ISE® North America Schedule of Events 2018

ISE® NORTH AMERICA PRIVATE WELCOME DINNER
Improving Visibility for Effective Threat Detection and Response

November 7, 2018
5:30pm - 8:30pm
Chicago Cut
300 N LaSalle Dr
Chicago, IL 60654
Registration
Ricardo Lafosse

Ricardo Lafosse
CISO
Morningstar, Inc.
Biography

Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.

November 8, 2018

10:00 AM-3:00 PM: Registration

Location: Grant Park Foyer, The Summit—9th floor

11:15 AM: ISE® North America Signature Luncheon*Invitation Only

Location: Grant Park CD; Summit Chicago

Sponsored by:

Security 2025: What Does the Future of Security Look Like?

Fred Kwong

Fred Kwong
Director, Information Security (CISO)
Delta Dental Plans Association
Biography

For the last 20 years we have reactively implemented monolithic security solutions by stacking legacy products on top of each other. This non-integrated approach has forced our organizations to confront significant complexity, resource drag and lack of effectiveness. As a community, it’s time to unite and define the new North Star of where security is headed. How do we challenge ourselves to a new way of thinking? What do we want our organizations to look like? How do we shift ourselves into a position where we can capably manage fast-paced challenges? Security 2025 is a research project focused on building a new and sustainable security blueprint. By coming together as security leaders, we can use our real-world experiences and knowledge to redesign and rebuild the engine of security. Join us for an evening of conversation as we discuss our unified approach in creating a cohesive and effective operating model that the industry can utilize for years to come.

12:50 PM: Welcoming Remarks and Introductions

Location: Grant Park AB 9th floor; Summit Chicago
Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® North America Leadership Summit and Awards 2018.

1:00 PM: Keynote Address

Location: Grant Park AB 9th floor; Summit Chicago

The Value of Security Convergence

Mike Towers
Chief Information Security Officer
Takeda Pharmaceuticals
ISE® Northeast Executive of the Year Award Winner 2015
ISE® North America Executive Award Winner 2015 - Health Care Category

Biography

Cyber and information security are getting lots of attention, but there are other disciplines of security that are critically important. The principles of any security discipline are the same: identify what needs protecting and apply appropriate controls to do so. How can cyber security learn from other security areas – and vice versa? Can better alignment add value?

1:35 PM: Interactive Executive Roundtables

Location: Grant Park AB 9th floor; Summit Chicago

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.

What Is Security’s Role in Digital Transformation?

Sponsored by:

Bruce Coffing
Chief Information Security Officer
City of Chicago

Digital transformation is front of mind for many senior executives, but too often security is left behind. As IT and businesses fast-track initiatives like agile and DevOps to improve speed to market and reach business goals faster, security’s role is confined to asking questions afterwards about security challenges, cyber risks, and compliance requirements. Most IT teams already struggle with maintaining security initiatives. Rushing towards digital transformation without taking the proper precautions means that these newly connected systems can allow cyber threats to attack more rapidly, inflicting greater damage across enterprise networks. To protect our organizations, security must be applied holistically from the beginning of the process as an integral, automated necessity—but how do we ensure security is top of mind as our businesses embrace this digital transformation paradigm shift?

Orchestrating and Automating a More Secure SOC

Ricardo Lafosse

Ricardo Lafosse
CISO
Morningstar, Inc.
Biography

A Security Operation Center (SOC) team is often found deep in the trenches, detecting, containing, analyzing, and remediating any IT incident that threatens a company’s processes. While SOC teams are usually equipped with skilled managers, they often suffer from a lack of skilled staff, alert fatigue, resource depletion, and wasted time chasing after false positives. Because of their importance and their overwhelming workloads, introducing security orchestration and automation into SOC processes is more crucial than ever before for security executives to consider. Not only do these tools assist SOC teams in performing their responsibilities and mitigating skills gaps, but also they help businesses with employee retention, lessening the probability of burnout. However, organizations should become aware that employing too many specialized tools can add more complications and work processes than they resolve. Join our discussions on why security executives should have a keen understanding of SOC pain points and the team’s current needs before pursuing shiny, new solutions.

