ISE® PRIVATE DINNER
Hey Hey, You You, Get Off of My Cloud: Deploying Zero Trust Networking in the Modern Data Center
Mike Gordon
CISO
Lockheed Martin
As many firms transition their data centers into the cloud and other heavily virtualized environments, the old practice of implementing choke points to force data flows through a select set of avenues simply doesn’t work anymore. According to Gartner, by “2025, 80% of enterprises will have shut down their traditional data center, versus 10% today.” How will security respond when evolving data centers represent a gigantic blind spot where basic visibility, compliance and enforcement become impossible? Join our conversation as we discuss key cybersecurity challenges when moving from perimeter security to distributed security along with best practices for implementing Zero Trust data center security for cloud-based architectures.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
Gibson’s Bar & Steakhouse
5464 North River Road
Rosemont, IL 60018
Paolo Vallotti
Global Chief Information Security Officer
Mondelez International
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® PRIVATE DINNER
From the Inside Out: The Risk Departing Employees Present to Your Data
Jonathan Chow
SVP, CISO
Live Nation Entertainment, Inc.
Last year, 40 million people changed jobs and 60% of them admitted to taking data when they left. This is deeply concerning when you also consider that 90% of insider threats go undetected for months. Many enterprises are unable to quickly detect the loss, leak and misuse of data from insider threats and departing employees. By the time organizations find out, the damage is already done. Part of the problem lies in the reliance on legacy data loss prevention solutions to catch data before it leaves an organization. These legacy solutions only look at classified data with policies, leaving security teams with limited visibility. Join our conversation as we discuss the security and business need for real time detection and response aimed at a growing insider threat: departing employees.
ISE® PRIVATE DINNER
Hey Hey, You You, Get Off of My Cloud: Deploying Zero Trust Networking in the Modern Data Center
Rob Knoblauch
VP, Global Security Services & Deputy CISO
Scotiabank
Biography
As many firms transition their data centers into the cloud and other heavily virtualized environments, the old practice of implementing choke points to force data flows through a select set of avenues simply doesn’t work anymore. According to Gartner, by “2025, 80% of enterprises will have shut down their traditional data center, versus 10% today.” How will security respond when evolving data centers represent a gigantic blind spot where basic visibility, compliance and enforcement become impossible? Join our conversation as we discuss key cybersecurity challenges when moving from perimeter security to distributed security along with best practices for implementing Zero Trust data center security for cloud-based architectures.
ISE® PRIVATE DINNER
Stop Buying Security Products: Fix Your Security Posture Using What You Have
Robert Bigman
President
2BSecure
Biography
Is your organization protected against every known attack, including the vulnerabilities announced yesterday? Zero-day attacks garner plenty of attention, but the truth is 99% of all cyberattacks occur due to hackers exploiting existing or known vulnerabilities. You likely already have cybersecurity products that could protect you, but chances are they have not been configured correctly to your enterprise’s specific risk profile. For instance, Gartner estimates that 95% of firewall breaches are caused by simple firewall misconfigurations, yet 97% of breaches are still happening to companies that have already deployed the right controls. Breaches are arising more often because complexity is your enemy. If your security team is managing too many solutions—some of which might not be optimal for your current enterprise security requirements—then a simple misconfiguration or drift is all an attacker needs to exploit within your security stack to gain entrance. You do not need another security product. You just need to use what you have, better. Join our conversation as we discuss how to continually and safely test every part of your security infrastructure for gaps as well as how to prioritize remediation based on business risk.
ISE® PRIVATE DINNER
From the Inside Out: The Risk Departing Employees Present to Your Data
5:30pm - 8:30pm
Fleming's Prime Steakhouse & Wine Bar
4501 Olde Perimeter Way
Atlanta, GA 30346
Jeff Jenkins
Vice President, Chief Information Security Officer
First Advantage
Biography
Last year, 40 million people changed jobs and 60% of them admitted to taking data when they left. This is deeply concerning when you also consider that 90% of insider threats go undetected for months. Many enterprises are unable to quickly detect the loss, leak and misuse of data from insider threats and departing employees. By the time organizations find out, the damage is already done. Part of the problem lies in the reliance on legacy data loss prevention solutions to catch data before it leaves an organization. These legacy solutions only look at classified data with policies, leaving security teams with limited visibility. Join our conversation as we discuss the security and business need for real time detection and response aimed at a growing insider threat: departing employees.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
Morton’s The Steakhouse
2222 McKinney Ave Suite 200
Dallas, TX 75201
Anil Varghese
SVP/Chief Information Security Officer
Exeter Finance
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® North America Leadership Summit and Awards 2019
The ISE® North America Leadership Summit and Awards 2019 were held November 13-14, 2019 at the InterContinental Chicago Magnificent Mile in Chicago, IL. The ISE® North America Awards are held in conjunction with a two day Leadership Summit which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The two day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® NORTH AMERICA PRIVATE WELCOME DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program
Kevin Gowen
Chief Information Security Officer
Synovus Financial Corporation
ISE® East Executive Award Winner 2022
Biography
Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.
2019 GAISSA Conference: Brighter, Secure Future, Now!
T.E.N. ISE® Success Track
8:00am - 5:00pm
The Loudermilk Center
40 Courtland Street Northeast
Atlanta, GA 30303
More Information
Healthcare on the Move: Using Security as a Business Enabler
10:00-10:45 am
Atul Kanvinde
Director, Clinical Applications
Children's Healthcare of Atlanta
Biography
Stoddard Manikin
VP, CISO
Children's Healthcare of Atlanta
ISE® East Executive Award Winner 2024
Biography
To improve clinician to clinician communication, Children's Healthcare of Atlanta replaced the existing hospital communication solution to provide enhanced services, including: bar code scanning, secure messaging and integration with existing applications. The project set out to develop and implement the necessary clinical and infrastructure components to improve operational workflows in order to provide a seamless and secure means of communication and medication administration documentation. The Mobile Clinician Project rollout addressed both security and operational needs, helping prove the idea that security can be an enabler vs. a barrier. Join our conversation as the Children’s Healthcare of Atlanta Team shares how they combined multiple technologies that made patient care more efficient, addressed security and privacy concerns, and promoted mobility for their caregivers.
Weathering the Business Transformation Storm through Sturdy Leadership
11:00-11:45 am
Tony Spurlin
Vice President & Chief Security Officer
Windstream
ISE® North America People's Choice Award Winner 2005
ISE® Southeast Executive Award Finalist 2018
Biography
In life or business, there are many situations that when encountered, help drive us to meaning and understanding. This philosophy has been a driving force behind the security leadership of Tony Spurlin, VP and CSO for Windstream. In 2016, Windstream and Tony’s previous organization, Earthlink, merged together as one organization. Upon joining the Windstream team, he charged his security architecture team to work with identity management to evaluate the current challenges with regards to identity and access management and developed a comprehensive and rational plan to incrementally improve Windstream’s risk posture through approved and planned capital investments. Tony builds relationships and powerhouse teams that shape and enable all involved to succeed. Through his career, he has influenced and has grown many leaders across the industry that continue to succeed in their new respective companies and information security programs that continue flourish within these organizations. Tony continuously seeks out opportunities to collaborate with other Windstream organizations valuing the benefits of different perspectives and he finds that solutions to business challenges are most effective when melded into a comprehensive plan benefitting from different points of view and diverse experiences. Join Tony Spurlin as he shares his thoughts and experiences on information security teambuilding, effective board engagement, and hands-on leadership and problem-solving strategies.
ISE® Success Alumni: Reflections and Insights to Elevate Careers to New Heights
11:45 am-1:00 pm
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Wes Knight
Chief Information Security Officer
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
ISE® Luminary Leadership Award Winner 2019
Biography
Stoddard Manikin
VP, CISO
Children's Healthcare of Atlanta
ISE® East Executive Award Winner 2024
Biography
Tony Spurlin
Vice President & Chief Security Officer
Windstream
ISE® North America People's Choice Award Winner 2005
ISE® Southeast Executive Award Finalist 2018
Biography
Bob Varnadoe
VP, Technology Risk Management
Kaiser Permanente
ISE® Southeast Executive Award Finalist 2018
ISE® East Executive Award Finalist 2023
Biography
For nearly a decade, T.E.N. has honored CISOs and other cybersecurity executives as Finalists and Winners of the ISE® Program Awards. Throughout the years, we have seen them climb to new heights in their careers and create game-changing security platforms within their companies. What these CISOs have proven is that there is no one path to success. There are many ways security professionals can become CISOs, whether they approach cybersecurity from a technical, business-oriented or policy angle. However, with the rapid changes the InfoSec industry experiences, it can be difficult for security professionals to determine which of their strengths to harness, how to use them and how to improve their weaknesses. While technical skills are necessary for understanding your company’s current security landscape and its risk profile, you will also need an invaluable supply of soft skills to manage a team and build trust with other business leaders. Becoming a CISO is just the first step. Succeeding as a CISO will be the real challenge. Join our conversation as we reflect on the experiences enterprising CISOs have gained in their careers and at the ISE® Programs, each of them sharing unique insights about how upcoming security professionals can elevate their careers and flourish in a CISO role.
