Kara Test

July 29th, 20195:00pm7:00pm
 
July 30th, 20197:00am8:00am

Breakfast/Networking [Exhibits Open]

 
 

Where:The Westin Dallas Park Central | Dallas, Texas

Mark Weatherford is the Global Information Security Strategist at Booking Holdings. He has more than 20 years of security operations leadership and executive-level policy experience in some of the largest and most critical public and private sector organizations in the world. At Booking Holdings, Mark works with their brand companies that include Booking.com, Priceline.com, Agoda.com, Kayak.com, BookingGo.com, and OpenTable to create secure technology travel products for their millions of customers around the world.

Prior to joining Booking Holdings in 2019, Mark was the Chief Cybersecurity Strategist at vArmour, the cloud and data center security company. He was a Principal at The Chertoff Group and also worked in the Obama Administration as the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity. Before DHS, he was the Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program and worked with electric utility companies across North America. Prior to NERC, Mr. Weatherford was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and was also the first Chief Information Security Officer for the State of Colorado, where he was appointed by two successive governors. As a former U.S. Navy Cryptologic Officer, Mr. Weatherford led the United States Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).

Mr. Weatherford serves is an Affiliate at the Stanford University Center for International Security and Cooperation (CISAC) and is a Distinguished Fellow at the Poneman Institute. He’s an investor and on the Advisory Boards at a number of security technology startup companies.

Mr. Weatherford earned a bachelor’s degree from the University of Arizona, a master’s degree from the Naval Postgraduate School and holds the Certified Information Systems Security Professional (CISSP) certification. He was awarded SC Magazine’s “CSO of the Year” award in 2010, named one of the “10 Most Influential People in Government Information Security” by GovInfoSecurity in both 2012 and 2013, selected for the 2013 CSO Compass Award for leadership achievements in the security community, and selected as a 2017 SC Media Reboot Leadership Award “Influencer.” In 2018, Mr. Weatherford was inducted into the International Systems Security Association (ISSA) Hall of Fame.

Mark Weatherford
Global Information Security Strategist
Booking Holdings
July 30th, 20199:15am10:15am
 

Where:The Westin Dallas Park Central | Dallas, Texas

As enterprises embark on digital transformation, leading organizations are emphasizing a converged risk management approach bringing new players to the decision-making table. Physical security solutions increasingly interact with critical data sources to deliver more value to an organization, so what are information security professionals interested in when interacting with their physical security counterparts and their partners? How can physical security provide value –and hence buy in – from these new decision makers – with often bigger budgets. A distinguished panel of executives from the office of the chief information security officer (CISO) from leading organizations discuss these questions and more.

Finney, George
CISO
Southern Methodist University
Managing Partner
Glasswing Ventures
Arve Kjoelen
Deputy Chief Information Security Officer
McAfee
Tony Reinert
Director of Information Security – Digital Home
Comcast Cable
Mark Weatherford
Global Information Security Strategist
Booking Holdings
July 30th, 201910:15am10:45am

Coffee/Networking break [Exhibits Open]

 
July 30th, 201910:45am11:45am

Morning Breakout Sessions

 
 

Where:The Westin Dallas Park Central | Dallas, Texas

Can security integrators monetize cybersecurity? To do so, they need to offer managed security services that provide long-term security for clients and a steady revenue stream for their integration business. To do this, integrators need to understand what threats companies face and know what products and services mitigate those threats. This discussion will identify the threats in understandable, non-techno-geek terms and outline the security products that match up against each. Participants will receive a framework with which to evaluate client risk and build a mitigation strategy that they can sell to clients.

