December 10 - 12, 2018
The Ritz-Carlton, Amelia Island, FL

Wednesday, December 12, 2018

8:00 am - 8:30 am Networking Breakfast

8:30 am - 8:35 am Chairperson's Opening Remarks

Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data and privacy are all components of proactive security leadership. Leadership needs to be in the forefront translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn how to:
•Engaging, managing, and exceeding expectations
•Top-down focus on risk management
•Evolving roles of the CISO, CIRO, and CIOs


Sherron Burgess

BCD Travel


Peeyush Patel

VP Information Security


Chris Squier

Director of Information Security


Jeff Kennedy

Regions Bank

11:00 am - 11:30 am Role of Cybersecurity Culture in Innovation & Competition

Stéphane Nappo - Global Head Information Security, Société Générale
In this session, explore
•Human factor, the easiest way to attack a system
•The User and Customer role in the IT Security ecosystem today
•How to develop a positive Corporate Cybersecurity Culture
•How to learn to unlearn and develop security agility
•Turn the human threat vector into security factor (and digital into corporate success)

Stéphane Nappo

Global Head Information Security
Société Générale

9:55 am - 10:25 am Business Meetings

10:25 am - 10:55 am Business Meetings

11:00 am - 11:30 am Integrating Zero Trust Networks

Randy Marchany - CISO, Virginia Tech
Internet 1.0 servers and endpoints were static. Internet 2.0 servers were static and endpoints were mobile. In the Internet 3.0 world, servers utilizing cloud, containers and "serverless" apps and endpoints (mobile devices, tablets, IoT, etc.) are highly mobile. A new security architecture needs to be implemented to address these new requirements. The traditional perimeter-based security architecture used in various sectors (edu, gov, com, org, etc.) has basically failed to protect internal assets. New technologies such as IoT and mobile devices will force a new approach to network security architecture. Zero-trust networks (ZTNs) assume that the network is hostile, attackers are already inside the net, and segmentation isn't sufficient for determining trust among other characteristics. This talk will describe zero-trust network properties and how we are integrating this architecture with existing cybersecurity defense strategies. We believe all sectors will have to adopt this strategy in the near future. 

Randy Marchany

Virginia Tech

11:30 am - 12:00 pm Strengthening Third Party Risk Management

Scott Mathis - CISO, RBC Bank
With the common practice of utilizing third parties in business transactions having a clear understanding of the risk of sharing data is necessary. Increased cross-industry collaboration. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and other current and pending regulations. Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
•Adjusting access levels for third parties user and system accounts
•Securing development of application integrations; including firewall configuration 
•Increasing industry collaboration and engagement to prioritize security


Scott Mathis

RBC Bank

12:00 pm - 12:05 pm Chairperson's Closing Remarks