July CSR2020 Agenda

Opening remarks by Keyaan Williams at 10:45am EST Daily
Exhibit Hall and Attendee networking available 10am to 8pm daily

Wednesday, July 22

Edward Contreras

Edward Contreras

Security and Risk Transformation Leadership

Session 1

11:00am-12:00pm EST How to create an actionable cybersecurity strategy for the business

25 years of Security and Risk transformation leadership through both the public and private sectors. I have guided companies through global breaches, risk transformations, complete security implementations, and program rebuilds while embracing “next-gen” security frameworks.

How to create an actionable cybersecurity strategy for the business

Cyber executive leadership is not exclusive to technologists. Executive business leaders have an important responsibility for supporting the cybersecurity strategy of the organization. Whether you are a business, technology, or security executive, learning how to create a business-relevant cybersecurity strategy that is actionable across the organization and understood at the executive level is critical. The strategy should drive the security program, justify funding, identify the right headcount, and enable the business.

Key take aways will be:
  • How to start building a strategy
  • How to identify stakeholders
  • How to obtain funding
  • How to grow your program
  • How to reduce risk
  • How to enable corporate goals
15 min Wellness Break presented by WellFest
12:15-1:15pm EST Roundtable Discussions

  • Ed Contreras, Q & A session
  • Lauret Howard, Retired Chief Risk Officer, ASP
  • Dr. Reem Al-Shamarri, CISO, Kuwait Oil Company
Ron Ross

Ron Ross

Fellow at the National Institute of Standards and Technology

Session 2 – Keynote

2:00-3:30pm EST Moving Cybersecurity Below the Waterline

The Advanced Persistent Threat (APT) is extremely dangerous to the national and economic security interests of the United States. We are totally dependent on computing systems of all types—including traditional Information Technology (IT) systems, Operational Technology (OT) systems, Internet of Things (IoT) systems, and Industrial IoT (IIoT) systems—to accomplish critical missions and business functions. The recent and rapid convergence of these types of systems has brought forth a new class of systems known as cyber-physical systems, many of which are in the critical infrastructure sectors including the energy, transportation, defense, manufacturing, and information and communications.

To address this reality in the 21st century, the one-dimensional protection strategy focused solely on perimeter-based defenses must be transitioned to a new multidimensional, defense-in-depth protection strategy that includes three, mutually supportive and reinforcing concepts: (1) penetration resistant architectures; (2) damage limiting operations; and (3) system designs that support cyber resiliency and survivability. This strategy recognizes that despite the best protection measures implemented by organizations, the APT may find ways to breach those primary boundary defenses and deploy malicious code within organizational systems. When this situation occurs, organizations must have access to additional safeguards and countermeasures to confuse, deceive, mislead, and impede the adversary—that is, taking away the adversary’s tactical advantage and protecting and preserving the organization’s critical programs and high value assets.

This presentation will focus on the NIST Systems Security Engineering Initiative and a range of new projects that can support a multidimensional protection strategy. Topics include: (1) a brief overview of the flagship NIST SSE publications SP 800-160, Volumes 1 and 2; (2) a description of Zero Trust concepts and architectures; and (3) a discussion of the benefits of implementing a DevSecOps process to obtain trustworthy, secure, and cyber resilient systems at the speed of commercial industry.

15 min Wellness Break presented by WellFest
3:45-4:45pm EST Roundtable Discussions

  • Ron Ross, Q & A session
  • Alex Wood, CISO, The Anshutz Corporation
John Donovan

John Donovan

CISO,
Malwarebytes

Session 3

5:30-6:30pm EST Pandemic SecOps: Practical observations from building and running a security team during COVID-19

In this talk, John will share the experience he’s had building and running a security team during the COVID-19 pandemic. He will share real world that come from both work and home as his team and the company shifted to WFH (work from home) and SIP (shelter in place). The lens of the global pandemic will provide focus on five topics with take-aways for your security strategy, tactical, and operational programs.

