Agenda


May 11, 2015 / Conference


7:00am - 7:45am

Registration & Breakfast

7:45am - 8:30am Opening Keynote

Clouds of Change

Keynote  sponsored by: Akamai Technologies, Inc.

Dr. Edward G. Amoroso
SVP & CSO
AT&T
Expand Additional Information

Traditional perimeter defenses have stepwise degraded during the past two decades, resulting in a largely ineffective and widespread approach to cybersecurity. Edward Amoroso will share suggestions and considerations regarding the use of a secure cloud to reduce this risk. He will also provide timely analysis of current issues in cybersecurity, security infrastructure protection and large-scale attacks.

8:30am - 9:00am

Networking Break

9:00am - 9:50am Breakout Sessions

We’ve Been Hacked – And Here Come the Lawyers!

Featured Session 

Joseph DeMarco
Partner
DeVore & DeMarco LLP
Expand Additional Information

A steady stream of high-profile breaches and revelations in the news highlight the cybercrime and espionage threats posed to American businesses. Yet beyond attention-grabbing headlines, there is scant concrete contextual analysis around the legal and regulatory ramifications of this phenomenon. Every company holds data and must protect it. But litigation and regulatory actions inevitably follow cyber mishaps, and CISOs are on the front lines of response. Joseph DeMarco, former head of the cybercrime unit at the Department of Justice in New York, describes what is behind the recent surge of cybercrime, why it matters, and what a company should — and should not — do about it.

Phishing for the Foolish – Why Hackers Love Gilligans and Their Best Lures

Featured Session  sponsored by: Blue Coat Systems, Inc.

Grant Asplund
Director, Evangelism
Blue Coat Systems, Inc.
Expand Additional Information

“When I took office, only high energy physicists had ever heard of what is called the World Wide Web...now even my cat has its own webpage.”
— Bill Clinton

Nearly a decade later, most Internet users are not technically savvy and do not understand the infrastructure that supports and drives the World Wide Web. They aren't familiar with DNS or subnet masks or how these infrastructure components function. This session combines humor and current research from nearly 80 million users to highlight how hackers take advantage of the uninformed, how to make sure your employees are not uninformed and ways to limit cyber criminals’ success.

Dream Defense – Designing an Ideal Cybersecurity Solution

Executive Boardroom  sponsored by: Novetta Solutions

Brian Lozada
CISO
Abacus Group LLC
John J. Masserini
CSO
Miami International Holdings
Laraine Weglarz
CISO
Kering
Peter LaMontagne
CEO
Novetta
Moderator
Expand Additional Information

Imagine you've built the quintessential security solution. What does it entail? Probably, it includes a real-time, uncorrupted picture of your entire network. On the other hand, maybe it is most important that your analysts, hunters and responders can receive guidance from database queries at the speed of thought. Or perhaps the component that trumps all others in your ideal toolkit is the ability to see the commands a malware piece is sending out as it unfolds across your network. In this discussion, explore the concepts of real-time cybersecurity monitoring and debate the design of a consummate cybersecurity solution with your peers.


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).
To reserve your seat, please contact:
Chase Dillon at 971-717-6670 or chase.dillon@evanta.com

Preventing Data Loss and Preserving Bottom Line Value

Executive Boardroom  sponsored by: InteliSecure Inc.

Jeffrey Brown
Head of IS, Risk & Compliance
AIG Asset Management
Zouhair Guelzim
VP & CISO
L'Oréal Americas
Robert Eggebrecht
President & CEO
InteliSecure Inc.
Moderator
Expand Additional Information

Organizations are on guard when it comes to data security, and rightly so — 2014 was an unprecedented year. Are data breaches now ubiquitous, a virtual certainty? Join Robert Eggebrecht for a roundtable discussion on the paradigm shift taking place within information security and discuss techniques for identifying, prioritizing and protecting critical assets. Join peers to weigh data loss prevention techniques and technologies to prevent data theft, and consider future concerns coming down the pipeline for the information security field.


