Day One – Wednesday, March 7, 2018
12:00 PM – 1:00 PM
1:00 PM – 2:10 PM
1:00 PM – 1:05 PM
Rick Geritz, Chief Executive Office, LifeJourney
1:05 PM – 1:10 PM
Robert D. Rodriguez, Chairman & Founder, SINET
1:10 PM – 1:25 PM
SINET Inaugural Impact Award Presentation
Robert D. Rodriguez, Chairman & Founder, SINET
1:25 PM- 2:10 PM
What Are The Emerging And Most Serious Threats Looming On The Horizon?
Abstract: Mirai malware, WannaCry ransomware, information warfare, destruction and manipulation of data, Foreign Government tampering: these are just some of the cybersecurity issues of the recent past. But what lies ahead? This panel of cyber professionals from both industry and government will discuss what and where they see are most serious threats looming from.
Moderator: Brian White, Vice President, Forcepoint
Tony Cole, Chief Technology Officer, Attivo Networks
Richard Hale, Chief Information Security Officer, Sony Entertainment
Robert Novy, Deputy Assistant Director, U.S. Secret Service, Office of Investigations
Joe Weiss, Managing Partner, Applied Control Solutions, LLC
Track A – 2:10 PM – 2:55 PM
Bug Bounties and How Companies Will Need to Revisit How They Manage Them
Abstract: Organizations have used Bug Bounty Programs for years to identify exploits and vulnerabilities, but with recent incidents in the headlines, companies may need to rethink the way they plan and implement these programs. There are risks and legal issues that need to be considered, as well as information the Board of Directors may need in advance. This panel will discuss the pros and cons of implementing bug bounty programs, the processes and policies that must be in place prior to instituting this type of program as well as the possible risks and vulnerabilities that need to be considered, addressed, and managed.
Moderator: Dave Mahon, Chief Security Officer, CenturyLink, Inc.
Casey Ellis, Founder, Chairman & Chief Technology Officer, Bugcrowd, Inc.
Srinivas Mukkamala, Chief Executive Officer, RiskSense, Inc.
Pritesh Parekh, Chief Information Security Officer, Zuora
Varun Singla, Chief Information Security Officer, Veritas
Track B – 2:10 PM – 2:55 PM
Next-generation deception: A nice-to-have or must-have?
Abstract: Nature has used deception for millions of years for surviving and thriving. Recently, top security architects and national defense agencies have used it very effectively to ensnare threat actors. However, large-scale commercial deployments of deception technologies are still limited.
This discussion will go over the challenges involved in effectively deploying enterprise-wide deception solutions at scale. It will also address the recent advances in machine learning, AI, cloud technologies, and Software-Defined Networking that can help in deployment of enterprise-scale deception solutions. These panelists will discuss practical and beneficial aspects involved in deploying deception solutions and are they delivering tangible Return on Investment (ROI) or not?
Moderator: Rick Moy, Head of Marketing, Acalvio Technologies
Andy Nallappan, Chief Information Officer, Broadcom
Richard Rushing, Chief Information Security Officer, Motorola Mobility
Caleb Sima, Founder, Badkode Ventures
Abe Smith, Director, Enterprise Security, Cavium
2:55 PM – 3:15 PM
Track A – 3:15 PM – 4:00 PM
Emergent Technologies and Their Impact on Enterprise Security
Abstract: This panel gathers security practitioners from different industries to explore the impact of emergent technologies. CISOs from financial services, cloud, high tech, and retail will debate and discuss how emergent trends such as Cloudnative computing, GDPR, Big data, AI-assisted threats and Smart devices influence their strategies and technology selections. We will discuss where they will prioritize security budgets and investments in the near future, how they plan to assimilate new technologies into existing environments, and where there are remaining gaps.
Moderator: Chenxi Wang, Board Member, Open Web Application Security Project
Bill Chen, Chief Security Architect, VISA
Michael Coates, Chief Information Security Officer, Twitter
Craig Davies, Chief Executive Officer, AustCyber
Eric Hlutke, Chief Security Architect, Teradata
Window Snyder, Chief Security Officer, Fastly
Track B – 3:15 PM – 4:00 PM
Next Generation Threat Intelligence: More Effective Uses, More Organizations Sharing, Quicker Threat Responses
Abstract: The stand up and operation of an effective Threat intelligence program is extremely difficult. Most organizations that have attempted the creation of a threat intel program have been met with significant challenges. Many have given up.
