↓ Agenda Key
Visionary speaker presents to entire audience on key issues, challenges and business opportunities
Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.
Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics
Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.
Solution provider-led session giving high-level overview of opportunities
Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.
End user-led session in boardroom style, focusing on best practices
Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.
Interactive session led by a moderator, focused on industry issue
Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.
Overview of recent project successes and failures
Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.
Discussion of business drivers within a particular industry area
Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.
Analyst Q&A Session
Moderator-led coverage of the latest industry research
Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.
Several brief, pointed overviews of the newest solutions and services
Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.
Pre-determined, one-on-one interaction revolving around solutions of interest
Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.
Open Forum Luncheon
Informal discussions on pre-determined topics
Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.
Unique activities at once relaxing, enjoyable and productive
Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.
3:00 pm - 4:30 pm
4:30 pm - 6:00 pm
Kick off the summit by sitting with your peers and setting the stage by discussing the most pressing issues being faced by CXOs today and in 2018. This will be a moderated discussion and a great opportunity to build a community with those that are facing the same challenges as you do. Topics will include Digital Transformation, Security, Cognitive Computing (AI, Machine Learning) and IoT.
6:00 pm - 7:00 pm
7:00 am - 12:00 pm
Reserved tee times: 7:24am, 7:33am, 7:42am
Distance: 1.7 miles roundtrip
Elevation: 100 feet
Three trails come together to provide an easy, enjoyable hike on a relatively flat trail that crosses a desert bajada with trees, saguaro and other cacti, and desert shrubs. A wide variety of desert birds can be seen along this hike that also provides great mountain views.
10:30 am - 11:30 am
Come join us to begin the community building process with networking, Wi-Fi and coffee prior to the event kick-off.
11:30 am - 12:00 pm
A brief, 20-minute orientation session for sponsors to review all the details of the summit.
12:30 pm - 1:30 pm
1:35 pm - 1:45 pm
1:50 pm - 2:20 pm
Information security professionals have traditionally viewed themselves to be the judge and jury - the sole decision-makers of what will be accepted from a risk perspective. As a result, there is usually a disconnect in organizations between the information security team and the units responsible for driving the business that powers the organization. The actions of information security organizations results in business partners perceiving information security to be part of an ivory tower that is not accountable to anyone, but themselves. Making them unapproachable and unresponsive since they are uninformed regarding business needs.
Robert Hofstatter, Vice President, Global Information Security Operation Services, Scotiabank
2:25 pm - 2:55 pm
Organizations of all sizes are under attack and one common challenge is how ill-prepared they tend to be while responding. Join RSA as they talk about lessons learned and how to most effectively combine people, processes and technologies in the midst of a breach response.
3:00 pm - 3:25 pm
Knowing is half the battle when it comes to protecting applications and their sensitive data. Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality â?" not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol.
A real-time, embedded solution like Prevoty's runtime application self-protection (RASP0 changes the game completely. Prevoty places an automated security mechanism at the front of the lineâ?"directly in the application's operating environmentâ?"to immediately lower risk and act as a compensating control at runtime.
As such, Prevoty-enabled enterprises see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Prevoty RASP detects live production attacks and generates real-time security event longs and reports. Security teams can then correlate pre-production vulnerability scan results with Prevoty's runtime attack logs to go back, remediate based on actual riskâ?"not just hypothetical threats. The result? Improved forensics.
3:30 pm - 3:55 pm
For organizations to protect their critical assets, they need to develop an intelligence-led approach to prevention, detection and response. However, what is not clear is how organizations should allocate their spending across these fundamental capabilities. Join us in a conversation about how finite budgets, an ever increasing number of security tools/services and an ever evolving threat landscape can easily become a conversation about risk to drive budget decisions. What risk is your business willing or able to accept? What assets generate value in your business that you can't risk?
BAE Systems Applied Intelligence
4:00 pm - 4:10 pm
4:15 pm - 4:40 pm
Security situational awareness is an essential building block to estimate security level of systems and to decide how to protect networked systems from cyber-attacks. Thus, it is a great tool to use against ransomware attacks. Paying the ransom to regain access to data carries unacceptable risks including the attacker refusing to unencrypt the data or the payment encouraging additional malicious activity. This session will look at situational awareness as one proactive tool to mitigate the threat of ransomware.
Jim Kastle, Chief Information Security Officer, Conagra Foods
4:45 pm - 5:10 pm
If you don't know what and where your senstive data is, how can you be sure only the correct users are using it? Do auditors, top clients, or key business partners have confidence in your efforts? Are you able to enforce how classified data is actually used day-to-day? What if you could systematically discover your business files, in any language, and apply classification controls without spending time organizing specific keywords or phrases you should be identifying? DocAuthority's leadership team originally pioneered the data loss prevention (DLP) market in 2001. The team has built the next generation in data discovery, mapping & classification â?" in one centralized tool â?" requiring no end-user intervention, no keyword setup, and is truly automated.