The CISO Sentinel: Security and Compliance Risk Management
1:30-2:15 pm
Wes Knight
Chief Information Security Officer
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
ISE® Luminary Leadership Award Winner 2019
Biography
The Georgia Department of Revenue Office of Information Security is responsible for securing a threat and regulatory landscape that encompasses multiple Federal mandates and 3rd Party Information Service providers. The CISO Sentinel is a security and compliance risk management platform that captures operating efficiencies in management of the program. Using continuous monitoring and management, the platform enables greater control of cybersecurity risks by effectively managing the processes associated with obtaining, identifying, processing and aggregating key information. Significant elements of the project focused upon prioritizing the review of critical security alerts, automating governance processes, eliminating redundant silos, and streamlining compliance and management reporting. Join our discussion to learn how the Georgia Department of Revenue Office of Information Security shifted their security paradigm from traditional paper based assessment outputs to a dynamic, actionable cybersecurity program.
Building for the Future: Inspiring the Next Generation of Cybersecurity Professionals
2:30-3:15 pm
Marci McCarthy
CEO and President
T.E.N.
Biography
It is important for young professionals to know they can have successful and impactful careers in the tech sector. However, to get more young minds interested in choosing careers in technology, the narrative needs to change to show that women and minorities have a future in the industry. Join Marci McCarthy as she discusses the importance of nurturing and growing the next generation of professionals in technology through mentorship opportunities, STEAM programs and other education opportunities.
Building a Security Program in the Era of Digital Transformation
3:30-4:15 pm
Bob Varnadoe
VP, Technology Risk Management
Kaiser Permanente
ISE® Southeast Executive Award Finalist 2018
ISE® East Executive Award Finalist 2023
Biography
Building and maturing an information security program requires a lot of work. This effort becomes even greater when the focus of the business changes as well. Join our discussion on the approach to developing a program from inception to maturity along with some specific strategies for managing change and addressing the evolving scale of a digital first business.
ISE® PRIVATE DINNER PRIOR TO 2019 GAISSA CONFERENCE – ATLANTA 11/6
How to Avoid Making Trade-Offs Between Security and IT Operations
5:30pm - 8:30pm
Little Alley Steak - Buckhead
3500 Lenox Rd NE Suite 100
Atlanta, GA 30326
Phani Dasari
Head of Business Security
TikTok
Biography
As leaders, CIOs and CISOs face pressure from all sides. They must keep organizations continuously compliant, keep critical information secure, manage fleets of networked devices and fulfill the increasingly common executive mandate to make technology an enabler for business growth. Many organizations are also challenged to update their technology from legacy systems, which make it difficult to have full visibility across endpoints and get the real-time data on which they can make confident decisions. In these stressful, fragmented environments—especially where organizations use a range of point products for security and operations, resulting in a lack of full visibility and control—there are regular trade-offs taking place among these priorities. These compromises often leave an organization open to an attack, outage or another form of disruption. Join our conversation as we discuss how security teams can better secure their enterprise against cyber threats, outages and other disruptions—without making trade-offs and without settling for “good enough”.
ISE® PRIVATE DINNER
Stop Buying Security Products: Fix Your Security Posture Using What You Have
5:30pm - 8:30pm
Quattro - Four Seasons Hotel - Silicon Valley
2050 University Avenue
East Palo Alto, CA 94303
Malcolm Harkins
Chief Security & Trust Officer
Epiphany Systems
Biography
Is your organization protected against every known attack, including the vulnerabilities announced yesterday? Zero-day attacks garner plenty of attention, but the truth is 99% of all cyberattacks occur due to hackers exploiting existing or known vulnerabilities. You likely already have cybersecurity products that could protect you, but chances are they have not been configured correctly to your enterprise’s specific risk profile. For instance, Gartner estimates that 95% of firewall breaches are caused by simple firewall misconfigurations, yet 97% of breaches are still happening to companies that have already deployed the right controls. Breaches are arising more often because complexity is your enemy. If your security team is managing too many solutions—some of which might not be optimal for your current enterprise security requirements—then a simple misconfiguration or drift is all an attacker needs to exploit within your security stack to gain entrance. You do not need another security product. You just need to use what you have, better. Join our conversation as we discuss how to continually and safely test every part of your security infrastructure for gaps as well as how to prioritize remediation based on business risk.
ISE® PRIVATE DINNER
Stop Buying Security Products: Fix Your Security Posture Using What You Have
Dr. Sunil Lingayat
Chief of Cybersecurity Strategy and Technology
T-Mobile
Biography
Is your organization protected against every known attack, including the vulnerabilities announced yesterday? Zero-day attacks garner plenty of attention, but the truth is 99% of all cyberattacks occur due to hackers exploiting existing or known vulnerabilities. You likely already have cybersecurity products that could protect you, but chances are they have not been configured correctly to your enterprise’s specific risk profile. For instance, Gartner estimates that 95% of firewall breaches are caused by simple firewall misconfigurations, yet 97% of breaches are still happening to companies that have already deployed the right controls. Breaches are arising more often because complexity is your enemy. If your security team is managing too many solutions—some of which might not be optimal for your current enterprise security requirements—then a simple misconfiguration or drift is all an attacker needs to exploit within your security stack to gain entrance. You do not need another security product. You just need to use what you have, better. Join our conversation as we discuss how to continually and safely test every part of your security infrastructure for gaps as well as how to prioritize remediation based on business risk.
ISE® PRIVATE DINNER
The Rise of Global Identity in Digital Transactions
5:30pm - 8:30pm
Perry’s Steakhouse & Grille
2000 McKinney Ave #100
Dallas, TX 75201
Duaine Styles
SVP, Chief Security Officer
Torchmark Corporation
Biography
With cloud usage growing and the concern for data security on the rise, regulatory entities around the globe are increasingly introducing and enforcing new legislation that brings greater transparency between the user and end-entity in digital transactions. We have witnessed the stir GDPR has and will continue to cause, especially as more enterprises seek to redefine their compliance to its standards. Then, there is eIDAS, which aims to create a robust European legal environment for secure and trustworthy electronic business processes in the public sector. Meanwhile, PSD2 introduces new business models between banks and third-party service providers, while Germany’s BSI promotes IT security for its federal government as well as for IT manufacturers and commercial providers. While the European Union is leading the charge toward the rise of identity in many instances, this has direct impact on multi-national businesses based in North America. In the United States there are already regulations in place—some industry specific such as PCI DSS and HIPPA Privacy Rules—that organizations must comply with. What responsibilities are North American enterprises expected to uphold of these many regulations, and what are the ramifications of non-compliance? As security and identity take on a more global aspect, it has also become crucial to provide clear indicators—such as verified SSL certificates and universal identity marks in web browsers—to specify trusted communication with verified organizations. Having these indicators be uniform and easy to interpret can reduce or eliminate the chances of transmitting sensitive data through a secure channel to a bad actor. This practice would also make it simpler to follow compliance regulations, no matter their origin. Join our conversation as we discuss how overseas regulations for digital transactions impact businesses in the United States and across North America, what this means for digital identity security, and how we can capitalize on these regulations to build more trusted relationships with users and customers.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
April Peesel
Vice President, Cyber Security, PMO
Fiserv
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® VIP Private Dinner during the Gartner Symposium/ITxpo 2019
How to Avoid Making Trade-Offs Between Security and IT Operations
6:30pm - 9:30pm
Waldorf Clubhouse
Waldorf Astoria Orlando
14200 Bonnet Creek Resort Ln.
Orlando, FL 32821
Dawn Ellis
Executive Director, Cyber Security & Compliance
The Walt Disney Company
Biography
As leaders, CIOs and CISOs face pressure from all sides. They must keep organizations continuously compliant, keep critical information secure, manage fleets of networked devices and fulfill the increasingly common executive mandate to make technology an enabler for business growth. Many organizations are also challenged to update their technology from legacy systems, which make it difficult to have full visibility across endpoints and get the real-time data on which they can make confident decisions. In these stressful, fragmented environments—especially where organizations use a range of point products for security and operations, resulting in a lack of full visibility and control—there are regular trade-offs taking place among these priorities. These compromises often leave an organization open to an attack, outage or another form of disruption. Join our conversation as we discuss how security teams can better secure their enterprise against cyber threats, outages and other disruptions—without making trade-offs and without settling for "good enough".
ISE® PRIVATE DINNER
Digitization and the Path to Business Transformation Via Total Data Intelligence
Shadaab Kanwal
Managing Director Digital, Data, and Analytics Transformation
Charles Schwab & Co.
