2018 chief information security - argyle · 13-02-2018 · analyze and make sense of the data,...
TRANSCRIPT
2018 Chief Information Security Officer (CISO)
Leadership Forum
Tuesday, February 13, 2018 | New york
admiNisTraTive NoTes
securityPlease wear your name badge at all times during the meeting.
Please do not leave your personal belongings unattended in the meeting rooms.
Argyle Executive Forum will not be responsible for items left in the rooms.
mobile devicesPlease do not allow any mobile device to disrupt the meeting while in session.
All devices should be on silent mode.
ConversationPlease use areas outside of the ballroom to converse when the meeting is in session.
smokingPlease note that smoking is not permitted in the meeting venue.
The content of this program and the attendee list remain the sole property of Argyle Executive Forum and may not be rented, sold, or given to any outside party or used to market or promote any other meeting. Any such unauthorized distribution represents theft of property for which Argyle Executive Forum will pursue any and all appropriate legal remedies.
Speaker Materials are available upon request, pending availability.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates.
oracle.com/industriesor call 1.800.ORACLE.1
100%of the GlobalFortune 100Get Better Results
Fonts: Univers LT Std. 75 Black, 65 Bold, 55 Roman, 45 Light, 67 Bold Condensed, 57 Condensed
PRODUCTION NOTES
VENDOR NOTE: Please use center marks to align page.
Please examine these publication materials carefully. Any questions regarding the materials, please contact Michael Penta (650) 506-2243
READER
01LASER% RELEASED
2/232015
Resize
8.5” x 11”Job #:Ref #:
Headline:Live:Trim:
Bleed:
315M_IND00219_100Frtn100_NISM_414M_IND00220_100Frtn100_NIS100% of the Glbl. Fortune 100 - Get Better…NA8.5” x 11”NA
WE ANALYZED 219 MOBILE DEVICES FROM A COMPANY AT THIS CONFERENCE
Here is a sampling of the threats that we found:
Want to get your own mobile risk assessment?Visit lookout.com/Argyle
No deployments or appliances needed.
Type: TrojanFamily: NotCompatibleRisk: Can provide backdoor proxy access to an organization's network
Found on 3 devices
Type: SpywareFamily: IZPRisk: Can steal a device's browsing history
Found on 1 device
Type: Root EnablerFamily: TowelRootRisk: Can root a device and compromise its security features
Found on 1 device
www.trendmicro.com/ransomware-assessment
Will YOU be ready when RANSOMWARE hits your organization?
Take the Ransomware Readiness Assessment to find out.
ageNda
2018 Chief Information Security Officer (CISO) Leadership Forum (New York)
Tuesday, February 13, 2018 | 7:45am – 4:55pm
7:45am – 8:45am
Breakfast
8:45am – 8:50am
Argyle Opening Remarks
8:50am – 9:25am
keyNoTe preseNTaTioN FeaTuriNg brooks broThers:
“Tackling ‘Impossible’ Security Problems”
Some challenges seem insurmountable, and stacked together appear ‘impossible’ to overcome. How are InfoSec teams to simultaneously address flaws like Spectre and Meltdown, tackle the floodgates caused by insecure IoT implementations, satisfy GDPR expectations and teach their co-workers to have a security mindset? In this address, Phillip lays out a framework for restoring sanity to the InfoSec team while making meaningful progress mitigating big risks.
Philip MillerCISO and Head of InfrastructureBrooks Brothers
9:25am – 9:45am
ThoughT Leadership spoTLighT FeaTuriNg oraCLe
Dan KoloskiVice President, Product Management & Business DevelopmentOracle
ageNda
9:45am – 10:10am
Networking Break
10:10am – 11:00am
paNeL disCussioN:
“Security Innovation: Unifying Proactive & Reactive Strategies”
Session topics will include but are not limited to:
• What are some insider threats that are top of mind for you at your organization?
• How do you pinpoint top weaknesses that increase risk within the company?
• Discuss the importance of implementing both a proactive & reactive strategy within your organization?
• How do you drive innovation while mitigating risk, ensuring continuous compliance & maintaining security?
• How do you leverage tools like the cloud to promote efficiency while maintaining a secure digital environment?
• What are primary threats to the business in the cloud, and what practices & controls are necessary for compliance?
• What’s the best method to plan and prevent insider threats and cyberattacks?
