September 22 - 24, 2019
The Ballantyne Charlotte, Charlotte, NC

Day Two: Monday, September 23, 2019

7:30 am - 8:00 am Breakfast

8:00 am - 8:05 am Chairperson's Opening Remarks

8:05 am - 8:50 am A Lesson in Survival: Transforming Culture By Preparing for a Crisis

Is your team prepared for the uncertainty and chaos of a security incident? How rapidly can your organization band together during a crisis? Who do you need to navigate a major security event and have you trained them to identify and support their stakeholders?
 
In this talk, we will show how key personalities, including  "fire fighters" and "bridge builders", emerge during the pandemonium of a major security event, and how these roles are core to the effectiveness of the security program long before a crisis ever happens. We will demonstrate how identifying, developing, and empowering these team members will allow you to not just survive a major event, but proactively build trust with your stakeholders and transform your security culture.
Adam Tice, Senior Vice President of Cybersecurity at Equifax

Adam Tice

Senior Vice President of Cybersecurity
Equifax

8:50 am - 9:20 am Rethinking and Retooling Privacy in a Regulated Era

With new regulations and privacy mandates such as the California
Consumer Privacy Act (CCPA) and updated New York State Cybersecurity Requirements 
(23 NYCRR 500) emerging across North America, it's more critical than ever to have a proven
process to identify and classify your organization's risk score for regulated data. Across all
industries, this process needs to enable you to automatically:

•Discover sensitive or regulated data
•Classify the data
•Scan for vulnerabilities 
•Begin remediating risk 



Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

Ignite Session

9:20 am - 9:40 am The 7 Habits of Highly Effective Cyber Defense Teams
Chris Oakley, VP Technical Services, Americas at Nettitude

Chris Oakley

VP Technical Services, Americas
Nettitude

9:20 am - 9:40 am Making the Case for Deception as a Practical Cyber Defense Solution

Deception is a potentially powerful, but underutilized cyber security technology. Currently, many CISOs evaluating cyber tool stacks think deception is too costly and impractical. In this session, PacketViper founder and CEO Francesco Trama will share a different perspective and client experiences on internal and external facing deception technology acting earlier in the cyber kill chain to greatly strengthen a dynamic defense posture.
Francesco Trama, CEO at PacketViper

Francesco Trama

CEO
PacketViper

9:40 am - 9:55 am Networking Break

9:55 am - 10:25 am Business Meetings

10:25 am - 10:55 am Business Meetings

10:55 am - 11:25 am Business Meetings

Brainweave

11:30 am - 12:15 pm Improving Identity and Access Management in Financial Services
People, processes and technologies are all critical to effective privileged access management.  The evolving IAM landscape improves business outcomes, strengthens   the user experience and increases operational efficiency. Beyond a tick box for compliance, identity and security analytics can improve decision-making information for business managers, driving access revocation rates higher. Attend this session to learn how analytics can make your governance investment worthwhile with examples including:

•Focusing on orphaned accounts
•Detecting behavioral anomalies
•Responding with multi-factor authentication

Masterclass

11:30 am - 12:15 pm CMMI® Institute: Building Resilience Through a Risk-Based ‘Cybermaturity’ Approach
The CMMI Institute interviewed CISOs/CSOs seeking
to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to
provide a holistic solution that seeks to align
pragmatic insights with business objectives, the
CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that
can support organization of varying complexity and
security demands while providing a clear
understanding of the priorities an organization should attack first. 

Key Takeaways: 

•Understand the challenges global
organizations are facing and how leading
organizations are solving
•Understand a risk-based approach for
prioritizing investment for organizations
with varying complexity and security
demands
•Understand the CMMI Institute’s holistic
approach of assessing the maturity of an
organization’s security capability maturityThe CMMI Institute interviewed CISOs/CSOs seeking
to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to
provide a holistic solution that seeks to align
pragmatic insights with business objectives, the
CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that
can support organization of varying complexity and
security demands while providing a clear
understanding of the priorities an organization should attack first. 

