Schedule of Events 2014

ISE® North America Private Welcome Dinner

November 4, 2014
5:30pm - 8:30pm
The Grille at Morrison House
116 South Alfred Street
Alexandria, VA 22314
Registration
Jerry Archer

Jerry Archer
Senior Vice President, Chief Information Security Officer
Sallie Mae
ISE® North America Commercial Executive Award Winner 2011
Biography

Big Security – Are Enterprise Networks Too Complex to Secure Sufficiently
The cyberspace environment is extremely dynamic with new vulnerabilities and threats emerging daily. The growing complexity of enterprise networks in a global economy compounds the challenge for security leaders, who must develop and employ various offensive and defensive strategies to defend the enterprise and minimize risks while maximizing the value of their investments. Join our discussion to learn how your peers are addressing the growing complexity of enterprise-wide network security, and share your own insights on protecting your enterprise in the evolving threat landscape.

November 5, 2014

10:00am - 4:00pm: Registration

Location: Edison Prefunction Area

11:30 AM : ISE North America Nominee Welcome Luncheon *Invitation Only

Location: Edison EF

Sponsored by
ISE Talent

Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

Darnell Frymire

S. Darnell Frymire
President
ISE® Talent, A T.E.N. Company
Biography

Pathways to Empowered Security Leadership
Ongoing breaches and reports of cyber espionage have brought Information Security center stage with executive management and boards of directors. With IT Security now a board-level issue, the expectations of the business for CISOs has increased significantly. As CISOs assume a much more visible and expanded role within the organization, many are grappling with the one task that can make or break the success of the Information Security Program: Establishing the senior security leadership team and a creating a succession plan. Now expected to be a transformative leader, CISOs are recognizing that it’s imperative to surround themselves with equally great leaders who can advance the vision and execute on the strategic plan. Just as managing the complexity of the threat environment mandates a solution-based approach, so does the complexity of finding, hiring and empowering the right executive leadership team. Join us to gain insights into pathways to empowered security leadership as well as the solutions and resources available for building an empowered senior leadership team.

1:00 PM : Welcoming Remarks and Introductions

Location: Edison ABC
Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

1:10 PM : Keynote Address

Location: Edison ABC
Steven Jensen

Steven Jensen
VP and Chief Information Security Officer
Ameriprise Financial
ISE® North America Commercial Executive Award Finalist 2013

Success as a CISO? I must be successful, as nothing bad has happened today... yet...
What is the true role of an effective CISO these days and how does one actually measure success anymore? How do we as a collective community become united in fighting our common enemies and threats? During this presentation, Steve Jensen, CISO at Ameriprise, Inc. will offer his perspectives on the changes going on in the industry today, the impacts this is having on the role of CISOs, and offer some suggestions on how we might lead our organizations into the future with confidence.

1:40 PM : Adobe Executive Address

Location: Edison ABC
David Lenoe

David Lenoe
Director, Secure Software Engineering
Adobe
Biography

Measuring Security Success with the Right Metrics and Dashboards  > Download Presentation
A “good” security roadmap is going to come from an “ear to the ground” approach to security across all teams. It should also reflect current security industry trends. This is essential in creating a multi-faceted, balanced security roadmap that actually drives teams to “build security in” to everything they do. So, how do you build and keep a solid, adaptable security roadmap in place? By focusing on the right metrics to measure success against the roadmap and developing meaningful dashboards to communicate progress and success to management. This presentation will discuss how Adobe tackled this problem across its very large product, service, and I.T. Organization.

1:55 PM : Interactive Executive Roundtables

Location: Edison ABC

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.

Jim Routh

Jim Routh
Chief Information Security Officer
Aetna
ISE® Northeast Executive Award Winner 2007
ISE® Northeast Executive Award Finalist 2014

agari

Secrets to Achieving End-to-End Email Security  > Read Summary
Securing your infrastructure is essential in protecting your customers, but malicious attacks can affect users without even entering your network. The Anti-Phishing Working Group reported 72,758 phishing attacks targeting more than 700 institutions worldwide during the first half of 2013 alone. As Verizon's Data Breach Report shows, 95% of all data breaches begin with a phishing email — evidence that comprehensive ecosystem visibility, email intelligence, and real-time alerting and reporting are imperative to thwarting these attacks. Join our conversation to take a deep dive into advanced email security methodology and learn best practices to achieving end-to-end email security in order to protect your customers and enable business.