Creating a Dynamic and Actionable Information Security Plan

Pace_Robert

Robert Pace
Vice President, Information Security & Compliance
First American Payment Systems
Biography

Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.

Creating a Secure Cloud Infrastructure

Marcia Peters

Marcia Peters
SVP, Information Security Governance, Risk, and Compliance
US Bank
Biography

The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to more proactively protect. Join our discussions to learn how a thorough understanding of your company’s cloud capabilities and infrastructure aids security professionals in having a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.

Data Loss Prevention in an Age Without Borders

Yabing Wang

Yabing Wang
VP and Chief Security Architect
Alight Solutions
Biography

The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.

2:35 PM: Break

2:45 PM: Nominee Showcase Presentation #1

Location: Grant Park AB 9th floor; Summit Chicago

Shifting Security LEFT

Garrison Hu

Garrison Hu
Principle Engineer
T-Mobile
Biography

With increasing demand to support T-Mobile’s UnCarrier, there was a growing desire to implement an enterprise solution where technology could develop and deploy solutions at accelerated speeds. The solution “Shifting Security LEFT” integrates the speed of secure development capabilities such as developer education, security diagnostic tools, and integrated security testing with current agile development techniques. Effectiveness is determined by comparing data-driven security metrics against performance KPI’s. This enables leadership to make bold UnCarrier business decisions with the confidence that security is in the development DNA.

3:05 PM: ISE® North America Exabyte Sponsor Showcase Presentation

Location: Grant Park AB 9th floor; Summit Chicago

Best Practices in Incorporating Security into your Digital & Cloud Transformation Strategy

Jason Clark

Jason Clark
Chief Strategy Officer
Netskope

3:25 PM: Women in Cyber Security Panel

Location: Grant Park AB 9th floor; Summit Chicago

Building a Better, Diverse and More Secure Future

Moderator

Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

Panelists

Medha Bhalodkar

Medha Bhalodkar
AVP & CISO
Columbia University/Information Technology
ISE® North America Executive Award Winner 2015 - Academic/Public Sector Category
ISE® North America Executive Award Winner 2016 - Academic/Public Sector Category
ISE® Northeast Executive Award Finalist 2018

Biography

Nicole Darden Ford

Nicole Darden Ford
Vice President, IT – Global Information Security & Chief Information Security Officer
Baxter International
ISE® Central Executive Award Finalist 2018
Biography

Tess McCarthy
Employee Resilience Strategist
MassMutual
Biography

Rees_Catherine

Catherine Rees
VP, Cyber Security Strategy
Comcast
Biography

Shelbi Rombout

Shelbi Rombout
SVP, Deputy CISO
MasterCard
Biography

For the last several years, there’s been a lot of discussion about the overall shortage of qualified talent in the cybersecurity workforce. A 2018 (ISC)2 report found that the global cybersecurity workforce gap has increased to 2.9 million unfulfilled positions. But the security industry is a fast-growing, adaptable market, and (ISC)2 further reports that women now represent 24% of this broader cybersecurity workforce, compared to previous studies reporting only 11%. Even as the threats we face continue to grow, our industry as a whole is making strides in presenting opportunities for more robust and qualified cybersecurity talent to enter the field. Now, it is more important than ever for security professionals to continue the momentum and bridge the widening gap. Security benefits from different types of people from different backgrounds that provide a broader insight into the key issues we face every day. Women and minority representation is gaining traction in the current security population, but we must continue finding more ways to involve them in security. The benefits are plentiful, and not just for women. Attracting and maintaining highly qualified women can help reduce the cyber security labor shortage, diversify the field, and improve the overall quality of next-generation professionals with valuable guidance and mentorship.