• How do you balance demands that are potential threats to corporate data within your organization
Moderator:Steven SantamorenaCISOMetropolitan Museum of Art
Panelists:Sean CampbellSystem EngineerVaronis
Benjamin LavoieHead of Automation and OT Cyber SecurityAnheuser-Busch, InBev
Brian LozadaChief Information Security Officer (CISO)Zocdoc
James SipeHead of Information SecurityHershey Entertainment and Resorts
Josh StellaCEOFugue
ageNda
11:00am – 11:20am
ThoughT Leadership spoTLighT FeaTuriNg hp aruba
Pete RyanDirector of Security Sales EastHP Aruba
11:20am – 11:40am
Networking Break
11:40am – 12:00pm
ThoughT Leadership spoTLighT FeaTuriNg LookouT
Faiyaz DesaiDirector, Sales EngineeringLookout
ageNda
12:00pm – 12:45pm
paNeL disCussioN:
“Taking a Holistic Approach to Data Loss Prevention”
Session topics will include but are not limited to:
• How do you define which data assets are most crucial to the success & health of your organization?
• How do you prioritize what information to protect once identified within the organization?
• What processes do you have in place following a data breach?
• Are there ways to identify how exposed organizations are before utilizing a DLP program?
• With regards to Data Loss Prevention, how are you updating the training & building for the work force?
Moderator:Bill DuengesVice President Infrastructure & SecurityAircastle Limited
Panelists:Matt HughesPresidentProfessional and Platform ServicesInteliSecure
Nashira LayadeChief Information Security Officer & SVPRealogy Corporation
Mohammed LazharVP Global Information SecurityWolters Kluwer
12:50pm – 1:10pm
ThoughT Leadership spoTLighT FeaTuriNg TreNd miCro
William J. MalikVP Infrastructure StrategiesTrend Micro
ageNda
1:10pm – 2:10pm
Lunch
2:10pm – 2:55pm
keyNoTe FeaTuriNg CrediT suisse:
“ Control Oversight Over the Third Party Service Providers”
There has been increasing industry use of third party providers for various reasons such as cost savings, better security framework, operational efficiency etc. With the increasing sophistication of cyber threats and emerging regulatory oversight, it is necessary to revisit the oversight process over these third party providers including practical approaches to reviewing the content of SSAE 16 reports to verify that third parties vendor control environments are reasonably adequate to protect the confidentiality, integrity and availability of corporate information assets.
Peter BasseyVice President, Technology AuditCredit Suisse
2:55pm – 3:15pm
Networking Break
3:15pm – 3:50pm
keyNoTe FeaTuriNg barNabas heaLTh:
“Exploration Into The Internet of Things”
In recent years the technology as a business enabler as taken an unprecedented advancement. IoT in particular has contributed but the value has not been without risk and security challenges. Cyber security is not rated as the top 5 risk. This session will explore some of the risks presented by IoT and strategy to develop a plan around IoT security.
Hussein SyedChief Information Security OfficerBarnabas Health
ageNda
3:50pm – 3:55pm
Argyle Closing Remarks
3:55pm – 4:55pm
Closing Reception
__________________________________________________________________________________
*Please note, the agenda is subject to change.
The information, views, and opinions expressed by speakers and other participants at our conferences are those of the individual and do not necessarily reflect the views and opinions of Argyle Executive Forum.
Argyle Executive Forum, its directors and officers, do not guarantee that any information provided by a speaker or other participant is accurate or complete and Argyle Executive Forum does not endorse any opinions that may be presented.
Get Cloud Right
Cloud Infrastructure Governance with Fugue
Cloud is becoming mission critical to your business, yet headlines of data loss, brand damage and regulatory fines have become increasingly common.
Fugue is a cloud infrastructure governance system that accelerates compliant software delivery, automates infrastructure deployment with policy enforcement, and continuously protects against misconfigurations and drift.
Fugue works throughout the application lifecycle, eliminating misconfigurations and compliance violations. Customer results... mitigated risk of downtime and data loss, accelerated deployment of compliant systems and ongoing protection with continuous policy enforcement.
Learn more at www.fugue.co
Accelerate compliant software delivery
Automate infrastructure deployment with policy enforcement
Continuously protect against misconfigurations and drift
parTNers
Thought Leadership spotlight, breakout session, & app sponsor
Oracle offers a comprehensive and fully integrated stack of cloud applications, platform services, and engineered systems. With more than 420,000 customers—including 100 of the Fortune 100—in more than 145 countries, Oracle provides a complete technology stack both in the cloud and in the data center. Oracle’s industry-leading cloud-based and on-premises solutions give custom-ers complete deployment flexibility and unmatched benefits including application integration, advanced security, high availability, scalability, energy efficiency, powerful performance, and low total cost of ownership. For more information about Oracle (NYSE:ORCL), visit oracle.com.
Thought Leadership spotlight & app partner
Hewlett Packard Enterprise is an industry leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, spanning the cloud to the data center to workplace applications, our technology and services help customers around the world make IT more efficient, more productive and more secure.
