ISE® Southeast Schedule of Events 2020

ISE® SOUTHEAST PRIVATE WELCOME DINNER
Hey Hey, You You, Get Off of My Cloud: Deploying Zero Trust Networking in the Modern Data Center

March 10, 2020
5:30pm - 8:30pm
STK Steakhouse
1075 Peachtree St NE
Atlanta, GA 30309
Registration closed. If you are interested in attending, please contact: Anna Stutler
Levine_David

David Levine
Vice President Corporate and Information Security, CSO CISM
RICOH Digital Services
Biography

As many firms transition their data centers into the cloud and other heavily virtualized environments, the old practice of implementing choke points to force data flows through a select set of avenues simply doesn’t work anymore. According to Gartner, by “2025, 80% of enterprises will have shut down their traditional data center, versus 10% today.” How will security respond when evolving data centers represent a gigantic blind spot where basic visibility, compliance and enforcement become impossible? Join our conversation as we discuss key cybersecurity challenges when moving from perimeter security to distributed security along with best practices for implementing Zero Trust data center security for cloud-based architectures.

Wednesday, March 11, 2020

11 AM - 3 PM: Registration

Location: Chastain Terrace, Sixth Floor

3 PM - 8 PM: Registration

Location: Chastain Terrace, Sixth Floor

11:15 AM: ISE® Signature Luncheon (Invitation Only)

Location: Chastain I/J, Sixth Floor

Sponsored by:

How Cross-Industry Organizations Can Collaborate on Cyber Defense

Kevin Morrison

Kevin Morrison
Vice President, IT & CISO
Rollins, Inc.
Biography

Collective defense is not a new idea, but carrying it out on a cyber level has taken some time to gain traction despite advocacy efforts. Much of the cybersecurity information-sharing that occurs today—especially in the private sector—is insufficient. Enterprises either wait to share threat intelligence after a breach has happened or naturally must limit or delay reporting due to outsized proprietary and legal liability concerns. It’s also difficult to scale and share insights at the speed of business since collective cyber defense is a manual process, making it a costly effort—though the price of doing nothing can also be high. Larger organizations have the opportunity to employ automation so that reporting can occur in real time, whereas a smaller organization might have experienced a previously unknown threat it has not had the opportunity about which to share experiences. Mitigating each other’s weaknesses and providing different insights are part of the benefits for adopting collective cyber defense. As cyber attackers are unifying their methodologies and resources, every organization—no matter the size or industry—is stronger partnering with others than it is alone. Join our conversation as we explore the right ways to collaborate on cyber defense, the challenges faced by the public and private sectors and how we can share information across the cyber kill chain quickly without risking IP or sensitive data.

12:50 PM: Welcoming Remarks and Introductions

Location: Chastain Room, Level 6
Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® Southeast Executive Forum and Awards 2020.

1:00 PM: Keynote Address

Location: Chastain Room, Level 6

Leaders Needed: Preventing The Next Big Breach

Jamil Farshchi

Jamil Farshchi
Chief Information Security Officer
Equifax
ISE® West Executive Award Finalist 2011
Biography

The roster of companies suffering cyber breaches isn’t slowing down. While every breach is different, there are common elements and understanding what went wrong can help us better prepare, respond or even prevent the next attack. Jamil Farshchi, Equifax CISO, candidly shares his experiences and assessments, providing actionable insights and tactics.

1:40 PM: Interactive Executive Roundtables

Location: Chastain Room, Level 6

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our leading ISE® Alumni.

Cyber Defense: A Reality Check for Cybersecurity Decision Makers

Kevin Treanor Kevin Treanor
Executive Director, Information Security
Cox Communications
Biography

Traditional security methods are falling short as the sophistication, frequency and speed of cyberattacks increase. Our sense of threat looms larger once we also consider the tenacity, time and resources that state-actors possess to wage strategic war over any business that might have valuable information to steal or manipulate. In a 2019 Vanson Bourne survey, 85% of respondents rated their organization’s cybersecurity technology, tools and systems as advanced—and yet their enterprises suffered one cybersecurity incident every three months on average, with 80% requiring meetings with the C-suite and board due to severity. This indicates a disconnect between confidence levels and actual vulnerability and system maturity. Fortunately, these board meetings also provide an opportunity for security executives to proactively secure the buy-in of upper management to redesign systems, offer better employee cyber training and other improvements to enterprise security. This same buy-in will be crucial for adopting collective cyber defense strategies, especially since many security professionals advocate for greater threat sharing with industry peers and between the public and private sector. Join our discussion to learn effective methods of communicating security needs to the C-suite and board as well as share our concerns and expectations for collective cyber defense in a world of advanced and growing threats.

