December 09 - 11, 2019
Westin Tampa Waterside, Tampa, FL

Tuesday, December 10, 2019

7:30 am - 8:00 am Networking Breakfast

8:00 am - 8:05 am Chairperson's Recap of Day One

8:05 am - 8:35 am A Systematized Approach To Eliminate Costly Disruptions

Today's supply chain depends on trust. Coupled with heightened sensitivity to privacy, this need for security across all trusted entities represents a new type of risk beyond traditional vectors. While security incidents and financial risk are traditionally viewed as high risk for breaches within a single entity, hackers have learned to effectively exploit a firm’s relationships meaning an increase to the criticality of adequate vendor and third-party management. 

In this session, you will hear about third-party management practices to foster trusting partnerships, impactful and costly supply chain disruption issues, and how to deepen your customer relationships when faced with opposition.
  • Discuss an organizational approach to strengthen and restructure enterprise risk management programs to achieve strategic objectives and implement rigorous compliance verification
  • Understand how to work with your human resources and legal department on vendor contracts 
  • Explore corporate risk management strategies to enhance your supply chain resilience and eliminate costly disruptions 
  • Hear about strategies to address the reality that not all third parties are large enough to have dedicated IT and Security resources
David Sheidlower, Chief Information Security Officer at Turner Construction Company

David Sheidlower

Chief Information Security Officer
Turner Construction Company

8:35 am - 9:05 am The Cognitive Security Edge: A Proactive Approach

It takes constant monitoring and maximum use of data to find attacks and abnormal behavior before an incident occurs. However, the world produces over 2.5 quintillion bytes of data every day, and 80% of it is unstructured. What this means is most of it's expressed in natural language – spoken, written or visual – that a human can easily understand but traditional security systems can't. Most challenging security problems still require people to make sound decisions about what to act on and what's a false alarm. Building security instincts and expertise into new defenses that analyze research reports, web text, threat data, and other security-relevant structured and unstructured data. Just like security professionals do every day – but at a scale, we've never seen.

In this session, participants will: 

  • Learn the philosophy and capabilities associated with cognitive computing 
  • Hear about attacks on cognitive systems
  • Discuss three top-performing approaches and solutions 
  • Explore live case studies
Joe Carusillo, Program Director of Client Initiatives at IBM

Joe Carusillo

Program Director of Client Initiatives
IBM

9:05 am - 9:35 am Practice How You Play: Evaluating Your “Risk Dollars”

Today's privacy environment introduces new daily risks beyond traditional vectors. Precision cyber-security investment strategies and robust security automation controls are crucial to your long term planning "risk dollars." In this session, attendees will hear about cyber-security investment management practices to foster trusting internal partnerships and find the sweet spot for growth, identifying a point of entry disruption issues, and how to deepen your automation controls to keep out the bad guys.

  • Discuss an organizational approach to strengthen and restructure enterprise risk management programs to achieve strategic objectives and implement rigorous investment strategies
  • Understand how to identify gaps in your current controls and processes via breach and attack simulators
  • Explore corporate risk management strategies to enhance your investment road map and eliminate costly disruptions 
Chris White, Deputy Chief Information Security Officer at Interpublic Group of Companies

Chris White

Deputy Chief Information Security Officer
Interpublic Group of Companies

9:35 am - 10:15 am The Art of Manipulation: How to Avoid Cyber Hackers Preying on Your Organization

Why is spear phishing detrimental to your business? At its most basic level, spear-phishing attacks are a highly targeted form of cyber scamming involving well-crafted emails being sent to deeply researched victims. These cyber hackers utilize highly organized reconnaissance methods such as executive summaries from company websites, social media scraping methods, and social engineering to hijack processes. Bespoke emails are hard to spot without close inspection and difficult to stop with technical controls alone. There have been many, many examples of high profile spear-phishing attacks that had led to significant financial loss. 

