ISE® North America Schedule of Events 2016

ISE® NORTH AMERICA PRIVATE WELCOME DINNER & ELECTION VIEWING PARTY
Orchestrating a Move Away From the Silos

November 8, 2016
5:30pm - 10:30pm
David Burke’s Primehouse
616 N Rush St
Chicago, IL 60611
Registration
bc

Brenda Callaway
Executive Director, Information Security
Health Care Service Corporation
Biography

“Are you secure and are things getting better or worse?” How would you answer this question? Security teams are inundated with alerts from multiple, siloed products and typically have manual processes and handoffs making it impossible to know what’s important, where to start and the current status of an incident or vulnerability. Linking security and IT together can help organizations deliver more efficient security response, streamline remediation and clearly visualize security posture. Join our conversation to learn how your security team can improve your organization’s security through orchestration methods and create a single platform for responding to security incidents and vulnerabilities – and ultimately reduce risk.

Additionally, as our dinner will be held on Election Day, ServiceNow and T.E.N. will be hosting a special viewing party immediately following the dinner to view the election results. This after-party will also be held at David Burke’s Primehouse in their private library room, which will feature televisions, couches, desserts, and after-dinner drinks. Join your fellow InfoSec Executives after an evening of engaging collaboration and discussions to relax and view the election results!

November 9, 2016

10:00am - 3:00pm: Registration

Location: Great Lakes Foyer, 2nd Floor

11:30 AM : ISE® North America Signature Luncheon*Invitation Only

Location: Ontario, 2nd Floor
intel

Stephen R. Katz

Stephen R. Katz
Founder & President
Security Risk Solutions, LLC
ISE® Luminary Leadership Award Winner 2006
Biography

Simplifying the Threat Defense Lifecycle
With the rising volume and complexity of threats, and the limited time and resources available to handle them, security practitioners must evolve their approach to their defense. At its core, the job has not changed: to protect vital services and information from theft, manipulation, and loss from external and internal actors. One of many challenges that’s new, is that the “bad actors” now are able to target their attacks specifically at individual organizations. With these limited resources and targeted attacks, the way security teams do the job needs to change. They need to focus on ways to reduce security fragmentation, automate tasks, and force-multiply capabilities. An open and integrated system best enables organizations to effectively block threats, identify compromises, and expedite remediation. Join our conversation to learn how you can better protect, detect, and correct issues in your organizations threat defense methodology.

1:00 PM : Welcoming Remarks and Introductions

Location: Chicago Ballroom, 16th Floor
Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® North America Leadership Summit and Awards 2016.

1:10 PM : Keynote Address

Location: Chicago Ballroom, 16th Floor
name

Gary Hayslip
Director of Information Security (CISO)
SoftBank Group
ISE® West Executive of the Year Award Winner 2015
ISE® North America People's Choice Award Winner 2015

Biography

Cyber, The Path to CISO: How Cyber is Evolving the Role of the Modern CISO
The path to being a CISO is not for the faint of heart. Gary Hayslip started his journey over 20 years ago, and as with many who are now CISO’s it has been filled with positions other than cybersecurity. This brings us to the nexus of our discussion, to be a CISO there are unique challenges and specific paths that we follow in response to them. However, in today’s dynamic environment we find our original role as CISO is evolving, organizations seek to understand how to use cybersecurity as a strategic business process and it’s up to us as Security Executives to lead that discussion and define the value of our security programs.

1:45 PM : Interactive Executive Roundtables

Location: Chicago Ballroom, 16th Floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.

Sponsored by

echoworx

Tony Spurlin

Tony Spurlin
Vice President & Chief Security Officer
Windstream
ISE® North America People's Choice Award Winner 2005
ISE® Southeast Executive Award Finalist 2018

Biography

Security from the Inside: Combating Insider Threats
While the popular view of most security threats tends to be of outsiders, the last few years have also seen an increasing emphasis on threats to the enterprise from the inside. Insider threats can range from something as simple as a negligent employee who clicks on a bad email link to a disgruntled employee with privileged access to sensitive data and portions of the enterprise. A 2016 survey on insider threats by Bitglass revealed that one in three organizations interviewed had experienced insider attacks, with 56% saying they have gone up in the past year. Organizations are starting to see improvements in detecting insider threats however. In the same survey, 64% of the respondents said they can now detect breaches within a week, compared to the previous year where only 42% were able to do so. While there have been some improvements in dealing insider threats, there still remains a strong need for a more vigilant and proactive approach to identifying, isolating, and mitigating damage from these kinds of attacks.

