CISO Summit | April 2-4, 2017 | The Ritz-Carlton Coconut Grove, Miami - Miami, FL, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Sunday, April 2, 2017 - CISO Summit

3:00 pm - 4:30 pm

Registration & Greeting

 

4:30 pm - 6:00 pm

Exclusive CXO Think Tank

 

6:00 pm - 7:00 pm

Networking Cocktail Reception

 

7:00 pm - 8:30 pm

Networking Dinner

 

8:30 pm - 10:00 pm

After Dinner Networking

 

Monday, April 3, 2017 - CISO Summit

7:00 am - 7:55 am

Registration and Networking Breakfast

 

8:00 am - 8:10 am

Welcome Address and Opening Remarks

 

8:10 am - 8:50 am

Keynote Presentation

TBD

TBD

Presented by:

Margarita Santiago, Senior Director, Risk and Compliance, Lennar Corp.

 

Juan Gomez-Sanchez, Chief Security Officer, Lennar Corp.

 
 

8:55 am - 9:35 am

Keynote Presentation

Shadow IT - To Embrace or Eliminate?

Best practice in most enterprises, at least as far as the CIO and CISO goes, is to squash Shadow IT wherever it is encountered. Shadow IT, the argument goes, leads to a world of data and integration problems for the IT department, and significant amounts of unknown and unquantifiable risk for the information security group. A small but vocal minority however is beginning to advocate for Shadow IT as a catalyst of innovation, citing the increases in productivity and creativity by allowing enterprise staff to find their own out of the box solutions to organizational problems. CISOs can allow their organizations to have their cake (Shadow IT) and eat it too (still be secure) by following a few simple steps that allow them to build in security regardless of user activity.

Takeaways:

  • Shadow IT is not malicious activity; it is simply the Line of Business user community looking to be efficient and effective
  • A well-developed security program can take Shadow IT into account and incorporate protection mechanisms that allow end user flexibility
  • Embracing Shadow IT does not mean ?no holds barred? and end users need to understand the limit of the boundaries and the reason for their existence
 

9:40 am - 10:10 am

Executive Exchange

 

Executive Boardroom

Business Defense: Reducing your Time to Know

Cyber-enabled threats have evolved from relatively simple approaches to highly complex targeted attacks. Unfortunately companies have to defend themselves at all levels of this ?threat pyramid'. Organizations can't respond to an incident if they can't detect it รข?" the time taken to detect unwanted activity is the key. As defenders, the time taken by attackers to find what they are looking for is our opportunity to stop them before they can harm our organizations. Join us in a conversation about what businesses can do to reduce their Time to Know and improve their ability to protect their critical assets.

Takeaways:

  • Discuss why reducing the Time to Know is important
  • Learn where Security Analytics fits in your Defense Strategy
  • Discover how to strike a balance between prevention, detection and response measures

Sponsored by:

BAE Systems Applied Intelligence View details

 
 
 

10:15 am - 10:30 am

Morning Networking Coffee Break

 

10:35 am - 11:05 am

Executive Exchange

 

Think Tank

Building Dynamic Security Teams

There's no other way to say it than bluntly; Information Security is a white-hot field within Information Technology as a whole " over the last dozen years it has gone from after-thought, to scapegoat, to critical enterprise success factor. As a result, the need for capable and qualified Information Security specialists, whether front-line Analysts, mid-level Managers, or top level CISOs is at an all time high, but personnel and skills availability is sinking to an all-time (at least in terms of supply and demand ratio) low. There simply isn't enough expertise in existence to go around, or enough education occurring to create it. In this environment, senior Information Security leaders have to get creative in their pursuit of the people, performance, and passion necessary to address this capability shortfall.

Takeaways:

  • Learn how to build grass-roots programs that cultivate a farm full of potential security experts through internal and collaborative programs
  • Find out how to leverage key organizational traits to generate buzz and interest where none existed before
  • Understand the relevance of certs vs. experience and how to evaluate and validate the value of candidates

Presented by:

Andrew Tuck, CISO, Costco View details

 
 
 

11:10 am - 11:40 am

Executive Exchange

 

Executive Boardroom

The Year of Ransomware: Can Technology Alone Prevent Phishing Attacks and Breaches?

