Day One Workshops
November 8, 2017
1:00 PM – 1:50 PM
Track A/ Communication Strategies That Deliver Measurable Metrics Between the CISO and the Board
One of the roles of the CISO is to determine risk, and proceed to set and enforce policy accordingly. It has also become increasingly more about engaging with upper management and the Board of Directors, convincing them of these risks and where CISOs should invest to mitigate them. And considering the board has a significant voice on the direction of business risk strategies, having them on your side is essential. What type of controls should you have in place and how can one improve on them? What strategies work for such a discussion? What metrics could be presented? How do you articulate through business nomenclature, and what approaches work better than others?
Gadi Evron, Founder & CEO, Cymmetria
Jacqueline Johnson, Head of IT Security Architecture, Nordea Bank
Christopher Porter, Chief Information Security Officer, Fannie Mae
Additional Panelists TBA
1:00 PM – 1:50 PM
Track B / How to Get Your Pitch Right
Jason Clark, Managing Partner & Founder, 360Velocity
1:50 PM – 2:40 PM
Track A / How User Behavior Intelligence Can Minimize the Insider Threat Problem
In recent years, organizations with sophisticated security programs have been forced to acknowledge the insider threat. The notable ‘trusted insider’ cases of Reality Winner, Harold Martin and Edward Snowden have put a spotlight on the need for advanced user behavior intelligence and focused insider threat programs. Malicious users, negligent users, and credential thieves pose more risk to the enterprise than ever before, since it’s now harder than ever to control them with perimeter security. Today, enterprises need visibility into user behavior – whether that means seeing if a high-profile employee is departing with sensitive data, or determining the risk of negligent users who may accidentally cause a data breach.
This panel of cybersecurity executives will explore the advantages of employing Advanced User Behavior Intelligence to proactively manage insider threats.
Attendees Will Learn How User Behavior Intelligence Helps:
Christy Wyatt, President & Chief Executive Officer, Dtex Systems
Ed Goetz, VP & Chief Security Officer, Exelon
Tom Quinn, Chief Information Security Officer, T. Rowe Price
Alex Romero, Chief Information Security Officer & Director, Cybersecurity Directorate, Defense Media Activity
Dewayne Sharp, Assistant Section Chief, Federal Bureau of Investigation
Rod Turk, Acting Chief Information Officer, U.S. Department of Commerce
1:50 PM – 2:40 PM
Track B / Assessing and Managing Risk in the Age of Innovation
Every CISO faces an immeasurable number of challenges when it comes to assessing and managing risk within their organization. Today’s attackers are becoming increasingly sophisticated, often learning and innovating faster than the defense can respond. They have seemingly unlimited resources and are unencumbered by rules and compliance regulations. Trying to defeat them can feel like a losing battle.
With security and IT teams running on limited resources, how are CISOs leading their teams to operate as effectively and strategically as possible? How do they navigate the never-ending stream of [seemingly] doomsday vulnerabilities and headline grabbing breaches? And how do they separate the good from the bad when new miracle solutions are in their face every day?
This discussion will highlight how CISOs are using data and analytics to inform security strategies and product creation, prioritize security measures to efficiently manage risk, and smartly invest time to keep pace with the latest industry news and trends amidst an ever-changing threat landscape.
Tas Giakoumanikas, Founder & Chief Technology Officer, Rapid7
2:40 PM -3:00 PM
3:00 PM – 3:50 PM
Data in the Blindspot, Insights About Understanding Where Data is Going (or Maybe Already Is)
Data overload is unmanageable and we need to move from finding the needle in the haystack to finding a needle in a stack of needles. Failure to do so limits understanding, and ultimately, the correct action. The challenge and the opportunity are that critical pieces of data are in front of us but we are not asking the right questions and assembling correctly to identify and maximize it? How do we achieve these goals while at the same time balancing security and privacy? This panel will not discuss technology, but discuss a continual fundamental shift in thinking around how and why there is a growing need in organizing existing and available data to take action. The panelists will cover implementations in this thinking around physical, civil liberties, threat intel and risk.
