T.E.N. Knowledge Base

Loading

ISE North America 2011 Presentations

Bryan Vargo
Sr. Manager, Enterprise Product Security Office
Information Security and Risk Management
McKesson Corporation

Answering the Question, “Could this happen to us?” (with Confidence) > Download the Presentation (pdf)
While no one can predict the future, you can answer practical questions about your organization’s security posture with greater confidence and clarity. Bryan Vargo, Senior Manager, Enterprise Product Security at McKesson Corporation will discuss how to proactively gauge the security of your critical assets against breach threats. You’ll learn how continuous, goal-based security testing can deliver proactive, actionable security intelligence without overwhelming you with data.

Bill Boni

Bill Boni
Vice President and Corporate Information Security Officer
T-Mobile USA
ISE® Luminary Leadership Award Winner 2015
ISE® North America Commercial Executive Award Finalist 2007
ISE® Central Executive Award Winner 2007

Biography

Blocking and Tackling: Developing a Winning Game Plan to Overcome The Security Challenges with the Consumerization of IT and Mobility in the Enterprise >Download the Presentation (pdf)
With the boundaries between work and personal technologies diminishing and the adoption of consumer technology and mobility sparking innovation across all industries security executives are faced with a new set challenges to solve – and breaking new ground in the process.

As the Chief Information Security Officer for T-Mobile and previously for Motorola Corporation, Bill Boni will provide an insightful keynote presentation that discusses the following:

  • What kinds of security strategies should we be designing and implementing for deploying mobile smart-phones and tablets in the enterprise.
  • Whether the mobility operating systems are really groomed for the enterprise and are they “secure.”
  • Truth and myths of the delivery and security of enterprise mobile apps
  • What technologies should a company “green-light”? And what technologies, if any, should be blocked altogether? Or is there a middle ground?

Richard Seiersen

Richard Seiersen
Principal Solution Engineer
Kaiser Permanente
ISE® North America Health Care Executive Award Finalist 2011
Biography

Operational Risk Management Project > Download the Presentation (pdf)
Richard Seiersen will discuss Kaiser Permanente’s Operational Risk Management project and how it applies security intelligence within a GRC framework to allow their organization to identify and prioritize actionable security risk.  This presentation will cover how business intelligence practices are used to automate the collection of enterprise asset data, vulnerability data, and mitigation data into a “single pane of glass.” “Risk tolerance rules,” then operate on the aforementioned data, creating workflow for the purpose of protecting Kaiser's critical assets.  The net result is a highly scalable and automated full-stack framework for addressing both vulnerability remediation and associated mitigation up and in the systems stack.

Jerry Archer

Jerry Archer
Senior Vice President, Chief Information Security Officer
Sallie Mae
ISE® North America Commercial Executive Award Winner 2011
Biography

Transformational Leadership: Aligning GRC to Deliver Results of the Business > Download the Presentation (pdf)
Join Jerry Archer as he discusses the challenges of inheriting an organization that had experienced significant top-level turnover.  As a result, he had to completely rebuild his leadership team as well as most of the senior technical positions. His results in the face of this challenge are hard to exaggerate. Most of the subject matter experts as well as the leadership capabilities had to be replaced. Jerry will share how he completely reinvigorated the security technology, processes and risk management practices while rebuilding his team. Over the past twelve months, Jerry’s organization has implemented new IPS, SIEM, IDS, Access Management and IT GRC platforms. These critical capabilities have resulted in significant productivity gains and a reduction in risk. The introduction of the IT GRC platform was done with a complete business re-engineering of the IT Compliance/Risk Management function. This effort alone resulted in the ability to manage three times the number of regulatory requirements (due to a new government contract) with no increase in staff (66% productivity gain). This is a showcase initiative and was truly based on Jerry’s inspiration.