In this session, attendees will learn how to:
  • Examine how cyber security offerings complement physical security and how they can be sold as a Managed Security Service with ongoing revenue.
  • Leverage current physical security customers to upsell cyber to deliver a complete security package.
  • Recognize what cyber security products and services address the current threat and how services can be bundled into a Managed Security Service Contract

Mains-Steven
CEO and Managing Partner
TechMIS LLC
 

Where:The Westin Dallas Park Central | Dallas, Texas

Nearly every day, the headlines are full of breach announcements of major companies and organizations that leave us with many questions. How do these breaches happen? Why didn’t anyone notice? Why does this keep happening? Could this happen to me? This session will cover how attackers select, plan and attack their targets from start to finish with real-world scenarios and conclude with what you can do to protect your company’s reputation as a manufacturer or systems integrator.

In this session, attendees will learn how to:
  • Acquire a solid understanding of who hackers are and why they hack
  • Observe the steps of real-world attacks
  • Identify what steps were involved in the attacks

Valerie Thomas
Executive Information Security Consultant
Securicon
July 30th, 201910:45am11:45am
 

Where:The Westin Dallas Park Central | Dallas, Texas

What can a hacker and a lawyer teach the physical security industry about the legal landscape of cybersecurity? We all know that costs and liabilities associated with cyber breaches are multiplying; however, there is a tremendous number of cybersecurity blind spots that threaten the industry and can rare their ugly heads in the near future. A cyber-legal mind takes a microscope to some of the glaring legal ramifications that can impact the industry specifically and issues relating to the domain name system, intellectual property, nation state actors and privacy of information collected by security systems.

In this session, attendees will learn how to:
  • Research some of the legal ramifications that can impact the security industry
  • Uncover the cybersecurity blind spots that threaten the industry

Alexander Urbelis
Partner
Blackstone Law Group
July 30th, 201911:45am1:00pm

Lunch/Networking break [Exhibits Open]

 
July 30th, 20191:00pm2:00pm

Mid Day Breakout Sessions

 
July 30th, 20191:00pm2:00pm
 

Where:The Westin Dallas Park Central | Dallas, Texas

Five years after its initial release, the NIST Cybersecurity Framework is still a gold-standard process for prioritized, flexible, repeatable, performance-based and cost-effective approach to managing cybersecurity risk at all levels in an organization. The framework is applicable to organizations of all sizes and sectors. This presentation will address using the NIST Cybersecurity Framework for building a cybersecurity program (engineering, technology and business) that’s addresses today’s cybersecurity landscape and cyber risks, providing attendees with assessments, executive scorecards and a road map to remediate control gaps.

In this session, attendees will learn how to:
  • Describe the three main components of the NIST Cybersecurity Framework: the Core Functions, the Implementation Tiers, and the Current and Target Profiles
  • Explore how implementing the NIST Cybersecurity Framework protects critical IT resources and information assets before an attack, during an attack and after an attack
  • Investigate how organizations use the NIST Cybersecurity Framework is used for communicating expectations and deliverables within an organization, with external service providers and with regulatory agencies

Larry Wilson
CISO
University of Massachusetts President's Office
July 30th, 20191:00pm2:00pm
 

Where:The Westin Dallas Park Central | Dallas, Texas

Research firms forecast that video will produce 15.1 zettabytes of data annually – no other IoT application comes close to this rate of data production. This influx in data, as well as the growing adoption of video analytics and artificial intelligence, propels video to be used in a wide variety of ways. These trends enhance video’s value but also pose challenges, such as threats related to cybersecurity. This presentation explores how the latest innovations in IT enable users to better capture, store and protect data. Attendees will understand how data has become today’s “modern currency” and how deep learning enables you to pinpoint the exact data that is important to your business. Attendees will also learn how video data is affected by data privacy regulations like the Health Insurance Portability and Accountability Act and Europe’s General Data Protection Regulation and mandates encryption.

Learning objectives:
  • Establish why video will produce 15.1 zettabytes of data annually — no other IoT application comes close to this rate of data production
  • Infer how this influx in data, as well as the growing adoption of video analytics and artificial intelligence, propels video to be used in a wide variety of ways
  • Examine how the rise in the value of video transforms the need for robust cyber security protocols

Brandon-Reich
Senior Director of Surveillance Solutions
Pivot3
David Stevens
Chief Solutions Evangelist & Architect
Hytrust
 

Where:The Westin Dallas Park Central | Dallas, Texas

For any organization that has attempted a Runtime Application Self Protection (RASP) deployment, you know the frustrations that come with getting C-level buy-in and customer engagement. This presentation walks through the ups and downs of a successful RASP deployment, including how to deal with delays, how to measure whether the deployment is actually working and how to integrate your RASP deployment with common security information and event management tools while consistently delivering added value to the business.