Jason Zann, Vice President, Head of Platform, RiskIQ
Ann Barron-DiCamillo, Vice President, Cyber Threat Intelligence and Incident Response, American Express
Tim Held, Deputy Chief Information Security Officer, US Bank
Congressman Kevin Yoder, United States Congressman, Kansas, United States House of Representatives
3:00 PM- 3:50 PM
Track B / Artificial Intelligence for Security- Is It All Just Hype and What is the Factual Maturity of This Space?
At many security conferences, the topics of analytics and AI dominate with their marketing hype and perception of where we are headed, but these terms are thrown around haphazardly and stretched beyond credibility. This panel will attempt to separate the real from the hype through discussing real-world use cases that are taking the most advantage of various AI and analytics techniques. The panel will also dive into the coming challenges and opportunities presented by this evolving space. How will we be able to manage the convergence of Autonomy in Cyber, i.e. AI, robotics, machine to machine communications, visualization and all the associated data that comes with the continuing evolution of technology breakthroughs happening at warp speed? And how well is AI working against the risk at the endpoint?
Brian Ware, Chief Executive Officer, Haystax
Gerard Brady, Chief Information Security Officer & Global Head of IT, Morgan Stanley
Cary Frey, Vice President, TELUS Security & Chief Security Officer
Laurent Gil, Co-Founder & Chief Product Officer, ZenEdge
Loretta Joseph, Advisor, AIMS Capital & Director, Blackcitrus & Advisory Chair, Australia Digital Commerce Association
Michael Nance, Chief Information Security Officer & Senior Fellow, Lockheed Martin
3:50 PM – 4:40 PM
Track A / Healthcare Cybersecurity Task Force Report and Escalating Risks Patient Care
Through our over dependence on undependable IT, we have created the conditions such that the actions any single outlier can have a profound and asymmetric impact on human life, economic, and national security. We’d like to explore the recent attacks like WannaCry, Petya/NotPetya, and the spate of Healthcare specific ransomware against the sector. Using the Healthcare Task Force Report and some recent clinical hacking simulations done at the Cyber Med Summit, we will outline the various challenges and potential solutions for resilient and dependable safety critical services in what constitutes a sixth of our GDP.
Josh Corman, Director, Cyber Statecraft Initiative, Atlantic Council
Emery Csulak, Chief Information Security Officer, Centers for Medicare and Medicaid Services, U.S. Department of Health and Human Services
Rep. Jim Langevin, United States Congressman, Rhode island, United States House of Representatives
Jacki Monson, Chief Privacy and Information Security Officer, Sutter Health
Terry Rice, Vice President, IT Risk Management and Chief Information Security Officer, Merck & Co.
3:50 PM – 4:40 PM
Track B / Accelerating CyberSecurity Innovation Across Government
The public sector needs innovation as quickly, if not quicker than private industry, but policies and processes can slow identification and adoption. Three things are critical to help acceleration: Federal government officials must be provided an opportunity to clearly articulate innovation strategy, industry must be provided an opportunity to engage directly with government officials and communicate what industry has to offer, and decision makers must highlight and work through procurement hurdles that exist between industry and government.
This panel will answer these important questions:
What is the biggest hindrance to technology and CyberSecurity innovation in government and how can these barriers be alleviated?
What steps need to be taken by government and industry to foster a more symbiotic relationship as it relates to CyberSecurity?
Will the current administration continue the work started in the previous administration’s CyberSecurity National Action Plan (CNAP) and CyberSecurity Strategy and Implementation Plan (CSIP)?
What role will the new Office of American Innovation play in Federal IT and CyberSecurity?
How are the Office of Management and Budget, National Security Council, and the Office of American Innovation prioritizing CyberSecurity?
What impact is the recent Cybersecurity Executive Order having on Federal cybersecurity? How might the Executive Order be used to facilitate discussions between industry and government?
