ISE® NORTH AMERICA PRIVATE WELCOME DINNER
Improving Visibility for Effective Threat Detection and Response
Ricardo Lafosse
CISO
Morningstar, Inc.
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
November 8, 2018
10:00 AM-3:00 PM: Registration
Location: Grant Park Foyer, The Summit—9th floor
11:15 AM: ISE® North America Signature Luncheon*Invitation Only
Location: Grant Park CD; Summit Chicago
Sponsored by:
Security 2025: What Does the Future of Security Look Like?
Fred Kwong
Director, Information Security (CISO)
Delta Dental Plans Association
Biography
For the last 20 years we have reactively implemented monolithic security solutions by stacking legacy products on top of each other. This non-integrated approach has forced our organizations to confront significant complexity, resource drag and lack of effectiveness. As a community, it’s time to unite and define the new North Star of where security is headed. How do we challenge ourselves to a new way of thinking? What do we want our organizations to look like? How do we shift ourselves into a position where we can capably manage fast-paced challenges? Security 2025 is a research project focused on building a new and sustainable security blueprint. By coming together as security leaders, we can use our real-world experiences and knowledge to redesign and rebuild the engine of security. Join us for an evening of conversation as we discuss our unified approach in creating a cohesive and effective operating model that the industry can utilize for years to come.
12:50 PM: Welcoming Remarks and Introductions
Location: Grant Park AB 9th floor; Summit Chicago
Marci McCarthy
CEO and President
T.E.N.
Biography
T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® North America Leadership Summit and Awards 2018.
1:00 PM: Keynote Address
Location: Grant Park AB 9th floor; Summit Chicago
The Value of Security Convergence
Mike Towers
Former Chief Digital Trust Officer
Takeda Pharmaceuticals
ISE® Northeast Executive of the Year Award Winner 2015
ISE® North America Executive: Health Care Award Winner 2015
ISE® Northeast Executive Award Winner 2020
ISE® North America Executive: Health Care Award Winner 2020
Biography
Cyber and information security are getting lots of attention, but there are other disciplines of security that are critically important. The principles of any security discipline are the same: identify what needs protecting and apply appropriate controls to do so. How can cyber security learn from other security areas – and vice versa? Can better alignment add value?
1:35 PM: Interactive Executive Roundtables
Location: Grant Park AB 9th floor; Summit Chicago
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.
What Is Security’s Role in Digital Transformation?
Sponsored by:
Bruce Coffing
Chief Information Security Officer
City of Chicago
Digital transformation is front of mind for many senior executives, but too often security is left behind. As IT and businesses fast-track initiatives like agile and DevOps to improve speed to market and reach business goals faster, security’s role is confined to asking questions afterwards about security challenges, cyber risks, and compliance requirements. Most IT teams already struggle with maintaining security initiatives. Rushing towards digital transformation without taking the proper precautions means that these newly connected systems can allow cyber threats to attack more rapidly, inflicting greater damage across enterprise networks. To protect our organizations, security must be applied holistically from the beginning of the process as an integral, automated necessity—but how do we ensure security is top of mind as our businesses embrace this digital transformation paradigm shift?
Orchestrating and Automating a More Secure SOC
Ricardo Lafosse
Chief Information Security Officer
The Kraft Heinz Company
ISE® Central Executive of the Year Award Winner 2019
ISE® North America Executive: Financial Award Finalist 2019
Biography
A Security Operation Center (SOC) team is often found deep in the trenches, detecting, containing, analyzing, and remediating any IT incident that threatens a company’s processes. While SOC teams are usually equipped with skilled managers, they often suffer from a lack of skilled staff, alert fatigue, resource depletion, and wasted time chasing after false positives. Because of their importance and their overwhelming workloads, introducing security orchestration and automation into SOC processes is more crucial than ever before for security executives to consider. Not only do these tools assist SOC teams in performing their responsibilities and mitigating skills gaps, but also they help businesses with employee retention, lessening the probability of burnout. However, organizations should become aware that employing too many specialized tools can add more complications and work processes than they resolve. Join our discussions on why security executives should have a keen understanding of SOC pain points and the team’s current needs before pursuing shiny, new solutions.
