Upcoming Events

ISE® VIP Private Dinner during the Gartner Symposium/ITxpo 2019
How to Avoid Making Trade-Offs Between Security and IT Operations

October 21, 2019
6:30pm - 9:30pm
Waldorf Clubhouse
Waldorf Astoria Orlando
14200 Bonnet Creek Resort Ln.
Orlando, FL 32821
Registration
Dawn Ellis

Dawn Ellis
Executive Director, Cyber Security & Compliance
The Walt Disney Company
Biography

As leaders, CIOs and CISOs face pressure from all sides. They must keep organizations continuously compliant, keep critical information secure, manage fleets of networked devices and fulfill the increasingly common executive mandate to make technology an enabler for business growth. Many organizations are also challenged to update their technology from legacy systems, which make it difficult to have full visibility across endpoints and get the real-time data on which they can make confident decisions. In these stressful, fragmented environments—especially where organizations use a range of point products for security and operations, resulting in a lack of full visibility and control—there are regular trade-offs taking place among these priorities. These compromises often leave an organization open to an attack, outage or another form of disruption. Join our conversation as we discuss how security teams can better secure their enterprise against cyber threats, outages and other disruptions—without making trade-offs and without settling for "good enough".

Transportation will be provided to The Waldorf Clubhouse at the Waldorf Astoria Orlando from The Walt Disney Swan and Dolphin Resort. Please meet at the Swan Hotel Lobby for a 6:15 pm departure.

ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience

October 23, 2019
5:30pm - 8:30pm
Elway’s Cherry Creek
2500 E 1st Ave, #101
Denver, CO 80206
Registration

In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.

ISE® PRIVATE DINNER
The Rise of Global Identity in Digital Transactions

October 24, 2019
5:30pm - 8:30pm
Perry’s Steakhouse & Grille
2000 McKinney Ave #100
Dallas, TX 75201
Registration
Duaine Styles

Duaine Styles
SVP, Chief Security Officer
Torchmark Corporation
Biography

With cloud usage growing and the concern for data security on the rise, regulatory entities around the globe are increasingly introducing and enforcing new legislation that brings greater transparency between the user and end-entity in digital transactions. We have witnessed the stir GDPR has and will continue to cause, especially as more enterprises seek to redefine their compliance to its standards. Then, there is eIDAS, which aims to create a robust European legal environment for secure and trustworthy electronic business processes in the public sector. Meanwhile, PSD2 introduces new business models between banks and third-party service providers, while Germany’s BSI promotes IT security for its federal government as well as for IT manufacturers and commercial providers. While the European Union is leading the charge toward the rise of identity in many instances, this has direct impact on multi-national businesses based in North America. In the United States there are already regulations in place—some industry specific such as PCI DSS and HIPPA Privacy Rules—that organizations must comply with. What responsibilities are North American enterprises expected to uphold of these many regulations, and what are the ramifications of non-compliance? As security and identity take on a more global aspect, it has also become crucial to provide clear indicators—such as verified SSL certificates and universal identity marks in web browsers—to specify trusted communication with verified organizations. Having these indicators be uniform and easy to interpret can reduce or eliminate the chances of transmitting sensitive data through a secure channel to a bad actor. This practice would also make it simpler to follow compliance regulations, no matter their origin. Join our conversation as we discuss how overseas regulations for digital transactions impact businesses in the United States and across North America, what this means for digital identity security, and how we can capitalize on these regulations to build more trusted relationships with users and customers.

ISE® PRIVATE DINNER
Stop Buying Security Products: Fix Your Security Posture Using What You Have

November 5, 2019
5:30pm - 8:30pm
Metropolitan Grille
820 2nd Ave
Seattle, WA 98104
Registration
Sunil Lingayat

Dr. Sunil Lingayat
Chief of Cybersecurity Strategy and Technology
T-Mobile
Biography

Is your organization protected against every known attack, including the vulnerabilities announced yesterday? Zero-day attacks garner plenty of attention, but the truth is 99% of all cyberattacks occur due to hackers exploiting existing or known vulnerabilities. You likely already have cybersecurity products that could protect you, but chances are they have not been configured correctly to your enterprise’s specific risk profile. For instance, Gartner estimates that 95% of firewall breaches are caused by simple firewall misconfigurations, yet 97% of breaches are still happening to companies that have already deployed the right controls. Breaches are arising more often because complexity is your enemy. If your security team is managing too many solutions—some of which might not be optimal for your current enterprise security requirements—then a simple misconfiguration or drift is all an attacker needs to exploit within your security stack to gain entrance. You do not need another security product. You just need to use what you have, better. Join our conversation as we discuss how to continually and safely test every part of your security infrastructure for gaps as well as how to fix those gaps to protect the business.

