Thursday, October 4th, 2018
8AM- 4:30PM 123 W. 18th Street, NYC
Trends in Enterprise Security
VP, Product and Engineering, NetWitness Suite RSA, a Dell Technologies Business
Global Business Development Manager NFV and Cloud Security Markets ADVA Optical Networking
Director of DevOps BNY Mellon
Enterprise Solutions Engineer Duo Security
Global CISO OPKO Health, Inc.
Strategic Account Manager, UEBA & Insider Threat Forcepoint
Director of Cyber Risk Qadium
SVP, CISO Realogy Holdings Corp.
Director & Business Information Security Officer DTCC
VP of ISM Helaba
Director Application Security Strategy Checkmarx
Sr. Sales/ Delivery Engineer Semperis
Director Information Risk Management & Security Merck & Co.
Sr. Director Information Security & Privacy NY-based Luxury & Fashion Retailer
ISSM/CISO Davis Polk & Wardwell LLP
SVP- CISO Amalgamated Bank
Senior VP, Infrastructure Service Delivery & DevOps Broadridge
Founder & Executive Director Technology Managers Forum
SECURITY FORUM SPEAKERS
October 4th, 2018
SECURITY FORUM AGENDA
October 4th, 2018
8:00-9:00AM Registration with Continental Breakfast and Exhibits
9:00-9:05AM Opening Remarks: Priscilla Tate, Executive Director, TechForum
9:05-9:35AM The World is a Vampire: When Standards Fall Behind the Threat
Bill Ballmer, Global Business Development Manager, ADVA Optical Networking
Corporate data is moving away from the secure world behind the castle of firewalls and user policies. The 21st century world now has data flowing from location to location-- often outside the control of the company. New techniques for creating these information highways such as SD-WAN answer for the network engineers, but how to deal with the exposed data? With NIST preparing to revamp the key and encryption standards in the next several years, rendering most of today's technology obsolete, what new technologies are on the horizon?
9:35-9:50AM Exhibits and Snack Break
9:50-10:40AM CISO Roundtable: Overhauling the Cybersecurity Playbook: What’s Hot and What’s Not in Security Operations
Security Operations is one of the fastest morphing areas of cybersecurity defense. This panel will take a look at the state-of-the-the-art from the CISO perspective. There are a growing number of tools available that step-up network visibility and harness machine learning. The result is an increasingly proactive and intelligent SecOps that is capable of threat-hunting and reconnaissance as well as defense. CISOs and network security innovators will candidly discuss the challenges of new threat vectors and the tools and management strategies we need to cope with the velocity of attacks on our infrastructure.
MODERATOR: Priscilla Tate, Executive Director, TechForum
Richard Timbol, CISO, Davis Polk and Wardwell LLP
Max Tumarinson, SVP-CISO, Amalgamated Bank
David Van Skiver, Director Information Risk Management & Security, Merck & Co.
Michael Adler, VP, Product and Engineering, NetWitness Suite, RSA Security
10:40-11:10AM Exhibits and Snack Break
11:10-11:40AM Adversaries Find your Unknown and Misconfigured Internet Assets, Shouldn’t You?
Marshall Kuypers, Director of Cyber Risk, Qadium
In this talk, Marshall will discuss how attackers have begun conducting Internet-scale attacks at machine speed by leveraging new scanning technologies. Qadium will present examples of how new classes of perimeter exposures are creating new risks, and data on global Internet trends.
11:40AM-12:10PM Exhibits and Snack Break
12:10-12:40PM Risk Mitigation and the Negligent User: Behavioral Analytics and Insider Threat
Charles Keane, Strategic Account Manager, UEBA and Insider Threat, Forcepoint
Macro IT trends around cloud adoption and BYOD are greatly expanding the threat landscape faced by security organizations who can’t keep hiring to cope with the increasing levels of exposure. Security organizations must evolve from a threat-centric reactive environment in order to offer more effective cyber-security. What if there was a solution which could adapt protection dynamically and apply monitoring and enforcement controls, offering protection based on the risk level of users and the value of data accessed? This could enable security organizations to better understand risky behavior and automate the enforcement of policies, dramatically reducing the quantity of alerts requiring investigation and providing more efficient cyber-security. Join in the discussion around the next generation of data protection.
