Speaker:
Marene Allison, CISO, Johnson & Johnson

She’s been in the military, law enforcement, undercover and in very public leadership roles. But nothing quite prepared Marene Allison for a year like the past one. In this exclusive session, the Johnson & Johnson CISO opens up on:

• Cybersecurity’s ‘State of the Union’
• What transformation means for J&J
• Zero trust, SASE and other initiatives in response to the evolving threat landscape

Speaker:
Alex Corstorphine, Lead Security Solutions Engineer, Rapid7

Identity and access management (IAM) credentials have solved a myriad of security issues, but the recent cloud-based IAM movement still leaves many scratching their heads as to why it can be so complex. This is your chance to get some added clarity from the people tackling these issues every day. Come learn how practitioners establish and maintain least-privileged access to prioritize and remediate improper permission combinations that grant unintended or overly permissive access.

Speaker:
Ram Vaidyanathan, Product Marketing Manager - IT Security and SIEM Solutions, ManageEngine

Cyberattackers are becoming more sophisticated every day and taking down organizations using innovative methods. For example, living off the land attacks is a clear and present danger to any organization. In such a climate, organizations need to adopt their own sophisticated means of defense. One of the best ways to do this is using AI and ML algorithms to detect threats that would otherwise not be noticed.

Join Ram Vaidyanathan of ManageEngine, where you’ll:

• Learn about the technology behind an AI and ML-based SIEM solution, and how it can keep an organization secure.
• Understand why AI and ML are critical for cybersecurity of the future
• Learn about the technology that drives anomaly detection across users and entities in a network
• Learn what to look for in a SIEM solution that offers AI and ML

Speaker:
Raviv Levi, Vice President of Product, Cloud Security, Cisco Security Business

Digital business transformation, the shift to a distributed workforce as well as the return to the office are driving networking and security to the cloud. The secure access service edge (SASE) model consolidates networking and security functions – traditionally delivered in siloed point solutions – into a single integrated cloud-delivered service. Through the lens of Raviv’s personal journey learn about the revolution of secure networking, what SASE is and is not, and how to begin your transformation to SASE.

Speaker:
Jeff Costlow, Chief Information Security Officer, Extrahop

The SolarWinds SUNBURST attack was a rude awakening for many security teams, and it won't be the last time Security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With threats persisting inside the network for months, security teams need a new plan. In this session, CISO Jeff Costlow discusses strategies, including revising existing mental models and incident response processes, to build resilience in the fight against advanced threats.

Speaker:
Jameeka Green Aaron, Chief Information Security Officer, Auth0

Identity security is a critical business priority. The vulnerability of human behavior, the new work from anywhere environment, and the increasing sophistication of bad actors, have made identities a primary target. Unique organizational IT infrastructure and ever changing compliance regulations also add to the complexity. One size does not fit all for identity security- but managing multiple identity systems can have negative impacts on operational efficiencies and costs. So how do we effectively “secure identity” and what does that really mean?

Join Auth0 CISO, Jameeka Aaron in this discussion on identity security; the current landscape, how our resilience has changed, how privacy regulations are intersecting, and why identity can’t be a one size fits all.

Speaker:
Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx

The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.

Join Stephen Gates, Checkmarx SME where you’ll:

• Discover the six proven steps of embedding software security into DevOps.
• Learn how to ensure vulnerabilities and run-time risks are identified and remediated early in development.
• Explore the benefits of AppSec integration and automation into the tooling your developers use.

Speakers:
Allan Foster, Chief Evangelist Officer, ForgeRock
Fred Kwong, CISO & AVP Security, Identity and Operations, Delta Dental Plans Association
John F McClure, Global CISO, Laureate Education, Inc.

As the challenges of Identity evolve into dealing with more than just “Users,” there is a dramatic effect on the scale, scope and threat surface needing to be managed. Remote work, Delegation, SaaS and mobile apps all force us to have to change the assumptions and realities of managing Identities and controlling access.

Join this panel discussion and hear from your peers how some of these new (and not so new) approaches are impacting our decisions.

• Zero Trust
• Contextual Authorization
• Frictionless

Speakers:
Ahmed Mohamud, VP, Cyber Risk, Morgan Stanley
Martyn Crew, Director of Solutions Marketing, Gigamon
Stephen Scharf, Managing Director & Global Chief Security Officer, The Depository Trust & Clearing Corporation

As we begin 2021, many financial services companies are turning their attention to planning for the future - this means adapting to a hybrid workforce and a much greater reliance on cloud for operational efficiencies. While the transition is well underway for many organizations, the journey is fraught with challenges and potential security threats. This session will discuss

• How has the shift to dynamic work and multicloud environments introduced cybersecurity risk?
• How has the cloud journey been accelerated? Are you digitally transformed?
• What have been the network challenges in enabling the hybrid workforce?
• What will be the security model of The New Tomorrow?

