Wed. November 16, 2011
7:00am - 4:00pm: Registration
Location: Prefunction Area of the Edison Ballrooms
11:30 AM : ISE North America Nominee Welcome Luncheon & Presentation *Invitation Only
Location: Edison EF
Sponsored by
Bryan Vargo Sr. Manager, Enterprise Product Security Office Information Security and Risk Management McKesson Corporation |
Answering the Question, “Could this happen to us?” (with Confidence)
While no one can predict the future, you can answer practical questions about your organization’s security posture with greater confidence and clarity. Bryan Vargo, Senior Manager, Enterprise Product Security at McKesson Corporation will discuss how to proactively gauge the security of your critical assets against breach threats. You’ll learn how continuous, goal-based security testing can deliver proactive, actionable security intelligence without overwhelming you with data.
1:00 PM : Welcoming Remarks and Introductions
Location: Edison ABC
Marci McCarthy
CEO and President
T.E.N.
Biography
1:15 PM : Keynote Address
Location: Edison ABC
Bill Boni
Vice President and Corporate Information Security Officer
T-Mobile USA
ISE® North America Commercial Executive Award Finalist 2007
ISE® Central Executive Award Winner 2007
Blocking and Tackling:
Developing a Winning Game Plan to Overcome The Security Challenges with the Consumerization of IT and Mobility in the Enterprise
With the boundaries between work and personal technologies diminishing and the adoption of consumer technology and mobility sparking innovation across all industries security executives are faced with a new set challenges to solve – and breaking new ground in the process.
As the Chief Information Security Officer for T-Mobile and previously for Motorola Corporation, Bill Boni will provide an insightful keynote presentation that discusses the following:
- What kinds of security strategies should we be designing and implementing for deploying mobile smart-phones and tablets in the enterprise.
- Whether the mobility operating systems are really groomed for the enterprise and are they “secure.”
- Truth and myths of the delivery and security of enterprise mobile apps
- What technologies should a company “green-light”? And what technologies, if any, should be blocked altogether? Or is there a middle ground?
1:45 PM : Interactive Executive Roundtables
Location: Edison ABC
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.
View Roundtable Topics and Guest Moderators
3:00 PM : Nominee Showcase Presentation #1
Location: Edison ABC
Richard Seiersen
Principal Solution Engineer
Kaiser Permanente
Operational Risk Management Project
Richard Seiersen will discuss Kaiser Permanente’s Operational Risk Management project and how it applies security intelligence within a GRC framework to allow their organization to identify and prioritize actionable security risk. This presentation will cover how business intelligence practices are used to automate the collection of enterprise asset data, vulnerability data, and mitigation data into a “single pane of glass.” “Risk tolerance rules,” then operate on the aforementioned data, creating workflow for the purpose of protecting Kaiser's critical assets. The net result is a highly scalable and automated full-stack framework for addressing both vulnerability remediation and associated mitigation up and in the systems stack.
3:30 PM: Hot Topic Panel Discussion
Location: Edison ABC
An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Tim McKnight
Vice President, Chief Information Security Officer
Northrop Grumman
ISE® North America Commercial Executive Award Finalist 2007
Panelists
Kenneth Kilby
CISO
BB&T, Branch Banking & Trust
Dr. Doug Maughan
Division Director, Cyber Security Division, Science and Technology Directorate
U.S. Department of Homeland Security
ISE® North America Government Executive Award Winner 2010
Justin Somaini
CISO
Yahoo!
Mike Wilson
Vice President, Chief Information Security Officer
McKesson
4:30 PM : Nominee Showcase Presentation #2
Location: Edison ABC
Jerry Archer
Senior Vice President, Chief Information Security Officer
Sallie Mae
Transformational Leadership: Aligning GRC to Deliver Results of the Business
Join Jerry Archer as he discusses the challenges of inheriting an organization that had experienced significant top-level turnover. As a result, he had to completely rebuild his leadership team as well as most of the senior technical positions. His results in the face of this challenge are hard to exaggerate. Most of the subject matter experts as well as the leadership capabilities had to be replaced. Jerry will share how he completely reinvigorated the security technology, processes and risk management practices while rebuilding his team. Over the past twelve months, Jerry’s organization has implemented new IPS, SIEM, IDS, Access Management and IT GRC platforms. These critical capabilities have resulted in significant productivity gains and a reduction in risk. The introduction of the IT GRC platform was done with a complete business re-engineering of the IT Compliance/Risk Management function. This effort alone resulted in the ability to manage three times the number of regulatory requirements (due to a new government contract) with no increase in staff (66% productivity gain). This is a showcase initiative and was truly based on Jerry’s inspiration.
