ISE® NORTHEAST PRIVATE WELCOME DINNER
Key Requirements for Successful, Business-Driven Network Security Policy Management and Automation
Tod Mitchinson
Vice President, Chief Information Security Officer
New York Life Insurance Company
Biography
Network and Security teams are often perceived as standing in the way of innovation and business agility. When an enterprise rolls out a new application or migrates an application to the cloud it can take weeks or even months to ensure that all the security devices and network segments can communicate with each other, and at the same time prevent access to hackers and unauthorized users. But IT does not need to be a bottleneck to business agility. Nor is it necessary to accept more risk to satisfy the demand for speed. The solution is to take a business-driven approach to security policy management that aligns security with business processes using automation. Join our conversation to discuss the requirements of taking an application-centric approach to managing security that will help improve business agility, reduce risks, ensure compliance and lower operating costs.
October 11, 2017
10:00 AM - 3:00 PM: Registration
Location: Ambassador Foyer – 2nd Floor
11:30 AM : ISE® Signature Luncheon *Invitation Only
Location: Ambassador 2, 2nd floor
Kevin Thomsen
Client Services Director of Cyber Threat Intelligence
Bank of America
Biography
The Myths and Realities Of Operationalizing Big Data Security Analytics
Gartner calls big data security analytics the “Next Big Thing.” It promises to automate the threat detection process, remove false positives from undermining effective security operations, and offer visibility to unseen and unknown threats, all at scale. Yet to implement it, organizations must work through the practical challenges of deploying and operationalizing this new and transformative technology. Requirements must be carefully defined, including use case coverage, data source requirements, security operations process changes, and incident response optimization. Join our conversation around deploying big data security analytics where we will delve into how companies have successfully deployed this technology and discuss topics like how to choose the correct technology, behavioral analytics proper fit in security operations, and defining successful metrics to measure results.
1:00 PM : Welcoming Remarks and Introductions
Location: Ambassador 3, 2nd Floor
Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography
T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® Northeast Executive Forum and Awards 2017.
1:10 PM : Keynote Address
Location: Ambassador 3, 2nd Floor
Linda Cooper Angles
Chief Information Security Officer
Conduent
Practical Problem Solving from a CISO Perspective
As new threats continue to appear, organizations are constantly on the lookout for potential security solutions to help them combat the seemingly endless onslaught of attacks against their enterprises. As a result security teams can often end up with a cornucopia of different security tools that don’t always necessarily work as harmoniously as they would like. Additionally, as more tools are on-boarded it can become increasingly difficult to measure the overall effectiveness of all of the solutions at your disposable. Join Linda Cooper-Angles, CISO for Thomson Reuters, as she discusses the practicality and challenges associated with deploying various security technologies and tracking their metrics and long term ROI.
1:45 PM : Interactive Executive Roundtables
Location: Ambassador 3, 2nd Floor
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.
Ransomware on the Rise
Charles Hudson
Executive Director, Security Strategy and Architecture
Comcast Corporation
ISE® Northeast People's Choice Award Winner 2014
ISE® Northeast Executive Award Finalist 2014
ISE® North America Executive Award Finalist 2014 - Commercial Category
Biography
Malware has long been the bane of many security professionals. However, a more frightening evolution in this long-time InfoSec foe has become increasingly dangerous and more prevalent in recent years. Ransomware has continued to grow as one of the most prevalent threats to industries of all shapes and sizes. A 2015 report by McAfee found a huge jump of late, from 257,357 new ransomware samples in the first half of 2014, to 380,652 in the second half. By the first half of 2015, that number jumped 5.3 times to over 2 million. In 2016, we saw several increasingly high-profile examples, including, most notably, the case of Hollywood Presbyterian Medical Center, a 434-bed hospital whose network effectively ground to a halt after hackers breached the system in early February. After relying on pen and paper records briefly, Hollywood Presbyterian paid the 40 bitcoin ($17,000) ransom to regain control of its network. As ransomware continues to spread, what can security professionals do to better protect themselves from this most malevolent of malware?