15 min Wellness Break presented by WellFest
6:45-7:45pm EST Roundtable Discussions

  • John Donovan, Q & A session
  • Marnie Wilking, Global Head of Security & Technology Risk Management, Wayfair
7:45PM EST Closing Remarks by Keyaan Williams
8:00PM EST Virtual Show Floor closes

Thursday, July 23

Opening remarks by Keyaan Williams at 10:45am EST
Exhibit Hall and Attendee networking available 10am to 8pm daily

Stewart Weaver

Stewart Weaver

Transformational Chief Information Officer/Chief Technology Information Officer

Session 1

11:00am-12:00pm EST A game plan for Digital Transformation

Digital transformation is the use of new, fast and changing technology to solve problems. Yet, many organizations struggle to move technology through-out the phases of the product or project life cycle. Let alone get to the point of actually using the technology to solve their organization’s problems. As we experience these unprecedented times, many organizations from government to Fortune 500 companies are asking “Why were we not prepared?”. Leaders of organizations are looking to their CXO and other technology team members for answers on why the technology and data sharing is broken. The CIO’s role is more than identifying the best or ‘cool’ technologies. CIOs must be able to partner across the organization to drive results-oriented implementation strategies. In the session, I will outline pitfalls of past digital transformation strategies and provide a blueprint for building a solid digital transformation game plan. We will discuss the use of agile methods, to help organizations respond to the current uncertainty and prepare to easily shift and respond in the future.

15 min Wellness Break presented by WellFest
12:15-1:15pm EST Roundtable Discussions

  • Stewart Weaver, Q & A session
  • Christa Pusateri, Founder, Future Advisory Board
  • Dr. Reem Al-Shamarri, CISO, Kuwait Oil Company
Paige T. Needling

Paige T. Needling

Founder and CEO,
Walking the Talk Cybersecurity

Session 2 – Keynote

3:00-3:30pm EST Walking the Talk of Cybersecurity

The core concept of the talk? That too many organizations are on the verge of going off the proverbial cliff by neglecting to do the difficult, non-glamorous work beneath the headlines and the furious investments in cyberdefense technology.

As a consultant deeply involved with organizations of every size all across the United States, Paige sees first hand – and from a ‘crow’s nest’ perspective – the troubling disconnects starting to bare their ugly teeth in so many companies. These are organizations trying to do the right thing, which in most cases is throw talk and as much money as they can at perimeter security, authentication protocols and all manner of goods and gadgets that the headlines say will make them safer. And perhaps they will. But, according to Ms. Needling, crucial “basics” are being ignored and they threaten to undermine the “real world” security footing of these organizations. Simple things are always simple to do. Which may explain why so many companies pay lip service, at best, to things like Security Awareness Training for employees – why an ultra-secure office is still wide open to breach from vendors and business partners, either physically entering their building or introducing hack vectors through unsecure (or non-integrated) systems.

Central to this discussion are a series of critical “disconnects” and lack of alignment within organizations, making cybersecurity a top “talking point” for senior executives and Boards who don’t necessarily have the cyber IQ or strategic incentive to connect all the dots down in the trenches. It’s the reason that the CISO still has trouble finding audience with the Board, and why, in most companies, their own employees are still the greatest threat to security.

15 min Wellness Break presented by WellFest
3:45-4:45pm EST Roundtable Discussions

  • Paige Needling, Q & A session
  • Nita Patel
  • Gene Spafford, Director Emeritus of the Center for Education and Research in Information Assurance and Security
Caroline Wong

Caroline Wong

Chief Strategy Officer

Session 3

5:30-6:30pm EST Come for the Mission, Stay for the Culture

The internet wasn’t built with security in mind, the world has a massive talent shortage, and we can’t rely on automation to solve everything.

If you’re on an information security team, I’m willing to bet you have more to do than time and resources to do it. Maybe one of your colleagues left for a new job last month, and there are two additional unfilled positions on your team. You could actually be in a position where you’re trying to do the jobs of 4 people.

Talent matters. You matter.

This talk is about preventing and addressing burnout for overworked application security professionals. It’s also about how to attract, retain, and grow a great team.