5:15 pm - 6:15 pm
The role of the modern IT executive is more complex than it has ever been before. Not just because the technology landscape has become more complex, but also because increasingly IT executives have had to become a business-focused executive, not just a technologist. Long has it been discussed about the CIO and CISO getting a seat at the table, but modern businesses are now demanding that their technology impresario join them and leverage deep and rich technical acumen to allow the organization as a whole to better position itself for market-place success. To be successful, CxOs need to invest in themselves, in their personnel, and in the right technologies to allow them to position the IT department to proactively address business needs as an innovator and driver, rather than order-taker and enabler.
Sherry Aaholm, Chief Information Officer, Cummins Inc
Terry West, Chief Information Officer, Performance Food Group Co
Daniel Krantz, SVP Process & (CIO) IT, Volvo Group
Vish Narendra, VP & CIO, Graphic Packaging International, Inc.
6:15 pm - 7:00 pm
7:00 pm - 8:30 pm
7:15 pm - 7:25 pm
7:25 pm - 7:45 pm
With cyclonic technologies like AI and automation sweeping the globe, established industries can be shaken up or taken down in less time and with less effort than ever before. Businesses big and small need a revolutionary, not evolutionary, digital strategy. Thankfully, serial entrepreneur and CEO Jedidiah Yueh has compiled an arsenal of essential frameworks to help companies survive and thrive in the digital era.
With over twenty years of experience as a digital disruptor, Yueh provides business owners and executives with the critical insights into why current efforts are failing and the tools to build digital products for sustainability, profitability, and survival.
After this thought-provoking session, Jed will be available to personally chat through his experiences as he kindly hands out copies of his new and anticipated best-seller.
Jedidiah Yueh, Founder and Executive Chairman, Delphix
8:30 pm - 11:00 pm
7:00 am - 8:00 am
8:10 am - 8:40 am
If mergers and acquisitions are in your organization's future then you need to understand assessment techniques, security-related processes, and post-merger integration plans. One of first questions which needs to be answered involves third-party sharing. That is, do you have a strong foundation for sharing highly-confidential data and once data is shared do you have data-protection mechanisms for controlling sharing sprawl and preventing data loss? If not then during this presentation you will gain insight into determining the who, what, where, when, why, and how highly-confidential data can be securely shared between organizations. Not only will you hear about foundational controls but also due diligence options which can be performed â?" especially in regulated areas of business operations.
Brian Lawhorn, Chief Information Security Officer, Kroger Co.
8:45 am - 9:15 am
Ultimately the target of bad actors is your valuable data. Are you doing enough to protect the data that is critical to your organization and customers? The best practices for Information Risk and Protection are like playing ?Treasure Hunt.? Imagine yourself in a tropical paradise. You need to find and guard a cache of valuable buried treasure. This session will first share the security trends and challenges that IBM sees in its 17,500 customers followed by a review of a best practice methodology and approach for identifying, classifying and holistically protecting your organization's critical data wherever it resides. Learn how you can find and guard your own ?crown jewels? and keep pirates away.
9:20 am - 9:45 am
We all know that the operating paradigm in which business is conducted changes on almost a daily basis, yet the way we defend our business has remained static for nearly 3 decades. And that's why Gemalto introduced the concept of Securing the Breach.
9:50 am - 10:15 am
10:20 am - 10:30 am
10:35 am - 11:00 am
There's no shortage of voices telling you what to do each day: "Eat your vegetables. Look both ways before you cross the street. Patch all your vulnerabilities. NOW!" How nice would it be to hear a voice saying that you can actually take something off your plate? As your organization embraces the digital transformation you will see that there are a number of things that you could cease doing today. In this presentation we will talk about what you can phase out, why it is not necessary and how your security workflow and cyber operations consequently will be far more efficient and effective.
Tenable Network Security
11:05 am - 11:30 am
The EU's General Data Protection Regulation goes into effect in May 2017 and tightens privacy protections for EU residents by outlining new provisions and compliance requirements for -personal data-. The new regulation may have serious implications to an organization's Cyber Security program. This Think Tank will discuss general themes the CISO should consider as they prepare their organization to obtain GDPR compliance.
John Whiting, CSO, DDB Worldwide (An Omnicom Co.)
11:35 am - 12:00 pm
How to leverage DNS data to protect your network from cyberattacks.
Here are two frightening stats from a recent expert security survey:
DNS is the most pervasive network protocol, making it the perfect gateway for malicious activity and the spread of malware throughout an organization. For now, enterprise security teams have typically ignored internal network traffic and completely overlooked DNS activity in their defense strategies. Instead, they make the mistake of doubling down on perimeter risk mitigation measures like firewalls and secure web gateways.
Security expert, Scott Penney of BlueCat, will discuss findings from a new cyber security whitepaper that demonstrate how leveraging the intelligence already available in your DNS activity data allows security professionals to:
Join BlueCat's Scott Penney to learn how DNS can defend your estate from the most sophisticated and most common attacks.
