↓ Agenda Key
Visionary speaker presents to entire audience on key issues, challenges and business opportunities
Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.
Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics
Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.
Solution provider-led session giving high-level overview of opportunities
Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.
End user-led session in boardroom style, focusing on best practices
Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.
Interactive session led by a moderator, focused on industry issue
Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.
Overview of recent project successes and failures
Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.
Discussion of business drivers within a particular industry area
Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.
Analyst Q&A Session
Moderator-led coverage of the latest industry research
Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.
Several brief, pointed overviews of the newest solutions and services
Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.
Pre-determined, one-on-one interaction revolving around solutions of interest
Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.
Open Forum Luncheon
Informal discussions on pre-determined topics
Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.
Unique activities at once relaxing, enjoyable and productive
Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.
3:00 pm - 4:30 pm
4:30 pm - 6:00 pm
Communication,” “business acumen,” and “relationship building” are all familiar entries on every “Top IT Leadership Skills” list ever written. While these attributes continue to be important in our current climate of risk, innovation and IT opportunity, they are just a drop in the bucket. In an era where technology belongs to everyone, the technology executive must have so much more. In this newly updated presentation, Martha Heller, an IT executive recruiter and author of The CIO Paradox and Be the Business: CIOs in the New Era of IT (fall 2016) presents a list of new skills critical to any IT leader working today. Drawing on personal interviews with more than 400 successful CIOs, Heller, a master storyteller, offers case studies, anecdotes, advice and impressions to arm attendees with the skills they need to bring their companies into the future.
6:00 pm - 7:00 pm
7:00 pm - 8:30 pm
8:30 pm - 10:00 pm
7:00 am - 7:55 am
8:00 am - 8:10 am
8:10 am - 8:50 am
While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.
9:45 am - 10:15 am
For many years the CIO, has struggled with the concept of IT-Business alignment and finding ways to ensure that the IT department and the Lines of Business with which it integrates have a common understanding and ability to communicate. Now, as the CISO and the information security department grow out of the IT shadow, they increasingly find themselves in the same position. Their challenge however is greater in that the concepts of IT security are in many ways more abstract than those of generalist IT, and their activities often run counter to the goals of the rest of the organization. CISOs must learn for the trials and tribulations of the CIO and the IT department, and find common ground with the business, to ensure they can hear what their partners are saying, while communicating their own points in understandable terms.
Lateek Willie, Executive Director, IT Security Engineering & Operations, XPO Logistics
10:20 am - 10:50 am
More and more organizations are embracing the cloud and mobility to improve productivity and make their business more competitive. This is turning the current security landscape upside down. At the same time newer, more advanced threats are creating new risks that traditional security appliances struggle to keep up with. CIOs and CISOs are looking for new approaches to securely adopt cloud and mobility.
In this session Zscaler will discuss why many IT organizations are choosing to adopt a cloud-based approach to securely enable mobility, cloud applications and social media, while ensuring compliance and reducing risk. The audience will learn how a cloud security strategy can help them. Protect users from advanced threats:
10:55 am - 11:25 am
As enterprise IT is increasingly being delivered by mobile computing platforms, the nature of security threats, as well as the manner in which security is delivered is changing. Mobility pushes computing well beyond the traditional network perimeter meaning not only are new security paradigms are required to protect devices and data from direct threats, but the network itself from threats leveraged through those devices. While traditional security measures aren’t dead, by themselves they are certainly no longer sufficient, and IT departments must invest in new technologies, new processes, and new approaches to ensure sufficient levels of enterprise protection.
11:30 am - 12:00 pm
What’s in a domain name? The answer – a lot. A domain name represents a company’s brand, trust, values and good will. Cybercriminals take advantage of this trust by abusing domain names to commit fraud, phishing, or other malicious activities.
In 2015, Operation In-Our-Sites (IOS) took down nearly 1000 websites selling counterfeit goods. What are you doing to protect your brand online?
Inducted into the Internet Hall of Fame for work related to the Domain Name System (DNS), Farsight Security CEO and cofounder Dr. Paul Vixie will discuss how every online transaction – good or bad – begins with a DNS lookup. He will provide real-world examples of how bad guys are gaming DNS to commit online crime as well as practical steps and tools organizations can utilize to protect their brand online to secure their organization.
