ISE® North America Schedule of Events 2019

ISE® NORTH AMERICA PRIVATE WELCOME DINNER
Build or Buy? Integrating Advanced Capabilities into Your Security Program

November 12, 2019
5:30pm - 8:30pm
Eddie V’s Prime Seafood
521 N Rush Street
Chicago, IL 60611
Kevin Gowen Kevin Gowen
Chief Information Security Officer
Synovus Financial Corporation
ISE® East Executive Award Winner 2022
Biography

Many enterprises have grown comfortable with the capabilities of their security programs. However, the fact remains that threat actors are evolving their techniques all the time, making it crucial for enterprises to adopt advanced security strategies to keep up with them. For instance, the market is at an inflection point between endpoint protection and EDR functions. For organizations to adopt advanced capabilities like EDR—including the investigation, decision making, and response actions associated with malicious or suspicious detection—security teams must first modernize the way they work. That involves prioritizing work and delegating decisions to security analysts with limited experience and tenure. Join our conversation as we discuss the talent and technology changes organizations should consider in the adoption of advanced adversary detection and hunting programs.

November 13, 2019

10:00 AM-3:00 PM: Registration

Location: Streeterville Foyer, Lobby level of the Executive Tower

11:15 AM: ISE® North America Signature Luncheon*Invitation Only

Location: Streeterville, Lobby level of the Executive Tower

Sponsored by:

Don’t Just Stack, Integrate: Employing a Unified Cloud Security Platform

Eric Schmidt

Eric Schmidt
Information Security Officer
Eskenazi Health
ISE® Midwest Executive Award Finalist 2005

Digital transformation has changed the way enterprises perform security. While processes become more agile and efficient, IT environments also become distributed, elastic, and hybrid. These changes make it difficult for security professionals to defend against opportunistic hackers who take advantage of security gaps. Additionally, mobilization, cloud integration, and virtualization have each contributed to a vanishing security perimeter as well as a lack of visibility with these new IT environments. It can be tempting for enterprises to stack heterogenous tools on top of each other to perform quick security fixes, but doing so ultimately lacks true security integration, leading to further vulnerabilities and work efficiency problems. Instead, enterprises should employ solutions that can orchestrate natively and organically with hybrid IT environments without adding complications or slowing down DevOps’ development and delivery. Join our conversation as we discuss how a unified cloud platform centered around security and compliance can contribute to greater prevention, detection, and response against today’s most dangerous cyber threats.

12:50 PM: Welcoming Remarks and Introductions

Location: Avenue West Ballroom, Lobby level of the Executive Tower
Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

T.E.N.'s CEO & President will welcome guests, provide an overview of the program agenda and event purpose, and introduce the speakers and sponsors of the ISE® North America Leadership Summit and Awards 2019.

1:00 PM: Keynote Address

Location: Avenue West Ballroom, Lobby level of the Executive Tower

The Business of the CISO: Seven Factors We Must Get Right to Succeed

Todd Fitzgerald

Todd Fitzgerald
Managing Director/CISO
CISO Spotlight, LLC
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
2015-2019 ISE® North America MC
Security Author

Biography

Todd Fitzgerald, CISO and Cybersecurity Leadership Author of “CISO COMPASS,” will be presenting the opening Keynote Presentation. One signed copy of his book will be available to win at this year’s Awards Gala! Purchase a copy of your own: https://www.amazon.com/dp/B07LH3DRLR

1:35 PM: Interactive Executive Roundtables

Location: Avenue West Ballroom, Lobby level of the Executive Tower

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our distinguished ISE® Alumni who are leading CISOs and Information Security Executives.

Creating a Secure Cloud Infrastructure

Ed Yousfi

Ed Yousfi
Director, IT Security (CISO)
Gallagher Bassett Services
Biography

The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to supplement to meet their obligations as part of the shared responsibility model. Join our discussions to learn how a thorough understanding of your company’s cloud infrastructure, native cloud security capabilities, and the shared responsibility model security professionals in having a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.

Have You Prepared for Every Insider Threat… Even Those Who Leave?