2016 is certainly shaping up to be the year of the ransomware attack. As ransomware and phishing attacks continue to grow in number and sophistication, organizations need to reconsider their current security strategy. Companies continue to invest billions of dollars in technology to shore up their defenses against these threats. But is that enough? Is complete reliance on technology the answer? Or should we focus on the human and human behavior?

Sponsored by:

PhishMe View details

 
 
 

11:45 am - 12:15 pm

Executive Exchange

 

Think Tank

GDPR is Coming - Is your Cyber Security Program prepared?

The EU's General Data Protection Regulation goes into effect in May 2017 and tightens privacy protections for EU residents by outlining new provisions and compliance requirements for ?personal data?. The new regulation may have serious implications to an organization's Cyber Security program. This Think Tank will discuss general themes the CISO should consider as they prepare their organization to obtain GDPR compliance. 

Takeaways:
  • Understand key components of GDPR and how they may impact your organization's Cyber Security program
  • Highlight core Cyber Security practices that should be established and implemented to prepare for GDPR compliance
  • Discuss ongoing efforts that may be needed to maintain compliance

Presented by:

Nashira Layade, CISO, Realogy Holding Corp. View details

 
 
 

12:20 pm - 1:20 pm

Networking Luncheon


 

1:25 pm - 1:55 pm

Executive Exchange

 

Think Tank

Building a Collaborative and Social IT Security Program

In todays environment there can be no arguing that a comprehensive IT Security program is a de facto requirement for every organization. Such a program needs to address the full range of security threats that can be leveraged against an organization, needs to be integrated into whatever regulatory and governance requirements exist, but beyond that it needs to be accessible, consumable, and actionable by everyone that is influenced by it, or interacts with it. Building a program that is shared through social channels and relies on the collaborative input of employees and constituents for not only creation but enforcement will drive higher levels of adoption, responsiveness and, ultimately, protection.

Takeaways:

  • A security program, that is the stated intentions of the organization combined with the policies and tools to back those intentions up is essential
  • The program needs to be easily communicated, easily consumed, and easily complied with
  • Using an open social and collaborative approach to creation, distribution, and enforcement ensure greater adoption and ultimately greater security

Presented by:

Ben Murphy, Deputy Chief Information Security Officer, Aflac

 
 

2:00 pm - 2:30 pm

Executive Exchange

 

Executive Boardroom

Balancing Reactivity and Proactivity in Enterprise Security

As with all things in life, the focus on how to conduct enterprise security ebbs and flows between varying degrees of reactivity and proactivity. In the old school Security 1.0 world, where the focus was almost completely on network security, efforts were in general proactive in nature with firewalls and anti-malware seeking to prevent threats before they even occurred. This didn't work so well and so Security 2.0 focused on reactivity, wrapping things like encryption around the data so that even if a breach occurred, the loss would be mitigated. Yet breaches, and losses, continue to occur. So if primarily proactive security doesn't work, and if primarily reactive security also doesn't work, how then do we find the right balance between the two to find a security posture that does work? 

Takeaways: 

  • Proactive security measures, those that prevent a threat from occurring are valuable and necessary but haven't proven effective
  • Reactive security measures, those that mitigate a threat that has occurred are also valuable but complicated a limit enterprise efficiency and efficacy 
  • A new approach is needed, but is that one that blends techniques or one that finds new approaches (whether they be reactive, proactive, or both)?

 

2:35 pm - 3:05 pm

Executive Exchange

 

Think Tank

Speaking the Language of the Business

For many years the CIO, has struggled with the concept of IT-Business alignment and finding ways to ensure that the IT department and the Lines of Business with which it integrates have a common understanding and ability to communicate. Now, as the CISO and the information security department grow out of the IT shadow, they increasingly find themselves in the same position. Their challenge however is greater in that the concepts of IT security are in many ways more abstract than those of generalist IT, and their activities often run counter to the goals of the rest of the organization. CISOs must learn for the trials and tribulations of the CIO and the IT department, and find common ground with the business, to ensure they can hear what their partners are saying, while communicating their own points in understandable terms.