In this session, you will learn:
  • Explore common scams industry leaders are encountering and what they’re doing to combat 
  • Hear how cyber leaders are educating and protecting executive and finance teams from being clickbait
  • Discuss techniques to elevate defenses and protect your most valuable assets against “whaling.”
Jack Leidecker, Sr. Director Information Security at Teradata

Jack Leidecker

Sr. Director Information Security
Teradata

10:15 am - 10:45 am Business Meetings

10:45 am - 11:15 am Business Meetings

11:15 am - 11:45 am Business Meetings

11:45 am - 12:00 pm Networking Break

MasterClass

12:00 pm - 12:30 pm Intensify Resilience Through an Integrated Cybermaturity Roadmap
The CMMI Institute interviewed CISOs/CSOs seeking to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to provide a holistic solution that aims to align pragmatic insights with business objectives, the CMMI Institute built a risk-based capability maturity platform. This enterprise platform can support organizations of varying complexity and security demands while providing a clear understanding of the priorities an organization should attack first.

Key Takeaways

  • Understand the challenges global organizations are facing and how leading organizations are solving 
  • Understand a risk-based approach for prioritizing investment for organizations with varying complexity and security demands
  • Understand the CMMI Institute’s holistic approach to assessing the maturity of an organization’s security capability maturity

BrainWeave

12:00 pm - 12:30 pm Achieving Agentless Visibility to Secure Rogue Devices
A problem that plagues organization’s capability to achieve complete endpoint protection is the inability to identify every device connected to the network.  In other words, organizations struggle to achieve full visibility.  To help solve that problem, discover revolutionized device visibility with a proven process attained through agentless visibility. 

Key Takeaways

  • Discuss essential solutions to securing a network through detecting, inspecting, classifying and controlling any device or application that connects
  • Hear how to allow network admins to mitigate security risks and ensure that all devices on a network are not a threat or vulnerability

12:30 pm - 1:30 pm Lunch

1:35 pm - 2:25 pm Practitioner Roundtable Discussions

Earlier in the Exchange, we collected your insights and challenges using Thoughtexchange.  We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.


Tech Talks

2:25 pm - 2:30 pm Tech Talks Introduction
The global cyber-security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session, three emerging cyber-security vendors will convey the benefits of their unique solutions to the audience while an experienced cyber leader helps spearhead audience participation. The CISOs in the audience will follow up with questions, advice on go-to-market strategies, and how to cut through the noise to increase market traction and adoption by the security team.

2:30 pm - 2:40 pm Making the Case for Deception as a Practical Cyber Defense Solution

3:10 pm - 3:40 pm Business Meetings

3:40 pm - 4:10 pm Business Meetings

4:10 pm - 4:40 pm Business Meetings

4:40 pm - 4:55 pm Networking Break

As the global cybersecurity workforce shortage continues to deepen, and the threat landscape accelerates with greater complexity, a significant challenge for virtually every data-driven organization will be meeting the evolving information security needs of the business. Currently, women make up only 20% of the cybersecurity workforce, but are a crucial, untapped talent reservoir.  Learn how cybersecurity leaders are working to close the workforce shortage and gender gap in their cybersecurity leadership teams.

During this panel, attendees will hear about:
  • Discuss the next generation of the cybersecurity talent pool and the skills required to fill the gap
  • Explore how critical your cybersecurity mission is to motivating and retaining talent
  • Learn lessons about being “in the room” where change happens 
Patricia Collins Weedon, Senior Vice President & Chief Information Security Officer at Discovery Inc.

Patricia Collins Weedon

Senior Vice President & Chief Information Security Officer
Discovery Inc.

Amy S. Hess, Executive Assistant Director Criminal, Cyber, Response and Services Branch at Federal Bureau of Investigation

Amy S. Hess

Executive Assistant Director Criminal, Cyber, Response and Services Branch
Federal Bureau of Investigation

Cindy Fowler, Vice President of Information Cyber Security Engineering and Platform Operations at Voya Financial

Cindy Fowler

Vice President of Information Cyber Security Engineering and Platform Operations
Voya Financial

Holly Ridgeway, Executive Vice President & Chief Security Officer at Citizens Bank

Holly Ridgeway

Executive Vice President & Chief Security Officer
Citizens Bank

MasterClass

5:45 pm - 6:15 pm Thwart Email Scams And Protect Your Employees' Most Sensitive Data
The HR Department receives an email from the CEO asking for W-2’s and they urgently spring into action to respond to the request. This might just cost your company millions of dollars, let alone your job. These days, cybercrime is preying upon human behavior. So what happens when cyber criminals target or impersonate senior leadership (or a third-party vendor) and trick employees into wiring money or sending sensitive data to a cyber criminal?

