ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
Del Frisco’s Double Eagle Steakhouse
1426-1428 Chestnut St.
Philadelphia, PA 19102
ISE® Guest Host:
Anahi Santiago
Chief Information Security Officer
Christiana Care Corporation
Biography
Katherine Fithen
Director, Governance
McKesson
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® PRIVATE DINNER
Maximizing Your Existing Security Investments
Adam Maslow
Senior Director, Information Security
Raising Cane’s
Biography
Even with all the security tools and software currently available, cyberattacks are still succeeding against enterprises despite their dramatically improved defenses. Unfortunately, there is no one tool that can guarantee 100% protection, which means enterprises must layer their defenses using the tools and teams they currently have available. Despite this necessity, however, many organizations struggle to harness their investments to their full potential, citing either a lack of knowledge on how to properly configure software or a lack of personnel who can capably utilize investments to meet business objectives. To change this narrative, security executives will need to look past alerts and begin to measure security investments by the value they bring to both team and business. Join our conversation as we discuss lessons learned on optimizing your existing tools, understanding the evolving attack surface, and making the most of your existing team by tracking metrics that matter.
ISE® PRIVATE DINNER
Security 2025: What Does the Future of Security Look Like?
5:30pm - 8:30pm
The Capital Grille- Dunwoody
94 Perimeter Center West
Dunwoody, GA 30346
ISE® Guest Host:
Stacy Hughes
SVP, Chief Information Security Officer
ABM
Biography
James Robinson
Deputy CISO
Netskope
For the last 20 years we have reactively implemented monolithic security solutions by stacking legacy products on top of each other. This non-integrated approach has forced our organizations to confront significant complexity, resource drag and lack of effectiveness. As a community, it’s time to unite and define the new North Star of where security is headed. How do we challenge ourselves to a new way of thinking? What do we want our organizations to look like? How do we shift ourselves into a position where we can capably manage fast-paced challenges? Security 2025 is a research project focused on building a new and sustainable security blueprint. By coming together as security leaders, we can use our real-world experiences and knowledge to redesign and rebuild the engine of security. Join us for an evening of conversation as we discuss our unified approach in creating a cohesive and effective operating model that the industry can utilize for years to come.
ISE® PRIVATE DINNER
Security Perspectives – Technology
Avram Kornberg
Security and Technology Executive & Founder
Stratecution Consulting, LLC.
Biography
Many modern enterprises are encumbered with an IT architecture that has evolved organically over time. The realities of competing priorities, limited staffing, and budget constraints often mean that systems and strategies remain in place for far longer than originally intended. This can result in a significant burden of cost and complexity and can compromise a business’s agility. Further complicating the issue is the fact that many security teams are constantly being asked to do more with less. When it comes time to choose between rolling out new business services and updating legacy technology, new services almost always win out. But the long-term impacts of these decisions add up over time. Maintenance creates a tax on IT and security. Join our conversation as we discuss how your security team can approach creating a more modern security architecture while dealing with the challenges of legacy technology.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
5:30pm - 8:30pm
555 East American Steakhouse
555 East Ocean Boulevard
Long Beach, CA 90802
Anne Kuhns
Retired CISO & Vice President of Information Security
The Walt Disney Company
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
The Capital Grille
Tyson’s Corner Center
1861 International Dr.
McLean, VA 22102
Secureworks Executive Speakers:
Katherine Fithen
Director, Governance
McKesson
Biography
Loren Morgan
CISO
Owens & Minor
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® North America Leadership Summit and Awards 2018
The ISE® North America Leadership Summit and Awards 2018 was held November 8-9, 2018 at Summit Centre and Hyatt Regency Chicago, in Chicago, IL. The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® NORTH AMERICA PRIVATE WELCOME DINNER
Improving Visibility for Effective Threat Detection and Response
Ricardo Lafosse
CISO
Morningstar, Inc.
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
Security Perspectives – Technology
Avram Kornberg
Security and Technology Executive & Founder
Stratecution Consulting, LLC.
Biography
Many modern enterprises are encumbered with an IT architecture that has evolved organically over time. The realities of competing priorities, limited staffing, and budget constraints often mean that systems and strategies remain in place for far longer than originally intended. This can result in a significant burden of cost and complexity and can compromise a business’s agility. Further complicating the issue is the fact that many security teams are constantly being asked to do more with less. When it comes time to choose between rolling out new business services and updating legacy technology, new services almost always win out. But the long-term impacts of these decisions add up over time. Maintenance creates a tax on IT and security. Join our conversation as we discuss how your security team can approach creating a more modern security architecture while dealing with the challenges of legacy technology.
ISE® PRIVATE DINNER
Protecting IT Ecosystems Within an All Encrypted Internet
5:30pm - 8:30pm
Fleming’s Prime Steakhouse
4501 Olde Perimeter Way
Atlanta, GA 30346
Randy Conner
Director, Threat Prevention, Detection and Response
NCR Corporation
“HTTPS Everywhere” is changing the way that companies and users engage with websites. HTTPS connections use SSL/TLS technology primarily to secure data and to authenticate servers, which protects communications. An internet that achieves 100-percent encryption is a positive step, but what are the repercussions of having this type of security in an IT ecosystem? Join our conversation as we discuss the pros and cons of having an all-encrypted internet and the fundamental shifts to the way IT professionals and customers will maintain security.
ISE® PRIVATE DINNER
Security 2025: What Does the Future of Security Look Like?
Netskope Executive Speakers:
Sean Cordero
VP of Cloud Strategy
Netskope
Biography
Vladimir Klasnja
Director, Cloud Architecture Services
Netskope
Dave Estlick
CISO
Chipotle Mexican Grill
For the last 20 years we have reactively implemented monolithic security solutions by stacking legacy products on top of each other. This non-integrated approach has forced our organizations to confront significant complexity, resource drag and lack of effectiveness. As a community, it’s time to unite and define the new North Star of where security is headed. How do we challenge ourselves to a new way of thinking? What do we want our organizations to look like? How do we shift ourselves into a position where we can capably manage fast-paced challenges? Security 2025 is a research project focused on building a new and sustainable security blueprint. By coming together as security leaders, we can use our real-world experiences and knowledge to redesign and rebuild the engine of security. Join us for an evening of conversation as we discuss our unified approach in creating a cohesive and effective operating model that the industry can utilize for years to come.
Secureworks Access18 Conference
Panel: Building a Successful Security Team
3:45pm - 4:45pm
Loews Hotel
1065 Peachtree St NE
Atlanta, GA 30309
More Information
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Linda Marcone
Senior Director, Information Security
Serta Simmons Bedding Company
Biography
Terry McGraw
Vice President, Global Cyber Threat Research and Analysis
Secureworks
Biography
Kathy Memenza
CISO
Hilton
Loren Morgan
CISO
Owens & Minor
Biography
Kevin Morrison
Vice President, IT & CISO
Rollins, Inc.
Biography
As the threat landscape continuously evolves and security solutions multiply, CISOs face serious challenges in obtaining, growing, and retaining a security team that can keep pace with the organization’s needs. The skills gap especially is a universal issue across organizations of all sizes, so much so that IDC reports that 30 percent of security spending will be on vendors that provide an integrated platform approach to security, including the use of Managed Security Service Providers (MSSPs), by 2020. CISOs can prepare for this shift by thoroughly evaluating an MSSP to ensure it meets their organization’s security requirements. Once CISOs have found the right MSSP, they can integrate it with their current security strategy so it adds value, rather than complexity, to their processes. As for internal security team members, CISOs have a responsibility to utilize and nurture their skills to their fullest potential. If CISOs can provide training initiatives that are relevant to the team’s unique challenges and utilize an MSSP to tackle responsibilities their team doesn’t have time for, they can ultimately improve employee retention and scalability. By utilizing a shared responsibility model that focuses on people, processes, technology, and strategy, CISOs can build security teams so that they are stronger and more prepared for the future than ever before.
