December 09 - 11, 2019
Westin Tampa Waterside, Tampa, FL

Tuesday, December 10, 2019

7:30 am - 8:00 am Networking Breakfast

8:00 am - 8:05 am Chairperson's Recap of Day One

8:05 am - 8:35 am A Systematized Approach To Eliminate Costly Disruptions

Today's supply chain depends on trust. Coupled with heightened sensitivity to privacy, this need for security across all trusted entities represents a new type of risk beyond traditional vectors. While security incidents and financial risk are traditionally viewed as high risk for breaches within a single entity, hackers have learned to effectively exploit a firm’s relationships meaning an increase to the criticality of adequate vendor and third-party management. 

In this session, you will hear about third-party management practices to foster trusting partnerships, impactful and costly supply chain disruption issues, and how to deepen your customer relationships when faced with opposition.
•Discuss an organizational approach to strengthen and restructure enterprise risk management programs to achieve strategic objectives and implement rigorous compliance verification
•Understand how to work with your human resources and legal department on vendor contracts 
•Explore corporate risk management strategies to enhance your supply chain resilience and eliminate costly disruptions 
•Hear about strategies to address the reality that not all third parties are large enough to have dedicated IT and Security resources

David Sheidlower, Chief Information Security Officer at Turner Construction Company

David Sheidlower

Chief Information Security Officer
Turner Construction Company

8:35 am - 9:05 am The Cognitive Security Edge: A Proactive Approach

It takes constant monitoring and maximum use of data to find attacks and abnormal behavior before an incident occurs. However, the world produces over 2.5 quintillion bytes of data every day, and 80% of it is unstructured. What this means is most of it's expressed in natural language – spoken, written or visual – that a human can easily understand but traditional security systems can't. Most challenging security problems still require people to make sound decisions about what to act on and what's a false alarm. Building security instincts and expertise into new defenses that analyze research reports, web text, threat data, and other security-relevant structured and unstructured data. Just like security professionals do every day – but at a scale, we've never seen.

In this session, participants will: 
•Learn the philosophy and capabilities associated with cognitive computing 
•Hear about attacks on cognitive systems
•Discuss three top-performing approaches and solutions 
•Explore live case studies

Michael Melore, Cyber Security Advisor at IBM Security

Michael Melore

Cyber Security Advisor
IBM Security

9:05 am - 9:35 am Practice How You Play: Evaluating Your “Risk Dollars”

Today's privacy environment introduces new daily risks beyond traditional vectors. Precision cyber-security investment strategies and robust security automation controls are crucial to your long term planning "risk dollars." In this session, attendees will hear about cyber-security investment management practices to foster trusting internal partnerships and find the sweet spot for growth, identifying a point of entry disruption issues, and how to deepen your automation controls to keep out the bad guys.

•Discuss an organizational approach to strengthen and restructure enterprise risk management programs to achieve strategic objectives and implement rigorous investment strategies
•Understand how to identify gaps in your current controls and processes via breach and attack simulators
•Explore corporate risk management strategies to enhance your investment road map and eliminate costly disruptions 

Chris White, Deputy Chief Information Security Officer at Interpublic Group of Companies

Chris White

Deputy Chief Information Security Officer
Interpublic Group of Companies

9:35 am - 10:15 am The Ghost in the Machine: Cybersecurity in the Enterprise & National Security

There is no issue more vital to defending our nation and securing the future than cybersecurity. As a tool for waging war, disrupting trade, stealing property, conducting espionage, and compromising elections, cybersecurity is the defining issue of the 21st century. Phishing attacks impact everyone, and come from everywhere - other governments, hackers, and criminal groups. And, due to an erroneous belief that humans can be ‘trained’ out of their human nature, organizations spend $1B a year training employees to be ‘aware’ of phish. Join this frank conversation with leaders across the technology, military and enterprise domains to look at cybersecurity through the lens of three strategic dimensions: Who leads us, how we should defend ourselves, and how well our businesses run. 

•How attackers use the latest information about human behavior and habits to construct successful phishing campaigns.
•Key lessons from industries that have spent decades investing in machines for cybersecurity
•The balance of Human vs Machine defense against Human-focused Attacks
The solution for phish doesn’t come in the form of end user human judgment. Instead, automation and better machines will approach cyber-attacks for what they actually are: routine assembly line operations, neither extraordinary nor insurmountable to defeat.

