ISE® NORTHEAST PRIVATE WELCOME DINNER
How Do You Keep Your Security Nerds Happy?
Bala Rajagopalan
Head of Information Security
BlueMountain Capital Management
One of the biggest line items on any security budget is people. While finding them is hard, keeping them can be even harder. What motivates security pros and entry-level analysts? How do you keep them from getting frustrated to the point of leaving? How can you recruit people that match the mission and culture in your security organization? Making sure your analysts have the tools they need and the ability to collaborate and learn from one another can go a long way towards keeping them happy. But that’s often easier said than done.
Join us for an evening of conversation as we discuss best practices for getting, growing and graduating security talent in your organization.
October 3, 2018
11:00 AM - 3:00 PM: Registration
Location: Ambassador Foyer – 2nd Floor
11:15 AM: ISE® Signature Luncheon *Invitation Only
Location: Ambassador 2, 2nd floor
Sponsored by:
No Phishing Allowed: Eliminating Email Cyber Attacks Through
Enforcement & Authentication
Pietr Lindahl
Sr. Director, Cyber Strategy, Architecture, Engineering, & Integration
Philips
Biography
Email fraud through phishing continue to be the biggest attack vector contributing to over 90 percent of cyber-attacks, by which hackers infiltrate corporate networks. But It’s not enough to create an anti-phishing training program: there are technical solutions, such as DMARC-based email authentication, that can help mitigate the email fraud threat. But only a tiny percentage of domain owners are taking advantage. Despite widespread support for email authentication by big email providers, many domain owners have been slow to adopt. Another key issue slowing the adoption of email authentication is the perceived difficulty and complexity of implementing DMARC. Valimail has found that among the top million domains, 96.4% still have not published DMARC records — despite the fact that the overwhelming majority of email inboxes support it. Organizations are missing out on a valuable, accessible solution for protecting themselves against email fraud and phishing attacks. This is known as the “DMARC adoption gap”. Join the conversation as we discuss how you can improve your organization’s email security through implementation of DMARC and email authentication standards.
12:50 PM: Welcoming Remarks and Introductions
Location: Ambassador 3, 2nd Floor
Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography
T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® Northeast Executive Forum and Awards 2018.
1:00 PM: Keynote Address
Location: Ambassador 3, 2nd Floor
Top Three, Top-of-Mind Cybersecurity Challenges: What Keeps Me Up at Night?
Brian DiPietro
Managing Director, CISO
MUFG
ISE® Northeast Executive of the Year Award Winner 2017
Biography
The Information Security industry started out working with small techie teams and with technology as simple as antivirus software and firewalls that succeeded in thwarting adversary attacks. But within the past 10-15 years, the industry has evolved rapidly and become much more complex. Today we must deal with advanced threat actors, maturing software, and rapidly expanding, global organizations, not to mention the factors that involve training and educating employees and acquiring potential new talent. Join our conversation as Brian discusses his three top concerns for cybersecurity—the human element, the war for talent, and the challenges of cybersecurity in large, global organizations—and how we can address them to maintain a strong, top-notch cybersecurity environment.
1:35 PM: Interactive Executive Roundtables
Location: Ambassador 3, 2nd Floor
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.
Gone Phishing: Securing the Enterprise from Social Engineering Email Attacks
Sponsored by:
James Morris
SVP, Corporate Center Group, Information Security Officer
Citi
Biography
The tried and true digital medium of communication, email, is rooted in sharing personal and professional data, and continues to be a favorite target for cyber-criminals because the internet offers a virtual treasure trove of readily accessible information. The very nature of how information is shared through email on both a casual and professional basis in the modern age goes against many longstanding core information security principals. That is why phishing, one of the oldest social engineering attacks in the book, continues to succeed. Though it is an incredibly well-known technique, businesses of all shapes and sizes are still targets of successful phishing attacks. It is critical for security teams to learn how they can keep up to date on these attacks and secure their workplace from email phishing. What else needs to be done to ensure the enterprise at large is aware of the dangers and pitfalls of these threats?
