↓ Agenda Key
Visionary speaker presents to entire audience on key issues, challenges and business opportunities
Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics
Solution provider-led session giving high-level overview of opportunities
End user-led session in boardroom style, focusing on best practices
Interactive session led by a moderator, focused on industry issue
Pre-determined, one-on-one interaction revolving around solutions of interest
Discussion of business drivers within a particular industry area
Analyst Q&A Session
Moderator-led coverage of the latest industry research
Several brief, pointed overviews of the newest solutions and services
Overview of recent project successes and failures
Open Forum Luncheon
Informal discussions on pre-determined topics
Unique activities at once relaxing, enjoyable and productive
The CISO role has generally grown up under the umbrella of the IT department as a whole, and while their responsibilities often run in parallel to those of “general” IT, increasingly they are in direct contrast. Where the CIO is tasked with operational efficiency and the delivery of services, the CISO’s mandate is to make sure enterprise resources are always secure and protected. With security breaches increasing in volume and visibility, perhaps the time has arrived to ask which of the two has greater impact on organizational success, and which therefore takes precedence. As businesses begin to ponder this question, it brings into focus the issue with reporting, and who should report to whom. Should the CISO continue to report to the CIO, should roles be reversed, or should the two be considered peers with neither taking dominance over the other? The world has changed, maybe reporting structures need to change as well.
Gary Phillips, CISO , Time Warner EIS
Michael Walsh, CTO & SVP, iHeartMedia Inc
Wayne Pederson, Global Senior Director IT , Bloomin' Brands
Cyber analysis is perhaps one of the newest fields in the security profession. The cyber analysis discipline blends aspects of intelligence analysis, information security, and forensic science. Network traffic and system logs are a foundational data source for cyber analysts – but they must also consider external and human generated sources of information. By using cyber analysis, one can detect infiltrations faster, regardless of their source. Pairing advanced platforms with a human is the most effective way to detect an infiltration. This session will discuss the emerging field of cyber analysis and use of the Enterprise Insight Analysis (EIA) platform in specific use cases.
The enterprise security landscape is changing. Employees now work wherever work needs to get done. And the data has left the office, too. With employees leaving the building and accessing corporate applications in the cloud, how do you keep your business secure when the world is your perimeter?
In this session, David Ulevitch, Vice President for Cisco’s Security Business Group, will discuss how cloud security provides an added layer of protection for companies. Mr. Ulevitch will discuss how cloud-delivered security can protect common “weak links” targeted by attackers such as branch offices, vendor networks and off- network employees. Learn how security professionals and Internet-scale solutions are leveraging Internet-wide visibility to identify attacks before they strike.
More and more organizations are embracing the cloud and mobility to improve productivity and make their business more competitive. This is turning the current security landscape upside down. At the same time newer, more advanced threats are creating new risks that traditional security appliances struggle to keep up with. CIOs and CISOs are looking for new approaches to securely adopt cloud and mobility.
In this session Zscaler will discuss why many IT organizations are choosing to adopt a cloud-based approach to securely enable mobility, cloud applications and social media, while ensuring compliance and reducing risk.
The audience will learn how a cloud security strategy can help them.
The internet is a ubiquitous tool, providing access to a treasure trove of information. Like an ocean, the internet is deep and full of predators surfing for victims for their next attack. Enterprises are particularly vulnerable due everyday employee access to the internet, where legitimate sites are frequently compromised to distributed malware to unsuspecting visitors.
Understanding how the internet works and how bad actors target and perpetrate attacks is critical to defending your enterprise infrastructure. This session will present a detailed description of the parties involved in rendering a site, how these parties operate, points of vulnerability and steps you should take to secure your business.
Reviewing actual, legitimate sites, you’ll learn:
Cyberattacks often focus on personal data. Big breaches get a lot of attention, and they should. Personal data is at risk and must be protected. Then again, companies and their industries must also deal with the risks of cyberattacks against critical infrastructure. Alarmingly, such attacks are aggressive, sophisticated and executed at machine speed.
The financial sector has developed a three-pronged approach to improving operational readiness: (1) improve resilience by mapping the industry’s ecosystem, identifying interdependencies, and creating “buffers” and other controls to prevent propagation and contagion; (2) share information with other companies and government agencies – at machine speed; and (3) conduct sector-wide cyberattack simulation exercises.
Join this think tank as a practitioner and problem solver. Learn more about what the financial sector is doing and how it’s working with DHS, FBI and regulators to raise the bar through collaboration. Share your thoughts with other CISO-level experts about what your industry’s doing and what it’s not. And, speak plainly about the “ins” and “outs” of working with others outside your walls and firewalls.
Daniel Conroy - CISO of Synchrony Financial, will provide a wealth of knowledge as it pertains to the current threat landscape - who the bad guys are - what they are doing - and what businesses need to know and do to get ahead of them.