Jason Belford

Jason Belford
Chief Information Security Officer (CISO)
University of Virginia
ISE® Southeast Executive Award Runner-Up 2020
ISE® North America Executive: Academic/Public Sector Award Winner 2020
Biography

Employees are the first line of defense when it comes to cybersecurity threats attempting to infiltrate an enterprise—but they can also be a weakness or threat themselves. Sometimes, it’s a well-meaning but negligent mistake; someone clicks on an email link that’s part of a phishing campaign, and suddenly, a threat actor has infiltrated the network. Other times, an employee or contractor will act maliciously and knowingly use inside information to endanger an enterprise in some way. Enterprises also need to be wary of departing employees and deploy security procedures during the off-boarding process since they could be taking sensitive data with them. No matter the circumstance, enterprises are going to have insider threats, so it’s important to enlist the proper security controls against them before data leaves an organization. Join our discussion as we cover the various insider threats an enterprise can experience as well as how to gain visibility on those threats, mitigate their damage and prevent data from being taken, misused or lost.

Protecting Your Online Identities: The Case for Digital Security

Erik Decker
Chief Information Security & Privacy Officer
The University of Chicago Medicine
ISE® North America Executive: Academic/Public Sector Award Winner 2019
Biography

The use of smartphones, social media, e-commerce, and other online profiles is not abating any time soon, making digital security a necessary part of our lives. As we continue to expand our digital footprints and form online identities, it can be easy to become lax in our security efforts, especially as more and more profiles and apps become interconnected. By accessing one digital app or service, hackers are more likely to gain access to all of your accounts that either use the same username and password or are linked together. With employees also accessing personal accounts on company-owned devices or via company networks, organizations are wrestling with who is responsible and accountable for their digital security. The obvious choice is the CISO, but with digital security crossing many aspects of enterprise transactions and departments, it calls into question how far-reaching business leaders expect the CISO’s role to be. Join our conversation as we discuss how security executives can approach digital security to protect our identities, uniting with business leaders to establish clear-cut security strategies and responsibilities.

Where Cybersecurity Crisis Management Meets Law Enforcement

Kevin Gowen Kevin Gowen
Chief Information Security Officer
Synovus Financial Corporation
ISE® East Executive Award Winner 2022
Biography

The worst has happened. Your security team has found evidence of a network breach at your enterprise, and they have begun to investigate its severity. This is when your cybersecurity crisis management plan will come into play, if your enterprise has one. If it does not, this may be an incredibly painful experience for you, your security team, your business leaders and your consumers. If your enterprise has a plan but this is the first time its effectiveness is being tested, you may be just as bereft without one, with employees being slow to react or unclear about who to contact. Crisis management plans will be specific to a business, but having one that establishes an emergency incident response team, escalation process flowcharts and crisis communication templates can vastly help you manage an already high-stress situation. You may also want to involve law enforcement at some point during the investigation, both out of legal obligation but also if your enterprise has run afoul of ransomware that could damage its reputation. Local and federal law enforcement will have access to tools and information that your enterprise security team will not, so it will be important to establish a point of contact with law enforcement well before you ever have to reach out to them for help. Join our discussion as we debate the necessary parts of cybersecurity crisis management plans, the role law enforcement should play and how to gather information and contact the right people at the right time.

Effects and Predictions of the California Consumer Privacy Act (CCPA) & Nevada Privacy Law

Ricardo Lafosse

Ricardo Lafosse
Chief Information Security Officer
The Kraft Heinz Company
ISE® Central Executive of the Year Award Winner 2019
ISE® North America Executive: Financial Award Finalist 2019

Biography

In the wake of the European Union’s GDPR regulations, data privacy and protection have been on the hearts and minds of business leaders, security professionals, government entities and consumers alike. The Unites States currently has no overarching, federal data privacy law, so state governments have taken the initiative, with California establishing the California Consumer Privacy Act (CCPA) and Nevada enacting Senate Bill 220 (SB 220). Both of these laws regulate the consumer data of their respective state’s citizenry, affecting both California and Nevada businesses as well as those who do business with them even in the other states. Despite being conceptualized first, the CCPA will not go into effect until January 1, 2020, but businesses across the U.S. have raced to meet the compliance standards of SB 220, which went into effect on October 1, 2019. Complicating the process is the fact that these two regulations are not exactly identical, applying different definitions to legal terms and requiring businesses to adhere to different policies. For instance, though both SB 220 and the CCPA give consumers the right to opt out of certain uses of their personal information, SB 220 does not require any website operators to provide a clear notice to consumers outside of their privacy policy—the CCPA requires a “Do Not Sell” button. Fortunately, there are no outright contradictions; businesses can safely adhere to both policies. However, as the U.S. begins to adopt more state-by-state regulations, businesses and security teams will need to remain vigilant if they wish to stay data compliant. Join our discussion as we explore the effects of the CCPA and SB 220 on privacy rights and consumer data and make predictions of what these bills will inspire for the future of data security in the U.S.

