Monday, December 09, 2019

10:15 am - 10:45 am Registration

10:45 am - 11:00 am Welcome Orientation by IQPC Exchange

11:00 am - 11:10 am Chairperson's Opening Remarks

11:10 am - 11:40 am Build Value Through Your Digital Transformation

This session will present a journey of digital transformation driven by the process of adopting modern technology and digital practices to accelerate business activity to improve competency and heighten efficiency in an ever-changing global market. To achieve real digital transformation, organizations must implement foundational practices and technologies that enable cultural and hierarchal shifts. It isn’t a quick add-on, but rather a disruption that positively subverts traditional methods instead of a better, digital way.

In this session, you will:
•Explore the shifting attack landscape and actionable steps to structure robust security programs
•Examine how to strengthen executive sponsorship in your organization and develop a roadmap for top-of-mind priorities and milestones 
•Discuss the value of user training and embedding your cybersecurity mission into every part of the organization

11:40 am - 12:10 pm Panel Session: Encouraging Mindset Shifts to Reduce FUD

The ability to communicate effectively with top executives and internal teams is critical to keep FUD or fear, uncertainty, and doubt from infiltrating your organization. Clearly articulating your cybersecurity health is imperative to align with top business objectives and is invaluable to ensure businesses maintain an “at fingertips” risk posture.  How will existing cybersecurity leaders help bridge the widening gap in talent, create a path for the next generation while continuing to evolve and mature their careers?

In this session, you will:
  • Discuss creating value and innovation in your critical cybersecurity mission initiatives to elevate an emerging generation of cyber talent with carving out clear career paths for increased talent retention within your organization
  • Share lessons learned to forge beneficial relationship multi-directional within the organization to create greater confidence in your risk-based decisions
  • Explore the role of the CISO in 5 years and potential post-career opportunities

12:10 pm - 12:55 pm Holiday Gift Distribution Benefiting the Organization of the James A. Haley Veteran’s Hospital at the MacDill Air Force Base

The Holiday Gift Distribution is a (45) minute philanthropic highlight and team bonding experience created for attendees to assemble holiday gift packages for veterans hospitalized at MacDill Air Force Base’s James A. Haley Veteran’s Hospital. Our mission is to honor and bring holiday light to those who have sacrificed their lives for our freedom. 

Gifts will be delivered to the hospital by a IQPC Exchange representative(s). 

1:00 pm - 2:00 pm Networking Lunch

2:00 pm - 2:30 pm Business Meetings

2:30 pm - 3:00 pm Business Meetings

3:00 pm - 3:30 pm Business Meetings

3:30 pm - 3:45 pm Networking Break


3:45 pm - 4:30 pm The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.

Key Takeaways:
•The Perception vs. Reality Dilemma
•Understanding the OODA (Observe, Orient, Decide, Act) Loop
•How social engineers and scam artists achieve their goals by subverting critical thinking steps
•How can you defend your organization and create your human firewall


3:45 pm - 4:30 pm Adversary Oriented Security
In modern environments, the corporate security program utilizes an increasingly complex inter-relationship of people, processes, and technology in detection and response operations.  However, incident response capabilities must be balanced against budgetary constraints and other requirements the security program must meet. How do you measure the effectiveness of your incident response program, and the investments your organization has made? What measure of confidence do you have in your organization’s ability to detect and respond to the worst of circumstances? These are not questions that can be answered by yet another technical solution, yet are critical in understanding how your organization is oriented against the adversary.

This discussion will include:
  • Programs that can be utilized to measure the efficacy of the security and incident response technology, people and processes.
  • Identifying deficiencies in enterprise adversary detection programs, and pursue continuous improvement in organization-wide detection capability.
  • Methods to determining new investments to be made in incident response capabilities. 

4:30 pm - 4:40 pm Ignite Introduction

This fast-moving, multi-topic session is comprised of three quick fire presentations to be completed in 10 minutes. Each presentation will focus on one specific challenge cyber-security leaders are facing and will provide actionable solutions that can be used to overcome these challenges effectively.

4:40 pm - 4:50 pm Why Agentless, Automated Threat Response Is a Digital Organization Imperative

The pace, volume, and severity of security threats, coupled with a shortage of skilled security workers, are challenges for organizations of any size. To address these realities, organizations must plan for and deploy strategies of cyber resilience. Join this session to learn how I used Malwarebytes to help automate attack response. Whether it’s reducing the number of reimaged machines or providing valuable information in preventing a breach, Malwarebytes has made a significant difference in our security ROI. 
What you will learn:
  • Why running 1 AV solution is not enough
  • The benefits to having a solution that coexists with ANY EDR or AV
  • The steps to establishing a cyber-resilient environment

4:50 pm - 5:00 pm Are You Ready for Autonomous Awareness Training?

Companies keep investing heavily in employee awareness training. Unfortunately, despite the significant IT overhead, the existing solutions fail to change employee behavior towards cyberattacks. CybeReady presents a different approach to awareness training, which leverages data science and advanced automation to deliver hassle-free, effective training. If you are frustrated with the amount of manual effort your current awareness program consumes, uncomfortable presenting mediocre progress to Management, and suspect there might be a better way to train your employees - please join us to learn about autonomous training! 

In this session you will learn:
•The methodology behind the autonomous cybersecurity awareness training platform
•Data analysis survey, demonstrating how machine-based training “moves the needle”
•How to achieve 400% improvement in corporate resilience toward phishing attacks in just 12 months 

5:00 pm - 5:10 pm Ransomware - A Clear and Present Danger: Insights and Best Practices to Keep your Business Moving Forward

Since its emergence onto the cyber landscape in 2012, ransomware has become a clear and present danger to business operations worldwide. With a string of high-profile incidents impacting a number of Fortune 100 companies and a projected global price tag of $11.5B in 2019, ransomware is rightfully considered one of the most significant cyber risks to organizations of all sizes. Ransomware impacts manifest on multiple fronts, whether it be a grinding halt to business operations, reputational damage, or the considerable financial impact associated with restoring systems and operations. In this 10-minute Ignite talk, AXA XL’s Elissa Doroff, Cyber Product Manager, and Lynn Peachey, Cyber Claims Specialist, share their expertise on:
  • Historical, current, and future ransomware trends
  • Recent claims examples
  • Best practices to prevent, mitigate, detect, and respond to a ransomware attack
  • What to look for in your cyber insurance partner 

5:10 pm - 5:40 pm Going Passwordless @ Stanford to Improve User Experience

Realizing our long-term vision of strong user authentication coupled with endpoint security posture enforcement at Stanford; last year we deployed the final component: client certificates that strongly authenticate both the user and the device. We'll describe the underlying systems and key design decisions while highlighting lessons we learned along our six-year journey. Join us to hear this rare story of dramatically improving security and user experience simultaneously, and learn how you can replicate this success with a fraction of the resources.

•Understand the benefits of identity-aware, application layer endpoint security posture enforcement coupled with client certificate-based authentication 
•Learn how to architect the systems necessary to implement your own version of Stanford's Cardinal Key service 
•Explore the keys to a successful implementation and rollout along with the potential pitfalls

5:40 pm - 6:40 pm Networking Cocktail Reception