ISE® Southeast Schedule of Events 2010

August 11, 2010

11:00am - 1:30pm: Registration

Location: Prefunction CDE

1:00 PM : Welcoming Remarks and Introductions

Location:Woodruff Room
Marci McCarthy

Marci McCarthy
CEO and President

1:15 PM : Keynote Address

Location: Woodruff Room
Fernando Martinez

Fernando Martinez
Vice President and Chief Information Officer
Jackson Health System
ISE® Southeast Executive Award Winner 2009

CISO, CISE, CISL? About Information Security EXECUTIVES and LEADERS > Download Presentation
Security is becoming less about tools and much more about business acumen and leadership skills. Successful CISO’s are engaged executive partners who understand the core business processes of the organization as well as the safety net that must be built around it. This presentation will engage participants in a discussion around business processes, related risks, and the best practice approaches to strengthening organizational security. Discussion will include top security issues and the evolving role of the CISO within the broader context of organizational governance.

2:15 PM : Interactive Executive Roundtables

Location:Woodruff Room

The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices.  The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.

The Dark Side of Industry Consolidation: Mapping a Safe Path Through Vendor Consolidation

Phil Agcaoili

Phil Agcaoili
Chief Information Security Officer
Cox Communications
ISE® Central Executive Award Winner 2009

The security technology industry is consolidating due to mergers and acquisitions, resulting in fewer but larger players. While there are many drivers that attract one company to buy another, a common force currently driving consolidation is that larger vendors are looking for ways to provide broader, end-to-end solutions that go beyond what they can assemble in-house. Acquisition offers a way to leverage the trend toward a greater user preference for best-of-breed components while defending their positions as end-to-end solution providers.

While these are clear benefits, vendor consolidation is not without its dark side. What may happen to the acquired vendor and its technology is often an open question. Vendor consolidation impacts vendor relationships, technology direction and customer support; elevates concerns about the safety of existing and new investments; and adds uncertainty and risk that is best to be avoided.

Trends In Identity and Access Management: Transforming Security into an Enabling Function

Tim Callahan

Tim Callahan
Group Vice President, Manager Business Continuity and Information Assurance
Sun Trust
ISE® Northeast People's Choice Award Winner 2009, ISE® North America Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2007, ISE® Southeast People's Choice Award Winner 2006, ISE® Southeast Executive Award Finalist 2006

The digital world is dramatically altering the way business gets done, resulting in numerous security challenges for organizations. The internal corporate network is now a connected web of people and devices as more employees work remotely; and partners, customers and vendors are given access to corporate systems and sensitive data. This connected business model many times means managing access for users the company knows little about. To complicate matters, cloud-based applications are on the rise, bringing more challenges to managing user security. Layered on top of these business considerations is the requirement to meet industry-specific standards and comply with regulations such as HIPAA, SOX and PCI. Businesses must prove accountability around data access and management.

As businesses mature, they must be able to manage rapid change, establish effective formal governance, and provide accountability through transparency. Identity and access management and compliance solutions form the cornerstone of an organization's governance, risk and compliance strategy and serve as a basis for transforming security into an enabling function. Implementing these programs can be complicated and time-consuming, but enterprises may be able to simplify the process and make tangible contributions to enterprise business goals if they consider vendors that are developing ways to integrate IAM offerings with other compliance solutions.

The Consumerization of IT: Better Known as BYOT (Bring Your Own Technology)

Tony Spinelli

Tony Spinelli
SVP, Chief Security & Compliance Officer
ISE® Southeast Award People’s Choice Winner 2007
ISE® Southeast Executive Award Finalist 2007

Consumer technology's momentum has reached a dizzying pace. The estimated number of application downloads in the Android market, for example, passed the 1 billion mark in mid-2010. With the emergence of a multi-generational workforce, boundaries between work and personal technologies are diminishing. The newest generation of workers, for example, grew up using personal computers, laptops, mobile phones, iPhones, iPods – and now iPads. Technologies originally aimed at consumers, such as thumb drives, instant messaging, smartphones and handheld audio and video players, are now at home in the business world.

While the use of consumer technology can spark innovation and enable business on many levels, the unsanctioned and unmanaged use of consumer technologies can present serious risk and raise numerous security concerns. As if the security issues weren’t enough, the legal ramifications of intermingled business and personal use can be even more troubling. What happens when employee blogging gets out of control? Who owns the device? Who owns the data? The concerns are legitimate, but a power shift is underway and security executives can no longer afford to ignore consumer electronics and dismiss the trend.

Secure Social Networking: Is there an App for That?

Lynda Fleury

Lynda Fleury
Vice President and CISO
ISE® Southeast Executive Award Winner 2008
ISE® North America Executive Award Finalist 2005

Facebook, Twitter, LinkedIn, YouTube, MySpace. Love it or hate it, social media is part of the business world and it’s here to stay. Social media empowers businesses to build a brand, expand their reach, connect with customers and partners and facilitate the “flow of business.” While leveraging online communities presents great opportunities, many security executives express frustration over the dilemma of how to make social media available for business reasons without exposing themselves to unnecessary security risks.

