Day 2, Monday, August 13, 2018
8:30 am - 9:00 am Breakfast
9:00 am - 9:45 am Improving Third Party Risk Management with Changing RegulationsMike Tiddy - CISO BNSF
Jeff Schilling - CISO Epsilon
Christopher Leigh - Director and Chief of Information Security and Compliance Eversource Energy
Sound vendor reviews and management are essential while working with third parties. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and other current and pending regulations. Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
• Adjusting access levels for third parties user and system accounts
• Securing development of application integrations; including firewall configuration
• Segmenting internal networks to limit third party needs
Christopher LeighDirector and Chief of Information Security and Compliance
9:50 am - 10:20 am Business Meetings
10:20 am - 10:50 am Business Meetings
10:50 am - 11:20 am Business Meetings
11:20 am - 11:35 am Networking Break
BrainWeave11:40 am - 12:25 pm When Shrinkage is Good- Reduce Incident Response from Hours to Minutes Anthony Orlofski - Regional Sales Director, Northeast Demisto
Is your security team challenged with alert fatigue, a shortage of skilled staff, and maximizing the company’s product arsenal investment?
Solving such challenges isn’t easy and requires a delicate balance of people, processes, and tools. Investing in a comprehensive platform that enables security operation teams to reduce MTTR, create consistent and audited incident management process and increase analyst productivity is a step in the right direction.
Attend this discussion to learn how a security orchestration platform can automate manual-intensive tasks and reduce response times from hours to minutes. See how the product’s machine learning suggestions can help your team become smarter with every incident and resolve complex threats faster and more accurately.
Benefits from shrinking your time to respond for every incident include:
- Improve your overall security posture,
- Enhance analyst productivity (from Tier 1-3), and
- Future-proof security operations.
Anthony OrlofskiRegional Sales Director, Northeast
BrainWeave11:40 am - 12:25 pm Securing Hybrid Networks: How to Unify Security Management Across Physical and Multi-Cloud Networks Michelle Cobb - Chief Marketing Officer Skybox Security
Securing cloud environments is a shared responsibility between your organization and your cloud service provider. But upholding your end of the bargain can be a challenge in these dynamic, complex environments — especially when dealing with a mix of physical networks and public and private clouds.
In this session, you’ll learn:
- What the shared responsibility model means in cloud security and how does it affect your security management program
- What key challenges your organization should be aware of in your transition to the cloud and beyond
- Why seamless visibility of hybrid networks is vital to effectively managing their security
- How visibility and attack surface context support a variety of use cases including global security policy management, firewall and security tag auditing and vulnerability management
Michelle CobbChief Marketing Officer
12:30 pm - 1:00 pm Securing Innovative Technology from InceptionJames Livermore - Global Cybersecurity Architect/CSO CDM Smith
Innovation is important in today’s marketplace. It can be the lifeblood of a company and can provide much needed differentiators and competitive advantages. As companies rush to be first to market with new technologies, the projects are often fast tracked and released without being fully reviewed and tested. Unfortunately, in the haste to release, quality and security are too often bypassed altogether. This is exacerbated by the continued influx of cloud-based IoT devices and data analytics, which has created a new level of risk for organizations. Security teams need to adjust their methods to account for these shifts in technology. Security should not have a separate evaluation process but must be embedded in the IT development process.
In this case study lessons learned will include:
• The importance of innovation to companies
• Impact and risks of fast tracking emerging technologies
• The influx of IOT devices and data analytics
• How innovation and security can work together in balance
• Steps for evaluating security in new technologies
James LivermoreGlobal Cybersecurity Architect/CSO
1:05 pm - 2:05 pm Networking Lunch
Track Sessions2:10 pm - 2:40 pm Ecommerce Case Study on Advanced Threat Landscape Dr. Jimmy Su - Head of JD Security Research Center, Senior Director JD.com
Track Sessions2:10 pm - 2:40 pm Maintaining Compliance In An Evolving, Complex IT Regulatory Environment Zachery Kramp - Director of Audit, Compliance and Information Security Brown & Brown Insurance
Zachery KrampDirector of Audit, Compliance and Information Security
Brown & Brown Insurance
ROUND TABLES: Please choose your topic and join the relevant discussion.2:40 pm - 3:45 pm Zero Trust Access: Five Steps to Securing the Extended Enterprise Zoe Lindsey - Advocacy Manager Duo
The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. The zero trust access model delivers that security without cumbersome and antiquated technologies such as VPN and MDM. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps.
Zoe LindseyAdvocacy Manager
ROUND TABLES: Please choose your topic and join the relevant discussion.2:40 pm - 3:45 pm Staying Ahead of the Breach Manoj Asnani - VP of Product Management & Design Balbix
CISO teams continue to struggle getting visibility into their massive attack surface as the number of attack vectors and devices, applications, and users needing protection continue to grow. What are the best ways to increase visibility of the ever-expanding attack surface? And how can you proactively mitigate what you see, versus reactively remediate post-breach?
This roundtable will be a discussion on:
•Why getting complete visibility into your attack surface is hard
•Can AI be useful in automating visibility and analyzing the findings?
•What are the best ways to prioritize today's ever-growing # of events/alerts? Can that be based on business risk?
•Can you use vulnerability management tools in achieving this, or are new controls needed?
Manoj AsnaniVP of Product Management & Design
3:45 pm - 4:00 pm Networking Break
4:00 pm - 4:30 pm Business Meetings
4:30 pm - 5:00 pm Business Meetings
5:00 pm - 5:30 pm Business Meetings
5:30 pm - 6:15 pm True Security Partnerships—Speaking the Language of Business and TechnologyPhillip Miller - Head of Infrastructure & CISO Brooks Brothers, Inc
Paul Scheib - CISO Boston Children's Hospital
Marina Spyrou - SVP , Global Cyber Security & Risk Leader Nielsen
Genady Vishnevetsky - Chief Information Security Officer (CISO) Stewart Information Services Corporation
True Security Partnerships—Speaking the Language of Business and Technology
Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data and privacy are all components of proactive security leadership. Leadership needs to be in the forefront translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instill security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn how to:
· Top-down focusonriskmanagement
· Evolving roles of the CISO, CIRO, and CIOs
Phillip MillerHead of Infrastructure & CISO
Brooks Brothers, Inc
Boston Children's Hospital
Marina SpyrouSVP , Global Cyber Security & Risk Leader
Genady VishnevetskyChief Information Security Officer (CISO)
Stewart Information Services Corporation