ISE® Southeast Schedule of Events 2019

Tuesday, February 5, 2019

ISE® SOUTHEAST PRIVATE WELCOME DINNER
The World of Internet-scale Threats

February 5, 2019
5:30pm - 8:30pm
Morton’s The Steakhouse
303 Peachtree Center Avenue
Atlanta, GA 30308
Registration

ISE® Guest Host:

Kevin Gowen

Kevin Gowen
Chief Information Security Officer
Synovus
Biography

NETSCOUT Executive Speaker:

McNerney_Mike

Mike McNerney
Senior Director, Product Management Threat
NETSCOUT

The complex threat landscape is moving rapidly, expanding its footprint and changing tactics on a global internet scale. Now, even countries are highly targeted by Distributed Denial of Service (DDoS) attack campaigns, which dramatically increased in attack size and scale from 2017 to 2018. Vertical industry targets are also expanding, with government agencies, ecommerce, and mail-order houses experiencing an increase in attacks. With so much at stake, threat intelligence is more important than ever. Join our conversation as we discuss the latest trends and activities from nation-state advanced persistent threat (APT) groups, crimeware operations, and DDoS attack campaigns.

Wednesday, February 6, 2019

11 AM - 3 PM: Registration

Location: Chastain Terrace, Sixth Floor

3 PM - 8 PM: Registration

Location: Augusta CC 4&5, Foyer-- attached to Westin 7th Level

11:15 AM: ISE® Signature Luncheon (Invitation Only)

Location: Chastain I/J, Sixth Floor

Fail to Plan, Plan to Fail: Securing IoT Environments

Dave Summitt
Chief Information Security Officer
H. Lee Moffitt Cancer Center & Research Institute
ISE® Southeast People's Choice Award Winner 2017
Biography

Many enterprises are concerned with the state of their network security given the rise of the internet of things (IoT). Forrester defines IoT as both the specific devices as well as the processes and functions from operational technology (OT) that interact with each other over networks involving monitoring, analytics, and control systems. The risk facing these interconnected technologies is high, and executives are scrambling to locate and integrate the right tools, resources, and processes that will eliminate vulnerabilities and protect the enterprise. Unfortunately, security teams struggle with IoT visibility, making it impossible for them to defend devices and technology that they cannot “see.” Further complicating this issue, IT and OT teams often have conflicting views about how to manage IoT-connected devices. Performing audits and meeting compliance requirements for these devices are good first steps, but there’s more that can be done, especially for devices that aren’t known. Join our conversation as we discuss how to best plan an IoT security strategy and how you can obtain total device knowledge to secure your network.

12:50 PM: Welcoming Remarks and Introductions

Location: Chastain 1&2, Sixth Floor
Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® Northeast Executive Forum and Awards 2019.

1:00 PM: Keynote Address

Location: Chastain 1&2, Sixth Floor

Building a Security Program in the Era of Digital Transformation

Bob Varnadoe

Bob Varnadoe
Chief Information Security Officer
NCR
ISE® Southeast Executive Award Finalist 2018
Biography

Building and maturing an information security program requires a lot of work. This effort becomes even greater when the focus of the business changes as well. Join our discussion on the approach to developing a program from inception to maturity along with some specific strategies for managing change and addressing the evolving scale of a digital first business.

1:35 PM: Interactive Executive Roundtables

Location: Chastain 1&2, Sixth Floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our leading ISE® Alumni.

Who or What Is Your Weakest Link?

James Edgar

James Edgar
Senior Vice President, Chief Information Security Officer
FleetCor
Biography

Is it possible to minimize risk exposure to the point where there is zero risk? Probably not, but it is possible to quantify your enterprise’s specific risks and hone in on vulnerable areas in your environment. The key is to employ continuous compliance, which ensures that only trusted systems, connections, and people have access to precious corporate data, thus improving your risk posture. As IT and OT systems especially become more decentralized and interconnected, they are also creating more risks for your enterprise, often in ways your security team is not aware of. To locate and resolve the weak links in your security program, it is crucial to add IT/OT device visibility to the equation to show how most threat vectors can be diffused by continuous monitoring and device compliance. Join our conversation as we discuss how savvy companies today are using continuous compliance to eliminate vulnerabilities as well as how IT/OT device visibility can positively impact enterprise risk posture.

Creating a Dynamic and Actionable Information Security Plan

Phani Dasari
VP, Global Third Party Risk Management
ADP
Biography

Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.

Creating a Secure Cloud Infrastructure

Vladimir Svidesskis
Information Security Director
Georgia Lottery Corporation

The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to more proactively protect. Join our discussions to learn how a thorough understanding of your company’s cloud capabilities and infrastructure aids security professionals in having a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.

Company Security Culture

Kevin Treanor
Staff Vice President, Security Technology Management
Anthem
Biography

As numerous data breaches have placed organizations’ brands and CEOs’ jobs on the line, security is gradually becoming a priority for C-suite executives and board members alike to integrate into company culture on every level. When your organization moves beyond simply discussing security to taking actionable steps, you’ll know cybersecurity has become a priority within your company. To make that transition from “talking” to “doing,” C-suite members are responsible for convincing board members to adopt cybersecurity as a top-down initiative. The more support C-suite leaders can garner from the board, the more likely they can receive the support and funding for resources and the development of a security program. In addition, having business leaders embody a culture of security with actions as well as rhetoric can have a positive impact on employees, who often receive the brunt of training initiatives, email alerts, and security tests in an organization. Join our discussions as we learn how leadership promoting the positives of security while eliminating apathy, division, and self-interest from the culture will help ensure security behaviors change throughout the company for the better.

