ISE® Southeast Schedule of Events 2016

March 14, 2016

ISE® SOUTHEAST PRIVATE WELCOME DINNER
Why Traditional Security Approaches Fail in Agile Infrastructure: And What to Do About It

March 14, 2016
5:30pm - 8:30pm
Ruth’s Chris Steakhouse(Centennial Olympic Park)
267 Marietta St
Atlanta, GA 30313
Registration
Joshua Sorenson

Joshua Sorenson
Lead Security Advisor – Strategy
Delta Air Lines
Biography

Enterprises continue to invest heavily in virtualized and cloud-based infrastructures. The era of elastic IT resources is here and it’s automated, on-demand and self-provisioning. This movement has not been so easy for some as more traditional security tools don’t always function as intended in cloud computing models. Security and compliance teams are learning that force fitting old security approaches can result in increased threats, lots of manual effort and delays in responding to the business. What’s needed is a new approach that allows businesses the freedom to take full advantage of agile infrastructure, while at the same time delivering comprehensive protection of critical assets. Join our conversation to learn how to deliver a more agile, efficient and effective security strategy that will enable your enterprise to fully capitalize on the many benefits of dynamic infrastructure.

March 15, 2016

11am - 3pm: Registration

Location: Foyer of Chastain 1&2, Sixth Floor

3pm - 8pm: Registration

Location: 200 Peachtree Foyer

11:30 AM : ISE® Signature Luncheon *Invitation Only

Location: Chastain F, Sixth Floor
invincea
Russell Eubanks

Russell Eubanks
VP and CISO
Federal Reserve Bank of ATL
Biography

Measuring Your Security Effectiveness: Using Adversary Playbooks to Harden Cyber-Defenses
As major data breaches continue to make headlines, they are in turn causing unprecedented spending in cybersecurity technologies and staffing. Lost in the mix of new technologies, approaches, and remarkably similar marketing is the engineering, science, and art in designing an enterprise security architecture that can withstand attacks from advanced adversaries. To design an effective security architecture, you must first model your adversary and their tactics. Previous attempts have been useful at a fairly abstract level, but seemingly no one has developed adversarial playbooks that can be tested against defensive playbooks. Join our conversation to learn how you can develop a clear understanding of the protection and gaps of your security architecture by modeling adversarial playbooks against your own defenses.

1:00 PM : Welcoming Remarks and Introductions

Location: Chastain 1&2, Sixth Floor
Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

1:05 PM : Keynote Address

Location: Chastain 1&2, Sixth Floor

Pete Chronis
SVP, Chief Information Security Officer
WarnerMedia

After Sony: Cybersecurity and Next Generation Media Companies
A year after Sony, how is the media landscape changing and how is cybersecurity evolving to keep pace with new threats? Join us to discuss what happened with the Sony breach, who cares if media companies gets hacked, how this hack has changed the media landscape, what’s changing and lessons learned for all industries

1:35 PM : Interactive Executive Roundtables

Location: Chastain 1&2, Sixth Floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.

HP
Tony Spurlin

Tony Spurlin
Vice President & Chief Security Officer
Windstream
ISE® North America People's Choice Award Winner 2005
ISE® Southeast Executive Award Finalist 2018

Biography

Protecting Data - the Hacker’s Target

Breaches (i.e., Anthem, JPMC, Target…) invariably involve data loss. Protection of data can be done at the storage, database or application level and can involve encryption, masking or tokenization. The many options for data security offer a variety of security advantages, but they each have their own flaws to be considered. These include issues like malicious insiders abusing encryption keys, malware based bypasses, and overall costs. Join our conversation to learn what kinds of secure data solutions are best for your business requirements, why and when to use each solution and how you can combine solutions to minimize risk.

invincea
Carlos Batista

Carlos Batista
Group Vice President, Security Operations & Intelligence
SunTrust Banks
Biography

The war on APTs: Will We Ever Win?