Biography
Because of digitization, the amount of data existing in the world has exploded, with 2.5 quintillion bytes created every day according to Forbes. With new data regulations emerging globally as a result, data privacy and cybersecurity have become top concerns for the Chief Data Officer and CISO alike. Many security professionals report that they do not currently have access to company data necessary to perform their jobs, leaving us to answer a pivotal question: How can we drive pervasive data intelligence in the organization, while reducing risks and protecting customer data privacy? Digitization only complicates this question with security leaders considering how the large movement of data will change the needs of their security program and impact strategies for protecting the data an organization collects. The majority of IT decision-makers agree they want pervasive data intelligence in their organization, but there are bottlenecks on the path to achieving 100% real-time intelligent answers, such as compliance standards, regulation requirements and risk concerns to both business and security. Join our conversation as we discuss how digitization has affected the path to business transformation and data security, requiring new approaches to acquire pervasive data intelligence that is scalable, frictionless and omnipresent.
ISE® PRIVATE DINNER
The Rise of Global Identity in Digital Transactions
E. Larry Lidz
Cloud Chief Information Security Officer
Cisco Systems
Biography
With cloud usage growing and the concern for data security on the rise, regulatory entities around the globe are increasingly introducing and enforcing new legislation that brings greater transparency between the user and end-entity in digital transactions. We have witnessed the stir GDPR has and will continue to cause, especially as more enterprises seek to redefine their compliance to its standards. Then, there is eIDAS, which aims to create a robust European legal environment for secure and trustworthy electronic business processes in the public sector. Meanwhile, PSD2 introduces new business models between banks and third-party service providers, while Germany’s BSI promotes IT security for its federal government as well as for IT manufacturers and commercial providers. While the European Union is leading the charge toward the rise of identity in many instances, this has direct impact on multi-national businesses based in North America. In the United States there are already regulations in place—some industry specific such as PCI DSS and HIPPA Privacy Rules—that organizations must comply with. What responsibilities are North American enterprises expected to uphold of these many regulations, and what are the ramifications of non-compliance? As security and identity take on a more global aspect, it has also become crucial to provide clear indicators—such as verified SSL certificates and universal identity marks in web browsers—to specify trusted communication with verified organizations. Having these indicators be uniform and easy to interpret can reduce or eliminate the chances of transmitting sensitive data through a secure channel to a bad actor. This practice would also make it simpler to follow compliance regulations, no matter their origin. Join our conversation as we discuss how overseas regulations for digital transactions impact businesses in the United States and across North America, what this means for digital identity security, and how we can capitalize on these regulations to build more trusted relationships with users and customers.
ISSA Metro Atlanta: Women in Security
Opening Presentation by the Georgia Secretary of State’s Office
3:00pm - 3:45pm
Speakers
Brad Raffensperger
Secretary of State
Georgia Secretary of State’s Office
Biography
Jordan Fuchs
Deputy Secretary of State
Georgia Secretary of State’s Office
Biography
Georgia Secretary of State Brad Raffensperger and Deputy Secretary of State Jordan Fuchs will open our event with an inspiring, informative presentation to kick off the afternoon.
Building for the Future: Inspiring the Next Generation of Cybersecurity Professionals
3:50pm - 4:20pm
Marci McCarthy
CEO and President
T.E.N.
Biography
It is important for young professionals to know they can have successful and impactful careers in the tech sector. However, to get more young minds interested in choosing careers in technology, the narrative needs to change to show that women and minorities have a future in the industry. Join Marci McCarthy as she discusses the importance of nurturing and growing the next generation of professionals in technology through mentorship opportunities, STEAM programs and other education opportunities.
Paying It Forward: Cultivating a New Cybersecurity Workforce
4:25pm - 5:30pm
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Stacy Hughes
SVP, Chief Information Security Officer
ABM
Biography
Marian Reed
Head of IT Security
Serta Simmons Bedding
Julie Talbot-Hubbard
Senior Vice President, General Manager - Cyber Protection and Identity
Optiv
ISE® Central Executive Award Winner 2010
Biography
T.E.N. Success Story
Sandy Welfare
Senior Manager, Program Operations IT ePMO
WestRock
Biography
Women and minorities constitute half of technology users, making it only natural for current cybersecurity professionals to look to them as the next generation to carry the torch. Not only is it important to have a cybersecurity workforce that reflects the diversity of its tech users, but also it is a necessity to pursue at a time when both the growth and the talent shortage of the industry are at an all-time high. In order to obtain and mentor this next generation of skilled, ambitious young people, we must put in the work and pass on what we have learned to them. Join our conversation as our panel of leading security executives discuss how to develop and cultivate this next generation workforce and how to locate and inspire them. They will also share their personal success stories and insights on how to make new connections as well as tips for expanding your professional network.
ISE® Northeast Executive Forum and Awards 2019
The ISE® Northeast Executive Forum and Awards 2019 was held October 3, 2019 at the Westin Times Square in New York City. The ISE® Northeast Awards are held in conjunction with a one day Executive Forum which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® NORTHEAST PRIVATE WELCOME DINNER
Which of the Status Quos in Security Needs to Be Broken?
Brian Miller
Chief Information Security Officer
Healthfirst
Cybersecurity did not always have a status quo. IT professionals merely created best practices and shared them with the best of intentions. Because these practices and procedures worked at the time, we’ve been clinging to them ever since, even though they often create operational roadblocks and headaches and don’t always keep businesses safe. Why are common procedures and old beliefs about security lingering even though they are clearly outdated or outright wrong to continue? Join our conversation as we discuss security practices involving business, organization, operations, technology, and marketing, answering the questions of why certain activities persist despite being past their due date and how we can overcome the status quo.
The ISE® Lions' Den & Jungle Lounge
September 25, 2019
Atlanta Tech Village | Atlanta, GA
Details
This September, TEN of security’s hottest emerging security companies have the courage to enter… The 2019 ISE® Lions' Den. The ISE® Lions represent the brightest minds in security and they are hungry for the next great emerging technology solutions. Each Gazelle will deliver their best pitch for the chance to earn $25,000 worth of prizes. Additionally, the Jungle Lounge will offer the opportunity to learn more about these emerging companies and a chance to network with a diverse group of Imformation Security Executives, investors, and other key members of the InfoSec community.
Cybercon 2019
Cybersecurity: Identifying and Managing Risk From All Angles
Loudermilk Conference Center
40 Courtland St NE
Atlanta, GA 30303
More Information
Cybercon's 5th year brings together best-in-class experts to discuss identifying and managing cyber risk during an unprecedented era of technological transformation. AI, Blockchain and Autonomous Vehicles are just three examples of technologies that are transforming business operations. Evolving business operations also means new cyber threats must be identified and managed. At the same time, the private sector and government are grappling with creating a better regulatory landscape for cybersecurity and privacy to keep up with a 21st century digital economy.
Workshops are offered during the full day conference specifically aimed at business operations and focusing on managing and growing your business with cybersecurity concerns in mind. We believe learning is best done by participating in workshops that emphasize interactive content. Cybercon will have breach simulations where you engage in crisis management with incomplete facts under time pressure.
Cybercon is designed for General Counsels, Chief Financial Officers, business owners, cybersecurity experts, Chief Information Officers and Chief Information Security Officers to collaborate on the current cybersecurity challenges businesses face in this fast-paced environment. This year’s goal is to identify practical mitigation strategies that will have measurable impact on a business' risk profile and bottom line.
TechBridge & Goodwill of North Georgia’s Technology Career Program
Leveraging LinkedIn to Jumpstart & Fast-Track Your Tech Career
1:30pm - 3:00pm
On the Rise Financial Center
810 Joseph E. Boone Blvd.
Atlanta, GA 30314
More information
Instructors
Marva Bailer
Director of Global Field Success Leadership and Executive Engagement
Splunk
Biography
Marci McCarthy
CEO and President
T.E.N.
Biography
TechBridge and Goodwill of North Georgia have partnered to provide the Technology Career Program (TCP), a free, 16-week program geared towards helping young students successfully develop their careers in business education and technology. “Leveraging LinkedIn to Jumpstart and Fast-Track Your Tech Career,” is a 90-minute class which will include the best practices of establishing a well-rounded LinkedIn profile as an important, professional presence for new jobseekers who want to make a great impression on prospective employers. Each TCP Student will learn how to set up an account, build a professional network, engage in postings, and follow companies and groups that interest them. Marci McCarthy of T.E.N. and Marva Bailer of Splunk, who are expert social media users as well as TechBridge Board Members, will lead the class, showing TCP Students how to communicate and connect with companies and peers in the technology industry as well as how to use LinkedIn to research interviewers, prospective employers and companies. With Marci and Marva’s thorough coaching, TCP Students will be better equipped to pursue their ambitions and jumpstart their path to success by leveraging the many benefits of using LinkedIn.