ISE® PRIVATE DINNER PRIOR TO 2019 GAISSA CONFERENCE – ATLANTA 11/6
How to Avoid Making Trade-Offs Between Security and IT Operations

November 6, 2019
5:30pm - 8:30pm
Little Alley Steak - Buckhead
3500 Lenox Rd NE Suite 100
Atlanta, GA 30326
Registration

As leaders, CIOs and CISOs face pressure from all sides. They must keep organizations continuously compliant, keep critical information secure, manage fleets of networked devices and fulfill the increasingly common executive mandate to make technology an enabler for business growth. Many organizations are also challenged to update their technology from legacy systems, which make it difficult to have full visibility across endpoints and get the real-time data on which they can make confident decisions. In these stressful, fragmented environments—especially where organizations use a range of point products for security and operations, resulting in a lack of full visibility and control—there are regular trade-offs taking place among these priorities. These compromises often leave an organization open to an attack, outage or another form of disruption. Join our conversation as we discuss how security teams can better secure their enterprise against cyber threats, outages and other disruptions—without making trade-offs and without settling for “good enough”.

ISE® PRIVATE DINNER
Stop Buying Security Products: Fix Your Security Posture Using What You Have

November 6, 2019
5:30pm - 8:30pm
Quattro - Four Seasons Hotel - Silicon Valley
2050 University Avenue
East Palo Alto, CA 94303
Registration
Sunil Lingayat

Malcolm Harkins
Chief Security and Trust Officer
Cymatic
Former Chief Security and Trust Officer for Cylance
Former Chief Security and Privacy Officer for Intel

Biography

Is your organization protected against every known attack, including the vulnerabilities announced yesterday? Zero-day attacks garner plenty of attention, but the truth is 99% of all cyberattacks occur due to hackers exploiting existing or known vulnerabilities. You likely already have cybersecurity products that could protect you, but chances are they have not been configured correctly to your enterprise’s specific risk profile. For instance, Gartner estimates that 95% of firewall breaches are caused by simple firewall misconfigurations, yet 97% of breaches are still happening to companies that have already deployed the right controls. Breaches are arising more often because complexity is your enemy. If your security team is managing too many solutions—some of which might not be optimal for your current enterprise security requirements—then a simple misconfiguration or drift is all an attacker needs to exploit within your security stack to gain entrance. You do not need another security product. You just need to use what you have, better. Join our conversation as we discuss how to continually and safely test every part of your security infrastructure for gaps as well as how to prioritize remediation based on business risk.

2019 GAISSA Conference: Brighter, Secure Future, Now!
T.E.N. ISE® Success Track

November 7, 2019
8:00am - 5:00pm
The Loudermilk Center
40 Courtland Street Northeast
Atlanta, GA 30303
Registration
More Information

Healthcare on the Move: Using Security as a Business Enabler

10:00-10:45 am

Kanvinde_atul

Atul Kanvinde
Director, Clinical Applications
Children's Healthcare of Atlanta
Biography

Manikin_Stoddard

Stoddard Manikin
CISO & Director, Information Security
Children's Healthcare of Atlanta
Biography

To improve clinician to clinician communication, Children's Healthcare of Atlanta replaced the existing hospital communication solution to provide enhanced services, including: bar code scanning, secure messaging and integration with existing applications. The project set out to develop and implement the necessary clinical and infrastructure components to improve operational workflows in order to provide a seamless and secure means of communication and medication administration documentation. The Mobile Clinician Project rollout addressed both security and operational needs, helping prove the idea that security can be an enabler vs. a barrier. Join our conversation as the Children’s Healthcare of Atlanta Team shares how they combined multiple technologies that made patient care more efficient, addressed security and privacy concerns, and promoted mobility for their caregivers.

