ISE® North America Schedule of Events 2017

November 15, 2017

10:00 AM - 3:00 PM : Registration

Location: Prefunction – 2nd Floor

11:30 AM : ISE® North America Signature Luncheon*Invitation Only

Location: Shedd - 2nd Floor
John Graham

John Graham
Chief Information Security Officer
Jabil
ISE® Southeast Executive Award Finalist 2012
ISE® Southeast Executive Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Commercial Category

Biography

Reducing Cyber Exposure for the Modern Attack Surface
Today’s IT landscape has a very different attack surface than the traditional data center of years past. Modern assets like cloud instances, web-based applications, mobile devices, application containers, and many more interconnected tools and solutions have different characteristics that can greatly affect your security and risk management program without proper guidance and management in place. Join our conversation as we discuss the impact of the modern cyber exposure gap and what you can do to help reduce your organization’s overall attack surface.

1:00 PM : Welcoming Remarks and Introductions

Location: Great Lakes C - 2nd Floor
Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® North America Leadership Summit and Awards 2017.

1:10 PM : Keynote Address

Location: Great Lakes C - 2nd Floor
Craig  Froelich

Craig Froelich
Chief Information Security Officer
Bank of America
ISE® North America Executive Award Winner 2016 - Financial Category
ISE® Southeast Executive of the Year Award Runner Up 2017
ISE® North America Executive Award Finalist 2017 - Financial Category

Biography

We Are Better When Connected
The challenges facing Information Security Professionals are only going to continue growing. The questions we need to be asking, much like the threats we face, change on a regular basis. Moreover, there is no single source of information, set of standards, vendor, organization, or security executive can be expected to have all of the answers. Fortunately, information security professionals don’t have to go it alone. Burdens can be lightened and challenges of all shapes and sizes can be overcome through effective collaboration and information sharing from the macro- to micro-level. Join Craig Froelich, CISO for Bank of America as he discusses the benefits of connecting and collaborating as members of the InfoSec community and the wealth of knowledge, experience, and problem solving we can all bring to the table in order to build a more secure future.

1:45 PM : Interactive Executive Roundtables

Location: Great Lakes C - 2nd Floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.

Gone Phishing: Securing the Enterprise from Social Engineering Attacks

Inserro_Jennifer

Jennifer Inserro
Director of Information Security Compliance
HCSC Health Care Service Corp.

Social media, a digital medium that is rooted in sharing personal and professional data, continues to be a favorite target for cyber-criminals because it offers a virtual treasure trove of readily accessible information. The very nature of how information is shared via social media goes against many longstanding core information security principals. Businesses of all shapes and sizes can be targets of social media engineering and phishing attacks. While phishing itself is an incredibly well-known attack technique, it still continues to be a major security issues for many organizations. Symantec’s 2017 Internet Security Threat Report found that Business Email Compromise (BEC) scams, relying on spear-phishing emails, targeted over 400 businesses every day, draining $3 billion over the last three years. While it’s critical for security teams to keep up to date on current social engineering and phishing attacks, what else needs to be done to ensure the enterprise at large is aware of the dangers and pitfalls of these kinds of attacks?

Outsourcing Cybercrime: Combatting Ransomware as a Service

Ricardo Lafosse

Ricardo Lafosse
CISO
Morningstar, Inc.
Biography

Ransomware is certainly nothing new in the cybersecurity business, with the first instances having appeared more than a decade ago. However, this old threat has undergone some deadly changes over the last few years. The rise of the Ransomware as a Service (RaaS) distribution model gives would-be cybercriminals the means to launch a cyber-extortion business with virtually no technical expertise required, flooding the market with new ransomware strains in the process. 2017 saw an influx of potent and damaging RaaS attacks like Petya and WannaCry, both of which showed the attack model’s devastating potential to spread quickly and cause serious damage. As the use of RaaS continues to grow, Information Security executives and their security teams need to take new precautions in order to combat this new form of a familiar threat.

The Increasing Impact of Insider Threats

Pace_Robert

Robert Pace
Vice President, Information Security & Compliance
First American Payment Systems
Biography

Insider threats continue to be one of the top cyber security threats and have proven that they are a force to be reckoned with. According to a 2017 Insider Threat Report, 53% of companies estimate remediation costs of $100,000 and more, with 12% estimating a cost of more than $1 million. The same report suggests that 74% of companies feel that they are vulnerable to insider threats, with 7% reporting extreme vulnerability. Every company will face an insider-related breach sooner or later regardless of whether it will be caused by a malicious action or an honest mistake. As costs related to insider threats continue to grow, what can Information Security Executives and their security teams do to combat this all too familiar foe?

Seeing the Bigger Picture with Big Data Security Analytics

Ganesh Murugan

Ganesh Murugan
Director of Cyber Strategy
MUFG Americas
Biography

With so much data at their disposal, more organizations are looking at ways to implement big data analytics and technologies to stay ahead of the curve. Currently, big data analytics plays an important part in help security teams understand major cyber security trends. By using big data analytics, it is possible to detect vulnerabilities and identify breaches that are already happening. Additionally, as more enterprises makes the move to cloud-based solutions, they also have a variety of ways to utilize big data analytics tools to better protect their organization. Big data has boundless potential to advance businesses and the future of data analytics does not have to be a daunting one. By using this technology in sync with the cloud, more enterprises can make the move to a more modernized and efficient IT security model.

