ISE® CENTRAL PRIVATE WELCOME DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program
5:30pm - 8:30pm
Chamberlain's Steak and Chop House
5330 Belt Line Rd
Dallas, TX 75254
Registration
Andrew Stokes
Assistant Director and Information Security Officer
Texas A&M University
Biography
Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.
Wednesday, May 15, 2019
11:00 AM - 3:00 PM: Registration
Fort Worth Foyer
11:15 AM : ISE® Signature Luncheon *Invitation Only
Location: Fort Worth 1 – 3rd Floor
Don’t Just Stack, Integrate: Employing a Unified Cloud Security Platform
Kevin Dunn
Senior Vice President, CIO, CISO
U.S. Retirement and Benefits Partners
Biography
Digital transformation has changed the way enterprises perform security. While processes become more agile and efficient, IT environments also become distributed, elastic, and hybrid. These changes make it difficult for security professionals to defend against opportunistic hackers who take advantage of security gaps. Additionally, mobilization, cloud integration, and virtualization have each contributed to a vanishing security perimeter as well as a lack of visibility with these new IT environments. It can be tempting for enterprises to stack heterogenous tools on top of each other to perform quick security fixes, but doing so ultimately lacks true security integration, leading to further vulnerabilities and work efficiency problems. Instead, enterprises should employ solutions that can orchestrate natively and organically with hybrid IT environments without adding complications or slowing down DevOps’ development and delivery. Join our conversation as we discuss how a unified cloud platform centered around security and compliance can contribute to greater prevention, detection, and response against today’s most dangerous cyber threats.
12:50 PM : Welcoming Remarks and Introductions
Location: Fort Worth 2 – 3rd Floor
Marci McCarthy
CEO and President
T.E.N.
Biography
T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® Central Executive Forum and Awards 2019.
1:00 PM : Keynote Address
Location: Fort Worth 2 – 3rd Floor
Cultural Shift – An Intentional Strategy To Drive Change
Emily Heath
VP/CISO
United Airlines
Organizational culture is a key part of any successful security strategy. A couple of years ago, United Airlines embarked on a major cultural shift both inside the security team and across the company. Join us as United’s CISO, Emily Heath, shares her model for a successful change in culture; discusses some hits and misses; and gives everyone a behind-the-scenes peek at what makes one of the world’s largest airlines tick!
1:35 PM : Interactive Executive Roundtables
Location: Fort Worth 2 – 3rd Floor
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.
Creating a Secure Cloud Infrastructure
Andrew Albrecht
VP & CISO
Michael's
The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to supplement to meet their obligations as part of the shared responsibility model. Join our discussions to learn how a thorough understanding of your company’s cloud infrastructure, native cloud security capabilities, and the shared responsibility model gives security professionals a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.
Company Security Culture
Listyanna Dowell
Director, IT Security Platform Operations
Sirius XM Radio
As numerous data breaches have placed organizations’ brands and CEOs’ jobs on the line, security is gradually becoming a priority for C-suite executives and board members alike to integrate into company culture on every level. When your organization moves beyond simply discussing security to taking actionable steps, you’ll know cybersecurity has become a priority within your company. To make that transition from “talking” to “doing,” C-suite members are responsible for convincing board members to adopt cybersecurity as a top-down initiative. The more support C-suite leaders can garner from the board, the more likely they can receive the support and funding for resources and the development of a security program. In addition, having business leaders embody a culture of security with actions as well as rhetoric can have a positive impact on employees, who often receive the brunt of training initiatives, email alerts, and security tests in an organization. Join our discussions as we learn how leadership promoting the positives of security while eliminating apathy, division, and self-interest from the culture will help ensure security behaviors change throughout the company for the better.
Creating a Dynamic and Actionable Information Security Plan
Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.
Data Loss Prevention in an Age Without Borders
The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.