In this session, attendees will learn how to:
  1. assess the do’s and don’ts of deploying RASP in a large enterprise,
  2. effectively guide senior management expectations of deployment and
  3. evaluate how it works and gauge effectiveness.

troy-bowen
Manager, Application Security
Verizon
July 30th, 20192:15pm3:15pm

Afternoon Breakout Sessions

 
July 30th, 20192:15pm3:15pm
 

Where:The Westin Dallas Park Central | Dallas, Texas

Post-cyber breach, your next steps are critical to the recovery success, or potential demise of your company. What do you do? Who do you call, and when? The time to create a data response plan is before an incident happens. During this session we’ll discuss the critical components that should be included in a cyber incident response plan to help protect you, your customers and your company from reputational and monetary damages.

Learning objectives:
  • Discover the basics of implementing a data response plan
  • Investigate how a response plan applies to a cyber claim
  • Discuss the CYBER liability policy and what coverages would apply

Wayne Dean
Vice President
McGriff Insurance Services
Hoeflinger, Hannah
Professional Lines Broker
INSUREtrust
July 30th, 20192:15pm3:15pm
 

Where:The Westin Dallas Park Central | Dallas, Texas

In today’s world, security is mission-critical and needs to be looked at holistically. The once predominantly physical security business is no longer enough to protect against an increasingly complex risk landscape. As today’s threats and breaches frequently target an organization’s IT infrastructure, it is paramount that businesses turn to a more unified and collaborative security strategy that incorporates both physical and cyber aspects. This requires convergence among the enterprise: cyber, IT and traditional security teams must unite to strengthen risk mitigation. Security solutions must now take into account all methods in which a threat could be presented, which requires gathering intelligence from a range of sources such as the web and applying relevant insight to physical components. A comprehensive strategy built with all areas of security in mind can lead to better incident management and faster response, ultimately positively impacting business continuity, employee safety, customer experience and brand reputation.

Learning Objectives:
  • Demonstrate how to efficiently and effectively combine both cyber and physical security threat considerations and teams into an exhaustive solution that will keep all aspects of a business protected
  • Develop a proactive risk mitigation strategy to stay one step ahead by identifying and analyzing security threats before they impact people, property, or the brand.
  • Identify the importance of gathering intelligence from various sensors and sources, such as the Web, to obtain increased levels of insight into potential threat developments or actors and learn how to apply this critical information to physical security solutions.

Bill Eckard
Director, Strategic Accounts, Situational Intelligence Solutions
Verint
Gilles Perez
Head of Business Development – North America, Threat Intelligence Group
Verint
 

Where:The Westin Dallas Park Central | Dallas, Texas

Supply chain cybersecurity scrutiny is increasing across the entire critical infrastructure ecosystem, not just the Department of Defense. This presentation reviews the common gaps found in subcontracting environments that use Microsoft Office 365 and/or Azure IT environments and includes advice for configuring, monitoring, automating and reporting upon shared National Institute of Standards & Technology (NIST) 800-171 controls.

In this session, attendees will learn how to:
  • Evaluate the common gaps found in subcontracting environments that use Microsoft Office 365 and/or Azure IT environments
  • Gather advice for configuring, monitoring, automating, and reporting upon shared NIST 800-171 controls.