ISE® PRIVATE DINNER
Security 2025: What Does the Future of Security Look Like?
Netskope Executive Speakers:
Sean Cordero
VP of Cloud Strategy
Netskope
Biography
Vladimir Klasnja
Director, Cloud Architecture Services
Netskope
ISE® VIP Host:
Terrie Jennings
Information Security Officer
Willis Towers Watson & Co.
Biography
For the last 20 years we have reactively implemented monolithic security solutions by stacking legacy products on top of each other. This non-integrated approach has forced our organizations to confront significant complexity, resource drag and lack of effectiveness. As a community, it’s time to unite and define the new North Star of where security is headed. How do we challenge ourselves to a new way of thinking? What do we want our organizations to look like? How do we shift ourselves into a position where we can capably manage fast-paced challenges? Security 2025 is a research project focused on building a new and sustainable security blueprint. By coming together as security leaders, we can use our real-world experiences and knowledge to redesign and rebuild the engine of security. Join us for an evening of conversation as we discuss our unified approach in creating a cohesive and effective operating model that the industry can utilize for years to come.
ISSA International Conference 2018
The Future of the CISO: Championing Security, Driving Business and Promoting Diversity
9:40 am - 11:10 am
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313
More Information
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Tamika Bass
CISO
Georgia Department of Revenue
Biography
Mary Ann Davidson
CSO
Oracle Corporation
Biography
Michelle Stewart
Chief Information Security Officer
Safe-Guard Products
Vladimir Svidesskis
Information Security Director
Georgia Lottery Corporation
The role of the Chief Information Security Officer has evolved significantly over the last decade. According to the 2017 State of Cyber Security study, the percentage of organizations with a CISO increased from 50% to 65% between 2016 and 2017. The need for highly skilled and dedicated information security leaders has become a crucial necessity. Despite this, minority representation in cybersecurity continues to lag behind at 26%, with only 23% of that amount holding a role of director or above, according to (ISC)²’s 2018 report, “Innovation Through Inclusion: The Multicultural Cybersecurity Workforce.” As the roles and functions expected of a CISO continue to change to encompass not only championing security but also driving and enabling business, does that also leave room for promoting diversity in leadership roles throughout the tech industry? Join our panel as we look at the evolving role of the CISO and discuss what the future of security, business and diversity holds for this increasingly critical role.
ISE® PRIVATE DINNER
How Do You Keep Your Security Nerds Happy?
Sonja Hammond
Chief Information Security Officer & Privacy Officer
Essilor of America, Inc.
Biography
One of the biggest line items on any security budget is people. While finding them is hard, keeping them can be even harder. What motivates security pros and entry-level analysts? How do you keep them from getting frustrated to the point of leaving? How can you recruit people that match the mission and culture in your security organization? Making sure your analysts have the tools they need and the ability to collaborate and learn from one another can go a long way towards keeping them happy. But that’s often easier said than done.
Join us for an evening of conversation as we discuss best practices for getting, growing and graduating security talent in your organization.
ISE® Private Dinner during the Gartner Symposium/ITxpo 2018
Taking Security to Heart: Developing a Security-Centric Culture
7:30pm - 10:00pm
Cocktail Hour
Sir Harry’s Lounge
Waldorf Astoria Orlando
14200 Bonnet Creek Resort Ln f.
Orlando, FL 32821
Dinner
Bull and Bear
Waldorf Astoria Orlando
14200 Bonnet Creek Resort Ln a.
Orlando, FL 32821
Tellis Williams
CISO
AXA Partners
It's no longer about if a security breach will happen, but when and how hard your data will be hit. One data breach can cost an organization millions. And often, security issues are the root cause of project delays or cancellations. That's why it's vitally important to instill a security-first mindset across an organization. Everyone — from board members to office staff — must adopt this mindset and develop the skills required to safeguard against, prepare for, detect, and recover from potential breaches. Join our conversation as we discuss how to build a proactive, security-centric culture that unifies security and development teams and promotes shared responsibility across an organization.
The ISE® Lions' Den & Jungle Lounge
October 11, 2018
Atlanta Tech Village | Atlanta, GA
Details
This October as part of Atlanta Cyber Week, TEN of security’s hottest emerging security companies have the courage to enter… The 2018 ISE® Lions' Den. The ISE® Lions represent the brightest minds in security and they are hungry for the next great emerging technology solutions. Each Gazelle will deliver their best pitch for the chance to earn $25,000 worth of prizes. Additionally, the Jungle Lounge will offer the opportunity to learn more about these emerging companies and a chance to network with a diverse group of Imformation Security Executives, investors, and other key members of the InfoSec community.
Cybercon 2018
Secure Together: Cybersecurity as a Business Enabler and Driver
Each new breach and its financial consequences place cybersecurity at the forefront of board level and c-suite discussions. The growing senior management concern presents an opportunity for information security professionals to position information security as a business enabler and driver. Cybercon brings together the cybersecurity community to speak with a unified voice. Cybersecurity professionals play a key role in enabling the security of the enterprise while driving business forward. Cybercon creates the context for our community to exchange ideas, successes, and best practices, to enable organizations to navigate innovation and drive ahead in the global marketplace.
ISE® Northeast Executive Forum and Awards 2018
The ISE® Northeast Executive Forum and Awards 2018 was held on October 3, 2018 at the Westin Times Square in New York City. The ISE® Northeast Awards are held in conjunction with a one day Executive Forum which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® NORTHEAST PRIVATE WELCOME DINNER
How Do You Keep Your Security Nerds Happy?
Bala Rajagopalan
Head of Information Security
BlueMountain Capital Management
One of the biggest line items on any security budget is people. While finding them is hard, keeping them can be even harder. What motivates security pros and entry-level analysts? How do you keep them from getting frustrated to the point of leaving? How can you recruit people that match the mission and culture in your security organization? Making sure your analysts have the tools they need and the ability to collaborate and learn from one another can go a long way towards keeping them happy. But that’s often easier said than done.
Join us for an evening of conversation as we discuss best practices for getting, growing and graduating security talent in your organization.
ISE® PRIVATE DINNER
Security Perspectives – Technology
Avram Kornberg
Security and Technology Executive & Founder
Stratecution Consulting, LLC.
Biography
Many modern enterprises are encumbered with an IT architecture that has evolved organically over time. The realities of competing priorities, limited staffing, and budget constraints often mean that systems and strategies remain in place for far longer than originally intended. This can result in a significant burden of cost and complexity and can compromise a business’s agility. Further complicating the issue is the fact that many security teams are constantly being asked to do more with less. When it comes time to choose between rolling out new business services and updating legacy technology, new services almost always win out. But the long-term impacts of these decisions add up over time. Maintenance creates a tax on IT and security. Join our conversation as we discuss how your security team can approach creating a more modern security architecture while dealing with the challenges of legacy technology.
ISE® PRIVATE DINNER
Protecting IT Ecosystems Within an All Encrypted Internet
Janet Ge
Head of Cyber Security Operations
GE Digital
“HTTPS Everywhere” is changing the way that companies and users engage with websites. HTTPS connections use SSL/TLS technology primarily to secure data and to authenticate servers, which protects communications. An internet that achieves 100-percent encryption is a positive step, but what are the repercussions of having this type of security in an IT ecosystem? Join our conversation as we discuss the pros and cons of having an all-encrypted internet and the fundamental shifts to the way IT professionals and customers will maintain security.
ICMCP National Conference 2018
Inspiring the Next Generation of Cybersecurity Professionals
1:45pm - 2:30pm
Westin Buckhead Hotel
3391 Peachtree Road NE
Atlanta, GA 30326
More information
Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography
It is important for young professionals to know they can have successful and impactful careers in the tech sector. However, to get more young minds interested in choosing careers in technology, the narrative needs to change to show that women and minorities have a future in the industry. Join Marci McCarthy as she discusses the importance of nurturing and growing the next generation of professionals in technology through mentorship opportunities, STEAM programs and other education opportunities.