2:35 PM: Break

2:45 PM: Nominee Showcase Presentation #1

Location: Avenue West Ballroom, Lobby level of the Executive Tower

SecurIT First: A New Educational Awareness Program

sprague_gary Donna Mattingly
Program Manager - Corporate Security Education and Awareness
Mastercard

While security systems can be programmed to safeguard exactly what we need them to protect, we cannot program the human. Join our discussion to learn why Mastercard created the SecurIT First education awareness program and how it fosters a security mindset, encourages behaviors that reduces risk, and meets compliance requirements.

3:05 PM: ISE® North America Exabyte Sponsor Showcase Presentation

Location: Avenue West Ballroom, Lobby level of the Executive Tower

Bruce Thompson
Major Accounts Solution Architect
Qualys

3:25 PM: Women in Cyber Security Panel

Location: Avenue West Ballroom, Lobby level of the Executive Tower

Moderator

Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

Panelists

Keever_Kim

Kim Keever
CISO and Senior Vice President of Security, Analytics & Technology Services
Cox Communications
ISE® Southeast Executive Award Winner 2019
ISE® North America Executive: Commercial Award Winner 2019

Biography

Shelbi Rombout

Shelbi Rombout
Deputy Chief Information Security Officer
U.S. Bank
Biography

Yabing Wang

Yabing Wang
Deputy CISO
Carrier Corporation
Biography

3:00-8:00 PM: Registration

Location: Avenue Ballroom Foyer, Lobby level of the Executive Tower

4:10 PM: Nominee Showcase Presentation #2

Location: Avenue West Ballroom, Lobby level of the Executive Tower

Project Mars: Next-Gen CyberOps

Kumar Chandramoulie
Senior Director – Cyber Defense, Threat and Vulnerability Management
AmerisourceBergen
Biography

Not all threats are equal. At AmerisourceBergen, the Cyber Command Center required a better detection of post-compromise cyber adversary behavior. Unfortunately, persistent threats takes many forms, from nation-state sponsored activities to intellectual property theft, to financially motivated actions. Project Mars is a next generation, predictive, intel-driven cyber operation. Project Mars is developed by integrating Predictive Threat Intelligence, Forensics, Dark Web Crawling and Threat Hunting on our own Cyber Precog (SIEM) which ingests 1 Billion plus events a day from 45 data sources. Focusing on offensive Cybersecurity, we today ingest and analyze over 100 plus threat intelligence feeds, adopted MITRE Attack framework to hunt on our environment inclusive of threat actor TTP’s. Join our conversation to learn how AmerisourceBergen’s Project Mars supports in detecting Nation State attacks, Insider Threats, Malicious Activities and Fraud.

4:30 PM: Nominee Showcase Presentation #3

Location: Avenue West Ballroom, Lobby level of the Executive Tower

The Multi-Mission Cloud Platform

Brad Sanford

Brad Sanford
Chief Information Security Officer
Emory University
ISE® North America Healthcare Executive Award Winner 2011
ISE® Southeast Executive Award Finalist 2011

Biography

The Amazon Web Services at Emory (AWS at Emory) project was an effort to create a secure cloud computing environment to serve as Emory University’s preferred and recommended cloud service for faculty-led computational needs. The service provides access to Amazon’s cloud computing services, including computing, storage, database, etc. within an environment that incorporates enhanced security controls to help ensure the safety and security of each cloud workload. Join our discussion to learn about Emory’s multi-mission platform that can facilitate the advancement of science, education, and service across the University.

4:50 PM: Late Afternoon Break, Lobby level of the Executive Tower

5:00 PM: VIP Reception (invitation only)

Location: Streeterville, Lobby level of the Executive Tower

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM: Sponsor Pavilion and Dinner Buffet

Location: Avenue Ballroom Foyer, Lobby level of the Executive Tower

Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2019, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:45 PM: ISE® North America Awards Gala

Location: Avenue East Ballroom, Lobby level of the Executive Tower
Todd Fitzgerald

Todd Fitzgerald
Managing Director/CISO
CISO Spotlight, LLC
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
2015-2019 ISE® North America MC
Security Author

Biography

Kevin McKenzie

Dr. Kevin McKenzie
Former SVP of Information Technology & Enterprise CISO
Dollar Tree Inc., Family Dollar Inc.
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Biography

Honoring and celebrating the ISE® North America Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.

