8:00 AM
Breakfast and Registration
9:00 AM
Welcome and Introduction to SecurityWeek’s 2018 CISO Forum
9:15 AM – 10:00 AM
In-CISOmnia – What Keeps CISOs up at Night [Panel]
Our “CISO concerns” panel returns for 2018! Zero-Day vulnerabilities. Targeted attacks. “Trusted” insiders walking out the door with corporate secrets. Privacy. Compliance. Board Meetings. These are just a few of the headaches today’s security leaders are faced with on a daily basis. With security executives more accountable than ever, and an increasingly advanced threat landscape, this panel of security chiefs will discuss what stresses them most and what the future looks like as chief defenders of the enterprise.
Panelists:
10:00 AM – 10:40 AM
How to Build a Rock Solid Micro-Segmentation Strategy
Everyone today is talking about micro-segmentation, but there’s relatively little discussion about what it is (and is not) and how to use it to effectively improve the security inside your data center and cloud. Until now. In this presentation, you’ll learn…
Speaker: Vijay Chauhan – Sr. Director of Product Marketing, Illumio
10:40 AM – 10:55 AM
Lightening Round
10:55 AM – 11:15 AM
Morning Break
11:15 AM – 12:00 PM
Inside LinkedIn’s Security Champions Program
Three years ago, LinkedIn was looking to boost its internal security initiatives and encourage engineers to develop expertise in this crucial area. The business networking company decided that the best way to achieve its goals was to create what it calls an in-house “Security Champions Program”. In this session, Pavi Ramamurthy, Senior Manager, Information Security at LinkedIn, will share the company’s playbook—a guide to how it runs the Security Champions program, and explain how members of the LinkedIn Information Security Group engage, mentor, and train selected engineers—or “Champions”—to become more security-aware, providing high-impact training and eventually guiding them to be the “voice,” or first point of contact, for security for their own teams.
Speaker: Pavi Ramamurthy, Senior Manager, Information Security at LinkedIn
12:00 PM – 12:40 PM
Zero Trust Security: A Head Start in the Race Against Attackers
No matter how good your perimeter security is, attackers will find a way in: it only takes a few hours for an attacker to move laterally, and attackers spend an average of 200+ days in your environment before being found. It’s a race to find and stop attackers before they reach your sensitive data, and businesses need every advantage they can get.
The Zero Trust security model offers one key advantage: it’s both stronger and easier to manage than existing security controls, especially in hybrid clouds. Harry Sverdlove, Founder and CTO of Edgewise Networks, will explain how CISOs can measurably reduce the risk of data compromise while cutting complexity by adopting the zero trust model.
Speaker: Harry Sverdlove, Founder & CTO of Edgewise Networks. Former CTO & CISO of Carbon Black.
12:40 PM – 2:00 PM
Lunch – Please join us for lunch served by the Ritz Carlton
2:00 PM – 2:45 PM
Panel Discussion With Gartner’s Ash Ahuja
In this panel, Gartner’s Ash Ahjua will host a discussion with a group of enterprise CISOs spanning various topics. The panel will discuss the fact that accountability is broken and how CISOs are taking on way too much themselves. What can we do about this, and what could help CISOs in their job, besides more security budget and more talented people?
Panelists:
2:45 PM – 3:00 PM
Afternoon Coffee Break
3:00 PM – 3:45 PM
IoT in the Enterprise – Protecting Against Risky Devices [Panel]
From powering massive botnets, to listening to a board room’s every word, the wide adoption of Internet of Things (IoT) devices are opening businesses to entirely new set of risks. With 46 billion IoT devices expected online by 2020, businesses need to have a proactive strategy in place around these emerging technologies. In this panel discussion, security experts will discuss the risks that IoT devices pose to enterprise organizations and how to introduce technologies and define policies to secure these devices and defend their networks from these new risks.
Panelists:
3:45 PM – 4:30 PM
Six Degrees of Infiltration: Using Graph to Understand Infrastructure & Optimize Security Decision Making
Current infrastructures depends on multiple technologies and third party infrastructures that increase security complexity and makes it very difficult to have a clear end to end view of the overall state and possible risks. This talk will provide insight on a graph solutions explored by Lyft Security Intelligence team to tackle knowledge consolidation and improve decision making. Delegates will be introduced to methodologies and off the shelf tools used by Lyft, like Neo4j, along with the release its open source graph based security intelligence platform they can use to get started and collaborate.
Presenter: Sacha Faust – Security Intelligence Lead, Lyft
4:30 PM – 5:15 PM
Maintain your Cyber Steel. Get back your Cyber Swagger [Panel]
In this panel, CISOs will discuss challenges and strategies to both improve Security Posture AND enable the business. Modern CISOs find themselves having these dual, seemingly diametric responsibilities. Securing the business is regarded as “table stakes” and traditionally put in the bucket of cost center. But now more than ever there is the expectation that CISOs contribute directly or indirectly to enabling the business. Security initiatives which reduce complexity, reduce costs and foster trusted partnerships can all contribute to the top and bottom line.
