ISE® North America Schedule of Events 2015

ISE® North America Private Welcome Dinner

November 9, 2015
5:30pm - 8:30pm
David Burke's Primehouse
616 North Rush Street
Chicago, IL 60611
To register, please contact Deb Jones.
Kevin Novak

Kevin Novak
CISO and IT Risk Officer
Northern Trust

Effectiveness of Information Protection Technologies to Drive Operational Security Efficiency
The reality of today’s threat landscape is that no single product or service can solve every problem. The principals of multi-layered security architecture, integrating people, processes and technology is more important today, than it has ever been in the past. As organizations strive to find the right balance while under the pressure of shifting budgetary control, there is a light at the end of the tunnel. By adopting best practices, developing operational processes, and fine tuning those procedures, you can drive increases in your operational security model. Join our conversation to discover how to reduce ongoing expenditures by enabling the successful adoption of InfoSec controls, operated by educated staff and integrated into your organizations operational processes.

November 10, 2015

10:00am - 3:00pm: Registration

Location: Grant Foyer, 3rd Floor

11:30 AM : ISE® North America Signature Luncheon*Invitation Only

Location: Lincoln Park, 3rd Floor

Sponsored by
Cloud Passage

Jasper Ossentjuk

Jasper Ossentjuk
SVP & Chief Information Security Officer
TransUnion
Biography

Agile Security: Building A Faster, Stronger, More Responsive Model
Enterprises continue to invest heavily in virtual and cloud-based infrastructures. The era of elastic IT resources is here and it’s automated, on-demand and self-provisioning. This movement has not been so easy for some as more traditional security tools don’t always function as intended in cloud computing models. Security and compliance teams are learning that force fitting old security approaches can result in increased threats, lots of manual effort and delays in responding to the business. What’s needed is a new approach that allows businesses the freedom to take full advantage of cloud benefits, while at the same time delivering comprehensive protection of critical assets. Join our conversation to learn how to develop a more agile, efficient and effective security infrastructure to enable your enterprise to fully capitalize on the many benefits of Infrastructure-as-a-Service (IaaS).

1:00 PM : Welcoming Remarks and Introductions

Location: Millennium Park, 3rd Floor
Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

1:10 PM : Keynote Address

Location: Millennium Park, 3rd Floor
Jason Witty

Jason Witty
Managing Director, Global Chief Information Security Officer
JPMorgan Chase & Co.
ISE® Central People's Choice Award Winner 2014
ISE® North America People's Choice Award Winner 2014
ISE® North America Executive: Financial Award Finalist 2017
ISE® Central Executive of the Year Award Winner 2018
ISE® Central People's Choice Award Winner 2018

Biography

Information Security: Unprecedented
Seemingly every day, we are inundated with news of the latest high-profile data breach, state-sponsored cyber attack, or brazen act of corporate espionage. Cyber threats and vulnerabilities exist in every corner of our hyper-connected world – from small businesses to multinational corporations, from personal data to national security secrets. The sources of these threats are multitude, as are their aims: from small-time theft to global terrorism. In short, people and institutions have never been more vulnerable to cyber threats. Unprecedented times call for unprecedented response.

1:45 PM : Interactive Executive Roundtables

Location: Millennium Park, 3rd Floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.

Bruce Coffing
Chief Information Security Officer
City of Chicago

Businesses Without Borders: International Information Exchange in a Cloud-based World

Cloud computing has allowed numerous organizations to share and collaborate with their peers with greater speed and flexibility. However, there are a number security concerns in this new world of businesses without borders. Topics like data security, privacy, access rights management and international security rules and regulations all serve as major hurdles that organizations across all verticals have to tackle in their own way. The notion of trust among cloud based enterprises and their partners is essential, but what else is needed to ensure that a cloud-based information sharing structure can succeed while remaining secure? Join our conversation to discuss security’s role in the new global marketplace and share strategies for security information in a cloud-based world.

name

Gary Hayslip
Director of Information Security (CISO)
SoftBank Group
ISE® West Executive of the Year Award Winner 2015
ISE® North America People's Choice Award Winner 2015

Biography

Attacks on the Move: The Rise of Mobile-based Attacks and Exploits

The proliferation of mobile devices as essential tools of productivity within the enterprise has brought a similar increase in the frequency of mobile attacks. Chronic vulnerabilities in mobile applications make these devices the perfect conduit for nefarious hackers to steal data and important credentials. Kaspersky Lab reported finding 3.3 times as many malicious mobile programs in Q1 2015 than the final quarter of last year, and there are no signs this trend will slow. Join our conversation to discuss these evolving threats and share best practices for keeping your company data and credentials safe in your employees’ pockets.