Today’s threat intelligence program strategies are built by the largest of organizations with a staff of hundreds of threat analysts. Manual processes, cost, complexity and noise hinder most organizations from ever building out a successful threat intelligence program. While many threat sharing communities exist, such as ISACs and ISAOs, the majority of the community members do not have an effective way to consume and produce intel.
New advances in security automation are opening new doors for organizations of all sizes to create, manage and defend themselves with threat intelligence. In this panel, we will discuss:
– What is cyber intelligence and how is it made?
– The current challenges in threat intelligence
– Intel automation and shareback with STIX,Taxi
– Internal challenges to creating, implementing and operating an effective program
– How does community sharing benefit all participating organizations.?
– Setting expectations and measurements for Threat Intel programs.
Moderator: Gerry D’Agostino, Vice President of Business Development, Perch Security
Michael Johnson, Chief Information Security Officer, CapitalOne
Dave McCandless, Chief Information Officer, Navis
Vanessa Pegueros, Vice President & Chief Information Security Officer, DocuSign
Jeff Weeks, Senior VP & Chief Information Security Officer, First National Nebraska Inc.
Track A – 4:00 PM- 4:45 PM
How The Digital and Physical Convergence Is Impacting the Roles of the Modern Day CSO & CISO
Abstract: Businesses are increasingly becoming inherently digital, raising the visibility of information security to the Board level. At the same time, this digital infrastructure rides on a physical infrastructure that is subject to weather, geo-political and other impacts. Digital transformation of the enterprise has increased the breadth and complexity of threats, vulnerabilities and impacts and require a new approach to understand those risks holistically across all business lines. The panel will discuss the potential disconnects between digital and physical risks, and the opportunities for collaboration between the CSO and the CISO to better manage these risks enterprise wide.
Moderator: Bryan Ware, Chief Executive Officer, Haystax
Dennis Gilbert, VP & Chief Information Security Officer, Exelon
Renee Guttmann-Stark, (Former) Chief Information Security Officer, Royal Caribbean Cruise Lines
Siobhan MacDermott, Global Cyber Public Policy Executive, Bank of America
David Stender, Senior Vice President & Chief Security Officer, M&T Bank
Track B – 4:00 PM- 4:45 PM
Internet Insurrection: How To Address: Fake News, Deception, Malware and Adware Attacks
Abstract: The digital economy is under attack. The complexity of the highly-dynamic digital environment renders it vulnerable to manipulation by inscrutable actors. The resulting consumer distrust, vendor apathy, investigations and regulation have rocked the foundation of the consumer internet forcing enterprises to rethink management of their websites and mobile apps. This panel will discuss:
-perils of a digital-first world
-what are the most pervasive types of attacks today
-who bears responsibility for what a consumer experiences
-merits of the current situation
-steps being taken to better control the digital environment
Moderator: Evan Wolff, Cybersecurity and Homeland Security Partner, Crowell & Moring LLP
Jerry Archer, Senior VP & Chief Security Officer, Sallie Mae
Alexander Garcia-Tobar, Chief Executive Officer & Co-Founder, Valimail
Ondrej Krehel, Digital Forensics Lead, Chief Executive Officer, & Founder, LIFARS
Chris Olson, Chief Executive Officer, The Media Trust
Track A – 4:45 PM – 5:30 PM
Autonomous Vehicles and The Impact of AI and Cybersecurity on Their Future
Abstract: Now that cars are connected, they are subject to the same potential vulnerabilities as other networked devices. This is likely to become more of a challenge as vehicles become automated. Like the Internet of Things, managing this will involve a significant and coordinated effort. Unlike many other parts of the Internet of Things, vehicles operate in safety first critical environments. How should we approach these challenges to ensure the vehicles of the future are secure, trusted and safe by design?