Please join Martyn Crew, Gigamon's Solutions Marketing Director, Ahmed Mohamud, VP, Cyber Risk, Morgan Stanley and Stephen Scharf, Managing Director & Global Chief Security Officer, The Depository Trust & Clearing Corporation to discuss some of the issues and options facing the Financial Services industry as we step into The New Tomorrow

Speaker:
Sean D. Mack, CIO & CISO, Wiley

n this talk Sean explores what it means to be a modern technology leader and how we can drive the DevSecOps transformation. Sean will share his thoughts on modern leadership and DevSecOps and then sit down with Tom Field to diver deeper into these and other pressing topics for security leaders.

Key Takeaways

• Key characteristics of modern technology leadership
• A deeper understanding of what DevSecOps means for the modern enterprise
• How leaders can successfully drive the DevSecOps transformation

Speaker:
Joseph Bonavolonta, Special Agent in Charge of the FBI Boston Division, FBI

From election security to ransomware to nation-state attacks on supply chains, the FBI is actively engaged in cybersecurity crimes and investigations. And when your organization suffers such an incident, you likely will call upon the FBI. In this exclusive session, agent Joseph Bonavolonto discusses the current threat landscape and hottest cybercrimes, as well as:

• Who the adversaries are targeting – and what they want
• Impact of COVID-related malicious activities
• When and how to engage the FBI
.

Speaker:
Dave Lewis, Global Advisory CISO, Duo Security at Cisco

Security debt, defined by Dave Lewis, Global Advisory CISO, Duo Security at Cisco, as “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud computing and rise of IoT. Part of the problem is that, while organizations might accept the risks they encounter, they often neglect to review them or make a plan for the future, and that risk is compounded when patches are passed from person-to-person through staff changes and/or employee churn. However, it doesn’t have to be this way - to track and address security debt, organizations must develop and implement defined, repeatable processes. They should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.

Speaker:
Gurinder Bhatti, Senior Solutions Engineer, Okta

The explosion of mobile and cloud technologies has dissolved the traditional perimeter. As a result, organizations can no longer assume trust based on whether or not the user is on the corporate network. People – and their identities – are now the single control point across users, devices, and networks. Identity is the core of a Zero Trust strategy and it’s critical that the identity platform take a vendor-neutral approach so that all touch points and applications can integrate in one complete Zero Trust ecosystem.

Speaker:
Michael Geraghty, CISO, State of New Jersey

Michael Geraghty is the State of New Jersey’s Chief Information Security Officer (CISO) and Director of the NJ Cybersecurity and Communications Integration Cell (NJCCIC). In these roles Director Geraghty is responsible for the development and execution of the State’ cybersecurity strategy. He is responsible for leading and coordinating New Jersey’s cybersecurity efforts while building resiliency throughout the State and has direct responsibility for all aspects of statewide cybersecurity operations; governance, risk and compliance; and incident response.

Geraghty is an accomplished cybersecurity executive with a history of building innovative and model programs in private and public sector enterprises including roles as CISO of the Hudson’s Bay Company, Chief Information Officer of the National and International Centers for Missing and Exploited Children, Vice President of High Technology Investigations at Prudential Financial, and Network Intrusion Detection Manager, Lucent Technologies/Bell Labs. Geraghty began his career with the New Jersey State Police, where he served 12 years and led the formation and development of its High Technology Crimes Investigations Unit.

He has provided expert testimony before the United States Congress and in federal, state, and international courts on computer crime investigations and forensics. Geraghty is a past president of the Northeast Chapter of the High Technology Crimes Investigation Association and has held leadership roles in the National Strategic Policy Council on Cyber and Electronic Crime.

Speakers:
Jeffrey Brown, CISO, State of Connecticut
Kostas Georgakopoulos, Global CTO & CISO, Mondelez International
Rocco Grillo, Managing Director Global Cyber Risk & Incident Response Services, Alvarez & Marsal

Enterprise cybersecurity changed over a weekend last March - and so did the conversation about zero trust security. No longer a marketing buzz phrase, zero trust now represents the practical approach to validating credentials of employees, partners and trusted third parties. We've shifted from "trust, but verify" to "verify, then trust.

In this session, three experienced security leaders will weigh in on:

• How they have deployed zero trust
• Governance, culture and technology challenges to overcome
• Zero trust's impact on the future of third-party and supply chain risk

Speaker:
Avi Rembaum, Vice President of Security Solutions, Check Point Software Technologies

Preceding the outbreak of COVID-19 was a trend across industries to transform the traditional IT stack into a new form of computing, one that was focused on enabling agility and innovation while also delivering cost reduction. This shift sought to leverage public cloud and cloud-like development methods as well as infrastructure design. The effort to transform information technologies, like all changes, introduces new considerations, especially in the areas of cyber, information and network security. This session will highlight the steps of the transformation process and their security implications. It will also suggest key technologies and processes that organizations should consider when embarking on a transformation program.

