Search MassTLC
Sign In

Sign In securely

Create Your Free Profile

MassTLC Calendar


Get email updates on upcoming events and
new content!




Comprehensive Security - A 360 Degree View of your Security Program
Tell a Friend About This EventTell a Friend

When: August 31, 2016
12:00PM - 5:30PM
Where: Microsoft NERD
1 Memorial Drive
1st Floor
Cambridge, Massachusetts  02142
United States
Contact: Sara Fraim
(781) 993-9000 ext 208

« Go to Upcoming Event List  


The average CISO could have up to 30 or 40 security vendors that they work with at one time to help secure any number of potential pathways in. And yet, even with that, it will not fully prevent you from being breached. Why? Because the bad guys are smart and motivated. 

So what can you do? Get prepared, understand what you need to do, and practice. 

Join us for a day of preparation and readiness as we walk through a simulated breach providing best practices at every escalation point throughout. Following the simulation we will take a deeper dive as our leaders talk about security from the inside looking out and the outside looking in. 

What you will take away:

  • The cost of a breach on your bottom line
  • What steps to take at each level of escalation and who needs to be involved
  • How you balance your legal obligations with your overall marketing and brand efforts
  • What you need to know about securing 3rd parties in a connected world


Please check back regularly as we continue to add and update sessions.


Dave Mahon, VP & Chief Security Officer, CenturyLink

Agenda at a Glance

12:00 pm - 12:30pm   Registration & Networking

12:30 pm - 1:15 pm    Welcome & Keynote Address

 1:15 pm - 1: 25 pm    Break

 1:25 pm - 3:00 pm     Simulated Breach

 3:00 pm - 3:15 pm     Break

 3:15 pm - 4:15 pm     Breakouts
                                      - Harnessing the 3rd Party Ecosystem - how do you secure what you don’t control?
                                      - Building Your Incident Response Plan
 4:20 pm - 5:20 pm        
User Entity Behavior Analytics - understanding your insider threats
Security Operations Analytics and Reporting - the next generation of metrics
                                      Application Security - How do you secure what you don’t control?

             5:30pm - 8:00pm       Networking & Career Fair


Session Descriptions

Simulated Breach
Debby Briggs, Chief Security Officer, NetScout
Sam Curry, ​Chief Technology and Security Officer, Arbor Networks
Chris Hart, Associate, Foley Hoag
Special Agents from the FBI Boston

In this unique session, we will walk through a mock incident and discuss legal and technical challenges when responding to a cyber security incident at multiple escalation points. Discussion will include important topics such as:

     - Incident response plans
     - Legal disclosures
     - Communications 
     - Cyber insurance
     - Working with law enforcement


Harnessing the 3rd Party Ecosystem - How do you secure what you don’t control?
Edna Conway, Chief Security Officer, Global Value Chain, Cisco
Stephen Boyer, CTO and Co-Founder, Bitsight
Jigar Kadakia, Chief Information Security and Privacy Officer, Partners Healthcare
Dr. Todd Wittbold, Senior Principal Security Engineer, MITRE

The migration towards a more connected world has created a greater opportunity to build partner ecosystems. While a huge benefit to companies, protecting against third party risk can seem like a colossal feat. However with the right steps taken and mechanisms in place, creating a comprehensive end-to-end third party risk management process is attainable and critical.

Panel members will walk through their processes, including:
    - Identifying your assets and their worth
    - Developing consistency and compliance within regulated industries
    - Current industry models
    - Best practices for monitoring vendors and measuring and reporting risks

Building your incident response plan
Gant Redmon, VP Business Development and General Counsel, Resilient and IBM Company
Paul Sheedy, Asst Vice President, Enterprise Network Security Services Operations, Federal Reserve Boston

It is almost a surety that if your organization has a digital footprint, it will be under attack at some point. Having a comprehensive plan in place will enable you to mitigate risk and costs when an almost inevitable breach does occur.

Our panel members will walk through:
    - What to include in your IRP
    - How often your IRP should be reviewed and updated
    - How your IRP is most effectively be executed

User and entity behavior analytics - understanding your insider threats
Karl Ackerman, Principal Product Manager, Sophos
David Raissipour, SVP of Product & Engineering, Carbonite
Chris Poulin, Research Strategist, X-Force, IBM

Most organizations not emphasizing a security program as core to their operations focus primarily on external threats. However, by not focusing on the insider threats they are opening themselves up for a huge potential breach. Insiders can include a rogue employee, contractor, or hacker disguising themselves as a valid user. Our experts will help you understand how using and measuring user behaviors can deter insider threats.

Security Operations Analytics and Reporting - the next generation of metrics
Paul Roberts, Founder and Editor-in-Chief, The Security Ledger and Security of Things Forum
Harold Moss, Sr. Director Web Security/Enterprise Strategy, Akamai
Kevin O'Brien, CEO and Co-founder, Greathorn

With a recognized shortage in skilled security staff, coupled with an explosion in telemetry data, the infosec role is increasingly finding that they are being tasked to combine operational data collection with automation, autonomics, and analysis capabilities. Organizations sophisticated enough have begun to think more like a data scientist and apply machine learning to the massive amount of data that security tools collect, enabling a more efficient and effective response to potential threats.

Application Security - moving beyond the current framework
Josh Bregman, Vice President, Conjur 

Marc French, CISO, Endurance
William Heinbockel, Lead Cyber Security Engineer, MITRE
Michael Tobin, VP, Technology Services and CISO, Mobiquity

As security experts get more advanced in the products and processes they use to deter application infiltrations, so do those that are infiltrating. How do security teams work to stay ahead when new applications are being developed and adopted at such a rapid pace. How does your team keep up? What tools do they need to have in place and how do they continue to monitor the constant deluge of apps being used within your organization.


Platinum Sponsor

Gold Sponsor

Image result for bitsight logo   



                                                                                                   THANK YOU TO OUR GLOBAL SPONSORS                                                       

















Board of Directors
In the News
Contact Us
Member Directory
Tech Company
IT Department
Join Now
Renew Now
Annual Meeting
Boston TechJam
Innovation unConference
Leadership Awards
MassTLC Events
Community Events
Big Data
CXO Series
Internet of Things
Healthcare & Life Sciences
Sales & Marketing
Software Dev
Workforce Dev
Ed Foundation
K-12 Initiatives

Affiliate Directory

Content Library
Job Board
More Opportunities
Get Involved