5:00 PM: Late Afternoon Break
5:30 PM : VIP Reception (invitation only)
Location: Jamieson Grille
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:30 PM : Sponsor Pavilion and Dinner Buffet
Location: Foyer Edison Ballrooms
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2013, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
8:00 PM : ISE® North America Awards Gala
Location: Edison DEFG
Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.
9:30 PM : Champagne & Dessert Reception
Location: Foyer Edison Ballrooms
Enjoy champagne and dessert while celebrating the winners, nominees and project teams. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.
Thursday, November 17, 2011
7:00 AM : Registration
Location: Prefunction Area, Edison Ballrooms
7:30 AM : ISE Private Networking Breakfast
Location: Edison ABC
8:00 AM : Keynote Address
Location: Edison ABC
Rich Jackson
Chief Information Protection Officer and General Manager of Global Information Risk Management
Chevron Corporation
ISE® Luminary Leadership Award Winner 2011
ISE® North America Executive Award Finalist 2006
Information Security as a Business Enabler
Security-related risks have prolifered over the last decade. Break-ins into government and commercial systems that result in extrusion of sensitive and proprietary information have become commonplace. So much new malicious code surfaces every week that anti-malware vendors cannot keep up. As the Stuxnet worm has shown, software is now even being used as a weapon. Consequently, information security has become increasing critical to organizations. Paradoxically, however, many organizations have done little to effectively manage the risk associated with information and information processing resources. Properly managing this risk requires an understanding of value of information security to the business--how, for example, it can help ensure end-to-end business process integrity and availability despite all the security-related risks that threaten to disrupt business processes. This presentation explores information security from an business point of view with the premise that investing the time and resources needed for security risk mitigation produces excellent returns from a business perspective. Additionally, this presentation explains ways of measuring the value of information security and ensuring that security investments yield suitable business returns.
8:45 AM : Interactive Roundtables
Location: Edison ABC
The Interactive Executive Roundtables brings together ISE Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our ISE Judges and Nominees.
9:45 AM : Break
10:00 AM : ISE Nominee Showcase Presentations
Location: Edison ABC
Brad Sanford
Chief Information Security Officer
Emory University
ISE® Southeast Executive Award Finalist 2011
Building Consensus to Achieve Effective Leadership
Learn how Brad Sanford leverages his knowledge of and passion for information security to persuasively engage executive leadership and obtain direct buy-in for critical information security initiatives. Brad has been successful in obtaining executive level support for his initiatives at Emory, in part because he has striven to ensure that the Information Security program and its initiatives are well aligned with the institution’s mission and strategy. These initiatives are prioritized and Emory’s institutional leadership is directly engaged to validate these priorities and to determine specifically which initiatives to fund, and thereby which risks get addressed and which do not. This exercise makes Information Security a much more personal in the minds of institutional leadership and serves to establish a real sense of ownership in the results of Emory’s Information Security program. In this presentation, Brad will share how he was able to procure over $1M in funding for new Information Security initiatives (including new staff) at a time when most of the institutional was experiencing reductions in budget and shrinking staff levels.
Grace Crickette
Chief Risk Officer
University of California
University of California’s Risk Insurance Program
In this presentation, Grace Crickette will discuss how her team’s efforts at the University of California have resulted in a savings (in terms of reducing the UC’s cost of risk) by $493,000,000, nearly a half of a BILLION dollars. This feat was accomplished through many avenues including the development of the UC’s Cyber Risk Insurance Program which incents IT departments at the campus and med center level to adhere to a set of achievable IT Security standards in order to gain access to insurance coverage in the instance of data breaches, etc. Grace will share how this has lead to an overall greater adherence to UC’s IT Security standards across the board and reduced overall claims costs associated with security and data breaches.
Glen Taylor
Vice President
The Walt Disney Company
Bag It and Tag It!
The Walt Disney World Resort is the largest single site employer in the world with over 58,000 Cast Members in one location. The recent consumer trend towards wireless devices combined with the huge workforce resulted in many unknown or rogue wireless access points. Join Glen Taylor as he shares how this project was challenged to identify, locate, and address the unauthorized wireless access points located within the 47 square mile area (approximately the size of San Francisco) that contains Walt Disney World. The Project Team was faced with a daunting task and addressed the risk by building, planning, and executing a "scavenger hunt" activity focused on finding, reporting, and cataloging rogue devices. Following the "scavenger hunt" a team of security and compliance analysts removed tagged devices or worked with users to bring them into our managed device program. In effect learn how Disney created an army of people (up to 100 per event) by "crowd sourcing" teams into fun team building events and built awareness, good processes, and strong relationships to address the issue without negatively impacting operations or employee relations.