↓ Agenda Key
Visionary speaker presents to entire audience on key issues, challenges and business opportunities
Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.
Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics
Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.
Solution provider-led session giving high-level overview of opportunities
Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.
End user-led session in boardroom style, focusing on best practices
Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.
Interactive session led by a moderator, focused on industry issue
Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.
Overview of recent project successes and failures
Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.
Discussion of business drivers within a particular industry area
Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.
Analyst Q&A Session
Moderator-led coverage of the latest industry research
Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.
Several brief, pointed overviews of the newest solutions and services
Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.
Pre-determined, one-on-one interaction revolving around solutions of interest
Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.
Open Forum Luncheon
Informal discussions on pre-determined topics
Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.
Unique activities at once relaxing, enjoyable and productive
Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.
12:00 pm - 6:00 pm
1:00 pm - 5:00 pm
5:30 pm - 6:30 pm
6:30 pm - 8:30 pm
Today's digital technologies quickly become commodities, and adoption of emerging technologies provides only temporary edge and differentiation. To stay ahead, you must think bigger and take bigger risks. Do not make the technologies themselves the focal point, but the profound business transformations they make feasible.
8:30 pm - 9:30 pm
7:00 am - 7:45 am
7:50 am - 8:00 am
8:00 am - 8:40 am
While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.
8:45 am - 9:20 am
We will explore key learnings from various industries and verticals on the good, the bad and the ugly of digital transformation. We will have an opportunity to not only be exposed to successful use cases, but also ask the hard questions behind those successes.
9:25 am - 10:00 am
There are many forces that are driving companies to continue to transform how they do business. Technological advances such as IoT, AI, machine learning, virtual reality and augmented reality are creating demanding expectations from customers, employees and boards. Adding to the complexity of CIOs and CISOs is the increasing threats to the security of the data that is at the heart of digital transformation. This keynote presentation will focus on the realities that this transformation will never end and it is critical to implement both the mindset and processes to treat digital transformation as a journey...not a destination.
10:00 am - 10:15 am
10:20 am - 10:45 am
Sensitive data is being moved into the cloud and accessed by remote or mobile users over public or unsecured networks. As a result, the perimeters of security have to focus on particular control points like identity and data security. CISOs need to know where the sensitive data is, who has the ability to access it, and how well it is actually being protected. Data security priorities are also incredibly heightened by regulations and compliance, such as the launch of GDPR in May.
10:50 am - 11:15 am
Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality - not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol.
A real-time, embedded solution like Prevoty's runtime application self-protection (RASP) changes the game completely. Prevoty places an automated security mechanism at the front of the line - directly in the application's operating environment - to immediately lower risk and act as a compensating control at runtime.
As such, Prevoty-enabled enterprises see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Prevoty RASP detects live production attacks and generates real-time security event longs and reports. Security teams can then correlate pre-production vulnerability scan results with Prevoty's runtime attack logs to go back, remediate based on actual risk - not just hypothetical threats. The result? Improved forensics.
11:20 am - 11:45 am
We have moved from an information-poor to an information-rich society. Practically unlimited availability of data, computing, networking, and socio-mobile connectivity are fundamentally altering our world. In particular, they are enabling businesses to become more effective and efficient by using big data analytics - collecting all relevant data and automating their processing to drive decision-making. This represents a fundamental shift from traditional business analytics where limited amount of structured data is batch-processed to produce standard Business Intelligence reports. We will assess the current state of big data analytics, technology and business trends, and their enormous implications to the future of all businesses.
The 2017 M.E. Docs cyberattack that crippled hundreds of companies crafted blueprints for hijacking a vendor by targeting and attacking clients through trusted vendor partners. These events herald a new generation of supply chain-based attacks that pit vendor and client against each other as they struggle to navigate co-managed risk mitigation and the resulting consumer, regulatory and legal backlash.
In 2018, eSentire detected and mitigated an exploit that targeted a key remote administration tool relied upon by a multitude of managed security service firms. This exploit was used to deliver a dangerous payload to their client base. In this talk, Mark Sangster will provide frameworks for assessing your vendors' cyber resilience and discuss building a trusted supply chain through co-managed cybersecurity programs, open communication and event notification, and proactive contractual obligations.
