Speakers:
Stephen R. Katz, Former CISO, Merrill Lynch and Citi
William Hugh Murray, Management Consultant and Information Assurance Trainer

Given current, turbulent conversations around physical and cybersecurity, it's hard to get an exact pulse on the state of the industry and where to start shoring up corporate processes to protect information. But with business and personal safety on the line, it's become increasingly important to be able to identify and combat security vulnerabilities and breaches. Join us as we discuss:

• What CISOs need to be prepared for in the years ahead
• How to think about security breaches today
• How to help keep your company and employees secure

Speaker:
Christopher R. Hetner, Special Advisor of Cyber Risk, National Association of Corporate Directors (NACD) and Former Sr. Cyber Security Advisor to SEC Chairman

IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But how about the new demands on cybersecurity leaders? What new skills, tools and strategies are needed to understand, quantify and manage cyber risk - which some leaders have described as today's top business risk?

In this session, Chris Hetner - former Global CISO at GE Capital, as well as Senior Advisor to the United States Securities and Exchange Commission (SEC) Chairman on Cybersecurity - will share insights on what's required of the next generation of security leaders, including:

• Identification, quantification and management of cyber risk in economic and business-impact terms;
• Managing board oversight;
• Ongoing due diligence to identify and manage new risks, especially during a merger or acquisition.

Speaker:
Jaret Osborne, Lead Solutions Engineer, Duo Security

The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps.

Speaker:
Franklyn Jones, Chief Marketing Officer, Cequence

The web, mobile, and API-based applications that power your digitally-connected organization are under attack by malicious automated bots and bad actors. Unfortunately, many of these attacks are undetectable by traditional security technologies. So how bad is the problem, and what can you do to protect yourself? We'll share new research from nearly 900 US organizations that explains exactly what they're dealing with on a daily basis - and how it's impacting their businesses. Join Cequence Security to learn why this is becoming the new #1 threat in today's hyper-connected economy, and get answers on a strategy moving forward.

Speaker:
Matt Cauthorn, VP of Security, ExtraHop

Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data. This session will explain how attackers can hide and misuse logs, agents, and standard security tools, and demonstrate effective approaches for countering their actions using network traffic analysis, passive monitoring, and real-time forensic data.

Join this session to learn:

• Understanding of current attack practices including abuse of legitimate traffic and encryption
• Ways hunters remain hidden from attackers to avoid your Counter IR maneuvers
• Ideas for making analysts faster and more effective at validating, investigating, and responding to threats
• Options for empowering cross-training and on-the-job training to increase analyst skills
• Clarity on how to gain visibility into cloud and encrypted traffic

Speaker:
Tim Horton, VP, Global Merchant Security and Compliance Solutions, First Data

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Technology and advanced loyalty programs are driving the collection of additional data, causing consumers to pay more attention to the types of data they are willing to share with merchants.

In this session, you will learn why merchants must pay more attention to data security, how a multi-layered approach protects both your business and customers, and why End-to-End Encryption (E2EE) is not enough to properly secure personal data.

Speaker:
Dena Bauckman, VP of Product Management, ZixCorp

As email threats become more advanced, machine learning is being used to detect these attacks. Learn the latest about machine learning & how it is changing the threat landscape.

This session discusses:

• How machine learning is being used to detect threats
• Latest advancements in machine learning for cyber security
• Limitations of machine learning in threat detection
• How to improve threat detection using machine learning

Speaker:
Markku Rossi, Chief Technology Officer, SSH Communications Security

Learn how the Zero Trust approach to access and authentication mitigates risk of misuse and prevents lateral movement inside a critical IT network. When implementing authentication for the right user at the right time with the right level of privilege, this approach helps organizations keep up with today's hybrid and multi-cloud environments by providing simple yet secure access control, convenience of use and improved visibility and auditability. Join our CTO, Markku Rossi, to learn why "Don't trust, verify" is your slogan for the future.

What Are Three Key Things the Audience Will Be Able to Do After Attending Your Session?

• How to manage access to critical data in complex on-prem and cloud IT networks through a single pane of glass and in a mostly automated fashion
• Why allowing only the right amount of privilege for the right user for the right amount of time improves security and mitigates internal and external risks
• How to log and audit every session for traceability, auditability and compliance using Zero Trust access management

Speaker:
Shaked Vax, Trusteer Products Strategist, IBM Security

Join us for a behind the scenes tour of the largest anti-fraud provider research operation. We discuss how to interlace Machine Learning, cyber threat intelligence, and fraud analysis into agile and accurate fraud prevention.

