Conference Agenda

June 28-30, 2017 | Half Moon Bay, CA

Wednesday, June 28th

8:00 AM

Breakfast and Registration

9:00 AM

Welcome and Introduction to SecurityWeek’s 2017 CISO Forum

9:15 AM – 10:00 AM

From Failure to Excellence: The Journey of Defense Technology Security Administration’s Cybersecurity Program

The Defense Technology Security Administration (DTSA)  underwent four different cybersecurity inspections from October 2015 to the present.  In October 2015 the organization failed the DoD inspection. Since then, the DTSA has completely turned around its cybersecurity program and now receives “Excellent” ratings. In this session the DTSA’s Lou Ann McFadden, Director of Management & CIO and Gregory Barber, CISO, will share their story and provide tips to other CISOs on how to change the cybersecurity culture in an organization and on what to expect from a DoD inspection.

Presenters:

  • Lou Ann McFadden – Director of Management & CIO, Defense Technology Security Administration
  • Gregory Barber – CISO, Defense Technology Security Administration

10:00 AM – 10:45 AM

In-CISOmnia – What Keeps CISOs up at Night [Panel]

Our “CISO concerns” panel returns for 2017! Zero-Day vulnerabilities. Targeted attacks. “Trusted” insiders walking out the door with corporate secrets. These are just a few of the headaches today’s security leaders are faced with on a daily basis. With security executives more accountable than ever, and an increasingly advanced threat landscape, this panel of security chiefs will discuss what scares them most and what the future looks like as chief defenders of the enterprise.

10:45 AM – 11:15 AM

Morning Break

11:15 AM – 12:00 PM

The Evolution of Addressing Business Risk [Panel]

Threat intelligence capabilities and technology, previously limited to supporting only cybersecurity and security operations teams, have evolved significantly to address multiple enterprise use cases, including insider threat, fraud, physical and executive protection, and even anti-money laundering. Join Flashpoint Chief Strategy Officer Chris Camacho, as he discusses this evolution, real-world examples of Business Risk Intelligence application, and the move beyond tactical digital risk monitoring with an all-star panel: Michael Antico, CISO of Santander; Christian Adam, VP Infosec at Experian; and Patrick Beggs, Sr. Manager Security Technology for AWS.

12:00 PM – 12:45 PM

Segmentation for Security: What Cybersecurity Can Learn from the Secret Service

The Secret Service’s control of the environment around the President is the foundation of their security strategy. In cybersecurity, we rarely understand (much less control) our networks. This talk applies lessons from the Secret Service to network defense, showing how organizations can use understanding and control to enhance their cybersecurity.

12:45 PM – 2:00 PM

Lunch – Please join us for lunch served by the Ritz Carlton

2:00 PM – 2:45 PM

CISO & VC Discussion: Investment Trends & Real Solutions

In this panel, Gartner’s Ash Ahjua will host a discussion on the trends venture capitalists (VCs) are seeing in the security startup ecosystem and what issues are being addressed. Talking points will include:

  •  Are VC’s funding companies to solve the problems CISOs have, or are we missing the real problems?
  • What really needs to be done to reduce the number of security issues in software and IOT?
  • How can CISOs help the security start up ecosystem to help solve real-world problems rather than just making a better mousetrap?

2:45 PM – 3:00 PM

Afternoon Coffee Break

3:00 PM – 3:45 PM

Fireside Chat with Robert Herjavec

SecurityWeek’s Mike Lennon will sit down with Robert Herjavec for a fireside chat to discuss entrepreneurship and cybersecurity, followed by Q&A with CISO Forum attendees.

3:45 PM – 4:30 PM

Tracking Lazarus – Analysis of The North Korea Cyber Threat

4:30 PM – 5:15 PM

Catching Typhoid Mary: Finding and Stopping Lateral Movement Before Intruders Hit Their Target

Lateral movement has been the common denominator of virtually every major breach in the last decade. An intruder enters a network through a low-value environment, then moves laterally to find a high value target where they can steal data or cause damage. Stopping lateral movement is a more important priority today than ever before, and will only get more important as our data centers get larger, more diverse, and more open. There are many strategies to do this, from a focus on detection, to segmentation and vulnerability management. None are a silver bullet. Come hear how other teams balance their investment.

5:30 PM – 8:30 pM

Coastal BBQ Overlooking Half Moon Bay, followed by Bourbon & S’Mores by The Ritz Carlton Fire Pits

Thursday, June 29th

8:00 AM

Breakfast and Registration

9:15 AM – 10:00 AM

[Panel] Protecting the Protectors

In this panel, CISOs from prominent security firms will discuss the day to day life of a CISO at a security company, including the challenges with government compliance, incident response, product security, defending against national-state threat actors and more.

