Day One
November 6, 2019
1:00 PM – 1:05 PM
Opening Remarks
Robert Rodriguez, Chairman & Founder, SINET
Rick Geritz, Chief Executive Officer, LifeJourney
1:05 PM – 1:45 PM
We Don’t Compete on Security – How Booking Holdings’ Companies Collaborate with Each Other and our Partners
Abstract:
Booking Holdings, the world’s leader in online travel, is made up of the brands Bookings.com, KAYAK, Priceline.com, Agoda, Rentalcars.com and OpenTable. While these brands often find themselves competing for the same travel customers, collaborating on security has become essential for our success. This panel of security leaders will discuss why and how our disparate teams work together. Topics will include:
Size doesn’t matter
Reporting to the Board
Red teams, purple teams and vendor assessments
How we proactively share threat and vulnerability information
Integrated acquisition for enterprise security products and services
Moderator:
Mark Weatherford, Global Information Security Strategist, Booking Holdings
Panelists:
Tom Parker, Chief Information Security Officer, Kayak
Eleonora Petridou, Threat Analyst Manager, Booking.com
Henry Praw, VP Technical Operations & Chief Information Security Officer, OpenTable
Matt Southworth, Chief Information Security Officer, Priceline
1:45 PM – 2:30 PM
Cyber Attacks Continue to Increase But Have Our Responses Kept Pace?
Abstract:
The World Economic Forum Global Risks report 2019 highlights cyber risk to be one of the top 5 risks facing businesses today, and one that is rising, with economic loss to cybercrime predicted to reach $3 trillion by 2020. This increase in risk comes despite a decade of increasing spend (over 10% per annum) on cybersecurity mitigations, clearly indicating that despite enormous investment, the capability gap between attacker and defender is far from narrowing.
This session will explore what changes to our cyber responses and market dynamics might be needed over the next decade if we are to restore the advantage to the defenders of modern IT and away from the attackers. It will explore improved sharing of effective response methods between commercial and government organizations, determining whether more cohesive approaches might better mitigate risks. We will discuss approaches to improving product assurance and quality, along with changes that might occur in contractual obligations from vendors to buyers.
Moderator:
Henry Harrison, Chief Technology Officer & Co-Founder, Garrison
Panelists:
Michael D Ambrosio, Deputy Assistant Director for Cyber
Office of Investigations, at the United States Secret Service
John DiLullo, Chief Executive Officer, Lastline, Inc.
Joe Klimavicz, Deputy Assistant Attorney General, IRM & Chief Information Officer, US Department of Justice
Dr. Ronald Layton, Vice President, Converged Security Operations, Sallie Mae
Jim Meehan, Global Investigations Sr. Manager, Global Security Services, Verizon Business Group
2:30 PM – 2:35 PM
SINET Cyber Challenge
James Hadley, Chief Executive Officer & Founder, Immersive Labs
Robert D. Rodriguez, Chairman & Founder, SINET
2:35 PM – 3:15 PM
Track A /Building Resiliency Into the Largest Interconnected Machine on Earth
Abstract:
The United States Electricity Subsector is under constant attack from sophisticated actors. Strategies need to shift from simply hardening critical assets to building in resiliency in the overall digital systems that cross the IT/OT boundary. This panel will cover key questions, such as: What are these strategies? How do you ensure recoverability into a stronger state than before an attack? What role does Security Orchestration, Automation and Response (SOAR) play? What does a public-private partnership look like for this goal?
Moderator:
Peter Tseronis, Founder & Chief Executive Officer, Dots and Bridges LLC
Panelists:
Brian Barrios, Executive Director, Threat Management and Intelligence, Southern Company
Adrienne Lotto, Senior Director for Enterprise Resilience, New York Power Authority
Ben Miron, Sr. Director of Information & Cyber Security, NextEra Energy
Steve Swick, Vice President & Chief Security Officer, American Electric Power
2:35 PM – 3:15 PM
Track B / Recruiting, Retaining & Developing Tomorrow’s Cybersecurity Talent
Abstract:
The demand for cybersecurity expertise has never been higher and continues to grow. The supply of talent in this space is woefully short, with an estimated shortfall of 2 to 3 million professionals over the next 2 years. With such a “candidates’ market,” it’s a war to compete for this scarce resource.
Listen to a panel of cybersecurity leaders address:
-The IMPACT the cybersecurity talent shortage is having on their enterprises
-The CHALLENGES they face in recruiting and retaining cybersecurity professionals
-The SOLUTIONS, both traditional and non-traditional, they are employing in the war for cybersecurity talent.