Farsight Security Inc
12:05 pm - 12:35 pm
In today’s environment there can be no arguing that a comprehensive IT Security program is a de facto requirement for every organization. Such a program needs to address the full range of security threats that can be leveraged against an organization, needs to be integrated into whatever regulatory and governance requirements exist, but beyond that it needs to be accessible, consumable, and actionable by everyone that is influenced by it, or interacts with it. Building a program that is shared through social channels and relies on the collaborative input of employees and constituents for not only creation but enforcement will drive higher levels of adoption, responsiveness and, ultimately, protection.
Ron Green, EVP, CISO, Mastercard
12:40 pm - 1:40 pm
1:45 pm - 2:15 pm
Cloud delivered computing services, whether Software, Platform, or Infrastructure as a Service offer the potential of significant business advantages such as reduced cost and increased flexibility. These advantages however come with very real risks, chief among them security concerns and the risk of data and compliance breaches – how do you secure what you can’t see, touch, and control? Join our panel as we explore both the security and compliance issues inherent in Cloud deployments, look at the hidden issues that first time Cloud adopters may simply not be aware of, and discuss through solutions that can be used to address these challenges and allow enterprises to fully and firmly embrace the Cloud.
BG Badriprasad, Chief Security Architect, Ross Stores
2:20 pm - 2:50 pm
Is mobility a cost? Or is it a key part of your strategy for business success? Many businesses are leveraging mobility to generate real and measurable returns and to increase their competitiveness. How? Join CDM Media and BlackBerry as we explore ways in which companies can strategically manage their mobility investments.
In our session we'll look at security - again from a strategic viewpoint. Security covers a wide range of issues in the modern enterprise. While protection of data is at the forefront, security involves many other aspects and issues from secure collaboration to the security and protection of employees in an increasingly tumultuous world. We'll deal not only with securing mobility, but how the strategic use of mobility can make you more secure.
2:55 pm - 3:25 pm
Enterprises are pouring billions of dollars into preventing threat actors from infiltrating the organization. Yet, the rising level of breaches shows that dedicated threat actors will penetrate the organization. Perhaps then the problem is not a technological one, but is rather one of strategy in dealing with cyber-threats?
In this session, we’ll propose a new defense approach. This strategy assumes that the environment is already compromised and focuses on preventing the real risk to the enterprise: the actual exfiltration and hijacking of data. We’ll show how adopting such a strategy enables organizations to streamline security and align with the business operations as they investigate and remediate a threat.
This session will discuss:
3:30 pm - 4:00 pm
4:05 pm - 4:35 pm
Building security into your enterprise processes, and integrating it with your existing technology investments has never been more critical or complicated than it is in this era of decentralized computing, and ever-tightening compliance requirements. Furthering this complication is the impact that partnering deals can have since infrastructure, applications, and even data may no longer be under your direct control. To be able to ensure efficient and effective security capabilities you need to understand the nature of the threats that exist today, the impact a sourcing relationship can have on these threats, and the mitigation strategies and tools key industry leaders are using to address the challenge.
Brian Mork, CISO, Celanese
4:40 pm - 5:20 pm
DNS is a core infrastructure component that is often overlooked when thinking about security, often used by the bad guys to compromise an enterprise network. How can the good guys can take advantage of the same DNS data to prevent the bad guys from sneaking in?
The Power of DNS: Gaining Security Insight Through DNS Analytics.
DNS is a critical component to all technology running on an enterprise network. Whether that is IT infrastructure, a corporate server, a desktop, a laptop, a POS system, external devices connected to a guest network or even unmanaged devices such as smart phones or any other connected “thing,” they all use DNS to communicate internally and externally. The pervasiveness of DNS and the wealth of data generated by it provide tremendous internal and external visibility into the network that can help manage ever-increasing levels of risk.
Reason why this material is innovative or significant and/or how you think attendees will be able to apply the knowledge.