Trevor Rudolph, Chief Operating Officer, WhiteHawk
Aaron Hughes, Vice President, Information Security and Risk Management, Capital One
Peter Kim, Chief Information Security Officer, U.S. Air Force
Doug Maughan, Division Director, U.S. Department of Homeland Security
Dominic Sale, Deputy Associate Administrator, Information Integrity & Access, GSA
Joe Stuntz, Director of Program Performance, OMB Cyber
4:40 PM – 5:30 PM
Track A / Building and Achieving a World Class Incident Response Capability
Michael Papay, Chief Information Security Officer, Northrop Grumman Corporation
Devon Bryan, Executive VP & Chief Information Security Officer, The Federal Reserve System
Mary N. Chaney, Vice President, International Consortium of Minority Cybersecurity Professionals
Dario Forte, Chief Executive Officer, DF Labs
Matt Olsen, (Former) Director, NCTC and General Counsel, NSA
4:40 PM – 5:30 PM
Track B / The Next Generation of Cyber Laws and Regulations: Balancing Innovation and Security in the Digital Economy
This panel will explore the tension between laws/regulations/legal frameworks and innovation and technology. How does our current legal framework impede technology and innovation in industry? What needs to be done to align laws with technology development? How can the justice system facilitate innovation?
Kiersten Todt, President & Managing Director, Liberty Group Ventures, LLC
David Hickton, Founding Director, Pitt Cyber and former US Attorney, Western District of Pennsylvania
Kate Kuehn, Head of Security Practice, BT Global Services
Irv Lachow, Portfolio Manager, Cybersecurity Investment, MITRE Corporation
Day Two Showcase
November 9, 2017
7:30 AM – 8:30 AM
Registration and Continental Breakfast
8:30 AM – 5:30 PM
8:30 AM – 8:35 AM
Introductory Remarks by Showcase Host
Rick Geritz, Chief Executive Officer, LifeJourney
8:35 AM – 8:40 AM
Robert Rodriguez, Chairman, SINET
8:40 AM – 9:25 AM
Deterring Adversaries and Mitigating Risks in Cyberspace … from Resilience to Active Defense
Understanding and prioritizing cyber risk investments for improving infrastructure resiliency is essential as cyber risk is business risk. Resilience, recovery and risk management are key components in delivering an effective strategy for mitigating cyber risk while improving infrastructure and operational resilience. First, how do we strategically align and measure these efforts within an organization while taking into account international standards, regulatory mandated levels of maturity and developing a cyber resilience strategy for both government and industry mission-critical facilities? Secondly, infrastructure resilience is foundational to any deterrence strategy, but not sufficient. As threat in cyberspace increase in scale and sophistication, what active defense measures should be incorporated into a USG deterrence strategy? What is required of industry? What is required of government? What are the existing obstacles and necessary steps to moving in this direction?
Bob Butler, Senior Vice President, Critical Infrastructure Protection, AECOM Management Services
Rich Baich, Chief Information Security Officer, Wells Fargo
Scott DePasquale, President, Financial Systemic Analysis & Resilience Center
Congressman Will Hurd, United States Representative, 23rd District of Texas
Dave Mahon, VP & Chief Security Officer, CenturyLink
9:25 AM – 9:50 AM
9:50 AM – 9:55 AM
Introduction to SINET 16 Innovators
Doug Maughan, CSD Division Director, U.S. Department of Homeland Security
9:55 AM – 10:20 AM
SINET 16 Innovators Present
10:20 AM – 10:40 AM
Break and Company Exhibits Open
10:40 AM- 11:20 AM
Track A / The CyberSecurity Regulatory Complex: The Secret Laws, Rules and Tactics of Federal Agencies
Securing your environment today is like maintaining an airplane while it is flying. As Congress has set no roadmap as to what compliance looks like and who is running the show, countless agencies have appointed themselves as cybercop. Most industries must adhere to at least two agencies with conflicting requirements. How do you know if you are in compliance? What happens if you are plucked from obscurity and thrust under the regulatory microscope? Why does the FTC fight to keep their security standards secret? How do you know how effectively your organization is spending millions of dollars? Today’s panel will expose the current maze of laws, rules and tactics that you may not want to know, but you really need to know.
The moderator of this panel, Mike Daugherty is the CEO of LabMD, a cancer testing laboratory. He has spent most of the last decade defending his company against charges that it had deficient cybersecurity practices. The early years of his entering and fighting in the Washington, DC, are recorded in his book, “The Devil Inside the Beltway”. In so doing, he has become the only litigant to challenge the basic authority that underlies more than 200 enforcement actions relating to cybersecurity and online privacy that the FTC has brought over the past 15 years. Every one of the 200+ litigants before him – including some of the largest companies in the world – have settled with the FTC, creating an unquestioned and untested belief that the FTC has broad authority to regulate in these areas. Following oral arguments in June, 2017, before a panel of the 11th Circuit Court of Appeals, it seems entirely possible that he will prevail. In so doing, he may well topple key pillars of the FTC’s cybersecurity and online privacy edifice, successfully exposing and challenging The Administrative State.