Key Takeaways: 

•Understand the challenges global
organizations are facing and how leading
organizations are solving
•Understand a risk-based approach for
prioritizing investment for organizations
with varying complexity and security
demands
•Understand the CMMI Institute’s holistic
approach of assessing the maturity of an
organization’s security capability maturity

Douglas Grindstaff, Senior Vice President of Cybersecurity Solutions at CMMI Institute

Douglas Grindstaff

Senior Vice President of Cybersecurity Solutions
CMMI Institute

12:15 pm - 1:15 pm Networking Lunch

Cyber security needs to be aligned with the business with accountability across the organization and with the customers. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders and translates to what customers are seeking. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instill security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn:

  • Engaging, managing, and exceeding expectations
  • Top-down focus on risk management
  • Evolving roles of the CISO, CIRO, and CIOs

Eric Staffin, Chief Information Security Officer at IHS Markit

Eric Staffin

Chief Information Security Officer
IHS Markit

Sajan Gautam, Chief Information Security Officer at Arvest

Sajan Gautam

Chief Information Security Officer
Arvest

Kevin Gowen, CISO at Synovus

Kevin Gowen

CISO
Synovus

Aaron Weissenfluh, Chief Information Security Officer at CBOE Global Markets

Aaron Weissenfluh

Chief Information Security Officer
CBOE Global Markets

2:00 pm - 3:00 pm Practitioner Roundtables

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement. 

Brainweave

3:05 pm - 3:50 pm Achieving Risk Tolerance Through Solid Risk Frameworks
Concise, clear communication is essential to identify risk tolerance and the key assets that must be protected.  Frameworks such as NIST CSF provide a common language of communication for stakeholders. Breach contingency planning and communications are as important as breach prevention. But strengthening relationships with legal, HR, PR and other stakeholders often is pushed away with focus resting on breach prevention. 
In this session:

•Developing and practicing contingency planning
•Utilizing risk frameworks for communications in a common language
•Exploring impact of changing legal and regulatory requirements

Masterclass

3:05 pm - 3:50 pm Preparing for a Quantum World
This future-focused session explores the potential impacts of advances in quantum computing and quantum cryptography on confidentiality, integrity, and expectations of privacy. From potential challenges such as rendering some or all current encryption algorithms obsolete due to processing power, to the concept of a re-imagined Quantum Internet with possibly guaranteed confidentiality. The information discussed is intended to provoke insights into the  emerging security landscape. Whether the advent of quantum-based computing and cryptography turns out to be beneficial or harmful (or both), expectations must be reset and realigned to plan for such a paradigm shift.
In this session:

•Differentiating between a quantum computer and classical computer
•Understanding the impact of quantum algorithms on cryptography
•Realigning expectations for the paradigm shift of quantum-based cryptography

3:50 pm - 4:05 pm Networking Break

4:05 pm - 4:35 pm Business Meetings

4:35 pm - 5:05 pm Business Meetings

5:05 pm - 5:35 pm Business Meetings

5:40 pm - 6:10 pm Implementing Best Practices for Risk and Control in Financial Services

Organizations must make proactive decisions that assess the risk-return trade-off instead of being simply reactive when an incident occurs. In this session, attendees will learn about new ways to adjust approaches to disruption and receive best practices to address all types of risk including financial, operational, IT, geopolitical and catastrophic. Explore the CISOs role with the CFO and preparation to be a trusted advisor and partner to the CEO, CIO and CFO in the development of strategic plans and to drive innovation throughout the organization all while controlling costs. To truly be effective, it is impossible to ignore the data and fraud risks. Explore how driving the importance of a modern IT infrastructure and advise how transforming your IT organization will enhance security, mitigate fraud exposure and provide savings and efficiencies critical to your business’ success.

  •  Knowing the implications of data and implementing effective controls 
  •  Making proactive decisions for risk-return tradeoffs 
  •  Improving efficiencies and decreasing risks while lowering cost
Russell D'Souza, VP Credit and Operations at Volvo Financial Services

Russell D'Souza

VP Credit and Operations
Volvo Financial Services

6:10 pm - 6:40 pm Innovating Third Party Risk Management (TPRM) in a Transformation World

Organizations are gravitating quickly to transformation (cloud, agile, RPA, etc).  The goal of these activities is to improve customer service, increase revenue, reduce cost and operate more agile to name a few. This process requires TPRM activities to keep up with the transformative process.

In this session:
•Appropriate access levels for third parties user and system accounts
•Secure development of application integrations; including firewall configuration 
•Sectioning internal networks to limit third party needs


Nasser Fattah, Managing Director at MUFG Union Bank

Nasser Fattah

Managing Director
MUFG Union Bank

6:45 pm - 7:15 pm Networking Reception