Anthony Mannarino
Manager Information Security
Tractor Supply
Biography

Surveying the Regulatory Landscape: Looking at Data Breach Disclosure Legislation and Laws

The number of lawsuits filed as a result of a data breaches continues to grow with fines reaching massive proportions. As a result, many state legislators have been busy evaluating laws dictating how a company must respond if they have suffered a breach and personal information has been compromised. Currently, no comprehensive federal law exists that puts in place a uniform compliance standard, but this has certainly been a hot button issue as of late. As it stands, companies must comply with a patchwork of 47 different states laws that outline their disclosure requirements in the event of a data breach. As old requirements continue to be revised and new legislature enters the rounds, what kinds of things should those in the information security sector prepare for and how can they make sure their voices are heard in the decision making process? Join our conversation to share your insight.

Brenda Calloway

Brenda Calloway
Executive Director of Information Security
Health Care Service Corporation
ISE® Central Executive Award Finalist 2010
Biography

The war on APTs: Will We Ever Win?

Advanced persistence threats continue to make news headlines on a regular basis. Incidents end with massive costs, and have crippled careers and organizations. An onslaught of new tools and methodologies solely designed to combat APTs have entered the market during the last few years, yet these threats continue to loom as the most significant danger to security teams. An ISACA APT Awareness study conducted in August 2015 revealed that 93.6% of respondents consider APTs to be a “very serious threat” for their companies and the T.E.N. and IDC Salary Survey Report indicates that 12 percent of security executives believe they could lose their jobs in the case of a significant data breach. The fear leaves many wondering – will we ever win? Join our conversation to share your most innovative best practices for combating APTs and discuss with your peers strategies for getting ahead in the ever-evolving threat landscape.

2:45 PM : Break

2:55 PM : Nominee Showcase Presentation #1

Location: Millennium Park, 3rd Floor
Dave McDermitt

Dave McDermitt
Former Chief Information Security Officer and Chief Privacy Officer
USAA
ISE® Southeast Executive Award Winner 2014

Biometric Logon: Changing the Game for Multi-factor Authentication
A well-known innovator in the field of security, USAA has once again defied known limits by implementing biometric technology to support mobile application access for more than 1 million users. The new technology provides a simple, secure and broad approach to multi-factor authentication that enables users to access their accounts and manage their finances directly from the USAA Mobile App without having to use static username and password. Biometric logon shifts the focus from what you know – usernames and passwords – to who you are and what you have, ultimately safeguarding personal information often harvested from data breaches and social engineering. Learn how USAA became the first financial institution to implement this game-changing experience for its diverse user base and discover why biometric technology is the next step into the future of security.

3:15 PM: CISO Deep Dive: Executive Leadership

Location: Millennium Park, 3rd Floor

An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Pete Lindstrom

Pete Lindstrom
VP, Security Strategies
IDC
Biography

Panelists

name

Stacey Halota
Vice President, Information Security and Privacy
CyberVista | Graham Holdings
ISE® Mid-Atlantic Commercial Executive Award Winner 2009
Biography

Kenneth Haertling

Kenneth Haertling
VP & Chief Security Officer
TELUS
ISE® Canada Executive Award Finalist 2013
ISE® North America Executive Award Winner 2014 - Commercial Category

Biography

Aman Raheja

Aman Raheja
US Chief Information Security officer
BMO Financial
Biography

Jim Routh

Jim Routh
Chief Trust Officer
Saviynt
ISE® Luminary Leadership Award Winner 2016
Biography

Karthik Swarnam

Karthik Swarnam
Chief Information Security Officer
DirecTv
Biography

3:00-8:00 PM : Registration

Location: Michigan Ballroom Pre-Function

4:00 PM : Nominee Showcase Presentation #2

Location: Millennium Park, 3rd Floor
Dan Solero

Dan Solero
AVP, Cybersecurity
AT&T
Biography

Redefining Cloud-based Security
It’s no secret that traditional perimeter-based security models cannot adequately protect your enterprise in today’s threat landscape. With this in mind, the team at AT&T set out to develop a solution that could deliver an API-based architecture, which could decouple hardware and software components of network security devices to provide security software as a service, built within a distributed cloud environment, and integrated within the cloud provisioning process. Their Astra ecosystem is comprised of software-enabling virtual security services delivered via APIs, creating micro-perimeters of protection around applications based on automated intelligent provisioning. The technology also consumes threat intelligence and security event analysis via API, which enables the team to identify and mitigate events that previously had no solution. Learn how the AT&T team was able to redefine security in the cloud with their pioneer approach to application protection.

