ISE® NORTH AMERICA PRIVATE WELCOME DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program
Kevin Gowen
Chief Information Security Officer
Synovus Financial Corporation
ISE® East Executive Award Winner 2022
Biography
Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.
November 13, 2019
10:00 AM-3:00 PM: Registration
Location: Streeterville Foyer, Lobby level of the Executive Tower
11:15 AM: ISE® North America Signature Luncheon*Invitation Only
Location: Streeterville, Lobby level of the Executive Tower
Sponsored by:
Don’t Just Stack, Integrate: Employing a Unified Cloud Security Platform
Eric Schmidt
Information Security Officer
Eskenazi Health
ISE® Midwest Executive Award Finalist 2005
Digital transformation has changed the way enterprises perform security. While processes become more agile and efficient, IT environments also become distributed, elastic, and hybrid. These changes make it difficult for security professionals to defend against opportunistic hackers who take advantage of security gaps. Additionally, mobilization, cloud integration, and virtualization have each contributed to a vanishing security perimeter as well as a lack of visibility with these new IT environments. It can be tempting for enterprises to stack heterogenous tools on top of each other to perform quick security fixes, but doing so ultimately lacks true security integration, leading to further vulnerabilities and work efficiency problems. Instead, enterprises should employ solutions that can orchestrate natively and organically with hybrid IT environments without adding complications or slowing down DevOps’ development and delivery. Join our conversation as we discuss how a unified cloud platform centered around security and compliance can contribute to greater prevention, detection, and response against today’s most dangerous cyber threats.
12:50 PM: Welcoming Remarks and Introductions
Location: Avenue West Ballroom, Lobby level of the Executive Tower
Marci McCarthy
CEO and President
T.E.N.
Biography
T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® North America Leadership Summit and Awards 2019.
1:00 PM: Keynote Address
Location: Avenue West Ballroom, Lobby level of the Executive Tower
The Business of the CISO: Seven Factors We Must Get Right to Succeed
Todd Fitzgerald
Managing Director/CISO
CISO Spotlight, LLC
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
2015-2019 ISE® North America MC
Security Author
Biography
Todd Fitzgerald, CISO and Cybersecurity Leadership Author of “CISO COMPASS,” will be presenting the opening Keynote Presentation. One signed copy of his book will be available to win at this year’s Awards Gala! Purchase a copy of your own: https://www.amazon.com/dp/B07LH3DRLR
1:35 PM: Interactive Executive Roundtables
Location: Avenue West Ballroom, Lobby level of the Executive Tower
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.
Creating a Secure Cloud Infrastructure
Ed Yousfi
Director, IT Security (CISO)
Gallagher Bassett Services
Biography
The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to supplement to meet their obligations as part of the shared responsibility model. Join our discussions to learn how a thorough understanding of your company’s cloud infrastructure, native cloud security capabilities, and the shared responsibility model security professionals in having a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.
Have You Prepared for Every Insider Threat… Even Those Who Leave?
Jason Belford
Chief Information Security Officer (CISO)
University of Virginia
ISE® Southeast Executive Award Runner-Up 2020
ISE® North America Executive: Academic/Public Sector Award Winner 2020
Biography
Employees are the first line of defense when it comes to cybersecurity threats attempting to infiltrate an enterprise—but they can also be a weakness or threat themselves. Sometimes, it’s a well-meaning but negligent mistake; someone clicks on an email link that’s part of a phishing campaign, and suddenly, a threat actor has infiltrated the network. Other times, an employee or contractor will act maliciously and knowingly use inside information to endanger an enterprise in some way. Enterprises also need to be wary of departing employees and deploy security procedures during the off-boarding process since they could be taking sensitive data with them. No matter the circumstance, enterprises are going to have insider threats, so it’s important to enlist the proper security controls against them before data leaves an organization. Join our discussion as we cover the various insider threats an enterprise can experience as well as how to gain visibility on those threats, mitigate their damage and prevent data from being taken, misused or lost.
