Tuesday, February 5, 2019
ISE® SOUTHEAST PRIVATE WELCOME DINNER
The World of Internet-scale Threats
5:30pm - 8:30pm
Morton’s The Steakhouse
303 Peachtree Center Avenue
Atlanta, GA 30308
Registration
ISE® Guest Host:
Kevin Gowen
Chief Information Security Officer
Synovus Financial Corporation
ISE® East Executive Award Winner 2022
Biography
Mike McNerney
Senior Director, Product Management Threat
NETSCOUT
The complex threat landscape is moving rapidly, expanding its footprint and changing tactics on a global internet scale. Now, even countries are highly targeted by Distributed Denial of Service (DDoS) attack campaigns, which dramatically increased in attack size and scale from 2017 to 2018. Vertical industry targets are also expanding, with government agencies, ecommerce, and mail-order houses experiencing an increase in attacks. With so much at stake, threat intelligence is more important than ever. Join our conversation as we discuss the latest trends and activities from nation-state advanced persistent threat (APT) groups, crimeware operations, and DDoS attack campaigns.
Wednesday, February 6, 2019
11 AM - 3 PM: Registration
Location: Chastain Terrace, Sixth Floor
3 PM - 8 PM: Registration
Location: Augusta CC 4&5, Foyer-- attached to Westin 7th Level
11:15 AM: ISE® Signature Luncheon (Invitation Only)
Location: Chastain I/J, Sixth Floor
Fail to Plan, Plan to Fail: Securing IoT Environments
Dave Summitt
Chief Information Security Officer
H. Lee Moffitt Cancer Center & Research Institute
ISE® Southeast People's Choice Award Winner 2017
Biography
Many enterprises are concerned with the state of their network security given the rise of the Internet of Things (IoT). Forrester defines IoT as both the specific devices as well as the processes and functions from operational technology (OT) that interact with each other over networks involving monitoring, analytics, and control systems. The risk facing these interconnected technologies is high, and executives are scrambling to locate and integrate the right tools, resources, and processes that will eliminate vulnerabilities and protect the enterprise. Unfortunately, security teams struggle with IoT visibility, making it impossible for them to defend devices and technology that they cannot see. Further complicating this issue, IT and OT teams often have conflicting views about how to manage IoT-connected devices. Performing audits and meeting compliance requirements for these devices are good first steps, but there’s more that can be done, especially for devices that aren’t known. Join our conversation as we discuss how to best plan an IoT security strategy and how you can obtain total device knowledge to secure your network.
12:50 PM: Welcoming Remarks and Introductions
Location: Chastain 1&2, Sixth Floor
Marci McCarthy
CEO and President
T.E.N.
Biography
T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® Southeast Executive Forum and Awards 2019.
1:00 PM: Keynote Address
Location: Chastain 1&2, Sixth Floor
Building a Security Program in the Era of Digital Transformation
Bob Varnadoe
VP, Technology Risk Management
Kaiser Permanente
ISE® Southeast Executive Award Finalist 2018
ISE® East Executive Award Finalist 2023
Biography
Building and maturing an information security program requires a lot of work. This effort becomes even greater when the focus of the business changes as well. Join our discussion on the approach to developing a program from inception to maturity along with some specific strategies for managing change and addressing the evolving scale of a digital first business.
1:35 PM: Interactive Executive Roundtables
Location: Chastain 1&2, Sixth Floor
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our leading ISE® Alumni.
Who or What Is Your Weakest Link?
James Edgar
Senior Vice President, Chief Information Security Officer
FleetCor
Biography
Is it possible to minimize risk exposure to the point where there is zero risk? Probably not, but it is possible to quantify your enterprise’s specific risks and hone in on vulnerable areas in your environment. The key is to employ continuous compliance, which ensures that only trusted systems, connections, and people have access to precious corporate data, thus improving your risk posture. As IT and OT systems especially become more decentralized and interconnected, they are also creating more risks for your enterprise, often in ways your security team is not aware of. To locate and resolve the weak links in your security program, it is crucial to add IT/OT device visibility to the equation to show how most threat vectors can be diffused by continuous monitoring and device compliance. Join our conversation as we discuss how savvy companies today are using continuous compliance to eliminate vulnerabilities as well as how IT/OT device visibility can positively impact enterprise risk posture.
Creating a Dynamic and Actionable Information Security Plan
Phani Dasari
Head of Business Security
TikTok
Biography
Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.
Creating a Secure Cloud Infrastructure
Vladimir Svidesskis
Information Security Director
Georgia Lottery Corporation
The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to more proactively protect. Join our discussions to learn how a thorough understanding of your company’s cloud capabilities and infrastructure aids security professionals in having a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.
Company Security Culture
As numerous data breaches have placed organizations’ brands and CEOs’ jobs on the line, security is gradually becoming a priority for C-suite executives and board members alike to integrate into company culture on every level. When your organization moves beyond simply discussing security to taking actionable steps, you’ll know cybersecurity has become a priority within your company. To make that transition from “talking” to “doing,” C-suite members are responsible for convincing board members to adopt cybersecurity as a top-down initiative. The more support C-suite leaders can garner from the board, the more likely they can receive the support and funding for resources and the development of a security program. In addition, having business leaders embody a culture of security with actions as well as rhetoric can have a positive impact on employees, who often receive the brunt of training initiatives, email alerts, and security tests in an organization. Join our discussions as we learn how leadership promoting the positives of security while eliminating apathy, division, and self-interest from the culture will help ensure security behaviors change throughout the company for the better.