ISE® PRIVATE DINNER
The Rise of Global Identity in Digital Transactions
Stephen Weston
Vice President, Chief Information Security Officer
Canadian Tire Corporation
Biography
With cloud usage growing and the concern for data security on the rise, regulatory entities around the globe are increasingly introducing and enforcing new legislation that brings greater transparency between the user and end-entity in digital transactions. We have witnessed the stir GDPR has and will continue to cause, especially as more enterprises seek to redefine their compliance to its standards. Then, there is eIDAS, which aims to create a robust European legal environment for secure and trustworthy electronic business processes in the public sector. Meanwhile, PSD2 introduces new business models between banks and third-party service providers, while Germany’s BSI promotes IT security for its federal government as well as for IT manufacturers and commercial providers. While the European Union is leading the charge toward the rise of identity in many instances, this has direct impact on multi-national businesses based in North America. In the United States there are already regulations in place—some industry specific such as PCI DSS and HIPPA Privacy Rules—that organizations must comply with. What responsibilities are North American enterprises expected to uphold of these many regulations, and what are the ramifications of non-compliance? As security and identity take on a more global aspect, it has also become crucial to provide clear indicators—such as verified SSL certificates and universal identity marks in web browsers—to specify trusted communication with verified organizations. Having these indicators be uniform and easy to interpret can reduce or eliminate the chances of transmitting sensitive data through a secure channel to a bad actor. This practice would also make it simpler to follow compliance regulations, no matter their origin. Join our conversation as we discuss how overseas regulations for digital transactions impact businesses in the United States and across North America, what this means for digital identity security, and how we can capitalize on these regulations to build more trusted relationships with users and customers.
ISE® PRIVATE DINNER EVENING PRIOR TO INFOSEC NASHVILLE
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
Cocktail Hour
Cumberland Bar
JW Marriott Nashville
201 8th Ave S
Nashville, TN 37203
Dinner
Bourbon Steak
JW Marriott Nashville
201 8th Ave S, 34th floor
Nashville, TN 37203
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® PRIVATE DINNER
The Rise of Global Identity in Digital Transactions
William Scandrett
VP, CISO
Allina Health
Biography
With cloud usage growing and the concern for data security on the rise, regulatory entities around the globe are increasingly introducing and enforcing new legislation that brings greater transparency between the user and end-entity in digital transactions. We have witnessed the stir GDPR has and will continue to cause, especially as more enterprises seek to redefine their compliance to its standards. Then, there is eIDAS, which aims to create a robust European legal environment for secure and trustworthy electronic business processes in the public sector. Meanwhile, PSD2 introduces new business models between banks and third-party service providers, while Germany’s BSI promotes IT security for its federal government as well as for IT manufacturers and commercial providers. While the European Union is leading the charge toward the rise of identity in many instances, this has direct impact on multi-national businesses based in North America. In the United States there are already regulations in place—some industry specific such as PCI DSS and HIPPA Privacy Rules—that organizations must comply with. What responsibilities are North American enterprises expected to uphold of these many regulations, and what are the ramifications of non-compliance? As security and identity take on a more global aspect, it has also become crucial to provide clear indicators—such as verified SSL certificates and universal identity marks in web browsers—to specify trusted communication with verified organizations. Having these indicators be uniform and easy to interpret can reduce or eliminate the chances of transmitting sensitive data through a secure channel to a bad actor. This practice would also make it simpler to follow compliance regulations, no matter their origin. Join our conversation as we discuss how overseas regulations for digital transactions impact businesses in the United States and across North America, what this means for digital identity security, and how we can capitalize on these regulations to build more trusted relationships with users and customers.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
Dave Snyder
Chief Information Security Officer
Independence Blue Cross
ISE® Northeast Executive Award Finalist 2019
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® PRIVATE DINNER
Counter Intrusion at Scale: A New Way to Become Cyber Resilient
5:30pm - 8:30pm
Little Alley Steak – Buckhead
3500 Lenox Rd NE Suite 100
Atlanta, GA 30326
Kevin Morrison
VP, Chief Information Security Officer
Driven Brands
ISE® Southeast People’s Choice Award Winner 2015
Biography
Stopping intrusions inside trusted networks has been a fundamental tenet of information security and is a requirement for an enterprise to be cyber resilient. As a result, intrusion-detecting technologies often accompany firewalls and anti-virus (AV). Together, these tools are expected to keep cyberthreats from impacting an organization, especially in regard to preventing the loss of intellectual property, regulatory controlled data and operational capacity. The earlier these threats can be detected and stopped in the attack chain, especially those that evade controls, the more an organization can be considered cyber resilient. While both firewalls and AV have been reimagined in recent years, the technology of dealing with intrusions has lagged behind, struggling in the face of sophisticated actors, flawed technology and insufficient response resources. It is time to rearchitect how we solve the problem of intrusions by countering them at scale. To do so, organizations will need to consider employing a counter intrusion system that operates in all phases of the attack chain, using a hybrid approach with AI to connect different sets of data together no matter where a malicious attack could take place. Join our conversation as we discuss a blueprint for counter intrusion at scale in an enterprise’s data center, cloud and internal network that will also mitigate the burden of alerts on cyber defense teams and help enterprises become more cyber resilient.
ISE® West Executive Forum and Awards 2019
The ISE® West Executive Forum and Awards 2019 was held August 22, 2019 at the Westin St. Francis in San Francisco, CA. The ISE® West Awards are held in conjunction with a one day Executive Forum which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® WEST PRIVATE WELCOME DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program
Kannan Perumal
CISO
Applied Materials
Biography
Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
Chad Marson
Director Information Security – Capital Markets,
International, Commercial Payments & Wealth
CIBC
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® VIP PROGRAM - THE SUPERCAR DRIVING EXPERIENCE
AppSec That Won’t Slow You Down
5:30pm - 8:30pm
Las Vegas Motor Speedway
Exotics Racing Racetrack
7065 Speedway Blvd
Las Vegas, NV 89115
Saltworks Security Executive Speaker:
Dennis Hurst
Founder
Saltworks Security
ISE® VIP Hosts:
Duane Dobbins
Business Information Security Officer
New York Life Insurance Company
Biography
Max Garcia
CISO, Digital First Banking
NCR Voyix
Biography
Pamela Gott
Vice President, Global Cyber Security & Fraud
First Data Corporation
Biography
Kevin Heineman
VP, Application Security
Global Payments Inc.
Marci McCarthy
CEO and President
T.E.N.
Biography
Today’s market demands will not let software development wait for security to catch up. Even if you have the right team, expertise, tools, and training in place to achieve your business goals, it won’t matter if your approach to application security is outdated. Like an airbag that is installed after a car is driven off the lot, AppSec cannot wait to be applied at later stages. Instead, security teams will achieve the most out of AppSec if they focus on weaving customized security into the DNA of each unique software development lifecycle. In order to achieve this, they will need to have an AppSec program in place that is ongoing, where DevOps teams can maintain security and necessary technologies can continue to implement it moving forward—all at optimal speeds. Join our conversation as we discuss how companies can create and manage AppSec programs that run as predictably, effectively, and measurably as a well-oiled machine.
Transportation will be provided to Las Vegas Motor Speedway from the Mandalay Bay Hotel starting at 4:30 p.m. Please meet at the Mandalay Bay Tour Bus Lobby and shuttle bus service will be provided to the event. The last shuttle bus will leave Mandalay Bay at 5:20 p.m.
ISE® VIP PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
5:30pm - 8:30pm
Charlie Palmer Steak at Four Seasons
3960 S Las Vegas Blvd
Las Vegas, NV 89119
David Scott
Associate Director, Cybersecurity
Medication Management Solutions
BD - Medical Segment
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and, more often than not, with legitimate credentials from a compromised user, system or device. According to the Verizon 2019 Data Breach Investigation Report, 56% of breaches took months or years to discover, a steady improvement of 2018’s statistic of 68%. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
2019 Community College Cyber Summit
Becoming a Cybersecurity Enabler: How Community Colleges Can Bridge the Diversity and Workforce Gap
9:00am - 9:30am
Bossier Parish Community College
6220 E Texas St
Bossier City, LA 71111
Watch Marci's Keynote
Keynote Speaker
Marci McCarthy
CEO and President
T.E.N.
Biography
Leaders in the cybersecurity industry recognize that there is a lack of women and diversity among their teams. Even though women and minorities nearly comprise half of the general workforce, they only make up a small portion of cybersecurity professionals despite millions of jobs going unfilled and rising cyberattacks. In the past, employers have maintained a structured mindset about candidates’ qualifications to include four-year or advanced degrees, proven industry experience and like-minded thinking. However, due to the shortage of qualified cybersecurity talent, we are experiencing a paradigm shift in how we view these hiring requirements. We now need candidates who are gamechangers, who can bring much needed soft skills, passions and differing opinions that can take team thinking to the next level. With their various perspectives, women and minorities must be encouraged to enter the field as early as possible, but it’s also crucial that they maintain a passion to learn and succeed by cultivating the necessary skills to stay there. Fortunately, they can obtain technical skills and certifications by pursuing specialized training, work-study programs and apprenticeships, such as those offered by cyber boot camps, technical schools and community colleges. Currently, though, community colleges and similar establishments experience challenges with marketing themselves as security partners who enable cybersecurity professional development. To connect upcoming, diverse talent with employers who need them, community colleges can adapt and enhance the way they interact with both groups. Join us as we share our insights about the challenges community colleges face in becoming cybersecurity enablers, facilitating job readiness and contributing to solve the industry’s diversity and workforce shortage.