The Internet of Things is Here and Growing but are You Ready for it?
Denise Hucke
Executive Director
JP Morgan Chase & Co.
Biography
The once nebulous Internet of Things has slowly but surely become a more defined and pressing issue for Information Security professionals as more organizations begin to adopt the IoT into their business structure. Gartner predicts that in the year 2020, 25 billion ‘things’ worldwide are connected to the internet with a collective economic value of two trillion dollar. While that still leaves current InfoSec professionals some time to adapt to a more pervasive Internet of Things, the question remains; “How ready is your organization for IoT adoption now?” Does your organization have the right skillsets and capabilities in place now to start investing in IoT related projects? Aside from all the innovative, technical and business skills needed, perhaps the greatest skill needed is the ability to understand what missing factors are in the organization’s capabilities.
Securing What You Share: Improving Your Third Party Security
Frank Aiello
SVP, Chief Information Security Officer
MAXIMUS
ISE® Northeast People's Choice Award Winner 2016
ISE® Northeast Executive Award Finalist 2016
Biography
When organizations start working with third-party vendors, they have to consider a variety of security concerns. These vendors often have access to valuable, sensitive corporate data, yet according to a 2016 study by the Ponemon Institute, more than one third of companies don’t believe these vendors would tell them if they had a data breach. Additionally, About 60% of respondents said they felt vulnerable because they were sharing sensitive data with third parties that might have weak security policies. While including data privacy and security procedures in third-party contracts to ensure vendors have appropriate measures in place to protect company data has become commonplace, it is difficult to evaluate how the vendor is protecting data from unauthorized access, use, and disclosure, and to know whether the vendor has appropriate contractual terms in place with downstream, who may also have access to your data. This disconnect creates a high-risk area for all industries as more and more data loss through third-party vendors results in a breakdown of trust and communication. To help prevent potential damages, organizations need to develop plans for working with third parties that involve data mapping vendors, contract specificity, and regular data audits.
IAM in the Modern Security Age
Gehan Dabare
Managing Director
MUFG
Biography
Your data is valuable and there’s a good chance that someone is actively working to get it. For today’s hackers, successful infiltration to sensitive systems and information is often achieved by gaining the credentials of privileged users with elevated access rights. Identity access management is a critical part of any enterprise security plan, as it is inextricably linked to the security and productivity of organizations in today’s digitally enabled economy. Even now the role and function of IAM is growing and changing at a rapid pace with elements like cloud computing, access proxy solutions, and risked-based authentication solutions. Now more than ever, well defined IAM and compliance policies are needed to ensure that your organization’s internal workings and information remain on the inside. With proper implementation of IAM practices and technologies, organizations can significantly reduce risk, modernize their business and help keep their information out of the hands of threat actors.
2:45 PM : Break
3:00 PM - 8:00 PM : Registration
Location: Broadway Foyer - 3rd Floor
2:55 PM : Nominee Showcase Presentation #1
Location: Ambassador 3, 2nd Floor
A Contextual Approach to Security Scoring: Creating a Multi-Dimensional View of Risk Assessment
In our modern and rapidly changing cybersecurity climate, vulnerability teams are constantly challenged to keep up with the perpetual volume of security alerts and vulnerabilities. As hardware and software vulnerabilities are discovered, firms have traditionally prioritized remediation efforts based solely on the criticality rating of the vulnerability. In a complex enterprise environment such as JPMorgan Chase, this approach falls short as it fails to consider business context of the targeted assets. With this in mind, JPMorgan Chase set out to create a vulnerability scoring model that allows their businesses to provide targeted focus on the most critical vulnerabilities and enable them to make informed risk-based decisions in a new way. Join our conversation to learn how JPMorgan Chase Cybersecurity’s Vulnerability Scoring Model has helped them enhance reporting capabilities, made their processes more effective, and enabled consistency across technology and application scoring by giving a value that is understood by everyone from developers to CIOs.
