SecurIT: Where CIOs and CISOs come to Manage Risk
Thursday, February 15, 2018
8:00 am - 9:00 amRegistration and Networking Breakfast
9:00 am - 9:10 amWelcome and Opening Remarks
Bob Bragdon, Publisher, CSO

9:10 am - 9:55 amManaging Risk Across the Partner Ecosystem

Every organization operates with an ecosystem of business partners, and the larger the organization, the more vast the ecosystem, from contractors to supply chain and technology partners.  How can you ensure that every organization with which you do business complies with your policies?  What measures should you put in place to penalize non-compliance?  And what plans should you have in place if -- or when -- a provider fails or is breached?

9:55 am - 10:15 amThink Your Network is Safe? Check All of Your Endpoints.
Pam Dill, Senior Security Consultant, HP Inc.

While you invest time, resources and millions of dollars in protecting endpoints and network perimeter, are you addressing one of the largest footprints on your network? While printers and other endpoints may not be front-of-mind as primary security threats, this infrastructure may be allowing hackers and malware to take the easy route to your network and data. Join us for this session where we’ll share examples of breaches and how some of the most secure organizations are still lagging in overall security for critical endpoints like printers. We’ll also share best practices on how to most-effectively secure these critical endpoints.

10:15 am - 10:45 amRefreshment & Networking Break
10:45 am - 11:30 amOrganizational Models for Risk Governance in Today’s World
Bob Bragdon, Publisher, CSO
CJ Das, CIO, SimpleTire
Rich Licato, CISO, ARC
Michael Garcia, VP, Development Services, Fannie Mae

Common to every medium-sized or larger organization are basic functional roles including CIO, CISO, CFO, General Counsel, CEO and Board Director.  And while some executives might have multiple roles, these functions are what collectively manage organizational risk and security.  What are the various reporting models for IT security today, and which ones are most effective at managing risk?  To which function (or functions) is the CISO role accountable?  We’ll explore whether traditional organizational structures are sufficient for today’s intense IT risk environment, and where best to adopt current and new approaches.

11:30 am - 12:00 pmNew Approaches to Risk for the Multi-Cloud Enterprise

The spectrum of technologies across today’s IT stack are increasingly enabled by – and dependent on -- clouds and cloud methodologies.  As the journey to ubiquitous clouds continues, how do you build a risk management model that can holistically address these varied environments, and the synapses in between?  How have other organizations structured their programs?  What do you do if your cloud provider is breached?  We’ll look at this and more.

12:00 pm - 1:15 pmLuncheon with Table Discussions

1:15 pm - 2:00 pmFacing the Inevitable: New Risks of Operational Technology (OT), IoT, and Things Attached to the Network
Bob Bragdon, Publisher, CSO
Chuck Mance, Director, IT, George Washington University

For decades, operational technology (OT) – that which runs the equipment on the factory floor, for example – existed at a distance from IT.  But IoT has turned that relationship on its head.  OT and IoT are opening up an entirely new risk landscape for a growing number of industries well beyond manufacturing.  How are organizations grappling with this new world order?  How are relationships with IT and OT executives forming?  And where is all of this headed?

2:00 pm - 2:20 pmPublisher’s Panel: Securing the Evolving IT Environment
Bob Bragdon, Publisher, CSO
Jeff Gilhool, Solutions Architect , Lookout

In this fast-paced session, industry expert panelists will weigh in with their views on the latest security news and how it is affecting customers in this new era of threats. Citing specifics from their customer engagements, the panel will talk about the problems their customers are facing and how they are addressing them. The'll also share their thoughts on enterprise security in the future when IT environments are rife with IoT, AI, augmented reality, and of course, even more data.

2:20 pm - 3:05 pmSame Threat, Different Day: Minimizing Insider Threats and Risks
Bob Bragdon, Publisher, CSO
PN Narayanan, Deputy Treasurer and CIO, Pennsylvania State Treasury
Rick Patterson, Head of Security Operations, Bridgewater Associates
Michael Theis, Chief Counterintelligence Expert and Technical Lead for CERT Insider Threat Research, CERT Insider Threat Center, Carnegie Mellon University

Whether they’re innocent errors made by well-meaning employees or malicious attempts by insiders to steal assets or interrupt business operations, the insider threat is evergreen.  And just as the threat is evergreen, so is the opportunity since insiders are enabled and emboldened by the digitized enterprise.  What approaches do insider experts recommend to curb the threat in this environment?  What new tactics are malicious insiders using?  We’ll dissect recent breaches attributable to insiders and prescribe a course of action any organization can take to mitigate the insider threat.

3:05 pm - 3:25 pmRefreshment and Networking Break
3:25 pm - 4:00 pmBack to Basics: Data Protection and Its Escalation to Mission-Critical
Nick Akerman, Partner, Dorsey & Whitney LLP
Bob Bragdon, Publisher, CSO
Gus de los Reyes, CISO, Brown Advisory
Al Raymond, Executive Director, Consumer and Community Banking Privacy Lead, JPMorgan Chase

Not long after the dust settles from a massive breach, the public (and shareholders) learn that the root cause of the breach was something simple:  patches weren’t made, or routine procedures weren’t followed.  How are basics being overlooked?  How is IT architecture compounding the problem?  When are customized interfaces to web-based applications and open source code to blame?  We’ll examine the roots of many vulnerabilities and how guidelines from the National Institute of Standards and Technology (NIST) can help stem the crisis.

4:00 pm - 4:45 pmGDPR and Beyond: Addressing the Teeth that Really Matter
Bob Cattanach, Partner, Dorsey & Whitney LLP

The newfound financial teeth in the General Data Protection Regulation (GDPR) and similar regulations by U.S. states can bankrupt a company if it’s caught in non-compliance. Where – specifically -- do the teeth truly matter?  How are organizations adapting their practices to comply?  And how can you leverage the legislation for improved risk management?

4:45 pm - 4:50 pmClosing Remarks
Bob Bragdon, Publisher, CSO
4:50 pm - 5:30 pmNetworking Cocktail Reception