
9:00 am - 9:30 am

Registration & Exhibit Browsing

ISMG’s Global Summit Series will take place across multiple continents, focusing on global security topics such as fraud and breach prevention, zero trust security, connected devices and on many key industry verticals such as finance, government, retail, energy and healthcare.
All content will be driven by our global editorial team from publications such as DataBreachtoday, BankInfoSecurity, GovInfoSecurity and HealthcareInfoSecurity, as well as our newest sites dedicated to Payments Security, Device Security and Fraud. These events will provide the opportunity to learn from industry influencers, earn CPE credits, meet with leading technology providers and be a part of the ISMG community of over 900,000 subscribers.
April 27 & 28th 2021
Registering For a Group?
Call + 1 (609)-356-1499
Interested in addressing ISMG’s global audience of cybersecurity, information security, fraud, risk and compliance professionals?
Speaker:
Robin Kelly, Congresswoman, Illinois
As a U.S. Congresswoman, Rep. Robin Kelly of Illinois was the main force behind the bipartisan IoT Cybersecurity Improvement Act, which was signed into law late last year. The law addresses the supply chain risk to the federal government stemming from insecure IoT devices by establishing minimum security requirements for procurement of connected devices.
Some critics view the requirements for NIST and OMB to update IoT guidelines and policies every five years, far too lenient. Things change too fast in Cybersecurity for 5 year changes to be effective.
IoT devices are rushed to market with de-prioritized security measures creating an exponential increase in our attack surfaces. They become low-hanging fruit for Cyber-criminals. The Act does little to prevent manufacturers from reforming their practices – in fact, it essentially places the chicken coop under the watchful eye of the fox.
There are broad-ranging impacts from this legislation on all companies providing products within the Federal supply chain. To explore and understand the ramifications of this ACT, Robin Kelly joins us in a keynote interview where she discusses:
Speakers:
Chip Mason, Lead, Mainframe Security Product Management, BroadcomMary Ann Furno, Offering Manager, Broadcom
Today's cloud-connected Mainframe is a vital infrastructure for crucial business applications and data - even more so for banking and financial service companies that carry the highest security and most stringent regulatory requirements. This cloud-connected, hybrid IT model can increase security risk and open opportunities for attacks, but it doesn't have to
Mainframes often house the most vital data and applications. Shifting away from "firefighting" mode and ensuring they integrate into the enterprise security plan can help to eliminate vulnerabilities and threats.
In this session, we'll explore how a comprehensive security suite can help us reduce risk through data classification, avoid human error, use automation and analytics to make decisions and align with best practices, and reduce insider and stolen credential threats with advanced identity management and privileged user management.
Key takeaways:Speaker:
Ryan Poppa, Director of Product Management at Cisco Cloud Security
How well do you really know your environment, your security practices and policies? Do you know the tools, techniques, and procedures that cyberattackers use to exploit your vulnerabilities?
Join Cisco Umbrella cybersecurity expert Ryan Poppa exposes the inner workings of a crafty cyberattack.
In his presentation, you'll learn:
Ryan will also share key insights on how you can protect your organization against these malicious actors and improve your cybersecurity posture with immediate results.
Speaker:
Patrick Hogan, Assistant to the Special Agent in Charge, Chicago Cyber Fraud Task Force, U.S. Secret Service
Speaker:
Dave Lewis, Global Advisory CISO, Duo Security at Cisco
Security debt, defined by Dave Lewis, Global Advisory CISO, Duo Security at Cisco, as “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud computing and rise of IoT. Part of the problem is that, while organizations might accept the risks they encounter, they often neglect to review them or make a plan for the future, and that risk is compounded when patches are passed from person-to-person through staff changes and/or employee churn. However, it doesn’t have to be this way - to track and address security debt, organizations must develop and implement defined, repeatable processes. They should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.
Speaker:
Chris Gustafson, Senior Solutions Engineer, Okta
In today’s uncertain world, organizations must find ways to ensure their customers can engage with their services at any time, from any device, in a secure and safe manner. That is where customer identity and access management comes in or “CIAM”. A CIAM solution must not only meet today’s security and compliance standards, but also create frictionless customer experiences to meet customers where they are and in the ways they need. Join our sessions as we discuss CIAM in more detail, how priorities have shifted this year and what CIAM maturity looks like.
Speaker:
Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx
The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.
Join Stephen Gates, Checkmarx SME where you’ll:
Speaker:
John Bloomer, Director of Engineering, North Central Region, Office of the CTO, Check Point
If there's anything we've learned over the course of the pandemic, it's that cyber criminals are eager to exploit current events to advance their goals. Over the course of this session we will look at some of the trends that have emerged over the past year with malicious campaigns related to the headlines of the day.