11:50 am - 12:15 pm
Migrating operational aspects of the Software Supply Chain to the left ensures that concerns are represented as design constraints before they represent too much burden, debt or complexity. For security practitioners, shifting left is a complete nirvana because it represents the opportunity to see better security in products sooner. Essentially, security becomes a design constraint. The shift-left paradigm is also consistent with messaging that requires security to be built into software instead of being bolted on.
It is not a matter of if, but a matter of when. Organizations, more and more, and are outsourcing business activities to 3rd-parties because of cost-savings, revenue opportunities, expertise, etc. Thus collaborating with our business partners early to select the right 3rd-party vendor(s) with the appropriate security posture is essential, especially for vendors hosting, processing and/or transmitting sensitive/regulatory information, or having access to our IT assets.
12:15 pm - 1:30 pm
Disruption alters, destroys, but also creates value. You realize the need to act once revenue starts to shift, which is happening at a faster pace than most would think. Disruption can be a great thing if you act upon it, but it's a threat if you watch idly. We will discuss how CIOs and CISOs can be proactive and act on disruption by figuring out how to identify, prioritize and respond.
1:35 pm - 2:00 pm
Deep dives into the latest and greatest technology solutions to today's business problems.
2:05 pm - 2:30 pm
Cybersecurity dominated the news cycle in 2017. There were headlines about viral ransomware, global destructive wipers posing as ransomware, leaks of spy tools from U.S. intelligence agencies, and breaches at major companies.
What does 2018 hold in store for the defenders? Come discuss the largest security trends Cybereason researchers have identified for 2018.
In this talk, we will discuss how attackers have begun conducting Internet-scale attacks at machine speed by leveraging new scanning technologies. Qadium will present examples of how new classes of perimeter exposures are creating new risks, and data on global Internet trends.
2:35 pm - 3:00 pm
Employees are consumers of digital technologies such as IoT, AR and VR. The plethora of mobile devices has enabled them to work where they want and when they want which has raised the bar on employee expectations for tools and capabilities from their employers. In order for companies to retain the best and get the most out of their employees, it is vital to design and continually update the digital workplace. We will discuss the current trends as well as share case studies of successful digital workplace implementations including how to deal with the inherent security risks of expanded accessibility to company resources.
3:05 pm - 3:30 pm
Evolution never stops. This is most evident in the world of cyber crime. Threats constantly mutate, technology progresses and the lines of responsibility blur. Protecting against new forms of attack requires experience of how criminals change their methods. Defenders must use intelligence on adversaries and understand the vulnerabilities of their organization to build a picture of the situation.
3:30 pm - 3:45 pm
3:50 pm - 4:15 pm
Artificial Intelligence (AI) and Machine Learning (ML) both have the capability to greatly improve upon security decision making and incident pattern recognition. CISOs can improve upon being able to recognize exploits and weaknesses within their network by using the advancements of these technologies. With hackers using AI and ML to create malware, adopting these technologies to stay ahead of advanced threats has become a matter of high importance.
In today's digitally connected world, there's a good chance your information has been exposed at some point. Last year, we saw major data breaches from companies across several industries as a result of ransomware attacks. Ransomware attacks and zero-day exploits have greatly stressed the importance of patch management, endpoint protection or Next-Gen Antivirus (NGAV) to all information security professionals. At a time when cybercriminals are constantly seeking weaknesses in firmware and applications, patching is increasingly crucial. Conclusively establishing your patch management process and having an endpoint protection product should be a high priority.
4:20 pm - 4:45 pm
A brief, but compelling review of three new innovative technologies supporting digital transformation.
4:50 pm - 5:30 pm
The biggest fear is not the technology, it is the mistakes made by the people using the technology that could potentially lead to a cyberattack. The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. Most also agree that they will not be able to reduce the level of employee disregard for information security. How do we guard against human error without limiting employee efficiency and productivity?
