ISE® NORTHEAST PRIVATE WELCOME DINNER
Which of the Status Quos in Security Needs to Be Broken?
Brian Miller
Chief Information Security Officer
Healthfirst
Cybersecurity did not always have a status quo. IT professionals merely created best practices and shared them with the best of intentions. Because these practices and procedures worked at the time, we’ve been clinging to them ever since, even though they often create operational roadblocks and headaches and don’t always keep businesses safe. Why are common procedures and old beliefs about security lingering even though they are clearly outdated or outright wrong to continue? Join our conversation as we discuss security practices involving business, organization, operations, technology, and marketing, answering the questions of why certain activities persist despite being past their due date and how we can overcome the status quo.
October 3, 2019
11:00 AM - 3:00 PM: Registration
Location: Majestic Foyer—5th floor
11:15 AM: ISE® Signature Luncheon *Invitation Only
Location: Majestic 2—5th floor
Sponsored by:
Don’t Just Stack, Integrate: Employing a Unified Cloud Security Platform
Carl Burgess
SVP, GISO Branded Cards & CRS
Citigroup Inc.
Biography
Digital transformation has changed the way enterprises perform security. While processes become more agile and efficient, IT environments also become distributed, elastic, and hybrid. These changes make it difficult for security professionals to defend against opportunistic hackers who take advantage of security gaps. Additionally, mobilization, cloud integration, and virtualization have each contributed to a vanishing security perimeter as well as a lack of visibility with these new IT environments. It can be tempting for enterprises to stack heterogenous tools on top of each other to perform quick security fixes, but doing so ultimately lacks true security integration, leading to further vulnerabilities and work efficiency problems. Instead, enterprises should employ solutions that can orchestrate natively and organically with hybrid IT environments without adding complications or slowing down DevOps’ development and delivery. Join our conversation as we discuss how a unified cloud platform centered around security and compliance can contribute to greater prevention, detection, and response against today’s most dangerous cyber threats.
12:50 PM: Welcoming Remarks and Introductions
Location: Majestic 1—5th floor
Marci McCarthy
CEO and President
T.E.N.
Biography
T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® Northeast Executive Forum and Awards 2019.
1:00 PM: Keynote Address
Location: Majestic 1—5th floor
At the Intersection of Security and Privacy
Noopur Davis
EVP, Chief Product and Information Security Officer
Comcast Corporation
ISE® Northeast Executive of the Year Award Winner 2018
Biography
With a renewed focus on privacy, both by consumers and by legislatures around the world, there are significant impacts on first-party data governance. This in turn impacts how we collect, analyze, store and use data. Join our discussion as Noopur explores the foundational support that cybersecurity provides for the emerging privacy platforms.
1:35 PM: Interactive Executive Roundtables
Location: Majestic 1—5th floor
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.
Creating a Secure Cloud Infrastructure
Mark Leary
Global Chief Information Security Officer
Regeneron Pharmaceuticals
ISE® Southeast Executive Award Winner 2010
ISE® Northeast Executive Award Winner 2019
ISE® North America Executive: Health Care Award Winner 2019
Biography
The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to supplement to meet their obligations as part of the shared responsibility model. Join our discussions to learn how a thorough understanding of your company’s cloud infrastructure, native cloud security capabilities, and the shared responsibility model gives security professionals a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.
Creating a Dynamic and Actionable Information Security Plan
Saffet Ozdemir
VP of Information Security
AARP
Biography
Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.
Data Loss Prevention in an Age Without Borders
Mark Coderre
Vice President, Deputy CISO
Hanover Insurance Group
ISE® Northeast Executive Award Finalist 2009
Biography
The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.
Protecting Your Online Identities: The Case for Digital Security
Amanda Fennell
CSO & CIO
Relativity
ISE® Central People's Choice Award Winner 2019
ISE® North America People's Choice Award Winner 2019
ISE® Central People's Choice Award Winner 2020
ISE® Central Executive Award Finalist 2020
ISE® North America Executive: Commercial Award Finalist 2020
Biography
The use of smartphones, social media, e-commerce, and other online profiles is not abating any time soon, making digital security a necessary part of our lives. As we continue to expand our digital footprints and form online identities, it can be easy to become lax in our security efforts, especially as more and more profiles and apps become interconnected. By accessing one digital app or service, hackers are more likely to gain access to all of your accounts that either use the same username and password or are linked together. With employees also accessing personal accounts on company-owned devices or via company networks, organizations are wrestling with who is responsible and accountable for their digital security. The obvious choice is the CISO, but with digital security crossing many aspects of enterprise transactions and departments, it calls into question how far-reaching business leaders expect the CISO’s role to be. Join our conversation as we discuss how security executives can approach digital security to protect our identities, uniting with business leaders to establish clear-cut security strategies and responsibilities.
