Archived Events 2010

ISE® PRIVATE DINNER: Aligning Vulnerability and Privilege Management in the Context of Business Risk

July 17, 2014
5:30pm - 8:30pm
Del Frisco’s Grille
2425 E Camelback Rd St 110
Phoenix, AZ 85016
Vaughn Hazen

Vaughn Hazen
Director IT Security, CISO
Freeport-McMoRan Copper & Gold

Despite gigantic investments in IT security, many organizations still struggle to identify real, critical risks buried within massive amounts of data. CISOs need new strategies for assessing, prioritizing and addressing both internal and external risks in business context. Join our conversation to discuss how aligning vulnerability management and privilege management programs can shed new light on risk in terms of compliance, asset integrity, data confidentiality, and other unique business requirements, while enabling IT and security teams to efficiently collaborate on risk reduction efforts enterprise-wide.

ISE® PRIVATE DINNER: Virtualization and the Cloud - Security as an Enabler

July 17, 2014
5:30pm - 8:30pm
Del Frisco’s Double Eagle Steakhouse
Located near the Galleria on the Tollway
5251 Spring Valley Road
Dallas, TX 75254
John R. South

John R. South
Chief Security Officer
Heartland Payment Systems

Interest in private and hybrid cloud adoption is surging because clouds offer large operational and financial benefits. By sharing application, computer, and network resources in a virtualized environment, business units and cloud service providers can boost IT speed and efficiency, business agility, resource utilization, and profitability. Although there are no questions about the benefits, there is significant debate about the potential risk regarding protection of key assets and data, admin access, multitenancy risk, visibility loss, and compliance. Join our conversation to discuss the role of security as enabler in both public and private cloud adoption, and learn best practices for mitigating risk and effectively addressing the new security challenges created by virtualized environments.

Software Security Assurance Summit

December 1, 2010
Westin Tysons Corner
Falls Church, VA
Details
Louis Freeh

Louis Freeh
Former Director
FBI

In this special one-day in-depth program, a myriad of the most pressing and hottest topics were covered including: Managing federal security mandates and compliance issues; Generating a meaningful ROI from your SSA Program; Best practices associated with U.S. Air Force and Military Health SSA Programs.  In addition,  Louis Freeh, Former FBI Director, shared his thoughts on Going Global - Cyber Warfare Prevention. Details

ROUNDTABLE: Doing Business in the Cloud – Does it Make Sense for Your Organization?

Nov 9, 2010
Westin Park Central Dallas
12720 Merit Drive
Dallas, TX 75251
Roundtable Summary
Richard Burk

Richard Burk
Vice President of IT Operations
AmerisourceBergen Specialty Group

Your business no doubt relies on Internet-based services such as e-mail and the Web. And your organization probably has several local- and wide-area networks. If you're like two-thirds of today’s enterprises, you have already embraced virtualization to improve data center utilization. None of these are new. And from a technology point of view, cloud computing isn't new either.

But from a business perspective, cloud computing introduces a whole new way of thinking and doing business and does bring forth a whole new set of questions about information security. Recent research indicates cloud computing can help businesses and many types of government and academic organizations lower total operational costs and more important respond quickly to change. But, concerns over security and transparency in the cloud may still prevent some from fully embracing these benefits.

Cloud providers and their enterprise clients have a unique relationship. Cloud providers must provide a safe haven for your data and transparency that engenders trust. You must ensure that privacy, data integrity and access controls are maintained to satisfy internal policy and compliance with standards. Further, the “richer the pot of data,” the more attractive it is to cyber crooks. Security processes, once visible, are now hidden behind layers of abstraction. Even the most basic tasks, such as applying patches and configuring firewalls, may become the responsibility of the cloud operator, not the client. The challenge for security executives is to help their organizations leverage the benefits that the cloud may provide while having the trust and confidence that the cloud provider is an able partner in ensuring the confidentiality, integrity and availability of information.

ROUNDTABLE: Doing Business in the Cloud – Does it Make Sense for Your Organization?