Daniel's speaking engagements take a unique approach on "Security Awareness" apart from the traditional sense. He speaks about the serious state of Cybersecurity Threats, and Cybercrime vs. Security Awareness as a Business.
With that established, Daniel will speak to his experiences as an Ambassador who is on the leading edge of "Security Awareness as a Business" to get in front of the criminals, or what he describes as Nirvana.
Topics overall include the importance of non-traditional collaboration, metrics including the importance of Intel indicators, and finally preparation for the inevitable when there is a security breach.
Privilege accounts are vulnerable and do present and IT risk. This has been proven in every major breach in 2014.
What you need to do is identify all types of privileged account in your organization.
And identify the appropriate measures to properly secure those accounts.
Enterprise data, and in particular personal identifiable information (PII), is the pot of gold at the end of the rainbow for hackers. And applications have become the easiest the way in. In response, enterprises are now placing an increased focus on application security. But what makes up a comprehensive appsec program?
This session will discuss the state-of-the-art in application security technologies and approaches, including application security monitoring, vulnerability detection and remediation, web application firewalls (WAF’s), database activity monitoring (DAM), runtime application self-protection (RASP), and Secure Software Development Lifecycle (SSDLC) methodologies.
A phishing attack is identified every minute with real consequences; it erodes brand reputation, costs companies millions and compromises consumers and employees alike. Billions of email accounts are now protected by DMARC (Domain-based Message Authentication, Reporting & Conformance), and enterprises such as Fidelity, Visa, Bank of America, and AMEX have implemented more secure email solutions -- but is this enough?
This session considers different perspectives on eliminating email threats and rebuilding trust in email through a multi-layered security strategy. It includes a breakdown of what this holistic strategy “beyond DMARC” looks like, best practices for implementing it to protect your brand, your customers, and your bottom line. It also discusses the emerging solutions that fuel such a strategy, including predictive email threat intelligence and TLS and DNS secure email browser blocking.
For many years the CIO, has struggled with the concept of IT-Business alignment and finding ways to ensure that the IT department and the Lines of Business with which it integrates have a common understanding and ability to communicate. Now, as the CISO and the information security department grow out of the IT shadow, they increasingly find themselves in the same position. Their challenge however is greater in that the concepts of IT security are in many ways more abstract than those of generalist IT, and their activities often run counter to the goals of the rest of the organization. CISOs must learn for the trials and tribulations of the CIO and the IT department, and find common ground with the business, to ensure they can hear what their partners are saying, while communicating their own points in understandable terms.
Over the past years, information technology professionals have gotten better about securing our servers, our workstations, and our corporate networks. And we are adapting, however slowly, to the notion that even defense in depth can be breached; and thus our data and operations must be resilient against insiders as well.
The Internet of Things (IoT) presents the newest set of challenges in the ongoing quest for security and privacy. Many of the consumer devices being connected were not designed to have their sensitive control systems and data storage connected to potentially untrustworthy networks. And in the pursuit of ubiquity, technical standards solve for cost, space utilization, and power consumption as much (or more) than they solve for security and reliability.
In this presentation, we will equip security leaders with new ways of thinking for the post-IoT world. We will discuss key security challenges facing IoT adopters, and offer suggestions on how to address them.
Security leaders will learn about:
They’ve been doing it to us for years; now you can fight back. For decades, the security industry has been struggling to keep up with cyber attackers’ pace of innovation and collaboration. Gone are the visions of sole hackers stowed away in dark basements.
Today’s cyber criminals represent coordinated, well-funded, highly sophisticated organizations that collect data on their targets, build simulations on existing defenses, and practice the best ways to break through disparate point solutions. Learn how you can break a hacker’s heart by developing a security approach that they cannot easily simulate in their own labs.
Join us for an open roundtable to understand how you can:
As networks become more open and interconnected, attackers are increasingly able to gain entry and begin their attacks. Given enough time, the keys to the kingdom can be compromised and used to bypass all of your security controls.
Learn what hackers find to be their easiest avenues to gain critical data, and how Privileged Account Management software can immediately reduce your risk by securing these targets and protecting your critical infrastructure.
This session will describe Lockheed Martin’s approach to cyber operations and the lessons we have learned in using Intelligence Driven Defense(R) (IDD) to advance Lockheed's capabilities along the cyber maturity curve.
While a focus on people, process and technology isn't new, IDD establishes an advanced application of the Cyber Kill Chain(R) across these domains, which enables network defenders to stay in front of their adversaries, measure their effectiveness, and move from a reactive to predictive cyber posture that best utilizes the strengths of their cyber analysts
Understanding how our adversaries operate, and what perspective they bring to our best-laid plans is critical to the success of any security team.
In this session we’ll talk about the gap between the hacker we plan for, and the one we actually face. By looking at real-world exploitations of business logic and compliance-centric controls, we’ll build a better understanding of how to present ourselves as harder targets to hackers.