Managing Passwords Isn’t Enough – A Universal Approach to PAM

Farley_Paul

Paul Farley
CVP, Deputy Chief Information Security Officer
NCR Voyix
Biography

Virtually every cybersecurity breach today involves the exploitation of privileged access. Privileges are initially exploited to infiltrate an IT environment; once compromised by threat actors, privileges are further leveraged to move laterally, access assets, install malware and inflict damage. Enterprises of all sizes have experienced a privilege explosion, driven by trends like cloud computing, DevOps, edge computing and the proliferation of non-human identities and accounts. As a result, privileged access is pervasive across the modern IT environment, yet it is often inadequately managed and monitored. Many organizations assume that password management will solve the privilege problem—but it’s only a partial solution. Relying on password management alone leaves dangerous gaps in protection, and further steps must be done to disrupt the cyberattack chain with privileged access security controls. Join our conversation as we discuss best practices around securing privileged accounts and how a Universal Privilege Management (UPM) model can be used to secure every user, session and asset across your IT environment.

Cyber Attackers Have an Inherent Advantage: How Do We Change That?

Adekunle_Kayode

Kayode Adekunle
IT Security Engineer
First Horizon Bank

In today’s asymmetrical warfare between cybercriminals and organizations, the cards are stacked against the good guys. While attackers only have to find one weak spot, security teams have to monitor and protect everything at all times, which in many instances dictates only one, virtually predestined outcome of the battle. With every marquee name that is breached, it is clear that crippling cyberattacks have become the new normal. Although this “era of insecurity” began more than 10 years ago, it has become more and more extreme in recent years, and there are three main factors that exacerbate the current situation. The first is that cybercrime is lucrative, and offensive scanning and exploitation tools have become cheaper, more automated and widely available to attackers. Second, in the hyperconnected IT ecosystem of today’s organizations, it is exponentially more difficult to continuously monitor and debug everything in a timely fashion. Finally, we are losing sight of security risks. Without a complete view of an organization’s entire attacker-exposed IT ecosystem—including risk from cloud, third-party and subsidiary environments—and an understanding of the business context of its assets, an organization cannot appropriately assess, prioritize and eliminate its most critical risks.

Establishing the Role of Governance in Identity Access Management

Kevin McKenzie

Dr. Kevin McKenzie
Former SVP of Information Technology & Enterprise CISO
Dollar Tree Inc., Family Dollar Inc.
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Biography

For businesses to succeed in protecting customer data and securing their privacy, security teams can begin treating every identity as a new security perimeter. Nowadays, threat actors do not “hack” in; they log in. Security measures that are busy covering firewalls, endpoints and networks tend to neglect protecting against identity and credential-based threats, allowing them to bypass security checkpoints perfectly camouflaged. Access governance can serve as one solution, as the methodology provides the guidelines which determine who has access to what information within an enterprise as well as the monitoring tools to evaluate access and user rights and their anomalies. Identity governance also helps ensure organizations comply with all current regulation requirements they are expected to follow. However, identity governance can come with its own challenges, such as locating and disabling orphaned accounts or failing to review and update identity governance policies, so they remain effective and are understandable. Some enterprises also choose to follow the Zero Trust model and tools to reinforce it, such as multi-factor authentication, which other enterprises might find too time-consuming. Nevertheless, if you are willing to take the steps, enforcing identity governance and identity access management (IAM) can wind up making all the difference in thwarting a data breach. Join our discussion as we explore the need for identity governance implementations; its challenges and rewards; how IAM is evolving; and the new risks we need to detect, mitigate and avoid.

