ISE® WEST PRIVATE WELCOME DINNER
The Myths and Realities Of Operationalizing Big Data Security Analytics
5:30pm - 8:30pm
Morton’s The Steakhouse
400 Post St. Lower Level
San Francisco, CA 94102
Al Ghous
Sr Director, Cyber Security
GE Digital
Biography
Gartner calls big data security analytics the “Next Big Thing.” It promises to automate the threat detection process, remove false positives from undermining effective security operations, and offer visibility to unseen and unknown threats, all at scale. Yet to implement it, organizations must work through the practical challenges of deploying and operationalizing this new and transformative technology. Requirements must be carefully defined, including use case coverage, data source requirements, security operations process changes, and incident response optimization. Join our conversation around deploying big data security analytics where we will delve into how companies have successfully deployed this technology and discuss topics like how to choose the correct technology, behavioral analytics proper fit in security operations, and defining successful metrics to measure results.
August 23, 2017
11:00 AM - 3:00 PM: Registration
Location: Pre-function of Elizabethan Ballrooms C&D, 2nd floor
11:30 AM : ISE® Signature Luncheon *Invitation Only
Location: Elizabethan B, 2nd floor
Neil Storey
Sr. Business Leader - Global Information Security
VISA
Biography
Why Cybersecurity Needs Eyes, and AI, on the Inside
Analysts are buried in false positives, struggling to manually put the many pieces together to identify truly critical threats. Defending against cyber adversaries requires a new approach—one that considers the unique characteristics of adversary goals and behavior. AI can identify and tie together sets of behaviors that adversaries must use, but which are statistically unlikely for legitimate users and systems to accidentally perform in the course of normal operations. If you have the data you need to enable forensics post-incident, you also have the data you need to detect an adversary before they achieve their objective. Join our conversation to learn more about how the addition of AI can provide visibility and correlation across all systems and give network defenders the opportunity to gain the upper hand against adversaries now and into the future.
1:00 PM : Welcoming Remarks and Introductions
Location: Elizabethan C&D, 2nd floor
Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography
T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® West Executive Forum and Awards 2017.
1:10 PM : Keynote Address
Location: Elizabethan C&D, 2nd floor
Jason Lish
Executive Vice President and Chief Security Officer
Alight Solutions
ISE® West Executive of the Year Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Financial Category
ISE® Central Executive Award Finalist 2018
Biography
Security Talent Today & Tomorrow
Investment in Cyber Security has increased dramatically over the last few years and in turn, many companies are still struggling to fill much need roles with qualified security talent. Earlier this year, the 2017 Global Information Security Workforce Study estimated that the job gap is growing, with the projected shortage reaching 1.8 million professionals by 2022. While the gap is not news, the fact that it is growing should be a huge concern to an already exhausted workforce. The shortage itself has been linked to everything from employers demanding too many skills in new hires, poor compensation for the required skillsets, lack of effective education options, and inefficient recruiting processes. So how should companies address the issue? Join Jason Lish as he examines the industry need for finding and retaining the right security talent, key skillsets needed to improve the security industry, and how current InfoSec professionals can ensure they’re continually improving themselves to ensure a more secure future.
1:45 PM : Interactive Executive Roundtables
Location: Elizabethan C&D, 2nd floor
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.
Securing What You Share: Improving Your Third Party Security
Arjun Thusu
Chief Information Officer
Mercury Financial
Biography
When organizations start working with third-party vendors, they have to consider a variety of security concerns. These vendors often have access to valuable, sensitive corporate data, yet according to a 2016 study by the Ponemon Institute, more than one third of companies don’t believe these vendors would tell them if they had a data breach. Additionally, About 60% of respondents said they felt vulnerable because they were sharing sensitive data with third parties that might have weak security policies. While including data privacy and security procedures in third-party contracts to ensure vendors have appropriate measures in place to protect company data has become commonplace, it is difficult to evaluate how the vendor is protecting data from unauthorized access, use, and disclosure, and to know whether the vendor has appropriate contractual terms in place with downstream, who may also have access to your data. This disconnect creates a high-risk area for all industries as more and more data loss through third-party vendors results in a breakdown of trust and communication. To help prevent potential damages, organizations need to develop plans for working with third parties that involve data mapping vendors, contract specificity, and regular data audits.
The Internet of Things is Here and Growing but are You Ready for it?
Al Ghous
Chief Information Security Officer
Envision Digital
The once nebulous Internet of Things has slowly but surely become a more defined and pressing issue for Information Security professionals as more organizations begin to adopt the IoT into their business structure. Gartner predicts that in the year 2020, 25 billion ‘things’ worldwide are connected to the internet with a collective economic value of two trillion dollar. While that still leaves current InfoSec professionals some time to adapt to a more pervasive Internet of Things, the question remains; “How ready is your organization for IoT adoption now?” Does your organization have the right skillsets and capabilities in place now to start investing in IoT related projects? Aside from all the innovative, technical and business skills needed, perhaps the greatest skill needed is the ability to understand what missing factors are in the organization’s capabilities.