Speakers:
Brian Kelley, CTO, Ohio Turnpike and Infrastructure CommissionFred Kwong, CISO & AVP Security, Identity and OperationsPat Beniot, VP Global Cyber Governance, Risk and Compliance/BISO, CBRE
The old risk models no longer work. Today you have employees permanently assigned to home offices, under stress, in conditions that are ripe for malicious insiders who want to cause harm, as well as well-intentioned employees who make costly mistakes. How do you mitigate your new insider risks? Join this panel for a discussion of:
Speaker:
Arjun Kolady, Security Solutions Engineer, HackerOne
Did you know that 80% of CISOs say that software projects have been hindered by concerns over inevitable security issues? Vulnerabilities don’t need to slow you down. Join HackerOne for a discussion on "Why the future of DevOps Needs Hackers."
In this session, you’ll learn:
Speaker:
Jason Weiss, former FBI Special Agent; Attorney, Faegre Drinker Biddle & Reath LLP
Briefly, this presentation discussed the emerging threats of different types of disruptionware attacks and potential defenses to protect yourself. We will discuss may of the tools that make up the disruptionware tool kit and how these tools work. We will also talk about how disruptionware attacks work and their attack methodologies with some examples of recent disruptionware attacks.
Speaker:
Kevin Fu, Acting Director, Medical Device Cybersecurity, FDA Center for Devices and Radiological Health
Scientist, educator, government official. Kevin Fu is a pioneer in the battle to achieve medical device cybersecurity, and he has played multiple roles. From his current position within the FDA, Fu discusses the state of medical device security, including:
Speaker:
Siva Balu, VP & CIO, YMCA of the USA
The YMCA was founded in 1844 as an organization to help build healthy spirit, mind and body. Digital wasn’t a consideration. But in 2021, Siva Balu is very much immersed in digital transformation and on how the YMCA of the USA can transition from COVID-19 to help 10,000 communities embrace digitalization securely. In this exclusive session, Balu discusses:
Speaker:
Meredith Harper, VP, CISO, Eli Lilly and Company
Has there ever been a more challenging time to be CISO of a major global pharmaceutical enterprise? Meredith Harper, VP and CISO of Eli Lilly and Company, discusses how the organization has responded to COVID-19 and the new workplace. She also shares plans for:
Speaker:
Robin Kelly, Congresswoman, Illinois
As a U.S. Congresswoman, Rep. Robin Kelly of Illinois was the main force behind the bipartisan IoT Cybersecurity Improvement Act, which was signed into law late last year. The law addresses the supply chain risk to the federal government stemming from insecure IoT devices by establishing minimum security requirements for procurement of connected devices.
Some critics view the requirements for NIST and OMB to update IoT guidelines and policies every five years, far too lenient. Things change too fast in Cybersecurity for 5 year changes to be effective.
IoT devices are rushed to market with de-prioritized security measures creating an exponential increase in our attack surfaces. They become low-hanging fruit for Cyber-criminals. The Act does little to prevent manufacturers from reforming their practices – in fact, it essentially places the chicken coop under the watchful eye of the fox.
There are broad-ranging impacts from this legislation on all companies providing products within the Federal supply chain. To explore and understand the ramifications of this ACT, Robin Kelly joins us in a keynote interview where she discusses:
Speakers:
Chip Mason, Lead, Mainframe Security Product Management, BroadcomMary Ann Furno, Offering Manager, Broadcom
Today's cloud-connected Mainframe is a vital infrastructure for crucial business applications and data - even more so for banking and financial service companies that carry the highest security and most stringent regulatory requirements. This cloud-connected, hybrid IT model can increase security risk and open opportunities for attacks, but it doesn't have to
Mainframes often house the most vital data and applications. Shifting away from "firefighting" mode and ensuring they integrate into the enterprise security plan can help to eliminate vulnerabilities and threats.
In this session, we'll explore how a comprehensive security suite can help us reduce risk through data classification, avoid human error, use automation and analytics to make decisions and align with best practices, and reduce insider and stolen credential threats with advanced identity management and privileged user management.
Key takeaways:Speaker:
Ryan Poppa, Director of Product Management at Cisco Cloud Security
How well do you really know your environment, your security practices and policies? Do you know the tools, techniques, and procedures that cyberattackers use to exploit your vulnerabilities?
Join Cisco Umbrella cybersecurity expert Ryan Poppa exposes the inner workings of a crafty cyberattack.
