Select conference presentations and multimedia are available for members of Evanta365.

Media from this event includes
  • Audio
  • pdf


May 12, 2014 / Conference

7:00am - 7:40am

Registration & Breakfast

7:45am - 8:50am Opening Keynote

The Persistent Threat – Combating the Evolving Cybersecurity Challenge

Keynote sponsored by: Cisco Systems, Inc.

Michael Chertoff
Chairman, Chertoff Group & Former Secretary, U.S. Department of Homeland Security
Expand Additional Information

Today’s unrelenting threat of cyber crime represents one of the most disruptive dangers to national security since the onset of the nuclear age 60 years ago. Despite the public profile, much of the homeland security issues, warring and economic damage occur within the private sector. In this keynote, Michael Chertoff discusses the unparalleled nature of modern cyber attacks and how the nation must meet the challenge. He also shares how all industries can more effectively manage risk, educate staff and secure their most critical assets. Chertoff offers insight on how leaders can guide companies to become more resilient against future attacks and shift corporate culture accordingly.

8:50am - 9:20am

Networking Break

9:20am - 10:10am Breakout Sessions

Holistic Risk Management – Guiding the Business Through Change

Featured Session sponsored by: Damballa

Medha Bhalodkar
Columbia University
Joel Molinoff
Dr. Robert Zandoli
SVP, Global CISO
American International Group, Inc.
Michael Rossman
Former VP & CISO
Freddie Mac
Expand Additional Information

Historically, many organizations have talked about risk in silos, from finance and operational risk to IT and security. More and more, BODs are favoring a more holistic approach to risk management, and as the focus shifts, CISOs are saddling up to manage that change. In order to provide the business with the knowledge they need to make the right risk-based decisions, the security leader must identify the company’s most valuable assets, predict the impact of compromise and share that information with the business in a way that makes it personal and relevant. Join this engaging session for strategies and tips for shifting to a risk-based business model.

Humans – The Weakest Link or Your Greatest Security Asset?

Featured Session sponsored by: PhishMe

Rohyt Belani
CEO and Co-Founder
Expand Additional Information

Are your users more likely to cause or prevent your next data breach? Industry consensus shows that users are greater risks than assets, and the number of breaches initiated through attacks targeting users is justification. Does it have to be that way? Rohyt Belani believes that an immersive training program teaches employees to not only recognize and avoid common attack methods, but also provides an extra layer of threat detection and mitigation. This presentation will discuss why humans are such a critical element of your security posture and offer insights for cultivating this untapped resource.

Impacts and Opportunities of the Cyber Executive Order and NIST Framework

Executive Boardroom sponsored by: Booz Allen Hamilton

Linda Betz
The Travelers Companies, Inc.
Dennis Dickstein
Chief Privacy & Information Security Officer
William Stewart
SVP, Cybersecurity
Booz Allen Hamilton
Expand Additional Information

Created through public-private collaboration, the NIST Framework serves as a working document of collective intelligence that standardizes the best scalable, cost-effective practices for improving cybersecurity programs. Now that it’s released, how will it impact the business community? In this boardroom, Bill Stewart leads a peer discussion on the value of the framework, advantages and incentives for implementation, and questions about the framework’s place in a long-term, national strategy for protecting critical infrastructure from cyber crime.

Insider Threats – Thwarting Sophisticated Cyber Adversaries and Attacks on Privileged Users

Executive Boardroom sponsored by: Vormetric

Ramin Safai
Jefferies & Company, Inc.
Alan Kessler
President & CEO
Vormetric, Inc.
Expand Additional Information