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).
To reserve your seat, please contact:
Chase Dillon at 971-717-6670 or chase.dillon@evanta.com

9:50am - 10:20am

Networking Break

10:20am - 11:10am Breakout Sessions

Back to the Future – Designing Data-Centric Security

Featured Session 

Andrew Stravitz
CISO
Safra National Bank of NY
Expand Additional Information

CISOs spend a lot time worrying about protecting data, but data doesn’t have to be the enemy. As Andrew Stravitz learned while building a nearly impenetrable online platform at a previous company, it’s important to segregate duties and take a separate approach for all layers of information security. A data-centric approach that handles each layer as its own entity creates transparency and focus. Overcoming the barriers — political, resource constraints or other roadblocks — to a data-centric approach to security is difficult and necessary, but possible. Stravitz shares tips for befriending data and making hackers unsuccessful in this illuminating session.

The Convergence of Insider and Advanced Threats

Executive Boardroom  sponsored by: Accuvant + FishNet Security

Jay Leek
CISO
Blackstone
Derek Vadala
Managing Director, CISO
Moody's Corporation
Jason Clark
Chief Security & Strategy Officer
Accuvant + FishNet Security
Moderator
Expand Additional Information

Historically, the insider threat has been undervalued and underestimated, and combating it has been underfunded. Whether an employee is taking you for a ride or is an intruder in disguise, a strong insider threat mitigation strategy is necessary. Security leaders are called to acknowledge this problem and implement the required resources, personnel and technologies to moderate the risk of an insider attack. Join this interactive discussion to hear tales from the trenches, discuss how an insider program can do even more than you expect and consider strategies to build a strong insider threat mitigation program.


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).
To reserve your seat, please contact:
Chase Dillon at 971-717-6670 or chase.dillon@evanta.com

Risk Intelligence Befits Resilience

Executive Boardroom  sponsored by: Wipro Technologies

Mark Connelly
CISO
Thomson Reuters
Timothy Rogers
Sr. Mgr., Chief Sec. Architect
United Technologies Corporation
Siva VRS
GM & Business Head - Americas, Enterprise Security Solutions
Wipro Technologies
Moderator
Expand Additional Information

With security and risk becoming increasingly frequent board of directors discussions, managing risk within the enterprise is a prime responsibility for CISOs. An integrated view of the organization’s risk, compliance and security posture is key to efficient risk management and resilience. But significant challenges persist. How can CISOs overcome a siloed view of risks, vulnerabilities and noncompliant policies and controls? How can real-time, actionable intelligence contribute to proactive risk management? This session discusses methods to best overcome such challenges to ensure improved business resilience.


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).
To reserve your seat, please contact:
Chase Dillon at 971-717-6670 or chase.dillon@evanta.com

10:20am - 11:10am

An Ounce of Prevention

Game Changer  sponsored by: PhishMe

Linda Betz
CISO
The Travelers Companies, Inc.
Expand Additional Information

With media furies following every major breach, CISOs should step into peers’ shoes to lessen a similar firestorm at their organizations. Linda Betz shares tabletop exercise planning and execution tips.

This is the first of three concise and compelling 15-minute presentations during this breakout session. Each brief, high-value presentation will extract a leading best practice or a breakthrough industry solution with tangible takeaways.

Elevating Security to Innovative Enabler

Game Changer 

David Cass
SVP & CISO
Elsevier
Expand Additional Information

It’s no longer a breach that kills a CISO’s career, but information security failing to help the business innovate. Learn what’s changed and an innovation framework to help achieve alignment.

This is the second of three concise and compelling 15-minute presentations during this breakout session. Each brief, high-value presentation will extract a leading best practice or a breakthrough industry solution with tangible takeaways.

Incident Response – The Law Enforcement Perspective

Game Changer 

Tate Jarrow
Special Agent, New York Electronic Crimes Task Force
U.S. Secret Service
Expand Additional Information

Do you know if you've been breached? Does your plan include contact with law enforcement? Do you know what to expect from law enforcement during an incident?

This is the third of three concise and compelling 15-minute presentations during this breakout session. Each brief, high-value presentation will extract a leading best practice or a breakthrough industry solution with tangible takeaways.