Michael Daugherty, Founder & Chief Executive Officer, LabMD
Tim Callahan, Chief Information Security Officer, AFLAC
Renee Guttman, Chief Information Security Officer, Royal Caribbean Lines
Doug Meal, Partner, Ropes & Gray LLP
11:20 AM – 11:40 AM
11:40 AM – 12:05 PM
SINET 16 Innovators Present
12:05 PM – 1:05 PM
SINET Connects: Networking Luncheon
Maximize this 70-minute luncheon by sitting down in an informal and intimate setting with distinguished security thought leaders and experts. Topics will focus on how solution providers can best shape their business strategies to meet the needs of the market.
1:05 PM – 1:30 PM
Fireside Chat with Kjetil Nilsen, Director General, Norwegian National Security Authority (NSM)
Norwegian National Security Authority’s Perspective on Cybersecurity
1:30 PM – 1:55 PM
SINET 16 Innovators Present
1:55 PM – 2:40 PM
Bringing The Disparate Cultures of IOT Enterprise Technologies and OT Operational Technologies Together
Industrial control systems run the world’s most important critical infrastructures, i.e Energy, Aviation, Telecom, pipelines, etc. Maintaining interdependency within these communications that are reliant on old legacy systems, is a large challenge as they must work in conjunction with modern internet control systems. In addition, the convergence of physical and digital worlds and associated IOT continues to create larger challenges:
-The internet is anonymous, anyone can access it
-Vendors create devices that connect everyone without authenticity on an already untrusted legacy network
-The Internet was built without security and trust in mind
Once a megatrend gets going, you cannot stop it: Autonomous vehicles, medical devices, the Amazon Effect, drones, blockchain, robotics, and Artificial Intelligence. Success will depend on a communications network comprised of IOT Enterprise technologies and operational technologies (OT) working together, in order for these systems to be trusted and operate securely. This panel will discuss how these two disparate cultures can be brought together.
Galina Antova, Co-Founder & Chief Business Development Officer, Claroty
Greg Crabb, Chief Information Security Officer, Vice President, United States Postal Service
2:40 PM – 3:00 PM
SINET Thinks Forward
3:00 PM – 3:25 PM
Break and Company Exhibits Open
3:25 PM – 4:15 PM
Cloudy Weather in the Forecast – The Evolution of Computing and the Need to Secure Cyberspace in the Future, Dramatically Innovating our Technology, Processes and Governance
Computing is advancing at a pace that is hard to comprehend, from quantum computing, to the vast and rapidly expanding complexity of cyberspace, to the accelerating pace of digital transformation, transition to the cloud and beyond. Security must surf this wave developing new perspectives and capabilities for defense and governance; ensuring that our future will be secured from the many plagues we are likely to encounter on this mind-boggling journey.
The panel will discuss some of the significant issues we will likely face as computing technology and capabilities advance and provide insight on security innovations that are needed to develop and maintain a secure cyberspace.
Jerry Archer, Chief Information Security Officer, Sallie Mae
Phil Quade, Chief Information Security Officer, Fortinet
Patricia Muoio, Partner, Sinewave Ventures & Director of Research & Development, G2, Inc.
4:10 PM – 4:35 PM
SINET 16 Innovators Present
4:35 pm – 5:20 PM
The Threat Landscape – Ransomware, Spyware, IOT Malware, Return of the Worm and on, What Future Menaces Are on the Horizon?
Neil Boland, Chief Information Security Officer, Major League Baseball
John S. Rogers, Chief Information Security Officer-Americas, BNP Paribas
Christopher Wlaschin, Chief Information Security Officer, U.S. Department of Health & Human Services
Additional Panelist TBA
5:20 pm – 5:30 pm
Closing Remarks and SINET 16 Recognition
Robert D. Rodriguez, Chairman & Founder, SINET
5:30 PM – 7:30 PM
SINET Connects: Networking Cocktail Reception & SINET 16 Company Exhibits