Best practice in most enterprises, at least as far as the CIO and CISO goes, is to squash Shadow IT wherever it is encountered. Shadow IT, the argument goes, leads to a world of data and integration problems for the IT department, and significant amounts of unknown and unquantifiable risk for the information security group. A small but vocal minority however is beginning to advocate for Shadow IT as a catalyst of innovation, citing the increases in productivity and creativity by allowing enterprise staff to find their own out of the box solutions to organizational problems. CISOs can allow their organizations to have their cake (Shadow IT) and eat it too (still be secure) by following a few simple steps that allow them to build in security regardless of user activity.
With the continued focus on growth in cyber security it has become apparent the need for a Cyber Maturity Model. Understanding current state of your program is critical in building a path forward.
Through the maturation of an organization’s people, processes and technology, a cohesion can take place; moving organizations from siloed and fragmented point solutions to a unified solution that drives your cyber security strategy.
In this presentation we will focus on proven methods of how to evaluate where your program is today and building a plan for the future.
It is an unfortunate reality that there simply arent enough women in the field of Information Technology, but when we look at IT Security specifically, perhaps the info-tech-y-est of the info-tech fields, the situation is only compounded with women being almost completely absent from staff and leadership ranks. Given that IT Security is definitively in a boom phase, that IT departments are already short-handed when it comes to qualified and capable staff, and that the situation is only going to get worse in time as growth in need further outstrips growth in demand, this clearly is a situation that desperately needs to be addressed. Quite simply we must all begin actively attracting women to the field of IT security to ensure the continued well-being of IT Security departments but this means addressing a wealth of factors ranging from lack of visibility as a career, absence of training and development opportunities, staggering pay inequities, and yes harassment of all forms.
We see magic solutions, we hear about all the ways that tools can protect us from ourselves, our users, our enemies. And they look amazing, and they do amazing things. But we are still in the same place. What’s going on? When it comes down to it, there is a fundamental gap between what we think we see and what we do see. We have complex infrastructures that have grown up over years. Our users, both greatest asset and greatest risk – come from many generations and levels of sophistication. Our data, known, unknown, discovered and hidden in a little cache over on a home drive. So what’s the solution? You want a magic wand, right?
Today’s advanced threats use coordinated methods to attack organizations of all sizes. Using numerous point products that work in a vacuum no longer provides adequate defense. The time has come to enable security products to share contextual information and close the gap left open by layered, standalone tools. Consider a security guard detail. Their most effective defense is their ability to talk to each other, share relevant information and act on that information.
We’d never expect security guards not to talk, so why do we allow this isolation with our IT security? In order to prevent coordinated, sophisticated attacks, we need advanced threat protection that uses the same level of communication and collaboration.
The reality of today’s threat landscape is that no single product or service can address the myriad of threats to your business. The principals of multi-layered security architecture, integrating people, processes and technology is more important today, than it has ever been in the past. As organizations strive to find the right balance while under the pressure of shifting budgetary control, and enabling the needs of business there is a light at the end of the tunnel. By adopting best practices, developing operational processes, and fine tuning those procedures, you can drive increases in your operational security model.
Join our conversation to discover how to reduce ongoing expenditures by enabling the successful adoption of InfoSec controls, operated by educated staff and integrated into your organizations operational processes.
It’s not a question of if, it’s a question of when... when will your company be breached. The odds are high that you will be hacked, or already have been and don't know it yet. It’s time to re-evaluate your security approach from breach prevention to breach acceptance.
This session will discuss this paradigm shift and key strategies on how CIOs are proactively protecting their most valuable assets to remain secure.
IBM i2 for Cyber Intelligence helps organizations understand who their adversaries are, the construct of their criminal network, their strategies, motivation, and locations by layering large, disparate quantities of Cyber and real-world data into a fused comprehensive Intelligence picture; in order to better secure themselves from, and investigate on-going cyber-attacks.
Most people don’t realize just how critical the SSH component is to their day-to-day operations or the prevalence of SSH within their network architecture. Nearly all network administrators use it on a daily basis to remotely access critical servers and network appliances utilize it to execute commands as well as help automate the secure transfer of files. SSH is the plumbing that allows for secure access and movement to occur across your network.
Unfortunately, enterprises haven’t managed their SSH environments, in particular SSH key based access typically has not been inventoried, provisioned and managed leaving a glaring hole in their identity access and security postures.
In this table discussion you will be able to learn about how SSH user keys have no expiration date, and this in turn leaves an unknown and unwanted exposure of unused, non-rotated and deprecated user keys across your entire network. Root access, segregation of duty challenges, shared private key scenarios, decommissioned applications, SSH1 keys, aged keys, and keys with weak encryption are just a few of the many examples where SSH Communications Security can help you get back control!
The volume of threat intelligence is growing exponentially faster than security stacks are evolving in most organizations. The ability to predict, deter and respond to attacks more rapidly really lies in programmatically connecting our security systems.
This roundtable will explore methods of operationalizing and sharing threat intelligence through APIs.
Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.