3:00-8:00 PM: Registration

Location: Comiskey Foyer—Concourse Level/West Tower; Hyatt Regency

4:10 PM: Nominee Showcase Presentation #2

Location: Grant Park AB 9th floor; Summit Chicago

Healthcare on the Move: Using Security as a Business Enabler

Manikin_Stoddard

Stoddard Manikin
Director, Information Systems Security
Children's Healthcare of Atlanta
Biography

Jeremy Meller
VP IS&T
Children's Healthcare of Atlanta
Biography

To improve clinician to clinician communication, Children's Healthcare of Atlanta replaced the existing hospital communication solution to provide enhanced services, including: bar code scanning, secure messaging and integration with existing applications. The project set out to develop and implement the necessary clinical and infrastructure components to improve operational workflows in order to provide a seamless and secure means of communication and medication administration documentation. The Mobile Clinician Project rollout addressed both security and operational needs, helping prove the idea that security can be an enabler vs. a barrier. Join our conversation as the Children’s Healthcare of Atlanta Team shares how they combined multiple technologies that made patient care more efficient, addressed security and privacy concerns, and promoted mobility for their caregivers.

4:30 PM: Nominee Showcase Presentation #3

Location: Grant Park AB 9th floor; Summit Chicago

The Cyber Threat Prediction, Detection, & Data Protection Plan

Arvin Bansal
Director Cyber, Risk and Governance
AmerisourceBergen
Biography

Kumar Chandramoulie
Director of Cyber Defense, Threat Intelligence and Incident Response
AmerisourceBergen
Biography

Cyber criminals are getting very creative and sophisticated every day weaponizing zero-day threats and leveraging new threat vectors & threats to attack large enterprises causing significant business disruption. Furthermore, with network boundaries dissolving due to rapid consumption of cloud based applications & infrastructure and field workforce using unmanaged devices to access sensitive systems and data in the cloud, any organizations’ life blood – data – is now constantly flowing in & out of its network and cloud instances. AmerisourceBergen (ABC) is in the business of creating healthier futures by enhancing patient outcomes so any business disruption will have a life altering impact. They aspired not only to detect known knowns but predict unknown unknowns at lightning speed to disrupt and respond to those threats; all while having full visibility into ABC’s critical data. Join our conversation to learn how AmerisourceBergen’s projects enabled them to monitor, detect and protect their data with 360-degree visibility and cutting-edge data analytics.

4:50 PM: Late Afternoon Break

5:00 PM: VIP Reception (invitation only)

Location: Comiskey—Concourse Level/West Tower; Hyatt Regency

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM: Sponsor Pavilion and Dinner Buffet

Location: International Suites—Ballroom Level/West Tower; Hyatt Regency

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2018, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:45 PM: ISE® North America Awards Gala

Location: Regency D—Ballroom Level/West Tower; Hyatt Regency
Todd Fitzgerald

Todd Fitzgerald
Managing Director/CISO
CISO Spotlight, LLC
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
2015-2018 ISE® North America MC
Security Author

Biography

Kevin McKenzie

Kevin McKenzie
CISO & VP of Information Technology
Dollar Tree Stores
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Biography

Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.

9:00 PM: Champagne and Dessert Reception

Location: Regency D—Ballroom Level/West Tower; Hyatt Regency

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.

November 9, 2018

7:00 AM-10:00 AM: Registration

Location: Grant Park Foyer, The Summit—9th floor

7:30 AM: ISE® Private Networking Breakfast

Location: Grant Park Foyer, The Summit—9th floor

8:00 AM: Fireside Chat

Location: Grant Park AB; Summit Chicago

The Fireside Chat is an engaging morning chat conducted by a past ISE® Luminary—who moderates the discussion—and the winners of this year’s ISE® Luminary Leadership Award, who will provide words of wisdom and lessons learned throughout their careers as cybersecurity professionals.