ISE® PRIVATE DINNER
How Leveraging East-West Movement Can Turn the Tide Against Cyber Adversaries
Digital Hands' Executive Speaker:
Myrna Soto
Global CISO, Emeritus
Founder & CEO, Apogee Executive Advisors
ISE® Northeast Executive Award Winner 2013
ISE® North America Commercial Executive Award Finalist 2013
ISE® North America Commercial Executive Award Finalist 2012
ISE® Northeast Executive Award Finalist 2012
Biography
ISE® VIP Host:
Elliott Franklin
Director of IT Governance & Security
Loews Hotels
Traditionally, enterprises and inexperienced MSSPs have closely monitored north-south movement for cyber threats, but east-west movement—otherwise known as lateral movement—has been neglected, leading to a host of blind spots through which an adversary can maneuver. With increasing judgment falling on security teams who cannot keep intrusions from turning into data loss, lateral movement can no longer be left unmonitored and undefended. Fortunately, there are many ways security teams can shift direction on the network compass and leverage critical controls to detect and stop adversaries, but none of them are easy. Any decently sized network very quickly becomes a management quagmire due to the sheer amount of data (events, threat intel, correlation, etc.) that have to be ingested and analyzed. Having the right security technology is only a portion of the battle; strong security posture comes from having people and processes in place to adequately monitor, and manage, and analyze systems, and that includes choosing the right MSSP out of a whirlpool of possibilities. Join our conversation as we discuss how you can turn the tide against cyber adversaries by defending against malicious lateral movement, pinpointing its risks and preventing APT-level intrusions from spreading across your network.
ISE® PRIVATE DINNER
Digitization and the Path to Business Transformation Via Total Data Intelligence
5:30pm - 8:30pm
Fleming’s Prime Steakhouse & Wine Bar
1960-A Chain Bridge Rd.
McLean, VA 22102
Vikas Mahajan
Sr. Director, Information Security Operations
The American Red Cross
Biography
Because of digitization, the amount of data existing in the world has exploded, with 2.5 quintillion bytes created every day according to Forbes. With new data regulations emerging globally as a result, data privacy and cybersecurity have become top concerns for the Chief Data Officer and CISO alike. Many security professionals report that they do not currently have access to company data necessary to perform their jobs, leaving us to answer a pivotal question: How can we drive pervasive data intelligence in the organization, while reducing risks and protecting customer data privacy? Digitization only complicates this question with security leaders considering how the large movement of data will change the needs of their security program and impact strategies for protecting the data an organization collects. The majority of IT decision-makers agree they want pervasive data intelligence in their organization, but there are bottlenecks on the path to achieving 100% real-time intelligent answers, such as compliance standards, regulation requirements and risk concerns to both business and security. Join our conversation as we discuss how digitization has affected the path to business transformation and data security, requiring new approaches to acquire pervasive data intelligence that is scalable, frictionless and omnipresent.
New York Enterprise Information Security Meetup: July Edition
Fireside Chat with Marci McCarthy
Speaker:
Marci McCarthy
CEO and President
T.E.N.
Biography
NY Information Security Meetup (NYIS) is about advancing information security. Come join us to learn the latest information on enterprise security trends in Cyber Security, Mobile computing, Networks, Endpoint, Governance and Compliance. The meetings will feature speakers, emerging vendor demos in the security space, panel discussion, workshops, and networking.
We are in of an era where Cyber Security is taking front page and enterprises are embracing new technologies to defend against rising threats. Come and join us to mingle, learn, and prosper.
ISE® PRIVATE DINNER
How to Avoid Making Trade-Offs Between Security and IT Operations
Kirsten Davies
Chief Information Security Officer
Unilever
Biography
As leaders, CIOs and CISOs face pressure from all sides. They must keep organizations continuously compliant, keep critical information secure, manage fleets of networked devices and fulfill the increasingly common executive mandate to make technology an enabler for business growth. Many organizations are also challenged to update their technology from legacy systems, which make it difficult to have full visibility across endpoints and get the real-time data on which they can make confident decisions. In these stressful, fragmented environments—especially where organizations use a range of point products for security and operations, resulting in a lack of full visibility and control—there are regular trade-offs taking place among these priorities. These compromises often leave an organization open to an attack, outage or another form of disruption. Join our conversation as we discuss how security teams can better secure their enterprise against cyber threats, outages and other disruptions—without making trade-offs and without settling for “good enough”.
ISE® PRIVATE DINNER
How to Avoid Making Trade-Offs Between Security and IT Operations
Mark J. Risoldi
Executive Director, Deputy CISO and Chief Information Risk Officer
Merck & Co.
Biography
As leaders, CIOs and CISOs face pressure from all sides. They must keep organizations continuously compliant, keep critical information secure, manage fleets of networked devices and fulfill the increasingly common executive mandate to make technology an enabler for business growth. Many organizations are also challenged to update their technology from legacy systems, which make it difficult to have full visibility across endpoints and get the real-time data on which they can make confident decisions. In these stressful, fragmented environments—especially where organizations use a range of point products for security and operations, resulting in a lack of full visibility and control—there are regular trade-offs taking place among these priorities. These compromises often leave an organization open to an attack, outage or another form of disruption. Join our conversation as we discuss how security teams can better secure their enterprise against cyber threats, outages and other disruptions—without making trade-offs and without settling for “good enough”.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
5:30pm - 8:30pm
Perry's Steakhouse & Grille - Austin Downtown
114 W. 7th Street #110
Austin, TX 78701
Michael Allgeier
Director, Critical Infrastructure Security
ERCOT
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and, more often than not, with legitimate credentials from a compromised user, system or device. According to the Verizon 2019 Data Breach Investigation Report, 56% of breaches took months or years to discover, a steady improvement of 2018’s statistic of 68%. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
WEBINAR: The Economic and Trade Mission at the Embassy of Israel
Why Relationships Matter: Bridging the Gap Between U.S. CISOs and Israeli Security Vendors
9:00am EST – 10:00am EST
4:00pm IDT – 5:00pm IDT
Download the Presentation
Watch the Webinar
Presenter
Marci McCarthy
CEO and President
T.E.N.
Biography
In today’s cybersecurity-centric world, it’s no secret that U.S. CISOs are some of the busiest, most in-demand executives of all time, making appeals to the board for support and leading their teams through complex rollouts and management of their security programs. As well-funded cybersecurity programs have become a competitive and regulatory advantage in this era of security breaches and technological advancement, U.S. CISOs need to find the best security solutions that will help solve their enterprise’s unique challenges—and the best solutions may be beyond their borders. However, most have little time to meet with U.S.-based vendors, not to mention Israeli providers. While the Israeli cybersecurity industry is world famous and enjoys an excellent reputation in the U.S., Israeli cyber vendors also face specific challenges to succeed in the U.S. market:
- Israeli cyber startups’ competitive advantage is their ability to address a specific pain point using innovative solutions that other cyber vendors frequently do not possess. How can these Israeli cyber firms identify CISOs who face the specific challenge that the Israeli firm addresses?
- As one U.S. CISO told us, the best place to find cybersecurity teams from major organizations is not in the Exhibit Hall at large cyber events like RSA, but at off-site gatherings. How can Israeli cyber vendors get “in the room” where relationships are built?
- Cyber vendors everywhere—not only in Israel—need to understand that antiquated marketing tactics do not impress U.S. CISOs and rarely lead to follow-up communications or meaningful interactions with vendors, let alone a sale. U.S. CISOs have become increasingly willing to simply end relationships with vendors of any nationality who push their products and overstep boundaries. How can Israeli cyber vendors find the right balance between pushing too hard and not being aggressive enough?
- When working with the cybersecurity team of a Fortune 500 company, what is a sales cycle typically like? How can Israeli vendors work with the client’s team to ensure a more effective and productive sales process?
ISE® PRIVATE DINNER
Counter Intrusion at Scale: A New Way to Become Cyber Resilient
Frank Aiello
SVP, Chief Information Security Officer
MAXIMUS
ISE® Northeast People's Choice Award Winner 2016
ISE® Northeast Executive Award Finalist 2016
Biography
Stopping intrusions inside trusted networks has been a fundamental tenet of information security and is a requirement for an enterprise to be cyber resilient. As a result, intrusion-detecting technologies often accompany firewalls and anti-virus (AV). Together, these tools are expected to keep cyberthreats from impacting an organization, especially in regard to preventing the loss of intellectual property, regulatory controlled data and operational capacity. The earlier these threats can be detected and stopped in the attack chain, especially those that evade controls, the more an organization can be considered cyber resilient. While both firewalls and AV have been reimagined in recent years, the technology of dealing with intrusions has lagged behind, struggling in the face of sophisticated actors, flawed technology and insufficient response resources. It is time to rearchitect how we solve the problem of intrusions by countering them at scale. To do so, organizations will need to consider employing a counter intrusion system that operates in all phases of the attack chain, using a hybrid approach with AI to connect different sets of data together no matter where a malicious attack could take place. Join our conversation as we discuss a blueprint for counter intrusion at scale in an enterprise’s data center, cloud and internal network that will also mitigate the burden of alerts on cyber defense teams and help enterprises become more cyber resilient.