Caroline Wong is the Chief Strategy Officer at Cobalt.io. Wong’s close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager and day-to-day leadership roles at eBay and Zynga. She teaches cybersecurity courses on LinkedIn Learning and is a member of the Forbes Technology Council. Wong was named 2019 Cyber Educator of the Year in the 6th Annual Cyberjutsu Awards. She authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill. Wong graduated from U.C. Berkeley with a BS in electrical engineering and computer sciences and holds a certificate in finance and accounting from Stanford University Graduate School of Business.

15 min Wellness Break presented by WellFest
6:45-7:45pm EST Roundtable Discussions

  • Caroline Wong, Q & A session
  • Jimmy Sanders, Head of Information Security, Netflix DVD
7:45PM EST Closing Remarks by Keyaan Williams
8:00PM EST Virtual Show Floor closes

Friday, July 24

Opening remarks by Keyaan Williams at 10:45am EST
Exhibit Hall and Attendee networking available 10am to 8pm daily

Blake Holman

Blake Holman

Chief Information Officer and HIPAA Security Officer

Session 1

11:00am-12:00pm EST Where Cyber Security Strategy fits in the mind of the CIO

There is no doubt that Cyber Security Strategy is vital to every organization in today’s world. Whether the Cyber Security Strategy reports to or must collaborate with the CIO, many security leaders think they know what the CIO is thinking. Though they may be directionally correct, there is often enough misalignment to create issues. Join Blake Holman in today’s session to get into the mind of the CIO where Cyber Security Strategy is concerned and understand some of the ways the misalignment can occur and how you might be able to adjust.

15 min Wellness Break presented by WellFest
12:15-1:15pm EST Roundtable Discussions

  • Blake Holman, Q & A session
  • Elliott Franklin, Director of IT Governance, Loews Business Services Center
  • Neeli Shah, Lawyer, The Law Offices of Neeli Shah, LLC
Kevin Morrison

Kevin Morrison

Managing Director of Enterprise Information Security,
CISO

Session 2 – Keynote

2:00-3:30pm EST The Strategy of Influence in the Cybersecurity Program

How do you show up? How do you model, mentor, communicate and collaborate to build trust? It’s no secret that the demands of a CISO are not for the faint of heart. Between carefully walking a tightrope of an ever-changing threat landscape and balancing the need to enable organizations to rapidly innovate and execute, a CISO must creatively influence stakeholders across the organization for the Cybersecurity program to succeed. Without such influence, the ability to build partnerships with your team, peers, customers, the Board of Directors, or key parts of the business can quickly become a lesson learned in what not to do.

In this Keynote presentation, Kevin Morrison, Managing Director of Enterprise Information Security, & CISO at Alaska Air Group will share stories, insights, and recommendations that attendees can take away for building a strategy of influence and improving their security program’s success.

15 min Wellness Break presented by WellFest
3:45-4:45pm EST Roundtable Discussions

  • Kevin Morrison, Q & A session
  • Malcolm Harkins, Chief Security & Trust officer, Cymatic
Dr. Shawn P. Murray

Dr. Shawn P. Murray

President and Chief Academic Officer,
Murray Security Services

Session 3

5:30-6:30pm EST Culture as a Cyber Security Strategy – Methods for Achieving Success

Organizations focus a significant amount of time on developing methods for tracking success in operational efficiency in order to achieve profitability as an outcome of the strategic planning process. One of the things that can contribute to success (or failure) is having a mature understanding of your organizational culture. Having a strategy that focuses on understanding and managing culture can allow an organization to motivate employees and partners if cultivated and communicated effectively. When not managed affectively, poor culture can cause distrust and consternation between stakeholders. The presenter will discuss methods for executives and managers to include organizational culture in the strategic planning process and identify objectives for tracking success.

15 min Wellness Break presented by WellFest
6:45-7:45pm EST Roundtable Discussions

  • Dr. Shawn Murray, Q & A session
7:45PM EST Closing Remarks by Keyaan Williams
8:00PM EST Virtual Show Floor closes