May 23, 2016 / Conference

7:00am - 7:45am

Registration & Breakfast

7:45am - 8:30am Opening Keynote

Lessons Learned in the New Era of Security


Chris Inglis
Former Deputy Director
National Security Agency
Expand Additional Information

As deputy director of the U.S. National Security Agency at the time of the country’s most notorious insider attack — the Edward Snowden breach — Chris Inglis experienced the dawning of a new age of security first-hand. Inglis shares his insights on the critical actions that security leaders must take to evaluate their readiness for a major breach, and the critical capabilities required to deal with modern cyberthreats. In this engaging keynote, Inglis imparts the lessons learned from the Snowden case and other hard-earned wisdom from the latest barrage of high-profile breaches.

8:30am - 9:00am

Networking Break

9:00am - 9:50am

Application Self-Protection – Revolutionizing Application Security

Emerging Provider  sponsored by: Contrast Security

Jeff Williams
Chief Technology Officer/Co-Founder
Contrast Security
Expand Additional Information

Today’s enterprise runs on applications. Yet insecure applications have been the leading cause of breaches over the last eight years. Deep security instrumentation can provide application vulnerability detection and attack protection in a single platform, increasing power, accuracy and scalability.

Behaving Badly – Analyzing Insider Threats

Emerging Provider  sponsored by: Fortscale

Kurt Stammberger
Chief Marketing Officer
Expand Additional Information

Learn how to end insider threats with a new generation of autonomous, rule-free user behavior analytics based on machine learning.

In Hot Pursuit – Faster and Smarter Security

Emerging Provider  sponsored by: Threat Connect

Adam Vincent
Threat Connect
Expand Additional Information

With adversaries moving at the speed of digital, every moment counts. CISOs must create organizational capabilities to swiftly detect and expel threats. Embrace the challenge of speedy security, examining methods to close the gap between you and your enemies.

9:00am - 9:50am Breakout Sessions

Business Value and Security – No Longer an Either/Or

Featured Session  sponsored by: NTT Com Security

Mark Connelly
Thomson Reuters
Expand Additional Information

In today’s business world, information security and risk management are at the nexus of business opportunity and customer expectations. As a critical business value attribute, CISOs and the functions they directly or indirectly influence play an increasingly business-critical function. Boards know it, customers know it and CISOs know it. Continuing to deliver value that the business truly understands and actively supports is key to the overall success of CISOs and the business. Mark Connelly shares his insights on how to best deliver that business value with information security and risk management as a key attribute of the company’s value.

The First 72 Hours

Executive Boardroom  sponsored by: Fidelis Cybersecurity

Jeffrey Brown
Former CISO
AIG Asset Management
Frank Hsieh
Sr. Info. Risk Officer
BNY Mellon
Mike Buratowski
SVP, Cybersecurity Services
Fidelis Cybersecurity
Expand Additional Information

The initial signs of a security incident are rarely black and white. The first questions CISOs must ask are “Is this a real incident?” and “How should I respond?” Jeffrey Brown and Mike Buratowski lead this discussion on the first and most critical hours of a potential incident response. While removing the attacker is obviously the end goal, security teams must first understand the nature and scope of the incident to identify the course of action that will be most effective while balancing the risk to the organization and the disruption that the response can cause.

Security Process Improvement – How to Stop Worrying and Love Maturity Models

Executive Boardroom  sponsored by: Identity Finder

Ramin Safai
Jefferies & Company, Inc.
Mark Viola
VP, Global CISO
Henry Schein, Inc.
Gabriel Gumbs
VP & Chief Product Strategist
Identity Finder
Expand Additional Information

There is no shortage of information security maturity models — COBIT, C2M2, Cybersecurity Capability Maturity Model, ISO/IEC 21827:2008, Sensitive Data Maturity Model, and many more. Each of them complete with a set of activities that mostly exist at a high level and are intended to protect data, specifically, sensitive data. Join Gabriel Gumbs and discussion leaders Ramin Safai and Mark Viola for this executive boardroom discussion on selecting and adopting processes improvement strategies, the pros and cons of existing maturity models and best practices for prioritizing the protection of sensitive data.

9:50am - 10:20am

Networking Break

10:20am - 11:10am Breakout Sessions

The Security/Regulation Juggling Act

Featured Session  sponsored by: Gigamon

Rohan Amin
JPMorgan Chase & Co
Jim Connelly
Lockheed Martin
Zouhair Guelzim
L'Oréal Americas
John McCaffrey
Westchester County
Jeremy Bergsman
Practice Leader
Expand Additional Information

While regulatory compliance does not guarantee security, having a strategy around it is still integral for security organizations. Managing regulatory compliance is a true juggling act for CISOs. Striking the right balance of compliance and security can be a true game changer, yet, in today’s daunting threat environment, the challenges and headaches that come from complicated, industry specific regulations can be more of a hindrance, than a help. Join Rohan Amin, Jim Connelly, Zouhair Guelzim, John McCaffrey and Jeremy Bergsman in this interactive discussion on the constant challenge of maintaining security while dealing with regulations.