Rich Jackson

Rich Jackson
Senior Advisor to the CIO for Cyber Security
Chevron Corporation
ISE® Luminary Leadership Award Winner 2011
ISE® North America Executive Award Finalist 2006

Biography

Information Security as a Business Enabler > Download the Presentation (pdf)
Security-related risks have prolifered over the last decade. Break-ins into government and commercial systems that result in extrusion of sensitive and proprietary information have become commonplace. So much new malicious code surfaces every week that anti-malware vendors cannot keep up. As the Stuxnet worm has shown, software is now even being used as a weapon. Consequently, information security has become increasing critical to organizations. Paradoxically, however, many organizations have done little to effectively manage the risk associated with information and information processing resources. Properly managing this risk requires an understanding of value of information security to the business--how, for example, it can help ensure end-to-end business process integrity and availability despite all the security-related risks that threaten to disrupt business processes.  This presentation explores information security from an business point of view with the premise that investing the time and resources needed for security risk mitigation produces excellent returns from a business perspective. Additionally, this presentation explains ways of measuring the value of information security and ensuring that security investments yield suitable business returns.

Brad Sanford

Brad Sanford
Chief Information Security Officer
Emory University
ISE® North America Healthcare Executive Award Winner 2011
ISE® Southeast Executive Award Finalist 2011

Biography

Building Consensus to Achieve Effective Leadership > Download the Presentation (pdf)
Learn how Brad Sanford leverages his knowledge of and passion for information security to persuasively engage executive leadership and obtain direct buy-in for critical information security initiatives. Brad has been successful in obtaining executive level support for his initiatives at Emory, in part because he has striven to ensure that the Information Security program and its initiatives are well aligned with the institution’s mission and strategy. These initiatives are prioritized and Emory’s institutional leadership is directly engaged to validate these priorities and to determine specifically which initiatives to fund, and thereby which risks get addressed and which do not. This exercise makes Information Security a much more personal in the minds of institutional leadership and serves to establish a real sense of ownership in the results of Emory’s Information Security program.  In this presentation, Brad will share how he was able to procure over $1M in funding for new Information Security initiatives (including new staff) at a time when most of the institutional was experiencing reductions in budget and shrinking staff levels.

Grace Crickette

Grace Crickette
SVP and Chief Risk and Compliance Officer
AAA NCNU
ISE® North America Executive Award Winner 2011 - Education/Non-Profit Category
Biography

University of California’s Risk Insurance Program > Download the Presentation (pdf)
In this presentation, Grace Crickette will discuss how her team’s efforts at the University of California have resulted in a savings (in terms of reducing the UC’s cost of risk) by $493,000,000, nearly a half of a BILLION dollars.  This feat was accomplished through many avenues including the development of the UC’s Cyber Risk Insurance Program which incents IT departments at the campus and med center level to adhere to a set of achievable IT Security standards in order to gain access to insurance coverage in the instance of data breaches, etc.  Grace will share how this has lead to an overall greater adherence to UC’s IT Security standards across the board and reduced overall claims costs associated with security and data breaches.

Glen Taylor

Glen Taylor
Chief Information Security Officer
The Walt Disney Company
ISE® North America Commercial Executive Award Winner 2013
ISE® Southeast People's Choice Award Winner 2011
ISE® Southeast Executive Award Finalist 2011

Biography

Bag It and Tag It! > Download the Presentation (pdf)
The Walt Disney World Resort is the largest single site employer in the world with over 58,000 Cast Members in one location.  The recent consumer trend towards wireless devices combined with the huge workforce resulted in many unknown or rogue wireless access points.   Join Glen Taylor as he shares how this project was challenged to identify, locate, and address the unauthorized wireless access points located within the 47 square mile area (approximately the size of San Francisco) that contains Walt Disney World.   The Project Team was faced with a daunting task and addressed the risk by building, planning, and executing a "scavenger hunt" activity focused on finding, reporting, and cataloging rogue devices.  Following the "scavenger hunt" a team of security and compliance analysts removed tagged devices or worked with users to bring them into our managed device program.  In effect learn how Disney created an army of people (up to 100 per event) by "crowd sourcing" teams into fun team building events and built awareness, good processes, and strong relationships to address the issue without negatively impacting operations or employee relations.