Rocky Mountain Information Security Conference 2019
Empower Cyber Security Leadership Through Emotional Intelligence
11:15am - 12:15pm
Colorado Convention Center
700 14th St
Denver, CO 80202
More Information
Presenter
Marci McCarthy
CEO and President
T.E.N.
Biography
Research has clearly shown that a person can have the best training in the world, a sharp, analytical mind and an endless supply of good ideas, but these alone will not make them a great leader. While these factors are all important, to be an effective leader, one must also possess a high degree of Emotional Intelligence (EI). This is especially true for information and cybersecurity professionals. Harnessing Emotional Intelligence ensures effective communication between InfoSec executives and their security teams as well as communication between security executives, stakeholders, teammates, lines of business leaders, customers, and board members. Strong working relationships and interpersonal skills are the keys to success in every area of human activity, especially for a cybersecurity professional looking to enhance their leadership skills and bring out the best in their teams. Join Marci McCarthy as she discusses how you can best utilize Emotional Intelligence to get ahead, learn how to be authentic to yourself, how to shape your conversations as a thought leader, and how to improve confidence and professionalism.
ISE® PRIVATE DINNER
Counter Intrusion at Scale: A New Way to Become Cyber Resilient
Raymond Lipps
Executive Director, Chief Information Security Officer
Celgene Corporation
Biography
Stopping intrusions inside trusted networks has been a fundamental tenet of information security and is a requirement for an enterprise to be cyber resilient. As a result, intrusion-detecting technologies often accompany firewalls and anti-virus (AV). Together, these tools are expected to keep cyberthreats from impacting an organization, especially in regard to preventing the loss of intellectual property, regulatory controlled data and operational capacity. The earlier these threats can be detected and stopped in the attack chain, especially those that evade controls, the more an organization can be considered cyber resilient. While both firewalls and AV have been reimagined in recent years, the technology of dealing with intrusions has lagged behind, struggling in the face of sophisticated actors, flawed technology and insufficient response resources. It is time to rearchitect how we solve the problem of intrusions by countering them at scale. To do so, organizations will need to consider employing a counter intrusion system that operates in all phases of the attack chain, using a hybrid approach with AI to connect different sets of data together no matter where a malicious attack could take place. Join our conversation as we discuss a blueprint for counter intrusion at scale in an enterprise’s data center, cloud and internal network that will also mitigate the burden of alerts on cyber defense teams and help enterprises become more cyber resilient.
ISSA-LA Summit XI
Paying It Forward: Cultivating a New Cybersecurity Workforce
11:50am - 12:40pm
Annenberg Beach House
415 Pacific Coast Hwy
Santa Monica, CA 90402
More information
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Lead for Industry Engagement
National Initiative for Cybersecurity Education (NICE)
Biography
Jennifer Sunshine Steffens
CEO
IOActive
Biography
Women and minorities constitute half of technology users, making it only natural for current cybersecurity professionals to look to them as the next generation to carry the torch. Not only is it important to have a cybersecurity workforce that reflects the diversity of its tech users, but also it is a necessity to pursue at a time when both the growth and the talent shortage of the industry are at an all-time high. In order to obtain and mentor this next generation of skilled, ambitious young people, we must put in the work and pass on what we have learned to them. Join our conversation as our panel of leading security executives discuss how to develop and cultivate this next generation workforce and how to locate and inspire them. They will also share their personal success stories and insights on how to make new connections as well as tips for expanding your professional network.
ISSA-LA Summit XI
Building for the Future: Inspiring the Next Generation of Cybersecurity Professionals
2:30pm - 3:20pm
Annenberg Beach House
415 Pacific Coast Hwy
Santa Monica, CA 90402
More information
Presenter
Marci McCarthy
CEO and President
T.E.N.
Biography
It is important for young professionals to know they can have successful and impactful careers in the tech sector. However, to get more young minds interested in choosing careers in technology, the narrative needs to change to show that women and minorities have a future in the industry. Join Marci McCarthy as she discusses the importance of nurturing and growing the next generation of professionals in technology through mentorship opportunities, STEAM programs and other education opportunities.
ISE® Central Executive Forum and Awards 2019
The ISE® Central Executive Forum and Awards 2019 was held May 15, 2019 at The Westin Galleria Dallas in Dallas, TX. The ISE® Central Awards are held in conjunction with a one day Executive Forum which includes keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offers the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® CENTRAL PRIVATE WELCOME DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program
Andrew Stokes
Assistant Director and Information Security Officer
Texas A&M University
Biography
Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
<Manish Khera
Associate Partner - Cyber Security Incident
Response and Investigations Leader
EY - Ernst & Young Global Limited
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and, more often than not, with legitimate credentials from a compromised user, system or device. According to the Verizon 2019 Data Breach Investigation Report, 56% of breaches took months or years to discover, a steady improvement of 2018’s statistic of 68%. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
Chuck Markarian
CISO
PACCAR
ISE® West Executive of the Year Award Winner 2018
ISE® West People's Choice Award Winner 2018
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
2019 Charlotte-Metro ISSA Summit
From Coder to CISO, Developer to Director: How to Advance in Cybersecurity
1:15pm - 2:15pm
Charlotte Convention Center
501 S College Street
East Wing
Charlotte, NC 28202
More information
Moderator
Marci McCarthy
CEO and President
T.E.N.
Biography
Panelists
Robert Allen
Global Chief Information Security Officer
Gallagher
James Hillier
Associate CIO & CISO
Central Piedmont Community College
Biography
Jim Nelms
Chief Information Security Officer
Smithfield Foods
ISE® North America Executive: Health Care Award Finalist 2020
Biography
The cybersecurity industry is in desperate need of people with the skills and willingness to work in the trenches. Engineers, coders, analysts, developers, and others are crucial for any cybersecurity platform to succeed and flourish, but once security professionals find themselves in these positions, it can be hard for them to advance further up the ladder. It’s not a question of what position they would choose to advance to, but rather how they will advance into management and C-level roles. Success seems elusive only because it is rarely clear-cut, taking many forms and leading you down paths you don’t expect. That doesn’t mean you have to traverse the path alone, without any guidance to light your way, or stay stuck where you are. Join our conversation as leading security professionals discuss their insights, perspectives, and career experiences, exploring how they obtained their current positions and what advice they can give fellow security professionals about growing within the industry.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
Vikrant Arora
Chief Information Security Officer
Hospital for Special Surgery
ISE® North America Executive Award Finalist 2014 - Health Care Category
ISE® Northeast Executive of the Year Award Winner 2016
ISE® North America Executive Award Winner 2016 - Health Care Category
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
Dustin Wilcox
Vice President and Chief Information Security Officer
Anthem, Inc.
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
Connie Barrera
Corporate Director, Chief Information Security Officer
Jackson Health System
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program
5:30pm - 8:30pm
Morton's The Steakhouse - Downtown Houston
1001 McKinney St
Houston, TX 77002
Marc Crudgington
Chief Information Security Officer,
SVP, Information Security
Woodforest National Bank
Biography
Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
Fleming’s Prime Steakhouse & Wine Bar
4322 W Boy Scout Blvd.
Tampa, FL 33607
Ennis Alvarez
Vice President of IT Security & Infrastructure
Rooms To Go
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
John Valente
Chief Information Security Officer
The 3M Company
Biography
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
ISE® PRIVATE DINNER
Risk Is a Board Game: Navigating Board Conversations on Cybersecurity Risk
Selim Aissi
Senior Vice President & Chief Security Officer
Ellie Mae
Biography
You’ve gotten what you wished for. Cybersecurity and cyber risk are now board-level issues. Whatever barriers that once existed between business and security have disappeared, and your board is expecting a meaningful conversation on the topic. After all, board members can be held personally liable for business disruptions caused by security issues. Depending on how often these conversations occur, it’s probably safe to assume that the board a) has forgotten what you told them in the last meeting, and b) wishes you framed your reporting in more of a business context, especially if they don’t have an IT or security background. Join our conversation as we discuss how to properly navigate these board-level conversations and how you can provide them with answers that matter.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
J&G Steakhouse
The Phoenician Scottsdale
6000 E Camelback Rd
Scottsdale, AZ 85251
Shaun Marion
Vice President and Chief Security Officer
Honeywell International
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
TechBridge & Goodwill of North Georgia’s Technology Career Program
Leveraging LinkedIn to Jumpstart & Fast-Track Your Tech Career
5:30pm - 7:00pm
Smyrna Goodwill
3205 South Cobb Dr SE
Smyrna, GA 30080
More information
Instructors
Marva Bailer
Director of Global Field Success Leadership and Executive Engagement
Splunk
Biography
Marci McCarthy
CEO and President
T.E.N.