DNS Security is generally perceived as either securing DNS architecture and infrastructure from various attack vectors or maintaining a black and white website list to control access to malicious domains – while that is certainly an important part, there are far more security controls, intelligence and benefits that can be obtained from DNS. This material sheds light on the various benefits of DNS to the enterprises and how both internal and external DNS data can be used to proactively mitigate known and unknown threats. After attending this session, attendees will be able to look at DNS from a different perspective.
Bob Fecteau, CIO, SAIC
Andrew Zitney, SVP, Infrastructure Services, McKesson
David Jarvis, CIO, Honeywell
Paul Moulton, EVP & CIO, Costco Wholesale
Vish Narendra, VP & CIO, Graphic Packaging International
5:20 pm - 6:30 pm
6:30 pm - 8:00 pm
8:00 pm - 10:00 pm
7:00 am - 8:00 am
8:10 am - 8:50 am
Join Brad Wood, Deputy CTO, from Riverbed Technology as he shares his insights in how to Rethink Digital Transformation and Technology’s Impact on the Business. In the age of digital transformation, the convergence of cloud, mobile, and virtualization is making a major impact on applications, infrastructure, and the end user experience in the enterprise. Today, CIOs, CTOs, and their teams need to think about the future of networking and what visibility and performance really look like from click of the mouse button to the block of the disk. Every technology decision and investment is about driving business value, so what does it take to navigate the speed and cost debt curve and deliver performance, customer insights and revenue? Find out what Riverbed is learning from our customers and our unique view of digital transformation and helping drive top line revenue.
8:55 am - 9:35 am
Talent, Tools, and Technique: Aetna’s Executive Director of Global Security, Kurt Lieber, will share his perspective on what the most important “T” among the three, sharing examples of all of them.
Kurt Lieber, Executive Director Global Security , Aetna
9:45 am - 10:15 am
While security breaches are certainly nothing new, their visibility is increasing and as it increases it places increased pressure on the enterprise to set themselves up for success. To do this, then, is it time to (re)consider the reporting structure of the information security group and the CISO directly? Though these roles have grown up under the umbrella of IT as a whole, in many ways the responsibilities run parallel to those of general IT and forcing them into a reporting structure where they are secondary potentially compromises the opportunity for the CISO, and the information security group, to achieve the success demanded by the enterprise. Has the time come for the CISO to rise in stature and become a peer to the CIO rather than a direct report?
Reggie Zamora, Director & CISO, JetBlue Airways
10:20 am - 10:50 am
As with all things in life, the focus on how to conduct enterprise security ebbs and flows between varying degrees of reactivity and proactivity. In the old school “Security 1.0” world, where the focus was almost completely on network security, efforts were in general proactive in nature with firewalls and anti-malware seeking to prevent threats before they even occurred. This didn’t work so well and so “Security 2.0” focused on reactivity, wrapping things like encryption around the data so that even if a breach occurred, the loss would be mitigated. Yet breaches, and losses, continue to occur. So if primarily proactive security doesn’t work, and if primarily reactive security also doesn’t work, how then do we find the right balance between the two to find a security posture that does work?
10:55 am - 11:25 am
Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.
11:30 am - 12:00 pm
12:05 pm - 12:45 pm
The importance technology plays within an enterprise will only continue to gain momentum as more developers, engineers, and programmers enter the workforce. As these segments continue to grow, so does the diversity of the workforce within the technology field. For a field that is severely constrained by a talent and skills gap, this influx of bodies can only be a good thing. Beyond the basic ability to deliver of identified capabilities a diverse workforce, whether cultural or gender influenced offers a whole that is more than the sum of the parts. Finding ways to drive and increase diversity in IT then should be a key focus for every IT executive.
Julia Anderson, Global CIO, Smithfield Foods
Tess Martillano, Managing Director, Global Head of IT Risk Management (C-SIRO), BNY Mellon
Anil Varghese, CISO, Service King Collision Repair Centers
Rashmi Kumar, VP, CTO, McKesson
12:45 pm - 12:55 pm
1:00 pm - 1:30 pm