Advanced persistent threats continue making regular headlines. Breaches result in massive costs, reputational damage, and loss of intellectual property -- crippling careers and organizations. An onslaught of new tools to combat APTs has entered the market, but advanced threats still remain a significant risk for most businesses. An ISACA APT Awareness study in August 2015 revealed that 94% of respondents were at least somewhat familiar with APTs. Meanwhile, the T.E.N. and IDC Salary Survey Report indicates that 12% of security executives believe they could lose their jobs in the case of a significant data breach. This fear leaves many wondering – will we ever win? Join our discussion to learn how your peers are innovating to combat APTs and share your own strategies for getting ahead in the ever-evolving threat landscape.

Dave Summitt
Chief Information Security Officer
H. Lee Moffitt Cancer Center & Research Institute
ISE® Southeast People's Choice Award Winner 2017
Biography

Businesses Without Borders: International Information Exchange in a Cloud-based World

Cloud computing has allowed numerous organizations to share and collaborate with their peers with greater speed and flexibility. However, there are a number security concerns in this new world of businesses without borders. Topics like data security, privacy, access rights management and international security rules and regulations all serve as major hurdles that organizations across all verticals have to tackle in their own way. The notion of trust among cloud based enterprises and their partners is essential, but what else is needed to ensure that a cloud-based information sharing structure can succeed while remaining secure? Join our conversation to discuss security’s role in the new global marketplace and share strategies for security information in a cloud-based world.

No Longer Left to Their Own Devices: Hacking Concerns with the Internet of Things

Wayne Proctor

Wayne Proctor
VP, Information Security
WestRock Company
ISE® Southeast Executive Award Finalist 2005
Biography

For many, the term “Internet of Things” has been little more than a buzzword tossed around over the last few years. However, as more devices gain the ability to connect, communicate with, and remotely manage an incalculable number of networked, automated devices via the Internet, the IoT is finally becoming a reality. Whether it’s a number of automated network devices on a factory floor, a remotely managed series of equipment in a hospital, or even just a collection of highly interconnected devices in a residential home, the elements that make up the IoT are becoming more pervasive by the day, and with them come critical security concerns. Join this conversation to discuss major security concerns with the IoT like ubiquitous data collection, consumer data privacy, and new avenues of attack.

Help or Hindrance? Looking at the Benefits and Flaws of Encryption-based Security

Gene Scriven

Gene Scriven
Chief Information Security Officer
ACI Worldwide
ISE® Southeast People’s Choice Award Winner 2008
ISE® Southeast Executive Award Finalist 2008

Biography
T.E.N. Success Story

Encryption and cryptography can be very powerful security tools when used correctly, but like all security measures, they’re not a panacea. Teams must determine the strength of encryption, who holds the keys and at what level to encrypt (storage, database or application level?) The many options for encryption offer a variety of security advantages, but they each have their own flaws to be considered. These include issues like malicious insiders abusing encryption keys, malware based bypasses, and overall encryption costs. Join our conversation to learn what kinds of encryption and cryptography solutions are best for your organization and how you can combine those solutions with other security methodologies.

2:35 PM : Break

2:45 PM : Nominee Showcase Presentation #1

Location: Chastain 1&2, Sixth Floor
John Graham

John Graham
CISO
EBSCO Industries
ISE® Southeast Executive Award Finalist 2012
ISE® Southeast Executive Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Commercial Category

Streamlining Through Better Cybersecurity Controls
Jabil’s strategy is one of focusing cybersecurity controls where there is a specific business need. Their program has constructed, and maintains, a base level of controls globally, and then by building from these base level control solutions, processes, and people, they align a higher level of controls to address specific customer needs. The business effect of this position is strong, as in the past, the customer would raise an incident, stop manufacturing production, and lead a full scale forensic investigation to try and identify how / where data had leaked. This in turn aligns total cost of ownership, to the correct business division & specific business need. Jabil has seen solid success with their model in the past 24 months. Join our conversation to learn how this strategy has allowed Jabil to effectively reduce the time of potential interrupts to minutes vs. what was many hours & days of effort.