ISE Northeast 2011 Presentations

John Masserini

John Masserini
Chief Security Officer
MIAX Options
ISE® Northeast Executive Award Winner 2010
ISE® North America Executive Award Finalist 2010

Biography

Why Information Security is a Top of Mind Issue for Everyone > Download the Presentation (pdf)
Before the digital revolution, security professionals were kept awake at night worrying about the potential threat posed by an untrustworthy member of their organization  Now with insider threats, social engineering, spear phishing, legitimate websites hosting malware as well as blended threats with multiple infection vectors being commonplace and the rapid adoption of cloud and mobile computing, Information Security Executives are being asked by the C-Suite, Board of Directors, lines of business leaders, end-users and customers and partners alike about what is being done to combat these threats.

In this keynote presentation, John will share how to articulate that information security has become a business enabler and is critical to organizations. This presentation explores information security from a business point of view with the premise that investing the time and resources needed for security risk mitigation produces excellent returns from a business perspective.  Additionally, this presentation explains ways of measuring the value of information security and ensuring that security investments yield suitable business returns across the enterprise.

Peter Lassig
Global Head of Risk Management, Border Controls
Deutsche Bank
Biography

Managing Risk and Remediation through Global Interactive Security Heat Mapping > Download the Presentation (pdf)     ITSET Demo (mp4)     Innovation Day Flyer (pdf)
In this presentation, Peter Lassig and Markus Sanio will discuss the IT Security Exposure Tool (ITSET) that delivers a Global interactive Security Heat Mapping model that identifies IT security exposures and guides the prioritization of re-mediation efforts.  ITSET delivers an interactive Global Technology wide application-centric Heat Mapping model, identifying IT security risks in order to prioritize re-mediation and exposure reduction efforts. Join this presentation to learn more about how the application layers are visualized in a dynamic component tree with drill down capabilities for risk evaluation.  All the information is pulled directly from global asset repositories including location, ownership and support group information.

James Beeson

James Beeson
Chief Information Security Officer
GE Capital
ISE® North America Executive Award Finalist 2011
Biography

Compliance with the Dodd-Frank Act—Highly Privileged Access Monitoring and Control > Download the Presentation (pdf)
Mike Parella and James Beeson will share their Highly Privileged Access Monitoring and Control project they used to prepare GE Capital for operating under stricter regulatory standards imposed by the federal government through the Dodd-Frank Act. The project involved establishing an operational definition of file transmission and implementing technology to prohibit the egress of sensitive information while enabling such data to flow freely within the organization from secure source to secure destination without impeding business processes. This presentation will showcase how the Verdasys Digital Guardian Enterprise Information Protection platform was the cornerstone of a transparent and user-aware solution that provides monitoring, identification, control and blocking capabilities to ensure that administrators cannot mishandle sensitive and confidential HPA information residing on mission-critical Windows servers

Cathy Beech

Cathy Beech
Chief Information Security Officer
Children's Hospital of Philadelphia
Biography

Role Based Security > Download the Presentation (pdf)
In this presentation, Cathy Beech will talk through the steps CHOP took to establish a dedicated Information Security team to support the development, implementation, deployment, and maintenance of the new role based security model as part of the Hospital’s implementation of its integrated electronic medical record (EMR) system for its entire healthcare network.   Join Cathy as she discusses how this project established standardized roles across the Hospital within the EPIC system and established the foundation for our Role Based Access Control (RBAC) and User Provisioning projects that will begin in fiscal year 2012.

ISE West 2011 Presentations

Bryan Vargo
Sr. Manager, Enterprise Product Security Office
Information Security and Risk Management
McKesson Corporation

Moving from Reactive to Proactive > Download the Presentation (pdf)
With the number of security breaches exceeding 500 million since 2005 and increasing each year, the leadership of corporate america needs to take security seriously.  To do this the mindset needs to be changed from reactive to proactive.  This presentation includes insights and perspectives on how to ensure a secure environment and advantages of continuos testing.