Data Loss Prevention in an Age Without Borders
Steven Zimmerman
SVP, Technology Security Operations
First Horizon Bank
ISE® Southeast Executive Award Finalist 2006
The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.
2:35 PM: Afternoon Break
2:45 PM: ISE® Southeast Nominee Showcase Presentation #1
Location: Chastain 1&2, Sixth Floor
Ducking an Identity Crisis with Real-Time Fraud Alerting
Matthew Harper
Global Vice President of Program Strategy & Product Security
Aflac
Biography
Criminals are attempting to take advantage of Aflac’s transition from a legacy serving model to a digital-first environment via Account Takeover (ATO) and other techniques. To protect Aflac policyholder data while enabling the digital transformation, Aflac leveraged in-place security technology (Splunk) and real-time channel/servicing data (call center, online, claims and client master) to create a flexible analytics platform that can flag suspicious activity in real time and alert business partners in fraud, claims operations and security to take corrective action. Join our discussion to learn how Aflac’s project delivered real-time visibility across all aspects of their core individual business units and ID validation infrastructure.
3:05 PM: ISE® Southeast Exabyte Sponsor Showcase Presentation
Location: Chastain 1&2, Sixth Floor
When Two Worlds Collide. Reducing Risk with IT/OT Convergence
Julie Cullivan
Chief People & Technology Officer
ForeScout
Biography
Our Exabyte Sponsor will facilitate a 20-minute industry presentation around a top-of-mind security issue facing InfoSec executives today. Join our discussion as Julie Cullivan delves into the “great divide” between IT and OT, providing a historical view of the two worlds; discussing the challenges to bridging the gap between them; approaching how we begin building that bridge; and understanding why it is critical to bridge that gap to create harmony that reduces enterprise risk of business interruption.
3:25 PM: Information Security Executive® Deep Dive Panel
Location: Chastain 1&2, Sixth Floor
An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Joe Bennett
Senior Vice President, Chief Information Officer
Adient
Biography
Panelists
Julie Cullivan
Chief People & Technology Officer
ForeScout
Biography
Joey Johnson
CISO
Premise Health
ISE® Southeast Executive of the Year Award Winner 2017
ISE® North America Executive: Health Care Award Finalist 2017
Biography
Kim Keever
CISO and Senior Vice President of Security, Analytics & Technology Services
Cox Communications
ISE® Southeast Executive Award Winner 2019
ISE® North America Executive: Commercial Award Winner 2019
Biography
Shaun Khalfan
VP, Information Security
Freddie Mac
Biography
Michael Scobee
Cyber Security Director
Delta Air Lines
Biography
Nir Valtman
VP, Head of Product & Data Security
Finastra
4:10 PM: ISE® Southeast Nominee Showcase Presentation #2
Location: Chastain 1&2, Sixth Floor
Project Phalanx: Shifting Left in Application Security
Jeremy Brooks
Information Security Architect
Aaron's
Biography
Ashley Lee
Manager, Software Engineering – Payments Solutions
Aaron's
Biography
The Application Security team at Aaron’s partnered with QA, Development, and Development Operations to create a platform that enables the seamless integration of application security into Aaron’s S-SDLC and development technologies. Join our discussion as Aaron’s tell us how their initiative focused on delivering faster feedback to the development teams by providing self-service processes and automation that drastically accelerate the discovery and remediation of application security defects.
4:30 PM: ISE® Southeast Nominee Showcase Presentation #3
Location: Chastain 1&2, Sixth Floor
Creating An Accessible Security Awareness Program
Justin Bumpus
Information Security Solution Architect
Tractor Supply Company
Biography
Tractor Supply Company’s Risk and Compliance team, using several off-the-shelf and custom tools, found creative and innovative ways to measurably reduce risk in the Tractor Supply environment by elevating awareness and understanding. This includes professional level custom videos, phishing exercises, print and digital awareness campaigns, mandatory training and several other avenues of communication and testing. This program has shown results in reduced malicious email clicks, reduced malware and increased users reporting malicious activity. Join our discussion as we learn how creating an accessible security awareness program makes it relatable across the enterprise and increases success.
4:50 PM: Late Afternoon Break
5:00 PM: ISE® VIP Reception (Invitation Only)
Location: The Overlook, Sixth Floor
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM: Sponsor Pavilion and Dinner Buffet
Location: Augusta CC 4&5-- attached to Westin 7th Level
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the Award Nominees for 2019, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:30 PM: Sponsor Tear Down
Location: Augusta CC 4&5-- attached to Westin 7th Level
7:45 PM: ISE® Southeast Awards Gala
Location: 200 Building Whitehall Ballroom
Honoring and celebrating the ISE® Southeast Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.
Pete Chronis
SVP, Chief Information Security Officer
WarnerMedia
Dr. Kevin McKenzie
Former SVP of Information Technology & Enterprise CISO
Dollar Tree Inc., Family Dollar Inc.
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013
Biography
9:00 PM: Champagne & Dessert Reception
Location: 200 Building Whitehall Ballroom
Enjoy champagne and dessert while celebrating the winners, nominees and project teams.