Speaker:
Kevin Morrison, Managing Director, CISO, Alaska Air

Kevin Morrison is the Managing Director of Enterprise Information Security, & CISO at Alaska Air Group in Seattle, WA. Alaska Air Group has both Alaska Airlines and Horizon Airlines under its umbrella, and Kevin has been fortunate to serve in this role since May 2020. Kevin has held previous CISO roles at Coinstar, PulteGroup, and at Jones Day, which is one of the oldest and largest law firms in the world. His background spans nearly 22 years in IT, with over 16 of them in Information and Cybersecurity. Kevin’s passion for people and security has included building and leading teams focused on incident management, operations, DLP, mobility, forensics, compliance, policy, privacy, and business continuity in innovative and highly regulated environments across public and private industries.

Kevin has had the pleasure to present extensively within the Information Security community and has served on several advisory and governance boards, and in March 2015, was selected by his peers as the ISE® Southeast People’s Choice Award Winner. He holds a B.S. in IT from UMass Lowell, and an MBA from Pacific Lutheran University, while maintaining CISSP, CISM, and CISA certification

Speakers:
Mary Ann Furno, Offering Manager, Broadcom
Sujay Solomon, Manager of DevOps Product Management, Broadcom

Only YOU can make security pervasive. Today, siloed IT organizations give way to hybrid IT organizations that drive a need for an abundance of integrations via APIs. Bringing on premise and cloud services together is crucial and can inundate organizations unprepared for the complexity of it. The goal is often to create a workload-optimized environment that enables accelerated, on-demand IT service delivery while ensuring no compromise in security and compliance. Putting security first in integrated environments like this is often a challenge.

In this session, we will address the joint requirements, explore how to overcome the security challenge, understand why it is now more important than ever, and conclude on how to lead with security.

Key takeaways:

• Top challenges to address
• Addressing regulatory and compliance requirements
• Setting up and managing the environment
• Access control and credentials on APIs
• The need for and securing the test and pre-production environment

Speaker:
Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx

The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.

Join Stephen Gates, Checkmarx SME where you’ll:

• Discover the six proven steps of embedding software security into DevOps.
• Learn how to ensure vulnerabilities and run-time risks are identified and remediated early in development.
• Explore the benefits of AppSec integration and automation into the tooling your developers use.

Speakers:
Jamie Manriquez, VP, CISO Santa Cruz Bank
John F McClure, Global CISO, Laureate Education, Inc.
Renata C Spinks, Cyber Technology Officer, USMC

The old risk models no longer work. Today you have employees permanently assigned to home offices, under stress, in conditions that are ripe for malicious insiders who want to cause harm, as well as well-intentioned employees who make costly mistakes. How do you mitigate your new insider risks? Join this panel for a discussion of:

• Monitoring employee behavior
• Warning signs of malicious and accidental insider threat
• Insider risk education that really works

Speaker:
Dave Lewis, Global Advisory CISO, Duo Security at Cisco

Security debt, defined by Dave Lewis, Global Advisory CISO, Duo Security at Cisco, as “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud computing and rise of IoT. Part of the problem is that, while organizations might accept the risks they encounter, they often neglect to review them or make a plan for the future, and that risk is compounded when patches are passed from person-to-person through staff changes and/or employee churn. However, it doesn’t have to be this way - to track and address security debt, organizations must develop and implement defined, repeatable processes. They should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.

Speaker:
Ryan Poppa, Director of Product Management at Cisco Cloud Security

How well do you really know your environment, your security practices and policies? Do you know the tools, techniques, and procedures that cyberattackers use to exploit your vulnerabilities?

Join Cisco Umbrella cybersecurity expert Ryan Poppa exposes the inner workings of a crafty cyberattack.

In his presentation, you'll learn:

• Why you have been targeted for attack
• How cybercriminals penetrate environments
• What tactics they use to pivot from system-to-system while escalating privileges along the way
• How they are capable of easily exfiltrating sensitive data out of your organization
• Where your biggest threats may exist

Ryan will also share key insights on how you can protect your organization against these malicious actors and improve your cybersecurity posture with immediate results.

Speaker:
Avi Rembaum, Vice President of Security Solutions, Check Point Software Technologies

Preceding the outbreak of COVID-19 was a trend across industries to transform the traditional IT stack into a new form of computing, one that was focused on enabling agility and innovation while also delivering cost reduction. This shift sought to leverage public cloud and cloud-like development methods as well as infrastructure design. The effort to transform information technologies, like all changes, introduces new considerations, especially in the areas of cyber, information and network security. This session will highlight the steps of the transformation process and their security implications. It will also suggest key technologies and processes that organizations should consider when embarking on a transformation program.

Speakers:
Keith Tresh, CISO, State of Idaho
Michael Bray, CISO, Vancouver Clinic
Trey Blalock, CISO, Coinstar (Bellevue Washington)

Speaker:
Sean Ryan, Senior Analyst, Security & Risk, Forrester

A accelerated digital world calls for greater protection of identity and access - as well as greater agility in doing so. In this exclusive session, Sean Ryan of Forrester Research makes the case for IAM agility, focusing on:

• Identity governance
• Going passwordless
• Machine identities and non-human identities

Speaker:
Cris Ewell, CISO, UW Medicine

Washington State was the first U.S. epicenter of the COVID-19 pandemic, and as CISO of UW Medicine Cris Ewell was supporting the first responders. How is his security organization most different today than it was a year ago? Hear his approach to:

• Work from anywhere
• Supply chain risk
• Medical device security

Speaker:
Vinod Brahmapuram, CISO, State of Washington

Vinod Brahmapuram was appointed state Chief Information Security Officer in October 2019. Vinod oversees WaTech’s state Office of Cybersecurity and is responsible for establishing and leading the strategic direction of cybersecurity for state government, as well as advising the Governor and Legislators on key cyber issues.

Vinod has more than 20 years of information technology experience with deep expertise in managing cybersecurity, developing and leading high-performing teams, and managing risk and compliance in heavily regulated environments. Before joining WaTech, he previously served as the Deputy Chief Information Security Officer for the state of South Carolina and held several security roles for the state of New Hampshire Health and Human Services, including serving as the agency’s CISO from 2015-2016.

Since Joining WaTech, Vinod has focused on strengthening the state’s information security posture and creating greater cohesion and cooperation with state agency security professionals to establish an enterprise-wide view of risk. Those efforts have included creating a sustainable cybersecurity operational plan for the state of Washington to meet the security challenges that lie ahead. In the last year, he has worked to build his team and empower them to do their job to protect the state system and data. He has focused on establishing trust and confidence with agencies and is highly engaged and transparent with the CISO community. Even with a challenging year due to COVID-19, great strides have been made to unite the state IT community, working proactively and holistically to detect, respond to and prevent cyberattacks.