Moderator

Jim Routh

Jim Routh
Chief Security Officer
Aetna
ISE® Northeast Executive Award Winner 2007
ISE® North America Executive Award Winner 2014 - Health Care Category
ISE® Northeast Executive Award Finalist 2014
ISE® Luminary Leadership Award Winner 2016

Biography

Luminary Leadership Co-Winners 2018

Roland Cloutier

Roland Cloutier
SVP, Chief Security Officer
ADP
ISE® Northeast Executive Award Winner 2012
ISE® Northeast People's Choice Award Winner 2012
ISE® North America Commercial Executive Award Winner 2012
ISE® North America Executive Award Winner 2014 - Financial Category
ISE® Luminary Leadership Award Co-Winner 2018

Biography
T.E.N. Success Story

Garrison Hu

Gene “Spaf” Spafford
Professor of Computer Sciences and Executive Director Emeritus of CERIAS
Purdue University
ISE® Luminary Leadership Award Co-Winner 2018
Biography

8:50 AM: Information Security Executive® Deep Dive Panel

Location: Grant Park AB; Summit Chicago

An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Todd Fitzgerald

Todd Fitzgerald
Managing Director/CISO
CISO Spotlight, LLC
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
2015-2018 ISE® North America MC
Security Author

Biography

Panelists

Marc Crudgington

Marc Crudgington
CISO, SVP Information Security
Woodforest National Bank
Biography

Steve Kozman

Steve Kozman
SVP, Identity Access Management and Security Services
AIG
ISE® Northeast People's Choice Award Winner 2018
Biography

Chuck Markarian

Chuck Markarian
CISO
PACCAR
ISE® West Executive of the Year Award Winner 2018
ISE® West People's Choice Award Winner 2018

Biography

Chris Ray

Chris Ray
CISO
TriNet
ISE® Southeast Executive Award Winner 2011
T.E.N. Success Story

Nate Smolenski

Nate Smolenski
Director, Enterprise Strategy
Netskope

Alden Sutherland

Alden Sutherland
Chief Information Security Officer
AmerisourceBergen
ISE® Northeast Executive Award Finalist 2018
Biography

10:00 AM: Break

10:20 AM: ISE® Nominee Showcase Presentation #4

Location: Grant Park AB; Summit Chicago

Crafting A Cyber Strong Behavior Program Through Behavioral Response

Tess McCarthy
Employee Resilience Strategist
MassMutual
Biography

MassMutual’s Cyber Security Awareness program enabled the company to establish a Cyber Strong culture through the implementation of a data driven behavioral recognition and repercussion program. The program established a menu of highly visible solutions that could be deployed to recognize positive employee behaviors reported by peers or identified through technical monitoring capabilities. Phishing resilience as well as malware and data loss monitoring capabilities were utilized to assess negative employee and contractor behaviors. Associates who were found to exhibit behaviors that put the company at risk, such as clicking on malicious links, were addressed using pre-defined design patterns in collaboration with Human Resources. Join our conversation as MassMutual tells us about championing positive behaviors and addressing negative behaviors, which helped the company highlight the criticality of protecting the company’s valuable digital assets and enabled all associates to uphold the Cyber Strong culture.

10:40 AM: ISE® Nominee Showcase Presentation #5

Location: Grant Park AB; Summit Chicago

The CISO Sentinel: Security and Compliance Risk Management

Knight_Wes

Wes Knight
CISO
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
Biography

The Georgia Department of Revenue Office of Information Security is responsible for securing a threat and regulatory landscape that encompasses multiple Federal mandates and 3rd Party Information Service providers. The CISO Sentinel is a security and compliance risk management platform that captures operating efficiencies in management of the program. Using continuous monitoring and management, the platform enables greater control of cybersecurity risks by effectively managing the processes associated with obtaining, identifying, processing and aggregating key information. Significant elements of the project focused upon prioritizing the review of critical security alerts, automating governance processes, eliminating redundant silos, and streamlining compliance and management reporting. Join our discussion to learn how the Georgia Department of Revenue Office of Information Security shifted their security paradigm from traditional paper based assessment outputs to a dynamic, actionable cybersecurity program.

11:00 AM-11:30 AM: Closing Remarks

Location: Grant Park AB; Summit Chicago

11:30 AM: Program Concludes