December 09 - 11, 2019
Westin Tampa Waterside, Tampa, FL

Tuesday, December 10, 2019

7:30 am - 8:00 am Networking Breakfast

8:00 am - 8:05 am Chairperson's Morning Welcome

Jeff Orr, Editor at Cyber Security Hub

Jeff Orr

Cyber Security Hub

8:05 am - 8:35 am A Systematized Approach To Eliminate Costly Disruptions

Today's supply chain depends on trust. Coupled with heightened sensitivity to privacy, this need for security across all trusted entities represents a new type of risk beyond traditional vectors. While security incidents and financial risk are traditionally viewed as high risk for breaches within a single entity, hackers have learned to effectively exploit a firm’s relationships meaning an increase to the criticality of adequate vendor and third-party management. 

In this session, you will hear about third-party management practices to foster trusting partnerships, impactful and costly supply chain disruption issues, and how to deepen your customer relationships when faced with opposition.
  • Discuss an organizational approach to strengthen and restructure enterprise risk management programs to achieve strategic objectives and implement rigorous compliance verification
  • Understand how to work with your human resources and legal department on vendor contracts 
  • Explore corporate risk management strategies to enhance your supply chain resilience and eliminate costly disruptions 
  • Hear about strategies to address the reality that not all third parties are large enough to have dedicated IT and Security resources

David Sheidlower, Chief Information Security Officer at Turner Construction Company

David Sheidlower

Chief Information Security Officer
Turner Construction Company

8:35 am - 9:05 am The Cognitive Security Edge: A Proactive Approach

It takes constant monitoring and maximum use of data to find attacks and abnormal behavior before an incident occurs. However, the world produces over 2.5 quintillion bytes of data every day, and 80% of it is unstructured. What this means is most of it's expressed in natural language – spoken, written or visual – that a human can easily understand but traditional security systems can't. Most challenging security problems still require people to make sound decisions about what to act on and what's a false alarm. Building security instincts and expertise into new defenses that analyze research reports, web text, threat data, and other security-relevant structured and unstructured data. Just like security professionals do every day – but at a scale, we've never seen.

In this session, participants will: 
•Learn the philosophy and capabilities associated with cognitive computing 
•Hear about attacks on cognitive systems
•Discuss three top-performing approaches and solutions 
•Explore live case studies

Michael Melore, Cyber Security Advisor at IBM Security

Michael Melore

Cyber Security Advisor
IBM Security

There is no issue more vital to defending our nation and securing the future than cybersecurity. As a tool for waging war, disrupting trade, stealing property, conducting espionage, and compromising elections, cybersecurity is the defining issue of the 21st century. Phishing attacks impact everyone, and come from everywhere - other governments, hackers, and criminal groups. And, due to an erroneous belief that humans can be ‘trained’ out of their human nature, organizations spend $1B a year training employees to be ‘aware’ of phish. Join this frank conversation with leaders across the technology, military and enterprise domains to look at cybersecurity through the lens of three strategic dimensions: Who leads us, how we should defend ourselves, and how well our businesses run. 

•How attackers use the latest information about human behavior and habits to construct successful phishing campaigns.
•Key lessons from industries that have spent decades investing in machines for cybersecurity
•The balance of Human vs Machine defense against Human-focused Attacks
The solution for phish doesn’t come in the form of end user human judgment. Instead, automation and better machines will approach cyber-attacks for what they actually are: routine assembly line operations, neither extraordinary nor insurmountable to defeat.

Oren J. Falkowitz, Chief Executive Officer at Area 1 Security

Oren J. Falkowitz

Chief Executive Officer
Area 1 Security

Jennifer Buckner, Retired U.S. Army Brigadier General at U.S. Army

Jennifer Buckner

Retired U.S. Army Brigadier General
U.S. Army

Mike Tiddy, Chief Information Security Officer at BNSF Railway Company

Mike Tiddy

Chief Information Security Officer
BNSF Railway Company

9:40 am - 9:50 am Networking Break

9:50 am - 10:20 am Business Meetings

10:20 am - 10:50 am Business Meetings

10:50 am - 11:20 am Business Meetings


11:20 am - 12:05 pm State of Cybersecurity: 2019 Results and Looking Forward
State of Cybersecurity 2019 reports the results of the annual ISACA® global State of Cybersecurity Survey, conducted in November 2018. Some findings reinforce discoveries from prior years—specifically that the need for trained and experienced cybersecurity professionals vastly outweighs the supply and that the top attacks and threat actors remain largely the same. Other findings provide new insight for cybersecurity management: respondents indicate that cybersecurity departments are best served when reporting to either a chief information security officer (CISO) or chief executive officer (CEO), rather than reporting to a chief information officer (CIO). State of Cybersecurity 2019 captures an outlook on cybersecurity from the perspective of those who define the field—cybersecurity managers and practitioners.
Frank Downs, Internationally Recognized Cybersecurity Professional, Director, Subject Matter Expert at CMMI Institute

Frank Downs

Internationally Recognized Cybersecurity Professional, Director, Subject Matter Expert
CMMI Institute


11:20 am - 12:05 pm There Is No "Magic Bullet" in IT Security: The Strategic Process Never Stops
People, process, and technology, when optimized together, are the three keys to improved IT security. A successful security program is not one with an end-state, but preferably one approached as a continuous orchestrated journey. Over time following a path will lead to success. If Rome wasn’t built in a day and has never halted the modifications, then neither can your security program. In today’s security state, the steps and path should include implementing fundamental security procedures, tools, and repeatable processes that work together to ultimately report key insights that measure and track the methods to show improved security. In this session, we will address core issues facing enterprise information security professionals and discuss simple strategic approaches to solving them.

