The average CISO could have up to 30 or 40 security vendors that they work with at one time to help secure any number of potential pathways in. And yet, even with that, it will not fully prevent you from being breached. Why? Because the bad guys are smart and motivated.
So what can you do? Get prepared, understand what you need to do, and practice.
Join us for a day of preparation and readiness as we walk through a simulated breach providing best practices at every escalation point throughout. Following the simulation we will take a deeper dive as our leaders talk about security from the inside looking out and the outside looking in.
What you will take away:
- The cost of a breach on your bottom line
- What steps to take at each level of escalation and who needs to be involved
- How you balance your legal obligations with your overall marketing and brand efforts
- What you need to know about securing 3rd parties in a connected world
Please check back regularly as we continue to add and update sessions.
Dave Mahon, VP & Chief Security Officer, CenturyLink
Agenda at a Glance
5:30pm - 8:00pm Networking & Career Fair
Debby Briggs, Chief Security Officer, NetScout
Sam Curry, Chief Technology and Security Officer, Arbor Networks
Chris Hart, Associate, Foley Hoag
Special Agents from the FBI Boston
In this unique session, we will walk through a mock incident and discuss legal and technical challenges when responding to a cyber security incident at multiple escalation points. Discussion will include important topics such as:
- Incident response plans
- Legal disclosures
- Cyber insurance
- Working with law enforcement
Harnessing the 3rd Party Ecosystem - How do you secure what you don’t control?
The migration towards a more connected world has created a greater opportunity to build partner ecosystems. While a huge benefit to companies, protecting against third party risk can seem like a colossal feat. However with the right steps taken and mechanisms in place, creating a comprehensive end-to-end third party risk management process is attainable and critical.
Edna Conway, Chief Security Officer, Global Value Chain, Cisco
Stephen Boyer, CTO and Co-Founder, Bitsight
Jigar Kadakia, Chief Information Security and Privacy Officer, Partners Healthcare
Dr. Todd Wittbold, Senior Principal Security Engineer, MITRE
Panel members will walk through their processes, including:
- Identifying your assets and their worth
- Developing consistency and compliance within regulated industries
- Current industry models
- Best practices for monitoring vendors and measuring and reporting risks
Building your incident response plan
Gant Redmon, VP Business Development and General Counsel, Resilient and IBM Company
Paul Sheedy, Asst Vice President, Enterprise Network Security Services Operations, Federal Reserve Boston
It is almost a surety that if your organization has a digital footprint, it will be under attack at some point. Having a comprehensive plan in place will enable you to mitigate risk and costs when an almost inevitable breach does occur.
Our panel members will walk through:
- What to include in your IRP
- How often your IRP should be reviewed and updated
- How your IRP is most effectively be executed
User and entity behavior analytics - understanding your insider threats
Karl Ackerman, Principal Product Manager, Sophos
David Raissipour, SVP of Product & Engineering, Carbonite
Chris Poulin, Research Strategist, X-Force, IBM
Most organizations not emphasizing a security program as core to their operations focus primarily on external threats. However, by not focusing on the insider threats they are opening themselves up for a huge potential breach. Insiders can include a rogue employee, contractor, or hacker disguising themselves as a valid user. Our experts will help you understand how using and measuring user behaviors can deter insider threats.
Security Operations Analytics and Reporting - the next generation of metrics
Paul Roberts, Founder and Editor-in-Chief, The Security Ledger and Security of Things Forum
Harold Moss, Sr. Director Web Security/Enterprise Strategy, Akamai
Kevin O'Brien, CEO and Co-founder, Greathorn
With a recognized shortage in skilled security staff, coupled with an explosion in telemetry data, the infosec role is increasingly finding that they are being tasked to combine operational data collection with automation, autonomics, and analysis capabilities. Organizations sophisticated enough have begun to think more like a data scientist and apply machine learning to the massive amount of data that security tools collect, enabling a more efficient and effective response to potential threats.
Application Security - moving beyond the current framework
Josh Bregman, Vice President, Conjur
Marc French, CISO, Endurance
William Heinbockel, Lead Cyber Security Engineer, MITRE
Michael Tobin, VP, Technology Services and CISO, Mobiquity
As security experts get more advanced in the products and processes they use to deter application infiltrations, so do those that are infiltrating. How do security teams work to stay ahead when new applications are being developed and adopted at such a rapid pace. How does your team keep up? What tools do they need to have in place and how do they continue to monitor the constant deluge of apps being used within your organization.