2:35 PM: Afternoon Break
3:00 PM - 8:00 PM: Registration
Location: New York Atrium Foyer—9th floor
2:45 PM: ISE® Northeast Nominee Showcase Presentation #1
Location: Majestic 1—5th floor
Making Waves With CyberSplash
Matthew Markowitz
Sr. Analyst, Cybersecurity Awareness and Education
Comcast Corporation
Patrick McGranaghan
Senior Manager, Cybersecurity Awareness and Education
Comcast Corporation
Biography
CyberSplash is a cybersecurity education game that's transforming Comcast security at the employee level. The game provides fun, bite-sized, incentivized daily training to help employees better understand and remember cybersecurity concepts and practices. Employees can play on their company-issued computers and mobile devices. Each day, players face a new one-minute challenge. Correct answers earn badges, higher rankings on the leaderboard, and the opportunity to play for Splash Cash (in-game currency that can be redeemed for game enhancements). Join our discussion as Comcast shares how their CyberSplash project uses game elements to reward people for educating themselves and is revolutionizing Comcast's information security posture.
3:05 PM: ISE® Northeast Exabyte Sponsor Showcase Presentation
Location: Majestic 1—5th floor
Our Visibility Just Got Cloudy
Adam Gueli
Regional Sales Manager
Qualys
3:25 PM: Information Security Executive® Deep Dive Panel
Location: Majestic 1—5th floor
An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Renee Guttmann
CISO
Campbell Soup Company
Biography
Panelist
Steve Bartolotta
Vice President and CISO
Community Health Network of CT
ISE® Northeast Executive Award Finalist 2019
Biography
Paul de Graaff
Senior Director, Identity & Directory Services
Weight Watchers International
Stuart Hancock
VP, Field Operations
Qualys
Tammy Klotz
Director of Information Security
Versum Materials
ISE® Northeast Executive Award Finalist 2019
ISE® North America Executive: Commercial Award Finalist 2019
Biography
4:10 PM: ISE® Northeast Nominee Showcase Presentation #2
Location: Majestic 1—5th floor
Secure by Design: Transforming DevSecOps Culture
Owen Buckingham
Director, Application Security Architecture
ADP
Biography
The Secure by Design program was developed to help transform ADP’s Dev/Sec/Ops culture—and it succeeded. The project enabled the team to develop/promote common architecture patterns and shared services the whole company can leverage; and develop a reusable, consistent threat modeling practice that is centrally shared across the whole company while providing ongoing real time measurements as new threats evolve. This project improved ADP’s security posture by distributing architects to deliver “in organization” security through a distributed governance process, essentially self-enabling the organizations to be accountable for security. Join our discussion as ADP tells us more about the Secure by Design Project’s success and how it takes a business centric approach to providing global cyber security requirements aligned with enterprise technology standards through a distributed model.
4:30 PM: ISE® Northeast Nominee Showcase Presentation #3
Location: Majestic 1—5th floor
The Omniscient Eye of Secure Data Protection
Arvin Bansal
Senior Director, Cyber, Governance and Risk
AmerisourceBergen
Biography
While cloud computing has allowed businesses to be more flexible and agile, data protection has been the biggest challenge. Especially for AmerisourceBergen (ABC) that houses confidential and, in some cases, intimate data like health information, any unauthorized disclosure could not only have financial impacts, but more importantly, have undesired life-altering impact to patients. Join our discussion as AmerisourceBergen share their one-of-a-kind Omniscient Eye project that discovers and classifies 2 million protected documents of ABCs confidential data, provides visibility to the 3TB of cloud data including 3,000 cloud services, and ensures protection to 8 billion PHI records through data masking and encryption solutions.
4:50 PM: Late Afternoon Break
5:00 PM: VIP Reception (invitation only)
Location: Plymouth - 9th Floor
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM: Sponsor Pavilion and Dinner Buffet
Location: New York Atrium - 9th Floor
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2019, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:30 PM: Sponsor Tear Down
Location: New York Atrium - 9th Floor
7:45 PM: ISE® Northeast Awards Gala
Location: Majestic Ballroom- 5th floor
Honoring and celebrating the ISE® Northeast Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.
Stacey Halota
Vice President, Information Security and Privacy
CyberVista | Graham Holdings
ISE® Mid-Atlantic Commercial Executive Award Winner 2009
Biography
Kirsten Davies
Chief Information Security Officer
Unilever
Biography
9:00 PM: Champagne and Dessert Reception
Location: Majestic Ballroom- 5th floor
Enjoy champagne and dessert while celebrating the winners, nominees and project teams.