Nov 10, 2010
The City Club of Buckhead
3343 Peachtree Road, Suite 1850
Atlanta, GA 30326
Roundtable Summary
Tim Callahan

Tim Callahan
Group Vice President, Manager Business Continuity and Information Assurance
SunTrust
ISE® Northeast People's Choice Award Winner 2009, ISE® North America Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2007, ISE® Southeast People's Choice Award Winner 2006, ISE® Southeast Executive Award Finalist 2006

Your business no doubt relies on Internet-based services such as e-mail and the Web. And your organization probably has several local- and wide-area networks. If you're like two-thirds of today’s enterprises, you have already embraced virtualization to improve data center utilization. None of these are new. And from a technology point of view, cloud computing isn't new either.

But from a business perspective, cloud computing introduces a whole new way of thinking and doing business and does bring forth a whole new set of questions about information security. Recent research indicates cloud computing can help businesses and many types of government and academic organizations lower total operational costs and more important respond quickly to change. But, concerns over security and transparency in the cloud may still prevent some from fully embracing these benefits.

Cloud providers and their enterprise clients have a unique relationship. Cloud providers must provide a safe haven for your data and transparency that engenders trust. You must ensure that privacy, data integrity and access controls are maintained to satisfy internal policy and compliance with standards. Further, the “richer the pot of data,” the more attractive it is to cyber crooks. Security processes, once visible, are now hidden behind layers of abstraction. Even the most basic tasks, such as applying patches and configuring firewalls, may become the responsibility of the cloud operator, not the client.  The challenge for security executives is to help their organizations leverage the benefits that the cloud may provide while having the trust and confidence that the cloud provider is an able partner in ensuring  the confidentiality, integrity and availability of information.

ROUNDTABLE: Defined Accountability Delivers Trusted Content: Securing Virtual Environments via a Layered and Coordinated Approach

November 3, 2010
The Hartford Club
46 Prospect Street
Hartford, CT 06103
Roundtable Summary
Mark Coderre

Mark Coderre
Head of Security Architecture
Aetna
ISE® Northeast Executive Award Finalist 2009
Biography

The purpose of IT security is to enable your business, not impede it, but the challenges and complexity you face for your IT security program grow every day. Compliance requirements impose security standards for data and applications on servers. Physical servers are replaced with virtual machines to save money, be green, and increase scalability. Cloud computing evolves the traditional IT infrastructure to increase cost savings while enhancing flexibility, capacity, and choice. Servers are no longer barricaded behind perimeter defenses, and like laptops before them, they’re now moving outside the security perimeter and need a last line of defense.  It’s now vital to your defense-in-depth security strategy to deploy a server and application protection system delivering comprehensive security controls while supporting current and future IT environments.

Furthermore, the impact that malicious insiders can have on an organization is considerable, given their level of access and ability to infiltrate organizations and assets. Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation. As organizations adopt cloud services, the human element takes on an even more profound importance. It is critical that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat. Especially when this threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure.

ROUNDTABLE:
Trust, Standards and Readiness: IdM and Access Control in a Cloud Computing World

Sept. 29, 2010
University Club of Chicago
76 East Monroe Street
Chicago, IL 60603
Sufel Barkat

Sufel Barkat
VP, Corporate IT
Hyatt Hotels

As cloud computing evolves, identity management and access control is already becoming a major issue. In fact, when you ask Information Security Executives what their concern is with cloud computing, some form of security is always at the top of the list. With the potential CAPEX and OPEX savings from utilization of a cloud computing service model, there should also be added focus on ensuring readiness, so that security is properly implemented to support on-premise and cloud-based application access.

Cloud Computing, with its foundation in the world of virtualization, can take advantage of key aspects of web service implementations and security practices; but only to a point. Web service policies are based on a static model that is known, defined, regulated and contained. However, with Cloud Computing, these dynamics change, as in the cloud environment we deal with a heterogeneous digital ecosystem that is dynamic in nature.  While there is no single dominant approach to identity management in the cloud as of yet, discuss how the leading enterprises will be conducting cloud-readiness efforts to best prepare their enterprise for the pending adoption.