The profile of insider threats is changing. Traditionally, insider risk came from disgruntled or malicious employees, but recent events have shifted focus to privileged users, service providers and accounts compromised by APTs and other malware. Yet organizations continue to invest in perimeter and host-based security technologies despite the limited success such defenses have with knowledgeable insiders and sophisticated cyber adversaries. Join Alan Kessler, CEO of Vormetric, and Ramin Safai, CISO of Jeffries and Company, for a discussion on the state of insider threat protection for the global enterprise and to exchange best practices for protecting data — both in the local enterprise environment and in Big Data and cloud implementations.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact: Lindsey Geist at 503-972-4449 or

10:10am - 10:40am

Networking Break

10:40am - 11:30am Breakout Sessions

Clarifying the Cloud – A Proactive Approach to Cloud Use

Featured Session sponsored by: Palo Alto Networks

David Cass
Expand Additional Information

The public cloud has not only settled on the IT landscape, it has infiltrated every facet of the business. It presents complex issues around identity management, compliance and data intelligence, and CISOs wonder if the risk is worth the ROI. For David Cass of Elsevier, successful cloud adoption is about establishing governance that takes advantage of the cloud’s versatility. This means engineering the appropriate intelligence for your organization, building a data security framework and assessing providers on cloud security standards. In this session, learn how his risk-based approach to cloud translates into competitive advantage.

Big Data Meets Security – Operationalizing an Intelligence-Driven Security Program

Featured Session sponsored by: RSA, The Security Division of EMC

Mike Huckaby
VP & Global Strategist
RSA, The Security Division of EMC
Expand Additional Information

Big Data and intelligence-driven security is currently touted as the right solution for detecting and stopping advanced threats. But how can CISOs plan, build and operate an effective security program that leverages this powerful new paradigm in areas such as identity management, advanced security operations, incident management, fraud and GRC? Identifying and understanding advanced attacks requires access to and analysis of more dynamic and diverse sets of data which can create actionable intelligence. This session overviews how Big Data analytics can transform security programs, approaches to roadmap design and implementation, and how to operationalize and measure results.

From Risk Management to Better Governance, Relating GRC to the Boardroom

Executive Boardroom sponsored by: Modulo

Andrew Conte
Information Security Officer
The Guardian Life Insurance Company of America
Stephen Gant
Managing Director, North America
Expand Additional Information

Security organizations invest a lot of money on tools to mitigate risk, but how do they leverage the data in a way that speaks to business relevance? How do CISOs effectively articulate leading risk indicators? Why should they? As the guardian of corporate data, the CISO is in the optimal position to lead the business on a maturity path to GRC. This executive boardroom, led by industry subject matter experts, will bring together a community of thought leaders to explore lessons learned, personal case studies and business cases to advance performance and national security.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact: Lindsey Geist at 503-972-4449 or

Identity Access Management – Getting Past the Building Blocks

Executive Boardroom sponsored by: Dell Software

Zouhair Guelzim
L'Oréal USA
Laura Jagodzinski
Realogy Corporation
Eric Robinson
Dell Software Executive
Dell Software
Expand Additional Information

As an organization grows, so do the number of accounts that tie into the network. Consequently, managing identity access becomes more complex, and CISOs recognize the need for a more holistic and conceptual approach to detect and prevent intrusion. It is no longer simply about finding the right tool. Join this boardroom to discuss the current state of IAM in peer organizations as well as strategies for shifting the mindset from building the structure to making it work for you.

11:30am - 12:00pm

Networking Break

12:00pm - 1:20pm Luncheon Keynote

Next-Generation CISOs

Keynote sponsored by: IBM

Mark Connelly
Thomson Reuters Corporation
John J. Masserini
Miami International Holdings
Steven Young
VP, Security & Risk Management, CISO
Kellogg Company
Thornton May
Leading IT Futurist
Evanta Leadership Network
Expand Additional Information

The security industry is changing and with it, the role of the security leader. Or is it the other way around? With the evolution of security policy at the micro and macro levels, and the growing responsibility of the security team to protect the organization and its reputation, CISOs are positioned to make unprecedented positive impact. In this keynote panel, Thornton May leads Top 10 Breakaway Leaders through a conversation about successful leadership, and the critical decisions and investments each has made to shape their organization, their profession and the next-generation security community.

