December 09 - 11, 2019
Westin Tampa Waterside, Tampa, FL

Monday, December 09, 2019

10:15 am - 10:45 am Registration

10:45 am - 10:50 am Welcome Orientation

10:50 am - 11:00 am Thoughtexchange Welcome – App Introduction

11:00 am - 11:10 am Chairperson's Opening Remarks

11:10 am - 11:40 am Build Value Through Your Digital Transformation

This session will present a journey of digital transformation driven by the process of adopting modern technology and digital practices to accelerate business activity to improve competency and heighten efficiency in an ever-changing global market. To achieve real digital transformation, organizations must implement foundational practices and technologies that enable cultural and hierarchal shifts. It isn’t a quick add-on, but rather a disruption that positively subverts traditional methods instead of a better, digital way.

In this session, you will:
  • Explore the shifting attack landscape and actionable steps to structure robust security programs
  • Examine how to strengthen executive sponsorship in your organization and develop a roadmap for top-of-mind priorities and
  • Discuss the value of user training and embedding your cybersecurity mission into every part of the organization

Jairo Orea, Global Chief Information Security Officer at Kimberly-Clark

Jairo Orea

Global Chief Information Security Officer

11:40 am - 12:10 pm Going Back to Basics to Create Powerful and Reliable CISO Frameworks

The backbone of a synchronized information technology program is the complete function of security operations. In the cyber realm, this translates to maintaining a pulse in the risk continuum to drive performance while sustaining 360-degree visibilities to manage attack vectors and swift responses to evolving sophisticated hackers are imperative to reduce downtime and revenue loss. Now with more connected devices to the environment and migration to the cloud, it’s making it more challenging to stay abreast of whom and what at all times in the ecosystem. 

In this session, you will:
  • Learn how to prioritize and organize vulnerability management efforts with calculated risks related to overall business value, threat intelligence, robust incident response plans 
  • Examine “hot” identity management threat trends like credential stuffing, well- crafted phishing scams and advanced persistent threats affecting business outcomes
  • Receive risk assessment methodology and risk management policies to address third party challenges

Dennis Leber, Chief Information Security Officer at Cabinet for Health and Family Services- State of Kentucky

Dennis Leber

Chief Information Security Officer
Cabinet for Health and Family Services- State of Kentucky

12:10 pm - 12:55 pm Encouraging Mindset Shifts to Reduce FUD

The ability to communicate effectively with top executives and internal teams is critical to keep FUD or fear, uncertainty, and doubt from infiltrating your organization. Clearly articulating your cybersecurity health is imperative to align with top business objectives and is invaluable to ensure businesses maintain an “at fingertips” risk posture.  How will existing cybersecurity leaders help bridge the widening gap in talent, create a path for the next generation while continuing to evolve and mature their careers?

In this session, you will:
  • Discuss creating value and innovation in your critical cybersecurity mission initiatives to elevate an emerging generation of cyber talent with carving out clear career paths for increased talent retention within your organization
  • Share lessons learned to forge beneficial relationship multi-directionally within the organization to create greater confidence in your risk-based decisions
  • Explore the role of the CISO in 5 years and potential post-career opportunities

Mike Woods, Senior Director Global Cyber Security at General Electric

Mike Woods

Senior Director Global Cyber Security
General Electric

12:55 pm - 1:55 pm Networking Lunch

2:00 pm - 2:30 pm Going Passwordless @ Stanford to Improve User Experience

Realizing our long-term vision of strong user authentication coupled with endpoint security posture enforcement at Stanford; last year we deployed the final component: client certificates that strongly authenticate both the user and the device. We'll describe the underlying systems and key design decisions while highlighting lessons we learned along our six-year journey. Join us to hear this rare story of dramatically improving security and user experience simultaneously, and learn how you can replicate this success with a fraction of the resources.

  • Understand the benefits of identity-aware, application layer endpoint security posture enforcement coupled with client certificate-based authentication 
  • Learn how to architect the systems necessary to implement your own version of Stanford's Cardinal Key service 
  • Explore the keys to a successful implementation and rollout along with the potential pitfalls

Michael Duff, Chief Information Security Officer at Stanford University

Michael Duff

Chief Information Security Officer
Stanford University

2:30 pm - 3:00 pm Business Meetings

3:00 pm - 3:30 pm Business Meetings

3:30 pm - 4:00 pm Business Meetings

4:00 pm - 4:15 pm Networking Break


4:15 pm - 4:45 pm The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.

Key Takeaways
  • The Perception vs. Reality Dilemma
  • Understanding the OODA (Observe, Orient, Decide, Act) Loop
  • How social engineers and scam artists achieve their goals by subverting critical thinking steps
  • How can you defend your organization and create your human firewall

Erich Kron, Security Awareness Advocate at KnowBe4

Erich Kron

Security Awareness Advocate


4:15 pm - 4:45 pm Finding the Unknown Unknowns
The cold reality is that even the most robust defenses can be breached. Proactively identifying threats operating within your environment will give you confidence that your environment is secure. SpecterOps offers unique insight into the cyber adversary mind-set and brings the highest caliber, most experienced resources to assess your organization's defenses, shut down attack paths, and increase your security posture and resilience.

Key Takeaways

  • Cyber adversary mind-set and all phases of engagement 
  • Resources on simulated environments and active network defenders responses
  • The ability to rapidly adapt to defensive mitigation's and responses with a variety of offensive tactics and techniques.

4:45 pm - 4:50 pm Ignite Introduction

This fast-moving, multi-topic session is comprised of three quick fire presentations to be completed in 10 minutes. Each presentation will focus on one specific challenge cyber-security leaders are facing and will provide actionable solutions that can be used to overcome these challenges effectively

4:50 pm - 5:00 pm Being Afraid Is No Way to Do Business

High profile executives and VIPs are often the targets of cyber threat actor’s intent on crimes of impersonation, stealing sensitive information, or damaging personal or organizational reputations among other cyber threats.  Threat actors can include state-sponsored cybercriminals, hacktivists, protesters, and even rogue employees. Social media channels are ground zero for cyber-attacks, but executives operating on any digital channel have digital risk exposure.

5:00 pm - 5:10 pm Autonomous Training is Critical For Business Success

Evolving cyber-security cultures in organizations and institutions have become a top priority. Traditional techniques require substantial time and human effort to operate but yield unpredictable results. If you are an innovative cyber-security leader trying to accomplish more with less, join us to learn how a Machine-Learning powered platform can be leveraged to perfect human learning and build corporate resilience.

During this session you will learn:
  • The methodology behind Machine-Learning based cyber-security training 
  • Data analysis demonstration on how machine-based training reduces “serial clickers’ by 82%
  • How to achieve improvement in corporate resilience toward phishing attacks in just 12 months 

5:10 pm - 5:20 pm Lightweight Deception With Heavy Weight Results

Deception is a potentially powerful, but underutilized cyber security technology. Currently, many CISO's evaluating cyber tool stacks think deception is too costly and impractical. In this session, you hear a different perspective and client experiences on internal and external facing deception technology acting earlier in the cyber kill chain to greatly strengthen a dynamic defense posture.

5:20 pm - 5:35 pm Collaborative & Courageous Leadership

Learn how innovative and dynamic leaders are leading the way by having courageous conversations within their organization. Discover how organizations are creating a culture that promotes openness, transparency and collaboration by empowering their employees to share their voice and consider the thoughts and ideas of others; shifting the corporate paradigm from closed and knowing to open and learning. In this session, you’ll learn what collaborative and courageous leadership mean to you and those around you.

5:35 pm - 6:35 pm Cocktail Reception

6:35 pm - 8:35 pm Dinner