Moderator:
Stephen Spagnuolo, Managing Director, Quantum Search Partners
Panelists:
Andy Bonillo, VP & Chief Information Security Officer, Ciena
Josh Caplan, NavalX SoCal Tech Bridge Director, NavalX
John Felker, Assistant Director, Cybersecurity and Infrastructure Security Agency, US Department of Homeland Security
Tom Pageler, Chief Security Officer, BitGo, Inc.
Sanaz Sadoughi, Information Security Officer, International Monetary Fund
3:15 PM -3:30 PM
Break
3:30 PM – 4:10 PM
Track A / Enabling A Low Friction Mobile & Online Customer Experience By Balancing Privacy & Cybersecurity
Abstract:
Preventing hacks and data breaches is a top priority for cybersecurity professionals, but fraud prevention technology often comes at a cost to the customer and employee experience. What are the best strategies for mitigating this tradeoff for online and mobile channels, and are there existing solutions that can help enterprises balance security and customer experience successfully? How does privacy factor into this equation? Join this panel of esteemed security executives as they explore emerging technologies, changing attitudes amongst CISOs, and strategies for success.
Moderator:
Rodger Desai, Chief Executive Officer, Payfone, Inc.
Panelists:
Eric Green, Head of Mobile Security, HSBC
Jasper Ossentjuk, Chief Information Security Officer, TransUnion
Gleb Reznik, Deputy Chief Information Security Officer, Synchrony
Stuart Vaeth, Vice President, Digital Identity, Cyber & Intelligence Solutions, Mastercard
Frank Villavicencio, Chief Product Officer, Shared Services, ADP
3:30 PM – 4:10 PM
Track B / What Areas of Future Investment Are Venture Capitalists Most Excited About
Abstract:
With investment surpassing $5.3 billion globally, 2018 was a record year for venture capital firm investment in cybersecurity companies. With 2019 coming to a close, and 2020 fast approaching, what are venture capitalists most excited about? This esteemed panel from the investment community will discuss technologies, trends, growth and what’s new in the industry.
Moderator:
Alex Doll, Founder & Managing General Partner, Ten Eleven Ventures
Panelists:
Bob Ackerman, Founder & Managing Director, AllegisCyber Capital
William Altman, Director of Research, 17 Asset Management
Jake Heller, Partner, KKR Next Generation Technology
Deepak Jeevankumar, Managing Director, Dell Technologies Capital
Umesh Padval, Venture Partner, Thomvest Ventures
4:10 PM – 4:50 PM
Track A / “Trust but Verify” Firmware in the Supply Chain
Abstract:
Real-world supply chain attacks – up 78% in the past year – are driving rapid evolution in the firmware security landscape. With every enterprise laptop, server and network device including dozens of components sourced from myriad, unseen suppliers, it is critical that security teams have the visibility to manage this attack surface. In this panel discussion we will address the challenges and evolving best practices needed to secure your supply chain. What measures are necessary to ensure the integrity of your device, not just on delivery but through its lifecycle? How can we identify vulnerable devices when evaluating new products? What expectations should we have on our hardware manufacturers and suppliers? We answer these questions and more as our expert panel explores what “Trust but Verify” means to stakeholders when it comes to managing risk of hardware in the supply chain.
Moderator:
Ryan Naraine, Director, Security Strategy, Intel Corporation
Panelists:
Yuriy Bulygin, Founder & Chief Executive Officer, Eclypsium
Gene Casady, VP Security Delivery & Global Operations, Global Payments Inc.
Steve Orrin, Federal Chief Technology Officer, Intel Corporation
Dominic Rizzo, Open Secure Silicon Tech, Google
Chad Sweet, Co-Founder, The Chertoff Group
4:10 PM – 4:50 PM
Track B / What Will Tomorrow’s Security Stack Look Like?
Abstract:
For the last 20 years we have reactively implemented monolithic security solutions by stacking legacy products on top of each other. This non-integrated approach has forced our organizations to confront significant complexity, resource drag and lack of effectiveness. As a community, it’s time to unite and define the new North Star of where security is headed. How do we challenge ourselves to a new way of thinking? What do we want our organizations to look like? How do we shift ourselves into a position where we can capably manage fast-paced challenges?
Moderator:
Nathan Smolenski, Director, Enterprise Strategy, Netskope
Panelists:
Alexander Garcia-Tober, Chief Executive Officer & Co-founder, Valimail
Kevin Nally, Chief Information Officer, US Secret Service
Tunde Oni-Daniel, Global Head of Security Engineering, Deutsche Bank
Richard Rushing, Chief Information Security Officer, Motorola Mobility
John Weinschenk, General Manager, Enterprise Network & Application Security, Spirent Communications
4:50 PM – 5:30 PM
Track A / What Are We Doing To Improve Election Security and Interference?