12:05 pm - 12:30 pm
Risk Tolerance is nothing more than a reflection of a given decision-maker's attitude in a given decision. Whether this attitude is persistent across decisions with security choices is unclear, but seems to trend toward inconsistency these days.
Defining the scenario, assessing the risk (which includes threat, vulnerability, and impact), make the decision. As some have stated, "risk tolerance" is implicit in making the decision. However, unlike financial services (especially investments), where you can pre-determine your "risk tolerance," in enterprise risk management (ERM) you are effectively determining your "risk tolerance" on the fly, at decision time.
Takeaway - "risk tolerance" is less important than "decision analysis" and how you make a legally defensible decision!
Rajat Sen, Director Information Security (CISO), Republic Services
12:35 pm - 1:20 pm
1:25 pm - 1:50 pm
There is a security war that is focused on defending against adversaries that always seem to be one step ahead. Why focus less on prevention technologies and more on the detect and respond capabilities? What do teams look like and what skills are needed in the next generation SOC?
Paul Black will walk through his vision of the next generation SOC and the skills needed to get there.
Paul Black, VP Cyber Security Operations, McKesson
1:55 pm - 2:20 pm
In the world of security, we love tools: we want to analyze, manage, and understand what is happening in our digital world.
So much data is in motion and the speed at which data flows is ever increasing. An ever-larger field of tools has different data needs, and yet there is a single source of truth in our environments. How do we simplify?
We call this visibility, and by looking at this across our enterprise we can begin to understand how we can design our environments to be more efficient while at the same time being less complex and costly.
2:25 pm - 2:50 pm
The cyber-threat landscape is changing. In addition to high-speed attacks, today's most sophisticated threat-actors are playing a longer game â?" one that is silent and stealthy. Their objective is to disrupt operations, undermine trust, or simply learn trade secrets by going undetected inside networks.
2:55 pm - 3:20 pm
Intelligence and Security Informatics (ISI) is defined as the development of advanced information technologies, systems, algorithms, and databases for international, national and homeland security related applications, through an integrated technological, organizational, and policy-based approach (Chen 2006).
In this new era where of advanced persistent threats (APT), malware, ransomware, and malicious embedded code wreaking havoc on enterprises, there is a need to for a new approach to security. This approach has to enable the business to collect all kind of information from netflows to fine grain details about access to DNS to proxy information and not to forget of course about endpoints data.
The problem today lies in the cost associated with popular platforms since their cost model prohibit organizations unlimited collection of data. The other problem lies in that these tools are not able to sift through this massive amount of data since it lacks any machine learning or artificial intelligence (AI). It can't pick a true security anomaly based on statistical modeling and instead focuses on pure events correlation that can be effective but very limited with this massive amount of data.
The false positive rate and the continuous human tuning of these consoles and dashboards deem them ineffective as next generation tools capable of reducing load, decreasing dwelling time, and reducing cost. To the contrary, current SOC frameworks keep increasing the number of staff required to run effective SOC by the day and the cost just to acquire the methodology of operational excellence can get to four times the price of the technology itself.
The new wave of Machine learning and Artificial has to reduce cost, enhance coverage, and provide better protection for the enterprise.
Hussein Mereby, Executive Information Security Director (CISO), Veritiv
3:25 pm - 3:35 pm
3:40 pm - 4:05 pm
Cybersecurity is hard. There's a lot of technologies available to handle specific threats, but figuring out how to effectively respond to threats as they quickly evolve requires a more enlightened approach. Gartner calls this approach Managed Detection and Response. In this session, eSentire CTO will talk about how balancing prevention with detection and response is critical to keeping the inevitable breaches small, and not business impacting.
4:10 pm - 4:35 pm
Creating the basic security infrastructure and processes must be done as the foundation of any security program. But what do you do next?
Do you know what the next steps are, how you will measure your progress and report to management that you have a strategy that will help your CyberSecurity program effectively manage your risks.
This Think Tank will explore those next steps and give you a framework to use in your own program maturity development.
Mark Van Holsbeck, CISO, Avery Dennison
4:40 pm - 5:40 pm
Robots and automation systems are no longer limited by onboard resources in computation, memory, or software. "Cloud Robotics and Automation" is where robots and automation systems share data and code and perform computation via networks building on emerging research in cloud computing. Teleoperation and cloud technologies will cause mass consumerization of robotics over the next five years. Between 2017 and 2022, Cloud Robotics will facilitate a major shift of manufacturing into cloud infrastructure The combined Cloud Robotics market will reach $18.2 billion by 2022.
Dave Hudson, Chief Information Officer, Veritiv
David Jarvis, CIO, Honeywell
Krishna Nathan, EVP CIO, S&P Global
Paul Moulton, EVP & CIO, Costco Wholesale
Ralph Groce III, Global CIO, Everest Reinsurance Company
5:45 pm - 6:00 pm
6:00 pm - 7:00 pm
7:00 pm - 8:00 pm
8:00 pm - 10:00 pm