2:45 PM : Break

2:55 PM : Nominee Showcase Presentation #1

Location: Great Lakes C - 2nd Floor

A Contextual Approach to Security Scoring: Creating a Multi-Dimensional View of Risk Assessment

Mike Kelly

Mike Kelly
Managing Director
JPMorgan Chase & Co.
Biography

In our modern and rapidly changing cybersecurity climate, vulnerability teams are constantly challenged to keep up with the perpetual volume of security alerts and vulnerabilities. As hardware and software vulnerabilities are discovered, firms have traditionally prioritized remediation efforts based solely on the criticality rating of the vulnerability. In a complex enterprise environment such as JPMorgan Chase, this approach falls short as it fails to consider business context of the targeted assets. With this in mind, JPMorgan Chase set out to create a vulnerability scoring model that allows their businesses to provide targeted focus on the most critical vulnerabilities and enable them to make informed risk-based decisions in a new way. Join our conversation to learn how JPMorgan Chase Cybersecurity’s Vulnerability Scoring Model has helped them enhance reporting capabilities, made their processes more effective, and enabled consistency across technology and application scoring by giving a value that is understood by everyone from developers to CIOs.

3:15 PM: CISO Deep Dive

Location: Great Lakes C - 2nd Floor

An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Pete Lindstrom

Pete Lindstrom
VP, Security Strategies
IDC
Biography

Panelists

Joe Bennett

Joe Bennett
CISO
Hertz Corporation
Biography

Craig  Froelich

Joey Johnson
Chief Information Security Officer
Premise Health
ISE® Southeast Executive of the Year Award Winner 2017
ISE® North America Executive Award Finalist 2017 - Health Care Category

Biography

Fred Kwong

Fred Kwong
Director, Information Security (CISO)
Delta Dental Plans Association
Biography

Mangold_Michael

Michael Mangold
Vice President – Information Security
Tractor Supply Company
ISE® North America Executive Award Winner 2017 - Commercial Category
Biography

3:00-8:00 PM : Registration

Location: Prefunction – 2nd Floor

4:00 PM : Nominee Showcase Presentation #2

Location: Great Lakes C - 2nd Floor

Risk vs. Reward: Strengthening and Maturing Information Security Processes and Controls

Marcia Peters

Marcia Peters
SVP, Information Security Governance, Risk, and Compliance
US Bank
Biography

U.S. Bank’s Process Alignment and Risk Management Enhancements (PARE) project sought to mature their information security program and create a more robust control set. The project started with a pilot of high risk information security processes in which the U.S. Bank team identified the need to be more granular at the process level and the need to work hand in hand with the oversight teams. The objective of the PARE project was to document information security processes, risks, and controls and align to the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF). Join our conversation to learn how the U.S. Bank Team was able to develop a method for tying controls to inherent risk, thereby achieving an acceptable level of residual risk which allows their peer organizations to generate cost savings, increase resource productivity and enhance information security processes and procedures.

4:20 PM : Nominee Showcase Presentation #3

Location: Great Lakes C - 2nd Floor

Building a More Secure Ship: Combating the Rising Tides of Threats Earlier and Faster

Goldsworthy_DJ

DJ Goldsworthy
Director, Security Operations & Threat Management
Aflac
Biography

Despite a very mature security posture and high-end cybersecurity technology in their network, Aflac wanted to address some issues around early detection of network compromise and also develop a way to automate the way threat data was processed. To counter these issues, the team implemented the Aflac Deception Project and the Aflac Threat Intelligence System to more early and accurately detect advanced threats that were inside their network and to consume large amounts of threat data which in turn, allowed them to use that data to protect the environment and inform security decisions. Join our conversation to learn how the Aflac team was able to reduce false alarms, greatly increasing the productivity of security operations staff and ensure that their business strategy incorporates a real-world perspective of risk and that all security funding decisions are optimized based upon a thoughtful consideration of the current tactics, techniques and procedures of threat actors.

4:55 PM: Late Afternoon Break

5:00 PM : VIP Reception (invitation only)

Location: Shedd - 2nd Floor

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM : Sponsor Pavilion and Dinner Buffet

Location: Great Lakes E, 2nd Floor

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2016, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM : ISE® North America Awards Gala

Location: Great Lakes AB - 2nd Floor
Todd Fitzgerald

Todd Fitzgerald
SVP, Chief Administrative Officer (CAO) Information Security and Technology Risk
Northern Trust
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
Security Author

Biography

Kevin McKenzie

Kevin McKenzie
CISO & VP of Information Technology
Dollar Tree Stores
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Biography

Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.

9:00 PM : Champagne and Dessert Reception

Location: Great Lakes AB - 2nd Floor

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.