Biography
TechBridge and Goodwill of North Georgia have partnered to provide the Technology Career Program (TCP), a free, 16-week program geared towards helping young students successfully develop their careers in business education and technology. “Leveraging LinkedIn to Jumpstart and Fast-Track Your Tech Career,” is a 90-minute class which will include the best practices of establishing a well-rounded LinkedIn profile as an important, professional presence for new jobseekers who want to make a great impression on prospective employers. Each TCP Student will learn how to set up an account, build a professional network, engage in postings, and follow companies and groups that interest them. Marci McCarthy of T.E.N. and Marva Bailer of Splunk, who are expert social media users as well as TechBridge Board Members, will lead the class, showing TCP Students how to communicate and connect with companies and peers in the technology industry as well as how to use LinkedIn to research interviewers, prospective employers and companies. With Marci and Marva’s thorough coaching, TCP Students will be better equipped to pursue their ambitions and jumpstart their path to success by leveraging the many benefits of using LinkedIn.
ISE® PRIVATE DINNER
Risk Is a Board Game: Navigating Board Conversations on Cybersecurity Risk
Shaun Khalfan
VP, Information Security
Freddie Mac
Biography
You’ve gotten what you wished for. Cybersecurity and cyber risk are now board-level issues. Whatever barriers that once existed between business and security have disappeared, and your board is expecting a meaningful conversation on the topic. After all, board members can be held personally liable for business disruptions caused by security issues. Depending on how often these conversations occur, it’s probably safe to assume that the board a) has forgotten what you told them in the last meeting, and b) wishes you framed your reporting in more of a business context, especially if they don’t have an IT or security background. Join our conversation as we discuss how to properly navigate these board-level conversations and how you can provide them with answers that matter.
ISE® PRIVATE DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program
Moriah Hara
CISO Board Advisor
Clearsky Fund-and Glilot Capital
ISE® Northeast Executive Award Finalist 2017
ISE® North America Executive: Commercial Award Finalist 2017
Biography
Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.
ISE® PRIVATE DINNER
Risk Is a Board Game: Navigating Board Conversations on Cybersecurity Risk
Keyaan Williams
CEO
Cyber Leadership and Strategy Solutions, LLC
Biography
You’ve gotten what you wished for. Cybersecurity and cyber risk are now board-level issues. Whatever barriers that once existed between business and security have disappeared, and your board is expecting a meaningful conversation on the topic. After all, board members can be held personally liable for business disruptions caused by security issues. Depending on how often these conversations occur, it’s probably safe to assume that the board a) has forgotten what you told them in the last meeting, and b) wishes you framed your reporting in more of a business context, especially if they don’t have an IT or security background. Join our conversation as we discuss how to properly navigate these board-level conversations and how you can provide them with answers that matter.
ISE® VIP Signature Luncheon with Cisco at RSA® 2019
The Threat Is Real: Pushing the Boundaries of Threat Intelligence
March 7, 2019
11:30 am – 1:30 pm
Fang Restaurant
660 Howard St.
San Francisco, CA 94105
More information
As the digital world continues to expand at an alarming rate, attackers gain more opportunities and resources to effectively breach defenses. To protect against these threats, enterprises must go beyond tracking and detection to explore and advance today’s security technologies, so they can defend against tomorrow’s exploits. Security teams need threat intelligence and detection technologies to inform and defend their customer base from the latest malware and ransomware attacks before these threats blindside them. To do so requires security teams to have threat visibility in their email, networks, cloud, endpoints, and everything in between, allowing them to have a proactive approach and superior protection. However, security teams are already understaffed, struggling with the lack of experienced talent within the industry. By focusing on the right technology and processes, executives can alleviate this pain point and harness their teams to perform effectively, even as the search for people with desired skillsets continues. Join our conversation as we discuss comprehensive intelligence against the latest threats, innovative detection technologies, and how security executives can use them both to bolster their current teams and locate the right talent to fill the gaps.
ISE® VIP Reception with Digital Guardian at RSA® 2019
A 1-2 Punch: Data Loss Prevention and Endpoint Detection & Response
March 6, 2019
6:30 pm - 8:30 pm
Gallery 16
501 3rd Street
San Francisco, CA 94107
More information
Your business relies on data to grow; you need a way to understand all the risks targeting that data to support your security teams and senior leadership into making informed business decisions. Only Digital Guardian delivers a 1-2 punch of consolidated Data Loss Prevention and Endpoint Detection & Response so your security team can find, understand, and protect your enterprise’s data without excess cost or complexity. Your enterprise will be able to target and resolve security alerts that matter in real time, all with the aid of security analyst-approved workspaces, making next steps easier for your security team to determine. Join our conversation as we discuss how you and your security team can employ a purpose-built, SaaS platform that focuses on mitigating risks to your sensitive data and eliminates the need to waste time worrying about the infrastructure.
ISE® VIP Signature Luncheon with Respond Software at RSA® 2019
Which of the Status Quos in Security Needs to Be Broken?
March 6, 2019
11:30 am – 1:30 pm
Fang Restaurant
660 Howard St.
San Francisco, CA 94105
More information
Cybersecurity did not always have a status quo. IT professionals merely created best practices and shared them with the best of intentions. Because these practices and procedures worked at the time, we’ve been clinging to them ever since, even though they often create operational roadblocks and headaches and don’t always keep businesses safe. Why are common procedures and old beliefs about security lingering even though they are clearly outdated or outright wrong to continue? Join our conversation as we discuss security practices involving business, organization, operations, technology, and marketing, answering the questions of why certain activities persist despite being past their due date and how we can overcome the status quo.
T.E.N. & ISE® Sales and Marketing Breakfast at RSA® 2019
Why Relationships Matter: Best Practices for Connecting with Information Security Executives
March 6, 2019
7:45 am – 10:00 am
Oren’s Hummus San Francisco
71 3rd St, San Francisco, CA 94103
More information
In today’s cybersecurity-centric world, it’s no secret that CISOs are some of the busiest, most in-demand executives of all time, making appeals to the board for support and leading their teams through complex rollouts and management of their security programs. As well-funded cybersecurity programs have become a competitive and regulatory advantage in this era of security breaches and technological advancement, CISOs need to find the best security solutions that will help solve their enterprise’s unique challenges. In truth, most have little time to meet with vendors. Additionally, flashy emails, unsolicited cold calls, and other antiquated marketing tactics do not impress them and rarely lead to follow-up communications or meaningful interactions with vendors, let alone a sale. Most vendors believe that making the perfect pitch at the perfect time is the key to making a connection with CISOs, but the truth is much simpler yet also more complex: CISOs desire relationships with people they can trust. But how do you start building those relationships along with the trust that’s necessary to go along with them? What’s the best way for making introductions as timely and ethically as possible while also making the best first impression and to fast track your deal?
Find the answers to these important questions and more at T.E.N.’s ISE® Sales and Marketing Breakfast during the 2019 RSA® Conference. Our panel of executive thought leaders will share their real-world experiences and insights about Security Solutions Providers’ sales and marketing programs. Their candid views will give you an inside track to effectively marketing and selling solutions to the nation’s top IT and security executives.
ISE® VIP Reception with Agari at RSA® 2019
Trust Your Inbox Again
March 5, 2019
7:00 pm - 10:00 pm
Fang Restaurant
660 Howard St.
San Francisco, CA 94105
More information
Whether it is spear phishing attempts, business email compromise scams, account takeover-based attacks, or some other scheme capitalizing on the latest news headline or life event, fraudsters are here to stay—and they’re armed to the teeth with technology stacks familiar to any modern enterprise. As it stands, the average cost of a successful email attack can run your organization $1.6 million and up. If it leads to a data breach, you’re facing an average of $7.9 million in costs, according to Forbes—not to mention dilution of your brand, possible fines, and even criminal prosecution. To win the battle, we need to know our enemy. Instead of focusing on “the bad” by searching the entire threat surface of an organization to react to an attack in progress, it is important to begin understanding “the good” by looking at actual sender identity and defining trusted communications. By focusing on "the good" in real communications, it's possible to eliminate "the bad," even if the attack has never been seen before. Join us for an evening of connections and networking with your peers while we discuss the next generation of email security and regaining the confidence to open, click, and trust everything in your inbox.
ISE® VIP Signature Luncheon with ServiceNow at RSA® 2019
Can Connecting IT, Security and Risk Enable a Best-in-Class Security and Integrated Risk Program?
March 5, 2019
12:00 pm – 2:00 pm
Fang Restaurant
660 Howard St.
San Francisco, CA 94105
More information
The breaches of the past few years continue to show us that organizations are overwhelmed and struggling with patching software vulnerabilities. But what if security teams were enabled to properly pinpoint the vulnerabilities that represent the most risk and align these risks with overall enterprise risk? Join our conversation as we discuss how organizations are connecting IT, security and risk through continuous monitoring for risks due to software vulnerabilities, resulting in dramatic improvements in both their security posture and integrated risk program.
