Day 2: Monday, March 12th

7:30 AM - 8:15 AM Breakfast

Case Study

8:15 AM - 9:00 AM Building and Improving a Collaborative Privacy and Information Security Program

Jacki Monson, Vice President, Chief Privacy and Information Security Officer, Sutter Health
In this case study within the healthcare industry, explore the effective creation of a combined Privacy and Information security program. This practical discussion includes balancing the needs of stakeholders-- the regulators, the complexity of the current landscape, and the organizations appetite for risk. Amid a flurry of competing responsibilities assess how to keep needs of stakeholders in balance and look at ways to engage stakeholders who manage and oversee operational impacts to the program.

In this presentation explore:

·Creating a strategic and tactical privacy and security program

·Building and measuring an effective security team

·Providing vision to lead in an evolving landscape

Jacki Monson

Vice President, Chief Privacy and Information Security Officer
Sutter Health

9:05 AM - 9:35 AM Business Meetings

9:35 AM - 10:05 AM Business Meetings

10:05 AM - 10:20 AM Networking Break


10:20 AM - 11:05 AM Defending Against DDos- Common Attacks and Best Mitigation Strategies

Distributed Denial of Services attacks continue to grow in numbers, complexity and frequency. Although DDoS attacks are just one part of the advanced threat landscape potentially endangering the enterprise including malware.
The attacks are far more dangerous than simple network and application attacks and are frequently used to cover unauthorized data exfiltration or other nefarious activities.

Join this discussion:

•Analyzing the use of DDos to disrupt and harm critical infrastructure

•Considering tactical and strategic initiatives to defeat adversaries

•Implementing corporate security priorities and external compliance and regulatory mandates

Master Class

10:20 AM - 11:05 AM Strengthening Common Vulnerabilities for Application Security

Gain insights from real world examples of effective application security strategies. Discuss approaches to finding the right tools. Change the conversation with application developers; how does it affect the enterprise from day-to-day. Shift from competing to complimentary priorities and strategies. View personal and corporate perspectives of application security with the proliferation of mobile devices in use in the work place. Discuss best practices for implementing application security programs, which provide return on investment.

In this session:

•Baselining common processes and architectures to secure

•Matching metrics to a progression of application security capabilities

•Creating, implementing and scaling application security programs

Case Study

11:05 AM - 12:05 PM Integration of the Electronic Storage Detection K-9

Ian Polhemus, Detective K-9 Handler, City of Seattle
This session will introduce attendees to the newest concept in K-9 training that has a technology component to it within the cyber crime fight. It will provide an overview of the Electronic Storage Detection (ESD) K-9 program as well as discuss both the law enforcement and civilian applications in today’s evolving physical and cyber security world.
Following the investigation and subsequent arrest of Subway pitchman Jared Fogle, with the assistance of a black lab named “Bear”, Ian reached out to the trainer and initiated a plan to purchase Bear and bring him back to Seattle.

Since September of 2015 Ian and Bear have continued to support the Internet Crimes Against Children Task Force, where they focus on assisting investigators in the recovery of digital evidence that might otherwise have gone undetected, but for the power of the nose!

Ian Polhemus

Detective K-9 Handler
City of Seattle

12:10 PM - 1:10 PM Networking Lunch

Engage in your choice of two 30-minute targeted discussions for open exchange among industry peers

1:10 PM - 2:15 PM Rotating Roundtable Discussions

1. Navigating Cyber Security Legislation and Regulation

2. Strengthening Data Center Security in Face of Breaches

3. Utilizing Artificial Intelligence in Incident Response

2:15 PM - 2:45 PM Business Meetings

2:45 PM - 3:15 PM Business Meetings


3:20 PM - 4:05 PM Safeguarding Privileged Access- Insider Threats

Traditional corporate security focuses on strengthening the external perimeter. But recent cyber breaches have shown a shift to attacks from within the enterprise’s corporate network using privileged accounts. Once cyber criminals gain access, they have the ability to elevate privileges and move about the network undetected. Understanding this approach to compromise systems is essential to developing ways to mitigate the risk.

In this session, we’ll

• Review a case study demonstrating abuse of privileged credentials

•Illustrate how privilege is used in these attacks

•Discuss effective mitigation and prevention strategies


3:20 PM - 4:05 PM Utilizing Big Data and Predictive Analytics to Navigate Risk

Enterprise risk assessment and modelling using predictive analytics is a major tool for insurance, financial services and government. The availability of big data and the tools used to process data from multiple sources has led to a more comprehensive understanding of customers’ risk for actions ranging from defaulting on debt to suffering a major security incident. Using these tools and techniques to their fullest capacity will save enterprises money and time in the long run by avoiding less-desirable outcomes.

4:05 PM - 4:20 PM Networking Break

4:20 PM - 4:50 PM Business Meetings

4:50 PM - 5:20 PM Business Meetings

5:15 PM - 6:00 PM Workshop on Integrating Artificial Intelligence into Security

While the idea of artificial intelligence may create images of robots leading the security team. AI now can help with identifying cyber security threats more rapidly with greater visibility. The new cyber threat landscape often goes beyond taking data and includes deliberate disruptions and attacks to the integrity of the data. Securing in an Internet of Things environment means a much wider attack surface with extra security challenges.

In this session examine:

•Eliminating time consuming and repetitive tasks

•Using machine learning to model user, device and network behaviors

•Expanding beyond rules and signatures to mitigate evolving attacks

6:00 PM - 6:00 PM Networking Reception