Creating a Dynamic and Actionable Information Security Plan
Robert Pace
VP, Information Security & CISO
Invitation Homes
ISE® West Executive Award Finalist 2022
ISE® West People's Choice Award Winner 2023
ISE® Central-West Executive Award Finalist 2024
Biography
Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.
Creating a Secure Cloud Infrastructure
Marcia Peters
SVP, Information Security Governance, Risk, and Compliance
US Bank
Biography
The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to more proactively protect. Join our discussions to learn how a thorough understanding of your company’s cloud capabilities and infrastructure aids security professionals in having a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.
Data Loss Prevention in an Age Without Borders
Yabing Wang
Deputy CISO
Carrier Corporation
Biography
The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.
2:35 PM: Break
2:45 PM: Nominee Showcase Presentation #1
Location: Grant Park AB 9th floor; Summit Chicago
Shifting Security LEFT
Garrison Hu
Principle Engineer
T-Mobile
Biography
With increasing demand to support T-Mobile’s UnCarrier, there was a growing desire to implement an enterprise solution where technology could develop and deploy solutions at accelerated speeds. The solution “Shifting Security LEFT” integrates the speed of secure development capabilities such as developer education, security diagnostic tools, and integrated security testing with current agile development techniques. Effectiveness is determined by comparing data-driven security metrics against performance KPI’s. This enables leadership to make bold UnCarrier business decisions with the confidence that security is in the development DNA.
3:05 PM: ISE® North America Exabyte Sponsor Showcase Presentation
Location: Grant Park AB 9th floor; Summit Chicago
Best Practices in Incorporating Security into your Digital & Cloud Transformation Strategy
Jason Clark
Chief Strategy & Marketing Officer
Netskope
Biography
3:25 PM: Women in Cyber Security Panel
Location: Grant Park AB 9th floor; Summit Chicago
Building a Better, Diverse and More Secure Future
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Medha Bhalodkar
CISO, Enterprise IT Risk Officer
Columbia University
ISE® North America Executive Award Winner 2015 - Academic/Public Sector Category
ISE® North America Executive Award Winner 2016 - Academic/Public Sector Category
ISE® Northeast Executive Award Finalist 2018
Biography
Nicole Darden Ford
Vice President, IT – Global Information Security & Chief Information Security Officer
Baxter International
ISE® Central Executive Award Finalist 2018
Biography
Tess McCarthy
Employee Resilience Strategist
MassMutual
Biography
Catherine Rees
VP, Cyber Security Strategy
Comcast
Biography
Shelbi Rombout
Deputy Chief Information Security Officer
U.S. Bank
Biography
For the last several years, there’s been a lot of discussion about the overall shortage of qualified talent in the cybersecurity workforce. A 2018 (ISC)2 report found that the global cybersecurity workforce gap has increased to 2.9 million unfulfilled positions. But the security industry is a fast-growing, adaptable market, and (ISC)2 further reports that women now represent 24% of this broader cybersecurity workforce, compared to previous studies reporting only 11%. Even as the threats we face continue to grow, our industry as a whole is making strides in presenting opportunities for more robust and qualified cybersecurity talent to enter the field. Now, it is more important than ever for security professionals to continue the momentum and bridge the widening gap. Security benefits from different types of people from different backgrounds that provide a broader insight into the key issues we face every day. Women and minority representation is gaining traction in the current security population, but we must continue finding more ways to involve them in security. The benefits are plentiful, and not just for women. Attracting and maintaining highly qualified women can help reduce the cyber security labor shortage, diversify the field, and improve the overall quality of next-generation professionals with valuable guidance and mentorship.