ISE® VIP Private Dinner with Demisto and Netskope at RSA® 2019
The Security Stack of the Future: From Ad-Hoc to Orchestrated
March 4, 2019
6:30 pm – 9:30 pm
Fogo de Chão
201 3rd St #100
San Francisco, CA 94103
More information
Current efforts to address the challenges of cybersecurity have involved arbitrary approaches with bolt-on technologies integrated through a best-effort approach. This piecemeal approach has both overwhelmed and exhausted security teams to the point where tools and alerts have just become noise. As businesses continue to embrace the cloud, security teams need to respond in a more agile manner. Join our conversation as we discuss balancing the needs of the business with an acceptable level of risk and establishing a more modern approach to provide visibility and security up and down the stack.
ISE® VIP Welcome Reception with Shape Security at RSA® 2019
Security Perfected for the Fortune 500, Now Available for All
March 3, 2019
5:30 pm – 7:30 pm
Fogo de Chão
201 3rd St #100
San Francisco, CA 94103
More information
Shape uses artificial intelligence to fight artificial users for some of the worlds largest name brands across every industry. We protect 2 of the top 10 global retailers, 3 of the top 5 global hotel chains, 2 of the top 10 global banks, and 5 of the top 10 global airlines. This technology that has been perfected for the Fortune 500, is now available for all companies, regardless of size or security budget. Join us to learn how Shape can best protect your website and mobile applications from imitation attacks with a solution that makes sense for you.
ISE® PRIVATE DINNER
Risk Is a Board Game: Navigating Board Conversations on Cybersecurity Risk
Randy Stroud
Vice President, Information Security, CISO
Hunt Companies
Biography
You’ve gotten what you wished for. Cybersecurity and cyber risk are now board-level issues. Whatever barriers that once existed between business and security have disappeared, and your board is expecting a meaningful conversation on the topic. After all, board members can be held personally liable for business disruptions caused by security issues. Depending on how often these conversations occur, it’s probably safe to assume that the board a) has forgotten what you told them in the last meeting, and b) wishes you framed your reporting in more of a business context, especially if they don’t have an IT or security background. Join our conversation as we discuss how to properly navigate these board-level conversations and how you can provide them with answers that matter.
ISE® Southeast Executive Forum and Awards 2019
The ISE® Southeast Executive Forum and Awards 2019 was held February 6, 2019 at the Westin Peachtree Plaza Downtown in Atlanta, GA. The ISE® Southeast Awards was held in conjunction with a one day Executive Forum which included keynote speakers, interactive roundtables moderated by the CISOs and VPs of participating companies, and hot topic panel discussions. The one day program offered the opportunity to meet with peers and leading IT executives from across the region to discuss and share insights into today's issues and solutions. Details
ISE® SOUTHEAST PRIVATE WELCOME DINNER
The World of Internet-scale Threats
5:30pm - 8:30pm
Morton’s The Steakhouse
303 Peachtree Center Avenue
Atlanta, GA 30308
ISE® Guest Host:
Kevin Gowen
Chief Information Security Officer
Synovus Financial Corporation
ISE® East Executive Award Winner 2022
Biography
Mike McNerney
Senior Director, Product Management Threat
NETSCOUT
The complex threat landscape is moving rapidly, expanding its footprint and changing tactics on a global internet scale. Now, even countries are highly targeted by Distributed Denial of Service (DDoS) attack campaigns, which dramatically increased in attack size and scale from 2017 to 2018. Vertical industry targets are also expanding, with government agencies, ecommerce, and mail-order houses experiencing an increase in attacks. With so much at stake, threat intelligence is more important than ever. Join our conversation as we discuss the latest trends and activities from nation-state advanced persistent threat (APT) groups, crimeware operations, and DDoS attack campaigns.
ISE® PRIVATE DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program
5:30pm - 8:30pm
BLT Steak
The Ritz-Carlton, Charlotte
110 N. College St.
Charlotte, NC 28202
Jim Nelms
Chief Information Security Officer
LabCorp
Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.
ISE® PRIVATE DINNER
Risk Is a Board Game: Navigating Board Conversations on Cybersecurity Risk
Ed Amoroso
Founder and CEO
TAG Cyber LLC
Biography
You’ve gotten what you wished for. Cybersecurity and cyber risk are now board-level issues. Whatever barriers that once existed between business and security have disappeared, and your board is expecting a meaningful conversation on the topic. After all, board members can be held personally liable for business disruptions caused by security issues. Depending on how often these conversations occur, it’s probably safe to assume that the board a) has forgotten what you told them in the last meeting, and b) wishes you framed your reporting in more of a business context, especially if they don’t have an IT or security background. Join our conversation as we discuss how to properly navigate these board-level conversations and how you can provide them with answers that matter.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
Morton’s The Steakhouse
3400 W Olive St., Suite 180
Burbank, CA 91505
David Alexander
Chief Information Security Officer
Los Angeles Department of Water and Power
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.
ISE® PRIVATE DINNER
Improving Visibility for Effective Threat Detection and Response
Eric Fisch
Head of Information Security GRC
USAA
ISE® West People's Choice Award Winner and Executive Finalist 2013
ISE® Central Celebrated Executive 2013
ISE® North America People’s Choice Award Winner 2013
Modern targeted attacks are designed to stay under the radar by moving in small, but deliberate steps over long periods of time and more often than not, with legitimate credentials from a compromised user, system, or device. According to the Verizon 2016 Data Breach Investigation Report, 70% of all insider and privilege misuse breaches took months or years to discover. Safeguarding against these threats requires a multilayered security strategy that includes the ability to detect and combat threats that have evaded traditional rule and signature-based solutions, while also using legitimate credentials of compromised employees, contractors, partners or IoT devices. Join our conversation as we discuss how you can leverage granular access control and visibility and combine this with automated attack detection for a more proactive and timely approach to security.
Atlanta Girls’ School Winterim 2019
Following Your Passion to Chart a Successful Path in Tech
12:00pm - 3:00 pm (2 sessions)
Atlanta Girls’ School
3254 Northside Parkway NW Atlanta, GA 30327
More Information
Marci McCarthy
CEO and President
T.E.N.
Biography
While women constitute a minority within the technology industry, we are now seeing improvements at drawing them into the field. For instance, the 2018 (ISC)2 Cybersecurity Workforce Study reports that women now represent 24% of the cybersecurity workforce, compared to past reports of 11%. Additionally, Millennial and Gen Y representation has increased to 35% from less than 20%. Though we’re progressing in making STEAM fields more accessible to women and young people, we still have a long way to go in dismantling the FUD and stereotypes that accompany these industries. The truth is, there’s more to technology than just programming and coding. Employers in these industries desire candidates with skillsets like marketing and business as well as soft skills like teamwork and collaboration—you can even be an entrepreneur! In other words, being tech-savvy isn’t the only path into a tech field; there are, in fact, many paths you can take and various avenues for you to get there. Join Marci McCarthy, CEO and President of T.E.N. and member of the AGS Board of Trustees, as she discusses how women can find success and a future within the tech industry by following their passions, even if said passion isn’t technical in nature.
ISSA Chicago Chapter Meeting
Building for the Future: Inspiring the Next Generation of Cybersecurity Professionals
3:00pm - 5:00 pm
Carlucci Rosemont
6111 North River Road
Rosemont, IL 60018 US
More Information
Presenter
Marci McCarthy
CEO and President
T.E.N.
Biography
It is important for young professionals to know they can have successful and impactful careers in the tech sector. However, to get more young minds interested in choosing careers in technology, the narrative needs to change to show that women and minorities have a future in the industry. Join Marci McCarthy as she discusses the importance of nurturing and growing the next generation of professionals in technology through mentorship opportunities, STEAM programs and other education opportunities.
ISE® PRIVATE DINNER
Security Maturity: Mapping the Road to Resilience
5:30pm - 8:30pm
The Palm
The Westin Buckhead Atlanta
3391 Peachtree Rd NE
Atlanta, GA 30326
Lonnie Benavides
Vice President, Head of Active Defense
Information, Security & Risk Management
McKesson
Biography
In order to optimize a company’s security strategy, organizations often focus on the people, partners, processes, and technology employed in their cyber security program. However, because of a disconnect between business objectives and security procedures, what is often overlooked is the inherent risk the organization faces based on compliance requirements, the amount and type of data they protect, and other business-specific factors. Understanding the difference between security activities and risk helps the smart CISO rationalize for security investments that address overall business risk and bolster an organization’s security strategy. Similarly, CISOs can benchmark their company’s security capabilities against industry peers and companies facing similar risks to make a case for further security investments. Cybersecurity works best when it extends across an organization and leverages cross-industry, outside expertise to expand the protection boundary against cyber threats. To make company-wide security maturity a reality, CISOs will need to cooperate with board members, legal teams, internal auditors, and third-party vendors to understand business needs and verify how security investments can help mitigate business risks. Join our conversation as we discuss what makes a business cyber resilient, the CISO’s role in achieving organizational security maturity, and the partnerships that allow it to be possible.