December 09 - 11, 2019
Westin Tampa Waterside, Tampa, FL

Monday, December 09, 2019

10:15 am - 10:45 am Registration

10:45 am - 11:00 am Welcome Orientation by IQPC Exchange

11:00 am - 11:10 am Chairperson's Opening Remarks

Jeff Orr, Editor at Cyber Security Hub

Jeff Orr

Editor
Cyber Security Hub

11:10 am - 11:40 am Build Value Through Your Digital Transformation

This session will present a journey of digital transformation driven by the process of adopting modern technology and digital practices to accelerate business activity to improve competency and heighten efficiency in an ever-changing global market. To achieve real digital transformation, organizations must implement foundational practices and technologies that enable cultural and hierarchal shifts. It isn’t a quick add-on, but rather a disruption that positively subverts traditional methods instead of a better, digital way.

In this session, you will:
•Explore the shifting attack landscape and actionable steps to structure robust security programs
•Examine how to strengthen executive sponsorship in your organization and develop a roadmap for top-of-mind priorities and milestones 
•Discuss the value of user training and embedding your cybersecurity mission into every part of the organization

Jairo Orea, Global Chief Information Security Officer at Kimberly-Clark

Jairo Orea

Global Chief Information Security Officer
Kimberly-Clark

The ability to communicate effectively with top executives and internal teams is critical to keep FUD or fear, uncertainty, and doubt from infiltrating your organization. Clearly articulating your cybersecurity health is imperative to align with top business objectives and is invaluable to ensure businesses maintain an “at fingertips” risk posture.  How will existing cybersecurity leaders help bridge the widening gap in talent, create a path for the next generation while continuing to evolve and mature their careers?

In this session, you will:
  • Discuss creating value and innovation in your critical cybersecurity mission initiatives to elevate an emerging generation of cyber talent with carving out clear career paths for increased talent retention within your organization
  • Share lessons learned to forge beneficial relationship multi-directional within the organization to create greater confidence in your risk-based decisions
  • Explore the role of the CISO in 5 years and potential post-career opportunities


Mike Woods, Senior Director Global Cyber Security at General Electric

Mike Woods

Senior Director Global Cyber Security
General Electric

Clifford Donathan, Head of Cybersecurity at Experian Health

Clifford Donathan

Head of Cybersecurity
Experian Health

Steve R. Hutchens MBA, CISSP, Chief Information Security Officer at Apple Federal Credit Union

Steve R. Hutchens MBA, CISSP

Chief Information Security Officer
Apple Federal Credit Union

Jeff Orr, Editor at Cyber Security Hub

Jeff Orr

Editor
Cyber Security Hub

12:10 pm - 12:55 pm Holiday Gift Distribution Benefiting the Organization of the James A. Haley Veteran’s Hospital at the MacDill Air Force Base

Sponsors:
Area 1 Security
The Holiday Gift Distribution is a (45) minute philanthropic highlight and team bonding experience created for attendees to assemble holiday gift packages for veterans hospitalized at MacDill Air Force Base’s James A. Haley Veteran’s Hospital. Our mission is to honor and bring holiday light to those who have sacrificed their lives for our freedom. 

Gifts will be delivered to the hospital by a IQPC Exchange representative(s). 


1:00 pm - 2:00 pm Networking Lunch

2:00 pm - 2:30 pm Business Meetings

2:30 pm - 3:00 pm Business Meetings

3:00 pm - 3:30 pm Business Meetings

3:30 pm - 3:45 pm Networking Break

Masterclass

3:45 pm - 4:30 pm The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
Sponsors:
KnowBe4
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.

Key Takeaways:
•The Perception vs. Reality Dilemma
•Understanding the OODA (Observe, Orient, Decide, Act) Loop
•How social engineers and scam artists achieve their goals by subverting critical thinking steps
•How can you defend your organization and create your human firewall




Erich Kron, Security Awareness Advocate at KnowBe4

Erich Kron

Security Awareness Advocate
KnowBe4

Brainweave

3:45 pm - 4:30 pm Adversary Oriented Security
Sponsors:
SpecterOps
In modern environments, the corporate security program utilizes an increasingly complex inter-relationship of people, processes, and technology in detection and response operations.  However, incident response capabilities must be balanced against budgetary constraints and other requirements the security program must meet. How do you measure the effectiveness of your incident response program, and the investments your organization has made? What measure of confidence do you have in your organization’s ability to detect and respond to the worst of circumstances? These are not questions that can be answered by yet another technical solution, yet are critical in understanding how your organization is oriented against the adversary.

This discussion will include:
  • Programs that can be utilized to measure the efficacy of the security and incident response technology, people and processes.
  • Identifying deficiencies in enterprise adversary detection programs, and pursue continuous improvement in organization-wide detection capability.
  • Methods to determining new investments to be made in incident response capabilities. 