November 16, 2017

7:00 AM - 10:00 AM : Registration

Location: Prefunction – 2nd Floor

7:30 AM : ISE® Private Networking Breakfast

Location: Great Lakes C - 2nd Floor

8:00 AM : Fireside Chat

Location: Great Lakes C - 2nd Floor

Security vs. Convenience: Essential Practices for Modern Security
As technology continues to become more and more integrated with our work and home lives, the issue of security vs. convenience continues to grow. Technology that makes our lives more convenient also tends to come with a fair share of issues that make us less secure. On the other hand, technologies that make you more secure aren’t always as convenient as we would like them to be. This same issue is just as relevant to the current state of information and cybersecurity. Too little security and you open yourself up to risk. Too much and it interferes with your productivity. Finding the appropriate equilibrium between securing the business and enabling business requires effective best practices. Join our conversation as we explore how to create a secure and efficient enterprise through strong authentication, essential practices, and resource management.

William Hugh Murray

William Hugh Murray, CISSP
Blog
ISE® Luminary Leadership Award Winner 2014

Peter Tippett

Peter Tippett
Founder & CEO
Healthcelerate
ISE® Luminary Leadership Award Winner 2017

8:50 AM : Women's Panel

Location: Great Lakes C - 2nd Floor

Building a Better and More Secure Future
For the last several years, there’s been a lot of discussion about the overall shortage of qualified talent in the cybersecurity workforce. A 2017 Frost & Sullivan and (ISC)2 found that the global cybersecurity workforce will have more than 1.5 million unfilled positions by 2020. But the security industry is a fast-growing market, with IDC pegging it as becoming a $101 billion opportunity by 2020. As the threats we face continue to grow, so does the need for a more robust and qualified future generation of cybersecurity talent. While there’s no panacea for this problem, there are a variety of ways that those in the field can help bridge the gap. Security benefits from different types of people from different backgrounds that provide a broader insight into the key issues we face every day. Women and minorities still represent a tiny fraction of the current security population, but finding more ways to involve them in security are just one way to help the talent shortage. The benefits are plentiful, and not just for women. By attracting and maintaining highly qualified women, it can help diversify the field, improve overall quality by attracting more talent, and help reduce the cyber security labor shortage.

Moderator

Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

Panelists

Mignona Cote

Mignona Cote
CISO PayFlex; CISO Phoenix Data Services; SR Director Information Security
Aetna
ISE® Central People's Choice Award Winner 2017
ISE® Central Executive Award Winner Finalist 2017
ISE® North America Executive Award Winner 2017 - Health Care Category
ISE® North America People's Choice Award Winner 2017

Biography

Evette Maynard-Noel Evette Maynard-Noel
Deputy CISO/Deputy Associate CIO
U.S. Dept. of Homeland Security
Biography
Shelbi Rombout

Shelbi Rombout
SVP, Deputy CISO
MasterCard
Biography

Kyle Waddle

Kyle Waddle
Vice President, Corporate Information Security
Comcast Corporation
Biography

Yabing Wang

Yabing Wang
Chief Security Architect, Enterprise Technology & Architecture Services
Allstate Insurance Company
Biography

10:00 AM: Break

10:20 AM: ISE® Nominee Showcase Presentation #4

Location: Great Lakes C - 2nd Floor

Factoring Community into Security

Brad Sanford

Brad Sanford
Chief Information Security Officer
Emory University
ISE® North America Healthcare Executive Award Winner 2011
ISE® Southeast Executive Award Finalist 2011

Biography

Emory, like most academic institutions, found itself under constant assault by various types of technological miscreants and fraudsters. They were experiencing persistent phishing campaigns targeting their community, resulting in numerous compromised accounts per month. In response to this, Emory’s Duo Two Factor Authentication Project was an aggressive effort to deploy two factor authentication to the entire Emory user community consisting of nearly 80,000 faculty, staff, students, and affiliated users, and to require the use two factor authentication for access to multiple enterprise class applications including VPN, Office 365, PeopleSoft Student, PeopleSoft HR, PeopleSoft Finance, Citrix Virtual Desktop, and Emory’s Shibboleth web single sign-on solution. Join our conversation to learn how Emory University was able to roll out a highly effective and user friendly solution and not only drastically decrease the number of compromised account incidents, but also help their end users become more aware of potential fraudulent activity on their accounts.

10:40 AM: ISE® Nominee Showcase Presentation #5

Location: Great Lakes C - 2nd Floor

Building a The Next Generation of User Authentication

Santosh Kondekar

Santosh Kondekar
Senior Security Architect- Enterprise Architecture
Cardinal Health
Biography

A significant number of high profile security breaches have occurred over the last several years. The source of many of these breaches can be traced back to stolen identities or credentials which resulted in major data loss, huge finical penalties, and long-term negative impact on reputation of the breached organizations. In response to these threats, a comprehensive and layered approach to security and authentication is required to protect sensitive information and systems. Join our conversation to learn how Cardinal Health’s Next Generation Authentication project implemented a multi-factor authentication solution to address gap of identities being compromised and securing access to their applications and network.

11:00 AM - 11:30 AM: Closing Remarks

Location: Great Lakes C - 2nd Floor

11:30 AM: Program Concludes