4:20 PM : Nominee Showcase Presentation #3

Location: Millennium Park
Vickie Miller

Vickie Miller
VP & Chief Information Security Officer
FICO
Roseville, MN
ISE® Central People's Choice Award Winner 2010
ISE® Central Executive of the Year Award Winner 2015

Biography

Detecting Cyber-Attacks with Data Analytics
In an effort to capitalize on talent within the business, Vickie Miller worked closely with FICO data scientists and mathematicians to ply their craft towards detecting cyber-attacks. By evolving the algorithms used in credit scoring, Miller and her team have been able to examine the tactics, techniques and procedures of cyber criminals began with the installation of an analytic engine to examine network traffic. Turning this system on at FICO and looking at DNS and DHCP traffic returned early successes with detecting fast-flux DNS attacks. Learn more about this how FICO has used this advanced analytic solution to detect anomalous behavior and revolutionize enterprise-wide security efforts.

4:55 PM: Late Afternoon Break

5:00 PM : VIP Reception (invitation only)

Location: Huron Room, 2nd Floor

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM : Sponsor Pavilion and Dinner Buffet

Location: Michigan Ballroom, 2nd Floor

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2015, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM : ISE® North America Awards Gala

Location: Great Lakes Ballroom, 2nd Floor

Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.

9:00 PM : Champagne Reception

Location: Great Lakes Foyer, 2nd Floor

Enjoy champagne and dessert while celebrating the winners, nominees and project teams. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.

November 11, 2015

7:00 AM - 10:00 AM

Location: Grant Foyer, 3rd Floor

7:30 AM : ISE® Private Networking Breakfast

Location: Grant Park Foyer, 3rd Floor

8:00 AM : ISE® Luminary Leadership Fireside Chat

Location: Millennium Park, 3rd Floor
Bill Boni

Bill Boni
Retired Senior Vice President
Information Security
T-Mobile USA
ISE® Central Executive Award Winner 2007
ISE® North America Commercial Executive Award Finalist 2007
ISE® Luminary Leadership Award Winner 2015

Biography

William Hugh Murray

William Hugh Murray, CISSP
Blog
ISE® Luminary Leadership Award Winner 2014

Deepening the Bench: Finding the (Right) People to Secure Our Cyber Society
Threats to security for our digitalized global society continue to increase rapidly. As breaches come in rapid succession, boards are demanding to be briefed by CIOs and CISOs on the current state of readiness. Military and civilian agency heads have found their cyber defense under close scrutiny and the upshot of all this increased concern has been a sudden wave of hiring around the country as every organization attempts to upgrade skills and experience while trying to expand capacity to deal with the increased demand for assurance. However, traditional educational, training and certification resources have not fully met the rapidly increasing demand for skilled practitioners, nor the diverse and evolving training and skill development needs of current cyber security professionals. Additionally, the heightened demands placed on security leadership are creating church and burnout at senior levels. Join our conversation to discuss what needs to be done to improve existing cyber/information security degree programs, what skills future CIOs and CISOs must possess, and how to address the chronic turnover at senior levels so that the industry as a whole can successfully address the challenges of the ever-evolving threat landscape.

8:45 AM : Interactive Roundtables

Location: Millennium Park, 3rd Floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices.  The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.

John Graham

John Graham
CISO
EBSCO Industries
ISE® Southeast Executive Award Finalist 2012
ISE® Southeast Executive Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Commercial Category

Help or Hindrance? Looking at the Benefits and Flaws of Encryption-based Security

Encryption and cryptography can be very powerful security tools when used correctly, but like all security measures, they’re not a panacea. Teams must determine the strength of encryption, who holds the keys and at what level to encrypt (storage, database or application level?) The many options for encryption offer a variety of security advantages, but they each have their own flaws to be considered. These include issues like malicious insiders abusing encryption keys, malware based bypasses, and overall encryption costs. Join our conversation to learn what kinds of encryption and cryptography solutions are best for your organization and how you can combine those solutions with other security methodologies.

David Rooker

David Rooker
Chief Security Officer
Actian Corporation
ISE® Southeast Executive Award Finalist 2016
Biography

New Vulnerabilities in Old Places: The Potential for Critical Vulnerabilities in Old Code

The aftermath of major code vulnerabilities like Heartbleed and Shellshock made it clear that insecure code is a perpetual problem. Much of the code that we rely on to run the economic engine that is the Internet, was crafted some 25 years ago using the methodologies and standards of that time. Billions of lines of code need to be reviewed using modern standards and then updated to ensure security. Where does the next big vulnerability exploit lie? Join this conversation to discuss the new vulnerabilities that could be lurking in old code and share insights on your approach to ensuring your company’s software is secure.