3:00-8:00 PM: Registration
Location: Comiskey Foyer—Concourse Level/West Tower; Hyatt Regency
4:10 PM: Nominee Showcase Presentation #2
Location: Grant Park AB 9th floor; Summit Chicago
Healthcare on the Move: Using Security as a Business Enabler
Stoddard Manikin
VP, CISO
Children's Healthcare of Atlanta
ISE® East Executive Award Winner 2024
Biography
Jeremy Meller
VP IS&T
Children's Healthcare of Atlanta
Biography
To improve clinician to clinician communication, Children's Healthcare of Atlanta replaced the existing hospital communication solution to provide enhanced services, including: bar code scanning, secure messaging and integration with existing applications. The project set out to develop and implement the necessary clinical and infrastructure components to improve operational workflows in order to provide a seamless and secure means of communication and medication administration documentation. The Mobile Clinician Project rollout addressed both security and operational needs, helping prove the idea that security can be an enabler vs. a barrier. Join our conversation as the Children’s Healthcare of Atlanta Team shares how they combined multiple technologies that made patient care more efficient, addressed security and privacy concerns, and promoted mobility for their caregivers.
4:30 PM: Nominee Showcase Presentation #3
Location: Grant Park AB 9th floor; Summit Chicago
The Cyber Threat Prediction, Detection, & Data Protection Plan
Arvin Bansal
Senior Director, Cyber, Governance and Risk
AmerisourceBergen
Biography
Kumar Chandramoulie
Senior Director – Cyber Defense, Threat and Vulnerability Management
AmerisourceBergen
Biography
Cyber criminals are getting very creative and sophisticated every day weaponizing zero-day threats and leveraging new threat vectors & threats to attack large enterprises causing significant business disruption. Furthermore, with network boundaries dissolving due to rapid consumption of cloud based applications & infrastructure and field workforce using unmanaged devices to access sensitive systems and data in the cloud, any organizations’ life blood – data – is now constantly flowing in & out of its network and cloud instances. AmerisourceBergen (ABC) is in the business of creating healthier futures by enhancing patient outcomes so any business disruption will have a life altering impact. They aspired not only to detect known knowns but predict unknown unknowns at lightning speed to disrupt and respond to those threats; all while having full visibility into ABC’s critical data. Join our conversation to learn how AmerisourceBergen’s projects enabled them to monitor, detect and protect their data with 360-degree visibility and cutting-edge data analytics.
4:50 PM: Late Afternoon Break
5:00 PM: VIP Reception (invitation only)
Location: Comiskey—Concourse Level/West Tower; Hyatt Regency
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM: Sponsor Pavilion and Dinner Buffet
Location: International Suites—Ballroom Level/West Tower; Hyatt Regency
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2018, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:45 PM: ISE® North America Awards Gala
Location: Regency D—Ballroom Level/West Tower; Hyatt Regency
Todd Fitzgerald
Managing Director/CISO
CISO Spotlight, LLC
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
2015-2019 ISE® North America MC
Security Author
Biography
Dr. Kevin McKenzie
Former SVP of Information Technology & Enterprise CISO
Dollar Tree Inc., Family Dollar Inc.
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013
Biography
Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.
9:00 PM: Champagne and Dessert Reception
Location: Regency D—Ballroom Level/West Tower; Hyatt Regency
Enjoy champagne and dessert while celebrating the winners, nominees and project teams.
November 9, 2018
7:00 AM-10:00 AM: Registration
Location: Grant Park Foyer, The Summit—9th floor
7:30 AM: ISE® Private Networking Breakfast
Location: Grant Park Foyer, The Summit—9th floor
8:00 AM: Fireside Chat
Location: Grant Park AB; Summit Chicago
The Fireside Chat is an engaging morning chat conducted by a past ISE® Luminary—who moderates the discussion—and the winners of this year’s ISE® Luminary Leadership Award, who will provide words of wisdom and lessons learned throughout their careers as cybersecurity professionals.
