ISE® Central Schedule of Events 2019

ISE® CENTRAL PRIVATE WELCOME DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program

May 14, 2019
5:30pm - 8:30pm
Chamberlain's Steak and Chop House
5330 Belt Line Rd
Dallas, TX 75254
Registration
mills_carrie

Andrew Stokes
Assistant Director and Information Security Officer
Texas A&M University
Biography

Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.

Wednesday, May 15, 2019

11:00 AM - 3:00 PM: Registration

Fort Worth Foyer

11:15 AM : ISE® Signature Luncheon *Invitation Only

Location: Fort Worth 1 – 3rd Floor

Don’t Just Stack, Integrate: Employing a Unified Cloud Security Platform

Kevin Dunn

Kevin Dunn
SVP & CISO
U.S. Retirement and Benefits Partners
Biography

Digital transformation has changed the way enterprises perform security. While processes become more agile and efficient, IT environments also become distributed, elastic, and hybrid. These changes make it difficult for security professionals to defend against opportunistic hackers who take advantage of security gaps. Additionally, mobilization, cloud integration, and virtualization have each contributed to a vanishing security perimeter as well as a lack of visibility with these new IT environments. It can be tempting for enterprises to stack heterogenous tools on top of each other to perform quick security fixes, but doing so ultimately lacks true security integration, leading to further vulnerabilities and work efficiency problems. Instead, enterprises should employ solutions that can orchestrate natively and organically with hybrid IT environments without adding complications or slowing down DevOps’ development and delivery. Join our conversation as we discuss how a unified cloud platform centered around security and compliance can contribute to greater prevention, detection, and response against today’s most dangerous cyber threats.

12:50 PM : Welcoming Remarks and Introductions

Location: Fort Worth 2 – 3rd Floor
Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® Central Executive Forum and Awards 2019.

1:00 PM : Keynote Address

Location: Fort Worth 2 – 3rd Floor

Cultural Shift – An Intentional Strategy To Drive Change

heath_emily

Emily Heath
VP/CISO
United Airlines

Organizational culture is a key part of any successful security strategy. A couple of years ago, United Airlines embarked on a major cultural shift both inside the security team and across the company. Join us as United’s CISO, Emily Heath, shares her model for a successful change in culture; discusses some hits and misses; and gives everyone a behind-the-scenes peek at what makes one of the world’s largest airlines tick!

1:35 PM : Interactive Executive Roundtables

Location: Fort Worth 2 – 3rd Floor

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices.  The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.

Creating a Secure Cloud Infrastructure

Vikrant Arora

Andrew Albrecht
VP & CISO
Michael's

The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to supplement to meet their obligations as part of the shared responsibility model. Join our discussions to learn how a thorough understanding of your company’s cloud infrastructure, native cloud security capabilities, and the shared responsibility model gives security professionals a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.

Company Security Culture

Listyanna Dowell

Listyanna Dowell
Director, IT Security Platform Operations
Sirius XM Radio

As numerous data breaches have placed organizations’ brands and CEOs’ jobs on the line, security is gradually becoming a priority for C-suite executives and board members alike to integrate into company culture on every level. When your organization moves beyond simply discussing security to taking actionable steps, you’ll know cybersecurity has become a priority within your company. To make that transition from “talking” to “doing,” C-suite members are responsible for convincing board members to adopt cybersecurity as a top-down initiative. The more support C-suite leaders can garner from the board, the more likely they can receive the support and funding for resources and the development of a security program. In addition, having business leaders embody a culture of security with actions as well as rhetoric can have a positive impact on employees, who often receive the brunt of training initiatives, email alerts, and security tests in an organization. Join our discussions as we learn how leadership promoting the positives of security while eliminating apathy, division, and self-interest from the culture will help ensure security behaviors change throughout the company for the better.

Creating a Dynamic and Actionable Information Security Plan

sprague_gary Gary Sprague
Director, Information Security & Compliance
Rent-A-Center
Biography

Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.

Data Loss Prevention in an Age Without Borders

Effendi_Asif Asif Effendi
Director - Cybersecurity
GE Oil & Gas Operations
Biography

The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.