Takeaways:

  • IT-Business communications have long been strained and only now are improving across most organizations through concerted effort
  • IT has had to find ways to speak the language of the business " it was not the business that learned to speak IT
  • The CISO must adopt and emulate the successful communications practices and strategies of the IT department or risk serious relationship issues

Presented by:

Wayne Hilt, Managing Director, Cyber Security, NiSource View details

 
 
 

3:10 pm - 3:25 pm

Afternoon Networking Coffee Break

 

3:30 pm - 4:00 pm

Executive Exchange

 

Executive Boardroom

The Rise of Cloud Infrastructure - Partnering with DevOps

With cloud computing at the core of digital transformation, CISOs are challenged with managing business risks of continuously changing cloud infrastructure. Rather than impede DevOps productivity, you arm the team with security best practices for configurations and access policies. However, lack of visibility into the cloud infrastructure environment hinders your ability to audit for compliance. Furthermore, incident investigation and response is nontrivial without an intimate understanding of the environment. This session will highlight how CISOs can unintrusively obtain holistic visibility across their entire cloud infrastructure footprint and accelerate digital transformation.

Sponsored by:

RedLock IO View details

 
 
 

4:05 pm - 4:35 pm

Executive Exchange

 

Think Tank

Physical and Digital Convergence

The discussion around the convergence of physical security and information security dates back over a decade, but though much was made of the concept in the early 2000's little was actually done and the buzz faded. Flash-forward to today however and the buzz is back because of the increased focus on holistic risk management, the increased pressure of greater compliance requirements, and the increased demand for every aspect of the business to be a value generator. CISOs and CIROs need to evaluate the opportunities for both technology convergence (streamlining platforms) and organizational convergence (streamlining roles) to meet new threat protections mandates.

Takeaways:

  • As enterprise security matures and morphs or integrates into enterprise risk management, converged security becomes a must have
  • Convergence allows for far greater levels of visibility and control of threats and threat actors
  • Convergence enhances not just base security but also top-level risk management, enterprise compliance, and even operational value

Presented by:

Quinn Shamblin, Director of Enterprise Security Architecture, United Health Group View details

 
 
 

4:40 pm - 5:30 pm

Executive Visions

Facilitating Technology-Enabled Business Transformation

The role of the modern IT Executive is more complex than it has ever been before, not just because the technology landscape has become more complex, but also because increasingly IT execs have had to become a business-focused executive, not just a technologist. Long have we talked about the CIO and CISO getting a seat at the table but modern businesses are now demanding that their technology impresario join them and leverage his deep and rich technical acumen to allow the organization as a whole to better position itself for market-place success. To be successful, CxOs need to invest in themselves, in their personnel, and in the right technologies to allow them to position the IT department to proactively address business needs as an innovator and driver, rather than order-taker and enabler.

Takeaways:

  • IT leadership can no longer be simply technology focused, but must instead take their visibility into business process and become business focused
  • A broader business-focus does not preclude maintaining technology excellence however and indeed may demand more of it than ever before
  • Success for CxOs will be measured not in how they can enable enterprise decisions, but in how they can drive growth
 

5:30 pm - 6:30 pm

Cocktail Reception

 

6:30 pm - 8:00 pm

Networking Dinner

 

8:00 pm - 10:00 pm

After Dinner Networking

 

Tuesday, April 4, 2017 - CISO Summit

7:00 am - 8:00 am

Networking Breakfast

 

8:10 am - 8:50 am

Keynote Presentation

Avoiding ERM for the Sake of ERM

In many ways ERM, or Enterprise Risk Management, has become just another buzz word that is bandied around without any clear understanding of its meaning, any clear understanding of its value, or any clear understanding of how it can be achieved. ERM is not a project or a task on a list to be checked off. Instead it is a fundamental change in how an enterprise approaches the way it conducts its business to ensure that all possible impacts to its capital and earnings are identified, quantified, and mitigated. Such a sweeping paradigmatic shift isn't something that can be taken on lightly and enterprises seeking to just place a check mark next to a to do list line item will be sorely disappointed in their results.

