ISE® CENTRAL PRIVATE WELCOME DINNER
Why Traditional Security Approaches Fail in Agile Infrastructure: And What to Do About It
Betty Elliot
VP, CISO
Moneygram
Biography
Enterprises continue to invest heavily in virtualized and cloud-based infrastructures. The era of elastic IT resources is here and it’s automated, on-demand and self-provisioning. This movement has not been so easy for some as more traditional security tools don’t always function as intended in cloud computing models. Security and compliance teams are learning that force fitting old security approaches can result in increased threats, lots of manual effort and delays in responding to the business. What’s needed is a new approach that allows businesses the freedom to take full advantage of agile infrastructure, while at the same time delivering comprehensive protection of critical assets. Join our conversation to learn how to deliver a more agile, efficient and effective security strategy that will enable your enterprise to fully capitalize on the many benefits of dynamic infrastructure.
May 3, 2016
11:00am - 8:00pm: Registration
San Antonio Ballroom Prefunction, 3rd floor
11:30 AM : ISE® Signature Luncheon *Invitation Only
Location: San Antonio Ballroom A, 3rd floor
Sponsored by
Kevin Novak
Chief Information Security Officer
Northern Trust - Chicago
Biography
Control Data in Motion, Use, and at Rest with Distributed Data Protection
With the adoption of social media, mobile devices, BYOD policies, and cloud infrastructure the perimeter has crumbled. Despite continued investments in security technology, valuable information continues to regularly travel beyond the enterprise’s control. But what if data could be controlled regardless of where it resides? Data can then be safely shared when a user’s role, environment, and device match enterprise requirements for access. This means compromised data becomes useless outside of the approved context. Join our conversation to learn how a distributed data protection model gives businesses full control of any sensitive data no matter where it travels for the lifetime of the data.
1:00 PM : Welcoming Remarks and Introductions
Location: San Antonio Ballroom B, 3rd floor
Marci McCarthy
CEO and President
T.E.N.
Biography
1:10 PM : Keynote Address
Location: San Antonio Ballroom B, 3rd floor
Steve Jensen
Global Chief Information Security Officer
Aegon
ISE® North America Commercial Executive Award Finalist 2013
ISE® North America Financial Executive Award Finalist 2016
ISE® Central Executive Award Finalist 2017
ISE® East Executive Award Finalist 2023
Biography
The State of Modern Security: Are We Ahead of the Curve or Struggling Against the Odds?
In this rapidly-progressing modern age, information security professionals are seeing both the best and worst of times. On the one hand, an ever-developing number of tools and methodologies are allowing CISOs and security teams to make incredible leaps and bounds in protecting critical assets across a bevy of industries. Unfortunately, the adversaries they face are also evolving at a rapid pace and continually finding new ways to circumvent old security methods while creating new challenges along the way. Join us as Steve Jensen discusses how this is a significant but risky era in cybersecurity. Do we accept our fate as forever one-upping the disruptive forces against us, fighting to stay ahead of the game? Or is there a way out of the Sisyphean cycle?
1:45 PM : Interactive Executive Roundtables
Location: San Antonio Ballroom B, 3rd floor
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.
Scott Pettigrew
VP, Chief Security Officer
HMS
Irving, TX
ISE® Central Executive Award Finalist 2014
ISE® North America Executive: Health Care Award Finalist 2014
ISE® Central People's Choice Award Winner 2015
ISE® Central Executive Award Winner Finalist 2015
ISE® Central Executive of the Year Award Winner 2016
ISE® Central People's Choice Award Winner 2016
ISE® North America Executive: Health Care Award Finalist 2016
ISE® North America Executive: Health Care Award Finalist 2017
ISE® North America Executive: Health Care Award Finalist 2019
Biography
Help or Hindrance? Looking at the Benefits and Flaws of Encryption-Based Security
Encryption and cryptography can be very powerful security tools when used correctly, but like all security measures, they’re not a panacea. Teams must determine the strength of encryption, who holds the keys, and at what level in their system they should implement encryption (storage, database, application level, etc). The many options for encryption offer a variety of security advantages, but they each have their own flaws to consider. Issues like malicious insiders abusing encryption keys, malware based bypasses, and overall encryption costs should all be taken into account. Join our conversation and learn what kinds of encryption and cryptography solutions are best for your organization, and how you can combine those solutions with other security procedures.
Shamoun Siddiqui
VP, CISO
Neiman Marcus
Biography
The war on APTs: Will We Ever Win?
Advanced Persistent Threats continue to make news headlines on a regular basis. Most incidents end with massive costs, and have even crippled careers and organizations. As a result, an onslaught of new tools and methodologies solely designed to combat APTs have entered the market during the last few years. Yet these threats continue to loom as the most significant danger to security teams. An ISACA APT Awareness study conducted in August 2015 revealed that 93.6% of respondents consider APTs to be a “very serious threat” for their companies, and the T.E.N. and IDC Salary Survey Report indicated that 12% of security executives believed they could lose their jobs in the case of a significant data breach. The fear leaves many wondering: will we ever win? Join our conversation to share your most innovative best practices for combating APTs, and discuss with your peers the potential strategies for getting ahead in the ever-evolving threat landscape.