Protecting Your Online Identities: The Case for Digital Security
Erik Decker
Chief Information Security & Privacy Officer
The University of Chicago Medicine
ISE® North America Executive: Academic/Public Sector Award Winner 2019
Biography
The use of smartphones, social media, e-commerce, and other online profiles is not abating any time soon, making digital security a necessary part of our lives. As we continue to expand our digital footprints and form online identities, it can be easy to become lax in our security efforts, especially as more and more profiles and apps become interconnected. By accessing one digital app or service, hackers are more likely to gain access to all of your accounts that either use the same username and password or are linked together. With employees also accessing personal accounts on company-owned devices or via company networks, organizations are wrestling with who is responsible and accountable for their digital security. The obvious choice is the CISO, but with digital security crossing many aspects of enterprise transactions and departments, it calls into question how far-reaching business leaders expect the CISO’s role to be. Join our conversation as we discuss how security executives can approach digital security to protect our identities, uniting with business leaders to establish clear-cut security strategies and responsibilities.
Where Cybersecurity Crisis Management Meets Law Enforcement
Kevin Gowen
Chief Information Security Officer
Synovus Financial Corporation
ISE® East Executive Award Winner 2022
Biography
The worst has happened. Your security team has found evidence of a network breach at your enterprise, and they have begun to investigate its severity. This is when your cybersecurity crisis management plan will come into play, if your enterprise has one. If it does not, this may be an incredibly painful experience for you, your security team, your business leaders and your consumers. If your enterprise has a plan but this is the first time its effectiveness is being tested, you may be just as bereft without one, with employees being slow to react or unclear about who to contact. Crisis management plans will be specific to a business, but having one that establishes an emergency incident response team, escalation process flowcharts and crisis communication templates can vastly help you manage an already high-stress situation. You may also want to involve law enforcement at some point during the investigation, both out of legal obligation but also if your enterprise has run afoul of ransomware that could damage its reputation. Local and federal law enforcement will have access to tools and information that your enterprise security team will not, so it will be important to establish a point of contact with law enforcement well before you ever have to reach out to them for help. Join our discussion as we debate the necessary parts of cybersecurity crisis management plans, the role law enforcement should play and how to gather information and contact the right people at the right time.
Effects and Predictions of the California Consumer Privacy Act (CCPA) & Nevada Privacy Law
Ricardo Lafosse
Chief Information Security Officer
The Kraft Heinz Company
ISE® Central Executive of the Year Award Winner 2019
ISE® North America Executive: Financial Award Finalist 2019
Biography
In the wake of the European Union’s GDPR regulations, data privacy and protection have been on the hearts and minds of business leaders, security professionals, government entities and consumers alike. The Unites States currently has no overarching, federal data privacy law, so state governments have taken the initiative, with California establishing the California Consumer Privacy Act (CCPA) and Nevada enacting Senate Bill 220 (SB 220). Both of these laws regulate the consumer data of their respective state’s citizenry, affecting both California and Nevada businesses as well as those who do business with them even in the other states. Despite being conceptualized first, the CCPA will not go into effect until January 1, 2020, but businesses across the U.S. have raced to meet the compliance standards of SB 220, which went into effect on October 1, 2019. Complicating the process is the fact that these two regulations are not exactly identical, applying different definitions to legal terms and requiring businesses to adhere to different policies. For instance, though both SB 220 and the CCPA give consumers the right to opt out of certain uses of their personal information, SB 220 does not require any website operators to provide a clear notice to consumers outside of their privacy policy—the CCPA requires a “Do Not Sell” button. Fortunately, there are no outright contradictions; businesses can safely adhere to both policies. However, as the U.S. begins to adopt more state-by-state regulations, businesses and security teams will need to remain vigilant if they wish to stay data compliant. Join our discussion as we explore the effects of the CCPA and SB 220 on privacy rights and consumer data and make predictions of what these bills will inspire for the future of data security in the U.S.
