September 22 - 24, 2019
The Ballantyne Charlotte, Charlotte, NC

Day Two: Monday, September 23, 2019

7:40 am - 8:10 am Breakfast

8:10 am - 8:15 am Chairperson's Opening Remarks

Janet Oren, Chief Information Security Officer at Legg Mason

Janet Oren

Chief Information Security Officer
Legg Mason

8:15 am - 9:00 am A Lesson in Survival: Transforming Culture By Preparing for a Crisis

Is your team prepared for the uncertainty and chaos of a security incident? How rapidly can your organization band together during a crisis? Who do you need to navigate a major security event and have you trained them to identify and support their stakeholders?
In this talk, we will show how key personalities, including  "fire fighters" and "bridge builders", emerge during the pandemonium of a major security event, and how these roles are core to the effectiveness of the security program long before a crisis ever happens. We will demonstrate how identifying, developing, and empowering these team members will allow you to not just survive a major event, but proactively build trust with your stakeholders and transform your security culture.
Adam Tice, Senior Vice President of Cybersecurity at Equifax

Adam Tice

Senior Vice President of Cybersecurity

9:00 am - 9:30 am The Changing Cloud Threat Factor with the Increase of Attack Vectors

IBM Security

Move to cloud in some form, is nearly inevitable. For Financial institutions, this may increase your threat surface and invite more attacks from a greater number of vectors. The solution is not always regulation. Recent events have even shown that well prepared organizations with no apparent security gaps can still be at risk. This short subject will open the doors on a number of talking points to help establish a mature security posture.
•Defining perimeters with cloud technologies
•Evolving threat landscape
•Changing delivery of security for cloud

Chris Cardran, Cyber-Security Solutions Architect, Financial Services Market at IBM Security

Chris Cardran

Cyber-Security Solutions Architect, Financial Services Market
IBM Security

Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

Ignite Session

9:30 am - 9:50 am The Seven Habits of Highly Effective Hackers and How to Defend Against Them
What are the tactics, techniques and procedures used by today’s most advanced hackers, and how are they changing? In this talk, the heads of Nettitude’s offensive and defensive security teams will discuss the most common practices of today’s best hackers, and how organizations can defend themselves against each of them, including live demonstrations.    
Chris Oakley, Vice President Technical Services, Americas at Nettitude

Chris Oakley

Vice President Technical Services, Americas

Ignite Session

9:30 am - 9:50 am How Real-Time Asset Intelligence Enables Full Posture Control
In order to understand the business risk associated with critical systems and applications one needs to understand the state of controls within the ecosystem. This means absolute knowledge of physical and virtual devices on the network inclusive of access, configuration and protective controls. Forescout provides a continuous, real-time, and extendable device visibility platform to enable posture consistency and measurement from campus to datacenter to cloud. Key learnings you will take away from this session include:
·         How to achieve continuous control of inventory – real-time, reconciled, and trusted CMDB accuracy 
·         Why 100% compliance to basic posture configurations should be the goal
·         How to coordinate dynamic, unified network segmentation planning and enforcement

Shane Coleman, Senior Director of Systems Engineering at Forescout Technologies Inc.

Shane Coleman

Senior Director of Systems Engineering
Forescout Technologies Inc.

9:50 am - 10:00 am Networking Break

10:00 am - 10:30 am Business Meetings

10:30 am - 11:00 am Business Meetings

11:00 am - 11:30 am Business Meetings


11:35 am - 12:20 pm Redefining Personal Data Protection and Privacy
Some organizations lack dedicated resources that help them track and govern their data at scale. How can CISOs work to combat this problem and ensure their data is properly managed and secured in the era of increasing privacy regulations such as GDPR and CCPA?
During this peer conversation, you will uncover:
  • Advances in automated processes that will improve efficiency
  • Strategies to map and govern data
How to ensure data compliance

Jan Brown, Vice President of Sales, South East Regional at BigID

Jan Brown

Vice President of Sales, South East Regional


11:35 am - 12:20 pm Insider Threats or Allies? Building Security in Your Workforce in the Age of Disruption

New technologies and regulations, like blockchainand GDPR, are changing the way we do business. Successful implementations and compliance require a skilled, security-conscious workforce. In this age of disruption, are you confident your employees aren't insider threats and instead are allies, working to safeguard your systems, data, and customers? If you can't emphatically answer "yes", this informative session will offer pathways to increase your workforce's security IQ so you can transform your organization and create a security mindset/culture.
 Placeholder for Champlain
Kathleen Hyde, Chair, Cybersecurity & Digital Forensics Programs, and Assistant Professor at Champlain College Online

Kathleen Hyde

Chair, Cybersecurity & Digital Forensics Programs, and Assistant Professor
Champlain College Online

12:20 pm - 1:20 pm Networking Lunch

Cyber security needs to be aligned with the business with accountability across the organization and with the customers. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders and translates to what customers are seeking. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instill security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn:

  • Engaging, managing, and exceeding expectations
  • Top-down focus on risk management
  • Evolving roles of the CISO, CIRO, and CIOs

Eric Staffin, Chief Information Security Officer at IHS Markit

Eric Staffin

Chief Information Security Officer
IHS Markit

Sajan Gautam, Chief Information Security Officer at Arvest

Sajan Gautam

Chief Information Security Officer

Kevin Gowen, Chief Information Security Officer at Synovus

Kevin Gowen

Chief Information Security Officer

Matthew Lang, Chief Information Security Officer at SECU

Matthew Lang

Chief Information Security Officer

Jeff Kerpics, Regional Sales Manager at nCipher Security

Jeff Kerpics

Regional Sales Manager
nCipher Security

2:05 pm - 3:05 pm Practitioner Roundtables

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement. 

3:00 pm - 3:30 pm Business Meetings

3:30 pm - 4:00 pm Business Meetings

4:00 pm - 4:30 pm Business Meetings

4:30 pm - 5:00 pm Networking Break

5:00 pm - 5:30 pm Innovating Third Party Risk Management (TPRM) in a Transformation World

Organizations are gravitating quickly to transformation (cloud, agile, RPA, etc).  The goal of these activities is to improve customer service, increase revenue, reduce cost and operate more agile to name a few. This process requires TPRM activities to keep up with the transformative process.

In this session:
•Appropriate access levels for third parties user and system accounts
•Secure development of application integrations; including firewall configuration 
•Sectioning internal networks to limit third party needs

Nasser Fattah, Managing Director at MUFG Union Bank

Nasser Fattah

Managing Director
MUFG Union Bank

5:30 pm - 5:35 pm Chairperson’s Closing Remarks

Janet Oren, Chief Information Security Officer at Legg Mason

Janet Oren

Chief Information Security Officer
Legg Mason

5:35 pm - 6:05 pm Networking Reception