Kevin McKenzie

Kevin McKenzie
Chief Information Security Officer
Clemson University
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Cyber Threat Intelligence: A Gold Mine of Value
An intelligence capability empowers organizations to identify potential threats and vulnerabilities in order to minimize the ‘threat attack window‘ and limit the amount of time an adversary gains access to the network before they are discovered. Organizations that operate with an intelligence-led mindset understand that threat intelligence is the ‘mechanism’ that drives cyber security investment and operational risk management. The number of cyber threat intelligence providers continues to increase and the idea of threat intelligence is gaining widespread acceptance. While increased awareness of the cyber security threat is a positive trend, many organizations still need to put in place the fundamentals of intelligence management to gain real value from threat intelligence. This will be a crucial for instilling confidence in board members – and ensure that the organizations are equipped to leverage the gold mine of value that can be extracted from cyber threat intelligence.

Della Shea

Della Shea
Chief Privacy and Information Risk Officer
Symcor, Inc.
ISE® Canada Executive Award Winner 2013

Social Engineering: Can Organizations Win the Battle?  > Read Summary
Gone are days of mass emails with misspelled messages. Criminals today are doing more reconnaissance than ever before – aided by social networks -- to craft targeted emails that trick people into opening malware-rigged attachments or divulging passwords and sensitive information. The threat is highly targeted and sophisticated and intended to cause strategic harm, financial loss, reputation damage and technical breaches. And it’s proving costlier than ever. With recent breaches, the imperative to counter social engineering takes on a whole new level of urgency. While some organizations develop employee-awareness training or solicit pen testing, or use some combination of the two, these preventive tactics can only go so far. Adopting a "know thy data" approach -- in terms of what it is, how valuable it is and where it is -- and then focusing on securing it may be the key to surviving the onslaught of attacks.

David Cass

David Cass
SVP & Chief Information Security Officer
Elsevier
ISE® Northeast People's Choice Award Winner 2013

From Securities to Security: The SEC is Bringing IT Security to the Boardroom  > Read Summary
In response to breaches at major retailers and numerous reports of cyber espionage against financial institutions, the U.S. Securities and Exchange Commission has made strides to improve cybersecurity for the organizations it regulates. Security professionals have been calling for cyber security to move out of IT departments and into the purview of top-level executive and board members for some time. The recent moves by the SEC show some preliminary movement toward future regulation that could hold companies (and their boards) accountable for the cyber security performance of their organizations. Regardless of whether a company is subject to SEC oversight or not, the development is an important one for all businesses. The launch of the SEC cybersecurity initiative opens a new chapter in an increasing drive toward regulation of the private sector's information systems.

2:55 PM : Break

3:05 PM : Nominee Showcase Presentation #1

Location: Edison ABC
John Masserini

John Masserini
Chief Security Officer
MIAX Options
ISE® Northeast Executive Award Winner 2010
ISE® North America Executive Award Finalist 2010

More than a SIEM: Security as a Business Enabler
Forward-thinking security leaders are working diligently to position their teams as business enablers, but few have been as successful as the team at MIAX Options. Their “Enterprise-wide Risk Dashboard and Alerting” project is a showcase as to what can be achieved when all of the vested parties within an organization participate in order to bring value of the entire company. While at its core, the project mainly focused on deploying best-of-breed security information and event management solution, the platform built now enables every business unit within the organization – from regulatory compliance to trade operations to security – to monitor, alert and report on corporate-wide risks. This presentation will describe how the MIAX SIEM has become the messaging backbone of the entire MIAX Exchange, arguably one of the fastest Options Exchanges in the world.

3:25 PM: CISO Deep Dive: Executive Leadership

Location: Edison ABC

An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Donna Nemecek

Donna Nemecek
VP, Manager Technology Risk Assurance & Senior Information Risk Officer
BNY Mellon
ISE® Northeast Executive Award Finalist 2013

Panelists

Connie Barrera

Connie Barrera
Chief Information Security Officer
Jackson Health
ISE® North America Executive Award Finalist 2013 - Academic/Public Sector Category

David Cass

David Cass
SVP & Chief Information Security Officer
Elsevier
ISE® Northeast People's Choice Award Winner 2013

>Charles McGann

Charles McGann
Corporate Information Security Officer
United States Postal Service
ISE® Southeast Executive Award Winner and People's Choice Award Winner 2012

Chris Ray

Chris Ray
Chief Information Security Officer
Epsilon
ISE® Southeast Executive Award Winner 2011

Jason Witty

Jason Witty
Senior Vice President, Chief Information Security Officer
U.S. Bancorp
Naperville, IL
ISE® Central People's Choice Award Winner 2014

4:10 PM : Nominee Showcase Presentation #2

Location: Edison ABC
Kevin E. Greene

Kevin E. Greene
Software Assurance Program Manager
Department of Homeland Security, Science & Technology, Cyber Security Division

Bringing Industry Change via Software Security and Assurance  > Download Presentation
As more and more applications are being deployed in front of the corporate firewall, the typical network security solutions are being rendered helpless. These kinds of attacks have evolved from being a blunt weapon, using high volume attacks to bring down Web servers, to highly sophisticated application-level attacks designed to zero in on strategic business resources. Because these sophisticated application-level attacks cannot be detected and mitigated by traditional methods, the need to write secure applications, improve the state of the code and adhere to continuous software assurance best practices is more critical than ever. This presentation will share more about the Software Assurance Marketplace – the first non-biased, non-profit organization with both a physical facility and evangelistic capabilities – can solve these problems and bring actual change in the industry as a whole possible.