Oren J. Falkowitz, CEO at Area 1 Security

Oren J. Falkowitz

Area 1 Security

Jack Leidecker, Senior Director Information Security at Teradata

Jack Leidecker

Senior Director Information Security

10:15 am - 10:30 am Networking Break

10:30 am - 11:00 am Business Meetings

11:00 am - 11:30 am Business Meetings

11:30 am - 12:00 pm Business Meetings


12:00 pm - 12:30 pm State of Cybersecurity: 2019 Results and Looking Forward
State of Cybersecurity 2019 reports the results of the annual ISACA® global State of Cybersecurity Survey, conducted in November 2018. Some findings reinforce discoveries from prior years—specifically that the need for trained and experienced cybersecurity professionals vastly outweighs the supply and that the top attacks and threat actors remain largely the same. Other findings provide new insight for cybersecurity management: respondents indicate that cybersecurity departments are best served when reporting to either a chief information security officer (CISO) or chief executive officer (CEO), rather than reporting to a chief information officer (CIO). State of Cybersecurity 2019 captures an outlook on cybersecurity from the perspective of those who define the field—cybersecurity managers and practitioners.
Frank Downs, Director at CMMI Institute

Frank Downs

CMMI Institute


12:00 pm - 12:30 pm There Is No "Magic Bullet" in IT Security: The Strategic Process Never Stops
People, process, and technology, when optimized together, are the three keys to improved IT security. A successful security program is not one with an end-state, but preferably one approached as a continuous orchestrated journey. Over time following a path will lead to success. If Rome wasn’t built in a day and has never halted the modifications, then neither can your security program. In today’s security state, the steps and path should include implementing fundamental security procedures, tools, and repeatable processes that work together to ultimately report key insights that measure and track the methods to show improved security. In this session, we will address core issues facing enterprise information security professionals and discuss simple strategic approaches to solving them.

Key Takeaways
•Visibility - Can't protect what you can't see
•Automation and Orchestration- Integrate existing tools and automate actions to create efficiency
•Secure Access - Users Experience and Privileged protection
•Advanced Threat and Data Protection - End Point, Network and Cloud
•Compliance - Changing landscape to incorporate 3rd party vendors
•Managed Security Services - Offload the tactical, focus on the strategic

Trevor Smith, Executive Vice President at Brite

Trevor Smith

Executive Vice President

12:30 pm - 1:30 pm Lunch


1:35 pm - 2:25 pm Practitioner Roundtable Discussions

Earlier in the Exchange, we collected your insights and challenges using Thoughtexchange.  We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.

The global cyber-security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session, three emerging cyber-security vendors will convey the benefits of their unique solutions to the audience while an experienced cyber leader helps spearhead audience participation. The CISOs in the audience will follow up with questions, advice on go-to-market strategies, and how to cut through the noise to increase market traction and adoption by the security team.
Jeff Orr, Editor at Cyber Security Hub

Jeff Orr

Cyber Security Hub

Troy Wilkinson, Head of Cybersecurity, Data Analytics & Research at Interpublic Group

Troy Wilkinson

Head of Cybersecurity, Data Analytics & Research
Interpublic Group

2:30 pm - 2:40 pm Making the Case for Deception as a Practical Cyber Defense Solution


Don Gray, Chief Technology Officer at PacketViper

Don Gray

Chief Technology Officer

3:10 pm - 3:40 pm Business Meetings

3:40 pm - 4:10 pm Business Meetings

4:10 pm - 4:40 pm Business Meetings

4:40 pm - 4:55 pm Networking Break

As the global cybersecurity workforce shortage continues to deepen, and the threat landscape accelerates with greater complexity, a significant challenge for virtually every data-driven organization will be meeting the evolving information security needs of the business. Currently, women make up only 20% of the cybersecurity workforce, but are a crucial, untapped talent reservoir.  Learn how cybersecurity leaders are working to close the workforce shortage and gender gap in their cybersecurity leadership teams.