Paul Huesken

Paul Huesken
Chief Information Assurance Officer
The Coca-Cola Company
ISE® Southeast & ISE® North America Judge
Biography

Protecting Data: Keeping the Keys to the Kingdom Out of the Hands of Hackers
Breaches invariably involve data loss (for example: Anthem, JPMC, and Target), so finding the best practices to prevent them should be an essential part of your organization. Protection of data can be done at multiple network levels and can involve encryption, masking, or tokenization. The many options for data security offer a variety of security advantages, but they each have their own flaws to take into consideration. These include issues like malicious insiders abusing encryption keys, malware-based bypasses, and overall costs. Join our conversation to learn what kinds of secure data solutions are best for your business requirements; why and when to use each solution; and how you can combine solutions to minimize risk.

Dan Solero

Dan Solero
AVP, Cybersecurity
AT&T
Biography

Maintaining Security on the Move: Best Practices for Securing Mobile Apps
In our era of mobile technology, there are millions of applications available for mobile device users to download. According to a report by Statistica, there were over 4 million applications available from Google Play (2.2M) and Apple’s App Store (2 M) alone as of June 2016. The list seems endless and new apps are popping up every day. It should come as no surprise that smartphones and tablets are targeted by threat actors and present a large security risk to end-users and companies. Compounding that risk is the fact that many companies aren’t investing enough time or money for mobile application security. In fact, 65% of people surveyed by the Ponemon Institute said that security of mobile applications is sometimes put at risk because of the “rush” to meet a customer need or market opportunity. Securing mobile applications against threats posed by cyber theft, malware, and viruses requires balancing the need to release applications quickly with the rigor and discipline required by secure coding and testing best practices for application development.

Dimitra Kane

Dimitra Kane
Enterprise Architecture, Sr, Manager
Discover
Biography

Ransomware on the Rise
Malware has long been the bane of many security professionals. However, a more frightening evolution in this long-time InfoSec foe has become increasingly dangerous and more prevalent in recent years. Ransomware has continued to grow as one of the most prevalent threats to industries of all shapes and sizes. A 2015 report by McAfee found a huge jump of late, from 257,357 new ransomware samples in the first half of 2014, to 380,652 in the second half. By the first half of 2015, that number jumped 5.3 times to over 2 million. In 2016, we saw several increasingly high-profile examples, including, most notably, the case of Hollywood Presbyterian Medical Center, a 434-bed hospital whose network effectively ground to a halt after hackers breached the system in early February. After relying on pen and paper records briefly, Hollywood Presbyterian paid the 40 bitcoin ($17,000) ransom to regain control of its network. As ransomware continues to spread, what can security professionals do to better protect themselves from this most malevolent of malware?

2:45 PM : Break

2:55 PM : Nominee Showcase Presentation #1

Location: Chicago Ballroom, 16th Floor

Harold Dibler
Managing Director, Business Technology
Best Western
Biography

Transforming User Accounts: Access Management, Security, and Stability
For Best Western Hotels & Resorts, creating user accounts within a significant client base and providing the correct access heavily relied upon company help desk assistance due to the use of a home-grown system, and opened up the accounts of many users to potential risk. This home grown system also led to difficulties in establishing partnerships, as the process worked slowly and delayed the rollout of new products to market. As a result, Best Western sought a solution that made many of their user account and partnership creations more efficient and secure. This led to establishing their Business Transformation Project. Through it, Best Western upgraded its identity and access management capabilities from a home-grown account management system using outdated SSO implementation to an industry-leading Identity Management Suite and SSO/Web Access Management solution. Learn how this program has streamlined account creation, access and management, nearly eliminating any assistance from their help desk; tightened security around all accounts to protect client information; and significantly sped up the process of establishing partnerships to improve time to market for its products.

