August 12 - 14, 2018

Day 2, Monday, August 13, 2018

8:00 am - 8:30 am Breakfast

Sound vendor reviews and management are essential while working with third parties. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and New York State Cybersecurity rules.  Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
•Adjusting access levels for third parties user and system accounts
•Securing development of application integrations; including firewall configuration 
•Segmenting internal networks to limit third party needs


Mike Tiddy



Esmond Kane

Deputy Chief Information Security Officer
Partners Healthcare


Jeff Schilling


Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

9:20 am - 9:40 am Reclaiming Control and Reducing Endpoint Risk

Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

9:20 am - 9:40 am Adding Availability and Integrity with Blockchain

9:45 am - 10:15 am Business Meetings

10:15 am - 10:45 am Business Meetings

10:45 am - 11:00 am Networking Break


11:00 am - 11:45 am Innovating Application Vulnerability Management
Sometimes criminals exploit known application vulnerabilities  to gain unauthorized access to data. Traditionally software developers write code and operations put the changes to code into place. Developers are deploying code continually and quickly with new tools. DevOps is a working style that allows extremely fast code deployment, utilizing an integrated approach that joins agile development and operations together.  DevOps has a vital role in enterprise security with its ability to change approaches to security. DevOps and centralized security policies offer the opportunity to automate and streamline the manual tasks needed to configure systems and apps. 
•The evolving role of automation in security mitigation
•Scalable cloud security architecture utilizing DevOps
•Team use of innovative vulnerability management tools


11:00 am - 11:45 am Stopping Phishing, Impersonation and Other Email Attacks
The proliferation of ransomware, phishing and other e-mail based attacks underscore the importance of multi-layered security solutions. E-mail attacks have escalated from bothersome spam to ransomware attacks that prevent fundamental business transactions.  E-mail security needs to move from detection to prevention with the ability to stop attacks.  Corporate users expect the same productivity, control and flexibility with the technology at work as they have at home. The  consumerization of IT necessitates empowerment without compromising visibility for enterprise security. 
In this session discuss:
•Balancing corporate security and user expectations
•Proactive responses to evolving attacks including sandboxing, advanced content analysis, pattern recognition and regulatory compliance
•Communicating business priorities and security awareness

11:50 am - 12:20 pm Securing Innovative Technology from Inception

James Livermore - Global Cybersecurity Architect/CSO CDM Smith
Security must be an integral part of quality; linking information technology and architecture. Security should not have a separate evaluation process but must be embedded in the IT development process.  As technology environments continue to transition away from the traditional perimeter-based environments to cloud based ones; security teams have needed to adjust their security approaches and profiles to account for these changes.  The addition of IoT (Internet of Things) devices and machine learning models to these cloud based environments and industrial networks creates a new level of risk, and expands the scope of what needs to be monitored and protected.  In this case study explore lessons learned:
•Impact of emerging technologies 
•The influx of machine learning and analytics
•Optimizing enterprise systems for the next generation workload

James Livermore

Global Cybersecurity Architect/CSO
CDM Smith

12:20 pm - 1:50 pm Networking Lunch & Philanthropy Project

Roundtable Discussions- Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

2:50 pm - 3:55 pm Managing BYOD Security

Roundtable Discussions- Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

2:50 pm - 3:55 pm Prepared for GDPR and Other Regulations?

Roundtable Discussions- Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

2:50 pm - 3:55 pm Reducing the Risk of Ransomware- Real-Time Defenses
-How to Manage Data Breach Notification? 
-Prepared for GDPR and Other Regulations?
-Reducing the Risk of Ransomware-  Real-Time Defenses


3:00 pm - 3:45 pm Deploying Deception to Disrupt Attacks
The technology of deception combats advanced threats by uncovering the weakest link of the attack—the human element. In this session, explore how deception strategies can lessen the risk of fraud, help overtasked security teams and provide a more proactive approach.  Deception deceives and disrupts attacks proactively and does not require known attack paths. The discussion will include case studies of actual deployments.
In this session:
•Using machine learning and data analytics for advanced threat detection
•Combatting insider threats
•Automating incident response and shortening recovery


3:00 pm - 3:45 pm Integrating Collaborative Multi-Factor Authentication
The evolving Identity and Access Management (IAM) landscape improves business outcomes, strengthens   the user experience and strengthens operational efficiency. Ownership of IAM and where accountability rests within the organization are part of the dialogue.  People, processes and technologies are all critical to effective privileged access management.  Attend this session to explore:
•Reducing the risks with de-centralization (shifting authentication and fortifying access)
•Addressing technological and user-experience challenges
•Navigating in an open-access environment with legacy applications, IoT and remote applications

3:45 pm - 4:00 pm Networking Break

4:00 pm - 4:30 pm Business Meetings

4:30 pm - 5:00 pm Business Meetings

5:00 pm - 5:30 pm Business Meetings

Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data and privacy are all components of proactive security leadership. Leadership needs to be in the forefront translating and communicating risk in a way that resonates with the business stakeholders.  Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount.  CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn how to:
•Engaging, managing and exceeding expectations
•Top-down focus on risk management
•Evolving roles of the CISO, CIRO, and CIOs

Phillip Miller

Head of Infrastructure & CISO
Brooks Brothers, Inc


Paul Scheib

Boston Children's Hospital


Marina Spyrou

SVP , Global Cyber Security & Risk Leader


Genady Vishnevetsky

Chief Information Security Officer (CISO)
Stewart Information Services Corporation

6:15 pm - 7:15 pm Networking Reception & Dinner