Day 2: Monday, March 27th

8:00 AM - 8:10 AM Chairperson's Opening Remarks

The Chief Information Officer serves as a “translator” between the business and technology divisions of the enterprise. The executive’s role is becoming more risk focused and is much more business-oriented than solely Information Technology. The CISO must be able to talk in business lingo and go back to talking competently on technical issues.

•Navigating changing regulations and legislation and gauging impact on business
•Assessing current threats, common vulnerabilities, emerging technologies and impact within specific environment
•Serving as a bridge between technical nuances and organizational impact
•Best metrics for measuring the success or failure of an information security program


img

David Whipple

Chief Information Security/Risk Officer
Apple Leisure Group

BG Badriprasad

Chief Security Architect
Ross Stores
img

Harry O’Laughlin

CISO
California Department of Insurance
img

Matt Davies

Sr. Director It Risk Management
Ciena

9:15 AM - 9:45 AM Business Meetings

9:45 AM - 10:15 AM Business Meetings

10:15 AM - 10:30 AM Networking Break

BrainWeave B

10:30 AM - 11:15 AM DDoS and Network Security: A Race against Crime

Tom Brandl, CISO, Neustar
Last year, 53% of organizations that received a DDoS attack also experienced an enterprise breach that was in concert with the assault according to Neustar research. DDoS attacks are far more dangerous than simple network and application attacks and are frequently used to help mask other malicious activity.

This strategic session will uncover and bring to the light the security threats that are lurking behind the attacks and help security executives better prepare their active defenses.
Join Neustar’s CISO Tom Brandl, as he leads a discussion on:
•How attackers use DDoS attacks to disrupt and endanger businesses
•Why DDoS is becoming more common in ransomware attacks
•What strategic considerations are needed to defeat attacker motives
•security issues and compliance requirements

img

Tom Brandl

CISO
Neustar

Master Class B

10:30 AM - 11:15 AM CISO communication to the board and C-suite – Is it the continuum of common sense or lack there of ?

Corey White, VP WW Consulting, Cylance
In this session we will discuss ways to communicate risks so that the C-suite can comprehend cyber risks not from the doom and gloom that many in the security industry so readily create to scare people in to purchases but in the context of the enterprise risk, the top 10 universal business risks, and potential societal risk that can occur as we further digital transformations. We will also cover what I call the Z-shaped CISO and how becoming one will not only make you a better leader but a better communicator that influence broadly across your organization. Lessons learned will conclude with tips on presenting specifically to the board.

img

Corey White

VP WW Consulting
Cylance

Plenary Session

11:15 AM - 11:45 AM Enterprise Fraud Prevention with Insider Threats

David Pollino, Deputy CISO, Bank of the West
Insider Threats costs organizations billions of dollars each year, as well as the potential loss of data and productivity. Without effective controls and monitoring in place, malicious insiders can easily go undetected, as employees typically operate in familiar workplace environments. This familiarity often times allows employees greater opportunity to commit fraud or steal information in the workplace. This session will highlight the anatomy of employee theft and discuss best practices for mitigating this risk through the development of proactive monitoring and reporting techniques. Through the implementation of a strong deterrent program, organizations can be more effective at limiting insider threats.

img

David Pollino

Deputy CISO
Bank of the West

Ignite Session

Challenge One

11:45 AM - 12:20 PM Advanced Attackers Inside your Network- Technologies

Chad Scrupps, VP, Acalvio
This is a fast-moving, multi-topic session comprised of three Quick Fire Presentations that will be completed in 30 minutes of total time. Each speaker has a total of ten minutes to get through up to 10 slides. Each individual presentation will focus on one specific challenge that cyber security executives are facing; and will provide actionable solutions that can be used to effectively overcome these challenges.


img

Chad Scrupps

VP
Acalvio

Challenge Two

11:45 AM - 12:20 PM The Rise of Cloud Infrastructure - Partnering with DevOps

Varun Badwhar, Co-founder and CEO, RedLock
With cloud computing at the core of digital transformation, CISOs are challenged with managing business risks of continuously changing cloud infrastructure. Rather than impede DevOps productivity, you arm the team with security best practices for configurations and access policies. However, lack of visibility into the cloud infrastructure environment hinders your ability to audit for compliance. Furthermore, incident investigation and response is nontrivial without an intimate understanding of the environment. This session will highlight how CISOs can unintrusively obtain holistic visibility across their entire cloud infrastructure footprint and accelerate digital transformation.


img

Varun Badwhar

Co-founder and CEO
RedLock

Challenge Three

11:45 AM - 12:20 PM Admin Accounts get Owned Again: How to Make it Stop Speaker

Tim Keeler, COO, Remediant
This is a fast-moving, multi-topic session comprised of three Quick Fire Presentations that will be completed in 30 minutes of total time. Each speaker has a total of ten minutes to get through up to 10 slides. Each individual presentation will focus on one specific challenge that cyber security executives are facing; and will provide actionable solutions that can be used to effectively overcome these challenges.

img

Tim Keeler

COO
Remediant

Challenge Four

11:45 AM - 12:20 PM Preempting Executive Cyber Attacks Through Digital Privacy

Rich Matta, Chief Executive Officer, ReputationDefender
This is a fast-moving, multi-topic session comprised of three Quick Fire Presentations that will be completed in 30 minutes of total time. Each speaker has a total of ten minutes to get through up to 10 slides. Each individual presentation will focus on one specific challenge that cyber security executives are facing; and will provide actionable solutions that can be used to effectively overcome these challenges.

img

Rich Matta

Chief Executive Officer
ReputationDefender

12:30 PM - 1:30 PM Networking Lunch


Sponsored by: Vectra Networks

Roundtable 1

1:30 PM - 2:35 PM Isn’t It Time to Treat all Accounts as Privileged?