3:15 PM: CISO Deep Dive: Executive Leadership

Location: Chicago Ballroom, 16th Floor

An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Pete Lindstrom

Pete Lindstrom
VP, Security Strategies
IDC
Biography

Panelists

Michael Dierickx

Michael Dierickx
Director PSIRT
Raytheon

Renee Guttmann

Renee Guttmann
CISO
Campbell Soup Company
Biography

Vickie Miller

Vickie Miller
VP & Chief Information Security Officer
FICO
Roseville, MN
ISE® Central People's Choice Award Winner 2010
ISE® Central Executive of the Year Award Winner 2015

Biography

Mike Towers
Former Chief Digital Trust Officer
Takeda Pharmaceuticals
ISE® Northeast Executive of the Year Award Winner 2015
ISE® North America Executive: Health Care Award Winner 2015
ISE® Northeast Executive Award Winner 2020
ISE® North America Executive: Health Care Award Winner 2020

Biography

Jason Witty

Jason Witty
Managing Director, Global Chief Information Security Officer
JPMorgan Chase & Co.
ISE® Central People's Choice Award Winner 2014
ISE® North America People's Choice Award Winner 2014
ISE® North America Executive: Financial Award Finalist 2017
ISE® Central Executive of the Year Award Winner 2018
ISE® Central People's Choice Award Winner 2018

Biography

3:00-8:00 PM : Registration

Location: Great Lakes Foyer, 2nd Floor

4:00 PM : Nominee Showcase Presentation #2

Location: Chicago Ballroom, 16th Floor

Yusuf Kapadia
CIRC - Global Operations Manager and Regional Manager Americas
ADP
Biography

Detecting and Addressing Security Attacks Through Behavioral Analysis
Over the last few years ADP has been focused on looking for tools specifically designed to help better analyze security and business transaction data in order to protect client funds and data. Without tools that take historical security event behavior into account, it is difficult for teams to detect targeted threat actors. To address this issue, ADP developed an advanced approach with its Global Enterprise Behavioral Profiling program. It allows for deeper insight into long-term behavior of an associate’s user accounts; systems used; and “act as” functionality of users by implementing a global user behavioral analysis technology. Implementing this technology has given ADP’s threat monitoring analysts a massive boost in productivity—identity profiling and group/network zone comparisons that used to take weeks now takes minutes. Join us to learn how ADP’s project provides significantly more confidence in investigations free from human error, and how their analysis, raw log collection, and analytics are automated and provided in real time.

4:20 PM : Nominee Showcase Presentation #3

Location: Chicago Ballroom, 16th Floor
Jeannette Rosario

Jeannette Rosario
Director, Global Security
Aetna
Biography

You Only Have to ASK: Security Assurance in the Assessment Security Knowledgebase
With the continuous increase in threats, the number of regulator, auditor and customer inquiries surpassed 40,000 in one year. Aetna created the Assessment Security Knowledgebase (ASK) which has reduced the number of single inquiries by 15,000. ASK is based on two critical parts: the Security Portal, an internet accessible portal presenting Aetna’s security capabilities, and the Audit Locker, an automated internal tool for auditors to validate security controls. Together they help maintain control over the level of requests while also consistently meeting common regulatory requirements. The program has resulted in significant cost savings due to the consolidated efforts and efficiency of ASK—audit assessments that took months to complete can now be done in weeks. Join the conversation to learn how the Aetna team was able to make significant returns on investment by more efficiently receiving and addressing requests, solving an unaddressed problem of corporate America: an overload of internal and external audit assessments.

4:55 PM: Late Afternoon Break

5:00 PM : VIP Reception (invitation only)

Location: Chicago Foyer, 16th Floor

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM : Sponsor Pavilion and Dinner Buffet

Location: Michigan Ballroom, 2nd Floor

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2016, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM : ISE® North America Awards Gala

Location: Great Lakes Ballroom, 2nd Floor

Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.

9:00 PM : Champagne Reception

Location: Great Lakes Foyer, 2nd Floor

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.

