Speakers:
Stephen R. Katz, Former CISO, Merrill Lynch and Citi
William Hugh Murray, Management Consultant and Information Assurance Trainer

Given current, turbulent conversations around physical and cybersecurity, it's hard to get an exact pulse on the state of the industry and where to start shoring up corporate processes to protect information. But with business and personal safety on the line, it's become increasingly important to be able to identify and combat security vulnerabilities and breaches. Join us as we discuss:

• What CISOs need to be prepared for in the years ahead
• How to think about security breaches today
• How to help keep your company and employees secure

Speaker:
Christopher R. Hetner, Managing Director of Cyber-Risk Security Consulting, Marsh

Join us for an enlightening discussion from former Senior Cybersecurity Advisor to the Chairman of the United States Securities and Exchange Commission (SEC), Christopher R. Hetner. In his current role as Managing Director of Cyber-Risk Security Consulting at Marsh Cyber Risk Services, he will be discussing what is required for the success of the next generation of cybersecurity leaders.

Speaker:
Jaret Osborne, Lead Solutions Engineer, Duo Security

The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps.

Speaker:
Franklyn Jones, Chief Marketing Officer, Cequence

The web, mobile, and API-based applications that power your digitally-connected organization are under attack by malicious automated bots and bad actors. Unfortunately, many of these attacks are undetectable by traditional security technologies. So how bad is the problem, and what can you do to protect yourself? We'll share new research from nearly 900 US organizations that explains exactly what they're dealing with on a daily basis - and how it's impacting their businesses. Join Cequence Security to learn why this is becoming the new #1 threat in today's hyper-connected economy, and get answers on a strategy moving forward.

Speaker:
Matt Cauthorn, VP of Security, ExtraHop

Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data. This session will explain how attackers can hide and misuse logs, agents, and standard security tools, and demonstrate effective approaches for countering their actions using network traffic analysis, passive monitoring, and real-time forensic data.

Join this session to learn:

• Understanding of current attack practices including abuse of legitimate traffic and encryption
• Ways hunters remain hidden from attackers to avoid your Counter IR maneuvers
• Ideas for making analysts faster and more effective at validating, investigating, and responding to threats
• Options for empowering cross-training and on-the-job training to increase analyst skills
• Clarity on how to gain visibility into cloud and encrypted traffic

Speaker:
Tim Horton, VP, Global Merchant Security and Compliance Solutions, First Data

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Technology and advanced loyalty programs are driving the collection of additional data, causing consumers to pay more attention to the types of data they are willing to share with merchants.

In this session, you will learn why merchants must pay more attention to data security, how a multi-layered approach protects both your business and customers, and why End-to-End Encryption (E2EE) is not enough to properly secure personal data.

Speaker:
Dena Bauckman, VP of Product Management, ZixCorp

As email threats become more advanced, machine learning is being used to detect these attacks. Learn the latest about machine learning & how it is changing the threat landscape.

Join this session to discuss:

• How machine learning is being used to detect threats
• Latest advancements in machine learning for cyber security
• Limitations of machine learning in threat detection
• How to improve threat detection using machine learning

Speaker:
Shaked Vax, Trusteer Products Strategist, IBM Security

Presented by IBM

Join a behind the scenes tour of the largest anti-fraud provider research operation. We will discuss how to interlace Machine Learning, cyber threat intelligence, and fraud analysts into agile and accurate fraud prevention.

Taking a use case approach, we will demo a behavioral biometrics detection technology, and discuss how to combine it with device hygiene, fingerprint, phishing detection, spoofing attempts, worldwide fraudster database and many more, to stop fraud and on the same time provide as low as 0.005% alert rate.

Speakers:
Rocco Grillo, Managing Director, Alvarez & Marsal
Tony Cole, Chief Technology Officer, Attivo

For years, attackers have successfully used deception tactics for breaching networks. They masquerade as legitimate employees, using stolen credentials and deceptive measures to infiltrate a network, all while remaining undetected for lengthy dwell times. Security teams are challenged in that they have to be successful 100% of the time, whereas an attacker only has to get lucky once. Join us to learn how to turn the tables.