1:20pm - 1:50pm

Networking Break

1:50pm - 2:40pm Breakout Sessions

Providing a Framework for Building a Security Organization

Featured Session sponsored by: MobileIron

Steven Young
VP, Security & Risk Management, CISO
Kellogg Company
Expand Additional Information

For the last two years, Steven Young has developed partnerships across all levels at Kellogg and empowered active participants to help defend the company. Through implementing awareness and training programs and adopting new technologies into the organization, Young has been creating the support that is necessary for building a successful global security organization. Kellogg’s global security steering committee has built a platform to provide their partners a voice in security and evoke a sense of ownership in securing Kellogg’s digital assets and brand. Join Kellogg’s CISO as he discusses the challenges, lessons learned and key components in building a successful security framework for a global organization.

Defense is Critical, but Offense Wins Games

Featured Session sponsored by: Dell SecureWorks

Jon Ramsey
Dell SecureWorks
Expand Additional Information

Let’s face it — when it comes to combating ever more sophisticated threats, security professionals are playing defense. The unknown is keeping CISOs and their teams in a constant reactive state. With corporate reputation and economic prosperity on the line, CISOs are asking how to defend against the unidentified adversary and how to move away from the traditional defensive position of the past. In this session, Jon Ramsey shares best practices to implement a more proactive security posture and outlines the top things CISOs can do immediately to move the business forward and add more control to the security environment.

Looking to Data for Security

Executive Boardroom sponsored by: Vanguard Integrity Professionals

Dennis Brixius
McGraw-Hill Financial
Laraine Weglarz
Patrick Gray
Principal Security Strategist
Vanguard Integrity Professionals
Expand Additional Information

As criminal and state-sponsored cyber attacks become more sophisticated, traditional security solutions no longer sufficiently defend against them. Adversaries are exploiting zero-day vulnerabilities to gain access to data and networks, communicating over a variety of channels to exfiltrate critical information. To combat this, organizations must adopt new approaches such as collecting and analyzing data from the security infrastructure to help spot anomalies and subtle indicators of attack. In short, security is becoming a Big Data problem. Join this peer discussion led by Patrick Gray to explore the activities of the criminal underground and to strategize new methods for safeguarding your organization’s sensitive data.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact: Lindsey Geist at 503-972-4449 or

Protecting Business-Critical Applications from Cyber Attacks

Executive Boardroom sponsored by: Onapsis

Brian Lozada
Director, Information Security
Condé Nast
Deborah Snyder
New York State
Mariano Nunez
Expand Additional Information

A well-implemented ERP is the lifeblood of an organization, managing most of its business-critical information and processes. However, recent research shows that more than 95 percent of these platforms have serious vulnerabilities, exposing unsecured organizations to espionage, sabotage and financial fraud risks. How can CISOs better understand the threats to their ERP and how to protect against them? Join this conversation to discuss the most critical ERP risks affecting organizations worldwide and hear real-world examples of how these threats can be mitigated. CISOs will learn how others in the security community are efficiently securing their business-critical applications.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact: Lindsey Geist at 503-972-4449 or

2:40pm - 3:10pm

Networking Break

3:10pm - 4:00pm Closing Keynote

A CFO’s Perspective – Where Security and Business Partnership Meet

Keynote sponsored by: Accuvant

Laurence Tosi
Expand Additional Information

With a vested interest in competitive advantage, the private sector must innovate in order to defend against cyber-attacks. Information risk and security management has become a board-level issue for corporations, and communication between CISOs and business leaders is paramount to proactively addressing threats and responding to incidents. In this session, Laurence Tosi provides a CFO’s perspective on how security leaders should best communicate information risk and potential countermeasures as risk management tradeoffs.

4:15pm - 5:00pm

Closing Reception & Luxury Prize Drawings