Weathering the Business Transformation Storm through Sturdy Leadership

11:00-11:45 am

Tony Spurlin

Tony Spurlin
Vice President & Chief Security Officer
Windstream
ISE® North America People's Choice Award Winner 2005
ISE® Southeast Executive Award Finalist 2018

Biography

In life or business, there are many situations that when encountered, help drive us to meaning and understanding. This philosophy has been a driving force behind the security leadership of Tony Spurlin, VP and CSO for Windstream. In 2016, Windstream and Tony’s previous organization, Earthlink, merged together as one organization. Upon joining the Windstream team, he charged his security architecture team to work with identity management to evaluate the current challenges with regards to identity and access management and developed a comprehensive and rational plan to incrementally improve Windstream’s risk posture through approved and planned capital investments. Tony builds relationships and powerhouse teams that shape and enable all involved to succeed. Through his career, he has influenced and has grown many leaders across the industry that continue to succeed in their new respective companies and information security programs that continue flourish within these organizations. Tony continuously seeks out opportunities to collaborate with other Windstream organizations valuing the benefits of different perspectives and he finds that solutions to business challenges are most effective when melded into a comprehensive plan benefitting from different points of view and diverse experiences. Join Tony Spurlin as he shares his thoughts and experiences on information security teambuilding, effective board engagement, and hands-on leadership and problem-solving strategies.

ISE® Success Alumni: Reflections and Insights to Elevate Careers to New Heights

11:45 am-1:00 pm

Moderator

Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

Panelists

Knight_Wes

Wes Knight
Chief Information Security Officer
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
Biography

Manikin_Stoddard

Stoddard Manikin
CISO & Director, Information Security
Children's Healthcare of Atlanta
Biography

Tony Spurlin

Tony Spurlin
Vice President & Chief Security Officer
Windstream
ISE® North America People's Choice Award Winner 2005
ISE® Southeast Executive Award Finalist 2018

Biography

Bob Varnadoe

Bob Varnadoe
Chief Information Security Officer
NCR
ISE® Southeast Executive Award Finalist 2018
Biography

For nearly a decade, T.E.N. has honored CISOs and other cybersecurity executives as Finalists and Winners of the ISE® Program Awards. Throughout the years, we have seen them climb to new heights in their careers and create game-changing security platforms within their companies. What these CISOs have proven is that there is no one path to success. There are many ways security professionals can become CISOs, whether they approach cybersecurity from a technical, business-oriented or policy angle. However, with the rapid changes the InfoSec industry experiences, it can be difficult for security professionals to determine which of their strengths to harness, how to use them and how to improve their weaknesses. While technical skills are necessary for understanding your company’s current security landscape and its risk profile, you will also need an invaluable supply of soft skills to manage a team and build trust with other business leaders. Becoming a CISO is just the first step. Succeeding as a CISO will be the real challenge. Join our conversation as we reflect on the experiences enterprising CISOs have gained in their careers and at the ISE® Programs, each of them sharing unique insights about how upcoming security professionals can elevate their careers and flourish in a CISO role.

The CISO Sentinel: Security and Compliance Risk Management

1:30-2:15 pm

Knight_Wes

Wes Knight
Chief Information Security Officer
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
Biography

The Georgia Department of Revenue Office of Information Security is responsible for securing a threat and regulatory landscape that encompasses multiple Federal mandates and 3rd Party Information Service providers. The CISO Sentinel is a security and compliance risk management platform that captures operating efficiencies in management of the program. Using continuous monitoring and management, the platform enables greater control of cybersecurity risks by effectively managing the processes associated with obtaining, identifying, processing and aggregating key information. Significant elements of the project focused upon prioritizing the review of critical security alerts, automating governance processes, eliminating redundant silos, and streamlining compliance and management reporting. Join our discussion to learn how the Georgia Department of Revenue Office of Information Security shifted their security paradigm from traditional paper based assessment outputs to a dynamic, actionable cybersecurity program.