3:15 PM: CISO Deep Dive: Executive Leadership
Location: Ambassador 3, 2nd Floor
An industry cross section of ISE Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.
Moderator
Roland Cloutier
CVP, Chief Security Officer
ADP
ISE® Northeast Executive Award Winner 2012
ISE® Northeast People's Choice Award Winner 2012
ISE® North America Commercial Executive Award Winner 2012
ISE® North America Executive Award Winner 2014 - Financial Category
ISE® Luminary Leadership Award Co-Winner 2018
Biography
T.E.N. Success Story
Panelists
Moriah Hara
CISO Board Advisor
Clearsky Fund-and Glilot Capital
ISE® Northeast Executive Award Finalist 2017
ISE® North America Executive: Commercial Award Finalist 2017
Biography
Mike Higgins
Chief Information Security Officer
NBCUniversal
Biography
Mike Towers
Former Chief Digital Trust Officer
Takeda Pharmaceuticals
ISE® Northeast Executive of the Year Award Winner 2015
ISE® North America Executive: Health Care Award Winner 2015
ISE® Northeast Executive Award Winner 2020
ISE® North America Executive: Health Care Award Winner 2020
Biography
Laura Whitt-Winyard
Global Chief Information Security Officer
DLL
Biography
4:00 PM : Nominee Showcase Presentation #2
Location: Ambassador 3, 2nd Floor
Just Like Starting Over: The Gateway to a Better IAM Model
Mike Towers
Former Chief Digital Trust Officer
Takeda Pharmaceuticals
ISE® Northeast Executive of the Year Award Winner 2015
ISE® North America Executive: Health Care Award Winner 2015
ISE® Northeast Executive Award Winner 2020
ISE® North America Executive: Health Care Award Winner 2020
Biography
After more than 30 acquisitions and divestitures in a 3 year period, the team at Allergan had a variety of HR systems, access systems, AD domains, and provisioning processes to deal with. This created a very complex environment and made the process of onboarding new workers difficult. Various issues with accounts arose like duplication, access to accounts being revoked, and different functions being disabled. This in turn, led to a great deal of frustration for everyone involved. Rather than pick an existing, incumbent solution and migrate over, the team decided to start from scratch. Join our conversation to learn how the team at Allergan overhauled their IAM platform and associated processes for onboarding and created a dynamic and flexible alternative to their legacy systems.
4:20 PM : Nominee Showcase Presentation #3
Location: Ambassador 3, 2nd Floor
Faster and More Secure with Cloud
Niraj Patel
Manager Enterprise Security Architecture
Horizon BCBSNJ
Biography
Horizon Blue Cross Blue Shield of New Jersey made the move to the cloud so its IT team could focus on providing better products faster as we move to a consumer-centric world with more customer engagement. Horizon BCBSNJ’s information security team’s goal is to provide the most secure and compliant solution possible. Realizing they needed a dedicated cloud security solution, they deployed a CASB to manage security, compliance, and governance across different cloud services. Join our conversation to learn how Horizon BCBSNJ makes business decisions to manage access and enforce security, allowing the Company to strategically embrace cloud applications that will make a difference for the business.
4:45 PM: Late Afternoon Break
5:00 PM : VIP Reception (invitation only)
Location: Ambassador 2 - 2nd Floor
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM : Sponsor Pavilion and Dinner Buffet
Location: Broadway Ballroom - 3rd Floor
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2017, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:30 PM : Sponsor Tear Down
Location: Broadway Ballroom - 3rd Floor
7:45 PM : ISE® Northeast Awards Gala
Location: Gershwin Ballroom - 4th Floor
Honoring and celebrating the ISE® Northeast Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.
Tomás Maldonado
Chief Information Security Officer
NFL
9:00 PM : Champagne and Dessert Reception
Location: Gershwin Ballroom - 4th Floor
Enjoy champagne and dessert while celebrating the winners, nominees and project teams.