2:40 PM: Afternoon Break

2:50 PM: ISE® Southeast Nominee Showcase Presentation #1

Location: Chastain Room, Level 6

Quacking the Code of Global Malware

Goldsworthy_DJ

DJ Goldsworthy
Vice President of Security Operations & Threat Management
Aflac
Biography

harbin_ben

Ben Harbin
Manager, Threat Management
Aflac
Biography

Aflac’s Global Malware Analysis Program was created to proactively combat today’s cyber threat by leveraging the very same resource used by criminals: malware. Aflac first collected malware from sensors distributed in the United States and Japan, and then analyzed and incorporated the findings into defensive capabilities. Using the thousands of malicious samples sent to Aflac via email each day, the team deconstructed and analyzed the malware to extract precise indicators of compromise. The information was then tagged and organized in Aflac’s threat intelligence platform. Join our conversation as Aflac shares how their program’s automatic orchestration ensures relevant data is pushed to defensive technologies, strengthening Aflac’s overall security posture.

3:15 PM: ISE® Southeast Exabyte Sponsor Showcase Presentation

Location: Chastain Room, Level 6

Working Together Sure Beats Working Alone - Collective Defense for the Collective Good

Ehrlich_Michael

Michael Ehrlich
CTO
IronNet Cybersecurity
Biography

Collective Defense is an enduring security principle that binds its members together against a common threat. With the proliferation of advanced attack techniques, it is more important than ever for companies to work together in common defense. Join our discussion as we explore how a Collective Defense construct can help accelerate discovery of new attacks, provide broad situational awareness, and enhance the cybersecurity posture of its participants.

3:40 PM: Information Security Executive® Fireside Chat

Location: Chastain Room, Level 6

An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

George Lamont, Colonel (ret) USAF
Co-Founder, Chief Information Officer (CIO) and Chief Information Security Officer (CISO)
IronNet Cybersecurity
Biography

Speakers

Marian Reed

Marian Reed
Head of IT Security
Serta Simmons Bedding

Tony Spurlin

Tony Spurlin
Vice President & Chief Security Officer
Windstream
ISE® North America People's Choice Award Winner 2005
ISE® Southeast Executive Award Finalist 2018

Biography


4:25 PM: ISE® Southeast Nominee Showcase Presentation #2

Location: Chastain Room, Level 6

Project Baywatch

Boucher_Brad

Brad Boucher
VP & Deputy CISO
Cox Communications

Deal_Michael

Michael Deal
Director of Cyber Defense Engineering and Vulnerability Management
Cox Communications
Biography

To address security’s challenge ingraining accountability across its business and an increasing need for enhanced stakeholder reporting, the Cox Communications team developed and implemented a cyber analytics and visualization portal: IRIS. IRIS empowers the cybersecurity team and its stakeholders to monitor, track, and report on the state of the cybersecurity program in a structured, centralized and automated means. Join our discussion as Cox Communications shares how became their centralized portal for security practitioners, technology stakeholders, and business owners to view relevant metrics, dashboards, and reports impacting the organization's security posture.

4:50 PM: Late Afternoon Break

5:00 PM: ISE® VIP Reception (Invitation Only)

Location: The Overlook, Level 6

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM: Sponsor Pavilion and Dinner Buffet

Location: Chastain G,H,I, Level 6

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the Award Nominees for 2020, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM: Sponsor Tear Down

Location: Chastain G,H,I, Level 6

7:45 PM: ISE® Southeast Awards Gala

Location: Savannah Ballroom, Level 10

Honoring and celebrating the ISE® Southeast Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.

Kevin McKenzie

Dr. Kevin McKenzie
Former SVP of Information Technology & Enterprise CISO
Dollar Tree Inc., Family Dollar Inc.
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Biography

Bob Varnadoe

Bob Varnadoe
VP, Technology Risk Management
Kaiser Permanente
ISE® Southeast Executive Award Finalist 2018
ISE® East Executive Award Finalist 2023

Biography

9:00 PM: Champagne & Dessert Reception

Location: Savannah Ballroom, Level 10

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.