Day 1: Sunday, June 10
1:10 pm - 1:20 pm Welcome Orientation
1:25 pm - 1:55 pm Bridging the Diversity Gap in Cyber Security: Addressing Culture and Skill ShortfallsDevon Bryan - Executive Vice President and Chief Information Security Officer Federal Reserve System
A security culture is an important component to a truly effective cybersecurity strategy and arguably mono-culture organizations are proving ineffective at combatting an exploding cyber threat landscape where clearly cyber criminals make no distinction regarding gender, race, religion, age, sexual orientation. In light of the global shortfalls in qualified workers highlighted in various industry reports regarding the number of unfilled jobs, different approaches have become urgent and necessary. Diversity of thought, perspectives and ideas have increasingly become key ingredients to combating an increasingly complex cyber threat landscape.
In this session, explore efforts for achieving a truly diverse industry and ways to recruit and retain diverse talent including women and minorities.
•Planning long term with staff development and culture awareness
•Widening talent searches outside of IT
•Creating and empowering cross-functional teams
Devon BryanExecutive Vice President and Chief Information Security Officer
Federal Reserve System
2:35 pm - 3:05 pm Business Meetings
3:05 pm - 3:35 pm Business Meetings
3:35 pm - 4:05 pm Business Meetings
BrainWeave4:20 pm - 5:05 pm To Be (Proactive) or Not to Be? Discussing PPT Challenges of Proactive Security and the Real Cost of Failure Rick Bolin - COO Mantix4
Chris Dodunski - Co-Founder & CTO Mantix4
Everyone agrees that the key to a successful cyber security strategy is being proactive. Or do they? Even if we agree that proactive is the right strategy developing the tactical plans, at a reasonable budget in a way likely to be agreed to by the Board or other management isn’t easy.
This session is interested in exploring the challenges of being proactive. We will look at these within the broad cost of cyber breaches. Does a broad view of the cost of lost identities, security and data change your opinion?
All too often we think about the current cyber security struggle as simply a contest between those who protect data and those who wish to illegally profit from accessing or controlling it. A breach or hack here and there is bad news for the unfortunate organization but often viewed as just an unhappy cost of doing business.
The narrow view misses the real cost of the cyber war. The youngest generation, iGen or Gen Z, children (born after 1995), have used the Internet, technology and social media since a young age. Their digital identity and physical identity are undifferentiated. Your moderator, Rick Bolin, will combine 4 data points from his own life to make the case that failed cyber security is having a profound impact on 70m kids in America.
Within that context we will explore together:
•Does a broad understanding of the cost of the cyber war change an individual’s/organization’s obligations?
•Is cyber security going in the right direction or is it on the wrong track?
•Are statistics about cyber breaches accurate, understated or fake news?
•How much does proactive matter?
•What does proactive mean within your organization?
•What is the greatest challenge to being proactive?
•What are some of the specific people, process and technology challenges associated with being proactive?
•What is the next most important step in making your organization more proactive?
•Do you anticipate making your organization more, less or about the same in terms of proactive in the next 18 months?
Chris DodunskiCo-Founder & CTO
MasterClass4:20 pm - 5:05 pm Best Practices and Future Direction of Security Awareness Training
Ignoring the human side of cybersecurity will leave your organization vulnerable. Reported numbers may fluctuate from industry study to industry study, but they all agree on one thing: cybercriminals are successfully and consistently exploiting human nature to accomplish their goals. Employees are often the last line of defense between a sophisticated cyber-scam and your systems, data, and customers.
Prudent security leaders know that security awareness and training is key to strengthening their ‘human firewall’ – but they often don’t know where to start. This session will provide practical security awareness and behavior management tips, outline how and where tools are helpful, and discuss emerging industry trends.
Ignite Session: 3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!5:10 pm - 5:20 pm Securely Share Files Beyond Your Enterprise Borders with Full Governance and Control Craig Pfister - Senior Director, Sales Engineering Accellion
Craig PfisterSenior Director, Sales Engineering
Ignite Session: 3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!5:20 pm - 5:30 pm Third Party Vendor Risk—What’s My Exposure? Adam Cummings - Team Lead, Governance, Risk, and Compliance MindPoint
Adam CummingsTeam Lead, Governance, Risk, and Compliance
Ignite Session: 3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!5:30 pm - 5:40 pm Collaboration Channels & Malicious Content: A Rapidly Growing Security Challenge Corie Chung - Chief Marketing & Strategy Officer Perception Point
Corie ChungChief Marketing & Strategy Officer
5:45 pm - 6:45 pm Effective Third Party Vendor Risk ManagementJon West - CISO Kemper
Nasser Fattah - Managing Director MUFG Union Bank
Rod Aday - CISO Dexia Credit Local
Clint Heyworth - Vice-President/Chief Compliance Officer/Information Security Officer Sutton Bank
Robust vendor vetting and management are key when working with third parties. As the cyber security executive, this adds the responsibility of proactively identifying risks, as well as verifying and overseeing that business partners and suppliers meet regulatory and compliance requirements throughout the life of the relationship. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
•Appropriate access levels for third parties user and system accounts
•Secure development of application integrations; including firewall configuration
•Sectioning internal networks to limit third party needs
Nasser FattahManaging Director
MUFG Union Bank
Dexia Credit Local
Clint HeyworthVice-President/Chief Compliance Officer/Information Security Officer