11:10am - 11:40am

Networking Break

11:40am - 12:50pm Luncheon Keynote

Security's Age of Enlightenment

Keynote  sponsored by: RSA, The Security Division of EMC

Amit Yoran
President
RSA, The Security Division of EMC
Expand Additional Information

Europe’s Middle Ages — sometimes referred to as the Dark Ages — were marked by fear and ignorance. Today, we are living in a Dark Age of security, clinging to outmoded world views and relying on tools and tactics from the past in hopes of keeping the barbarians away. We must cast off the past and enter an Age of Enlightenment by pursuing greater visibility into and understanding of our world. In this session, Amit Yoran discusses critical imperatives CISOs can pursue to stop operating in the dark, and meet today and tomorrow head-on.

12:50pm - 1:20pm

Networking Break

1:20pm - 2:10pm Breakout Sessions

On Being a CISO – The First 100 Days and Beyond

Featured Session  sponsored by: Dell Software

Mark Viola
VP, Global CISO
Henry Schein, Inc.
Expand Additional Information

Whether building a cybersecurity program from the ground up or stepping into a role with total board visibility, a new CISO brings a different perspective based upon their technical and/or business background and experience. In this session, hear Mark Viola’s approach based on his experience as a cybersecurity leader with companies of different sizes, scopes, maturity levels, and organizational positioning. His approach most recently led to a successfully implemented 100-day plan, culminating in a cybersecurity strategy, road map and board-level presentation. Learn how to make an impact and deliver results more efficiently and effectively on day one, day 101 and beyond.

Is Your Threat Intelligence Data Program Ready for Prime Time?

Executive Boardroom  sponsored by: Tripwire, Inc.

Jeffrey Brown
Head of IS, Risk & Compliance
AIG Asset Management
Stephen Gilmer
Head of IT Governance, Risk and Compliance
Sikorsky Aircraft Corporation
Ken Westin
Sr. Security Analyst
Tripwire, Inc.
Moderator
Expand Additional Information

As threat actors evade security controls at an alarming rate, how can information security professionals find the best tools to enable rapid response? Come prepared to discuss how organizations are leveraging threat intelligence data, threat feeds and threat clouds, as well as how this intelligence is best integrated into overall security and risk programs. Discuss opportunities for utilizing innumerous data to enable new business opportunities and defend against trending threats.


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).
To reserve your seat, please contact:
Chase Dillon at 971-717-6670 or chase.dillon@evanta.com

Navigating Third Party and Supply Chain Security

Executive Boardroom  sponsored by: PwC

Medha Bhalodkar
CISO
Columbia University
Joel Molinoff
CISO
CBS
Avinash Rajeev
Director
PwC
Moderator
Expand Additional Information

In today’s diversified IT world, CISOs are looking to vendors for smarter, more cost-efficient solutions. As each company’s security protection profile matures, however, so do their expectations for the vendors hired to protect the integrity and security of shared information. The expansion of third-party risk from both trusted IT partners and supply chain participants creates additional threat exposure points. For security leaders, third-party and supply chain risk management is a non-negotiable strategic tool. Join fellow CISOs to debate best practices and new approaches for managing third party and supply chain partners.


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).
To reserve your seat, please contact:
Chase Dillon at 971-717-6670 or chase.dillon@evanta.com

1:20pm - 2:10pm

Redefining Vulnerability Discovery – Beyond Bug Bounty

Emerging Provider  sponsored by: Synack

Gus Anagnos
VP, Strategy & Operations
Synack
Expand Additional Information

Companies increasingly turn to bug bounty initiatives to identify weak points and add value to broader security programs. But limitations still exist. What’s the next-generation model for vulnerability discovery?

This is the first of three concise and compelling 15-minute presentations during this breakout session. Each brief, high-value presentation will extract a leading best practice or a breakthrough industry solution with tangible takeaways.

Is Your DDoS Mitigation Battle Tested?

Emerging Provider  sponsored by: Security Compass

Sahba Kazerooni
Managing Director
Security Compass
Expand Additional Information

You wouldn't go to a boxing match without first sparring, so why risk everything implementing and trusting anti-DDoS solutions without thorough and ongoing testing specific to this imposing threat?

This is the second of three concise and compelling 15-minute presentations during this breakout session. Each brief, high-value presentation will extract a leading best practice or a breakthrough industry solution with tangible takeaways.