David McGuire, Chief Executive Officer at SpecterOps

David McGuire

Chief Executive Officer
SpecterOps

4:30 pm - 4:40 pm Ignite Introduction

This fast-moving, multi-topic session is comprised of three quick fire presentations to be completed in 10 minutes. Each presentation will focus on one specific challenge cyber-security leaders are facing and will provide actionable solutions that can be used to overcome these challenges effectively.
Jeff Orr, Editor at Cyber Security Hub

Jeff Orr

Editor
Cyber Security Hub

4:40 pm - 4:50 pm Why Agentless, Automated Threat Response Is a Digital Organization Imperative

Sponsors:
Malwarebytes
The pace, volume, and severity of security threats, coupled with a shortage of skilled security workers, are challenges for organizations of any size. To address these realities, organizations must plan for and deploy strategies of cyber resilience. Join this session to learn how I used Malwarebytes to help automate attack response. Whether it’s reducing the number of reimaged machines or providing valuable information in preventing a breach, Malwarebytes has made a significant difference in our security ROI. 
What you will learn:
  • Why running 1 AV solution is not enough
  • The benefits to having a solution that coexists with ANY EDR or AV
  • The steps to establishing a cyber-resilient environment


Bob Chadwick, Director of Threat and Response at Fidelity National Title

Bob Chadwick

Director of Threat and Response
Fidelity National Title

4:50 pm - 5:00 pm Are You Ready for Autonomous Awareness Training?

Sponsors:
CybeReady
Companies keep investing heavily in employee awareness training. Unfortunately, despite the significant IT overhead, the existing solutions fail to change employee behavior towards cyberattacks. CybeReady presents a different approach to awareness training, which leverages data science and advanced automation to deliver hassle-free, effective training. If you are frustrated with the amount of manual effort your current awareness program consumes, uncomfortable presenting mediocre progress to Management, and suspect there might be a better way to train your employees - please join us to learn about autonomous training! 

In this session you will learn:
•The methodology behind the autonomous cybersecurity awareness training platform
•Data analysis survey, demonstrating how machine-based training “moves the needle”
•How to achieve 400% improvement in corporate resilience toward phishing attacks in just 12 months 



Shlomi Gian, Chief Executive Officer at CybeReady

Shlomi Gian

Chief Executive Officer
CybeReady

5:00 pm - 5:10 pm Ransomware - A Clear and Present Danger: Insights and Best Practices to Keep your Business Moving Forward

Since its emergence onto the cyber landscape in 2012, ransomware has become a clear and present danger to business operations worldwide. With a string of high-profile incidents impacting a number of Fortune 100 companies and a projected global price tag of $11.5B in 2019, ransomware is rightfully considered one of the most significant cyber risks to organizations of all sizes. Ransomware impacts manifest on multiple fronts, whether it be a grinding halt to business operations, reputational damage, or the considerable financial impact associated with restoring systems and operations. In this 10-minute Ignite talk, AXA XL’s Elissa Doroff, Cyber Product Manager, and Lynn Peachey, Cyber Claims Specialist, share their expertise on:
  • Historical, current, and future ransomware trends
  • Recent claims examples
  • Best practices to prevent, mitigate, detect, and respond to a ransomware attack
  • What to look for in your cyber insurance partner 
Elissa Doroff, Underwriting and Product Manager, Cyber and Technology at AXA XL

Elissa Doroff

Underwriting and Product Manager, Cyber and Technology
AXA XL

Lynn Peachey, Claims Specialist, Cyber/Media/Tech at AXA XL

Lynn Peachey

Claims Specialist, Cyber/Media/Tech
AXA XL

5:10 pm - 5:40 pm Going Passwordless @ Stanford to Improve User Experience

Realizing our long-term vision of strong user authentication coupled with endpoint security posture enforcement at Stanford; last year we deployed the final component: client certificates that strongly authenticate both the user and the device. We'll describe the underlying systems and key design decisions while highlighting lessons we learned along our six-year journey. Join us to hear this rare story of dramatically improving security and user experience simultaneously, and learn how you can replicate this success with a fraction of the resources.

•Understand the benefits of identity-aware, application layer endpoint security posture enforcement coupled with client certificate-based authentication 
•Learn how to architect the systems necessary to implement your own version of Stanford's Cardinal Key service 
•Explore the keys to a successful implementation and rollout along with the potential pitfalls

Michael Duff, Chief Information Security Officer at Stanford University

Michael Duff

Chief Information Security Officer
Stanford University

5:40 pm - 6:40 pm Networking Cocktail Reception

Sponsors:
Accellion