ISE® PRIVATE DINNER
The Blind Leading the Blind: Why Integrated IT/OT Security Programs Fail
5:30pm - 8:30pm
The Palm
The Westin Buckhead
3391 Peachtree Road NE
Atlanta, GA 30326
Phyllis Woodruff
Vice President, Enterprise Cyber Security Programs
Fiserv
Biography
Critical infrastructure industries are experiencing a blending of IT and OT systems as they become more and more interconnected. While IT/OT system integration improves productivity, allows for data comparisons across pipelines and improves pre-emptive maintenance, it also creates risk. Where actors once had to physically breach the premises to transmit viruses or malware, they now have a much larger attack surface, potentially gaining access to sensitive data or dangerous control over OT machines via backdoors, botnets or social engineering. Before enterprises can combat cyber threats, each must first overcome their company’s unique challenges, such as compliance, employee and customer safety, potential financial losses, and public opinion. Join our conversation as we discuss the challenges security leaders face when presented with decentralized IT/OT environments and share best practices to build an Integrated IT/OT cybersecurity program that monitors for emerging threats.
ISE® PRIVATE DINNER
How Do You Keep Your Security Nerds Happy?
Mike Hughes
Director, Information Security
Starbucks Coffee Company
One of the biggest line items on any security budget is people. While finding them is hard, keeping them can be even harder. What motivates security pros and entry-level analysts? How do you keep them from getting frustrated to the point of leaving? How can you recruit people that match the mission and culture in your security organization? Making sure your analysts have the tools they need and the ability to collaborate and learn from one another can go a long way towards keeping them happy. But that’s often easier said than done.
Join us for an evening of conversation as we discuss best practices for getting, growing and graduating security talent in your organization.
TechBridge & Goodwill of North Georgia’s Technology Career Program
Leveraging LinkedIn to Jumpstart & Fast-Track Your Tech Career
5:30pm - 7:00pm
TechBridge Inc
100 Peachtree St. NW, Suite 2090
Atlanta, GA 30303
More information
Instructors
Marva Bailer
Director of Global Field Success Leadership and Executive Engagement
Splunk
Biography
Marci McCarthy
CEO and President
T.E.N.
Biography
To be successful in any business, you need to have a distinct personal brand that allows you to stand out from the crowd. This means articulating a clear and concise statement of who you are and acting on that branding consistently. Personal branding has become a necessity for security and technology professionals. Career opportunities in InfoSec have become more dynamic than ever before. Security executives are now seeing more interest from their boards and a strong cybersecurity program is now a necessity instead of a luxury. Moreover, with the industry now facing a significant skills shortage, the ability to make a positive impact and first impression can give those looking to break into or move up in the world of Information Security a strong advantage. Join our panel as they discuss the value of creating a strong personal brand through social media building, power networking, and opportunities to continue improving your skills and talents as an Information Security professional.
Women in Security
Empowering Cybersecurity Leadership with Emotional Intelligence
3:30pm - 4:45pm
One Alliance Center/SAP America
3500 Lenox Rd
GT12
Atlanta, GA 30326
Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography
Research has clearly shown that a person can have the best training in the world, a sharp, analytical mind and an endless supply of good ideas, but these alone will not make them a great leader. While these factors are all important, to be an effective leader, one must also possess a high degree of Emotional Intelligence (EI). This is especially true for information and cybersecurity professionals. Harnessing Emotional Intelligence ensures effective communication between InfoSec executives and their security teams as well as communication between security executives, stakeholders, teammates, lines of business leaders, customers, and board members. Strong working relationships and interpersonal skills are the keys to success in every area of human activity, especially for a cybersecurity professional looking to enhance their leadership skills and bring out the best in their teams. Join Marci McCarthy as she discusses how you can best utilize Emotional Intelligence to get ahead, learn how to be authentic to yourself, how to shape your conversations as a thought leader, and how to improve confidence and professionalism.
Women in Security
Building Your Personal Cybersecurity Brand & Gaining Visibility
4:45pm - 5:30pm
One Alliance Center/SAP America
3500 Lenox Rd
GT12
Atlanta, GA 30326
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Marva Bailer
Director of Global Field Success Leadership and Executive Engagement
Splunk
Biography
Anne Marie Colombo
President
Metro Atlanta ISSA Chapter
Nicole Keaton Hart
Site Director & Group Product Manager, Security Product
Microsoft
Biography
Stacy Hughes
SVP, Chief Information Security Officer
ABM
Biography
Marian Reed
Head of IT Security
Serta Simmons Bedding
To be successful in any business, you need to have a distinct personal brand that allows you to stand out from the crowd. This means articulating a clear and concise statement of who you are and acting on that branding consistently. Personal branding has become a necessity for security and technology professionals. Career opportunities in InfoSec have become more dynamic than ever before. Security executives are now seeing more interest from their boards and a strong cybersecurity program is now a necessity instead of a luxury. Moreover, with the industry now facing a significant skills shortage, the ability to make a positive impact and first impression can give those looking to break into or move up in the world of Information Security a strong advantage. Join our panel as they discuss the value of creating a strong personal brand through social media building, power networking, and opportunities to continue improving your skills and talents as an Information Security professional.
InfoSec Nashville Conference 2018
Building a Successful Security Team from the Inside Out
11:00am - 12:00pm
The Music City Center
201 5th Avenue South
Nashville, TN 37203
More Information
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Scott Breece
VP of Security & CISO
Community Health Systems
ISE® North America Health Care Executive Award Finalist 2012
Biography
Elliott Franklin
Director of IT Governance & Security
Loews Hotels
Joey Johnson
CISO
Premise Health
ISE® Southeast Executive of the Year Award Winner 2017
ISE® North America Executive: Health Care Award Finalist 2017
Biography
Behind every CISO is a team of highly qualified and hardworking security professionals. From SOC team analysts, to security engineers, to DevOps teams, and more, each of these individuals comes together under the guidance of the CISO to form the heart and soul of an organization¹s security team. But how do CISOs go about building their teams? What are the key factors they consider when constructing a top tier team of security professionals and how do they continue improving the quality of life and job satisfaction for existing team members? Join Marci McCarthy and our panel of highly respected CISOs as they discuss how they have built their own security teams, as well as how they have continued to improve them through external and internal recognition.
ISE® PRIVATE DINNER
New Dawn for Data Loss Prevention
Bob Davis
Chief Information Security Officer
eviCore Healthcare
Almost every company manages data that has value, whether it is personal health information, financial data or corporate intellectual property. The demand for data protection continues to grow, as does the variety of threats challenging your security team. Protecting that sensitive data is an ongoing challenge, and a security solution that is limited to protecting data from well-meaning or malicious insiders is no longer sufficient. Hackers are better funded than ever before and attacks are more varied. Defending against these attackers relies on more than purchasing technologies. Successful defenses require a combination of the right technologies, people and processes. Join our conversation as we discuss the advantages of implementing a DLP solution to secure sensitive and confidential information and how to implement consistent policies across the enterprise.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
Dave Snyder
Chief Security Officer
Independence Blue Cross (BCBS)
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
Security 2025: What Does the Future of Security Look Like?
Netskope Executive Speakers:
Jason Clark
Chief Strategy & Marketing Officer
Netskope
Biography
Lamont Orange
Chief Information Security Officer
Netskope
Biography
ISE® VIP Host:
Garrett Smiley
VP, Information Security, Chief Information Security Officer
Serco
Biography
For the last 20 years we have reactively implemented monolithic security solutions by stacking legacy products on top of each other. This non-integrated approach has forced our organizations to confront significant complexity, resource drag and lack of effectiveness. As a community, it’s time to unite and define the new North Star of where security is headed. How do we challenge ourselves to a new way of thinking? What do we want our organizations to look like? How do we shift ourselves into a position where we can capably manage fast-paced challenges? Security 2025 is a research project focused on building a new and sustainable security blueprint. By coming together as security leaders, we can use our real-world experiences and knowledge to redesign and rebuild the engine of security. Join us for an evening of conversation as we discuss our unified approach in creating a cohesive and effective operating model that the industry can utilize for years to come.