Moderator: Suzanne Frey, Director, Trust, Security, Privacy, Compliance, Google
Josh Davis, Chief Cyber Security Officer & Vice President, Toyota
Steve Gilmer, Vice President, Global Infrastructure and Cybersecurity, Integrated DNA Technologies
Tim Mather, Chief Security Strategist, PatternEx
Track B – 4:45 PM – 5:30 PM
Borrowing a Page from National Security Off-Site Deliberations: “100 Coins”
Abstract: There is a process that senior national security executives sometimes use at small strategic off-site meetings, called “100 Coins”, that is simultaneously scary in its simplicity, yet tremendously powerful in its ability to identify priorities and the rationale behind them.
With seemingly infinite things you’d like, and need, to do to help make the world more secure, that would cost 1000+ coins to do them, which ones would you do, and how many coins would you spend on each, if you had 100 coins to spend (and why)?
CISOs face an analogous problem: an overwhelming – if not outright absurd – number of things that should be done to manage cybersecurity risk, but with constraints across the board.
Panelists will discuss how each would allot those precious 100 coins to address those cybersecurity risks, both strategic & tactical, and will be asked to defend their choices and omissions.
Moderator: Phil Quade, Chief Information Security Officer, Fortinet
Jay Gonzales, Chief Information Security Officer, Samsung Semiconductor Inc.
Pete Gouldmann, Enterprise Risk Officer for Cyber, U.S. Department of State
Mo Katibeh, Chief Marketing Officer, AT&T Business, AT& T
Nick Shevelyov Chief Security Officer, Silicon Valley Bank
Day Two – Thursday, March 8, 2018
7:30 AM – 8:30 AM
Registration and Continental Breakfast
8:30 AM – 5:30 PM
8:30 AM – 8:35 AM
Introductory Remarks by Forum Host
Rick Geritz, Chief Executive Office, LifeJourney
8:35 AM – 9:20 AM
The Future of Cryptography
Abstract: The Future of Cryptography includes the topic’s legacy of encryption and signing but has expanded to include immutable ledgers, crypto currencies, homomorphic encryption, quantum computing and much more. This panel, led by Dr. Taher Elgamal, the father of SSL, will facilitate a discussion with cryptography legends and experts on emerging capabilities and challenges. The process of standardization and the adapting to the market’s changing needs will be a key topic along with the operational aspects of managing cryptographic material and algorithms. Investments in research and advanced cryptographic algorithms will also be discussed in this ambitious but very pragmatic session. Cryptography is pervasive, integrated into IOT devices, the network, servers, software and in the cloud. Today, the ability to proactively identify, manage and mitigate data risks and vulnerabilities requires new and innovative cryptographic strategies. The cryptographic community needs to prepare for the future!
Moderator: Taher Elgamal, Chief Technology Officer, Salesforce.com
Bob Blakley, Global Head of Information Security Innovation, Citigroup
Martin Hellman, Professor Emeritus, Stanford University
Neil Kittleson, Chief Strategic Partnerships, Office of the National Manager, National Security Agency
Brian LaMacchia, Distinguished Engineer, Microsoft
Phil Quade, Chief Information Security Officer, Fortinet
9:20 AM – 9:40 AM
SINET Thinks Forward with Alex Stamos, Chief Security Officer, Facebook
Topic: Fighting the Last War: How CISOs Need to Retool for Our New Responsibilities to the World
9:40 AM – 10:20 AM
Industry and Government Cybersecurity Priorities For 2018
Abstract: In today’s current threat environment, cybersecurity strategies are shifting toward shared services and going to the cloud. Additionally, these strategies are seeking to address the comprehensive use of digital platforms across critical and non-critical infrastructure. For example, the protection of information is becoming as important as protecting our nation’s critical infrastructure. As we move towards a cloud-based domain, what are the strategies, models and technologies that are going to help industry and Government achieve safe, secure, and resilient operations and functions in this evolving environment? These are large challenges that will necessitate robust collaboration between the public and private sectors in order to successfully achieve these objectives and while keeping pace with a dynamic and evolving cyber world.
Moderators: Kiersten Todt, President & Managing Director, Liberty Group Ventures, LLC.
Joseph Sullivan, Former Commissioner, United States Presidential Commission on Enhancing National Cybersecurity
Additional Panelists TBA
10:20 AM – 10:40 AM
SINET Thinks Forward with Vint Cerf, Vice President & Chief Internet Evangelist, Google
Topic: The Current State of Affairs with IoT Security and Where This Opportunity and Challenges May Be Headed
10:40 AM – 10:55 AM
10:55 AM – 11:40 PM
From Mirai, Reaper to IoTroop, What Else Is On The Horizon in the Massive IoT Botnet World?