Michael Barrett

Michael Barrett
Chief Information Security Officer, VP Information Risk Management
PayPal
ISE® North America Commercial Executive Award Winner 2010
ISE® West Executive of the Year Award Winner 2010
ISE® West Executive Award Finalist 2007

Biography

A Litmus Test for Proposed Internet Regulation > Download the Presentation (pdf)
These days, it seems as though every other news article is talking about cyber-crime or cyber-warfare, and discussing how the US Congress intends to control and regulate Internet security.  There are indeed many pieces of prospective legislation, including one recent suggestion from the White House, that are in various stages of approval within the Congress.  While 2011 is a year in which there is a strong expectation of bipartisan progress on this topic, it’s not clear what will pass, nor even how to assess what’s being discussed.  In order to do that, we need a framework that would lay out all of the policy areas that might be needed.  In this presentation, we cover what that would look like.

Mike Kyle

Mike Kyle
CSIRT Team Lead
Los Alamos National Laboratory
Biography

CSIRT Transformation > Download the Presentation (pdf)
In this presentation, Mike Kyle will share how the Los Alamos National Laboratory (LANL) Computer Security Incident Response Team (CSIRT) embarked on a transformation project that has completely restructured and enhanced the program to significantly increase the likelihood of event detection and reduce the incident response time frame in all phases of the program. This team successfully delivered 5 critical change areas including:

  1. Establishment of a talent pipeline
  2. Development of CSIRT training and education
  3. Instantiation of definitive CSIRT processes, standards, and tool lifecycles
  4. Iimplementation of innovative and best-in-class monitoring, analysis and forensic tools spanning the unclassified and classified networks
  5. Cyber security strategic planning and alignment.  

Join this presentation to learn how the result of these initiatives have been a dramatic improvement of the LANL cyber security posture and meaningful reductions in the time frame to identify, contain, and remediate security events.

Richard Seiersen

Richard Seiersen
Principal Solution Engineer
Kaiser Permanente
ISE® North America Health Care Executive Award Finalist 2011
Biography

Operational Risk Management Project > Download the Presentation (pdf)
Richard Seiersen will discuss Kaiser Permanente’s Operational Risk Management project and how it applies security intelligence within a GRC framework to allow their organization to identify and prioritize actionable security risk.  This presentation will cover how business intelligence practices are used to automate the collection of enterprise asset data, vulnerability data, and mitigation data into a “single pane of glass.” “Risk tolerance rules,” then operate on the aforementioned data, creating workflow for the purpose of protecting Kaiser's critical assets.  The net result is a highly scalable and automated full-stack framework for addressing both vulnerability remediation and associated mitigation up and in the systems stack

Craig Rosen

Craig Rosen
Senior Principal Security Architect
PG&E
Biography

Enterprise Security Technology Strategy > Download the Presentation (pdf)
Craig Rosen will present PG&E’s Enterprise Security Technology Strategy. This strategy is a comprehensive technology-focused “living” strategy consisting of three critical areas of focus for PG&E. These strategic areas of focus are identity & access management, data and information protection, and network and infrastructure protection. Join Craig as he shares how this strategy is designed to provide high-level technology investment direction across all aspects of the company from all enterprise back-office systems to securing the Smart Grid and how this ultimately helped to more rapidly advance the security protection posture for PG&E.

Grace Crickette

Grace Crickette
SVP and Chief Risk and Compliance Officer
AAA NCNU
ISE® North America Executive Award Winner 2011 - Education/Non-Profit Category
Biography

University of California’s Risk Insurance Program > Download the Presentation (pdf)
In this presentation, Grace Crickette will discuss how her team’s efforts at the University of California have resulted in a savings (in terms of reducing the UC’s cost of risk) by $493,000,000, nearly a half of a BILLION dollars.  This feat was accomplished through many avenues including the development of the UC’s Cyber Risk Insurance Program which incents IT departments at the campus and med center level to adhere to a set of achievable IT Security standards in order to gain access to insurance coverage in the instance of data breaches, etc.  Grace will share how this has lead to an overall greater adherence to UC’s IT Security standards across the board and reduced overall claims costs associated with security and data breaches.

ISE Central 2011 Presentations

Brian Wrozek

Brian Wrozek
Chief Security Officer
Alliance Data Systems
ISE® Central Executive Award Winner 2008
Biography
T.E.N. Success Story

Security 2.0: Productivity is as Important as Protection > Download the Presentation (pdf)
Security threats to enterprises continue to become more sophisticated as applications have become the front line of business where threats typically either are embedded in an application, ride with on or target.  With productivity being just as important as protection, it's no surprise that security executives are looking for innovative and cost-effective ways to protect corporate networks, data, customers and associates. Further, with the advancement of cloud computing and SaaS applications cutting across a myriad of industries, indiscriminateblocking of content is no longer an acceptable solution in today's businessenvironment, where 24x7 anytime anywhere access to the Web is imperative.