5:30 pm - 6:30 pm
6:30 pm - 8:00 pm
Digital transformation is changing how you equip your employees and how your company interacts with customers. It is also changing the role of the CIO and CISO to be a business leader and internal sales leader for transformation. CIOs are now responsible for communicating strategies and recommendations to CxOs, boards and key stakeholders within a company. Join us, during dinner, for a passionate panel discussion with your peers as they share how they are successfully communicating internally to accomplish the company's goals.
8:00 pm - 9:30 pm
7:00 am - 8:00 am
8:05 am - 8:45 am
It's no secret - the integration of disparate systems, disparate applications, and disparate data stores has long been one of the biggest challenges faced by the IT department. Simply put, getting everything to talk to everything is no easy task. The rapid adoption of cloud delivered services has compounded this problem almost exponentially - if it was hard to integrate when you controlled the whole stack it has become nearly impossible when you control very little of it. To be efficient and effective IT departments need to adopt a new model of system, application, and data integration. Endless webs of one-off point-to-point integrations simply won't cut it anymore and a purposeful, structured approach is required.
8:50 am - 9:25 am
Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.
9:30 am - 9:55 am
The smartphone is the primary communication and computing device for many of today's consumers. This dependency on mobile devices will translate into a majority of enterprise computing outside of traditional PC computing. This will have the greatest impact with on campus (non-office-based) and off campus mobile workers who are becoming increasingly connected by rich real time communications powered by mobile applications running on wearable devices such as smart glasses. The rise of IoT in the enterprise, or the Enterprise of Things, will allow these workers to instantly connect with assets in the field to gain immediate understanding of the situation around them.
This session will explore the impact that these connected workers and endpoints will have on your enterprise and its ability to drive growth. Attendees will also learn security concerns that come with these new tools and how to best address them.
9:55 am - 10:10 am
10:15 am - 10:40 am
Deep dives into the latest and greatest technology solutions to today's business problems.
10:45 am - 11:10 am
While new technology and solutions can help CISOs make more, faster and better decisions for an organization, nothing will take the place of a highly talented workforce. CISOs need to be great recruiters of talent but even more importantly growing the skills and capabilities of their team providing engaging and challenging opportunities for people. Competitive compensation is important for retaining great talent but so is a work environment where individual growth and development are front of mind and not an afterthought.
11:15 am - 11:40 am
As security and technology leaders we often get wrapped up in maturity assessments and qualitative risk metrics that border on guessing. We've all had a goal of "maturity level 3"at some point in our careers, but what in the world does that mean? How did someone come up with that? Instead of playing the guessing game, lets establish some real criteria. How much risk are we comfortable with as a business? How are we developing our controls, spending our money, to manage to that risk tolerance appropriately? Using FAIR, and thinking about the problem a little differently, we can more efficiently spend our budgets and more accurately manage risk. We'll talk through a few real world risk examples and show some metrics examples to allow for better risk discussion and management.
Agile, DevOps, containers, microservices, the cloud are all seeing increased adoption across the enterprise. But, while there are valid business reasons to embrace these new models, there is potential risk in implementation. Is this change necessary? If so, how can this change be accommodated effectively, safely? This session will cover some common elements of the risk of change - and of not changing - and suggest approaches to minimize risk as you adopt these new technologies.
11:45 am - 12:20 pm
Best practice in most enterprises, at least as far as the CIO and CISO goes, is to squash Shadow IT wherever it is encountered. Shadow IT, the argument goes, leads to a world of data and integration problems for the IT department, and significant amounts of unknown and unquantifiable risk for the information security group. A small but vocal minority however is beginning to advocate for Shadow IT as a catalyst of innovation, citing the increases in productivity and creativity by allowing enterprise staff to find their own out of the box solutions to organizational problems. CISOs can allow their organizations to have their cake (Shadow IT) and eat it too (still be secure) by following a few simple steps that allow them to build in security regardless of user activity.
12:25 pm - 1:00 pm