Abstract:
American voting was never designed to be perfect. With all its shortcomings, it’s still better than any process out there. In more recent times, the sanctity of the American voting process has come into question with the increasing cyberization of voting methodologies. This has started to raise logical and reasonable questions as to the security, trust, and confidence in the American voting system.
This is a discussion on both technology, but also on basic American civics. Most of the voting structure today is overseen by local jurisdictions and conducted mostly by volunteers. It was not designed or created in the context of delivering voting resilience in the face of determined adversaries – but that is the reality today. This panel will discuss some of the challenges – but also some of the reasonable ways ahead to provide higher levels of assurance and confidence in the voting system.
Moderator:
COL (Ret) John R. Mills, The Aerospace Corporation & Former Director of Cybersecurity Policy, Strategy, and International Affairs, Department of Defense
Panelists:
Lindsay Gorman, Fellow for Emerging Technologies, Alliance for Securing Democracy, The German Marshall Fund of the US
Geoff Hale, Director, Election Task Force, US Department of Homeland Security
Jerome Lovato, Director, Voting System Testing and Certification,U.S. Election Assistance Commission
Chris Wlaschin, Vice President, Systems Security & CISO, Election Systems & Software
4:50 PM – 5:30 PM
Track B / Something Borrowed, Something New: Innovation in Cybersecurity
Abstract:
Innovation comes in many forms, and innovation can be borrowed or created from within. How are tomorrow’s people, partnerships and technologies going to advance the security field? This panel will discuss innovation in these areas and debate questions such as: What are the future challenges for finding talent? How do you think partnerships can help advance the field? How are you dealing with Third Party Vendor Risk? And, what are the gaps in technology where vendors can help?
Moderator:
Jon Brickey, Ph.D., Senior Vice President, Mastercard
Panelists:
Matt Dunlop, Ph.D., VP & Chief Information Security Officer, Under Armour
Aaron Hughes, Vice President, Information Security and Deputy CISO, Capital One
Ben Moreland, Director, Information Security, Sinclair Broadcasting Group
George Smirnoff, Chief Information Security Officer & Senior VP, Synchrony
5:30 PM
Day 1 Program Concludes
Day Two Showcase
November 7, 2019
7:30 AM – 8:30 AM
Registration and Continental Breakfast
8:30 AM – 5:30 PM
General Session, Ballroom
8:30 AM – 8:35 AM
Opening Remarks
Rick Geritz, Chief Executive Officer, LifeJourney
Robert Rodriguez, Chairman, SINET
8:35 AM – 9:15 AM
How Useful is Threat Intelligence Without the Skills to Analyze It?
Abstract:
The old adage is that you can only call data “intelligence” when it’s actionable, and in order for information to be actionable you would have to be sure that a threat is relevant to your organization. Many businesses are making significant investments to access the very latest threat intelligence, much of it highly contextualized, but can we be sure that security professionals can skill up fast enough to make accurate decisions about the risk from these threats? How much insight can packaged threat intelligence deliver without a human to analyze it? And does AI have a role to play and what should that be? This panel will examine the close relationship between the untapped potential of your human resources, the best areas in which to deploy machines, and the risks created by the limitations of both.
Moderator:
James Hadley, Chief Executive Officer & Founder, Immersive Labs
Panelists:
Michael Breslin, Director Strategic Client Relationships, Federal Law Enforcement, LexisNexis Risk Solutions
Joram Borenstein, GM, Cybersecurity Solutions, Microsoft
Monica Maher, Vice President & Senior Engineer, Cyber Threat Analysis, Goldman Sachs
Jenny Menna, Senior Vice President, Business Security Solutions, US Bank
Michael Snook, Managing Director & Chief Information Security Officer, Moody’s
9:15 AM – 9:40 AM
Introduction to SINET 16 Innovators
SINET 16 Innovators Present (1-4)
Shahrokh Shahidzadeh, Chief Executive Officer, Acceptto
Upesh Patel, Vice President of Business Development, Aqua Security
Kevin Gosschalk, Founder and Chief Executive Officer, Arkose Labs
Rahul Kashyap, President & Chief Executive Officer, Awake Security
9:40 AM – 10:00 AM
SINET Thinks Forward with Jerry Archer, Senior VP & Chief Security Officer, Sallie Mae
Topic:
What Comes After Cloud?