This presentation will provide the following insights and perspectives:

  • How to capitalize on the productivity enhancements afforded by a new wave of Web 2.0 Internet-based applications,while also limiting exposure to the sophisticated network threats
  • Garner improved visibility to identify and track applications that are trying to tunnel over from different ports
  • Generate user-based visibility and control of applications for heightened security
  • Cost-effective methods for securing multiple networks from business purposes to non-critical/guest usage

Kevin Swailes Kevin Swailes
Director Global IP Protection, COE (Center of Excellence)
General Electric Energy
ISE® Central Executive Award Finalist 2011
Biography

DLP for IP Protection > Download the Presentation (pdf)
The DLP for IP Protection project was undertaken to protect GE Energy’s investment in its innovative technologies and competitive advantage by protecting its intellectual property and trade secrets. This presentation will highlight the holistic approach taken to protect the company’s intellectual property and how DLP technology secured classified information from insider threat while enabling sensitive information to move freely across the global organization and enable business processes. This session will also discuss how the Digital Guardian Enterprise Information Protection platform serves as the cornerstone for a policy-driven solution that provides discovery, monitoring, prevention and deterrence capabilities to ensure trusted and privileged users cannot mishandle sensitive data.

John R. South

John R. South
Chief Security Officer
Heartland Payment Systems
ISE® Central Executive Award Winner 2011
ISE® of the Decade Central Award Winner 2012
ISE® North America Executive Award Finalist 2011

Biography
T.E.N. Success Story

Post-Breach Recovery and Reclamation > Download the Presentation (pdf)
Heartland is the fifth largest payment processor in the United States delivering credit/debit/prepaid card processing, gift marketing and loyalty programs, payroll, check management, and related business solutions to more than 250,000 business locations nationwide.  This presentation will highlight how the company overcame its high-profile security challenges by tackling head-on a portfolio of diverse risks such as “phishing”, network/application vulnerabilities, data leakage and insecure coding practices in the software development lifecycle (SDLC).  With the rapid advances in today’s threat models and many lessons learned, this presentation will also address how company partnered with leading solution providers and partners to provide guidance that delivered the security tools and support services that allowed Heartland to set new standards and reclaim its status as an industry leader.

Shammy Rama Shammy Rama
Director SRM
Electronic Arts
Biography

BSOC – Business Security Operations Center – The Next Generation SOC > Download the Presentation (pdf)
This presentation will share how Electronic Arts (EA) through its’ "Business Security Operation Center" (BSOC), created a new generation 24X7 operation providing security and quantifiable risk management services to all its global offices. Highlighted in this presentation will be the type of risk management services that went into the BSOC service portfolio and that it met a stringent criteria and ‘scoring’ system to include Revenue Generation, Business Expansion, Employee Mobility, Loss Mitigation and Business Innovation. Also included in this session, will be how EA implemented a new twist on a traditional Security Operations Center (SOC) by addressing key ‘business’ enabling security services by centralizing security from all different domains such as physical security (including supply chain), incident management, information security, intellectual property protection, fraud monitoring to name a few.

Lisa Hodkinson Lisa Hodkinson
VP, Information Risk Management
Nationwide
Biography

Effective Business Management = Enabling the Business through Effective Risk Management > Download the Presentation (pdf)
This presentation will highlight how Nationwide established the framework, process and tools to identify and prioritize the top IT risks for their organization by aligning with information needs of the business leaders. Also covered in this session is how the Nationwide Project Team applied the learning and methods followed in the insurance industry to create a prioritized risk structure and framework that correlated inputs from business objectives, current IT risks, industry trends and broader IT risk landscape which ultimately culminated into a multi-year program roadmap and resulted in their business leaders mitigating their risk over time.