ISE® PRIVATE DINNER
New Dawn for Data Loss Prevention
Jim Hartley
Director, Global Security Services
Alight Solutions
Almost every company manages data that has value, whether it is personal health information, financial data or corporate intellectual property. The demand for data protection continues to grow, as does the variety of threats challenging your security team. Protecting that sensitive data is an ongoing challenge, and a security solution that is limited to protecting data from well-meaning or malicious insiders is no longer sufficient. Hackers are better funded than ever before and attacks are more varied. Defending against these attackers relies on more than purchasing technologies. Successful defenses require a combination of the right technologies, people and processes. Join our conversation as we discuss the advantages of implementing a DLP solution to secure sensitive and confidential information and how to implement consistent policies across the enterprise.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
5:30pm - 8:30pm
Fleming’s Prime Steakhouse
4501 Olde Perimeter Way
Atlanta, GA 30346
Brad Sanford
Chief Information Security Officer
Emory University
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
The Blind Leading the Blind: Why Integrated IT/OT Security Programs Fail
Chris Ray
Chief Information Security Officer
TriNet
Critical infrastructure industries are experiencing a blending of IT and OT systems as they become more and more interconnected. While IT/OT system integration improves productivity, allows for data comparisons across pipelines and improves pre-emptive maintenance, it also creates risk. Where actors once had to physically breach the premises to transmit viruses or malware, they now have a much larger attack surface, potentially gaining access to sensitive data or dangerous control over OT machines via backdoors, botnets or social engineering. Before enterprises can combat cyber threats like VSAT hacking, navigational system spoofing, and POS system data exfiltration, each must first overcome their company’s unique challenges, such as compliance, employee and customer safety, potential financial losses, and public opinion. Join our conversation as we discuss the challenges security leaders face when presented with decentralized IT/OT environments and share best practices to build an Integrated IT/OT cybersecurity program that monitors for emerging threats.
ISE® West Executive Forum and Awards 2018
The ISE® West Executive Forum and Awards 2018 was on August 16, 2018 at the Westin St. Francis in San Francisco, CA. The ISE® West Awards are held in conjunction with a one day Executive Forum which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® WEST PRIVATE WELCOME DINNER
Answering the "Are We Okay?" Question: Simplifying for Certainty About Advanced Threats
5:30pm - 8:30pm
Harris’ The San Francisco Steakhouse
2100 Van Ness Avenue
San Francisco, CA 94109
Chuck Markarian
Chief Information Security Officer
PACCAR
Biography
With every new breach, board members and leadership teams want to know if their business is protected and ask information security leaders the ever-familiar question - “Are we ok?”. Definitive answers are difficult to provide. Enterprises have implemented endpoint security programs that are complex, unable to keep up with the pace at which attackers are developing never-before-seen techniques. The threats vs. protections arms race has resulted in multiple niche products on endpoints, making the endpoint environment complex, and exposure difficult to assess. It is crucial for enterprise security leaders and their teams to implement an endpoint strategy that addresses the scope of these new attack techniques and tactics while reducing the complexity and increasing the performance of the endpoint environment.
Join our conversation as we discuss how enterprise security leaders can get to certainty with an endpoint security program that stops never-before-seen attacker techniques while reducing complexity and cost.
ISE® VIP RECEPTION
New Dawn for Data Loss Prevention
7:00pm - 10:00pm
1923 Bourbon Bar
Mandalay Bay
3930 South Las Vegas Blvd.
Las Vegas, NV 89119
More Information
As more and more organizations move data to the cloud, they must consider a variety of new risks along the way. Organizations that do not implement a cloud DLP solution essentially leave cloud data protection up to their cloud storage providers. Problems can arise, however, when those providers fail to take security measures commensurate with the organizations’ data protection requirements. Join our conversation as we discuss the advantages of implementing a DLP solution to secure sensitive and confidential information in the cloud and how to implement consistent policies across the enterprise.
ISE® VIP PROGRAM - THE SUPERCAR DRIVING EXPERIENCE
Application Security, Go Faster
5:30pm - 8:30pm
Las Vegas Motor Speedway
Exotics Racing Racetrack
7065 Speedway Blvd
Las Vegas, NV 89115
More Information
The confusion over today’s AppSec requisites isn’t surprising, given the way that software engineering has evolved over the decades. In many firms, outdated approaches are still being applied to newer development models, or archaic mindsets are rejecting the realities of today’s operating environments. As a result, even dedicated security teams can be challenged by the process of integrating AppSec throughout their software processes. However, AppSec isn’t something you can develop and turn on, then walk away. Much like a car, it requires continual maintenance and updates if it is to run effectively and not crash and burn. Join our conversation as we discuss the best practices needed to create a top tier application security program in your organization that put you ahead of the pack.
Transportation will be provided to Las Vegas Motor Speedway from the Mandalay Bay Hotel starting at 4:30 p.m. Please meet at the Mandalay Bay Tour Bus Lobby and shuttle bus service will be provided to the event. The last shuttle bus will leave Mandalay Bay at 5:20 p.m.
ISE® PRIVATE DINNER
Re-Centering Your Cloud Security with Visibility and Automation
5:30pm - 8:30pm
Bouchon- The Venetian
3355 S Las Vegas Blvd
Las Vegas, NV 89109
More Information
Gary Warzala
Chief Information Security Officer
Fifth Third Bank
Biography
We live in a world inundated with security breaches. Obtaining visibility into all of your organization’s public cloud IaaS environments, including an inventory of what resources are in use, the configurations and associations between those resources, and misconfigurations that create risk is essential. At the same time, there is a serious industry talent shortage that only seems to grow wider as breaches and malware continue to proliferate. It’s critical now to be able to automatically prioritize the thousands of weaknesses that are being flagged for security engineers to handle. While there simply isn’t enough time in the day to tackle everything, there is time to find the most important weaknesses. Join our conversation as we discuss how effective implementation of automation and orchestration techniques can help organizations maintain a complete and up-to-date inventory of their public cloud assets in use, across multiple environments and services, and across the enterprise.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
Carla Donev
Chief Information Security Officer
NiSource, Inc.
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
Ross Wells
Information Security Officer
BP Americas
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
How Do You Keep Your Security Nerds Happy?
Amanda Fennell
Chief Security Officer
Relativity
Biography
One of the biggest line items on any security budget is people. While finding them is hard, keeping them can be even harder. What motivates security pros and entry-level analysts? How do you keep them from getting frustrated to the point of leaving? How can you recruit people that match the mission and culture in your security organization? Making sure your analysts have the tools they need and the ability to collaborate and learn from one another can go a long way towards keeping them happy. But that’s often easier said than done.
Join us for an evening of conversation as we discuss best practices for getting, growing and graduating security talent in your organization.
ISE® PRIVATE DINNER
How Do You Keep Your Security Nerds Happy?
Renee Guttmann-Stark
Chief Information Security Officer
Campbell’s Soup Company
One of the biggest line items on any security budget is people. While finding them is hard, keeping them can be even harder. What motivates security pros and entry-level analysts? How do you keep them from getting frustrated to the point of leaving? How can you recruit people that match the mission and culture in your security organization? Making sure your analysts have the tools they need and the ability to collaborate and learn from one another can go a long way towards keeping them happy. But that’s often easier said than done.
Join us for an evening of conversation as we discuss best practices for getting, growing and graduating security talent in your organization.
ISE® PRIVATE DINNER
Modern Analytics for Modern Apps
Ramin Lamei
Sr. Director, Information Security Officer
Global Payments, Inc.