ROUNDTABLE:
Transforming Your Identity and Access Management (IAM) Program into a World Class IT Business Enabler

August 19, 2010
Westin Philadelphia
99 South 17th Street at Liberty Place
Philadelphia, PA 19103
Cathy Rees

Cathy Rees
Information Security Architecture and Controls
ACE Group
Biography

Challenges arise as organizations deploy e-business strategies and enterprise wide applications. IT business leaders are demanding transparent access to a growing number of new business systems and corporate assets. In many cases, achieving business objectives depends on the enterprise's ability to effectively engage, enable and transact business directly with business partners, customers, employees, and contractors.

As businesses mature and the demand for these services grow, Information Security Executives® must be able to manage rapid change, establish effective formal governance polices, and provide transparent accountability. Identity and access management and compliance solutions form the cornerstone of an organization's governance, risk and compliance strategy and serve as a basis for transforming security into an enabling function. Implementing these programs can be complicated and time-consuming, but enterprises may be able to simplify the process and make tangible contributions to enterprise business goals if they consider vendors that are developing ways to integrate IAM offerings with other compliance solutions.

ROUNDTABLE: Desktop Virtualization - The New Silver Bullet? 

August 4, 2010 
The University Club of Orlando
150 East Central Boulevard
Orlando, FL 32801
Satish Mahajan

Satish Mahajan
Vice President and Chief Information Officer
AAA National Office

The desktop virtualization megatrend has signaled the need for today's real-time enterprises to rapidly gain a holistic view of how to properly evaluate and plan a successful migration. Virtualization, according to experts, makes it easier to manage user PCs, provision new desktops, push out patches and enforce security policies.  And the total cost of ownership can be reduced with desktop virtualization depending upon the choice of software and hardware.

While this architecture holds the promise of achieving many business and technology benefits -many questions remain on whether desktop virtualization is the new silver bullet or a panacea repackaging of the thin client.

ROUNDTABLE: Enterprise Strategies for Data Protection
Reducing PCI Audit Complexity, Compliance Costs and Security Risk

July 21, 2010
Westin Times Square
270 West 43rd Street
New York, NY 10036
Roseann Larson

Roseann Larson
Vice President of Global Information Systems
Risk Management and Compliance
Estee Lauder

Employing End-to-End Encryption and Tokenization technology when used in combination with the appropriate processes and people can be an effective strategy for reducing PCI audit scope, cost and security risk. Yet establishing which approach or combination of approaches makes sense within an organization is difficult. This roundtable will discuss the following elements as a way to help companies decide how best to protect their most sensitive data and reduce the costs associated with PCI audits.

ROUNDTABLE: Defined Accountability Delivers Trusted Content
Securing Virtual Environments via a Layered and Coordinated Approach

July 13, 2010 
Westin Tysons Corner
7801 Leesburg Pike
Falls Church, VA 22043
View the event summary
Michael Castagna

Michael Castagna
Chief Information Security Officer
U.S. Department of Commerce
ISE® North America Government Executive Award Finalist 2008

The purpose of IT security is to enable your business, not impede it, but the challenges and complexity you face for your IT security program grow every day. Compliance requirements impose security standards for data and applications on servers. Physical servers are replaced with virtual machines to save money, be green, and increase scalability. Cloud computing evolves the traditional IT infrastructure to increase cost savings while enhancing flexibility, capacity, and choice. Servers are no longer barricaded behind perimeter defenses, and like laptops before them, they’re now moving outside the security perimeter and need a last line of defense.  It’s now vital to your defense-in-depth security strategy to deploy a server and application protection system delivering comprehensive security controls while supporting current and future IT environments.

Furthermore, the impact that malicious insiders can have on an organization is considerable, given their level of access and ability to infiltrate organizations and assets. Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation. As organizations adopt cloud services, the human element takes on an even more profound importance. It is critical that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat. Especially when this threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure.

ROUNDTABLE: Enterprise Strategies for Data Protection
Reducing PCI Audit Complexity, Compliance Costs and Security Risk

June 29, 2010
The City Club of Buckhead
3343 Peachtree Road, Suite 1850
Atlanta, GA 30326
View the event summary
Bates Turpen

Bates Turpen
Senior Vice President, Technical Operations
Intercontinental Hotel Group

Employing End-to-End Encryption and Tokenization technology when used in combination with the appropriate processes and people can be an effective strategy for reducing PCI audit scope, cost and security risk. Yet establishing which approach or combination of approaches makes sense within an organization is difficult. This roundtable will discuss the following elements as a way to help companies decide how best to protect their most sensitive data and reduce the costs associated with PCI audits.