Data Loss Prevention in an Age Without Borders

Steven Zimmerman

Steven Zimmerman
SVP, Technology Security Operations
First Tennessee Bank
ISE® Southeast Executive Award Finalist 2006

The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.

2:35 PM: Afternoon Break

2:45 PM: ISE® Southeast Nominee Showcase Presentation #1

Location: Chastain 1&2, Sixth Floor

Ducking an Identity Crisis with Real-Time Fraud Alerting

Matthew Harper

Matthew Harper
Director for Cyber Crime Prevention
Aflac
Biography

Criminals are attempting to take advantage of Aflac’s transition from a legacy serving model to a digital-first environment via Account Takeover (ATO) and other techniques. To protect Aflac policyholder data while enabling the digital transformation, Aflac leveraged in-place security technology (Splunk) and real-time channel/servicing data (call center, online, claims and client master) to create a flexible analytics platform that can flag suspicious activity in real time and alert business partners in fraud, claims operations and security to take corrective action. Join our discussion to learn how Aflac’s project delivered real-time visibility across all aspects of their core individual business units and ID validation infrastructure.

3:05 PM: ISE® Southeast Exabyte Sponsor Showcase Presentation

Location: Chastain 1&2, Sixth Floor

When Two Worlds Collide. Reducing Risk with IT/OT Convergence

Cullivan_Julie

Julie Cullivan
SVP, Chief Information Officer
ForeScout
Biography

Our Exabyte Sponsor will facilitate a 20 minute industry presentation around a top-of-mind security issue facing InfoSec executives today.

3:25 PM: Information Security Executive® Deep Dive Panel

Location: Chastain 1&2, Sixth Floor

An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Joe Bennett

Joe Bennett
VP & CISO
Hertz Corporation
Biography

Panelists

Cullivan_Julie

Julie Cullivan
SVP, Chief Information Officer
ForeScout
Biography

Craig  Froelich

Joey Johnson
CISO
Premise Health
ISE® Southeast Executive of the Year Award Winner 2017
ISE® North America Executive: Health Care Award Finalist 2017

Biography

Keever_Kim

Kim Keever
CISO and Senior Vice President of Security, Analytics & Technology Services
Cox Communications
Biography

Khalfan_shaun

Shaun Khalfan
VP, Information Security
Freddie Mac
Biography

Scobee_Michael

Michael Scobee
Cyber Security Director
Delta Air Lines
Biography

Nir Valtman

Nir Valtman
CISO
Kabbage
Biography

4:10 PM: ISE® Southeast Nominee Showcase Presentation #2

Location: Chastain 1&2, Sixth Floor

Project Phalanx: Shifting Left in Application Security

brooks_jeremy

Jeremy Brooks
Lead Information Security Engineer – Application Security
Aaron's
Biography

Ashley Lee

Ashley Lee
Manager, Software Engineering – Payments Solutions
Aaron's
Biography

The Application Security team at Aaron’s partnered with QA, Development, and Development Operations to create a platform that enables the seamless integration of application security into Aaron’s S-SDLC and development technologies. Join our discussion as Aaron’s tell us how their initiative focused on delivering faster feedback to the development teams by providing self-service processes and automation that drastically accelerate the discovery and remediation of application security defects.

4:30 PM: ISE® Southeast Nominee Showcase Presentation #3

Location: Chastain 1&2, Sixth Floor

Creating An Accessible Security Awareness Program

Shane Callahan

Shane Callahan
Director, Information Security, BCP/DR
Tractor Supply Company

Tractor Supply Company’s Risk and Compliance team, using several off-the-shelf and custom tools, found creative and innovative ways to measurably reduce risk in the Tractor Supply environment by elevating awareness and understanding. This includes professional level custom videos, phishing exercises, print and digital awareness campaigns, mandatory training and several other avenues of communication and testing. This program has shown results in reduced malicious email clicks, reduced malware and increased users reporting malicious activity. Join our discussion as we learn how creating an accessible security awareness program makes it relatable across the enterprise and increases success.

4:50 PM: Late Afternoon Break

5:00 PM: ISE® VIP Reception (Invitation Only)

Location: The Overlook, Sixth Floor

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM: Sponsor Pavilion and Dinner Buffet

Location: Augusta CC 4&5-- attached to Westin 7th Level

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the Award Nominees for 2019, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM: Sponsor Tear Down

Location: Augusta CC 4&5-- attached to Westin 7th Level

7:45 PM: ISE® Southeast Awards Gala

Location: 200 Building Whitehall Ballroom

Honoring and celebrating the ISE® Southeast Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.

Pete Chronis
SVP, Chief Information Security Officer
Turner Broadcasting
Biography

Kevin McKenzie

Kevin McKenzie
CISO & VP of Information Technology
Dollar Tree Stores
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Biography

9:00 PM: Champagne & Dessert Reception

Location: 200 Building Whitehall Ballroom

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.