Lookout is a cybersecurity company that predicts and stops mobile attacks before harm is done to an individual or an enterprise. Lookout’s cloud-based technology is fueled by a global network of more than 100 million sensors and tens of thousands of apps that are added daily. With this dataset of virtually all the mobile code in the world and the predictive machine intelligence to analyze and make sense of the data, Lookout can identify connections that would otherwise go unseen and stop cybercriminals from attacking mobile devices. The world’s leading mobile net-work operators, including AT&T, Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com.
parTNers
Thought Leadership spotlight & app partner
Trend Micro, a global leader in security software and solutions, strives to make the world safe for exchanging digital information. Trend Micro solutions provide layered content security for mobile devices, endpoints, gateways, servers and the cloud. Leveraging these solutions, organizations can protect their end users, their evolving data center and cloud resources, and their information threatened by sophisticated targeted attacks. All solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™.
panel partners
Fugue is a cloud infrastructure governance system for security, operations, and development teams seeking to deploy and operate cloud applications securely and efficiently while simplifying compliance. Fugue is about going fast, seeing everything, and getting enterprise cloud right, right from the start.
Fugue accelerates application delivery with policy-driven cloud infrastructure automation that continuously protects against policy violations and misconfiguration exposures. Your team can build on best practices and enterprise policies with policy-as-code validation and enforcement at every stage of the infrastructure lifecycle--including design, provisioning, and ongoing op-erations. Fugue mitigates the risk of data loss and downtime that can result from infrastructure misconfigurations, configuration drift, and human error.
Fugue can be used for new cloud infrastructure deployments or existing infrastructure that currently lacks sufficient compliance and security controls. Fugue works with today’s cloud workloads, toolchains, and workflows. Learn more at www.Fugue.co.
parTNers
InteliSecure works with its clients to identify, prioritize, and protect critical intellectual property and other key assets that if stolen, or otherwise exposed, would cause significant financial and repu-tational damage to their bottom line. InteliSecure provides a portfolio of Consulting, Technical, Penetration Testing, GRC and Managed Security Services to develop data and threat protection security programs that can adapt and grow as the clients’ needs change. From initial strategy and design, to fully managed security programs, InteliSecure’s proprietary Critical Asset Protec-tion Program (CAPP) methodology provides a far more effective security solution than traditional Managed Security Service Provider offerings.
panel partners
Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data: sensitive files and emails; confidential customer, patient and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects insider threats and cyberattacks by analyzing data, account activity and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. With a focus on data security, Varonis serves a variety of use cases including governance, compliance, classification, and threat analytics. Varonis started operations in 2005 and, as of Sep-tember 30, 2017, had approximately 5,950 customers worldwide — comprised of industry leaders in many sectors including technology, consumer, retail, financial services, healthcare, manufacturing, energy, media, and education.
parTNers
Pluralsight is an enterprise technology learning platform that helps organizations move forward with the right technology and the right skills — matched to business objectives. Senior executives gain the capability for aligning the technical organization with business objectives by closing skills gaps, eliminating latency between demand and delivery, and proactively responding to trends in technology as they unfold. The platform enables CIOs and CTOs to see their teams’ skills gaps, see trending technologies, and create custom learning channels that all align to business objectives, moving an organization forward to capitalize on tech trends rather than be overtaken by them.
breakout partner
senior supporter partners
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. CyberArk is a vital security partner to 2,500 global busi-nesses, including 17 of the world’s top 20 banks. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, MA, CyberArk also has offices throughout EMEA and Asia-Pacific. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.
parTNers
FairWarning® strives to protect the health, wealth, and personal information for everyone on Earth. The company’s industry-leading application security solutions provide data protection and governance for Salesforce, Office 365, Electronic Health Records (EHRs) and hundreds of other applications. FairWarning® solutions protect organizations of all sizes against data theft and misuse through real-time and continuous user activity monitoring and improve compliance effec-tiveness with complex federal and state privacy laws such as FFIEC, PCI, HIPAA, FINRA, SOX, FISMA, and EU Data Protection Directive. FairWarning® catches people stealing your data. Learn more at www.fairwarning.com
senior supporter partners
Ivanti is IT evolved. By integrating and automating critical IT tasks, Ivanti is modernizing IT and helping IT organizations successfully navigate digital workplace transformation. Ivanti is headquartered in Salt Lake City, Utah, and has offices all over the world. For more information, visit www.ivanti.com.