LUNCH & LEARN: Is your GRC program helping to acheive your business goals?

June 24, 2010
Novell Office
1177 Avenue of the Americas
35th Floor
New York, NY 10036

55% of security breaches come from either insiders or business partners, according to a report by Verizon Business. How are you managing the risks of giving access to people you are supposed to trust? SAP, Novell, and Deloitte have partnered to deliver a comprehensive solution that provides continuous compliance for broader business risk visibility. Novell Compliance Management Platform, which includes security information and event monitoring (SIEM) and enterprise-wide identity management capabilities, has integrated with SAP BusinessObjects Governance, Risk and Compliance portfolio to allow you to map what is actually occurring in the enterprise to business objectives.

ROUNDTABLE: Retail Strategies for Data Protection
Reducing PCI Audit Complexity, Compliance Costs and Security Risk

June 17, 2010
RN74
301 Mission Street
San Francisco, CA 94105
Tom Borton

Tom Borton
Director, IT Security and Compliance
Cost Plus, Inc

Employing End-to-End Encryption and Tokenization technology when used in combination with the appropriate processes and people can be an effective strategy for reducing PCI audit scope, cost and security risk. Yet establishing which approach or combination of approaches makes sense within an organization is difficult. This roundtable will discuss the following elements as a way to help companies decide how best to protect their most sensitive data and reduce the costs associated with PCI audits.

ROUNDTABLE: Navigating the Identity and Access Management Seas
Finding the Harbor and Avoiding the Reefs

June 16, 2010
The Westin Galleria Houston
5060 West Alabama
Houston, TX 77056
Tim Stanley

Tim Stanley
Director, Information and Infrastructure Security
Waste Management

One of the biggest challenges in managing global and large enterprises is the complexity and cost of controlling user access to information resources, especially related to privileged users. Organizations are facing many challenges, including managing privileged user access across disparate systems, efficiently managing provisioning and de-provisioning of user accounts, as well as meeting regulatory and compliance requirements related to access controls.

Changes in technology and regulations are also driving new access management considerations.  For example, access control must now go beyond the standard enterprise infrastructure into the cloud and virtualized environments.  And regulations such as PCI and HIPAA are driving the need to implement segregation of access by administrators and other privileged users down to the file and object- level.

ROUNDTABLE: Navigating the Identity and Access Management Seas
Finding the Harbor and Avoiding the Reefs

May 25, 2010
The Westin San Francisco Market Street
50 Third Street
San Francisco, CA 94103
Matthew Archibald

Matthew Archibald
Managing Director and CISO
Applied Materials, Inc.
ISE® West Award Executive Finalist 2010

One of the biggest challenges in managing global and large enterprises is the complexity and cost of controlling user access to information resources, especially related to privileged users. Organizations are facing many challenges, including managing privileged user access across disparate systems, efficiently managing provisioning and de-provisioning of user accounts, as well as meeting regulatory and compliance requirements related to access controls.

Changes in technology and regulations are also driving new access management considerations.  For example, access control must now go beyond the standard enterprise infrastructure into the cloud and virtualized environments.  And regulations such as PCI and HIPAA are driving the need to implement segregation of access by administrators and other privileged users down to the file and object- level.

ROUNDTABLE: Defined Accountability Delivers Trusted Content
Securing Virtual Environments via a Layered and Coordinated Approach

April 28, 2010
The Westin San Francisco Market Street
50 Third Street
San Francisco, CA 94103
Sharon L. Kaufman

Sharon L. Kaufman
VP Strategic Risk Management
BNY Mellon
ISE® Northeast Awards 2007 Nominee

The purpose of IT security is to enable your business, not impede it, but the challenges and complexity you face for your IT security program grow every day. Compliance requirements impose security standards for data and applications on servers. Physical servers are replaced with virtual machines to save money, be green, and increase scalability. Cloud computing evolves the traditional IT infrastructure to increase cost savings while enhancing flexibility, capacity, and choice. Servers are no longer barricaded behind perimeter defenses, and like laptops before them, they’re now moving outside the security perimeter and need a last line of defense.  It’s now vital to your defense-in-depth security strategy to deploy a server and application protection system delivering comprehensive security controls while supporting current and future IT environments.

