IN-PERSON

Atlanta CISO Executive Summit

June 24, 2019 | The St. Regis Atlanta

June 24, 2019
The St. Regis Atlanta

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Tim Callahan

Aflac
Global Chief Security Officer

John Dickson

Republic National Distributing Company
VP, IT Infrastructure & Cybersecurity

Lynda Fleury

Unum Group
VP & Global CISO

David Levine

Ricoh USA, Inc.
VP, Corporate and Information Security, CSO

Linda Marcone

Serta Simmons
Director Information Security

Vladimir Svidesskis

Georgia Lottery
Information Security Director

Dan Webber

UST Global
CISO

Agenda

June 24, 2019

mid-afternoon morning afternoon

11:40am - 12:05pm Networking Break

12:05pm - 1:10pm Keynote

Phishing Defense – The Art of Human Intuitive Repulsion

Aaron Higbee

CTO & Co-Founder

Cofense, formerly PhishMe

As intuitive human beings we often somehow sense when things aren’t quite right. When a newborn is “too quiet,” a sixth-sense can be more reliable than a baby monitor. What applies to life also applies to cybersecurity. Machine learning and artificial intelligence can weed out some of the threats, but they won't catch everything. Find out why trusting your gut – knowing when to say something when you see something – is a key part of any organization's phishing defense.

In this session:

Discover security trends, threat-actor tactics and defense strategies across the globe
Learn the types of actual phishing attacks
See how attackers evolve their tactics to avoid perimeter controls

1:10pm - 1:40pm Networking Break

7:30am - 8:05am Registration & Breakfast

8:05am - 9:10am Keynote

Criminal Perspectives – Past, Present and Future of Cybercrime

Brett Johnson

Former US Most Wanted Cybercriminal and Original Internet Godfather

If you want to know about crime, ask a cybercriminal. Join "The Original Internet Godfather" Brett Johnson for a one-of-a-kind presentation on security and leadership in the new threat landscape. Considered one of the best social engineers in the world, he will share how he learned to live on the right side of the law.

In this keynote, Brett will dive into:

The current state of crime and common flags, from synthetic fraud to account takeovers.
The power of organized networks – for good or harm – and ways to disrupt criminals.
What’s next, and what you can do to protect yourself and your business.

9:10am - 9:40am Networking Break

9:40am - 10:30am Breakout Session

The CISO Role — Where do we Belong?

David Levine

VP, Corporate and Information Security, CSO

Ricoh USA, Inc.

Vladimir Svidesskis

Information Security Director

Georgia Lottery

As the CISO role continues to evolve year-over-year, hear from your peers to see what their reporting structure looks like. Is your current alignment the right alignment or is it time for a change?

In this panel discussion, you’ll cover:

How other companies structure their org chart
Security as a culture that is emulated by the leadership team
Change management when redirecting your structure

9:40am - 10:30am Breakout Session

Securing an Ever Expansive Network of Vendors

Marc Moesse

Vice President, Product Management

SecurityScorecard

Is your organization prepared to handle the additional threat exposure that comes from expanding business networks? Hear from Marc Moesse as he shares how to determine where you stand on third party risk maturity and next steps in increasing your third-party cyber resiliency.

This session will explore:

Finding the right balance between depth and breadth of your third-party risk program
Leveraging all the organization's resources for adoption
Methods to manage your fourth party risk

9:40am - 10:30am Executive Boardroom

Protecting Your VIPs, and Your VAPs (Very Attacked People) Too

John Dickson

VP, IT Infrastructure & Cybersecurity

Republic National Distributing Company

Hmong Vang

CISO

Kindred Healthcare, Inc.

Lucia Milica

Resident CISO

Proofpoint

For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Lucia Milica of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

Join to learn:

Why nearly all threat actors have shifted away from technical exploits to compromise their targets
How organizations can leverage threat data to understand which people and departments are highly targeted
How to design effective protection for highly attacked, highly vulnerable, and highly privileged users

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager, Zack Hellmann at zack.hellmann@evanta.com.