2:35 PM: Break
2:45 PM: Nominee Showcase Presentation #1
Location: Avenue West Ballroom, Lobby level of the Executive Tower
SecurIT First: A New Educational Awareness Program
Donna MattinglyProgram Manager - Corporate Security Education and Awareness
Mastercard
While security systems can be programmed to safeguard exactly what we need them to protect, we cannot program the human. Join our discussion to learn why Mastercard created the SecurIT First education awareness program and how it fosters a security mindset, encourages behaviors that reduces risk, and meets compliance requirements.
3:05 PM: ISE® North America Exabyte Sponsor Showcase Presentation
Location: Avenue West Ballroom, Lobby level of the Executive Tower
Bruce Thompson
Major Accounts Solution Architect
Qualys
3:25 PM: Women in Cyber Security Panel
Location: Avenue West Ballroom, Lobby level of the Executive Tower
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Kim Keever
CISO and Senior Vice President of Security, Analytics & Technology Services
Cox Communications
ISE® Southeast Executive Award Winner 2019
ISE® North America Executive: Commercial Award Winner 2019
Biography
Shelbi Rombout
Deputy Chief Information Security Officer
U.S. Bank
Biography
Yabing Wang
Deputy CISO
Carrier Corporation
Biography
3:00-8:00 PM: Registration
Location: Avenue Ballroom Foyer, Lobby level of the Executive Tower
4:10 PM: Nominee Showcase Presentation #2
Location: Avenue West Ballroom, Lobby level of the Executive Tower
Project Mars: Next-Gen CyberOps
Kumar Chandramoulie
Senior Director – Cyber Defense, Threat and Vulnerability Management
AmerisourceBergen
Biography
Not all threats are equal. At AmerisourceBergen, the Cyber Command Center required a better detection of post-compromise cyber adversary behavior. Unfortunately, persistent threats takes many forms, from nation-state sponsored activities to intellectual property theft, to financially motivated actions. Project Mars is a next generation, predictive, intel-driven cyber operation. Project Mars is developed by integrating Predictive Threat Intelligence, Forensics, Dark Web Crawling and Threat Hunting on our own Cyber Precog (SIEM) which ingests 1 Billion plus events a day from 45 data sources. Focusing on offensive Cybersecurity, we today ingest and analyze over 100 plus threat intelligence feeds, adopted MITRE Attack framework to hunt on our environment inclusive of threat actor TTP’s. Join our conversation to learn how AmerisourceBergen’s Project Mars supports in detecting Nation State attacks, Insider Threats, Malicious Activities and Fraud.
4:30 PM: Nominee Showcase Presentation #3
Location: Avenue West Ballroom, Lobby level of the Executive Tower
The Multi-Mission Cloud Platform
Brad Sanford
Chief Information Security Officer
Emory University
ISE® North America Healthcare Executive Award Winner 2011
ISE® Southeast Executive Award Finalist 2011
Biography
The Amazon Web Services at Emory (AWS at Emory) project was an effort to create a secure cloud computing environment to serve as Emory University’s preferred and recommended cloud service for faculty-led computational needs. The service provides access to Amazon’s cloud computing services, including computing, storage, database, etc. within an environment that incorporates enhanced security controls to help ensure the safety and security of each cloud workload. Join our discussion to learn about Emory’s multi-mission platform that can facilitate the advancement of science, education, and service across the University.
4:50 PM: Late Afternoon Break, Lobby level of the Executive Tower
5:00 PM: VIP Reception (invitation only)
Location: Streeterville, Lobby level of the Executive Tower
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM: Sponsor Pavilion and Dinner Buffet
Location: Avenue Ballroom Foyer, Lobby level of the Executive Tower
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2019, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:45 PM: ISE® North America Awards Gala
Location: Avenue East Ballroom, Lobby level of the Executive Tower
Todd Fitzgerald
Managing Director/CISO
CISO Spotlight, LLC
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
2015-2019 ISE® North America MC
Security Author
Biography
Dr. Kevin McKenzie
Former SVP of Information Technology & Enterprise CISO
Dollar Tree Inc., Family Dollar Inc.