The modern data stack is a complex web of cloud platform services, open-source platforms, containerization management tools, and myriad other technologies and solutions. Traditionally, these have been monitored as separate focus areas, with teams operating independently and observing distinctions between the roles and functions of each. However, in today’s continuous delivery environment, these silos slow down delivery and can create bottlenecks when troubleshooting. However, advances in machine learning and AI analytics allow teams to parse and organize these large volumes of data more efficiently and better prioritize security needs. In order to create a more modern and manageable stack, companies need to break down the barriers between engineering, operations, and security teams as well as embrace the security advantages of machine learning and AI analytics. Join our conversation as we discuss how your organization can improve your approach to analytics by breaking down silos, moving from reactive to proactive management, and using machine learning to improve overall visibility and efficiency across your security stack.
ISE® PRIVATE DINNER
Security Perspectives – Cybersecurity Management & Oversight
Avram Kornberg
Security and Technology Executive & Founder
Stratecution Consulting, LLC.
Biography
GDPR leadership must start from the top. Directors and board level positions must move from being observers to being the leaders of cybersecurity best practices. GDPR can impact any enterprise, with breaches potentially resulting in substantial penalties. Boards should start by asking questions about their organization’s level of readiness for GDPR and consider allocating resources to ensure the company is compliant. Join our conversation as we discuss how CISOs and their security teams can help get their boards and broader organization more involved when it comes to GDPR preparedness and help them understand their role when it comes to your organization’s cybersecurity best practices.
ISE® PRIVATE DINNER
How Do You Keep Your Security Nerds Happy?
5:30pm - 8:30pm
Bourbon Steak
The Americana at Brand
237 S Brand Blvd
Glendale, CA 91210
Chris Hymes
Director of Information Security,
Information Technology and Data Protection Officer
Riot Games
Biography
One of the biggest line items on any security budget is people. While finding them is hard, keeping them can be even harder. What motivates security pros and entry-level analysts? How do you keep them from getting frustrated to the point of leaving? How can you recruit people that match the mission and culture in your security organization? Making sure your analysts have the tools they need and the ability to collaborate and learn from one another can go a long way towards keeping them happy. But that’s often easier said than done.
Join us for an evening of conversation as we discuss best practices for getting, growing and graduating security talent in your organization.
2nd Annual NTSC National CISO Policy Conference
Cyber Threat Intelligence Panel
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Pete Chronis
SVP, Chief Information Security Officer
WarnerMedia
Andrea Roddy
Chief, Security Engineering Services
NSA
Tonya Ugoretz
Director of the Cyber Threat Intelligence Integration Center
ODNI
Speaking earlier this year at the Billington INTERNATIONAL Cybersecurity Summit, Jeanette Manfra, DHS Assistant Secretary for Cybersecurity and Communications, said, “Identifying a threat in one area could lead to building defenses against it in all areas, but only if government is fully leveraging information sharing at the scale and speed that the internet enables.”
That’s the vision. But while the federal government and various ISACs have made significant progress with information sharing, the security community is traditionally not very good at sharing and collaborating—even though experience shows that the more we share and collaborate, the stronger we become when dealing with cyber adversaries. Join us as we discuss the barriers to effective information sharing and collaboration, and how the private and public sectors can work together to improve the current state of cyber threat intelligence sharing.
ISE® PRIVATE DINNER
Taking Security to Heart: Developing a Security-Centric Culture
Alex Ciurczak
Chief Solution Engineer,
Global OT Security & Senior Director,
Information Security Risk Management (ISRM)
McKesson Corporation
Biography
It's no longer about if a security breach will happen, but when and how hard your data will be hit. One data breach can cost an organization millions. And often, security issues are the root cause of project delays or cancellations. That's why it's vitally important to instill a security-first mindset across an organization. Everyone — from board members to office staff — must adopt this mindset and develop the skills required to safeguard against, prepare for, detect, and recover from potential breaches. Join our conversation as we discuss how to build a proactive, security-centric culture that unifies security and development teams and promotes shared responsibility across an organization.
ISE® PRIVATE DINNER
Security Perspectives – Cybersecurity Management & Oversight
Avram Kornberg
Security and Technology Executive & Founder
Stratecution Consulting, LLC.
Biography
GDPR leadership must start from the top. Directors and board level positions must move from being observers to being the leaders of cybersecurity best practices. GDPR can impact any enterprise, with breaches potentially resulting in substantial penalties. Boards should start by asking questions about their organization’s level of readiness for GDPR and consider allocating resources to ensure the company is compliant. Join our conversation as we discuss how CISOs and their security teams can help get their boards and broader organization more involved when it comes to GDPR preparedness and help them understand their role when it comes to your organization’s cybersecurity best practices.
ISE® PRIVATE DINNER
Answering the 'Are We Okay?' Question: Simplifying for Certainty About Advanced Threats
Thomas Ratz
Chief Information Security Officer
Dollar General Corporation
Biography
With every new breach, board members and leadership teams want to know if their business is protected and ask information security leaders the ever-familiar question - “Are we ok?”. Definitive answers are difficult to provide. Enterprises have implemented endpoint security programs that are complex, unable to keep up with the pace at which attackers are developing never-before-seen techniques. The threats vs. protections arms race has resulted in multiple niche products on endpoints, making the endpoint environment complex, and exposure difficult to assess. It is crucial for enterprise security leaders and their teams to implement an endpoint strategy that addresses the scope of these new attack techniques and tactics while reducing the complexity and increasing the performance of the endpoint environment.
Join our conversation as we discuss how enterprise security leaders can get to certainty with an endpoint security program that stops never-before-seen attacker techniques while reducing complexity and cost.
ISE® PRIVATE DINNER
How Do You Keep Your Security Nerds Happy?
Marian Reed
Sr. Director, Global ISOC
McKesson
Biography
One of the biggest line items on any security budget is people. While finding them is hard, keeping them can be even harder. What motivates security pros and entry-level analysts? How do you keep them from getting frustrated to the point of leaving? How can you recruit people that match the mission and culture in your security organization? Making sure your analysts have the tools they need and the ability to collaborate and learn from one another can go a long way towards keeping them happy. But that’s often easier said than done.
Join us for an evening of conversation as we discuss best practices for getting, growing and graduating security talent in your organization.
ISE® PRIVATE DINNER
IT and OT Convergence: Technology Enables & Silos Kill
Corey Jackson
VP & Global CISO Cybersecurity Risk and Data Governance
HollyFrontier Corporation
Biography
There is a cyber security challenge facing most companies that technology has not solved. The blind spot between departmental security initiatives that can create seams, which in turn, allows hackers access to corporate data. One example is the traditional relationship between enterprise information technology (IT) and operational technology (OT) teams who operate separately, each with their own set of priorities. While IT focuses on anticipating emerging threats to computer systems, OT typically focuses on the operation of generation or production systems – whereby security can be viewed as secondary. While the impact of a security incident on most IT systems is limited to financial loss, attacks on OT can potentially endanger human life and threaten national security. Both IT and OT face increased risk by third-party vendors, such as contractors working onsite or vendors that have network access, and both teams have information that could help secure the other. There is a growing need for these two teams to communicate, but this can be a challenge due to their differing priorities and operating cultures. Other "organizational silo" examples include IT and physical security where cultural norms keep both sides from sharing security event information. While technology is an enabler that can provide visibility and threat detection, communication between the two teams is key to successfully securing both IT and OT environments. Join our conversation as we discuss the security silos within organizations, the cyber security issues that are bringing the IT and OT together, the challenges that they must overcome, and how visibility and communication, enabled by technology, are the answer to a successful relationship between both teams.
ISE® PRIVATE DINNER
Overcoming the Enterprise Dilemma: How Do I Know Where I Stand?