Illumio, the leader in micro-segmentation, prevents the spread of cyber threats inside data centers and cloud environments. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, Workday, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compli-ance. Illumio’s Adaptive Security Platform™ uniquely protects critical information with real-time application dependency mapping and micro-segmentation that works in any data center, pub-lic cloud, or across hybrid deployments on bare-metal, virtualization, and containers. For more information about Illumio, visit www.illumio.com/what-we-do and follow us @Illumio.
parTNers
senior supporter partners
LogRhythm is the pioneer in Threat Lifecycle ManagementTM (TLM) technology, empowering organizations on six continents to rapidly detect, respond to and neutralize damaging cyberthreats. LogRhythm’s TLM platform unifies leading-edge data lake technology, artificial intelligence, security analytics and security automation and orchestration in a single end-to-end solution.
SailPoint, the leader in enterprise identity management, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint deliv-ers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries, including: 6 of the top 15 banks, 4 of the top 6 healthcare insurance and managed care provid-ers, 8 of the top 15 property and casualty insurance providers, 5 of the top 15 pharmaceutical companies, and six of the largest 15 federal agencies.
Lastline is revolutionizing the way companies improve network breach protection with technology that detects malware- and browser-based attacks and malicious network activity before suffering a costly data breach. And we enable you to do this with fewer resources and at lower cost than existing malware detection tools.
In 2011, Drs. Engin Kirda, Christopher Kruegel, and Giovanni Vigna, three of the world’s most influential academic researchers in cybersecurity, founded Lastline. The company’s vision is informed by the founders’ world-renowned research on malware analysis and evasion techniques, academically-rooted rigor, innovative approaches to network breach protection, and a passion to improve enterprise cybersecurity.
Lastline’s unmatched level of visibility, accuracy and effectiveness, and our focus on IT managers’ ever-increasing pressure to secure company networks and assets, has resulted in the company providing specific, actionable, context-rich threat intelligence and decreased data loss to many of the largest and most successful companies around the world.
parTNers
supporter partner
Area 1 Security stops targeted phishing, the #1 cyber attack vector to organizations large and small. Area 1 Horizon™, the industry’s first and only preemptive cybersecurity solution, identifies and stops phishing attacks before they can cause damage. By focusing on the early stages of developing attacks, beyond the enterprise edge, Area 1 Horizon is able to preemptively intercept, disrupt, and disable attacks from 5 to 363 days before it is actually launched.
Tufin® is the leader in Network Security Policy Orchestration, serving more than half of the top 50 companies in the Forbes Global 2000. Tufin simplifies management of some of the largest, most complex networks in the world, consisting of thousands of firewall and network devices and emerging hybrid cloud infrastructures. Enterprises select the award-winning Tufin Orchestration Suite™ to increase agility in the face of ever-changing business demands while maintaining a ro-bust security posture. Tufin reduces the attack surface and meets the need for greater visibility into secure and reliable application connectivity. Its network security automation enables enterprises to implement changes in minutes with proactive risk analysis and continuous policy compliance. Tufin serves over 2,000 customers spanning all industries and geographies; its products and tech-nologies are patent-protected in the U.S. and other countries. Find out more at www.tufin.com.
Achieve IT Service Excellence with Ivanti Service Manager
IS YOUR HELP DESK PLATFORM READY FOR
TOMORROW’S CHALLENGES?
With Ivanti Service Manager, you improve your service team’s efficiency
and effectiveness for today’s workload and prepare for tomorrow’s
requirements. You gain enterprise-class capabilities coupled with
drag-and-drop workflow automation and cloud-based or on-premise
deployment to provide effective, world-class service delivery and increase
customer satisfaction.
Contact us today at 1.800.982.2130 | Or visit www.ivanti.com
How quickly can your team detect and respond to a cyberthreat?
DO IT FASTER WITH THREAT LIFECYCLE MANAGEMENT.
We can help. The LogRhythm Platform empowers your team to detect and respond to cyberattacks—fast. Work more efficiently and effectively to protect your organization from today’s most advanced threats.
See LogRhythm in action: logrhythm.com/demo
1131 92
Illumio has developed adaptive micro-segmentation technology that prevents the spread of cyber threats inside any data center and cloud.
T H E C O M PA N Y W E K E E P
LEARN MORE ABOUT WHAT WE DO: illumio.com/what-we-do
CoNTeNT NeuTraLiTy poLiCy
if you are interested in recommending a speaker for
a future forum, please email:
• argyle is proud and protective of our high standards in ensuring the value of all content presented at our events.
• strict guidelines are in place to ensure that all content presented is balanced and vendor neutral.
• all topics that are covered at our member events are thought leadership-focused and in line with the expectations of our members.
• argyle seeks to prevent overt sales pitches or unbalanced vendor references.
• argyle provides all speakers with content presentation guidelines at the behest of our executive membership.
we ask that all speakers, members and sponsors respect argyle’s
content neutrality guidelines. we thank you for your continued support
for this policy as a way of protecting the high content standards and
trust that argyle has established with its members.