In his presentation, you'll learn:
Ryan will also share key insights on how you can protect your organization against these malicious actors and improve your cybersecurity posture with immediate results.
Speaker:
Patrick Hogan, Assistant to the Special Agent in Charge, Chicago Cyber Fraud Task Force, U.S. Secret Service
Speaker:
Dave Lewis, Global Advisory CISO, Duo Security at Cisco
Security debt, defined by Dave Lewis, Global Advisory CISO, Duo Security at Cisco, as “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud computing and rise of IoT. Part of the problem is that, while organizations might accept the risks they encounter, they often neglect to review them or make a plan for the future, and that risk is compounded when patches are passed from person-to-person through staff changes and/or employee churn. However, it doesn’t have to be this way - to track and address security debt, organizations must develop and implement defined, repeatable processes. They should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.
Speaker:
Chris Gustafson, Senior Solutions Engineer, Okta
In today’s uncertain world, organizations must find ways to ensure their customers can engage with their services at any time, from any device, in a secure and safe manner. That is where customer identity and access management comes in or “CIAM”. A CIAM solution must not only meet today’s security and compliance standards, but also create frictionless customer experiences to meet customers where they are and in the ways they need. Join our sessions as we discuss CIAM in more detail, how priorities have shifted this year and what CIAM maturity looks like.
Speaker:
Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx
The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.
Join Stephen Gates, Checkmarx SME where you’ll:
Speaker:
John Bloomer, Director of Engineering, North Central Region, Office of the CTO, Check Point
If there's anything we've learned over the course of the pandemic, it's that cyber criminals are eager to exploit current events to advance their goals. Over the course of this session we will look at some of the trends that have emerged over the past year with malicious campaigns related to the headlines of the day.
Speakers:
Brian Kelley, CTO, Ohio Turnpike and Infrastructure CommissionFred Kwong, CISO & AVP Security, Identity and OperationsPat Beniot, VP Global Cyber Governance, Risk and Compliance/BISO, CBRE
The old risk models no longer work. Today you have employees permanently assigned to home offices, under stress, in conditions that are ripe for malicious insiders who want to cause harm, as well as well-intentioned employees who make costly mistakes. How do you mitigate your new insider risks? Join this panel for a discussion of:
Speaker:
Arjun Kolady, Security Solutions Engineer, HackerOne
Did you know that 80% of CISOs say that software projects have been hindered by concerns over inevitable security issues? Vulnerabilities don’t need to slow you down. Join HackerOne for a discussion on "Why the future of DevOps Needs Hackers."
In this session, you’ll learn:
Speaker:
Jason Weiss, former FBI Special Agent; Attorney, Faegre Drinker Biddle & Reath LLP
Briefly, this presentation discussed the emerging threats of different types of disruptionware attacks and potential defenses to protect yourself. We will discuss may of the tools that make up the disruptionware tool kit and how these tools work. We will also talk about how disruptionware attacks work and their attack methodologies with some examples of recent disruptionware attacks.
Speaker:
Kevin Fu, Acting Director, Medical Device Cybersecurity, FDA Center for Devices and Radiological Health
Scientist, educator, government official. Kevin Fu is a pioneer in the battle to achieve medical device cybersecurity, and he has played multiple roles. From his current position within the FDA, Fu discusses the state of medical device security, including:
Speaker:
Siva Balu, VP & CIO, YMCA of the USA
The YMCA was founded in 1844 as an organization to help build healthy spirit, mind and body. Digital wasn’t a consideration. But in 2021, Siva Balu is very much immersed in digital transformation and on how the YMCA of the USA can transition from COVID-19 to help 10,000 communities embrace digitalization securely. In this exclusive session, Balu discusses:
Speaker:
Meredith Harper, VP, CISO, Eli Lilly and Company
Has there ever been a more challenging time to be CISO of a major global pharmaceutical enterprise? Meredith Harper, VP and CISO of Eli Lilly and Company, discusses how the organization has responded to COVID-19 and the new workplace. She also shares plans for:
View sessions, chat with speakers and technology experts in our Interactive Exhibit & Networking Experience, and browse our Resource Center to download educational assets to review post-summit.
If you miss any live sessions, feel free to log in and view on demand at your own pace. Session recordings will be available in our virtual environment after the agenda has ended.
ISMG Virtual Summit Attendee Guide
For more information please download our ISMG Virtual Summit Attendee Guide.
To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.
Registering For a Group?
Call + 1 (609)-356-1499 or email at events@ismg.io