2:35 PM : Break
2:45 PM : ISE® Central Nominee Showcase Presentation #1
Location: Fort Worth 2 – 3rd Floor
SecurIT First: A New Educational Awareness Program
Brian Kruse
Director, Vulnerability Management
Mastercard
Donna MattinglyProgram Manager - Corporate Security Education and Awareness
Mastercard
While security systems can be programmed to safeguard exactly what we need them to protect, we cannot program the human. Join our discussion to learn why Mastercard created the SecurIT First education awareness program and how it fosters a security mindset, encourages behaviors that reduces risk, and meets compliance requirements.
3:00 PM - 8:00 PM : Registration
San Antonio Prefunction Foyer, 4th floor
3:05 PM : ISE® Central Exabyte Sponsor Showcase Presentation
Fort Worth 2 – 3rd Floor
Security at a Crossroad – Regaining Our Lost Visibility
Tom Cline
Vice President Field Operations US South Central
Qualys
Join us as Qualys discusses how IT transformation has brought us to a new security crossroad and how we must meet these new demands in order to regain our lost visibility into our networks and data.
3:25 PM: Information Security Executive® Deep Dive Panel
Location: Fort Worth 2 – 3rd Floor
An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Matt Fearin
Global CISO
East West Bank
Biography
Panelists
Tom Cline
Vice President Field Operations US South Central
Qualys
Ricardo Lafosse
Chief Information Security Officer
The Kraft Heinz Company
ISE® Central Executive of the Year Award Winner 2019
ISE® North America Executive: Financial Award Finalist 2019
Biography
Alex Nehlebaeff
Corporate Information Security Manager/CISO
Harley-Davidson Financial Services, Inc.
Biography
Shelbi Rombout
Deputy Chief Information Security Officer
U.S. Bank
Biography
Anil Varghese
SVP/Chief Information Security Officer
Exeter Finance
Biography
4:10 PM : ISE® Central Nominee Showcase Presentation #2
Location: Fort Worth 2 – 3rd Floor
Securing A Merger To Create One McDermott
Steve Moloney
Chief Information Security Officer
McDermott
In 2018, McDermott began the journey to combine with Chicago Bridge and Iron. This combination brought vast scale in their business operations as they doubled in size. McDermott, a company with a leading security posture across the industry pre-merger, was faced with an elevated cyber risk during a time of high vulnerability within a new complex security and infrastructure environment. Join our discussions to learn how McDermott’s Cyber Security team successfully overcame the challenge to keep the company and its employees cyber safe while, at the same time, fully integrating security tools and operations in support of combining two companies.
4:30 PM : ISE® Central Nominee Showcase Presentation #3
Location: Fort Worth 2 – 3rd Floor
Business Resilience – Changing the Culture from Continuity to Resilient Enterprise
George Macrelli
Sr. Director, Security Assurance
HMS
Biography
From Integration, to Automation, Compliance to Communication, the HMS Business Resilience Program is an integrated enterprise wide program that applies automation for monitoring world events, including HMS infrastructure technology, such as, servers, networks, and assets. It provides consistent Change Monitoring and Management by automating the updating of infrastructure changes for our Business Impact Analyses and Recovery Procedures. It allows us to demonstrate compliance with HITRUST, ISO, and SOC frameworks, which ensures the standardization of control information. Join our discussion to learn how this cultural shift positioned HMS in pursuing a ‘Resilient Enterprise’ designation from an international Continuity Program leader.
4:50 PM: Late Afternoon Break
5:00 PM : ISE® VIP Reception (invitation only)
Location: Fort Worth 1 – 3rd Floor
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM : Sponsor Pavilion and Dinner Buffet
Location: San Antonio Prefunction – 4th Floor
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:30 PM : Sponsor Tear Down
Location: San Antonio Prefunction – 4th Floor
7:45 PM : ISE® Central Awards Gala
Location: San Antonio Ballroom – 4th Floor
Honoring and celebrating the ISE® Central Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® Sponsors.
Adam Maslow
Vice President IT Security and Infrastructure, Fry Cook & Cashier
Raising Cane's
Chris Ray
CISO
TriNet
ISE® Southeast Executive Award Winner 2011
T.E.N. Success Story
9:00 PM : Champagne and Dessert Reception
Location: San Antonio Ballroom – 4th Floor
Enjoy champagne and dessert while celebrating the winners, nominees and project teams.