Speaker:
Kevin Morrison, Managing Director, CISO, Alaska Air

Not only did Kevin Morrison start a new job at the beginning of the COVID-19 pandemic, but he also did so in a struggling industry. Today, as CISO of Alaska Airlines, he leads initiatives to integrate cybersecurity in the business and culture. He shares insights in this exclusive interview.

Speakers:
Mary Ann Furno, Offering Manager, Broadcom
Sujay Solomon, Manager of DevOps Product Management, Broadcom

Only YOU can make security pervasive. Today, siloed IT organizations give way to hybrid IT organizations that drive a need for an abundance of integrations via APIs. Bringing on premise and cloud services together is crucial and can inundate organizations unprepared for the complexity of it. The goal is often to create a workload-optimized environment that enables accelerated, on-demand IT service delivery while ensuring no compromise in security and compliance. Putting security first in integrated environments like this is often a challenge.

In this session, we will address the joint requirements, explore how to overcome the security challenge, understand why it is now more important than ever, and conclude on how to lead with security.

Key takeaways:

• Top challenges to address
• Addressing regulatory and compliance requirements
• Setting up and managing the environment
• Access control and credentials on APIs
• The need for and securing the test and pre-production environment

Speaker:
Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx

The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.

Join Stephen Gates, Checkmarx SME where you’ll:

• Discover the six proven steps of embedding software security into DevOps.
• Learn how to ensure vulnerabilities and run-time risks are identified and remediated early in development.
• Explore the benefits of AppSec integration and automation into the tooling your developers use.

Speakers:
Keith Tresh, CISO, State of Idaho
Michael Bray, CISO, Vancouver Clinic
Trey Blalock, CISO, Coinstar (Bellevue Washington)

Speaker:
Dave Lewis, Global Advisory CISO, Duo Security at Cisco

Security debt, defined by Dave Lewis, Global Advisory CISO, Duo Security at Cisco, as “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud computing and rise of IoT. Part of the problem is that, while organizations might accept the risks they encounter, they often neglect to review them or make a plan for the future, and that risk is compounded when patches are passed from person-to-person through staff changes and/or employee churn. However, it doesn’t have to be this way - to track and address security debt, organizations must develop and implement defined, repeatable processes. They should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.

Speaker:
Avi Rembaum, Vice President of Security Solutions, Check Point Software Technologies

Preceding the outbreak of COVID-19 was a trend across industries to transform the traditional IT stack into a new form of computing, one that was focused on enabling agility and innovation while also delivering cost reduction. This shift sought to leverage public cloud and cloud-like development methods as well as infrastructure design. The effort to transform information technologies, like all changes, introduces new considerations, especially in the areas of cyber, information and network security. This session will highlight the steps of the transformation process and their security implications. It will also suggest key technologies and processes that organizations should consider when embarking on a transformation program.

Speaker:
Nathanael Iversen, Chief Evangelist, Illumio

With the rise of hybrid multi-cloud architectures, micro-segmentation is fast becoming a foundational layer of the security architecture to help protect against unauthorized lateral movement and access to high-value assets. When implemented correctly, micro-segmentation can offer the security needed and provide tremendous application visibility in the process.

During this video you’ll learn:

• Why you need micro-segmentation and how it works
• How customers are using it to solve problems
• 5 steps to implementing a micro-segmentation strategy for your data center and cloud

Speaker:
Ryan Poppa, Director of Product Management at Cisco Cloud Security

How well do you really know your environment, your security practices and policies? Do you know the tools, techniques, and procedures that cyberattackers use to exploit your vulnerabilities?

Join Cisco Umbrella cybersecurity expert Ryan Poppa exposes the inner workings of a crafty cyberattack.

In his presentation, you'll learn:

• Why you have been targeted for attack
• How cybercriminals penetrate environments
• What tactics they use to pivot from system-to-system while escalating privileges along the way
• How they are capable of easily exfiltrating sensitive data out of your organization
• Where your biggest threats may exist

Ryan will also share key insights on how you can protect your organization against these malicious actors and improve your cybersecurity posture with immediate results.

Speaker:
Sean Ryan, Senior Analyst, Security & Risk, Forrester

An accelerated digital world calls for greater protection of identity and access - as well as greater agility in doing so. In this exclusive session, Sean Ryan of Forrester Research makes the case for IAM agility, focusing on:

• Identity governance
• Going passwordless
• Machine identities and non-human identities

Speakers:
Jamie Manriquez, VP, CISO Santa Cruz Bank
John F McClure, Global CISO, Laureate Education, Inc.
Renata C Spinks, Cyber Technology Officer, USMC

The old risk models no longer work. Today you have employees permanently assigned to home offices, under stress, in conditions that are ripe for malicious insiders who want to cause harm, as well as well-intentioned employees who make costly mistakes. How do you mitigate your new insider risks? Join this panel for a discussion of:

• Monitoring employee behavior
• Warning signs of malicious and accidental insider threat
• Insider risk education that really works

Speaker:
Cris Ewell, CISO, UW Medicine

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

• Work from anywhere
• Supply chain risk
• Medical device security

Speaker:
Khaja Ahmed, SVP, Head Global Product and Application Security, SAP

Speaker:
Vinod Brahmapuram, CISO, State of Washington

When COVID-19 hit the U.S., Washington State was its first ground zero. What immediate impact did state offices feel, and how has its CISO subsequently secured government agencies and employees through the pandemic, digital transformation and the new ‘work from anywhere’ paradigm? Vinod Brahmapuram shares insights on these and other hot topics.