Protecting Your Data Across Many Clouds

Emerging Provider  sponsored by: CipherCloud

Bob West
Chief Trust Officer
CipherCloud
Expand Additional Information

When users adopt “the cloud,” they actually adopt many clouds. By learning to identify all the clouds your enterprise uses, you are better able to protect sensitive data wherever it goes.

This is the third of three concise and compelling 15-minute presentations during this breakout session. Each brief, high-value presentation will extract a leading best practice or a breakthrough industry solution with tangible takeaways.

2:10pm - 2:30pm

Networking Break

2:30pm - 3:20pm Breakout Sessions

Eliminate the “Us Versus Them” Mentality

Featured Speakers  sponsored by: Veracode

Kenneth Corriveau
SVP, CIO Worldwide
Omnicom Media Group
Dan Reynolds
VP, Chief of Sec. & Info. Arch.
Omnicom Group Inc.
Expand Additional Information

Technology and security teams today are under greater demands to deliver than ever before. Success requires a team that extends beyond the information security department. CISOs must develop a holistic relationship with their business leaders, peers and colleagues to ensure that risk and security concerns are addressed across the organization. In this engaging co-presentation, Kenneth Corriveau and Dan Reynolds describe how they built a winning partnership within Omnicom Media Group to deliver business value and manage risks. Together they have ensured that security doesn't operate in a vacuum, but as an integral component to their company culture.

Mobile Security Strategies in a Post-Breach World

Executive Boardroom  sponsored by: MobileIron

Laura Jagodzinski
VP & CISO
Realogy Corporation
Ramin Safai
CISO
Jefferies & Company, Inc.
Michael Raggo
Security Evangelist
MobileIron
Moderator
Expand Additional Information

Recent cyberattacks have plagued organizations across industries. As companies move into the digital age with smartphones and tablets, post-breach wisdom must be incorporated into mobile security strategies to avoid making the same mistakes. Explore the evolution of mobile security and today’s ability to leverage layered controls to minimize exposure and mitigate breaches. Based on lessons learned from real deployments, discuss how to respond to threats from malware, apps, jailbreaks and network attacks. Deliberate best practices for securing mobile content and mitigating data loss while balancing security with privacy.


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).
To reserve your seat, please contact:
Chase Dillon at 971-717-6670 or chase.dillon@evanta.com

The Board Needs You

Executive Boardroom  sponsored by: HP Enterprise Security Products

Michael Higgins
VP & CISO
NBCUniversal, Inc.
Michael Rossman
Former VP & CISO
Freddie Mac
Deborah Snyder
CISO
New York State
Cindy Cullen
ESP Security Strategist
HP Enterprise Security
Moderator
Expand Additional Information

After the breach, Institutional Shareholder Services recommended Target shareholders replace seven of 10 board directors for “failure to provide sufficient risk oversight.” No wonder boards are now asking for more cybersecurity information. It falls to CISOs to make sure boards are appropriately informed to provide oversight, implement a plan and become of layer of defense in cyber risk governance. Is your board prepared? Are you? Join this discussion prepared to talk security frameworks, mapping major cyber risks to enterprise risk, prioritizing metrics and general communication with the board.


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).
To reserve your seat, please contact:
Chase Dillon at 971-717-6670 or chase.dillon@evanta.com

3:20pm - 3:40pm

Networking Break

3:40pm - 4:20pm Closing Keynote

Promoting Private Sector Cybersecurity Information Sharing

Keynote  sponsored by: IBM

Andy Ozment
Assistant Secretary for Cybersecurity & Communications
U.S. Department of Homeland Security
Expand Additional Information

Information sharing between the private sector and the government is the lifeblood of effective cyberdefense and response. Most public-private information sharing is currently conducted through Information Sharing and Analysis Centers, but the executive order issued in February by President Obama calls for the development of Information Sharing Organizations to promote better cybersecurity information sharing between the private sector and the government. Join this session to learn about the role of ISACs, ISAOs, and the Department of Homeland Security’s information sharing initiatives, and which information sharing method would be best suited for your organization.

4:20pm - 5:00pm

Closing Reception & Prize Drawings