James Morris
GISO - Citi Global Functions
Citi
Biography
If there is one truth in modern information security and risk management, it’s that what you don’t know can hurt you. The lack of visibility into security gaps caused by poorly integrated or improperly configured security controls, combined with a seemingly limitless stream of new exploits and evasion techniques, put enterprises at risk of being exposed to costly security incidents. What enterprises need are tools that enable them to gain continuous visibility for understanding their security efficacy and posture and the ability to continue to improve upon their existing models and best practices. Join our conversation as we discuss how you can use continuous security validation to gain visibility into the effectiveness of security controls, get insights into the things that matter most, and rationalize security investments within the context of your cyber program.
ISE® PRIVATE DINNER
Overcoming the Enterprise Dilemma: How Do I Know Where I Stand?
Jeff Trudeau
Chief Security Officer
Credit Karma Inc.
Biography
If there is one truth in modern information security and risk management, it’s that what you don’t know can hurt you. The lack of visibility into security gaps caused by poorly integrated or improperly configured security controls, combined with a seemingly limitless stream of new exploits and evasion techniques, put enterprises at risk of being exposed to costly security incidents. What enterprises need are tools that enable them to gain continuous visibility for understanding their security efficacy and posture and the ability to continue to improve upon their existing models and best practices. Join our conversation as we discuss how you can use continuous security validation to gain visibility into the effectiveness of security controls, get insights into the things that matter most, and rationalize security investments within the context of your cyber program.
ISE® PRIVATE DINNER
Answering the 'Are We Okay?' Question: Simplifying for Certainty About Advanced Threats
Aman Raheja
Chief Information Security Officer
BMO Financial Group
Biography
With every new breach, board members and leadership teams want to know if their business is protected and ask information security leaders the ever-familiar question - “Are we ok?”. Definitive answers are difficult to provide. Enterprises have implemented endpoint security programs that are complex, unable to keep up with the pace at which attackers are developing never-before-seen techniques. The threats vs. protections arms race has resulted in multiple niche products on endpoints, making the endpoint environment complex, and exposure difficult to assess. It is crucial for enterprise security leaders and their teams to implement an endpoint strategy that addresses the scope of these new attack techniques and tactics while reducing the complexity and increasing the performance of the endpoint environment.
Join our conversation as we discuss how enterprise security leaders can get to certainty with an endpoint security program that stops never-before-seen attacker techniques while reducing complexity and cost.
ISE® Central Executive Forum and Awards 2018
The ISE® Central Executive Forum and Awards 2018 was held on May 16, 2018 at The Westin Galleria Dallas in Dallas, TX. The ISE® Central Awards are held in conjunction with a one day Executive Forum which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISSA-LA Information Security Summit
Speaker Session: Empower Cyber Security Leadership Through Emotional Intelligence
4:00 - 4:50 p.m.
Universal City Hilton – Club Room
555 Universal Hollywood Dr
Universal City, CA 91608
Marci McCarthy
CEO and President
T.E.N.
Biography
Research clearly shows that a person can have the best training in the world, a sharp, analytical mind and an endless supply of smart ideas, but they still will not make a great leader without a high Emotional Intelligence (EI). This holds especially true for information and cyber security professionals. Harnessing Emotional Intelligence is vital to ensuring effective communication between InfoSec executives and their security teams as well as communication between security executives, stakeholders, teammates, lines of business leaders, customers, and their board of directors. Strong working relationships and interpersonal skills are the keys to success in every area of human activity, especially for a cyber security professional to enhance their leadership skills and bring out the best in their teams. Join Marci McCarthy as she discusses how to best utilize Emotional Intelligence to get ahead, learn how to be authentic to yourself, how to shape your conversations as a thought leader, and how to improve confidence and professionalism.
ISSA-LA Information Security Summit
Panel Discussion: Building Personal Brand & Visibility in Cyber Security
5:00 - 5:50 p.m.
Universal City Hilton – Club Room
555 Universal Hollywood Dr
Universal City, CA 91608
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Debbie Christofferson
Information Security Consultant
Sapphire-Security Services LLC
Biography
Sandra Lambert
CEO
Lambert & Associates, LLC
Biography
Jennifer Sunshine Steffens
CEO
IOActive
Biography
In order to be successful in any business, you need to have a distinct personal brand that allows you to stand out from the crowd. This means articulating a clear and concise statement of who you are, acting on that branding consistently. Personal branding has become a necessity for security and technology professionals. Career opportunities in information security have become more dynamic than ever before. Security executives are now seeing more interest from their boards and a strong cybersecurity program is now a necessity for companies in all industries. Moreover, with the industry now facing a significant skill shortage, the ability to make a positive impact and first impression can give those looking to break into or move up in the world of InfoSec a strong advantage. Join our panel as we discuss the value of creating a strong personal brand through, social media building, power networking, and opportunities to continue improving your skills and talents as an information security professional.
ISE® PRIVATE DINNER
Security Best Practices in a Perimeter-less World: The Zero Trust Approach
5:30pm - 8:30pm
Harris’ The San Francisco Steakhouse
2100 Van Ness Avenue
San Francisco, CA 94109
Kannan Perumal
Chief Information Security Officer
Applied Materials, Inc.
Biography
The perimeter doesn’t exist. It’s gone. Your employees, customers, partners, and vendors need secure access from anywhere on any device. Today, it is almost impossible to secure corporate infrastructure using legacy technologies that have not fundamentally improved for over two decades. Furthermore, organizations continue to face increasingly potent pervasive attacks on cloud-based environments, which more traditional security infrastructure can’t keep up with. Today’s IT reality requires flexible and adaptive security, one centered on a user’s identity instead of the various networks that they consume. In this perimeter-less age of security, how is your organization adapting? Join our conversation as we discuss the best practices and proven strategies for achieving a Zero Trust security model through a software-defined perimeter.
ISE® PRIVATE DINNER
Security Perspectives - The Regulatory Challenge
Avram Kornberg
Security and Technology Executive & Founder
Stratecution Consulting, LLC.
Biography
From GDPR to C5 to Net Neutrality, CISO's have a new normal to contend with. These new standards and regulations include greater regulatory oversight, a deeper focus on compliance, and an expectation that companies have the internal readiness regardless of where they operate. Is your organization prepared for all of these new changes? Join our conversation as we discuss the current state of regulatory challenges, levels of regulatory involvement throughout companies, and what shifts we as an industry should expect from the implementation of so many new standards and regulations.
ISE® PRIVATE DINNER
Security Perspectives - The Regulatory Challenge
Avram Kornberg
Security and Technology Executive & Founder
Stratecution Consulting, LLC.
Biography
From GDPR to C5 to Net Neutrality, CISO's have a new normal to contend with. These new standards and regulations include greater regulatory oversight, a deeper focus on compliance, and an expectation that companies have the internal readiness regardless of where they operate. Is your organization prepared for all of these new changes? Join our conversation as we discuss the current state of regulatory challenges, levels of regulatory involvement throughout companies, and what shifts we as an industry should expect from the implementation of so many new standards and regulations.
ISE® VIP Signature Luncheon with ServiceNow
April 19, 2018
11:30 am – 1:30 pm
W San Francisco
181 3rd St.
San Francisco, CA 94103
Great Room 1&2
More information
Security Automation and Orchestration: The CISOs Secret Weapon to Excel at the Ordinary
While it’s fun to explore the latest cutting-edge technology for protecting and detecting threats, the breaches of the last several years have shown us that security teams are still overwhelmed with ordinary work. Basic hygiene such as patching vulnerabilities is still hard. Connecting security and IT processes as well as best-of-breed security products through automation and orchestration is how to get your security teams to excel at the ordinary. This can help your teams find the most important things to work on first, eliminate mundane work and retain your top security talent. Join our conversation as we discuss how organizations can user automation and orchestration in a risk-free way to dramatically improve your security response program.
T.E.N. & ISE® Sales and Marketing Breakfast at RSA® 2018
April 18, 2018
7:45 am - 10:00 am
W San Francisco
181 3rd St.