Moderator
Jim Routh
Chief Trust Officer
Saviynt
ISE® Luminary Leadership Award Winner 2016
Biography
Luminary Leadership Co-Winners 2018
Roland Cloutier
CVP, Chief Security Officer
ADP
ISE® Northeast Executive Award Winner 2012
ISE® Northeast People's Choice Award Winner 2012
ISE® North America Commercial Executive Award Winner 2012
ISE® North America Executive Award Winner 2014 - Financial Category
ISE® Luminary Leadership Award Co-Winner 2018
Biography
T.E.N. Success Story
Gene “Spaf” Spafford
Professor of Computer Sciences and Executive Director Emeritus of CERIAS
Purdue University
ISE® Luminary Leadership Award Co-Winner 2018
Biography
8:50 AM: Information Security Executive® Deep Dive Panel
Location: Grant Park AB; Summit Chicago
An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Todd Fitzgerald
Managing Director/CISO
CISO Spotlight, LLC
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
2015-2019 ISE® North America MC
Security Author
Biography
Panelists
Marc Crudgington
CEO, vCISO, Founder, Author
CyberFore Systems Corp.
ISE® Central Executive Award Finalist 2019
ISE® North America Executive: Financial Award Winner 2019
Biography
Steve Kozman
Chief Information Security Officer
Athene Annuity-Life Assurance
ISE® Northeast People's Choice Award Winner 2018
Chuck Markarian
CISO
PACCAR
ISE® West Executive of the Year Award Winner 2018
ISE® West People's Choice Award Winner 2018
Biography
Chris Ray
CISO
TriNet
ISE® Southeast Executive Award Winner 2011
T.E.N. Success Story
Alden Sutherland
Chief Information Security Officer
AmerisourceBergen
ISE® Northeast Executive Award Finalist 2018
Biography
10:00 AM: Break
10:20 AM: ISE® Nominee Showcase Presentation #4
Location: Grant Park AB; Summit Chicago
Crafting A Cyber Strong Behavior Program Through Behavioral Response
Tess McCarthy
Employee Resilience Strategist
MassMutual
Biography
MassMutual’s Cyber Security Awareness program enabled the company to establish a Cyber Strong culture through the implementation of a data driven behavioral recognition and repercussion program. The program established a menu of highly visible solutions that could be deployed to recognize positive employee behaviors reported by peers or identified through technical monitoring capabilities. Phishing resilience as well as malware and data loss monitoring capabilities were utilized to assess negative employee and contractor behaviors. Associates who were found to exhibit behaviors that put the company at risk, such as clicking on malicious links, were addressed using pre-defined design patterns in collaboration with Human Resources. Join our conversation as MassMutual tells us about championing positive behaviors and addressing negative behaviors, which helped the company highlight the criticality of protecting the company’s valuable digital assets and enabled all associates to uphold the Cyber Strong culture.
10:40 AM: ISE® Nominee Showcase Presentation #5
Location: Grant Park AB; Summit Chicago
The CISO Sentinel: Security and Compliance Risk Management
Wes Knight
Chief Information Security Officer
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
ISE® Luminary Leadership Award Winner 2019
Biography
The Georgia Department of Revenue Office of Information Security is responsible for securing a threat and regulatory landscape that encompasses multiple Federal mandates and 3rd Party Information Service providers. The CISO Sentinel is a security and compliance risk management platform that captures operating efficiencies in management of the program. Using continuous monitoring and management, the platform enables greater control of cybersecurity risks by effectively managing the processes associated with obtaining, identifying, processing and aggregating key information. Significant elements of the project focused upon prioritizing the review of critical security alerts, automating governance processes, eliminating redundant silos, and streamlining compliance and management reporting. Join our discussion to learn how the Georgia Department of Revenue Office of Information Security shifted their security paradigm from traditional paper based assessment outputs to a dynamic, actionable cybersecurity program.