Furthermore, the impact that malicious insiders can have on an organization is considerable, given their level of access and ability to infiltrate organizations and assets. Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation. As organizations adopt cloud services, the human element takes on an even more profound importance. It is critical that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat. Especially when this threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure.

ROUNDTABLE: SECURING THE CLOUD – IS IT POSSIBLE?

March 17, 2010
The Westin Charlotte
601 S. College Street
Charlotte, NC 28202
Shelbi Rombout

Shelbi Rombout
Senior Vice President, Business Operations - Supply Chain Management Sourcing
Bank of America

The benefits of cloud computing—accessing your data and applications stored on remote hardware by way of the Internet instead of keeping it all in your local workstation—still requires a leap of faith for many. But now that a workstation can go anywhere as a smart phone, a stripped-down Net Book, or even an e-book reader, it's practically a virtual desktop operating in conjunction with a virtual server anyway.  If the user can be anywhere, so can the source for data and applications.  And while cloud computing represents a significant opportunity for enterprises to achieve cost savings, flexibility, and choice for computing resources as well as the expansion of on-premise infrastructure by adding capacity on demand, it is dramatically changing how we need to assess security and perceive risk.

In the cloud, it’s difficult to physically locate where data is stored. Security processes, once visible, are now hidden behind layers of     abstraction.  Even the most basic tasks, such as applying patches and configuring firewalls, may become the responsibility of the cloud operator, not the end user. While the intent of security remains the same - to ensure the confidentiality, integrity, and availability of   information - cloud computing shifts control over data and operations.

Private Reception and Complimentary Book Signing with David Rice at RSA 2010 Conference

March 3, 2010
The Westin San Francisco Market Street
50 Third Street
San Francisco, CA 94103
David Rice

David Rice
Author of Geekonomics

Software has become crucial to the very survival of civilization. But badly written, insecure software is hurting people–and costing businesses and individuals billions of dollars every year. This must change. In Geekonomics, David Rice shows how we can change it.

Rice reveals why the software industry is rewarded for carelessness, and how we can revamp the industry’s incentives to get the reliability and security we desperately need and deserve. You’ll discover why the software industry still has shockingly little accountability–and what we must do to fix that.  Brilliantly written, utterly compelling, and thoroughly realistic, Geekonomics is a long-overdue call to arms. Whether you’re software user, decision maker, employee, or business owner this book will change your life…or even save it.

RSA Luminary Technology and Security Leadership Luncheon:
From Cyber Security to Homeland Security: How Every CISO is Part of the National Strategy

March 3, 2010
Hotel Palomar & Fifth Floor Restaurant
12 Fourth Street
San Francisco, CA 94103
Greg Garcia

Greg Garcia
President and Founder
Garcia Strategies, LLC

The benefits of cloud computing—accessing your data and applications stored on remote hardware by way of the Internet instead of keeping it all in your local workstation—still requires a leap of faith for many. But now that a workstation can go anywhere as a smart phone, a stripped-down Net Book, or even an e-book reader, it's practically a virtual desktop operating in conjunction with a virtual server anyway.  If the user can be anywhere, so can the source for data and applications.  And while cloud computing represents a significant opportunity for enterprises to achieve cost savings, flexibility, and choice for computing resources as well as the expansion of on-premise infrastructure by adding capacity on demand, it is dramatically changing how we need to assess security and perceive risk.

In the cloud, it’s difficult to physically locate where data is stored. Security processes, once visible, are now hidden behind layers of     abstraction.  Even the most basic tasks, such as applying patches and configuring firewalls, may become the responsibility of the cloud operator, not the end user. While the intent of security remains the same - to ensure the confidentiality, integrity, and availability of   information - cloud computing shifts control over data and operations.

