ISE® West Schedule of Events 2018

ISE® WEST PRIVATE WELCOME DINNER
Answering the "Are We Okay?" Question: Simplifying for Certainty About Advanced Threats

Chuck Markarian
Chief Information Security Officer
PACCAR
Biography

With every new breach, board members and leadership teams want to know if their business is protected and ask information security leaders the ever-familiar question - “Are we ok?”. Definitive answers are difficult to provide. Enterprises have implemented endpoint security programs that are complex, unable to keep up with the pace at which attackers are developing never-before-seen techniques. The threats vs. protections arms race has resulted in multiple niche products on endpoints, making the endpoint environment complex, and exposure difficult to assess. It is crucial for enterprise security leaders and their teams to implement an endpoint strategy that addresses the scope of these new attack techniques and tactics while reducing the complexity and increasing the performance of the endpoint environment.

Join our conversation as we discuss how enterprise security leaders can get to certainty with an endpoint security program that stops never-before-seen attacker techniques while reducing complexity and cost.

August 16, 2018

11:00 AM - 3:00 PM: Registration

Location: Pre-function of Elizabethan Ballrooms C&D, 2nd floor

11:15 AM: ISE® Signature Luncheon *Invitation Only

Location: Elizabethan B, 2nd floor

Sponsored by:

Maximizing the Potential of Man and Machine

Saikat Maiti
Chief Information Security Officer
Upstart Networks
ISE® West People's Choice Award Winner 2016
ISE® West Executive Award Finalist 2016
Biography

There’s a lot of buzz in the cybersecurity industry around artificial intelligence, automation, and orchestration. Some view them as the Next Great Hope, while others would replace that last word with “Hype.” Despite what you might hear from some optimistic vendors, AI and automation aren’t the perfect panacea for all your cybersecurity challenges. For example, automation might not be possible for highly dynamic and investigative activities like hunting and forensics but can work wonders for analyzing and identifying patterns across volumes of security data. Join our conversation as we discuss how you can leverage the automation and orchestration boom to your advantage, to build solid SOC solutions that incorporate the best of manual and automated processes.

12:50 PM: Welcoming Remarks and Introductions

Location: Elizabethan C&D, 2nd floor

Marci McCarthy
CEO and President
T.E.N.
Biography

T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® West Executive Forum and Awards 2018.

1:00 PM: Keynote Address

Location: Elizabethan C&D, 2nd floor

Building an Enterprise Security Program

Pritesh Parekh
VP & Chief Security Officer
Zuora
San Francisco, CA
ISE® West Executive Award Finalist 2016
ISE® North America Executive: Commercial Award Finalist 2016
ISE® West Executive Award Finalist 2017
ISE® North America Executive: Financial Award Winner 2017
Biography

1:35 PM: Interactive Executive Roundtables

Location: Elizabethan C&D, 2nd floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices.  The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.

• Roundtable 1
• Roundtable 2
• Roundtable 3
• Roundtable 4

Rebalancing the SOC

Sponsored by:

Steven Singer
Director of Information Security
LegalZoom
Biography

Central to safeguarding against cyber threats is a corporation's SOC. Security operations require constant innovation to keep up with the businesses they protect and to mitigate potential damage from the threats against them, especially because skilled SOC analysts are so hard to find and retain. The exponential growth in security-relevant data coupled with the ongoing challenge of finding training and retaining skilled security analysts to monitor and respond to that data creates a critical and vexing problem for security organizations. However, by marrying the benefits of skilled analysts with automation, orchestration and AI, your organization can create a much more hospitable, efficient, and effective SOC. With revolutionary technologies advancing security operations, like AI-based expert systems, an autonomous analyst is no longer a concept, but a reality.

Security That Works Outside the Perimeter

Sponsored by:

Avram Kornberg
Security and Technology Executive & Founder
Stratecution Consulting, LLC.
Biography

The days of working within four office walls are long-gone. In fact, 43% of Americans work remotely at least some of the time. Your team works from their desks, but also from home, from the airport, from the coffee shop around the corner—the list goes on. Your employees are using modern cloud applications that allow them to work from anywhere, but is your security solution keeping up with this new perimeter? It’s important to balance security and end user flexibility to meet compliance requirements for your organization. Furthermore, end users aren’t just your employees any more. Customers, partners, and suppliers are all demanding access on-the-go and on multiple devices. Join our conversation as we discuss the challenges of securing your organization in a perimeterless world and how we can create a seamless end user experience and secure data all while meeting enterprise compliance requirements.

The Increasing Impact of Insider Threats

John Abel
Senior Director of Security
Credit Karma

Insider threats continue to be one of the top cyber security threats and have proven that they are a force to be reckoned with. According to a 2017 Insider Threat Report, 53% of companies estimate remediation costs of $100,000 and more, with 12% estimating a cost of more than $1 million. The same report suggests that 74% of companies feel that they are vulnerable to insider threats, with 7% reporting extreme vulnerability. Every company will face an insider-related breach sooner or later regardless of whether it will be caused by a malicious action or an honest mistake. As costs related to insider threats continue to grow, what can Information Security Executives and their security teams do to combat this all too familiar foe?

