August 12 - 14, 2018
SEAPORT HOTEL, BOSTON, MA

Day 2, Monday, August 13, 2018

8:30 am - 9:00 am Breakfast

Sound vendor reviews and management are essential while working with third parties. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and other current and pending regulations.  Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
•             Adjusting access levels for third parties user and system accounts
•             Securing development of application integrations; including firewall configuration
•             Segmenting internal networks to limit third party needs
img

Mike Tiddy

CISO
BNSF

img

Jeff Schilling

CISO
Epsilon

img

Christopher Leigh

Director and Chief of Information Security and Compliance
Eversource Energy

9:50 am - 10:20 am Business Meetings

10:20 am - 10:50 am Business Meetings

10:50 am - 11:20 am Business Meetings

11:20 am - 11:35 am Networking Break

BrainWeave

11:40 am - 12:25 pm When Shrinkage is Good- Reduce Incident Response from Hours to Minutes
Anthony Orlofski - Regional Sales Director, Northeast Demisto
Is your security team challenged with alert fatigue, a shortage of skilled staff, and maximizing the company’s product arsenal investment?
Solving such challenges isn’t easy and requires a delicate balance of people, processes, and tools.  Investing in a comprehensive platform that enables security operation teams to reduce MTTR, create consistent and audited incident management process and increase analyst productivity is a step in the right direction. 
Attend this discussion to learn how a security orchestration platform can automate manual-intensive tasks and reduce response times from hours to minutes. See how the product’s machine learning suggestions can help your team become smarter with every incident and   resolve complex threats faster and more accurately. 
 
Benefits from shrinking your time to respond for every incident include:
  • Improve your overall security posture,
  • Enhance analyst productivity (from Tier 1-3), and
  • Future-proof security operations.


img

Anthony Orlofski

Regional Sales Director, Northeast
Demisto

BrainWeave

11:40 am - 12:25 pm Securing Hybrid Networks: How to Unify Security Management Across Physical and Multi-Cloud Networks
Michelle Cobb - Chief Marketing Officer Skybox Security
 Securing cloud environments is a shared responsibility between your organization and your cloud service provider. But upholding your end of the bargain can be a challenge in these dynamic, complex environments — especially when dealing with a mix of physical networks and public and private clouds.
 
In this session, you’ll learn:
  • What the shared responsibility model means in cloud security and how does it affect your security management program
  • What key challenges your organization should be aware of in your transition to the cloud and beyond
  • Why seamless visibility of hybrid networks is vital to effectively managing their security
  • How visibility and attack surface context support a variety of use cases including global security policy management, firewall and security tag auditing and vulnerability management  



img

Michelle Cobb

Chief Marketing Officer
Skybox Security

12:30 pm - 1:00 pm Securing Innovative Technology from Inception

James Livermore - Global Cybersecurity Architect/CSO CDM Smith
Innovation is important in today’s marketplace.  It can be the lifeblood of a company and can provide much needed differentiators and competitive advantages.  As companies rush to be first to market with new technologies, the projects are often fast tracked and released without being fully reviewed and tested.  Unfortunately, in the haste to release, quality and security are too often bypassed altogether.  This is exacerbated by the continued influx of cloud-based IoT devices and data analytics, which has created a new level of risk for organizations.  Security teams need to adjust their methods to account for these shifts in technology. Security should not have a separate evaluation process but must be embedded in the IT development process.
 In this case study lessons learned will include:
•          The importance of innovation to companies
•          Impact and risks of fast tracking emerging technologies
•          The influx of IOT devices and data analytics
•          How innovation and security can work together in balance
•          Steps for evaluating security in new technologies
img

James Livermore

Global Cybersecurity Architect/CSO
CDM Smith

1:05 pm - 2:05 pm Networking Lunch

Track Sessions

2:10 pm - 2:40 pm Ecommerce Case Study on Advanced Threat Landscape
Dr. Jimmy Su - Head of JD Security Research Center, Senior Director JD.com
img

Dr. Jimmy Su

Head of JD Security Research Center, Senior Director
JD.com

Track Sessions

2:10 pm - 2:40 pm Maintaining Compliance In An Evolving, Complex IT Regulatory Environment
Zachery Kramp - Director of Audit, Compliance and Information Security Brown & Brown Insurance
img

Zachery Kramp

Director of Audit, Compliance and Information Security
Brown & Brown Insurance

ROUND TABLES: Please choose your topic and join the relevant discussion.

2:40 pm - 3:45 pm Zero Trust Access: Five Steps to Securing the Extended Enterprise
Zoe Lindsey - Advocacy Manager Duo
The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. The zero trust access model delivers that security without cumbersome and antiquated technologies such as VPN and MDM. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps. 


img

Zoe Lindsey

Advocacy Manager
Duo

ROUND TABLES: Please choose your topic and join the relevant discussion.

2:40 pm - 3:45 pm Staying Ahead of the Breach
Manoj Asnani - VP of Product Management & Design Balbix
CISO teams continue to struggle getting visibility into their massive attack surface as the number of attack vectors and devices, applications, and users needing protection continue to grow. What are the best ways to increase visibility of the ever-expanding attack surface?  And how can you proactively mitigate what you see, versus reactively remediate post-breach?  
This roundtable will be a discussion on:

•Why getting complete visibility into your attack surface is hard
•Can AI be useful in automating visibility and analyzing the findings?
•What are the best ways to prioritize today's ever-growing # of events/alerts?  Can that be based on business risk?
•Can you use vulnerability management tools in achieving this, or are new controls needed?



img

Manoj Asnani

VP of Product Management & Design
Balbix

3:45 pm - 4:00 pm Networking Break

4:00 pm - 4:30 pm Business Meetings

4:30 pm - 5:00 pm Business Meetings

5:00 pm - 5:30 pm Business Meetings

True Security Partnerships—Speaking the Language of Business and Technology
Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data and privacy are all components of proactive security leadership. Leadership needs to be in the forefront translating and communicating risk in a way that resonates with the business stakeholders.  Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount.  CISOs must shape the message and methods to address unique organizational dynamics and instill security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn how to:
·         Engaging,managingandexceedingexpectations
·         Top-down focusonriskmanagement
·         Evolving roles of the CISO, CIRO, and CIOs
img

Phillip Miller

Head of Infrastructure & CISO
Brooks Brothers, Inc

img

Paul Scheib

CISO
Boston Children's Hospital

img

Marina Spyrou

SVP , Global Cyber Security & Risk Leader
Nielsen

img

Genady Vishnevetsky

Chief Information Security Officer (CISO)
Stewart Information Services Corporation

6:15 pm - 6:45 pm Networking Reception