Abstract: It’s been just over a year since the world witnessed some of the world’s top online websites being taken down for much of the day by “Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks.
Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware — variously named “Reaper” and “IoTroop” — that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already.
Reaper isn’t attacking anyone yet. For the moment it is apparently content to gather gloom to itself from the darkest reaches of the Internet. But if history is any teacher, we are likely enjoying a period of false calm before another humbling IoT attack wave breaks. This panel will discuss “Reaper” and what may lie ahead.
Moderator: Doug Maughan, Division Director, U.S. Department of Homeland Security
Justin Fier, Director of Threat Intelligence, Darktrace
Steven Rogers, Chief Executive Officer, Centripetal Networks
Sherry Ryan, VP & Chief Information Security Officer, Juniper
John Zangardi, Chief Information Officer, U.S. Department of Homeland Security
11:40 AM – 12:20 PM
DoD’s Cybersecurity Challenges for 2018-2019 and the Plan for Tackling Them
Abstract: The cyber threat has never been more serious than it is today, affecting every aspect of our professional and personal lives. Nation state and non-nation state cyber adversaries are evolving faster than ever, and approaching cybersecurity and cyber defense differently. Leveraging new ways of thinking about the problem is fundamental to survival in today’s cyber world. The Department of Defense is at the forefront of innovation, adopting new technologies and operational concepts to confront this challenge in 2018 and beyond. Join our panelists as they share their vision and roadmap for the way ahead.
Moderator: Aaron Hughes, Vice President, Information Security & Risk Management, Capital One
RDML Danelle Barrett, Navy Cyber Security Division Director, United States Navy
Edward Brindley, Acting Deputy CIO for Cybersecurity, Unites States Department of Defense
Brandon Johns, Cyberspace Defense Officer, USCYBERCOM
Peter Kim, Chief Information Security Officer, United States Air Force
12:20 PM – 1:20 PM
SINET Connects: Networking Luncheon
Maximize this 60-minute luncheon by sitting down in an informal and intimate setting with distinguished security thought leaders and experts. Topics will focus on how solution providers can best shape their business strategies to meet the needs of the market. Table Hosts and Topics: https://www.security-innovation.org/events/silicon/table-hosts/
1:20 PM – 5:30 PM
1:20 PM – 2:05 PM
Designing and Implementing a World Class Cyber Resilience Program
Abstract: Cyber resilience is the ability to “fight through” and to continue to operate critical business systems while in a contested environment and degraded operational state. True cyber resiliency is achieved through integrating and operationalizing best practices and compliance focused activities, which can be discreetly measured and tested. Cyber resilience is successful when business/mission objectives and goals are negligibly impacted by a cyber-event that was designed to produce catastrophic outcomes. This panel will discuss how CISO’s of organizations both large and small can leverage people, processes and technology to develop environments that are cyber resilient.
Moderator: Neill Occhiogrosso, Partner, Costanoa Ventures
James Beeson, Chief Information Security Officer, Cigna
Sean Kelley, Former Chief Information Security Officer, US Environmental Protection Agency
Jeff Klaben, Chief Information Security Officer, SRI International
Brendan O’Connor, Chief Technology Officer, ServiceNow
Christopher Wlaschin, Chief Information Security Officer, U.S. Department of Health & Human Services
2:05 PM – 2:45 PM
The Cybersecurity, AI & Blockchain Investment Landscape: A Venture Capitalist Perspective
Abstract: AI and Blockchain are two of the hottest (and hyped) topics in both the general media and technology community. For instance, some have described AI as the ‘new black’ in the sense that many are positioning themselves as a AI company. What are some of the unique investment risks inherent to each of these enabling technologies? Where are most promising investment opportunities and areas of greatest growth? How can policy and regulation be most helpful in shaping the market? What can we expect from the large security vendors? In the panel of leading venture investors, we’ll get a look into strategies you can use to both pick winners and deliver value to your enterprise.