Key Takeaways 

  • Strengthen your Business Email Compromise (BEC) health by partnering with your HR & Financial Departments for awareness training on how to spot and defeat BEC attempts
  • Establish a formal BEC incident response policy
  • Encourage common sense when encountering executive and third party requests

BrainWeave

5:45 pm - 6:15 pm Guardians of the Gadgetry: Safeguard Your Devices
The world of enterprise mobility and mobile security is ever-changing. Electronics vendors are pushing out new devices every day, and those devices are pumped full of new features that extends the possibility of mobile business solutions. Also, BYOD culture and business-critical applications show that enterprises are more than willing to introduce mobile solutions into their infrastructure. However, the increase in mobile devices also increases the need for intelligent mobile security and while companies can benefit from allowing mobile devices to perform business-related tasks, if those devices aren’t properly secured, they can pose a tremendous risk to your enterprise.

Key Takeaways

  • Discover how to secure mobile devices and adoption practices for your employees to follow and incorporating mobile security tools
  • Options for implement fail proof containerization standards
  • Receive critical in house applications 
Each discussion will be led by an expert moderator who will help guide conversations and support critical takeaways. Every leader will be briefly introduced on stage so you can decide which you would like to join!

6:15 pm - 7:00 pm A: Practical Security Intelligence for C-Level Executives


Security is of utmost concern for embedded software used in mobile, IoT, and automotive industries. Most software is built using open-source software (OSS) components, even though significant security vulnerabilities are discovered in them. To make matters worse, third-party software that many companies rely on is distributed in binary format without the source code, making it extremely difficult to identify the potential security issues. 
During this round-table discussion, you will discuss: 

  • Identify your businesses level of dedication to making your connected world a safer place 
  • Major lessons learned from recent OSS- related security vulnerabilities like the 2017 Equifax Security Breach 
  • How C-Level Executives can quickly determine, at a glance, the most critical OSS security and licensing issues and allocate their DevOps and security resources to most effectively address them.

6:15 pm - 7:00 pm B: Compliance is the New Normal: The Time is Now to Lock Down Your Consumers Sensitive Data

The recent first anniversary of the General Data Protection Regulation (GDPR)’s implementation commemorated businesses operating in this new regulatory environment. Now, GDPR looks less like an outlier and more like a global trendsetter. Companies aren’t the only ones that have begun educating themselves on compliance; consumers are more informed on digital rights, which correlate to magnified expectations for the businesses where they share personal data.

During this roundtable discussion, you will discuss:
  • Prepare your business for ongoing and elevating compliance standards
  • Prioritize consumer data security checklist to exceed data governance and reporting requirements 
  • Explore the shifting focus on to how to prevent sensitive consumer data from being breached or stolen

6:15 pm - 7:00 pm C: Emerging Wave of Cyber War: The Need to Elevate Defenses

Terrorist-related groups have been tormenting organizations and individuals, but its anticipated nation-state threats will increase significantly. In particular, they are targeting critical infrastructure. Critical infrastructure systems are extremely vulnerable to both cybersecurity and physical security risks. State-sponsored threats and high-level hackers are continually looking to gain access to the essential infrastructure of nations worldwide, with the intent of hitting some of our most valuable systems. 

During this round table discussion, you will discuss:

  • Understand how organizations should take inventory of their attack landscape to identify and mitigate potential threats before being exploited 
  • Discuss high adoption of artificial intelligence and machine learning help to minimize the risks or complicate the outcomes
  • Explore if IoT devices exacerbate the threat landscape or help with capturing real-time issues

7:00 pm - 8:00 pm Cocktail Reception

8:00 pm - 10:00 pm Dinner