Taking a use case approach, we will demo a behavioral biometrics detection technology and discuss how to combine it with device hygiene, fingerprint, phishing detection, spoofing attempts and a worldwide fraudster database, among other factors to help prevent fraud and at the same time provide as low as 0.005% alert rates.

Speakers:
Ajoy Kumar, Executive Director, Depository Trust & Clearing Corporation
Rocco Grillo, Managing Director Global Cyber Risk & Incident Response Services, Alvarez & Marsal
Tony Cole, Chief Technology Officer, Attivo

Deception technology has been on security leaders' radar some time, but now it is becoming accessible to smaller organizations. And in their most recent analyses, market analysts give deception technologies kudos for improved sophistication and maturity.

Deception focuses on deploying assets - such as lures, bogus files, honeypots or simulated SCADA or IoT devices - in hopes of diverting attackers from the targets they most desire.

This expert panel discusses the maturity of deception technology solutions, with a focus on:

• What are the critical success factors for deploying deception technology?
• What lessons have been learned by pioneers?
• What are the key questions to ask when searching for a deception solution?

Speaker:
Mark Sangster, Vice President and Industry Security Strategist, eSentire

Independent research revealed that while 60% of firms have formal third party risk policies, nearly half have experienced a significant breach caused by a vendor. Why? Executives don't make vendor risk a priority or are too trusting. Learn from 600 IT and security leaders about top concerns around supply chain and policies/procedures used to mitigate risks. Explore lessons learned from vendor breaches that avoided headlines, but caused operational havoc and headaches. Learn to engage board members and executives to secure resources, build a due diligence package, create contracts that mandate security requirements, reduce human error, indemnify your firm, and define breach response. Learn how to sell a vendor risk program based on leading security programs in the US and Europe.

Attend this session to:

• Understand how to evaluate a vendors third party risk to your business
• Discuss the different types of adversarial campaigns and tools that are used to infiltrate third parties using real world examples
• Implement policies and procedures that mitigate third party risk.

Speaker:
Diana Kelley, CTO and Founding Partner, SecurityCurve & former Cybersecurity Field CTO, Microsoft

AI will enable breakthrough advances in areas like healthcare, agriculture, education and transportation; it's already happening in many ways. But new technology also inevitably raises complex questions and broad societal concerns. As we look to a future powered by a partnership between computers and humans, it's important that we address these challenges head on and address:

• How do we ensure that AI is designed and used responsibly?
• How do we establish ethical principles to protect people?
• How should we govern its use?
• And how will AI impact employment and jobs?

To answer these questions, technologists will need to work closely with government, academia, business, civil society and other stakeholders. And focus on ethical principles - fairness, reliability and safety, privacy and security, inclusivity, transparency, and accountability - to guide the cross-disciplinary development and use of artificial intelligence for business and cyber. In this talk we'll share the principle ethics of AI & ML and have a discussion about how we can all work together to forward AI and ML use responsibly.

Speaker:
Ted Augustinos, Partner, Locke Lord LLP

As of March 1, 2019, the two-year transition came to an end, and covered entities were required to be in compliance with the New York Department of Financial Services Cybersecurity Regulation Section 500.11, the Third Party Service Provider Security Policy. How are things going? How have they changed the way organizations currently approach vendor risk management? What can entities from other regulated sectors draw from NY DFS to improve their own third-party compliance?

In this session, attorney Ted Augustinos, a Partner at Locke Lord LLP and an expert on the NY DFS Cybersecurity Regulation, will discuss:

• How to ensure your organization is compliant with the regulation;
• The general state of compliance with NY DFS;
• How New York's approach to cybersecurity broadly, and vendor risk management in particular, is influencing emerging legislation in other states and sectors.

Speaker:
Julie Conroy, Head of Risk Insights and Advisory, Aite-Novarica Group

Attacks on card-not-present (CNP) merchants are escalating rapidly globally, fueled by rampant breaches, automated credential stuffing attacks, and the rapid growth of the CNP transactional category as a whole. The trend line is concerning for merchants, issuers, and the payment networks alike, as the industry seeks to control losses while still maintaining a positive e-commerce customer experience. The industry is working to address these challenges in a variety of ways, through technology, collaboration, and even updates to the rules of the road for CNP rails. This session will explore each of these three pillars of evolution for CNP transactions.

Speaker:
John Bennett, SVP & General Manager, Identity & Access Management at LogMeIn

An overwhelming 92% of businesses are experiencing identity challenges, from lack of resources to lack of security experience. The biggest challenge? Balancing ease of use for employees with increased security for the business. These two goals are critical, yet always at odds. How can IT securely manage users - their devices, apps, behavior, and more - without making it more difficult for employees to do their job?