ISE VIP Programs at RSA Conference 2010

A full day program that includes such events as:

  • ISE Executive Alumni and Guests "Breakfast with Leaders"
  • Hosted by our ISE Alumni VIP Guest Hosts. Enjoy breakfast and network with ISE Alumni, VIPs, CXOs and Symantec Executives.  After breakfast depart for RSA Keynote speeches at Moscone.
  • VIP Seating RSA Keynote Address including Enrique Salem, President and Chief Executive Officer of Symantec
  • Private Luncheon with Enrique Salem. Join us for an exclusive private luncheon with Enrique Salem. This is a unique opportunity to have an intimate and candid conversation with the RSA keynote speaker and network with ISE Alumni, Symantec Executives and Guests.
  • VIP Reception - Invitation Only.   Hosted by our ISE Alumni and VIP Guest Hosts and Symantec. Network with ISE Alumni and Symantec Executives.
Read summary & download presentations

HIMSS Executive Dinner: Managing Resources, Simplifying Complexity and Reducing Costs through Integrated Management and Access

February 28, 2010
Ruth Chris Steak House
Embassy Suites
267 Marietta Street
Atlanta, Georgia 30313
Fernando Martinez

Fernando Martinez
Vice President and Chief Information Officer
Jackson Health System
ISE® Southeast Executive Award Winner 2009
Biography

Healthcare IT and Information Security Executives are looking carefully at the best ways to improve the efficiency of information systems in the healthcare industry.  Integrated access management promises an array of potential benefits for individuals and the U.S. healthcare system through improved clinical care, reduced costs and adherence to regulatory compliance. While dependably accurate identification and authentication seems like something that should already exist in healthcare, it does not. Accurately linking patients with their personal medical information is a significant problem today for hospitals, other healthcare providers and healthcare payers alike including the government. At the same time, this environment also poses new challenges and opportunities for protecting individually identifiable health information.

Coordinated attention at the Federal and State levels is needed both to develop and implement appropriate privacy and security policies. Only by engaging all stakeholders can healthcare information be protected and electronically exchanged in a manner that respects variations in individuals’ views on privacy and access.

ROUNDTABLE: SECURING THE CLOUD – IS IT POSSIBLE?

February 24, 2010
The Westin Galleria Dallas
13340 Dallas Parkway
Dallas, TX 7524
Gene Scriven

Gene Scriven
Chief Information Security Officer and Vice President
Sabre Holdings
ISE® Southeast People’s Choice Award Winner 2008
ISE® Southeast Executive Award Finalist 2008

Biography
T.E.N. Success Story

The benefits of cloud computing—accessing your data and applications stored on remote hardware by way of the Internet instead of keeping it all in your local workstation—still requires a leap of faith for many. But now that a workstation can go anywhere as a smart phone, a stripped-down Net Book, or even an e-book reader, it's practically a virtual desktop operating in conjunction with a virtual server anyway.  If the user can be anywhere, so can the source for data and applications.  And while cloud computing represents a significant opportunity for enterprises to achieve cost savings, flexibility, and choice for computing resources as well as the expansion of on-premise infrastructure by adding capacity on demand, it is dramatically changing how we need to assess security and perceive risk.

In the cloud, it’s difficult to physically locate where data is stored. Security processes, once visible, are now hidden behind layers of     abstraction.  Even the most basic tasks, such as applying patches and configuring firewalls, may become the responsibility of the cloud operator, not the end user. While the intent of security remains the same - to ensure the confidentiality, integrity, and availability of   information - cloud computing shifts control over data and operations.

Luminary Technology and Security Leadership Luncheon

February 2, 2010
Ritz Carlton Pentagon City
1250 South Hayes Street
Arlington, Virginia 22202
Robert Lentz

Robert Lentz
Former Deputy Assistant Secretary of Defense
for Information and Identity Assurance
U.S. Department of Defense
ISE® North America Government Executive Award Winner 2008
Biography

Over the last decade, federal agencies have aggressively adapted and migrated as technology standards and compliance regulations have changed.  Robert Lentz, Former Deputy Assistant Secretary of Defense, Information and Identity Assurance, of the US Department of Defense will offer his unique perspective of working nearly 30 years for the federal government and sharing how commercial cyber security best practices can be applied to government information security programs.  Additionally, Mr. Lentz will present his predictions of where cyber security is headed in 2010 and beyond.