Takeaways:

  • ERM is a way of life, not a one-time effort and the only way to value is to come to that realization early
  • To be successful, an ERM deployment must be sponsored from the top and have the involvement of every level and every department
  • Even though ERM initiatives are all-encompassing it's best to start small; trying to boil the ocean is the surest way to failure and loss of good will and buy-in
 

8:55 am - 9:35 am

Keynote Presentation

Addressing Privacy on a Global Scale

Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.

Takeaways:

  • Privacy is one of the most challenging issues for any business and CISO to address
  • The difference in regulations between and among European countries (both those in and out of the EU itself) and North American ones means traversing a fraught landscape
  • A strong approach to privacy that addresses global differences is essential to being a stable and viable global business

Sponsored by:

Fortinet View details

 
 
 

9:40 am - 10:10 am

Executive Exchange

 

Thought Leadership

Identity and the New Age of Enterprise Security

From a technology standpoint, as a ?society? the world of business has gone through two distinct stages in the evolution of its information security focus. The first addressed network based protection and preventative controls such as firewalls and anti-malware. The second looked at data-centric and detective controls such as encryption and intrusion/extrusion monitoring. Since breaches continue to occur at a record pace, what is need new is clearly a new evolution, one that pushes towards individual focused security through granular user monitoring and management as provided by solutions such as Identity and Access Management. While IAM isn't a new technology field, it is one whose time has come and CISO need to begin investing in modern-day, light-weight, easy to implement IAM solutions now to stay ahead of the curve, and reduce enterprise threats.

Takeaways:

  • The breach onslaught demonstrates that existing security solutions are incapable of defending current threats
  • Enterprises need to begin looking at security from an activity perspective rather than an artifact perspective
  • IAM provides activity insight, and therefore threat awareness, no other platform can equal
 

10:15 am - 10:30 am

Morning Networking Coffee Break

 

10:35 am - 11:05 am

Executive Exchange

 

Executive Boardroom

TBD

Sponsored by:

Thales, e-Security View details

 
 
 

11:10 am - 11:40 am

Executive Exchange

 

Think Tank

Security and Compliance; Chicken and Egg or Chalk and Cheese?

Since regulatory (and industry) compliance became a notable thing in the early-mid 2000's it has been intimately linked with information security and often times has been the lever (or hammer) by which enterprises made necessary investments in security. But being compliant and being secure aren't the same thing, and in too many cases enterprises that were perfectly compliant have been perfectly breached. A new focus is needed; one that respects that while security and compliance are not the same thing, they are working towards the same goal (a reduction in overall enterprise risk exposure) and sees that compliance flows from security.

Takeaways:

  • While a secure company is likely a compliant company, the same cannot be said of the reverse situation
  • Just because compliance has loosened the purse strings doesn't mean it takes a pre-eminent position on security investments
  • Reducing enterprise risk is the goal of both practices but without appropriate focus on both is a goal that will never be achieved

Presented by:

Jeffrey Vinson, VP and CISO, Harris Health System

 

11:45 am - 12:30 pm

Executive Visions

Diversity in IT

The importance technology plays within an enterprise will only continue to gain momentum as more developers, engineers, and programmers enter the workforce. As these segments continue to grow, so does the diversity of the workforce within the technology field. For a field that is severely constrained by a talent and skills gap, this influx of bodies can only be a good thing. Beyond the basic ability to deliver of identified capabilities a diverse workforce, whether cultural or gender influenced offers a whole that is more than the sum of the parts. Finding ways to drive and increase diversity in IT then should be a key focus for every IT executive.

Takeaways:

  • Identify the importance behind diversity in technology, opportunities, and capabilities
  • Discuss the importance of cultivating diversity at the grass-roots level and building post-secondary programs that drive awareness of and interest in IT
  • Understand the hurdles that exist that limit the prevalence of diversity in IT, and what steps must be taken to lower, if not eliminate, them
 

12:30 pm - 12:40 pm

Thank You Address and Closing Remarks

 

12:40 pm - 1:30 pm

Grab and Go Luncheon