12:40-1:20PM Luncheon and Exhibits. Lunch includes: Sandwiches: Smokey Good: Hickory Turkey Breast, Smoked Gouda & Red Pepper Aioli in Whole Wheat Tortilla; Grown-Up Chicken Sandwich: Herb Grilled Chicken, Vine Ripened Tomato, Saffron Mayo, Pea Shoots; Upscale Caprese (Vegetarian): Roasted Tomatoes, Baby Arugula & Balsamic Aioli on Rosemary Focaccia. Salads: Farro, Quinoa & Wheatberry Salad/ Cranberries, Pecans and Citrus Vinaigrette (Vegan); Long Grain Wild Rice Salad/Golden Raisins, Apricots, Currants & Scallions, Citrus Dressing (GF, Vegan); Pasta Salad with Pesto/ Fresh Vegetables & Pesto Sauce (Vegan).
1:20-2:10PM From “Trust but Verify” to “Zero Trust”: The Evolution of Identity and Access Management in the Digital Enterprise
The persistent challenges we face managing identity, auditing access to data and insuring business resilience are concerns that never seem to go away. In today’s digital enterprise, technology is irrevocably intertwined with business operations and the controls for cyber risk need to be closely aligned, if not embedded into the everyday activities of business. Leveraging automation and machine learning is key. In this panel, information security practitioners, risk professionals and technology solution providers will discuss new tools and different approaches to the security functions around governance, risk and compliance.
MODERATOR: Richard Maathy, Director & Business ISO, DTCC
Afzal Khan, Global CISO, OPKO Health, Inc.
Chetan Patel, VP of ISM, Helaba
Jason Silva, Sr. Sales/ Delivery Engineer, Semperis
Joe Gonzalez, Enterprise Solutions Engineer, Duo Security
2:10-2:30PM Exhibits and Dessert Break
2:30-3:00PM Lessons from the Cyber Resiliency Front Lines: How to Cope When Your Data is Your Enterprise's Most Strategic Asset as well as its Greatest RiskBrian Reagan, CMO, Actifio
Enterprise digital transformation is putting an increased emphasis on the criticality of data, but there is a dark side. Cyber threats are not only increasing in frequency and scope, but also in their points of attack – from production to secondary workloads like backup. During this session, hear real-world examples of how enterprises are mitigating risks while not limiting their competitiveness or agility.
3:00-3:20PM Exhibits and Dessert Break
3:20-4:10PM Security Inside: An Integrative Approach for Remediating Risk through DevOps and Secure Code
The Digital Enterprise is a popular phrase partially because we are still working on how we break down the silos of information processing that need to run in tandem, rather than in isolation. Traditionally, we have separate departments of information security, application development and security operations. The business need for speed that was unlocked by mobile devices and cloud computing lead us to the door of a new breed of computing--agile computing. To get there, we realized a need for integrated development methodologies with operational hooks—hence DevOps and SecDevOps. The agile and DevOps buzzwords tend to drown out what is really happening inside organizations around secure application development. In this panel, CISOs, network infrastructure professionals and cutting-edge developers will discuss both the management challenges and rewards as they transition with their organizations to a DevOps mentality.
MODERATOR: Priscilla Tate, Executive Director, TechForum
Ray Stirbei, Sr. Director Information and Privacy, NY-based Luxury and Fashion Retailer
Nashira Layade, SVP, CISO, Realogy Holdings Corp.
Steven Weinstein, SVP, Infrastructure Delivery and DevOps, Broadridge
Derek Evans, Director of DevOps, BNY Mellon
Matt Rose, Global Director Application Security, Checkmarx
4:10-4:30PM Exhibits and Drawings for Door Prizes