Day 1: Sunday, March 26th

11:00 AM - 11:45 AM Welcome Brunch & Registration

11:45 AM - 12:00 PM Delegate and Sponsor Orientation

12:00 PM - 1:00 PM Kick-Off Networking Activity

Kevin Finke, Head of Culture & Engagement, NCR Corporation
Using Design Thinking to Transform Security Experiences- Part One

Whether your company is just beginning to actively think about how your employees experience security policies and programs, or whether you’re already busy transforming them for higher effectiveness and engagement, this two-part workshop is for you. Discover how the key elements of design thinking can provide a pathway to concept, create and deliver relevant, engaging security experiences for your workers.
In this two-part workshop, you will learn:
•What design thinking is and why it’s a new employee experience best practice
•How to develop and use effective employee personas for your security programs
•How to define your employee's security journeys and create impact when it matters most


Kevin Finke

Head of Culture & Engagement
NCR Corporation

1:00 PM - 1:10 PM Chairperson Official Welcome to IQPC's CISO Exchange

Jimmy Sanders, VP Information Security, Netflix DVD


Jimmy Sanders

VP Information Security
Netflix DVD

Opening Keynote

1:10 PM - 1:40 PM New Rules, New Tools- What's Needed for the New World

John Kirkwood, CISO, Safeway
While the vast number of enterprise companies have adopted risk-based security frameworks, they have not necessarily been tailored for streamlined internal and external communication.

Some organizations rely on outdated practices to combat the evolving threat landscape. In this session examine the careful balance of people, processes, tools and culture, needed to excel in a world where cyber security breaches are an ever-present part of enterprise risk management and regularly evolving technology. The people part of security needs to continue to shine as the CISO role evolves and the Board takes a more active role in information security as a business risk. Discuss new ways of approaching security for effective risk management that align with corporate culture and business goals.


John Kirkwood


1:40 PM - 1:45 PM Networking Break

Plenary Session

1:45 PM - 2:15 PM Building and Improving a Collaborative Privacy and Information Security Program

Jacki Monson, Vice President, Chief Privacy and Information Security Officer, Sutter Health
In this case study within the healthcare industry, explore the effective creation of an Privacy and Information security program. This practical discussion includes how regulators, the complexity of the current landscape, and the organizations appetite for risk influence the program. Amid a flurry of competing responsibilities assess how to keep the needs of stakeholders in balance and look at ways to engage stakeholders who manage and oversee operational impacts to the program.

In this presentation explore:

•Creating a strategic and tactical privacy and security program
•Building and measuring an effective security team
•Providing vision to lead in an evolving landscape


Jacki Monson

Vice President, Chief Privacy and Information Security Officer
Sutter Health

2:15 PM - 2:45 PM Business Meetings

2:45 PM - 3:15 PM Business Meetings

3:15 PM - 3:30 PM Networking Break with Refreshments

Sponsored by: Demisto

Master Class A

3:30 PM - 4:15 PM How Phishing and Social Engineering Became the #1 Attack Vector

Erich Kron, Security Awareness Advocate, KnowBe4
The number of ransomware attacks quadrupled in 2016 and are expected to double again in 2017.
Hackers are more resourceful than ever - using social engineering to aid them in creating more believable phishing emails, CEO fraud attacks, even dropping USB sticks in and around businesses.
In this session, we will examine real life examples of socially engineered attacks, ramifications you should be aware of, and some ideas on what you can start doing now like mobilizing your end-users as your last line of defense to help ensure you aren't the next victim.


Erich Kron

Security Awareness Advocate


3:30 PM - 4:15 PM From 10,000 to 500: Automating Alert Triage

Rishi Bhargava, Co-Founder & VP Marketing, Demisto
Attend this routable to see how Esri, a geospatial technology provider, deployed Demisto Enterprise to reduce their risk by 95%.

In 2016, Esri deployed Demisto to help them to streamline its Security Operations Center (SOC) activities with automated playbooks, response tasks and collaboration for improved responses to all relevant security alerts. As a result of efficiencies realized, Esri can now manage the long-term costs of its SOC operations by optimizing current security infrastructure and resources. Specifically, Demisto’s automation and collaboration have reduced the volume of alerts requiring active analyst review from 10,000 per week down to 500 per week. A risk reduction of 95%.

Such results can be felt all the way from the board room to the war room.


Rishi Bhargava

Co-Founder & VP Marketing

4:15 PM - 4:45 PM Business Meetings

4:45 PM - 5:15 PM Business Meetings

5:15 PM - 5:45 PM Business Meetings

Roundtable 1

5:25 PM - 6:30 PM Utilizing Artificial Intelligence to Analyze User Behavior

Jimmy Sanders, VP Information Security, Netflix DVD


Jimmy Sanders

VP Information Security
Netflix DVD

Roundtable 2

5:25 PM - 6:30 PM Social Engineering- Effective Ways to Raise Awareness

Roundtable 3

5:25 PM - 6:30 PM Protecting Data in the Hybrid Cloud

Roundtable 4

1:20 PM - 2:25 PM Building an Effective Application Security Program to Address Today’s Risks

All of the round tables will occur at the same time and each will be led by a cyber security executive. Choose the round table topic of most interest and join the discussion. There will be two rotations of 30 minutes each. Snacks will be served during the sessions.

6:45 PM - 7:15 PM Networking Cocktails

Sponsored by: Black Duck Software, Inc.