The CISO Executive Summit is a great experience and I really enjoyed the opportunity to network with other IT professionals, share lessons and forward-looking plans.
Tom Soderstrom, Chief Tech. and Innovation Officer, Office of the CIONASA Jet Propulsion Laboratory
The CISO Executive Summit is easily one of the best opportunities for security professionals to meet, network, talk and even learn, as a dedicated regional security event. I can’t recommend it highly enough.
The biggest problem in corporate information security is the people performing the work. There are those outside the security field, and even many inside the field, who think they know what they need to know about security but clearly don’t. Additionally, some people know a great deal about one aspect of security, but are woefully weak in other aspects and don’t know it (or want to know it). Because of this phenomenon, most organizations have a false sense of security. Using entertaining analogies from martial arts and psychology, Ira Winkler will discuss this critical security failing, sharing tips on how to tell if you are dealing with people who are properly skilled, and how to plan your security programs accordingly.
The security industry has demonstrated time and time again an enduring resiliency and ability to innovate that has made information technology safe enough to transform the world. But today we face harsh realities. Never have we witnessed so many high-profile, targeted cyber attacks than in the past year. So, what do we do now? Just as our adversaries have taken advantage of the sheer speed and availability of information on the Internet, we need to do the same. In this session, Dave Martin will explain how we can unearth the wealth of intelligence that is buried within those very same infrastructures — and use that intelligence to our advantage. Martin will discuss how we must change our conventional approach to security to an intelligence-driven approach in order to continue to build a trusted digital world.
The ability to communicate clear and concise information to your leadership team is essential in maintaining a successful security program and achieving corporate buy-in. Dan Meacham, CISO at ARAMARK Uniform & Career Apparel is making it his priority to establish easy to read metrics and dashboards that provide transparent communication throughout the organization. His ability to utilize mobile technology ensures that the right information is viewed in an effective and efficient way. In this session, Meacham will explore the importance of understanding the data and how to deliver this information to your executives in an easy to read format that enables them to ask the right questions that will move their organizations forward.
The threat environment has changed rapidly, and what we once thought of as theoretical is now a reality. Things we thought couldn’t be secured, or didn’t need to be secured, are now essential to a secure environment. We’ve seen a rise in advanced persistent threats, which have been effective in targeting organizations worldwide. Critical infrastructures were not a major concern for most — until Stuxnet hit and left organizations scrambling. Now, with the explosion of embedded devices, we’re seeing an explosion of threat vectors. We must secure all of these, while the bad guys only need to find one way in.
Simon Hunt breaks the myth that certain things don’t need to be secured, and that certain things aren’t securable. He will discuss a new approach, which encompasses going into the hardware, ensuring real-time updates and strong, clear metrics for success.
At Sempra Energy, Alex Kunz is working to develop an information security strategy that identifies the essential components of a successful risk management program. In this session Kunz will discuss Sempra’s strategic roadmap for security program maturity. He will share his challenges and lessons learned as well as how others can leverage what he has done to implement an effective risk strategy.
Session discovery topics:
Understanding and applying key business processes
Integrating operational processes with security, risk and compliance
Combining the roles and responsibilities of risk management and security
Today, a single security breach can change a company’s future. CISOs are losing control of platforms and channels; endpoints are becoming user-owned mobile devices; cloud applications now deliver data to uncontrolled locations and networks; and perimeters are open to social networking, social media, and the cybercrime that comes with them. Jason Clark and John McCormack will provide solutions for protecting your organization amidst this changing environment. Ultimately, it begins with controlling your data — who’s accessing it, where it’s been and where it’s going.
Session discovery topics:
Malware’s role in other data theft attacks
Preparing for APT and how to respond when you’ve been attacked
This presentation is a special request from the Governing Body to hear the FBI share their case study of Operation Phish Phry (OPP). OPP is an international investigation which led to one of the largest cyber fraud take-downs in recent history.
You are invited to join discussion leader, Robert Brown and moderator Wade Williamson in this interactive, executive boardroom. We will discuss how enterprise applications, users and their devices intersect with security and productivity, as well as strategies for embracing new technologies without taking on new risk.
Session discovery topics:
Keeping your enterprise productive while defending it from a new breed of sophisticated threats
How internal users and external threats can skirt your security using enterprise applications
The impact of the growing popularity of SSL to enterprise security and end-user privacy
Practical security strategies to enable technologies while combating threats
Due to the format of the Executive Boardroom session, there are a limited number of seats available. Seating priority will be given to CISOs. To reserve your seat, please contact Scott Smejkal at 503-972-4452, or Scott.Smejkal@evanta.com. Sponsor participation is limited to Boardroom sponsor attendees only
Mobile technologies are infiltrating every aspect of the workforce, and having a mobile strategy is no longer an option, it is a necessity. With this influx of technologies comes new risks and liabilities. In this interactive panel moderated by Ed Pagett, Jonathan Chow, George DeCesare and Robert Pittman will discuss the current state of mobility and the role security plays in this rapidly evolving landscape. They will explore the regulatory requirements surrounding mobile devices and how CISOs can partner with the business to implement a secure and effective mobile strategy.