Speaker:
Mark Sangster, Vice President and Industry Security Strategist, eSentire

Independent research revealed that while 60% of firms have formal third party risk policies, nearly half have experienced a significant breach caused by a vendor. Why? Executives don't make vendor risk a priority or are too trusting. Learn from 600 IT and security leaders about top concerns around supply chain and policies/procedures used to mitigate risks. Explore lessons learned from vendor breaches that avoided headlines, but caused operational havoc and headaches. Learn to engage board members and executives to secure resources, build a due diligence package, create contracts that mandate security requirements, reduce human error, indemnify your firm, and define breach response. Learn how to sell a vendor risk program based on leading security programs in the US and Europe.

Attend this session to:

• Understand how to evaluate a vendors third party risk to your business
• Discuss the different types of adversarial campaigns and tools that are used to infiltrate third parties using real world examples
• Implement policies and procedures that mitigate third party risk.

Speaker:
Diana Kelley, Cybersecurity Field CTO, Microsoft

AI will enable breakthrough advances in areas like healthcare, agriculture, education and transportation; it's already happening in many ways. But new technology also inevitably raises complex questions and broad societal concerns. As we look to a future powered by a partnership between computers and humans, it's important that we address these challenges head on and address:

• How do we ensure that AI is designed and used responsibly?
• How do we establish ethical principles to protect people?
• How should we govern its use?
• And how will AI impact employment and jobs?

To answer these questions, technologists will need to work closely with government, academia, business, civil society and other stakeholders. And focus on ethical principles - fairness, reliability and safety, privacy and security, inclusivity, transparency, and accountability - to guide the cross-disciplinary development and use of artificial intelligence for business and cyber. In this talk we'll share the principle ethics of AI & ML and have a discussion about how we can all work together to forward AI and ML use responsibly.

Speaker:
Ted Augustinos, Partner, Locke Lord LLP

As of March 1, 2019, the two-year transition came to an end, and covered entities were required to be in compliance with the New York Department of Financial Services Cybersecurity Regulation Section 500.11, the Third Party Service Provider Security Policy. How are things going? How have they changed the way organizations currently approach vendor risk management? What can entities from other regulated sectors draw from NY DFS to improve their own third-party compliance?

In this session, attorney Ted Augustinos, a Partner at Locke Lord LLP and an expert on the NY DFS Cybersecurity Regulation, will discuss:

• How to ensure your organization is compliant with the regulation;
• The general state of compliance with NY DFS;
• How New York's approach to cybersecurity broadly, and vendor risk management in particular, is influencing emerging legislation in other states and sectors.

Speaker:
Julie Conroy, Research Director, Aite Group

The bad guys are currently winning the war on the mobile fraud front, with losses mounting for organizations across sectors. Organized criminals have plenty of weapons in their arsenal, including vast quantities of breached data and carefully cultivated synthetic identities. How can businesses keep pace with the rising tide of financial fraud, while still maintaining an easy onboarding experience?

Julie Conroy, Research Director for Aite Group, will share brand new research that examines the new account fraud challenge for U.S. financial services providers, and successful solutions. You'll learn:

• The latest attack vectors and losses
• Successful defensive strategies, including machine learning analytics and digital identity detection solutions
• The role of customer experience as businesses are evaluating new technologies to deploy

Speaker:
John Bennett, GM of Identity & Access Management at LastPass by LogMeIn

An overwhelming 92% of businesses are experiencing identity challenges, from lack of resources to lack of security experience. The biggest challenge? Balancing ease of use for employees with increased security for the business. These two goals are critical, yet always at odds. How can IT securely manage users - their devices, apps, behavior, and more - without making it more difficult for employees to do their job?

Please join John Bennett, General Manager for Identity and Access Management at LogMeIn as he discusses new analyst research on the current state and challenges of managing identity, why having a comprehensive identity solution can balance the control IT needs with the experience users expect, and how LastPass Identity provides simple control and unified visibility across every access point, without the hassle of managing multiple solutions.