Moderator: Jim Pflaging, Principal, The Chertoff Group
Sri Chandrasekar, Co-Head, AI Investments, Point 72 Ventures
Ken Gonzales, Managing Director, Trident Capital Cybersecurity
Vivek Ladsariya, General Partner, Sinewave Ventures
Jon Sakoda, General Partner, New Enterprise Associate
Rama Sekhar, Partner, Norwest Venture Partners
2:45 PM – 3:25 PM
Cyber Frontline – Dealing with the Full Spectrum of Nation Cyber Competition and Associated Implications
Abstract: The new National Security Strategy has declared that certain nations are strategic competitors. Russia, China, and other groups are using cyber as an extension of competition (and conflict) towards those who they perceive as threats to their long term goals.
This cyber competition or behavior is delivered in various forms that articulates a grand strategy and intent to displace American and allied advantages. Examples of this are industrial espionage and intellectual property theft, China seeking and getting access to source code as part of the price of doing business, Kaperersky in the US Government or not, the Russian using information warfare and social media manipulation to meddle into US and other nations elections. This panel will discuss what is the role of industry, what are the possibilities of how competing nations are leveraging Cyber capabilities,AI, Machine learning, Robotics etc. as a means to deliver effects in support of their long term goals. These concerns highlight why continued advancement of innovation by new companies is one of the primary means to ensure the allied effort stays ahead of these strategic competitors.
Moderator: Raj Shah, Entrepreneur & Recent Managing Partner, Defense Innovation Unit Experimental (DIUX)
Major General Hua-Ching Chien, Director of Informarion Assurance Division, J6, Taiwan Ministry of National Defense
Elsa Kania, Adjunct Fellow, Technology and National Security Program, Center for a New American Security (CNAS)
Zulfikar Ramzan, Chief Technology Officer, RSA Security
3:25 PM – 3:40 PM
3:40 PM – 4:20 PM
Is Data the New Endpoint?
What if the term “endpoint” has been too narrowly defined? If you are an IT security professional, the term endpoint refers to a desktop or other end-user devices. But if you are an aggressor, the endpoint is the data itself, and the objective is to capture, compromise, expose, or modify the data. Confusion aside, both device and data security are critical, but often data security has taken the back seat to protecting the devices and networks. The primary reason for device security is to protect data in storage, transit or use, but many trends in the industry, to include the plethora of recent breaches and the looming GDPR compliance deadlines, will force enterprises to make a shift. Enterprises must assume their users’ devices will be compromised and make the data (the attackers’ endpoint) as difficult as possible to compromise, expose, and/or modify. This session will focus on the necessary shift to deliver business privacy through data security, while reducing the ramifications of compromised devices and networks.
Moderator: Todd Barnum, Chief Information Security Officer, GoPro
Greg Crabb, VP & Chief Information Security Officer, US Postal Service
Mike Fleck, Vice President Security, Covata
Matt Hollcraft, Chief Cyber Risk Officer, Office of the General Counsel, Maxim Integrated
Friedrich Wetschnig, VP & Chief Information Security Officer, Flex
4:20 PM – 5:05 PM
How Various Risk Reduction Exercises and Models Are Working to Secure Large and Complex Environments
Abstract: As cybersecurity increasingly becomes boardroom level discussion and priority, the CEO and the CIO/CISO relationship becomes a critical component of the cyber program for an organization that needs to prepared for every high impact incident. Nadav Zafrir, founder & CEO of Team8, former Commander of Israeli Intelligence Unit 8200, brings a unique understanding to building resilience in this context. In this session, subject matter experts will discuss how incident response readiness can be built through Risk Modeling, by creating simulation scenarios based on identifying adversary motivation, capability, likelihood and impact.
Moderator: Robert Rodriguez, Chairman & Founder, SINET
Niall Browne, Chief Security Officer & SVP, Trust & Security, Domo
Humphrey Christian, VP of Product Management, Bay Dynamics
Sameer Dixit, Senior Director, Spirent SecurityLabs
Nadav Zafrir, Co-Founder & Chief Executive Officer, Team 8
Steve Zalewski, Chief Security Architect, Levi Strauss & Co
5:05 PM – 5:30 PM
SINET Thinks Forward with Shawn Turskey, Executive Director, USCYBERCOM
Topic: United States Cyber Command and Critical Cyber Observations
Robert D. Rodriguez, Chairman & Founder, SINET
5:30 PM – 7:30 PM
SINET Connects: Networking Reception