Please join John Bennett, General Manager for Identity and Access Management at LogMeIn as he discusses new analyst research on the current state and challenges of managing identity, why having a comprehensive identity solution can balance the control IT needs with the experience users expect, and how LastPass Identity provides simple control and unified visibility across every access point, without the hassle of managing multiple solutions.

Speaker:
Moshe Ishai, Co-Founder & General Manager, HolistiCyber

Security professionals are facing today a reality where the balance between attackers and defenders in the Cyber arena has broken. Attackers have attained a significant advantage, unmatched to the means and security controls that the cyber defenders have developed.

In this session, you will learn:

• How to stay ahead of the attackers?
• Are we watching all angles / aspects?
• What are the transitions we should be paying attention to?
• How do we Identify the collisions between Trust management and Risk management?
• How to define the risks of Zero Trust architecture?
• How could "watching in all directions" weaken our security? And what can we do about it?
• Situational analysis perspectives - could that improve our Cyber resilience?

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

• The latest research on insider fraud
• How "accidental insiders" are enabling fraud schemes
• How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.

Speakers:
PJ Maloney, Senior Sales Executive, DXC Technology
William 'Buck' Houston, Director, WW Business Development, Micro Focus Global Alliances

According to the 2019 Cyberthreat Defense Report nearly eight out of 10 organizations (78 percent) were victims of at least one successful cyberattack in 2018. As rapidly as security teams are closing some doors, the enterprise is opening others that expose the inner workings of digital transformation to the cybercriminal underground. While corporate strategies around transformation are driving measurable business outcomes, they are - at the same time - creating new security risks through the adoption of new technologies, increased complexity and expansion of the attack surface. Hear from DXC/Micro Focus as we discuss five omnipresent cybersecurity challenges and present corresponding way to overcome them with DXC Technology services and Micro Focus security solutions.

Speaker:
Don Gray, Chief Technology Officer, PacketViper

For results-oriented security leaders seeking to rationalize their security stack, deception solutions can solve more than just the internal threat detection problem. This session will cover case studies where deception is used to not only amplify internal threat detection, but also improve threat prevention and reduce attack vectors to produce real-world benefits.

After this session, you will understand how deception can be used for:

• Threat detection and adaptive responses without complex orchestrations
• Obfuscating networks through a moving target defense (MTD)
• Deception based vendor risk management and automated policy enforcement

Speaker:
Ken Suh, Focus Group Leader, Cyber & Tech Claims, Beazley

Risks associated with cyber security incidents and business interruption are major concerns for companies worldwide. Improperly managed, cyber security incidents like ransomware can bring companies to a standstill and the resulting financial losses can have a substantial impact. Using real life examples, learn how Beazley, the market-leading cyber security insurance carrier, successfully partners with clients to confront the technical threat associated with cyber security risks, manage the associated legal and regulatory exposure, and recover financially from a loss of resulting income with business interruption coverage.

Speakers:
F. Ward Holloway III, Senior Director of Global Strategic Alliances, ForeScout
Malcolm (M.K.) Palmore, VP, Field CSO, Palo Alto Networks

The global nature of business and the presence and impact of cyber adversaries make it an organizational imperative to consistently re-assess the effectiveness of our security practices. Adopting best practices have become essential to consistently managing enterprise risk. Zero Trust offers security practitioners a roadmap to manage digital interactions at a foundational level. Hear from MK Palmore, Field CSO Palo Alto Networks and Ward Holloway, Sr. Director Strategic Alliances at Forescout, on the strategic benefits of implementing Zero Trust.

Join us to learn how to:

• Increase visibility in your security environments
• Reduce the attack surface (through the implementation of Zero Trust)
• Block Known Threats
• Identify New Threats & Implement Solutions

Speakers:
Jeff Dant, Managing Director, Fraud Operations & Intelligence - Enterprise Fraud Management, BMO Financial Group
Kristin Judge, CEO, Cybercrime Support Network

Whether you're a large enterprise that has experienced a headline data breach or a midmarket organization that has just been paralyzed by ransomware, you share points in common. Which law enforcement agency do I call after the incident has been discovered? What do I do - and not do with the affected systems? What resources are available to help my organization respond and recover?

Join this panel for unique insights on:

• Legal do's and don'ts of incident response
• How to work most effectively with federal law enforcement agencies
• Unique new resources for small-to-midsized organizations