Speaker:
Ken Suh, Media and Technology Lead, Cyber & Executive Risk (CyEx) Claims Team, Beazley

As malware, business email compromises, phishing and vishing scams, etc. continue to evolve and proliferate, the same is true with cyber insurance. In the past two years, the cyber insurance market has matured, as growing numbers of insurers, brokers and policyholders have gained a greater understanding of the landscape and the proactive and reactive tools available to manage a cyber event. As a result, cyber policies are being updated to meet policyholders' ever - changing needs.

In this session, we will outline for security and risk leaders:

• The impact of the evolving cyber landscape on the changing cyber insurance market
• New cyber insurance policy coverages being offered, and other enhancements available by endorsement
• The development and implementation of a dedicated incident avoidance and breach response model to protect your business

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

• The latest research on insider fraud
• How "accidental insiders" are enabling fraud schemes
• How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.

Speakers:
PJ Maloney, Senior Sales Executive, DXC Technology
William 'Buck' Houston , Director, WW Business Development, Micro Focus Global Alliances

According to the 2019 Cyberthreat Defense Report nearly eight out of 10 organizations (78 percent) were victims of at least one successful cyberattack in 2018. As rapidly as security teams are closing some doors, the enterprise is opening others that expose the inner workings of digital transformation to the cybercriminal underground. While corporate strategies around transformation are driving measurable business outcomes, they are - at the same time - creating new security risks through the adoption of new technologies, increased complexity and expansion of the attack surface. Hear from DXC/Micro Focus as we discuss five omnipresent cybersecurity challenges and present corresponding way to overcome them with DXC Technology services and Micro Focus security solutions.

Speaker:
Don Gray, Chief Technology Officer, PacketViper

For results-oriented security leaders seeking to rationalize their security stack, deception solutions can solve more than just the internal threat detection problem. This session will cover case studies where deception is used to not only amplify internal threat detection, but also improve threat prevention and reduce attack vectors to produce real-world benefits.

What Are Three Key Things the Audience Will Be Able to Do After Attending Your Session?

After this session, you will understand how deception can be used for:

• Threat detection and adaptive responses without complex orchestrations
• Obfuscating networks through a moving target defense (MTD)
• Deception based vendor risk management and automated policy enforcement

Speaker:
Moshe Ishai , Co-Founder & General Manager, HolistiCyber

The balance between Attackers and Defenders in the Cyber arena had been totally broken. Attackers have attained a significant advantage, unmatched to the means and security controls that the cyber defenders have been developed.

• Are we watching all angles / aspects?
• Are there any transitions we are not paying attention to?
• Are there any collisions between Trust management and Risk management? What are the risks of Zero trust architecture?
• How could "watching in all directions" weaken our security?
• Situational analysis perspectives - could that improve our Cyber resilience?

Speakers:
Malcolm (M.K.) Palmore, VP, Field CSO, Palo Alto Networks
Tom Dolan, VP, Product Management, Forescout Technologies

Information security program development and maintenance continues to reside at the core of good response, incident management and overall information security program capability. In the current landscape, where the cyber threat consists largely of a growing and persistent threat of fraud and the potential for a large-scale cyber intrusion, an oftentimes diminished aspect of program development are the components of Governance, Risk and Compliance and how paying attention to the fundamental aspects of program development will lead to resiliency. The session, through the lens of the leader of one of the FBI's most active cyber investigative teams, will discuss:

• The importance of information security program development
• GRC's role in preparing and responding to fraud attempts and persistent attacks by cyber threat actors

Speakers:
Jeffrey Dant, Managing Director, Fraud Operations and Intelligence - Financial Crimes Unit, BMO Financial Group
Kristin Judge, CEO, Cybercrime Support Network

Whether you're a large enterprise that has experienced a headline data breach or a midmarket organization that has just been paralyzed by ransomware, you share points in common. Which law enforcement agency do I call after the incident has been discovered? What do I do - and not do with the affected systems? What resources are available to help my organization respond and recover?

Join this panel for unique insights on:

• Legal do's and don'ts of incident response
• How to work most effectively with federal law enforcement agencies
• Unique new resources for small-to-midsized organizations