Take It to the Cloud – The Evolution of Security Architecture

Featured Session  sponsored by: OpenDNS

David Ulevitch
Vice President, Cisco Security; Founder/CEO
Expand Additional Information

As companies evolve their IT stack, traditional security approaches and architectures need to be reconsidered. David Ulevitch will review some of the new risks introduced by SaaS/IaaS adoption and show how to mitigate these risks, such as ransomeware, using new approaches to security architecture. Ulevitch will also review the transition of security architecture itself to the cloud.

Managing Cyber Risk – Effective Communication with the Board

Executive Boardroom  sponsored by: Bay Dynamics

David Cass
Chief Information Security Officer Cloud & SaaS Operational Services
Marty Leidner
The Rockefeller University
Joe Quigg
Cyber Security & Risk Leader
Bay Dynamics
Expand Additional Information

CISOs are confident in what cybersecurity threat information to present to the board and what type of information the board wants to hear. However, much of this information is either misunderstood or too technical. How can CISOs streamline the process and provide more actionable information? For the board to make decisions regarding an organization’s cybersecurity risk posture, they need quantitative information framed in the context of relevant business concerns. This interactive dialogue provides insights on the tools and processes modern CISOs can use to translate cybersecurity risk into a language that non-security practitioners can understand and use to drive decisions.

Addressing Cybersecurity Challenges With Applied Security Analytics

Executive Boardroom  sponsored by: Securonix

Pat Stack
IT Director, Enterprise Applications
Eastman Kodak Company
Nanda Santhana
VP, Field Operations
Expand Additional Information

Data-driven artificial intelligence and unsupervised machine learning can now answer the question that has plagued information security practitioners since day one: How do you know when something is happening in your environment that shouldn’t? Led by Pat Stack and Securonix’s Nanda Santhana, this interactive discussion looks at advances in behavioral analytics that address critical security problems, featuring insights from security leaders who use advanced analytics to detect threats invisible to traditional security measures.

11:10am - 11:40am

Networking Break

11:40am - 12:50pm Luncheon Keynote

Game Changing Strategy to Stop the Breach

Keynote  sponsored by: CrowdStrike

Shawn Henry
President, CrowdStrike Services & CSO
Expand Additional Information

Today’s hacktivist, criminal and nation-state adversaries have a tremendous asymmetric advantage over defenders that manifests itself in the constant stream of breaches. Shawn Henry shares a new approach for meaningfully changing the game and shifting the advantage to defense. Through fascinating war stories and real-world examples, Henry will discuss how the use of cloud-based security technologies is thwarting and deterring some of the most persistent and advanced adversaries.

12:50pm - 1:20pm

Networking Break

1:20pm - 2:10pm Breakout Sessions

Cyber Risk is Business Risk – Changing the Security Narrative

Featured Session  sponsored by: Palo Alto Networks

Kylie Watson
Sumitomo Mitsui Banking Corporation
Expand Additional Information

As the world of cybersecurity grows scarier by the moment, the CISO is becoming an integral business partner. While this elevated notoriety has brought increased budgets, influence and engagement from leadership, it also has many business leaders assuming that the CISO will simply manage all aspects of corporate cyber risk. Changing the business’ mindset to view cyber risk as a business issue — not an IT one — can be a challenging hurdle to clear. Learn how Kylie Watson successfully shifted her organization’s thinking about cyber risk and gained sponsorship from her CEO through the development of a cyber risk committee.

Building a Successful Audit Program to Keep Insider Threats at Bay

Featured Session  sponsored by: Forcepoint

Ken Bell
Deputy CISO
Expand Additional Information

Insider threats encompass more than just the obvious data thief. According to the CERT Insider Threat Center, in 2014, 53 percent of organizations experienced some type of insider incident. While your IT system can be a witness, victim or enabler, insider threat is more than a technology problem — policy, process, controls, risk management, auditing and monitoring all play critical roles in managing this invisible yet very real vulnerability. Ken Bell shares the key steps to managing and mitigating insider threats within your organization.

Securing Your Software Supply Chain

Executive Boardroom  sponsored by: Veracode

Glenn Watt
Medidata Solutions
John Whiting
DDB Worldwide
Sam King
Chief Strategy Officer
Expand Additional Information

Enterprises are increasingly reliant on third-parties to speed innovation. But as recent breaches have shown, third-party software introduces significant risk and necessitates a security evaluation from these supply chain partners. Purchasing software from a vendor, outsourcing development, using open-source components or moving to the cloud all introduce risk that is out of a CISO’s direct control. Glenn Watt, John Whiting and Sam King lead this discussion on third-party security threats and how to protect your enterprise. Come prepared to share best practices for partnering with vendors and implementing approaches to assess the third party software protecting your enterprise.

Defending Against the Rising Trend of SAP Cyberattacks

Executive Boardroom  sponsored by: Onapsis, Inc.