9:00 PM: Champagne and Dessert Reception

Location: Avenue East Ballroom, Lobby level of the Executive Tower

Enjoy champagne and dessert while celebrating the winners, nominees and project teams.

November 14, 2019

7:00 AM-10:00 AM: Registration

Location: Streeterville Foyer, Lobby level of the Executive Tower

7:30 AM: ISE® Private Networking Breakfast

Location: Streeterville Foyer, Lobby level of the Executive Tower

8:00 AM: ISE® Nominee Showcase Presentation #4

Location: Streeterville, Lobby level of the Executive Tower

Seamless & Secure: The Access Management Transformation

Todd Oxford
Sr. Director, Identity & Access Security
Equifax

Nishad Sankaranarayanan
Senior Director, IAM Solution Architecture
Equifax

Equifax made a commitment to transforming technology and security into industry-leading capabilities, investing an incremental $1.25 billion over three years. As part of the transformation, the Identity and Access Management team completed an ambitious project to create a centralized access management platform for seamless and secure authentication experiences for Equifax users globally. Over a 12-month period, the team built a centralized platform and implemented global solutions including upgrading MFA and migrating applications to a centralized SSO platform. Join our discussion as Equifax discusses their IAM transformation and share lessons learned from the project to drive a global conversation about a future with “no more passwords.”

8:20 AM: Fireside Chat

Location: Streeterville, Lobby level of the Executive Tower

The Fireside Chat is an engaging morning chat conducted by Marci McCarthy and the winner of this year’s ISE® Luminary Leadership Award, who will provide words of wisdom and lessons learned throughout his career as a cybersecurity professional.

Knight_Wes

Wes Knight
Chief Information Security Officer
Georgia Department of Revenue
ISE® Southeast People's Choice Award Winner 2018
ISE® Luminary Leadership Award Winner 2019

Biography

Marci McCarthy

Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography

9:20 AM: ISE® Nominee Showcase Presentation #5

Location: Streeterville, Lobby level of the Executive Tower

Making Waves With CyberSplash

Markowitz_Matthew

Matthew Markowitz
Sr. Analyst, Cybersecurity Awareness and Education
Comcast Corporation

Patrick McGranaghan
Senior Manager, Cybersecurity Awareness and Education
Comcast Corporation
Biography

CyberSplash is a cybersecurity education game that's transforming Comcast security at the employee level. The game provides fun, bite-sized, incentivized daily training to help employees better understand and remember cybersecurity concepts and practices. Employees can play on their company-issued computers and mobile devices. Each day, players face a new one-minute challenge. Correct answers earn badges, higher rankings on the leaderboard, and the opportunity to play for Splash Cash (in-game currency that can be redeemed for game enhancements). Join our discussion as Comcast shares how their CyberSplash project uses game elements to reward people for educating themselves and is revolutionizing Comcast's information security posture.

9:40 AM: Information Security Executive® Deep Dive Panel

Location: Streeterville, Lobby level of the Executive Tower

An industry cross section of ISE® Alumni and leading security executives explore today’s hottest security trends and issues and the key challenges they are facing now and in the future.

Moderator

Marc Crudgington

Marc Crudgington
CEO, vCISO, Founder, Author
CyberFore Systems Corp.
ISE® Central Executive Award Finalist 2019
ISE® North America Executive: Financial Award Winner 2019

Biography

Panelists

Tammy Klotz
Director of Information Security
Versum Materials
ISE® Northeast Executive Award Finalist 2019
ISE® North America Executive: Commercial Award Finalist 2019
Biography

Nicole Keaton Hart

Nicole Keaton Hart
Site Director & Group Product Manager, Security Product
Microsoft
Biography

Ricardo Lafosse

Ricardo Lafosse
Chief Information Security Officer
The Kraft Heinz Company
ISE® Central Executive of the Year Award Winner 2019
ISE® North America Executive: Financial Award Finalist 2019

Biography

Bruce Thompson
Major Accounts Solution Architect
Qualys

10:50 AM-11:00 AM: Closing Remarks

Location: Streeterville, Lobby level of the Executive Tower

11:30 AM: Program Concludes