Key Takeaways
  • Visibility - Can't protect what you can't see
  • Automation and Orchestration- Integrate existing tools and automate actions to create efficiency
  • Secure Access - Users Experience and Privileged protection
  • Advanced Threat and Data Protection - End Point, Network and Cloud
  • Compliance - Changing landscape to incorporate 3rd party vendors
  • Managed Security Services - Offload the tactical, focus on the strategic

Trevor Smith, Executive Vice President at Brite

Trevor Smith

Executive Vice President

12:05 pm - 1:05 pm Networking Lunch


1:05 pm - 1:35 pm Practice How You Play: Evaluating Your “Risk Dollars”

Today's privacy environment introduces new daily risks beyond traditional vectors. Precision cyber-security investment strategies and robust security automation controls are crucial to your long term planning "risk dollars." In this session, attendees will hear about cyber-security investment management practices to foster trusting internal partnerships and find the sweet spot for growth, identifying a point of entry disruption issues, and how to deepen your automation controls to keep out the bad guys.

  • Discuss an organizational approach to strengthen and restructure enterprise risk management programs to achieve strategic objectives and implement rigorous investment strategies
  • Understand how to identify gaps in your current controls and processes via breach and attack simulators
  • Explore corporate risk management strategies to enhance your investment road map and eliminate costly disruptions 

Chris White, Deputy Chief Information Security Officer at Interpublic Group of Companies

Chris White

Deputy Chief Information Security Officer
Interpublic Group of Companies

The global cyber-security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace?

During this session, emerging cyber-security vendors will convey the benefits of their unique solutions to the audience while an experienced cyber leader helps spearhead audience participation. The CISOs in the audience will follow up with questions, advice on go-to-market strategies, and how to cut through the noise to increase market traction and adoption by the security team.
Jeff Orr, Editor at Cyber Security Hub

Jeff Orr

Cyber Security Hub

Troy Wilkinson, Head of Cybersecurity, Data Analytics & Research at Interpublic Group

Troy Wilkinson

Head of Cybersecurity, Data Analytics & Research
Interpublic Group

1:45 pm - 1:55 pm Addressing the Root Cause: Using Deception to Solve the Practical Security Problems


Don Gray, Chief Technology Officer at PacketViper

Don Gray

Chief Technology Officer

1:55 pm - 2:05 pm Next-Gen Email Security to Meet Changing Threat Landscapes

Despite better security awareness, phishing is still the leading cause of cyber intrusions. All it takes is one relatively-sophisticated phishing email to fool a user, and an organization's entire network can be compromised. RevBits EMAIL SECURITY is a comprehensive next generation email security solution with unique features for increased efficiency and accuracy.
  • Analyzes emails at the endpoint with 50+ algorithms to detect the most sophisticated phishing emails
  • Advanced email reporting, classification, and mitigation process
  • A.I. based image analysis

Mucteba Celik, Chief Technology Officer at RevBits

Mucteba Celik

Chief Technology Officer

2:05 pm - 2:20 pm Tech Talks Panel & Audience Feedback

As the global cybersecurity workforce shortage continues to deepen, and the threat landscape accelerates with greater complexity, a significant challenge for virtually every data-driven organization will be meeting the evolving information security needs of the business. Currently, women make up only 20% of the cybersecurity workforce, but are a crucial, untapped talent reservoir.  Learn how cybersecurity leaders are working to close the workforce shortage and gender gap in their cybersecurity leadership teams.

During this panel, attendees will hear about:
•Discuss the next generation of the cybersecurity talent pool and the skills required to fill the gap
•Explore how critical your cybersecurity mission is to motivating and retaining talent
•Learn lessons about being “in the room” where change happens 

Abhilasha Bhargav-Spantzel PhD, Principal Engineer at Intel

Abhilasha Bhargav-Spantzel PhD

Principal Engineer

Holly Ridgeway, Executive Vice President & Chief Security Officer at Citizens Bank

Holly Ridgeway

Executive Vice President & Chief Security Officer
Citizens Bank

Amy S. Hess, Executive Assistant Director Criminal, Cyber, Response and Services Branch at Federal Bureau of Investigation

Amy S. Hess

Executive Assistant Director Criminal, Cyber, Response and Services Branch
Federal Bureau of Investigation

Cindy Fowler, Vice President of Information Cyber Security Engineering and Platform Operations at Voya Financial

Cindy Fowler

Vice President of Information Cyber Security Engineering and Platform Operations
Voya Financial

3:10 pm - 3:25 pm Networking Break

3:25 pm - 3:55 pm Business Meetings

3:55 pm - 4:25 pm Business Meetings

4:25 pm - 4:55 pm Business Meetings

4:55 pm - 5:40 pm Take Control of IoT and OT Device Security in a Hyper-Connected Network

5:40 pm - 6:10 pm Practitioner Roundtables

Earlier in the Exchange, we collected your insights and challenges using Thoughtexchange.  We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement to be discussed with the delegation.

6:40 pm - 7:40 pm Networking Reception