James Litton, CEO, Identity Automation
All of the round tables will occur at the same time and each will be led by a cyber security executive. Choose the round table topic of most interest and join the discussion. There will be two rotations of 30 minutes each. Snacks will be served during the sessions.

img

James Litton

CEO
Identity Automation

Roundtable 2

1:30 PM - 2:35 PM Compliant but not Secure: PCI-Compliant and Penetration Tested Companies are Breached - How to Prevent and Respond to Incidents

Mucteba Celik, CTO, RevBits
All of the round tables will occur at the same time and each will be led by a cyber security executive. Choose the round table topic of most interest and join the discussion. There will be two rotations of 30 minutes each. Snacks will be served during the sessions.

img

Mucteba Celik

CTO
RevBits

2:35 PM - 3:05 PM Business Meetings

3:05 PM - 3:35 PM Business Meetings

3:35 PM - 3:50 PM Networking Break

BrainWeave B

3:50 PM - 4:35 PM Removing Haystacks to Find Needles - Overcoming Threat Hunting Exhaustion

Kumar Saurabh, CEO and Co-founder, LogicHub
In this interactive session, discuss the key issues around detecting threats buried in overwhelming stacks of security event data.

We will discuss:
•Key threat hunting challenges
•Pros and cons of various automation options, SIEMs, and other tools
•Measuring threat detection effectiveness
•Best practices for reducing false negatives and dwell times
•Leveraging existing investments and navigating around over-hyped buzz words
•Maintaining tribal knowledge and overcoming cyber analyst skills shortage



img

Kumar Saurabh

CEO and Co-founder
LogicHub

Master Class B

3:50 PM - 4:35 PM A New Era of Cyber Threats: The Shift to Self-Learning, Self-Defending Networks

Nicole Eagan, CEO, Darktrace
The scene of cyber security is changing. In the first stage of cyber attacks, we saw classic compromises – data was stolen or a website was embarrassingly defaced. However, the new generation of cyber-threats are not necessarily targeting data alone. Today’s most sophisticated attacks are playing a longer game – one that is silent and stealthy. This wave of attackers may now aim to disrupt or undermine the very integrity of data and are targeting all manner of companies and industries. If your customer data has been stolen, you’ll eventually find out, but how do you ever find out about the attacker that is, unbeknown to you, already in your midst and navigating your systems?
This new generation of cyber-threats requires a fundamentally new approach to cyber defense. Based on unsupervised machine learning and probabilistic mathematics developed by scientists from the University of Cambridge, new ‘immune system’ technologies are capable of learning a ‘pattern of life’ by modeling the behaviors of each user, device, and network. Rules and signatures are simply not sufficient on their own to combat these evolving attacks. Self-learning technologies are the key to solving the crisis created by this new age of cyber attacks.
In this session, learn:
•The implications of the new era of cyber-threats for business networks
•Why legacy approaches like rules and signatures are proving insufficient on their own
•How new immune system technologies are imperative for the next generation of cyber-defense
•Why 100% network visibility and intelligence allow you to preempt emerging situations, in real time
•Real-world examples of subtle threats that

img

Nicole Eagan

CEO
Darktrace

Sponsored by: Darktrace

4:35 PM - 5:05 PM Business Meetings

5:05 PM - 5:35 PM Business Meetings

Breakout Session

5:35 PM - 6:15 PM Privacy, Security and Compliance with Global Data Protection Regulations

Matt Hollcraft, CISO, Maxim Integrated
As organizations continue to leverage analytics to make critical business decisions, managing data throughout its lifecycle becomes more important. Data needs to be protected from initial creation through archiving the information. Privacy and security are headlines- executive leadership, including the C-Suite and Board of Directors are asking about especially with the new data privacy regulation going into effect by 2018. How does the cyber security executive ensure privacy, security and business requirements are aligned?

This session will cover some thoughts, possible approaches, lessons learned and a discussion what has worked and not worked for session participants.

Join this discussion:
• Where data is and who owns it throughout the life cycle
• Understanding common data practices to ensure compliance
• Reviewing key components of the new regulation and avoiding potential pitfalls
• Mastering data masking, encryption and other security controls
• Understanding requirements with the GDPR and other global requirements


img

Matt Hollcraft

CISO
Maxim Integrated

Breakout Session

5:35 PM - 6:15 PM The New Frontier: Security and the Internet of Things

Jim Livermore, Global Security Architect and Head of Information Security, CDM Smith
This session will review new and emerging IoT technologies which are increasingly becoming part of our connected world. We will discuss the risks and security concerns associated with these technologies, examples of where cyber criminals have exploited these technologies, and what can be done to secure them.

img

Jim Livermore

Global Security Architect and Head of Information Security
CDM Smith

6:15 PM - 6:15 PM Networking Cocktails