The Increasing Impact of Insider Threats
Gehan Dabare
Managing Director
MUFG
Biography
Insider threats continue to be one of the top cyber security threats and have proven that they are a force to be reckoned with. According to a 2017 Insider Threat Report, 53% of companies estimate remediation costs of $100,000 and more, with 12% estimating a cost of more than $1 million. The same report suggests that 74% of companies feel that they are vulnerable to insider threats, with 7% reporting extreme vulnerability. Every company will face an insider-related breach sooner or later regardless of whether it will be caused by a malicious action or an honest mistake. As costs related to insider threats continue to grow, what can Information Security Executives and their security teams do to combat this all too familiar foe?
Evolving the SOC through Security Orchestration
Denise Hucke
Executive Director
JP Morgan Chase & Co.
Biography
Security teams not only face an ever-expanding threat landscape, but they also contend with a variety of operational challenges. Proliferation of disparate security tools. Staffing shortages. Lack of documented, repeatable processes. The result is that nearly half of daily security alerts go uninvestigated. Security orchestration platforms can act as the catalyst for significant improvement in day-to-day security operations and in creating internal consistency between NOCs and SOCs. Because of the centralized approach and consolidated view security orchestration solutions deliver, security teams are enabled to become more efficient and effective while using fewer interfaces, improving reporting and executing highly consistent, repeatable processes.
Outsourcing Cybercrime: Combatting Ransomware as a Service
James Quadarella
Managing Director, Head of Cybersecurity Operating Office
MUFG Union Bank N.A.
ISE® Northeast Executive Award Finalist 2018
Biography
Ransomware is certainly nothing new in the cybersecurity business, with the first instances having appeared more than a decade ago. However, this old threat has undergone some deadly changes over the last few years. The rise of the Ransomware as a Service (RaaS) distribution model gives would-be cybercriminals the means to launch a cyber-extortion business with virtually no technical expertise required, flooding the market with new ransomware strains in the process. 2017 saw an influx of potent and damaging RaaS attacks like Petya and WannaCry, both of which showed the attack model’s devastating potential to spread quickly and cause serious damage. As the use of RaaS continues to grow, Information Security executives and their security teams need to take new precautions in order to combat this new form of a familiar threat.
Turning the Tables with Deception-Based Security
Stacey Halota
Vice President, Information Security and Privacy
CyberVista | Graham Holdings
ISE® Mid-Atlantic Commercial Executive Award Winner 2009
Biography
In recent years, deception-based security has become one of the most talked about and prominent information security solutions on the market. Having evolved far beyond the humble honey pot origins of yore, modern deception technology can be deployed in a number of ways across the enterprise. From larger scale network models to deception solutions focused on endpoints, applications, and data, there now exist a plethora of ways that companies can shape deceptive security solutions to fit their needs. As attackers continue to become more aggressive and deceptive in their methods of attack, it’s imperative that security teams are able to also make the best use of deception to combat against them. If deception can be used to attack, it can also be used as a means of defense.
2:35 PM: Afternoon Break
3:00 PM - 8:00 PM: Registration
Location: New York Atrium — 9th floor
2:45 PM: ISE® Northeast Nominee Showcase Presentation #1
Location: Ambassador 3, 2nd Floor
Rebuilding Identity Access Management for the 21st Century
Medha Bhalodkar
CISO, Enterprise IT Risk Officer
Columbia University
ISE® North America Executive Award Winner 2015 - Academic/Public Sector Category
ISE® North America Executive Award Winner 2016 - Academic/Public Sector Category
ISE® Northeast Executive Award Finalist 2018
Biography
Chuck Eigen
Security & Identity Management Program Director
Columbia University
Biography
Columbia University has been around for 264 years, and as such, IAM evolved with the times as needed. Their IAM included Open LDAP, 880,000 users in Kerberos for authentication, 28 Active Directories at schools, and Lenel physical access system across campus, all operating in silos, which made it difficult to ensure secure, synchronized IAM across the university. In the last 18 months, Columbia University’s security team re-built an incredible, secured Enterprise Active Directory (EAD) consolidating individual ADs with unified authentication, added MFA, implemented web applications SSO, provided group management, supported Shibboleth (SAML) for industry SSO, linked IAM to physical access management system Lenel, and achieved InCommon “SIRTFI” ID flag status. Join our conversation to learn how Columbia University combined multiple IAM projects, for addressing their organization-wide needs for IAM while maintaining trust and confidence across the university.