Moderator: Vijay Chauhan, Sr Director of Product Marketing, Illumio
5:30 PM – 8:30 pM
Coastal BBQ Overlooking Half Moon Bay, followed by Bourbon & S’Mores by The Ritz Carlton Fire Pits
8:00 AM
Breakfast and Registration
9:15 AM – 10:00 AM
Protecting the Protectors [Panel]
In this panel, CISOs from prominent security firms will discuss the day to day life of a CISO at a security company, including the challenges with government compliance, incident response, product security, defending against national-state threat actors and more.
10:00 AM – 10:40 AM
The Cyber Cold War is Getting Hotter
In one generation, the Internet has evolved from a research project to a geopolitical battleground. The influence of information technology has played a disruptive role in both domestic politics and international relations, shifting the balance of power, and perhaps one day destroying the nation-state altogether. In this talk, Dr. Kenneth Geers will share insights from 25 years at NSA, NCIS, NATO, and the private sector, and discuss current events in the U.S., Russia, China, Iran, and North Korea. Kenneth will examine over a billion malware detections from the past year, from every country on Earth, and explore the relationship between tactical and strategic cyber security.
Presenter: Kenneth Geers, Chief Research Scientist, Comodo Cybersecurity
10:40 AM – 11:00 AM
Morning Break
11:00 AM – 11:45 AM
Prove It! Confronting Security With Data
Your business and its stakeholders should expect, dare we say demand, you prove that your security program works. Are you promoting the best strategy given what you and your team collectively know? Can you demonstrate that your capabilities are scaling with the business? Is your confidence in both your strategy and tactics supported by unambiguous data coming from experts and systems alike? We call this line of reasoning, “confronting security with data.” This talk is about that, proving what you are doing works by confronting it with data.
Presenter: Richard Seiersen – SVP & CISO, Lending Club
11:45 AM – 12:30 PM
Quantifying and Communicating Cybersecurity Risk [Panel]
Measuring and communicating cybersecurity risk is an age-old challenge. Even in a traditional network environment, security professionals struggle to find ways to demonstrate efficacy. Complexities introduced by hybrid cloud environments, attack sophistication, and business demands to bring new services to market faster have only intensified this challenge. Join Harry Sverdlove, Founder and CTO of Edgewise Networks, as he leads this panel through stories and best practices on how to understand various cybersecurity risk factors, measure what’s important, and communicate it effectively to the fellow executives.
Panelists:
Moderator: Harry Sverdlove, Founder & CTO of Edgewise Networks
12:30 PM – 1:45 PM
Lunch – Please join us for lunch served by the Ritz Carlton
1:45 PM – 2:30 PM
Cyber Espionage: Issues and Challenges for the Private Sector [Panel]
The advent of the Internet has ushered in the Golden Age of Espionage. Today, nations and corporations routinely leverage computer hacking to spy on competitors and rivals, leading not only to the loss of intellectual property but sometimes also to the ruin of an entire enterprise. In this panel, we will discuss the acquisition, exfiltration, and transfer of digital information via remote computer network operations and insider access. Further, we will explore how you can create policy, system controls, audit trails, and the secret sauce required to deal with this threat.
Moderator: Kenneth Geers, Chief Research Scientist, Comodo Cybersecurity
Panelists:
2:30 PM – 3:15 PM
Security Tinkerers – Balancing Innovation and Urgency [Panel]
A stream of new technological developments and security tools from both established security firms and innovative startups are being pitched to CISOs. In this panel, a group of seasoned security executives will discuss cybersecurity innovations and how CISOs can deliver and deploy disruptive security solutions and balance long term innovation with short term problems. How do you enable a security team to continue to experiment when fires are burning and build a strategy that will keep pace with the rate at which adversaries are evolving?
Moderator: Will Lin Principal, Founding Investor ForgePoint Capital
Panelists:
3:15 PM – 3:30 PM
Afternoon Coffee Break
3:30 PM – 4:15 PM
The State of Endpoint Security [Panel]
A recent study of security professionals showed that few believe their current defenses provide a 70-100% prevention rate against today’s malware threats. Despite new technology and buzzwords of artificial intelligence, machine learning and enhanced behavioral detection, defenders are not yet winning the battle against malware attacks.
In this panel, experts will discuss the state of endpoint security and various approaches to protection and resiliency.
Moderator: Ryan Naraine, Bishop Fox
Panelists:
4:15 PM – 4:30 PM
Closing Remarks and Open Mic Discussion
1:00 PM
2018 SecurityWeek Golf Classic – Shotgun Start