Building a Security Program in the Era of Digital Transformation

3:30-4:15 pm

Bob Varnadoe

Bob Varnadoe
Chief Information Security Officer
NCR
ISE® Southeast Executive Award Finalist 2018
Biography

Building and maturing an information security program requires a lot of work. This effort becomes even greater when the focus of the business changes as well. Join our discussion on the approach to developing a program from inception to maturity along with some specific strategies for managing change and addressing the evolving scale of a digital first business.

Additional Sessions in Development!

ISE® NORTH AMERICA PRIVATE WELCOME DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program

November 12, 2019
5:30pm - 8:30pm
Eddie V’s Prime Seafood
521 N Rush Street
Chicago, IL 60611
Registration
Kevin Gowen

Kevin Gowen
Chief Information Security Officer
Synovus
ISE® Southeast Executive Award Finalist 2019
Biography

Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.

ISE® North America Leadership Summit and Awards 2019

The ISE® North America Leadership Summit and Awards 2019 will be held November 13-14, 2019 at the InterContinental Chicago Magnificent Mile in Chicago, IL. The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details

ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience

November 21, 2019
5:30pm - 8:30pm
Morton’s The Steakhouse
2222 McKinney Ave Suite 200
Dallas, TX 75201
Registration

In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.

ISE® PRIVATE DINNER
From the Inside Out: The Risk Departing Employees Present to Your Data

December 3, 2019
5:30pm - 8:30pm
Fleming's Prime Steakhouse & Wine Bar
4501 Olde Perimeter Way
Atlanta, GA 30346
Registration

Last year, 40 million people changed jobs and 60% of them admitted to taking data when they left. This is deeply concerning when you also consider that 90% of insider threats go undetected for months. Many enterprises are unable to quickly detect the loss, leak and misuse of data from insider threats and departing employees. By the time organizations find out, the damage is already done. Part of the problem lies in the reliance on legacy data loss prevention solutions to catch data before it leaves an organization. These legacy solutions only look at classified data with policies, leaving security teams with limited visibility. Join our conversation as we discuss the security and business need for real time detection and response aimed at a growing insider threat: departing employees.

ISE® PRIVATE DINNER
Stop Buying Security Products: Fix Your Security Posture Using What You Have

December 4, 2019
5:30pm - 8:30pm
Lattanzi
361 W 46th St.
New York, NY 10036
Registration
Robert Bigman

Robert Bigman
Former Chief Information Security Officer
Central Intelligence Agency
Biography

Is your organization protected against every known attack, including the vulnerabilities announced yesterday? Zero-day attacks garner plenty of attention, but the truth is 99% of all cyberattacks occur due to hackers exploiting existing or known vulnerabilities. You likely already have cybersecurity products that could protect you, but chances are they have not been configured correctly to your enterprise’s specific risk profile. For instance, Gartner estimates that 95% of firewall breaches are caused by simple firewall misconfigurations, yet 97% of breaches are still happening to companies that have already deployed the right controls. Breaches are arising more often because complexity is your enemy. If your security team is managing too many solutions—some of which might not be optimal for your current enterprise security requirements—then a simple misconfiguration or drift is all an attacker needs to exploit within your security stack to gain entrance. You do not need another security product. You just need to use what you have, better. Join our conversation as we discuss how to continually and safely test every part of your security infrastructure for gaps as well as how to fix those gaps to protect the business.

ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience

December 10, 2019
5:30pm - 8:30pm
Gibson’s Bar & Steakhouse
5464 North River Road
Rosemont, IL 60018
Registration

In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.

ISE® PRIVATE DINNER
From the Inside Out: The Risk Departing Employees Present to Your Data

December 11, 2019
5:30pm - 8:30pm
Bourbon Steak
237 S Brand Blvd
Glendale, CA 91204
Registration

Last year, 40 million people changed jobs and 60% of them admitted to taking data when they left. This is deeply concerning when you also consider that 90% of insider threats go undetected for months. Many enterprises are unable to quickly detect the loss, leak and misuse of data from insider threats and departing employees. By the time organizations find out, the damage is already done. Part of the problem lies in the reliance on legacy data loss prevention solutions to catch data before it leaves an organization. These legacy solutions only look at classified data with policies, leaving security teams with limited visibility. Join our conversation as we discuss the security and business need for real time detection and response aimed at a growing insider threat: departing employees.