10:00 AM – 10:20 AM
Break and Company Exhibits Open
10:20 AM – 11:00 AM
OODA Loop – Software Is Becoming A National Security Vulnerability
Abstract:
In our connected world, software is everywhere and in the mind’s of some people, it’s becoming a national security vulnerability. This panel will share their thoughts on the topic while addressing questions such as:
Are open source libraries our fundamental building blocks of the modern economy? Do they represent a key issue?
Who should be responsible for finding and fixing these vulnerabilities?
What are some other challenges that we need to address better?
What are some low-hanging issues that we can address but aren’t?
Moderator:
Manish Gupta, Chief Executive Officer & Founder, ShiftLeft
Panelists:
Jerry Archer, Senior VP & Chief Security Officer, Sallie Mae
David Bottom, Chief Information & Data Officer, U.S. Department of Homeland Security, Office of Intelligence & Analysis
Jimmie Lee, Head of Security Applications, Facebook
Craig Rosen, Chief Information Security Officer, AppDynamics
11:00 AM- 11:40 PM
Avoiding Bias in AI-Driven Security
Abstract:
AI bias naturally occurs in data or algorithmic models, and while this issue in security products may be in its infancy, it will grow rapidly. So will its consequences. That’s because once prejudiced data creeps into AI-based security products, it has the potential to make organizations less, not more secure. For AI to function properly, a continuous feed of quality and trusted data is required. When bad, distorted, or incomplete data creeps into security models it will make the false positive problem we currently face much worse. We should expect attackers to exploit the vulnerabilities associated with this bias, thus causing AI model poisoning to become more prevalent, eroding the trust between security teams and machines that learn.
How do we:
-Reinforce the benefits of AI in security – which most solutions do not deliver on
-Highlight the key challenge, poor, incomplete, and/or biased data
-Better manage the risks and impact on a security program
This session will explain how to avoid discriminatory or inaccurate AI feeds in Cybersecurity applications with the panelists sharing their experiences building and working with security models. They will also present best practices for ensuring data integrity, verifying outputs to detect and correct bias, and how to optimize models to reduce false positives.
Moderator:
Srinivas Mukkamala, Co-Founder & Chief Executive Officer, RiskSense
Panelists:
Oche Idoko, Director & Senior Cyber Risk Officer, Société Générale
Shaun Khalfan, Vice President Information Security, Freddie Mac
Peter Leihn, Chief Executive Officer, Ixup
11:40 AM – 12:05 PM
SINET 16 Innovators Present (5-8)
Gaurav Banga, Founder and Chief Executive Officer, Balbix
Phil McQuitty, Vice President of Field Engineering, BigID
Michael Burshteyn, Founder and Chief Executive Officer, CryptoMove
Larry Johnson, Chief Executive Officer, CyberSponse
12:05 PM – 1:10 PM
SINET Connects: Networking Luncheon
Maximize this 65-minute luncheon by sitting down in an informal and intimate setting with distinguished security thought leaders and experts. Topics will focus on how solution providers can best shape their business strategies to meet the needs of the market. For a list of topics & hosts: https://www.security-innovation.org/events/dc/table-hosts/
1:10 PM – 1:55 PM
Protecting U.S. and Other Government Critical Infrastructures: Is a Cyber Geneva Convention Needed?
Abstract:
Cyberspace has emerged as the newest, and most dynamic, battlefield domain. Just as the Geneva Conventions have protected civilians in wartime since 1949, can an international treaty – a Geneva Convention for Cyberspace – protect civilian health and safety by making it illegal to attack critical infrastructure networks? The panel will discuss a range of legal and policy issues regarding the nature of cyberwar in the 21st century, such as:
-The extent to which a multilateral treaty can define norms of behavior and limit disruptive activities in cyberspace;
-The types of targets that a convention would protect under different conditions, such as a state of armed conflict or conflicts short of war;
-Enforcement mechanisms for such an agreement;
-Whether a treaty would effectively protect U.S. civilian critical infrastructure from cyberattack;
-Whether such a treaty might unduly constrain U.S. military options;
-The implications of existing proposals for both governments and private corporations.
Opening Remarks:
Larry Hanauer, Vice President for Policy, INSA
Moderator:
Robert Litt, Of Counsel, Morrison & Foerster LLP; former ODNI General Counsel
Panelists:
Stewart Baker, Partner, Steptoe & Johnson LLP; former NSA General Counsel
Gary Corn, Program Director & Adjunct Professor, Technology, Law & Security, American University Washington College of Law & Former US Cyber Command (Ret.)