10:00 AM – 10:45 AM

Defining Your Journey in Securing High Value Assets in a Digital World

Digital transformation has elevated initiatives to transform and accelerate the software delivery cycle and application development processes to an imperative that reaches across the business and increasingly intersects with that other pressing boardroom concern: cybersecurity.

By necessity, transformation involves change, and by extension, risk. As enterprises advance in their digital transformation journeys, their risk becomes more pronounced—unless they have a plan in place for access security and governance to move in lockstep with their initiatives and mirror the priorities of many digital transformation plans:

  • Enabling automation with accountability and visibility
  • Fostering speed in delivery in tandem with protection of enterprise assets
  • Ensuring scale with integrated access governance and threat detection

In the same way that many enterprises are now engaged in defining a practical map for their digital transformation journeys, security teams need a map to ensure those digital transformation journeys can progress securely, particularly protecting critical assets.  In this presentation, we will talk about what such a roadmap would be as businesses consider solutions to protect high value privileged identities and access.

Presenter: Suresh Sridharan – CA, Inc.

10:45 AM – 11:00 AM

Morning Break

11:00 AM – 11:45 AM

Adobe’s Compliance Journey: How to Build a Best-In Class Compliance Organization

Innovation is at the core of Adobe’s DNA enabling its successful transformation from a perpetual software giant to a cloud services company within a short span of 5 years. Adobe’s Cloud Compliance strategy via the Adobe Common Controls Framework (CCF) played a critical role in this successful transformation.
Security and compliance teams have to deal with the relentless onslaught of security attacks, complexities of protecting dynamic infrastructure, ever increasing stakeholder expectations and constantly shrinking budgets.
This is further exacerbated by the countless regulatory requirements, competing priorities, and organizational silos and acquisitions resulting in compliance chaos.
Compliance programs often struggle for relevance in such challenging circumstances, are routinely branded as a check-list driven function that does not add much value and find it difficult to attract, retain top talent.

Presented by Adobe CSO Brad Arkin, this case study addresses the following questions faced by compliance programs:

  • How do you strategically position your program to overcome these challenges, provide career growth opportunities for your team?
  • How do you transform your function from being perceived as a cost burden into a program that drives competitive advantage?
  • How do you shift the mindset at the Board, Executive levels to gain on-going support for your program?

11:45 AM – 12:30 PM

Why Security Leaders Should Be Aware of Jihadist Threats

While the cyber skills of jihadists are often limited, the reach and impact of their physical incidents is, unfortunately, wide reaching and well known. However, these actors have long blurred the lines between the cyber and physical realms, using the Internet to communicate, coordinate, and motivate. As such, synergy between physical security and cybersecurity teams is crucial to mitigating the hybrid risk posed by jihadists, particularly as it pertains to brand reputation, terror financing, execution protection, and insider threats.

Presenter: Alex Kassirer – Sr. Counterterrorism Analyst, Flashpoint

12:30 PM – 1:45 PM

Lunch – Please join us for lunch served by the Ritz Carlton

1:45 PM – 2:30 PM

How Are Changing Data Center and Cloud Technologies Changing Security Investment?

The rise of new technologies like containers, Lambda services, and the rise of microservices architectures in general all mean that the way we build and run our data centers and clouds is changing. This, in turn, changes how we secure them. This panel will focus on what impact new data center and cloud technologies are having on how organizations prioritize their security investment – what security tools aren’t as important as we transition to commoditized compute, and what new security tools are more important than ever? Come hear how other security organizations are shifting their security investment to keep up with changing times.

2:30 PM – 3:15 PM

Cyber Crisis Management and Communications: The Day After Tomorrow

Stopping cyber attacks, discovering a threat actor, and limiting the impact of a breach are all critical to organizations today – but the job doesn’t end there. The damage threat actors can have on your reputation can be as devastating as the loss or compromise of information resources and other corporate assets

This session will offer insights on cyber crisis management the day following the discovery of an attack, and the steps you can take to protect your brand from cyber attackers. It will also address the communication pressure created by today’s threat landscape, common pitfalls to avoid, and crisis management planning essentials, from c-suite preparation to dealing with the traditional and social media channels.

Presenter: Vitor De Souza – Senior Vice President of Global Marketing, FireEye

3:15 PM – 3:45 PM

Afternoon Coffee Break

3:45 PM – 4:30 PM

Panel Discussion Coming Soon

4:30 PM – 5:00 PM

Closing Remarks and Open Mic Discussion

SecurityWeek’s 2017 CISO Forum is winding down, but there is still time for some great discussions! Please join us for closing remarks and an open mic discussion where anyone can make comments, share insights, ask questions and engage in lively dialogue.

Friday, June 30th

8:00 AM  –  10:30 AM

Private 1:1 Meetings 

2:00 PM

2017 SecurityWeek Golf Classic – Shotgun Start

Subscribe for Event News