2:35 PM : Break

2:45 PM : ISE® Central Nominee Showcase Presentation #1

Location: Fort Worth 2 – 3rd Floor

SecurIT First: A New Educational Awareness Program

Kruse_Brian

Brian Kruse
Director, Vulnerability Management
Mastercard

sprague_gary Donna Mattingly
Program Manager - Corporate Security Education and Awareness
Mastercard

While security systems can be programmed to safeguard exactly what we need them to protect, we cannot program the human. Join our discussion to learn why Mastercard created the SecurIT First education awareness program and how it fosters a security mindset, encourages behaviors that reduces risk, and meets compliance requirements.

3:00 PM - 8:00 PM : Registration

San Antonio Prefunction Foyer, 4th floor

3:05 PM : ISE® Central Exabyte Sponsor Showcase Presentation

Fort Worth 2 – 3rd Floor

Security at a Crossroad – Regaining Our Lost Visibility

Tom Cline

Tom Cline
Vice President Field Operations US South Central
Qualys

Join us as Qualys discusses how IT transformation has brought us to a new security crossroad and how we must meet these new demands in order to regain our lost visibility into our networks and data.

3:25 PM: Information Security Executive® Deep Dive Panel

Location: Fort Worth 2 – 3rd Floor

An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Matt Fearin

Matt Fearin
Managing Director (CISO), Global Head of Consumer Information Security
Citi

Panelists

Tom Cline

Tom Cline
Vice President Field Operations US South Central
Qualys

Ricardo Lafosse

Ricardo Lafosse
CISO
Morningstar
ISE® Central Executive of the Year Award Winner 2019
Biography

Alex Nehlebaeff

Alex Nehlebaeff
Corporate Information Security Manager/CISO
Harley-Davidson Financial Services, Inc.
Biography

Shelbi Rombout

Shelbi Rombout
SVP - Deputy CISO
MasterCard
Biography

Anil Varghese Anil Varghese
CISO
Exeter Finance
Biography

4:10 PM : ISE® Central Nominee Showcase Presentation #2

Location: Fort Worth 2 – 3rd Floor

Securing A Merger To Create One McDermott

Steve Moloney

Steve Moloney
Chief Information Security Officer
McDermott

In 2018, McDermott began the journey to combine with Chicago Bridge and Iron. This combination brought vast scale in their business operations as they doubled in size. McDermott, a company with a leading security posture across the industry pre-merger, was faced with an elevated cyber risk during a time of high vulnerability within a new complex security and infrastructure environment. Join our discussions to learn how McDermott’s Cyber Security team successfully overcame the challenge to keep the company and its employees cyber safe while, at the same time, fully integrating security tools and operations in support of combining two companies.

4:30 PM : ISE® Central Nominee Showcase Presentation #3

Location: Fort Worth 2 – 3rd Floor

Business Resilience – Changing the Culture from Continuity to Resilient Enterprise

lee_tosha H. Tosha Lee
Business Continuity Analyst
HMS
Biography
George Macrelli

George Macrelli
Sr. Director, Security Assurance
HMS
Biography

From Integration, to Automation, Compliance to Communication, the HMS Business Resilience Program is an integrated enterprise wide program that applies automation for monitoring world events, including HMS infrastructure technology, such as, servers, networks, and assets. It provides consistent Change Monitoring and Management by automating the updating of infrastructure changes for our Business Impact Analyses and Recovery Procedures. It allows us to demonstrate compliance with HITRUST, ISO, and SOC frameworks, which ensures the standardization of control information. Join our discussion to learn how this cultural shift positioned HMS in pursuing a ‘Resilient Enterprise’ designation from an international Continuity Program leader.

4:50 PM: Late Afternoon Break

5:00 PM : ISE® VIP Reception (invitation only)

Location: Fort Worth 1 – 3rd Floor

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM : Sponsor Pavilion and Dinner Buffet

Location: San Antonio Prefunction – 4th Floor

Guests enjoy gourmet dinner while networking and meeting the sponsors.  Honoring and celebrating the award nominees, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM : Sponsor Tear Down

Location: San Antonio Prefunction – 4th Floor

7:45 PM : ISE® Central Awards Gala

Location: San Antonio Ballroom – 4th Floor

Honoring and celebrating the ISE® Central Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® Sponsors.

Adam Maslow

Adam Maslow
Sr. Director Information Security
Raising Cane's

Chris Ray

Chris Ray
CISO
TriNet
ISE® Southeast Executive Award Winner 2011
T.E.N. Success Story

9:00 PM : Champagne and Dessert Reception

Location: San Antonio Ballroom – 4th Floor

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.