James Lewis, Senior Vice President and Director, Technology Policy Program, Center for Strategic and International Studies (CSIS)
Angela McKay, Senior Director for Cybersecurity Policy & Strategy, Microsoft
1:55 PM – 2:20 PM
SINET 16 Innovators Present (9-12)
Ami Dotan, Chief Executive Officer & Co-founder, Karamba Security
Karim Toubba, Chief Executive Officer, Kenna Security
Ken Ammon, Chief Strategy Officer, OPAQ Networks
Amos Stern, Chief Executive Officer & Co-founder, Siemplify
2:20 PM – 3:00 PM
How Government and Private Industry Are Working Together
Abstract:
This panel of esteemed government and industry executives will discuss some ways the public and private sectors are working together and will give their remarks on questions such as:
How is the concept of cooperation and coordination currently working across the government and private sector, and how do we know it’s working?
What are your impressions of the current nature of the information sharing environment? How are we using actionable information to sustain a collective defense model between government and private sectors?
In the face of advanced adversarial threats, as well as emerging technologies driven by continued innovation (e.g. 5G, Internet of Things), what else do we need to be focusing on?
Moderator:
Bradford Wilke, Acting Assistant Director, Stakeholder Engagement Division, DHS Cybersecurity and Infrastructure Security Agency (CISA)
Panelists:
William Evanina, Director, National Counterintelligence and Security Center (NCSC)
Patrick Johnson, Chief of Staff, Silicon Valley Bank
Michele Mullen, Director General of Partnership and Risk Mitigation, Canadian Centre for Cyber Security
Matt Olsen, Chief Trust and Security Officer, Uber
3:00 PM – 3:20 PM
Break and Company Exhibits Open
3:20 PM – 4:00 PM
Changing Your Company Culture – How Employees Can Be Part of The Solution Against Insider Threat & Other Risks
Abstract:
Whether an employee is phished or makes a mistake in a configuration, coding, etc., statistics continue to prove that employee (insider) actions are the number one reason that cyber breaches occur. This panel will explore how we can build an organization’s culture that enables employees (insiders) to do the ‘right’ thing while identifying techniques that could assist with identification of outliers – employees/insiders who don’t have company interests at heart and are part of a company’s insider threat. Understanding problemed areas, putting in controls and procedures, and communicating effectively to the board, teams, and individual employees will also be discussed.
Moderator:
Renee Guttmann, Chief Information Security Officer, Campbell Soup Company
Panelists:
Greg Crabb, VP & Chief Information Security Officer, United States Postal Service
Larry Johnson, Chief Executive Officer, Cybersponse
Wilson Leung, Group Manager – Information Security and Risk Management, Swire Coca-Cola
Mani Sundaram, CIO and Executive VP, Global Services And Support, Akamai Technologies
Michael Welch, Global Chief Information Security Officer, OSI Group, LLC
4:00 PM – 4:25 PM
SINET 16 Innovators Present (13-16)
Brendan Hannigan, Chief Executive Officer & Co-founder, Sonrai Security
Jeff Hussey, President, Chief Executive Officer, & Co-Founder, Tempered Networks
Fahad Rizqi, Vice President, Sales, Tigera
Richard Benigno, Senior Vice President, Sales Global, XM Cyber
4:25 PM – 4:45 PM
SINET Thinks Forward with William Evanina, Director, National Counterintelligence and Security Center (NCSC)
Topic:
The China Threat and American Business
4:45 PM – 5:25 PM
Cyber Resiliency – Building a Robust Enterprise-wide Program That Allows You to Bounce Back
Abstract:
As the quantity and complexity of cyber-attacks continue to grow, and large-scale digital enterprise transformation projects put even more pressure on information security organizations, business leaders, Boards and regulators are turning their attention to cyber resiliency.
A cyber resiliency program should bring together the capabilities of cybersecurity, business continuity and enterprise resilience to quickly respond to threats, minimize damage and allow enterprises to operate when being attacked. The end result of a cyber resilient business is one that can launch innovative products/services and business models securely, while strengthening customer trust, and grow with confidence.
Join this panel of esteemed security executives as they explore:
Moderator:
William Beer, Principal HB Advisory LLC
Panelists:
Brendan Goode, Global Head of Enterprise Technology and Cyber Risk, Citi
Jeff Lunglhofer, Chief Information Security Officer, BNY Mellon
Shehzad Merchant, Chief Technology Officer, Gigamon
Greg Murphy, Chief Executive Officer, Ordr
5:30 PM
Closing Remarks
Robert D. Rodriguez, Chairman & Founder, SINET
5:30 PM – 7:00 PM
SINET Connects: Networking Cocktail Reception & SINET 16 Company Exhibits