November 10, 2016

7:00 AM - 10:00 AM : Registration

Location: Chicago Pre-Function, 16th Floor

7:30 AM : ISE® Private Networking Breakfast

Location: Chicago Foyer, 16th Floor

8:00 AM : Fireside Chat

Location: Chicago Ballroom, 16th Floor
Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

John Graham

John Graham
CISO
EBSCO Industries
ISE® Southeast Executive Award Finalist 2012
ISE® Southeast Executive Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Commercial Category

Craig Shumard

Craig Shumard
Principal
Shumard Associates
ISE® Tri-State Award Winner 2005
ISE® Luminary Leadership Award Winner 2010

Biography
T.E.N. Success Story

Security on the Horizon: The Shape of Information Security in 2017
As more products and services become connected to the Internet, the need to proactively address cybersecurity and privacy risks increases. Additionally, topics like data privacy and trust have also become critical business requirements as consumer and business information generation continues to grow at an exponential rate and shared in a multitude of ways. This year we’ve seen everything from an increase in the rate of ransomware attacks, debates on the ethics surrounding encryption, further instances of hard hitting insider threat attacks, cyberattacks that target large scale tech like power grids and even DDoS attacks on DNS providers. As the InfoSec landscape continues to shift and change, so to do the key things we look for in the next wave of Information Security Professionals. What kinds of skills and knowledge will the CISOs of tomorrow need? How should organizations build out their security teams and how do they go about finding the right talent? Join our conversation as we take a look at the security trends that will shape the year ahead and as we discuss best practices and strategies for building a talented security team to tackle the threats of tomorrow.

8:45 AM : Interactive Executive Roundtables

Location: Chicago Ballroom, 16th Floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices.  The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.

Shelbi Rombout

Shelbi Rombout
Deputy Chief Information Security Officer
U.S. Bank
Biography

Social [Media] Security: The Impact of Social Media on Information Security
Social media has become such an integral part of our day to day actions that we sometimes neglect to consider the greater impact it has at the business level. Cyber criminals run rampant across every social network today. While we see headlines about social marketing faux pas and account hacks, those are just the tip of the security risk iceberg. Companies’ poor social media security practices can put their brands, customers, executives, at serious risk. According to Cisco, Facebook scams were the most common form of malware distributed in 2015. The FBI said that social media-related events had quadrupled over the past five years and PricewaterhouseCoopers found that more than one in eight enterprises suffered a security breach due to a social media-related cyberattack. While adapting best practices for social media usage for employees is a decent start, there’s much more to be done. Security professionals must start treating social channels like the potential security threat they are and align strategies to effectively fend against the range of cyber techniques currently in use.

Selim Aissi
Chief Information Security Officer
Blackhawk Network
ISE® West Executive Award Finalist 2015
ISE® North America Executive Award Finalist 2015 - Commercial Category

The Internet of Things is Here and Growing but are You Ready for it?
The once nebulous Internet of Things has slowly but surely become a more defined and pressing issue for Information Security professionals as more organizations begin to adopt the IoT into their business structure. Gartner predicts that in the year 2020, 25 billion ‘things’ worldwide are connected to the internet with a collective economic value of two trillion dollar. While that still leaves current InfoSec professionals some time to adapt to a more pervasive Internet of Things, the question remains; “How ready is your organization for IoT adoption now?” Does your organization have the right skillsets and capabilities in place now to start investing in IoT related projects? Aside from all the innovative, technical and business skills needed, perhaps the greatest skill needed is the ability to understand what missing factors are in the organization’s capabilities.

Jennifer Cole

Jennifer Cole
CISO, VP of Information Security and Governance
ServiceMaster
ISE® Southeast Executive Award Finalist 2016
Biography

Preparing for the New Edge: Improving Security for Digital Business
Digital expansion is reshaping organizational security and risk management. Mobile, cloud computing, social networking and the Internet of Things are just some of the factors driving this business transformation. A 2016 survey sponsored by Unisys Corporation found that 72% of executives surveyed show a strong commitment to adopting a digital business model, with the cloud as the key enabler. However, only 15% of respondents indicated that their organizations currently have the “extremely flexible/nimble” attributes required to implement a digital model that enables them to capitalize fully on future business opportunities. Gartner predicts that by 2020, 60% of digital businesses will suffer major service failures due to the inability of security teams to manage digital risk. Organizations must now address cybersecurity and risks in technologies and assets they no longer own or directly control. As more companies make the move to bigger digital business efforts, digital ethics, analytics, and people focus will become as important as technical controls.