4:30 PM : Nominee Showcase Presentation #3

Location: Edison ABC
Robert Rice

Robert Rice
Director, Security Services
St. Joseph Health
Anaheim, CA
ISE® West Executive Award Finalist 2014

Overhaul Your Investment Agenda to Maximize Returns
As the complexity of IT security grows exponentially, many security teams are grasping at straws to implement needed controls and solutions to protect their organizations; but it’s difficult to understand if these ventures are providing maximum value without a measureable understanding of effectiveness and appropriateness. To create a holistic picture of the organization’s security posture, Robert Rice and his team at St. Joseph Health crafted a repeatable framework that identified and prioritized key risks, determined remediation strategies in alignment with security initiatives and established empirical Key Risk Indicators and Key Performance Indicators. Learn how the Pillars of Security project has created a clear implementation model that allows visibility into the effectiveness of a security framework, and facilitates better understanding of business drivers within the enterprise.

4:50 PM: Late Afternoon Break

5:00 PM : VIP Reception (invitation only)

Location: Trademark

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM : Sponsor Pavilion and Dinner Buffet

Location: Foyer Edison Ballrooms

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2014, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM : ISE® North America Awards Gala

Location: Edison DEFG

Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.

9:00 PM : Champagne and Dessert Reception

Location: Foyer Edison Ballrooms

Enjoy champagne and dessert while celebrating the winners, nominees and project teams. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.

November 6, 2014

7:00 AM : Registration

Location: Edison Prefunction Area

7:30 AM : ISE Private Networking Breakfast

Location: Edison EFG

8:00 AM : Keynote Address

Location: Edison EFG
William Hugh Murray

William Hugh Murray, CISSP
Blog
ISE® Luminary Leadership Award Winner 2014

Security’s Dirty Little Secrets  > Download Presentation
This presentation will identify and expose things that we, that is, security executives, all know to be true, pretend that they are not. and consistently fail to address. These things represent flaws in the way we think. They are impediments to the way we act. They contribute to, may be the cause of, our current state of insecurity and its resistance to improvement. Hopefully, exposing these things will enable us to address them. It will empower us to make changes that otherwise seem impossible. The presentation will make suggestions and attempt to justify them.

8:45 AM : Interactive Roundtables

Location: Edison EFG

The Interactive Executive Roundtables brings together ISE Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices.  The interactive roundtable discussions are hosted by our ISE Judges and Nominees.

Jeff Trudeau

Jeff Trudeau
Information Security Officer
Sutter Health
ISE® North America Health Care Executive Award Winner 2013

The New CISO: Agent of Change  > Read Summary
Major information security initiatives can be costly. InfoSec executives too often find that their organization’s leadership may not see the initial financial investment in security as business critical…at least not until data or infrastructure is compromised. A CISO must lead efforts to build consensus for security as a priority in the enterprise by selling the board and c-suite on the benefits of a proactive approach. Join our conversation to learn how to build your business plan, engage the different stakeholders and influence key decision makers — who may not have a technology or security background — in order to gain support and approval for the investment and implementation of vital security initiatives.

Tim Callahan

Tim Callahan
Chief Information Security Officer
Aflac Incorporated
ISE® Northeast People's Choice Award Winner 2009, ISE® North America Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2007, ISE® Southeast People's Choice Award Winner 2006, ISE® Southeast Executive Award Finalist 2006

Real-Life War Games: Avoiding the High-Profile Mega Breach  > Read Summary
In 1983, the idea of hacking into a computer system was science fiction, but today it is a terrifying – almost daily – reality. Most organizations underestimate their risk and vulnerability to cyber attacks, yet hacker activity is intensifying. Almost 600 security breaches have been reported during 2014 alone, several of which have been high-profile, significant incidents compromising the private data of millions of people, costing millions of dollars, consuming excessive amounts of time to remediate and in some cases destroying careers. Now, large-scale breaches such as Target, P.F Chang’s, JPMorgan Chase and Home Depot are a weekly occurrence. With more incidents and more variation than ever before, the only question is – who will be next?