Kevin Novak
Chief Information Security Officer
Northern Trust - Chicago
Biography
Protecting Data: Keeping the Keys to the Kingdom Out of the Hands of Hackers
Breaches invariably involve data loss (for example: Anthem, JPMC, and Target), so finding the best practices to prevent them should be an essential part of your organization. Protection of data can be done at multiple network levels and can involve encryption, masking, or tokenization. The many options for data security offer a variety of security advantages, but they each have their own flaws to take into consideration. These include issues like malicious insiders abusing encryption keys, malware-based bypasses, and overall costs. Join our conversation to learn what kinds of secure data solutions are best for your business requirements; why and when to use each solution; and how you can combine solutions to minimize risk.
Betty Elliott
VP, CISO
MoneyGram
Biography
Businesses Without Borders: International Information Exchange in a Cloud-Based World
Cloud computing has allowed numerous organizations to share and collaborate with their peers with greater speed and flexibility than ever before. However, there are a number security concerns in this new world of businesses without borders. Areas such as data security, privacy, access rights management, and international security rules and regulations all serve as major hurdles that organizations across all verticals have to tackle in their own way. Maintaining trust among cloud-based enterprises and their partners is essential, but what else is needed to continually ensure that a cloud-based, information-sharing structure can succeed while remaining secure? Join our conversation to discuss security’s role in the new global marketplace and share strategies for securing sensitive information in a cloud-based world.
2:45 PM : Break
2:55 PM : Nominee Showcase Presentation #1
Location: San Antonio Ballroom B, 3rd floor
Marcia Peters
SVP, Information Security Governance, Risk, and Compliance
US Bank
Biography
Reducing Sensitive Information Risks Through Tokenization
Reducing the amount of sensitive payment card data in a finical institution’s internal environment is a priority from both a security standpoint and an IT cost containment perspective. With the billions of data records they’re entrusted to safeguard, US Bank’s security team is constantly looking at new security controls to add to our defensive arsenal. The goal of their Tokenization Project was to reduce the amount of sensitive cardholder data stored in U.S. Bank’s network, using tokenization technology that replaces the primary account number (PAN) with a surrogate value--the “token.” Join our conversation to learn how the U.S. Bank team were able to lock down a tremendous volume of formerly high-risk data records and remove such data from the PCI DSS scope, so it costs the bank less to secure.
3:15 PM: CISO Deep Dive: Executive Leadership
Location: San Antonio Ballroom B, 3rd floor
An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Pete Lindstrom
Research Director Security Products
IDC
Biography
Panelists
Eric Fisch
Head of Information Security GRC
USAA
ISE® West People's Choice Award Winner and Executive Finalist 2013
ISE® Central Celebrated Executive 2013
ISE® North America People’s Choice Award Winner 2013
Elliott Franklin
Director of IT Governance & Security
Loews Hotels
Shammyangu Rana
Director, Managed Security Services
CompuCom
Biography
Mike Rogers
Global Head of Customer Success
Ionic Security
Biography
Tim Virtue
CISO
Lower Colorado River Authority (LCRA)
Biography
4:00 PM : Nominee Showcase Presentation #2
Location: San Antonio Ballroom B, 3rd floor
George Macrelli
Sr. Director, Security Assurance
HMS
Biography
Eyes on the Prize: Protecting the Organization Through Access Governance
As HMS continued to grow and expand, they were challenged with adding additional capacity to their existing electronic access control system. By implementing the Physical Access, Surveillance, and Access Governance Program the team has provided Business Office Asset protection by monitoring every door in every business office, and controlling that door centrally if needed. The project has saved between 10% and 20% in insurance costs alone. It has provided a quick response in the event that a business office is in jeopardy, and getting local authorities to the site with predefined information. Join our conversation to learn how HMS have been able to enable quicker communication with precise information to local office employees through improved technology, automation and governance of their business offices and the assets contained in those offices.
4:20 PM : Nominee Showcase Presentation #3
Location: San Antonio Ballroom B, 3rd floor
Glenda Lopez
Sr. Information Security Engineer
Aetna
Biography
Jeannette Rosario
Director, Global Security
Aetna
Biography
The Winning Combination of Assurance and Resiliency Consolidated Evidence Audit Locker (CEAL)
As Cybersecurity threat diversity evolves, adaptability and resiliency to demonstrate maturity in security controls are essential to enterprises. Organizations increasingly demand reliable security control assurance and resiliency, which drove Aetna to create the Consolidated Evidence Audit Locker. Aetna implemented a solution that correlates common regulatory requirements with security policies and artifacts demonstrating the highest level of resiliency in private enterprise. The program was able to reduce assessment time to less than a month by reusing over 50% of data collected during PCI assessment. Additionally productivity was improved by reusing over 50% of the PCI collected data for other assessments. Join the conversation to learn how the Aetna team was able to make significant returns on investment through proactive data collection resulting in the ability to identify potential threats, analyzing data results, and taking action on those results quickly thus building stronger cyber resiliency.
4:45 PM: Late Afternoon Break
5:00 PM : VIP Reception (invitation only)
Location: San Antonio Ballroom A, 3rd floor
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM : Sponsor Pavilion and Dinner Buffet
Location: Houston Ballroom C & Pre-Function, 3rd floor
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:30 PM : Sponsor Tear Down
Location: Houston Ballroom C & Pre-Function, 3rd floor
7:45 PM : ISE® Central Awards Gala
Location: Houston Ballroom AB, 3rd floor
Honoring and celebrating the ISE® Central Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® Sponsors.
9:00 PM : Champagne and Dessert Reception
Location: Houston Ballroom AB, 3rd floor
Enjoy champagne and dessert while celebrating the winners, nominees and project teams.