Speakers:
Gwyndaf Davies, BigFix Technical Adviser Lead for EMEA, HCL Software
Ibrahim Gathungu, Head, Information Cyber Security Policy Regulation, Standard Chartered Bank
Kevin Murphy, Senior Manager of Enterprise Security, T-Mobile

The ‘borderless enterprise’ is one that is symbolized by the rapid move to remote work, high adoption of cloud-based services and applications, and the great number of dispersed mobile, IOT and other devices. Security has become inherently more complex, simultaneously increasing the challenges for security professionals and opportunities for criminals. So how can you keep your critical assets and data secure in this new world?

Join this panel of practitioners and security experts as they explore:

• The supply chain: What’s key to managing your third parties and navigating the complexity of contracts and relationships?
• Patching and standards: How can you keep up to date with device compliance and cybersecurity standards?
• BYOD: How can you balance policies vs. employee experience?

Speaker:
John (JB) Bartholomew, Senior VP of Technology, Security Metrics

While many organizations focus security resources on their main office, remote locations like clinics, branches or recently acquired locations may remain unsecured. These locations are an extension of the corporate network and can often contribute to any-office data breaches. To stay on top of threats, businesses need visibility and monitoring of network areas which formerly were in the dark. SecurityMetrics VP of Technology, John "JB" Bartholomew, will explain how SecurityMetrics Pulse–as part of the SecurityMetrics Threat Intelligence Center, provides a 360 degree view and monitoring into the full network attack surface.

Speakers:
Chris Pin, VP, Security and Privacy, PKWARE
Joe Linscott, Director of Product Strategy, PKWARE

While the US does not have a federal-level privacy law like the GDPR, multiple state-specific laws have been proposed and several signed into law, such as California’s CCPA and Virginia’s CDPA. Because no two laws are precisely alike, these state-level laws create added challenges for businesses: They must comply with the privacy laws of every state in which they have customers. Compliance for all then results in creating specific and separate processes for each demographic, and complexities increase if a customer relocates to another state.

In this session, PKWARE data security experts Chris Pin and Joe Linscott will discuss how your business can navigate complying with multiple privacy laws, including:

• Identifying the inherent challenges involved with following multiple state-level comprehensive privacy laws
• Which security controls can better manage data protection for achieving compliance
• The types of policies and procedures organizations can incorporate around data security and discovery tool sets

Speaker:
Nathan Burke, Chief Marketing Officer, Axonius

Global IT and security professionals cite a whopping 77% increase in complexity over the past two years, according to new research from Enterprise Strategy Group (ESG) and Axonius.

In this session, Nathan Burke, CMO at Axonius, takes a deep dive into the findings from the report, “Cybersecurity Asset Management Trends 2021: How the Rapid Shift to Remote Work Impacted IT Complexity and Post-pandemic Security Priorities.”

Join to learn:

• How security teams are transforming policy and infrastructure
• Key strategies as employees return to the office
• Why security teams are prioritizing automating asset inventories

Speakers:
Lalisha Hurt, Deputy CISO, GDIT
Patty Ryan, Sr. Director, CISO, Global Information Services, Ortho Clinical Diagnostics
Wanda Jones-Heath , CISO, U.S. Air Force

They are three CISOs from dramatically different organizations, but face very similar challenges in terms of securing connected devices, modernizing IT and OT, as well as recruiting and retaining skilled personnel. Attend this exclusive panel discussion for insights on:

• Threats and threat actors
• Shifting priorities and tooling
• The impact of SolarWinds, Colonial Pipeline and other high-profile incidents

Speaker:
David Cass, Vice President, Cyber & IT Risk, NY FED Reserve Bank

Remote work, digital banking, cloud migration. No doubt, the pandemic inspired an unprecedented wave of digital transformation for banking institutions of all sizes. But what impact has this transformation had on security strategies and on the federal regulators who supervise banks? David Cass of the Federal Reserve Bank of New York weighs in on:

• The pace and impact of digital transformation on banking
• Specific concerns around cloud, AI/ML and blockchain
• Lessons learned from how banks have deployed emerging technologies

Speaker:
Ariel Saldin Weintraub, CISO, MassMutual

AShe is filling big shoes and has big plans. As head of enterprise cybersecurity at MassMutual, Ariel Weintraub replaces renowned CISO Jim Routh. In this exclusive session, she discusses digital transformation, her groundwork in identity, as well as:

• Supply chain security
• Emerging technology
• Mentoring new cybersecurity leaders
.