San Francisco, CA 94103
Social Terrace
More information
Building the Foundation for Security Sales Success: Best Practices for Connecting with Information Security Executives
Today’s Information Security Executives are busier than ever keeping their organizations and customers safe from malicious hackers and digital deviants. Making those vital first impressions and connections with CISOs can is critical and cold calls, big flashy emails, and unsolicited meeting notices are no way to reach out to a prospective customer. These antiquated and impersonal methods will largely go unnoticed or never see responses. So what is the secret to making that all important introduction and cementing the foundation of your next big business relationship? What are the best strategies and methods for ensuring you connect with the right people at the right times and in an ethical and timely manner?
Find the answers to these important questions by asking a CISO yourself at the T.E.N.’s ISE® Sales and Marketing Breakfast during the 2018 RSA® Conference. Our panel of executive thought leaders will share their real world experiences and insights about Security Solutions Providers’ sales and marketing programs. Their candid views will give you an inside track to effectively marketing and selling solutions to the nation¹s top IT and security executives.
Learn directly from leading industry CISOs about how to:
- Make your messaging and brand stand out from the crowd
- Best practices for building a highly effective field and event marketing program
- Tips and techniques for building a relationship-oriented sales strategy
- What marketing and sales tactics really work and which will fall flat or fail
- Understand enterprise buying cycles and procurement processes and how those cycles align with delivering on your sales quotas and product roadmaps
This is an invitation-only program and attendance is limited to a select number of executives from solution provider organizations. Following registration, guests will receive personal notifications confirming their attendance.
ISE® VIP Signature Luncheon with Bay Dynamics
April 18, 2018
11:30 am – 1:30 pm
W San Francisco
181 3rd St.
San Francisco, CA 94103
Social Terrace
More information
Security Investments 2018 – Getting the Most Bang for Your Buck
Organizations continue to invest millions in cyber security talent and technologies. Yet, according to a recent Forrester survey, those with the largest security budgets are more likely to say they've been breached, requiring additional spending to clean up the mess. Today’s practitioners clearly need better alternatives that allow them to optimize existing investments, minimizing cyber risks and maximizing ROI. Rapidly maturing behavior and risk analytics represent a significant opportunity, connecting the dots between existing tool sets to integrate critical operational, threat and vulnerability data, and tackle the pervasive issue of compromised and malicious insiders. The result – stakeholders across the organization, from the front lines to the board room, better understand the top actions required each day to minimize risk. This panel discussion will explore how cutting-edge analytics enable cyber leaders to achieve the greatest return on their cyber investments of the past, present and future.
ISE® VIP Reception with Digital Guardian
April 18, 2018
6:00 pm - 9:00 pm
W San Francisco
181 3rd St.
San Francisco, CA 94103
Social Terrace
More information
New Dawn for Data Loss Prevention
As more and more organizations move data to the cloud, they must consider a variety of new risks along the way. Organizations that do not implement a cloud DLP solution essentially leave cloud data protection up to their cloud storage providers. Problems can arise, however, when those providers fail to take security measures commensurate with the organizations’ data protection requirements. Join our conversation as we discuss the advantages of implementing a DLP solution to secure sensitive and confidential information in the cloud and how to implement consistent policies across the enterprise.
ISE® VIP Signature Luncheon with Symantec
April 17, 2018
12:00 pm – 2:00 pm
W San Francisco
181 3rd St.
San Francisco, CA 94103
Social Terrace
More information
Impending Crisis in Cyber Security
Symantec works with the top companies in the world to deliver unique security outcomes in their environments. Through those conversations, we’ve identified a common security operational crisis looming on the horizon. This conversation with Mike Fey, Symantec’s President & COO, is most appropriate for senior executives who have to oversee a large portion of their organizations’ cyber security outcomes
ISE® VIP Reception with Valimail
April 17, 2018
7:00 pm - 10:00 pm
W San Francisco
181 3rd St.
San Francisco, CA 94103
Social Terrace
More information
Stop Fake Email with DMARC Enforcement and Email Authentication
Email fraud through phishing continue to be the biggest attack vector contributing to over 90 percent of cyber-attacks, by which hackers infiltrate corporate networks. But It’s not enough to create an anti-phishing training program: there are technical solutions, such as DMARC-based email authentication, that can help mitigate the email fraud threat. But only a tiny percentage of domain owners are taking advantage. Despite widespread support for email authentication by big email providers, many domain owners have been slow to adopt. Another key issue slowing the adoption of email authentication is the perceived difficulty and complexity of implementing DMARC. Valimail has found that among the top million domains, 96.4% still have not published DMARC records — despite the fact that the overwhelming majority of email inboxes support it. Organizations are missing out on a valuable, accessible solution for protecting themselves against email fraud and phishing attacks. This is known as the “DMARC adoption gap”. Join the conversation as we discuss how you can improve your organization’s email security through implementation of DMARC and email authentication standards.
ISE® VIP Reception with Prevoty
April 16, 2018
5:30 pm – 8:00 pm
W San Francisco
181 3rd St.
San Francisco, CA 94103
Mixx/Upstairs Bar
More information
The Evolution of AppSec: From WAFs to Autonomous Application Security
Web application firewalls (WAFs) entered the security market at the turn of the century as web apps became increasingly complex and critical to digital life. As app-targeted attacks have become more common and sophisticated, WAFs have failed in much the same way that other firewalls, rule-based security measures, and legacy security solutions have: defenses that rely on past signatures and patterns always lose. With the acceleration of DevOps application development, a more refined and modernized solution is necessary. Autonomous application security can provide real time visibility into attacks, help bridge the DevSecOps gap, and reduce overall risk.
ISE® VIP Welcome Reception with CloudPassage
April 15, 2018
5:30 pm – 7:30 pm
W San Francisco
181 3rd St.
San Francisco, CA 94103
Workroom 2 & 3
More information
Security Contained: Bringing Old Age Advantages to New Age Technologies
While their roots might extend back to the 70’s, containers, micro services, and the public cloud are now on the cusp of becoming a viable replacement for hardware abstraction and virtualization tools. While the latter are popular in data centers worldwide, modern containers and cloud offerings provide a slew of benefits that improve on traditional hardware abstraction and virtualization options. However, as with any enterprise technology, there are best practices that should be adhered to for ensuring reliability, availability and security. Join our conversation as we discuss the best practices surrounding securing, managing, supporting and orchestrating containers in the modern enterprise.
ISE® PRIVATE DINNER
Deception-based Threat Detection: Myths and Realities
Ennis Alvarez
Vice President, Information Technology Infrastructure
Rooms To Go
Biography
In today’s world, advanced threats and insider threats demonstrate that they can evade security prevention systems. As a result, in-network threat visibility and detection are now considered critical security infrastructure. However, there are myths and realities about the effectiveness of solutions like deception for detecting advanced threats. Additionally, there are also specific strategies for operational management efficiency and key use cases that are driving adoption of deception-based solutions. Join our conversation as we discuss real-world deployment experiences, the value customers are realizing, and what pen test Red Teams are saying about deception-based threat detection.
ISE® PRIVATE DINNER
Security Best Practices in a Perimeter-less World: The Zero Trust Approach
Kathy Memenza
Vice President, Information Security
Hilton Worldwide, Inc.
The perimeter doesn’t exist. It’s gone. Your employees, customers, partners, and vendors need secure access from anywhere on any device. Today, it is almost impossible to secure corporate infrastructure using legacy technologies that have not fundamentally improved for over two decades. Furthermore, organizations continue to face increasingly potent pervasive attacks on cloud-based environments, which more traditional security infrastructure can’t keep up with. Today’s IT reality requires flexible and adaptive security, one centered on a user’s identity instead of the various networks that they consume. In this perimeter-less age of security, how is your organization adapting? Join our conversation as we discuss the best practices and proven strategies for achieving a Zero Trust security model through a software-defined perimeter.