9:40am - 10:30am Executive Boardroom

Securing the Business Transformation Process

Katie Ewers

Director, Cybersecurity Active Defense

McKesson Corporation

Bob Varnadoe

CISO

NCR Corporation

Tim Chang

VP of Sales Engineering

Imperva

Cybersecurity is a never-ending arms race between bad actors and IT and security teams. The attackers haven’t just grown stronger, the attack surface is growing apace. With that, most companies are currently engaged in a digital transformation, but as you invest in new technologies and move workloads to the cloud the threat surfaces are also evolving and expanding.
In this boardroom we will discuss:

How security can help enable the business transformation your company is undertaking
Ways to use security analytics to enable your cloud journey
Challenges with maintaining consistent visibility during the transformation

10:30am - 10:50am Networking Break

10:50am - 11:40am Breakout Session

Control and Automate What You Can to Focus on Value-Creation

Will Alexander

VP, Information Systems

RaceTrac Petroleum, Inc.

Brian Mauter

Director Information Systems

RaceTrac Petroleum, Inc.

At RaceTrac Petroleum, like most enterprises, the IT workload has not decreased, but the demand for IT to help the business grow has increased. The company’s IT leadership came to a simple conclusion: automate utility tasks they can control and focus resources on initiatives that create value. This session explores:

RaceTrac’s approach to becoming a more productive IT function and optimizing its value to the business
How IT enhanced morale across business functions by including managers and senior engineers to determine where automation could eliminate barriers
How the business and IT are building an effective self-service model to reduce bottlenecks
What was done to get buy-in from the security side of the house to minimize skepticism around risks related to automation

10:50am - 11:40am Breakout Session

Think Differently about Data - Succeed at Threat Hunting & IR

Matt Cauthorn

VP of Security

ExtraHop

Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data.

In this session, you will learn:

Current attack practices, including abuse of legitimate traffic and encryption
How hunters hide from attackers to avoid counter IR maneuvers
Ways to make analysts faster and more effective at validating and responding to threats
Options for empowering cross-training and on-the-job training to increase analysts' skills
Clarity on how gaining visibility into cloud and encrypted traffic

10:50am - 11:40am Executive Boardroom

Managing the Convergence of Global Data Protection Regulation

Jim Miles

VP, Information Security

PGi

David Nolan

Director Information Security

Aaron's Inc.

Miller Newton

President and CEO

PKWARE, Inc.

GDPR caused organizations to scramble to meet data protection regulations and reassess their risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

Best practices for managing risk associated with data protection frameworks
Standards and metrics for measuring data protection risk
Tools to meet compliance reporting requirements

10:50am - 11:40am Executive Boardroom

Maintaining Agility in the Secure Enterprise

John Diaz

Head of Information Security

ThyssenKrupp

Wes Knight

CISO

Georgia Department of Revenue

Wolf Goerlich

Advisory CISO

Duo Security

What tactics and technologies are effective in securing the enterprise without putting up barriers to business operations? In this interactive roundtable discussion, security leaders share strategies that maximize security while minimizing business bottlenecks.

In this session, security leaders will:

Define shared pain points where security controls are slowing business processes
Share ideas and best practices for reducing friction from security controls
Address ways to gain buy-in across the business when bottlenecks are unavoidable

1:40pm - 2:30pm Breakout Session

Joining Forces — Lessening the Chances of Attack

Chad Hunt

Special Agent

Federal Bureau of Investigation

Ashley Wolff

Special Agent - Private Sector Coordinator

Federal Bureau of Investigation

Picture this: you are alerted about a suspicious malware threat that could affect more than just your organization. Who should you reach out to? Your local FBI department wants to be at the top of that list. Special Agents Ashley Wolff and Chad Hunt share how they can help and fill you in on the bureau’s intentions.

Join this session to hear:

Brand new threats that are currently being investigated
Case studies where they partnered with the private sector
Opportunities to get ahead of early warning signs
What a successful partnership looks like between your executives and theirs

1:40pm - 2:30pm Executive Boardroom

Cyber-Risk Management – New Approaches for Reducing Your Cyber-Exposure

Kevin Morrison

VP of IT & CISO

Rollins, Inc.

Frank Sornson

VP Global IT Security

ExamWorks

Jack Huffard

COO & Co-Founder

Tenable

When it comes to reducing cyber exposure, overcoming vulnerability overload is critical. Find out how to improve your vulnerability management efforts so you can close your cyber exposure gap and focus on what matters most to your business.

