September 22 - 24, 2019
The Ballantyne Charlotte, Charlotte, NC

Day One: Sunday, September 22, 2019

11:00 am - 11:35 am Registration

11:35 am - 11:45 am Orientation

11:45 am - 11:55 am Thoughtexchange App Introduction

11:55 am - 12:00 pm Chairperson's Opening Remarks

12:00 pm - 12:30 pm Proactive Security: Pursuing Threats and Defending Against Cyber Crime

Financial services remain a lucrative target for sophisticated cyber criminals. Explore the latest threats to financial institutions and ways to enhance and improve proactive responses to defend and limit the impact of breaches.  In this session, explore the intricacies of the processes, people and technology needed to dissuade attackers from penetrating your networks and reducing the return on investment of an attack.
In this session explore:

•Evolving attack trends and improving incident response
•Reducing the effectiveness of cyber crime
•Instilling proactive prevention including micro-segmentation of the enterprise network

12:35 pm - 1:35 pm Networking Lunch

1:35 pm - 2:20 pm Security Engineering is My Life(cycle)

Everything has a security consideration whether we build it or buy it. In today's environment of buy first or build quickly, how do we make certain that data is protected? Developing a security engineering discipline that is applied at any lifecycle stage can address this. This talk will look at some practical use cases.
Janet Oren, Chief Information Security Officer at Legg Mason

Janet Oren

Chief Information Security Officer
Legg Mason

2:20 pm - 2:50 pm Tales from the SOC

Let Neustar take you through the key workings of our world class SOC. Learn how we mitigate attacks of all shapes and sizes. Get an overview of the types of attacks and trends we are seeing. See first hand via our interactive demonstrations how our daily attacks are handled and see a live global attack map. Most importantly though - come prepared with questions to make this interactive and let our experts help and guide you regarding your own needs online Security.
Learning Outcomes:
• Live DDoS Attack & Mitigation Demonstrations
• Education on DDoS and other online attacks
• Fundamental understanding of a SOC
• Learn from key Neustar customer case study examples
• Your questions answered on your particular business security requirements

2:55 pm - 3:25 pm Business Meetings

3:25 pm - 3:55 pm Business Meetings

3:55 pm - 4:25 pm Business Meetings

4:25 pm - 4:40 pm Networking Break



Masterclass

4:40 pm - 5:25 pm The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.

Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by common criminals, to sophisticated social engineering and online scams. Additionally, he'll look at how you can ethically use the very same levers when educating your users.

Key Takeaways:

•The Perception vs. Reality Dilemma
•Understanding the OODA (Observe, Orient, Decide, Act) Loop
•How social engineers and scam artists achieve their goals by subverting critical thinking steps
•How can you defend your organization and create your human firewall
Erich Kron, Security Awareness Advocate at KnowBe4

Erich Kron

Security Awareness Advocate
KnowBe4

Brainweave

4:40 pm - 5:10 pm Adversary Oriented Security
In modern environments, the corporate security program utilizes an increasingly complex inter-relationship of people, processes, and technology in detection and response operations.  However, incident response capabilities must be balanced against budgetary constraints and other requirements the security program must meet. How do you measure the effectiveness of your incident response program, and the investments your organization has made? What measure of confidence do you have in your organization’s ability to detect and respond to the worst of circumstances? These are not questions that can be answered by yet another technical solution, yet are critical in understanding how your organization is oriented against the adversary.

This discussion will include:
•Programs that can be utilized to measure the efficacy of the security and incident response technology, people and processes.
•Identifying deficiencies in enterprise adversary detection programs, and pursue continuous improvement in organization-wide detection capability.
•Methods to determining new investments to be made in incident response capabilities. 


3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!

Ignite Sessions

5:30 pm - 6:10 pm Insights into Digital Asset Protection



5:30 pm - 6:10 pm Threat Hunting-Processes and Procedures for Incident Response



5:30 pm - 6:10 pm The 7 Habits of Highly Effective Cyber Defense Team

In this session, Nettitude will discuss the people, processes and technology that make up highly effective cyber defense, based on observations from our high tier assurance work done for multiple major financial service organizations, including central banks, stock exchanges, retail banks and more. 



6:10 pm - 6:45 pm Real-Time Emerging Tech Take

The global cyber security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session three cybersecurity vendors will convey the benefits of their technologies to a panel of three security executives. The CISOs will follow up with questions, advice on go-to-market strategies and how to cut through the noise to increase market traction and adoption by the security team.

6:45 pm - 7:15 pm Networking Reception