ISE Southeast 2011 Presentations

name

Mark Leary
Vice President, Chief Information Security Officer
Conduent
ISE® Southeast Executive Award Winner 2010
Biography

Keynote Address: The Era of Outsourcing > Download the Presentation (pdf)
Fears associated with outsourcing are bound to arise, which is only natural, and understanding the factors that are associated with outsourcing need to be carefully considered before any decision is made.  The security of critical data, of employee privacy and of business transactions tends to keep information security executives awake at night.  Mark will relate a CISO’s journey as a company moves from previously hosting it’s own business IT functions to one that embraces an IT outsourcing strategy.

Glen Taylor

Glen Taylor
Chief Information Security Officer
The Walt Disney Company
ISE® North America Commercial Executive Award Winner 2013
ISE® Southeast People's Choice Award Winner 2011
ISE® Southeast Executive Award Finalist 2011

Biography

Aligning Security to Deliver Results to the Walt Disney Company > Download the Presentation (pdf)
In this presentation, Glen Taylor will share the three step model Disney used to align their information assurance with the increasing corporate investment and business demands over the last 12 months. With the increased volume of organizational and technical change the risk of new vulnerabilities and threat to Disney’s confidentiality and integrity was significant.  Using this three step model (Information Security Assessment, Vulnerability Scanning and Security Validation) Disney’s Security & Compliance team was able to safeguard against any security issues while delivering an online dining reservation initiative, doubling their cruise capacity, and replacing the Walt Disney World property management system.

Kevin Charest

Kevin Charest
Deputy Director
U.S. Department of Health and Human Services
Biography

The HHS CyberSecurity Technology Project > Download the Presentation (pdf)
Daniel Galik and Kevin Charest will discuss how the US Department of Health & Human Services HHS CyberSecurity project provided HHS Operational Divisions with the supporting infrastructure to build secure enclaves to house management components of essential information security technologies. They will share more about the enclaves they secured that are a combination of network taps, firewalls, routers, switches & authentication technologies to allow seamless integration of Intrusion Detection/Prevention Systems, Security Incident & Event Management for event correlation and Network Forensics tool for malware analysis.

Chris Ray

Chris Ray
Information Security and Compliance Consultant
ISE® Southeast Executive Award Winner 2011
Biography
T.E.N. Success Story

The Virtualized Laptop > Download the Presentation (pdf)
Prior to 2010, the only way sales agents could get a laptop supported by Aflac was to purchase it already provisioned with the appropriate software.  Aflac ultimately paid the agents back for the laptop by offering credits for every customer policy written with that laptop until the laptop was paid for.  In addition to the initial burden of expense to the sales agent and the ultimate cost going to Aflac, the model also made it difficult for integrating new business partners who already maintained their own company devices or for those who may have already owned their own laptop.  Chris will share with us how he developed, proposed, and tested an idea which was brought to fruition in 2010.  By creating a self-contained image of the laptop (virtualizing) and putting it on an external hard drive (or even USB drive), the sales agents could spend a minimal amount of money to conduct their business and have the flexibility to use the external hard drive on any desktop/laptop they choose.  All security was maintained on the virtualized hard drive itself – including antivirus, encryption, access controls, and the like.  Join us to learn more!

Brad Sanford

Brad Sanford
Chief Information Security Officer
Emory University
ISE® North America Healthcare Executive Award Winner 2011
ISE® Southeast Executive Award Finalist 2011

Biography

Building Consensus to Achieve Effective Leadership > Download the Presentation (pdf)
Brad Sanford is an information security leader who leverages his knowledge of and passion for information security to persuasively engage executive leadership and obtain direct buy-in for critical information security initiatives. Brad has been successful in obtaining executive level support for his initiatives at Emory, in part because he has striven to ensure that the Information Security program and its initiatives are well aligned with the institution’s mission and strategy. These initiatives are prioritized and Emory’s institutional leadership is directly engaged to validate these priorities and to determine specifically which initiatives to fund, and thereby which risks get addressed and which do not. By leveraging this approach Brad was share how he was able to procure over $1M in funding for new Information Security initiatives (including new staff) at a time when most of the institutional was experiencing reductions in budget and shrinking staff levels.