3:00 PM : Nominee Showcase Presentation #2

Location: Chastain 1&2, Sixth Floor
Haddon Bennett

Haddon Bennett
Chief Information Security Officer
Inspire Brands

The TITAN in the Arena
Healthcare data is quickly becoming one of the most lucrative targets for cybercriminals. Protecting that data is paramount to Change Healthcare’s ongoing success in the financial and administrative healthcare industry. The TITAN Project has allowed Change Healthcare to utilize threat intelligence and distribute threat indicators quickly to 15 different information security technologies. TITAN’s ROI includes the cost savings of not having to hire 4+ FTE’s to manually apply this threat intelligence data to these various tools. TITAN has improved operations tremendously by allowing the team to analyze security incidents and events reported by a wide variety of sources, and report new threat vectors from seemingly isolated incidents.

3:30 PM: CISO Deep Dive: Executive Leadership

Location: Chastain 1&2, Sixth Floor

An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Pete Lindstrom

Pete Lindstrom
VP, Security Strategies
IDC
Biography

Panelists

Kathie Miley

Kathie Miley
Executive Vice President of Worldwide Sales
Invincea
Biography

Kevin McKenzie

Dr. Kevin McKenzie
Former SVP of Information Technology & Enterprise CISO
Dollar Tree Inc., Family Dollar Inc.
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Biography

Kevin Morrison

Kevin Morrison
VP, Chief Information Security Officer
Driven Brands
ISE® Southeast People’s Choice Award Winner 2015
Biography

Tim Searcy

Tim Searcy
VP & Chief Information Security Officer
Protective Life
Biography

Michael Wilcox
Director of Global IT Security
Newell Rubbermaid
Biography

4:15 PM : Nominee Showcase Presentation #3

Location: Chastain 1&2, Sixth Floor
Jennifer Graham

Jennifer Graham
SVP, Technology Risk & Compliance, Business Continuity & Recovery Strategies
SunTrust Banks
Biography

Taking Business Continuity to the Next Level
Suntrust’s DR Next Project set out to support a 5 year Business Continuity Program by heightening recovery preparedness and operational excellence through broader testing, infrastructure flexibility, and administration optimization. DR Next key elements, including end-to-end transactional testing capabilities, consolidation of standards, application level recovery, and extended accessibility to DR environments were delivered. The project also addressed the remaining MRA concerns around broader testing capabilities and maturing of these capabilities as well as solicit input across the enterprise including business, delivery managers, and operational owners to develop a common and holistic testing strategy. Learn how this multi-year program has elevated the level of preparedness and risk management for the organization while supporting and managing long term operational excellence.

4:30 PM : Nominee Showcase Presentation #4

Location: Chastain 1&2, Sixth Floor
Tony Spurlin

Tony Spurlin
Vice President & Chief Security Officer
Windstream
ISE® North America People's Choice Award Winner 2005
ISE® Southeast Executive Award Finalist 2018

Biography

Combatting Web-Based Vulnerabilities the Rugged Way
Cox Automotive has hundreds of sophisticated, internet facing applications managed by multiple software development teams who continually add new and enhanced features to improve the quality and efficiency of the customer experience. As developers build new capabilities into applications to make them easier to use and more feature-rich for customers, they also risk introducing weaknesses that could be exploited. To combat this issue, Cox Automotive implemented a comprehensive application security program, integrating cloud-based static application security testing and in-house dynamic application security testing with its agile software development lifecycle (SDLC). As a result, Cox Automotive reduced application security vulnerabilities by 20% in the first year while cutting the amount of application rework by 60% to accelerate more secure solutions into production. This also enabled the company to strengthen its competitive advantage and lower costs.

4:45 PM: Late Afternoon Break

5:00 PM : VIP Reception (invitation only)

Location: The Overlook, Sixth Floor

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM : Sponsor Pavilion and Dinner Buffet

Location: 200 Peachtree Legends Loft – attached to Westin 7th Level

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the Award Nominees for 2016, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM : Sponsor Tear Down

Location: 200 Peachtree Legends Loft - attached to Westin 7th Level

7:45 PM : ISE® Southeast Awards Gala

Location: 200 Peachtree Grand Atrium

Honoring and celebrating the ISE® Southeast Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.

9:00 PM : Champagne & Dessert Reception

Location: 200 Peachtree Grand Atrium Balcony

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.