonishing results at tech-giant Hewlett-Packard, consumer goods Kimberly-Clark, and the hyper-growth retailer Floor & Decor? Industry-defying diversity. Attacking Cybersecurity’s largest cultural issue, diversity, greatly reduces a CISO’s troubles with Cybersecurity’s largest operational issue, labor shortage.  Learn more about the status of diversity in Cybersecurity, hear examples of success and failure, and take home high-impact improvements for your program.

Chad Teat

Floor & Decor

2:10 pm - 2:40 pm Business Meetings

2:40 pm - 3:10 pm Business Meetings

3:10 pm - 3:20 pm Networking Break

Master Class

3:20 pm - 4:05 pm Levers of Human Deception: The Science and Methodology Behind Social Engineering
Perry Carpenter - Chief Evangelist and Strategy Officer, KnowBe4
No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding. 

Join this session for fun and engaging examples of mental manipulation in everyday life: from the tactics used by car dealers, to sophisticated social engineering and online scams. Additionally, look at how to ethically use the very same levers when educating our users. 
Key Takeaways:
•The Perception vs. Reality Dilemma
•Understanding the OODA (Observe, Orient, Decide, Act) Loop
•How social engineers and scam artists achieve their goals by subverting OODA Loop's different components
•How we can defend ourselves and our organizations


Perry Carpenter

Chief Evangelist and Strategy Officer


3:20 pm - 4:05 pm A Phishful of Dollars - How to Automate and Standardize Response
Bill Butler - Regional VP Sales, Demisto
Phishing emails are one of the most frequent, easily executable, and harmful security attacks that organizations face today. Due to an expanded threat surface, a single system falling prey to a phishing email can lead to harmful lateral movement and enterprise-spanning attack campaigns. Security teams struggle to execute standardized enrichment and response due to disparate tool sets, rising alert and false positive numbers, time-consuming manual actions, and human capital crunches. Teams need a tool stack that centralizes security data, increases analyst productivity, and primes the SOC for scalable response.

The panel discussion will highlight how a Security Orchestration, Automation, and Response (SOAR) platform can plug critical gaps in the phishing response lifecycle and review a phishing use case.  You’ll learn how to:

- Correlate standard and custom threat intelligence across tools,
- Automate repeatable actions with human review and oversight,
- Improve investigation quality by weeding out false positives, and
- Shave down response times from hours to seconds.

Attend the session and learn how a robust phishing response plan is the first step to reduced security and business risk.


Bill Butler

Regional VP Sales

4:10 pm - 4:40 pm Business Meetings

4:40 pm - 5:10 pm Business Meetings

5:15 pm - 5:25 pm Ignite: Securely Share Files Beyond Your Enterprise Borders with Full Governance and Control

Cliff White - Chief Technology Officer, Accellion


Cliff White

Chief Technology Officer

5:25 pm - 5:35 pm Ignite: Secure the Unsecurable: 3 Tips for CISOs to Control for Employee Behavior

Brian Pundt - Account Executive, Mimecast


Brian Pundt

Account Executive

5:35 pm - 5:45 pm Ignite: SOARing above Security Operations' Biggest Challenges

Miguel Carrero - Chief Revenue Officer, Siemplify


Miguel Carrero

Chief Revenue Officer

CISO Roundtable Discussions- Engage in your choice of targeted discussions for open exchange among industry peers.

5:50 pm - 6:30 pm A. Instilling and Integrating Proactive Security Awareness
Chris Gay - CISO, Southeastern Grocers

Chris Gay

Southeastern Grocers

CISO Roundtable Discussions- Engage in your choice of targeted discussions for open exchange among industry peers.

5:50 pm - 6:30 pm B. Right-Sizing Threat Intelligence for your Enterprise
Andy Bennett - Deputy CISO, State of Texas

Andy Bennett

Deputy CISO
State of Texas

CISO Roundtable Discussions- Engage in your choice of targeted discussions for open exchange among industry peers.

5:50 pm - 6:30 pm C. Evolving Governance, Risk, and Compliance - Practical Insights
Tellis Williams - Chief Information Security Officer, AXA Partners USA

Tellis Williams

Chief Information Security Officer
AXA Partners USA

6:30 pm - 7:00 pm Networking Reception