Paul Huesken

Paul Huesken
Chief Information Assurance Officer
The Coca-Cola Company
ISE® Southeast & North America Judge

Securing Your Data Across Channels: Strategies for Outpacing Zero Day Threats and Hackers  > Read Summary
Mobile, social and cloud technologies enable an organization’s efficiency and productivity, and can often provide competitive and brand differentiation. However, the widespread adoption of these services often results in an environment where free-flowing data quickly outpaces an organization’s ability to proactively defend against imminent and emerging security threats. All companies with valuable IP should assume both zero day threats and sophisticated hackers are targeting them. Mobile, social and cloud technologies drive productivity. But they also open the door to data theft and advanced attacks that can slip right by anti-virus, URL filtering and firewall defenses. A continued focus on siloed controls is insufficient for today’s threats as attacks are highly advanced, well-funded and persistently targeting enterprise environments.

Frank Aiello

Frank Aiello
Chief Information Security Officer
American Red Cross

Security vs. Privacy vs. Risk: Who Leads the Charge?  > Read Summary
As the field of security has evolved, so has the role of the Chief Information Security Officer, but debates are heated regarding exactly what responsibilities this title-bearer should assume. Many global organizations have shifted from focusing on the technical management of information security programs to a holistic risk-management approach, which calls for a more business savvy CISO. Others have found combining their privacy and security teams under single leadership can help to manage risk. Others still see Security, Risk and Privacy as vital roles that merit their own C-suite members. Now, industry analysts project that one-third of large enterprises will have a Digital Risk Officer by 2017, and that the role will emerge broadly by 2015.

In Europe, more than 50 global jurisdictions have signed omnibus privacy laws, providing greater protection for individuals in the workplace and signaling an increase in the number of privacy laws worldwide. In the US, the White House last year published a 62-page privacy whitepaper that includes a Consumer Privacy Bill of Rights with recommendations on handling individuals’ personal data pertaining to issues of control, transparency, respect for context, security, access and accuracy, limits on data collection and accountability.

9:45 AM : Break

10:00 AM : ISE Nominee Showcase Presentation #4

Location: Edison EFG
Jim Routh

Jim Routh
Chief Information Security Officer
Aetna
ISE® Northeast Executive Award Winner 2007
ISE® Northeast Executive Award Finalist 2014

Raising the Bar: Becoming a Leader in Software Security > Download Presentation
In the face of ever-evolving threats and costly attacks, there has never been a more vital time for organizations to invest in software security. The software security team at Aetna demonstrated forward thinking an innovation by investing and implementing cutting-edge technologies and successfully applying them in practice ways to achieve results with high impact. In just 12 months, the Software Security Program formalized and advanced computer-based training within 500 application teams (an estimated 3,000 employees); defined repeatable processes and improved operational capability to detect and remediate potential software defects prior to production releases; on-boarded hundreds of development projects to the static analysis capability, covering more than 12 million lines of code; and revolutionized the organization’s view of penetration testing using threat intelligence to implement risk-based testing while improving test comprehensiveness. This presentation will share more about the program and how Aetna is now positioned to be the leader in software security in health care, setting the bar for the rest of the industry.

10:25 AM : ISE Nominee Showcase Presentation #5

Location: Edison EFG
Pat McGranaghan

Pat McGranaghan
Sr. Analyst, Security Awareness & Communications
Comcast

Just-in-Time: An Innovative, Proactive Approach to Addressing Insider Threats
One major breach after another points to insider threats (both malicious and misguided) as being a major risk for a large enterprise. Many organizations take a traditional approach to training, which offers limited understanding of security policies by end users, resulting in compliance issues and little accountability. Comcast views the future of security as one that is globally contextually aware. Through an innovative integration of more than 25 security tools, the company has developed a program that empowers it’s more than 90,000 users with the information and context they need to make the right decisions at the right time. This presentation will describe Comcast’s blended approach of a contextually aware security solution and Just-in-Time training, and share how the program is scalable and capable of ensuring both large and small organizations can be nimble and constantly drive change to meet corporate, market and regulatory demands.

10:55 AM : ISE Nominee Showcase Presentation #6

Location: Edison EFG
Kenneth Haertling

Kenneth Haertling
VP & Chief Security Officer
TELUS
ISE® Canada Executive Award Finalist 2013

From Myth to Legend: The All-Seeing-Network
Inspired by the multi-eyed giant of Greek mythology, the Argus Project covered the creation and implementation of an all-seeing system designed to intelligently and automatically detect everything from the most mundane to the most advanced forms of system and network intrusions, and then automate and monitor their containment and remediation. Both a functional system and extensible architecture using advanced software, Argus embeds the best of Big Data and Security Monitoring Analytics to create a game-changing technology with capabilities beyond those offered by off-the-shelf platforms. It current ingests over 6 billion events per month representing a total monthly ingestion footprint of over 30TB of logs (uncompressed). This presentation will discuss how this hybrid approach will provide benefits to the industry as a whole by seeding more innovation in both open source and commercial products as they seek to maximize their completive edge and ensure their platforms add more value in terms of function and integration into next generation open analytics.

11:20 AM - 11:30 AM: Closing Remarks