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013
Biography
Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.
9:00 PM: Champagne and Dessert Reception
Location: Avenue East Ballroom, Lobby level of the Executive Tower
Enjoy champagne and dessert while celebrating the winners, nominees and project teams.
November 14, 2019
7:00 AM-10:00 AM: Registration
Location: Streeterville Foyer, Lobby level of the Executive Tower
7:30 AM: ISE® Private Networking Breakfast
Location: Streeterville Foyer, Lobby level of the Executive Tower
8:00 AM: ISE® Nominee Showcase Presentation #4
Location: Streeterville, Lobby level of the Executive Tower
Seamless & Secure: The Access Management Transformation
Todd Oxford
Sr. Director, Identity & Access Security
Equifax
Nishad Sankaranarayanan
Senior Director, IAM Solution Architecture
Equifax
Equifax made a commitment to transforming technology and security into industry-leading capabilities, investing an incremental $1.25 billion over three years. As part of the transformation, the Identity and Access Management team completed an ambitious project to create a centralized access management platform for seamless and secure authentication experiences for Equifax users globally. Over a 12-month period, the team built a centralized platform and implemented global solutions including upgrading MFA and migrating applications to a centralized SSO platform. Join our discussion as Equifax discusses their IAM transformation and share lessons learned from the project to drive a global conversation about a future with “no more passwords.”
8:20 AM: Fireside Chat
Location: Streeterville, Lobby level of the Executive Tower
The Fireside Chat is an engaging morning chat conducted by Marci McCarthy and the winner of this year’s ISE® Luminary Leadership Award, who will provide words of wisdom and lessons learned throughout his career as a cybersecurity professional.
Wes Knight
Chief Information Security Officer
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
ISE® Luminary Leadership Award Winner 2019
Biography
Marci McCarthy
CEO and President
T.E.N.
Biography
9:20 AM: ISE® Nominee Showcase Presentation #5
Location: Streeterville, Lobby level of the Executive Tower
Making Waves With CyberSplash
Matthew Markowitz
Sr. Analyst, Cybersecurity Awareness and Education
Comcast Corporation
Patrick McGranaghan
Senior Manager, Cybersecurity Awareness and Education
Comcast Corporation
Biography
CyberSplash is a cybersecurity education game that's transforming Comcast security at the employee level. The game provides fun, bite-sized, incentivized daily training to help employees better understand and remember cybersecurity concepts and practices. Employees can play on their company-issued computers and mobile devices. Each day, players face a new one-minute challenge. Correct answers earn badges, higher rankings on the leaderboard, and the opportunity to play for Splash Cash (in-game currency that can be redeemed for game enhancements). Join our discussion as Comcast shares how their CyberSplash project uses game elements to reward people for educating themselves and is revolutionizing Comcast's information security posture.
9:40 AM: Information Security Executive® Deep Dive Panel
Location: Streeterville, Lobby level of the Executive Tower
An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Marc Crudgington
CEO, vCISO, Founder, Author
CyberFore Systems Corp.
ISE® Central Executive Award Finalist 2019
ISE® North America Executive: Financial Award Winner 2019
Biography
Panelists
Tammy Klotz
Director of Information Security
Versum Materials
ISE® Northeast Executive Award Finalist 2019
ISE® North America Executive: Commercial Award Finalist 2019
Biography
Nicole Keaton Hart
Site Director & Group Product Manager, Security Product
Microsoft
Biography
Ricardo Lafosse
Chief Information Security Officer
The Kraft Heinz Company
ISE® Central Executive of the Year Award Winner 2019
ISE® North America Executive: Financial Award Finalist 2019
Biography
Bruce Thompson
Major Accounts Solution Architect
Qualys