Security from the Inside: Combating Insider Threats
Selim Aissi
Chief Information Security Officer
Blackhawk Network
ISE® West Executive Award Finalist 2015
ISE® North America Executive Award Finalist 2015 - Commercial Category
While the popular view of most security threats tends to be of outsiders, the last few years have also seen an increasing emphasis on threats to the enterprise from the inside. Insider threats can range from something as simple as a negligent employee who clicks on a bad email link to a disgruntled employee with privileged access to sensitive data and portions of the enterprise. A 2016 survey on insider threats by Bitglass revealed that one in three organizations interviewed had experienced insider attacks, with 56% saying they have gone up in the past year. Organizations are starting to see improvements in detecting insider threats however. In the same survey, 64% of the respondents said they can now detect breaches within a week, compared to the previous year where only 42% were able to do so. While there have been some improvements in dealing insider threats, there still remains a strong need for a more vigilant and proactive approach to identifying, isolating, and mitigating damage from these kinds of attacks.
Engineering a Social Solution: Protecting Your Enterprise from Social Engineering Attacks
Caleb Sima
Managing Vice President, Cyber Security
Capital One Financial
Biography
Social engineering attacks, which rely on human interaction and fraudulent behavior to trick people, have become one of the fastest growing security threats for enterprises today. While more traditional attacks prey on technology-based system vulnerabilities, like software bugs and misconfigurations, social engineering attacks target human vulnerabilities by using deception to trick targeted victims into performing harmful actions. Whether it’s a spear phishing, consumer phishing, business email compromise (BEC) or even ransomware, there are a myriad number of attack types that proliferated at an alarming rate in just the last year. Moreover, Agari’s 2016 Email Security: Social Engineering Report found that 60% of surveyed security leaders said their organizations were or may have been victim of at least one targeted social engineering attack in the past year. Additionally, 65% of those who were attacked say that employees' credentials were compromised as a result of the attacks and financial accounts were breached in 17% of attacks. As threat actors continue to employ these types of attacks, organizations must begin taking the necessary countermeasures to prevent the extensive damage they can cause.
2:45 PM : Break
2:55 PM : Nominee Showcase Presentation #1
Location: Elizabethan C&D, 2nd floor
A Framework for a Secure Future
Luis Ocegueda
Senior Security Engineer
Walmart
Biography
Walmart operates one of the largest cloud environments and leverages the open source tool OneOps to manage applications and operating systems. The OneOps Security Framework is an integration that allows applying security best practices and configurations to any application or operating system automatically at deployment to save time while meeting security and compliance requirements. The OneOps Security Framework project has helped teams meet security objectives seamlessly thus saving thousands of man-hours on configuration, testing, implementation, and remediation. The framework has also been made available to all industry users of OneOps through Walmart’s open source initiate. Join our conversation to learn how the Walmart team leveraged their OneOps management tools to develop a process for testing new configurations, apply configurations prior to deployment, and force application and operating system configurations or updates at deployment time.
3:00 - 8:00 PM : Registration
Location: Pre-function of Victor’s Palace, top floor
3:15 PM: CISO Deep Dive: Executive Leadership
Location: Elizabethan C&D, 2nd floor
An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Pete Lindstrom
VP, Security Strategies
IDC
Biography
Panelists
Kannan Perumal
CISO
Applied Materials
Biography
Bernie Cowens
Executive Vice President, Chief Information Security Officer
Utility Technology Solutions
Biography
Neil Storey
Sr. Business Leader - Global Information Security
VISA
Biography
Nick Shevelyov
Chief Security & Chief Privacy Officer
Silicon Valley Bank
Biography
4:00 PM : Nominee Showcase Presentation #2
Location: Elizabethan C&D, 2nd floor
Balancing Security and Business: Building a Next Gen SSO Program
Hardik Sancheti
Senior Manager, Identity Management Infrastructure
Seagate
Upon moving to a zero trust security model, the team at Seagate decided to replace their previous SSO infrastructure to support this new model. The NextGen Single Sign-On (SSO) program sought to solve one of the issues of the previous SSO infrastructure regarding potential vulnerabilities to a malicious insider who could acquire users’ SSO cookie in a “watering hole” attack. The project replaced Seagate’s SSO infrastructure with a secure platform that supports risk-based authentication and robust federation. The infrastructure was deployed across two data centers and two disaster recovery sites and included migrating over 150 applications and 50 federations (SSO across two or more domains / companies) with positive impact to Seagate’s business. Join our conversation to learn how the Seagate team was able to not only sole the “watering hole” issue, but also enhance overall security and access management capabilities by implementing end-to-end SSL, risk-based authentication and session assurance as well as better align the infrastructure to business initiatives for SSO, mobile, social and cloud integrations.
4:20 PM : Nominee Showcase Presentation #3
Location: Elizabethan C&D, 2nd floor
Building a Blueprint for Better Mobile Security
Tim Smith
Sr. IT Manager of End User Computing and Corporate Information Security
Western Union
Biography
Western Union is a huge proponent of empowering their end users via mobile devices, and in 2016 they wanted to make sure they had a strong mobile threat defense solution in place that would properly safeguard their employee’s mobile devices and data. To accomplish this, they required a solution which provided protection across the most common mobile threat vectors- malware, malicious networks, and OS/configuration vulnerabilities- and which was easy to deploy and manage, offered in-depth reporting and analysis, protected devices in real-time, and could mitigate threats automatically. Join our conversation to learn how Western Union was able to deploy an effective and easy to use mobile security solution that helped them empower a safe but mobilized workforce.