Employees toggling between “friending” on Facebook and “businessing” on corporate systems  leaves a company open to the exposure of personal data in the workplace; the release of corporate data to the public; the risk of identify fraud; and a host of security, governance and compliance challenges. A perfect storm is brewing between the number of people using social media and the increasingly sophisticated malware attacks being launched to prey on the data. Now, with the proliferation of third-party applications for mobile devices, the complexity and diversity of security issues become even greater as users download unsecured applications and use mobile devices for personal reasons. Financial firm USAA, for example, allows customers to deposit a check from their mobile phones by using a "remote capture" of an image of the check.

Securing The Cloud: Is it Possible?

Paul Huesken

Paul Huesken
Director of Information Assurance
The Coca-Cola Company
ISE® Southeast & North America Judge

The benefits of cloud computing—accessing your data and applications stored on remote hardware by way of the Internet instead of keeping it all in your local workstation—still requires a leap of faith for many. But now that a workstation can go anywhere as a smart phone, a stripped-down Net Book or even an e-book reader, it's practically a virtual desktop operating in conjunction with a virtual server.  If the user can be anywhere, so can the source for data and applications.  Cloud computing represents a significant opportunity for enterprises to increase flexibility, gain access to best-of-breed applications, add capacity on demand and boost infrastructure resources – all at negligible cost.

As more information on individuals and companies is placed in the cloud, attention must be turned to how safe an environment it is and how we assess security and perceive risk. In the cloud, it’s difficult to physically locate where data is stored. While the cloud provider is the custodian, the data owner is still legally responsible for protecting the privacy and integrity of that data. Further, the “richer the pot of data,” the more attractive it is to cyber crooks. Security processes, once visible, are now hidden behind layers of abstraction. Even the most basic tasks, such as applying patches and configuring firewalls, may become the responsibility of the cloud operator, not the end user. While the intent of security remains the same - to ensure the confidentiality, integrity and availability of information - cloud computing shifts control over data and operations.

3:30 PM : Break

3:40 PM : Nominee Showcase Presentations

Location: Woodruff Room
Jennifer Graham

Jennifer Graham
Vice President User Groups
SunTrust Banks

The Self-Funded Courion Access Assurance Implementation  > Download Presentation
In this presentation, Jennifer Graham will discuss how SunTrust worked with Courion to come up with a plan in which all of its goals would be met, with the added bonus of structuring the deployment in such a way that the recognized benefits of the technology would literally negate the cost of implementation over a period of 36 months.  Based on SunTrust’s goals, Courion helped structure the sale of its Access Assurance Suite so that the capital expenditure could be amortized over the course of several quarters or years, relieving any impact whatsoever on the IT budget.  Jennifer will discuss how  this enabled the project to address their companies strategic, technical and financial goals.


Mark Leary
Director & Deputy CISO
Northrop Grumman Corporation

Northrop Grumman OneBadge  > Download Presentation
Russell Koste will present how the Northrop Grumman OneBadge project developed, implemented and deployed smart card technology across the corporation in order to provide enhanced protection from unauthorized access to company facilities, networks and data. The OneBadge smart card standardizes employee logical and physical access and is aligned to Homeland Security Presidential Directive (HSPD) 12, the identification standard for government employees and contractors. Russell will present how Northrop Grumman’s new identity badge is federated across the Department of Defense (DoD) and the Federal Public Key Infrastructure (PKI) Bridge to enable secure collaboration with Northrop Grumman’s government and commercial customers and partners.

Chris Tuten Chris Tuten
Vice President, Corporate Information Security
Sallie Mae

Automated Identity Governance  > Download Presentation
In this presentation, Chris Tuten will discuss how compliance mandates can be a quagmire for IT resources and budgets. In the past, Sallie Mae had spent several millions of dollars to comply with the Federal Information Security Management Act (FISMA) – one of several regulations the company is subject to – due to inefficient, manual processes. In December 2009, Sallie Mae began an aggressive identity governance project to address spiraling compliance costs. Within six months, the company completely re-architected its IT compliance processes related to identity management and established an automated, repeatable process that is projected to save the company significant expense while improving the company’s overall IT risk and compliance posture.

Ariel Silverstone

Ariel Silverstone
Information Security Director

Launching a Code Assurance Program and Saving Millions!  > Download Presentation
Ariel Silverstone will present how one company researched and decided on process and tools from scratch to assure best-in-breed software security quality, all while saving money in the process.

5:00 PM : VIP Reception (invitation only)

Location: Buckhead Ballroom I

ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.

6:00 PM : Sponsor Pavilion and Dinner Buffet

Location: Prefunction Grand Ballroom, 4th floor

Guests enjoy gourmet dinner while networking and meeting the sponsors.  Honoring and celebrating the Canada Award Nominees for 2013, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.

7:30 PM : ISE® Southeast Awards Gala

Location: Grand Ballroom AB, 4th floor

Honoring and celebrating the ISE® Southeast Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.

9:00 PM : Champagne & Dessert Reception

Location: Prefunction Grand Ballroom, 4th floor

Enjoy champagne and dessert while celebrating the winners, nominees and project teams. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.