During this panel, attendees will hear about:
•Discuss the next generation of the cybersecurity talent pool and the skills required to fill the gap
•Explore how critical your cybersecurity mission is to motivating and retaining talent
•Learn lessons about being “in the room” where change happens 

Holly Ridgeway, Executive Vice President & Chief Security Officer at Citizens Bank

Holly Ridgeway

Executive Vice President & Chief Security Officer
Citizens Bank

Amy S. Hess, Executive Assistant Director Criminal, Cyber, Response and Services Branch at Federal Bureau of Investigation

Amy S. Hess

Executive Assistant Director Criminal, Cyber, Response and Services Branch
Federal Bureau of Investigation

Cindy Fowler, Vice President of Information Cyber Security Engineering and Platform Operations at Voya Financial

Cindy Fowler

Vice President of Information Cyber Security Engineering and Platform Operations
Voya Financial

Abhilasha Bhargav-Spantzel PhD, Principal Engineer at Intel

Abhilasha Bhargav-Spantzel PhD

Principal Engineer


5:45 pm - 6:15 pm Thwart Email Scams And Protect Your Employees' Most Sensitive Data
The HR Department receives an email from the CEO asking for W-2’s and they urgently spring into action to respond to the request. This might just cost your company millions of dollars, let alone your job. These days, cybercrime is preying upon human behavior. So what happens when cyber criminals target or impersonate senior leadership (or a third-party vendor) and trick employees into wiring money or sending sensitive data to a cyber criminal?

Key Takeaways:
•Strengthen your Business Email Compromise (BEC) health by partnering with your HR & Financial Departments for awareness training on how to spot and defeat BEC attempts
•Establish a formal BEC incident response policy
•Encourage common sense when encountering executive and third party requests


5:45 pm - 6:15 pm Guardians of the Gadgetry: Safeguard Your Devices
The world of enterprise mobility and mobile security is ever-changing. Electronics vendors are pushing out new devices every day, and those devices are pumped full of new features that extends the possibility of mobile business solutions. Also, BYOD culture and business-critical applications show that enterprises are more than willing to introduce mobile solutions into their infrastructure. However, the increase in mobile devices also increases the need for intelligent mobile security and while companies can benefit from allowing mobile devices to perform business-related tasks, if those devices aren’t properly secured, they can pose a tremendous risk to your enterprise.

Key Takeaways:
•Discover how to secure mobile devices and adoption practices for your employees to follow and incorporating mobile security tools
•Options for implement fail proof containerization standards
•Receive critical in house applications 

Each discussion will be led by an expert moderator who will help guide conversations and support critical takeaways. Every leader will be briefly introduced on stage so you can decide which you would like to join!

6:15 pm - 7:00 pm A: Blockchain Technologies, Business Applications and Innovations

In this round table, we will be discussing the capabilities and limitations of Blockchain and other distributed ledger technologies. We will discuss real world use cases and create a dialogue about the future of these types of initiatives.
Troy Wilkinson, Head of Cybersecurity, Data Analytics & Research at Interpublic Group

Troy Wilkinson

Head of Cybersecurity, Data Analytics & Research
Interpublic Group

6:15 pm - 7:00 pm B: Compliance is the New Normal: The Time is Now to Lock Down Your Consumers Sensitive Data

The recent first anniversary of the General Data Protection Regulation (GDPR)’s implementation commemorated businesses operating in this new regulatory environment. Now, GDPR looks less like an outlier and more like a global trendsetter. Companies aren’t the only ones that have begun educating themselves on compliance; consumers are more informed on digital rights, which correlate to magnified expectations for the businesses where they share personal data.

During this roundtable discussion, you will discuss:
•Prepare your business for ongoing and elevating compliance standards
•Prioritize consumer data security checklist to exceed data governance and reporting requirements 
•Explore the shifting focus on to how to prevent sensitive consumer data from being breached or stolen

6:15 pm - 7:00 pm C: Emerging Wave of Cyber War: The Need to Elevate Defenses

Terrorist-related groups have been tormenting organizations and individuals, but its anticipated nation-state threats will increase significantly. In particular, they are targeting critical infrastructure. Critical infrastructure systems are extremely vulnerable to both cybersecurity and physical security risks. State-sponsored threats and high-level hackers are continually looking to gain access to the essential infrastructure of nations worldwide, with the intent of hitting some of our most valuable systems. 

During this round table discussion, you will discuss:
•Understand how organizations should take inventory of their attack landscape to identify and mitigate potential threats before being exploited 
•Discuss high adoption of artificial intelligence and machine learning help to minimize the risks or complicate the outcomes
•Explore if IoT devices exacerbate the threat landscape or help with capturing real-time issues

7:00 pm - 8:00 pm Cocktail Reception

8:00 pm - 10:00 pm Dinner