3:05 PM: ISE® Northeast Exabyte Sponsor Showcase Presentation
Location: Ambassador 3, 2nd Floor
Stopping Email Phishing and Impersonation
Tim Leow
Director of Sales
Valimail
3:25 PM: Information Security Executive® Deep Dive Panel
Location: Ambassador 3, 2nd Floor
An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Lou Saviano
Vice President, Global Information Technology Services
Skillsoft Corporation
ISE® Northeast People's Choice Award Winner 2015
Biography
Panelists
Frank Aiello
SVP, Chief Information Security Officer
MAXIMUS
ISE® Northeast People's Choice Award Winner 2016
ISE® Northeast Executive Award Finalist 2016
Biography
Tim Leow
Director of Sales
Valimail
Tomás Maldonado
Chief Information Security Officer
NFL
Mike Towers
Former Chief Digital Trust Officer
Takeda Pharmaceuticals
ISE® Northeast Executive of the Year Award Winner 2015
ISE® North America Executive: Health Care Award Winner 2015
ISE® Northeast Executive Award Winner 2020
ISE® North America Executive: Health Care Award Winner 2020
Biography
4:10 PM: ISE® Northeast Nominee Showcase Presentation #2
Location: Ambassador 3, 2nd Floor
Crafting A Cyber Strong Behavior Program Through Behavioral Response
Tess McCarthy
Employee Resilience Strategist
MassMutual
Biography
MassMutual’s Cyber Security Awareness program enabled the company to establish a Cyber Strong culture through the implementation of a data driven behavioral recognition and repercussion program. The program established a menu of highly visible solutions that could be deployed to recognize positive employee behaviors reported by peers or identified through technical monitoring capabilities. Phishing resilience as well as malware and data loss monitoring capabilities were utilized to assess negative employee and contractor behaviors. Associates who were found to exhibit behaviors that put the company at risk, such as clicking on malicious links, were addressed using pre-defined design patterns in collaboration with Human Resources. Join our conversation as MassMutual tells us about championing positive behaviors and addressing negative behaviors, which helped the company highlight the criticality of protecting the company’s valuable digital assets and enabled all associates to uphold the Cyber Strong culture.
4:30 PM: ISE® Northeast Nominee Showcase Presentation #3
Location: Ambassador 3, 2nd Floor
Rapid Response with the Early Vulnerability Detection System
Niraj Patel
Manager Enterprise Security Architecture
Horizon BCBSNJ
Biography
In cyber security, the earlier vulnerabilities are detected, the less costly they are to remediate. Our Early Vulnerability Detection System (EVDS) identifies vulnerabilities throughout a project lifecycle and facilitates development of multiple levels of defense within our applications. EVDS is a combination of people, process and technology that fully adjusts to the polymorphic nature of current technology solutions. Security recommendations are delivered via the basic elements of a standard project: business requirements, architecture design and test cases. Join our discussion to learn how Horizon Blue Cross Blue Shield of New Jersey’s EVDS is staying ahead of the curve.
4:50 PM: Late Afternoon Break
5:00 PM: VIP Reception (invitation only)
Location: Ambassador 2 - 2nd Floor
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM: Sponsor Pavilion and Dinner Buffet
Location: New York Atrium—9th floor
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2018, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:30 PM: Sponsor Tear Down
Location: New York Atrium—9th floor
7:45 PM: ISE® Northeast Awards Gala
Location: Majestic Ballroom- 5th floor
Honoring and celebrating the ISE® Northeast Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.
Vikrant Arora
Chief Information Security Officer
Hospital for Special Surgery
ISE® North America Executive Award Finalist 2014 - Health Care Category
ISE® Northeast Executive of the Year Award Winner 2016
ISE® North America Executive Award Winner 2016 - Health Care Category
Biography
9:00 PM: Champagne and Dessert Reception
Location: Majestic Ballroom- 5th floor
Enjoy champagne and dessert while celebrating the winners, nominees and project teams.