Brenda Callaway

Brenda Callaway
Divisional Vice President, Information Security Risk Management
HCSC
Biography

Building a Better Bridge: Connecting the CISO and the Board

For a long time, CISOs have been in the spotlight only when a major security event transpires and often as little more than a scapegoat. However, in the age of the mega breach, security is seen as vital to business success and upper level managements is looking to the CISO for assurance. A recent survey revealed that “80 percent of boards discuss cybersecurity at nearly every board meeting.” With security as a growing business priority, it is the perfect opportunity for CISOs to bridge some longstanding gaps between the security vanguard and the boardroom. Join this conversation to learn more about how CISOs can improve your organization’s preparedness through regular C-suite and board engagement and organization-wide threat defense practices.

Paul Groisman

Paul Groisman
Sr. Director, Cybersecurity
fuboTV
Biography

No Longer Left to Their Own Devices: Hacking Concerns with the Internet of Things

For many, the term “Internet of Things” has been little more than a buzzword tossed around over the last few years. However, as more devices gain the ability to connect, communicate with, and remotely manage an incalculable number of networked, automated devices via the Internet, the IoT is finally becoming a reality. Whether it’s a number of automated network devices on a factory floor, a remotely managed series of equipment in a hospital, or even just a collection of highly interconnected devices in a residential home, the elements that make up the IoT are becoming more pervasive by the day, and with them come critical security concerns. Join this conversation to discuss major security concerns with the IoT like ubiquitous data collection, consumer data privacy and new avenues of attack.

9:45 AM: Break

10:00 AM: ISE® Nominee Showcase Presentation #4, #5 & #6

Location: Millennium Park, 3rd Floor
Bret Arsenault

Bret Arsenault
Vice President and Chief Information Security Officer
Microsoft
Seattle, WA
ISE® North America Executive Award Winner 2015 - Commercial Category
Biography

Strategies for Defending One of the Most Attacked Enterprises in the World
As the Chief Information Security Officer for Microsoft – one of the most attacked properties in the world – Bret Arsenault and his team have invested heavily in security and risk management, scanning Microsoft’s networks daily for events and patterns that indicate a security incident threatening the company’s operations environment. The team monitors 9 billion events every day and hopes to increase this capacity to 20 billion events per day in the next fiscal year. They team has also increased coverage to 1.4 million devices monitored. Learn more about the strategies, tactics and solutions the Microsoft security team successfully defends and protects the enterprise.

Medha Bhalodkar

Medha Bhalodkar
CISO, Enterprise IT Risk Officer
Columbia University
ISE® North America Executive Award Winner 2015 - Academic/Public Sector Category
ISE® North America Executive Award Winner 2016 - Academic/Public Sector Category
ISE® Northeast Executive Award Finalist 2018

Biography

Leaving the Silo: A Multilayered Approach to Security
Columbia University sought to implement a comprehensive program for security and risk management that outlined a multi-layered approach to security at the University. This process also involved consolidating their existing individual technology policies into a set of uniform university security and information technology policies. The project team partnered with 17 schools, University Research organizations, and Central Administration, to consolidate the university wide 43 IT policies to 13, bringing total alignment of CU Policy requirements for information security controls, risk management, compliance, and for IT governance. Learn how the Columbia project team was able to increase their productivity through resource allocation and employing a collaborative working team spanning several initiatives by adopting this type of a proactive program.

Damon Stokes

Damon Stokes
Manager - Governance, Risk, Performance
Blue Cross Blue Shield Blue Care Network of Michigan
Biography

Securing the Supply Chain to Protect Millions
Breaches of Protected Health information and Personally Identifiable Information began occurring long before the recent, well-known, incidents at Target, Home Depot and Anthem. Information breaches that were the result of supplier negligence accounted for over 60% of all affected individuals as reported via the U.S. Department of Health and Human Services Breach Notification mechanism. The project team at Blue Cross Blue Shield Blue Care Network of Michigan sought to ensure customer data was safe from threats to the supply chain through an innovative program. The Supplier Risk Management Program was implemented to identify, mitigate, and address the potential technology security risk introduced by including third parties, providing services, in the normal course of conducting business. Learn how the team was able to protect more than 20 million members, while improving security posture, providing expanding visibility into third party security efforts and strengthening collaboration between BCBS and its supplier base.

11:20 AM - 11:30 AM: Closing Remarks

Location: Millennium Park, 3rd Floor

11:30 AM: Program Concludes