During this peer discussion, you will explore how to:

Translate raw vulnerability and threat intelligence data into business insights
Benchmark your organization’s cyber exposure to guide decision making
Use threat intelligence to move the most dangerous vulnerabilities up your priority list

1:40pm - 2:30pm Executive Boardroom

Modern Approaches to Protecting Your Third-Party Ecosystem

John Gift

VP & CISO

Carter's

Jason Maddox

Director of IT and CISO

Roark Capital Group

Scott Schneider

Chief Revenue Officer

CyberGRX

It's no secret that hackers are opportunistic. They are constantly looking for the weakest link and are quick to capitalize on one as soon as it's spotted. This boardroom will discuss:

Third-party cyber risk best practices
New strategies for third-party cyber risk management (TPCRM) and how they work
How to scale your third-party risk management (TPRM) program to evolve with your ecosystem

2:30pm - 2:40pm Networking Break

2:40pm - 3:30pm Breakout Session

Bitcoin and Blockchain — Moving Beyond a Proof of Concept

Linda Marcone

Director Information Security

Serta Simmons

We all struggle to fully understand the adoption of cryptocurrency. As some sit and wait to see what others are doing, some leaders are taking action.

In this session:

Explore case-studies of how blockchain has been implemented
Review skill sets that may not be fully defined
Challenge yourself to lead your company through the change

2:40pm - 3:30pm Executive Boardroom

Endpoint Security and its Business Impacts

Lynda Fleury

VP & Global CISO

Unum Group

Paul Farley

Sr. Director Cyber Defense Center, Deputy CISO

NCR Corporation

Grant Moerschel

Senior Director for Solutions Engineering

SentinelOne

The proliferation of devices over the last decade has radically increased how many endpoints companies are responsible for. Endless approaches and potential solutions have followed, but questions remain. In this second machine age, how can an organization maintain the fundamentals of endpoint security — and security in general — while embracing new technologies and strategies like machine learning?

Join fellow CISOs as they discuss:

Successes and challenges in keeping users secure at a time
When technology is moving faster than our ability to adapt
Business impacts to endpoint security and BYOD considerations

2:40pm - 3:30pm Executive Boardroom

Tapping the Power of Security Big Data

Vladimir Svidesskis

Information Security Director

Georgia Lottery

Dan Webber

CISO

UST Global

Franco Negri

Senior Solutions Architect

Securonix

How does the security leader find insight in all the data coming from their security program? In this roundtable discussion, security leaders share ideas for effectively leveraging operational and external data in support of enterprise security.

Join this discussion to:

Identify shared challenges in bringing together technical and non-technical data (business context etc.) relevant to their security efforts
Share each of our experiences in applying analytics (machine learning, data science techniques etc.) on top of this data and the value that certain data (email vs. proxy data) provides in support of their program
Uncover the challenges in managing the constantly growing volumes of security data and solutions such as big data platforms and machine learning algorithms
Discuss the importance of open data and data sharing between different teams within organization

2:40pm - 3:30pm Executive Boardroom

Cybersecurity Readiness — Are you Really Ready?

Tim Callahan

Global Chief Security Officer

Aflac

Scott Stanton

CISO

Avanos Medical

Joedy Glenn

Senior Solutions Architect

NorthState Technology Solutions

CISOs are in boardroom to explain enterprise risk and security posture. Testing your company’s readiness to respond is a critical element of any strong information security program. How does your readiness preparation compare to your peers?

Come together with your peers to discuss:

How your investments compare to others and how does the focus of investments relate from a leadership perspective
The comparison of proactive and reactive in the CISO role
Attack simulations and how they can differ

3:30pm - 3:50pm Networking Break

3:50pm - 4:30pm Keynote

Encouraging Courage in Leadership

Grace Killelea

Thought Leader & Author of "The Confidence Effect"

The GKC Group

In light of #MeToo, leaders have an urgent need to take a closer look at what can be done to create safe workplace environments, which promotes career growth for everyone, regardless of gender or ethnicity. Grace Killelea shows the benefits leadership development and skill-building have on talent, leadership and retention. In this session, she discusses:

Why it’s critical to provide improved coaching and feedback to leaders and direct reports
How to move beyond compliance to create alliance and develop a culture of repair, not retreat
How to increase emotional intelligence and self-awareness in all leaders

4:30pm - 5:05pm Closing Reception & Prize Drawing