SAI GLOBAL WEBINAR
The Modern CISO Project
2:00 pm EST
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelist
Frank Aiello
Chief Information Security Officer
The American Red Cross
Biography
Panelist
Gerald Beuchelt
Chief Information Security Officer
LogMeIn.com
Panelist
Jackson Muhirwe
Deputy Chief Information Security Officer
University of California- Davis
Panelist
Richard Rushing
Chief Information Security Officer
Motorola Mobility, Inc.
Biography
Part computer geek, investigative analyst and law enforcement. These high level competencies seem to define the role of CISO in 2018. Since the title’s origin 23 years ago, CISOs have now become vital to helping guard the safety of an organization in a world of ever increasing and potent security threats. However, in recent years, CISOs have also become critical business enablers as well, providing effective lines of communication and appropriately addressing risks and security needs to board members. The CISO of today must understand the technical side of cyber security, in addition to enterprise risk management and how both disciplines impact an organization’s ability to successfully drive business forward. Join our panel as we discuss the current state of the CISO as well as what the future holds for the CISOs of tomorrow.
ISE® PRIVATE DINNER
Security Best Practices in a Perimeter-less World: The Zero Trust Approach
Robert Pace
Vice President, Information Security & Compliance
First American Payment Systems
Biography
The perimeter doesn’t exist. It’s gone. Your employees, customers, partners, and vendors need secure access from anywhere on any device. Today, it is almost impossible to secure corporate infrastructure using legacy technologies that have not fundamentally improved for over two decades. Furthermore, organizations continue to face increasingly potent pervasive attacks on cloud-based environments, which more traditional security infrastructure can’t keep up with. Today’s IT reality requires flexible and adaptive security, one centered on a user’s identity instead of the various networks that they consume. In this perimeter-less age of security, how is your organization adapting? Join our conversation as we discuss the best practices and proven strategies for achieving a Zero Trust security model through a software-defined perimeter.
ISE® PRIVATE DINNER
Answering the 'Are We Okay?' Question: Simplifying for Certainty About Advanced Threats
Lauren Dana Rosenblatt
Executive Director, Global Head of Cyber Threat Management
The Estée Lauder Companies
Biography
With every new breach, board members and leadership teams want to know if their business is protected and ask information security leaders the ever-familiar question - “Are we ok?”. Definitive answers are difficult to provide. Enterprises have implemented endpoint security programs that are complex, unable to keep up with the pace at which attackers are developing never-before-seen techniques. The threats vs. protections arms race has resulted in multiple niche products on endpoints, making the endpoint environment complex, and exposure difficult to assess. It is crucial for enterprise security leaders and their teams to implement an endpoint strategy that addresses the scope of these new attack techniques and tactics while reducing the complexity and increasing the performance of the endpoint environment.
Join our conversation as we discuss how enterprise security leaders can get to certainty with an endpoint security program that stops never-before-seen attacker techniques while reducing complexity and cost.
ISE® Southeast Executive Forum and Awards 2018
The ISE® Southeast Executive Forum and Awards 2018 was held on March 6, 2018 at the Westin Peachtree Plaza Downtown in Atlanta, GA. The ISE® Southeast Awards are held in conjunction with a one day Executive Forum which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® SOUTHEAST PRIVATE WELCOME DINNER
Voice of the Analyst
Wade Baker
Partner & Co-Founder
Cyentia Institute
Biography
It has been well-established over the years that breaches aren’t simply a dice roll pitting attacker strength against technical defenses. Most security incidents, rather, stem from operational inefficiencies and gaps that directly or indirectly lead to the organization being compromised. This makes security operations center (SOCs) and the analysts who staff them the cornerstone upon which effective cybersecurity defenses are built. However, many analysts feel that there is a misalignment between how their time is spent vs how effectively they are able to respond to incidents. While most analysts would rather invest their time on things like advanced threat hunting and incident response management, many feel that their time is spent on vastly less effective tasks. Moreover, security analysts have become hard to find, train, and retain. A recent study by the Cyentia Institute found that the more security expertise a security analyst gains, the less satisfied they tend to be in their role. Join our conversation as we look at current state of security analysts and discuss how their roles as critical members of a security team can be improved through a shift in role focus, implementation of effective automation and orchestration, and improved training options to help them maintain overall skill quality and job satisfaction.
ISE® PRIVATE DINNER
Answering the 'Are We Okay?' Question: Simplifying for Certainty About Advanced Threats
5:30pm - 8:30pm
Vic & Anthony’s Steakhouse
1510 Texas Ave
Houston, TX 77002
Eric Seagren
Global IT Security Manager
Oceaneering International
Biography
Unique to this dinner, guests will have the pleasure of enjoying fine wines paired with the most delicious meals. We will periodically break up the conversation when each wine is brought out for tasting with an appropriately-paired, dinner course. Each pairing will be described and discussed as you partake in them, providing plenty of time to enjoy the combination flavors before we resume discussion.
With every new breach, board members and leadership teams want to know if their business is protected and often ask information security leaders the ever-familiar question - “Are we ok?”. Answering this question, especially before any theft or data loss occurs, is a mostly arduous and uncertain task. Enterprises have implemented endpoint security programs that are evolving but are still unable to keep up with the pace at which attackers are developing never-before-seen techniques. The leapfrogging of threats vs. protections has resulted in multiple niche products on endpoints, making the endpoint environment complex, costly, and fragile. It is crucial for enterprise security leaders and their teams to implement an endpoint strategy that addresses the scope of these new attack techniques and tactics while reducing the complexity of the endpoints. Join our conversation as we discuss how enterprise security leaders can get to a path of certainty and build an endpoint security program that stops never-before-seen attacker techniques while reducing complexity and cost.
ISE® PRIVATE DINNER
Securely Empower Productivity and Innovation
Nicole Darden Ford
Global Vice President, IT & CISO
Baxter International, Inc.
Biography
The internet has changed the market landscape for many industries. A variety of companies have decentralized access to information and have transformed how business is done. Innovation is no different. What was once confined to R&D centers, innovation is now expected of every area of an organization. As such, departments are constantly advancing and finding new solutions to existing problems. While this engine is great for a company's productivity, it can also open the door to new risks and the emergence of shadow IT, which in turn becomes a headache for security teams. However, forward thinking companies must not resist this revolution, but rather harness this movement as a force for progress and productivity. As more organizations embrace new innovations, their security teams must in turn, become strategic partners to enable security and progress.
ISE® PRIVATE DINNER
It’s Time to Rethink Security: Data Breaches and Their Impact on Your Reputation and Share Value
Casey Marquette
Senior Director, Information Security
CVS Health
Biography
A recent survey conducted by Ponemon Institute and Centrify found that a selected sample of publicly traded companies experienced an average stock price decline of 5 percent immediately following the disclosure of a breach. Coincidentally, another survey by Centrify found that 66% of consumers in the United States are likely to stop doing business with a hacked organization. Now is the time to realize the status quo of security practices and technologies are no longer effective in protecting a company’s brand, reputation and share value. Join our conversation as we discuss the challenges of a perimeter-based approach and how to redefine security for the hybrid enterprise.
ISE® PRIVATE DINNER
Stop Breaches in Real-Time Based on User Behavior
James Hillier
CISO/ Associate CIO
Central Piedmont Community College
A recent Forrester study noted an astonishing two-thirds of organizations experienced an average of five or more security breaches in the past two years. These breaches have resulted in billions of compromised user names and passwords, further increasing the risk of subsequent breaches. Armed with these stolen credentials, an attacker has just the camouflage they need to “look” like a legitimate user – where they can infiltrate and move laterally through an organization without raising suspicion. Risk-based security solutions that include integrated machine learning can help IT identify suspicious activity in real-time and respond quickly to stop a potential breach in progress. Join our conversation to learn how machine learning enables access based on user behavior, helping your security team better implement risk-based policy to protect your organization’s entire hybrid IT environment.