Gone Phishing: Securing the Enterprise from Social Engineering Attacks

Selim Aissi
Chief Information Security Officer
Blackhawk Network
ISE® West Executive Award Finalist 2015
ISE® North America Executive Award Finalist 2015 - Commercial Category

Social media, a digital medium that is rooted in sharing personal and professional data, continues to be a favorite target for cyber-criminals because it offers a virtual treasure trove of readily accessible information. The very nature of how information is shared via social media goes against many longstanding core information security principals. Businesses of all shapes and sizes can be targets of social media engineering and phishing attacks. While phishing itself is an incredibly well-known attack technique, it still continues to be a major security issues for many organizations. Symantec’s 2017 Internet Security Threat Report found that Business Email Compromise (BEC) scams, relying on spear-phishing emails, targeted over 400 businesses every day, draining $3 billion over the last three years. While it’s critical for security teams to keep up to date on current social engineering and phishing attacks, what else needs to be done to ensure the enterprise at large is aware of the dangers and pitfalls of these kinds of attacks?

2:35 PM: Afternoon Break

2:45 PM: ISE® West Nominee Showcase Presentation #1

Location: Elizabethan C&D, 2nd floor

Shifting Security LEFT

Sudharma Thikkavarapu
Head of Cybersecurity Transformation (Sr. Manager)
T-Mobile
Biography

T-Mobile felt it was crucial to create a behavioral change across their organization in order to make security an integral part of everyone’s DNA. The T-Mobile technology and engineering teams were developing and deploying solutions to support UnCarrier activities at accelerated speeds, and their security organization was not able to scale to support the demand for application security assessments. For example, the time taken to complete one single application security assessment was approximately seven working days, which was unreasonable and slowing their business. Join our conversation to learn how the T-Mobile team took this as a problem statement and reengineered all their processes and solutions to bring down service level agreements (SLA) from 7 working days to less than 30 minutes.

3:00 - 8:00 PM: Registration

Location: Pre-function of Elizabethan Ballrooms C&D, 2nd floor

3:05 PM: ISE® West Exabyte Sponsor Showcase Presentation

Location: Elizabethan C&D, 2nd floor

Probability in Security: An Automat-able Approach to Security Monitoring

Chris Calvert
Co-Founder & VP Product Strategy
Respond Software
Biography

3:25 PM: Information Security Executive® Deep Dive Panel

Location: Elizabethan C&D, 2nd floor

An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Jeff Trudeau
Chief Information Security Officer (CISO)
Chime
ISE® North America Health Care Executive Award Winner 2013
ISE® West Executive Award Finalist 2019

Panelists

Chris Calvert
Co-Founder & VP Product Strategy
Respond Software
Biography

Jim Covington
Division CISO
Pacific Life Insurance Company
Biography

Bernie Cowens
Executive Vice President, Chief Information Security Officer
Utility Technology Solutions
Biography

John Kirkwood
VP IT, Chief Information Risk and Security Officer
Albertsons Companies
ISE® West Executive Award Finalist 2018
ISE® West Executive Award Finalist 2019
ISE® North America Executive: Commercial Award Finalist 2019
Biography

4:10 PM: ISE® West Nominee Showcase Presentation #2

Location: Elizabethan C&D, 2nd floor

Kaiser Permanente’s Vendor Risk Management Program

Michelle Nix
VP of Technology Risk Management
Kaiser Permanente
Biography

Chetana Sankhye
Senior Director, Technology Risk Management
Kaiser Permanente
Biography

Kaiser Permanente’s Vendor Risk Management Program (VRM) established the capabilities necessary to effectively manage and monitor vendor control risks across the enterprise through a series of actions. First was the creation of an inventory of vendor risk information to understand the vendor services through inherent risk assessments for tens of thousands of existing vendor engagements. Next was the completion of controls assessment for high-risk new and existing vendors, and management of risk remediation and acceptance from controls assessment efforts. Finally, the team implemented automation, reporting, and process improvements to scale efforts enterprise-wide. Join our discussion to learn how Kaiser Permanent’s VRM Program provided them with an increased level of understanding of its vendor population and the underlying privacy and security risks.

4:30 PM: ISE® West Nominee Showcase Presentation #3

Location: Elizabethan C&D, 2nd floor

The AEIRS Analytics Program

Jon Backus
Product Manager
Aetna
Biography

The team at Aetna is using leading-edge technology that uses machine learning to provide early detection of anomalies in user behavior. The Aetna Entitlements, Identity, & Risk System (AEIRS), is a User and Entitlement Behavior Analytics (UEBA) program that evaluates millions of event records looking for anomalous or unusual behavior and alerts when detected. The analytics engine, AEIRS, determines and tracks normalized behavior for every Aetna user and then uses it to look for abnormal breaks from pattern, as well as rules-based criteria through behavior models. It also calculates a risk score for each individual user that has access to an Aetna system. The risk scores will change based on anomalous or unusual behavior detected by a model. Join our discussions as we learn how AEIRS’ models and risk scores have been used to influence response and automated control changes.

4:50 PM: Late Afternoon Break

5:00 PM: ISE® VIP Reception (invitation only)

Location: Elizabethan A & B, 2nd floor

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM: Sponsor Pavilion and Dinner Buffet

Location: California West, 2nd floor

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the Award Nominees for 2018, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM: Sponsor Tear Down

Location: California West, 2nd floor

7:45 PM: ISE® West Awards Gala

Location: Colonial Ballroom, Mezzanine Floor

Honoring and celebrating the ISE® West Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.

Marci McCarthy
CEO and President
T.E.N.
Biography

Jeff Trudeau
Chief Information Security Officer (CISO)
Chime
ISE® North America Health Care Executive Award Winner 2013
ISE® West Executive Award Finalist 2019

9:00 PM: Champagne and Dessert Reception

Location: Colonial Ballroom, Mezzanine Floor

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.