Ed Yousfi

Ed Yousfi
Director, IT Security (CISO)
Gallagher Bassett Services
Biography

Securing What You Share: Improving Your Third Party Security
When organizations start working with third-party vendors, they have to consider a variety of security concerns. These vendors often have access to valuable, sensitive corporate data, yet according to a 2016 study by the Ponemon Institute, more than one third of companies don’t believe these vendors would tell them if they had a data breach. Additionally, About 60% of respondents said they felt vulnerable because they were sharing sensitive data with third parties that might have weak security policies. While including data privacy and security procedures in third-party contracts to ensure vendors have appropriate measures in place to protect company data has become commonplace, it is difficult to evaluate how the vendor is protecting data from unauthorized access, use, and disclosure, and to know whether the vendor has appropriate contractual terms in place with downstream, who may also have access to your data. This disconnect creates a high-risk area for all industries as more and more data loss through third-party vendors results in a breakdown of trust and communication. To help prevent potential damages, organizations need to develop plans for working with third parties that involve data mapping vendors, contract specificity, and regular data audits.

9:45 AM: Break

10:00 AM: ISE® Nominee Showcase Presentation #4

Location: Chicago Ballroom, 16th Floor

Johannes Jaskolski
Distinguished Member of the Technical Staff
AT&T

Peter Galanis
Director, Security
AT&T

Simplifying and Refining Secure User Authentication
The unprecedented threat levels present in information security today necessitate advanced authentication technologies beyond simple passwords and security questions. However, more complex authentication methods can run the risk of being difficult or confusing for users to implement, and attackers are still consistently able to uncover ways to impersonate users and bypass typical authentication methods. AT&T worked on a solution that would provide high-level authentication that was not only significantly more secure, but also effortless for the end-user to utilize. Furthermore, these methods had to be so finely tailored to users that potential threats would be unable to replicate the responses or information required. Join AT&T as they tell us how their Identity and Access Management Platform integrates commercial software elements with custom developed technologies to provide highly unique authentication options that are effortless for an end-user to implement and extremely difficult for attackers to compromise.

10:20 AM: ISE® Nominee Showcase Presentation #5

Location: Chicago Ballroom, 16th Floor

Raj Rajagopalan
Senior Security Architect, Enterprise Risk & Security
Cox Automotive
Biography

A Lean Approach to Enterprise Security
Cox Automotive is a heterogenous federated Enterprise whose goal is to transform the way the world buys, sells and owns cars. To do that Cox Automotive follows the Lean Business model of being nimble, customer focused and innovative. Securing such an environment requires a matching approach, Lean Security whose primary focus is to Enable Business.

The fundamentals of the approach are to see Security as an intrinsic aspect of Quality and Quality as an indivisible part of the development to production process. This includes the concept of Shift Left introducing Security into the requirements process, educating Development and QA teams on Security concepts and automated Security scanning of all code on a continuous basis.

10:40 AM: ISE® Nominee Showcase Presentation #6

Location: Chicago Ballroom, 16th Floor

Richard McClure
GVP, Business Continuity
SunTrust
Biography

Terry Schade
Senior Vice President and Head of Business Resiliency
SunTrust
Biography

Leveling Up Your Organization’s Business Continuity
SunTrust’s DR Next Project set out to support a 5 year Business Continuity Program by heightening recovery preparedness and operational excellence through broader testing, infrastructure flexibility, and administration optimization. DR Next key elements, including end-to-end transactional testing capabilities, consolidation of standards, application level recovery, and extended accessibility to DR environments were delivered. The project also addressed concerns around broader testing capabilities and maturing of these capabilities as well as solicited input across the enterprise including business, delivery managers, and operational owners to develop a common and holistic testing strategy. Learn how this multi-year program has elevated the level of preparedness and risk management for the organization while supporting and managing long term operational excellence.

11:00 AM - 11:30 AM: Closing Remarks

Location: Chicago Ballroom, 16th Floor

11:30 AM: Program Concludes