Brendan Conway
Global Director of Information Security & Risk Management
Coty Inc.
Zouhair Guelzim
L'Oréal Americas
Mariano Nunez
CEO & Co-Founder
Onapsis, Inc.
Expand Additional Information

Business-critical applications running on SAP are a goldmine for cyberattackers. They are also the highest-cost blind spot for many CISOs. As SAP applications continue to be the target of stealthy breaches, organizations must implement the right security products and ensure they have an SAP cybersecurity strategy. Brendan Conway, Pat Stack and Mariano Nunez lead this discussion on SAP cyber readiness, including an in-depth look at the vulnerability behind the first-ever US-CERT Alert, recommendations for remediation plans, industry best practices for SAP cybersecurity, the latest vulnerability research, business-critical application security, and aligning internal and SAP security teams to operationalize SAP cybersecurity processes within an organization.

2:10pm - 2:30pm

Networking Break

2:30pm - 3:20pm Breakout Sessions

Cybersecurity and Privacy – Can the Two Co-Exist?

Featured Session  sponsored by: Dell Software

Jeffrey Brown
Former CISO
AIG Asset Management
Orrie Dinstein
Global Chief Privacy Officer
Marsh & McLennan Companies, Inc.
Expand Additional Information

Jeff Brown and Orrie Dinstein discuss the challenges of building up your security posture while balancing the many legal and privacy concerns that often accompany it.

Securing the Future of Mobile

Featured Session  sponsored by: Samsung America, Inc.

Sundhar Annamalai
Executive Director, Product Marketing Management Advanced Mobility Solutions
AT&T Business Solutions
Mandar Kawle
Senior Director, Digital Payments Technology
Sam Phillips
Vice President, General Manager, CISO
Samsung Business
Expand Additional Information

The technology revolution that we currently find ourselves in is nothing short of astonishing. Just a few short years ago, text messaging and pixelated photos were considered the highest of mobile tech; today, our mobile phones permeate nearly every facet of life — and we’re just scratching the surface. In our not-too-distant future, “mobility” will be cheaper, faster, and even more ingrained and ubiquitous in our lives. But with each new mobile innovation comes potential security challenges. Sundhar Annamalai, Mandar Kawle and Sam Phillips share their perspectives on the future of mobile and what security leaders should be doing to prepare to secure it.

From CISO to CIRO – Evolving Skills for the Future

Executive Boardroom  sponsored by: Optiv

Tomas Maldonado
Global CISO
International Flavors & Fragrances Inc.
Michael Palmer
Chief Information Security Officer
National Football League
Greig Arnold
VP, Executive Advisory (Financial Services)
Expand Additional Information

The past year has seen a tidal shift from infrastructure-based to risk-based security programs. Board meetings, executive briefings and risk management concepts are now the norm. Successful CISOs are transforming their skills to meet the current and future needs of their organization. A chief information risk officer understands information risk management, third-party risk and regulatory requirements, and knows how to prepare board presentations and balance each of those priorities with the needs of the business. This boardroom discussion will focus on the changing role of the CISO and the necessary skills to earn — and keep — a seat at the table.

2016, Year of Ransomware – Can Technology Alone Prevent Phishing Attacks?

Executive Boardroom  sponsored by: PhishMe

Vikrant Arora
AVP & Chief Information Security and Risk Officer
New York City Health and Hospitals Corporation
Brian Lozada
Duff & Phelps
Rohyt Belani
CEO & Co-Founder
Expand Additional Information

2016 is shaping up to be the year of the ransomware attack. As ransomware and phishing attacks continue to grow in number and sophistication, organizations need to reconsider their current security strategy. Companies continue to invest billions in technology to shore up their defenses against these threats — but is that enough? Is complete reliance on technology the answer? Or should we focus on the human and human behavior? Vikrant Arora, Brian Lozada and Allan Carey lead this discussion on the new threats faced by organizations, why relying on technology is dangerous and how to leverage all resources — including humans — for a stronger security posture.

3:20pm - 3:40pm

Networking Break

3:40pm - 4:20pm Closing Keynote

Presenting to Your Board – It’s All About the “What”

Keynote  sponsored by: IBM

Stephen Ward
TIAA Financial Services
Expand Additional Information

Effective board presentations aren’t necessarily about fancy slide decks or weeks of rehearsal. As a CISO, successful board presentations rely on the ability to clearly communicate three critical messages: the threats your industry faces, the organization’s technology risk and control posture, and security’s road map and progress. Steve Ward rolls these factors into one business measurement service that simplistically shows the board how each has morphed over time. In this keynote, Ward will not talk about “how” to present to your boards. Instead, he’ll provide real examples of “what” to present to boards in order to earn a coveted voice at the table.

Advice for CISOs on Future Corporate Directorship

Keynote  sponsored by: IBM

Dr. Edward G. Amoroso
Retired SVP & CSO
Expand Additional Information

As CISOs continue to gain traction with executive leadership and their boards, the logical step for many business-minded security leaders is one that might’ve seemed preposterous just a few short years ago. Though few have accomplished the feat so far, many CISOs find themselves increasingly interested in serving as a corporate board member. In this session, former SVP & CSO for AT&T, Dr. Ed Amoroso shares his insights into the dynamics of cyber security governance and risk management responsibilities for directors. The goal is to help CISOs in their personal planning as potential future board members for public companies.

4:20pm - 5:00pm

Closing Reception & Luxury Prize Drawings

5:00pm - 6:00pm

CISO Coalition Member Meeting