Lanning_Andrew
Defense Industrial Base Sector Chief
InfraGard Hawaii Member Alliance
David Stevens
Managing Director
Kapu Technologies, LLC
July 30th, 20193:15pm3:45pm

Coffee/Networking break [Exhibits Open]

 
July 30th, 20193:45pm4:45pm
 

Where:The Westin Dallas Park Central | Dallas, Texas

Advanced cloud capabilities, artificial intelligence, facial recognition analytics and quantum computing have all been mentioned in trade and general business press as the next big disruptors. But how quickly do implementers of security need to understand and weave these technologies in their solutions? Technology evangelists from leading technology platform organizations discuss these technologies and others, including the security problems that they solve and the new attack surfaces and risk that they present.

Min Kyriannis
Associate, Cybersecurity
Jaros, Baum & Bolles
Edward Lee
Security and Trust Advisor
Google Cloud
Jimmie Lee
Head of Security Applications – Global Security
Facebook
Bill Woods
Senior Director – Security Intelligence
McAfee
July 30th, 20194:45pm6:00pm

Networking Reception [Exhibits Open]

 
July 31st, 20197:00am8:00am

Breakfast/Networking [Exhibits Open]

 
 

Where:The Westin Dallas Park Central

You can’t have cybersecurity without physical security, and increasingly, you can’t have physical security without cybersecurity. Whether their focus is on hackers or intruders, security teams struggle with the same issues, and often compete for the same budget. Increasingly, law enforcement, chief security officers and chief information security officers (CISOs) are concerned with blended attacks that have both physical intrusions in conjunction or in support of cybersecurity breaches. This session will explore the lessons learned from the CISO of Southern Methodist University, which has integrated support for physical security technologies and cybersecurity on the same team. Five years later, the team has completed a campus-wide lockdown initiative, centralized support, increased response time, improved the student experience, and helped to reduce crime on campus– all while hardening systems against hacking.

Attendees will learn to:

  •  Recognize the impact that cyber threat actors can have on physical security technologies and how to prevent them from being attacked over the network
  •  Observe the importance of the appropriate physical security protections required to maintain cybersecurity
  • Identify the challenges that are faced when integrating physical security technologies: architecture, device hardening, monitoring and explain the benefits of community threat intelligence sharing when it comes to physical security technologies

Finney, George
CISO
Southern Methodist University
July 31st, 20199:15am10:15am
 
July 31st, 201910:30am11:30am

Morning Breakout Sessions

 
July 31st, 201910:30am11:30am
 

Where:The Westin Dallas Park Central | Dallas, Texas

The cloud has revolutionized the scale and security of physical security operations, reducing maintenance and provisioning time and redirecting those efforts to the actual practice of security; however, even with the major cloud service providers ramping up security and implementing world class cybersecurity procedures, these back-end practices do not always translate to security on endpoint applications, as standards and APIs must be configured securely by customers. This session will take attendees through the recommended on-premises procedures of deploying a security application securely on the major cloud services.

In this session, attendees will learn how to:
  • Explore the NIST framework and how it can be applied to complex systems and how the uses of this framework can reduce the concerns of deploying systems, both internally and in the cloud
  • Differentiate between the major cloud service providers: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. This understanding will also include how basic cybersecurity principles are covered and managed within each environment.
  • Examine monitoring, multi factor authentication, software maintenance, upgrades, and deployments in a cloud environment

Chris Peckham
Chief Operating Officer
Building Intelligence
 

Where:The Westin Dallas Park Central | Dallas, Texas

Over the past decade, hundreds of millions, if not billions, of dollars of valuable data and the future opportunity it embodies have been stolen from American industry. Despite huge investments in cybersecurity, breaches and data thefts continue to happen on what seems to be an exponentially increasing basis. The uncomfortable truth about that investment, however, is that it has focused on failed methodologies or closing the barn door after the horse has bolted. This session will explore solutions and exemplary products that implement “deterrence by denial,” a cyber defense strategy that assumes an attacker will be successful in penetrating the perimeter but removes financial motivation to do so by rendering the ultimate targets of the attack, industrial information and intellectual property, useless even if successfully stolen.

Learning objectives:
  • Discover what cyber deterrence by denial is and how it works & where denial solutions and products fit within a portfolio
  • Implement deterrence by denial
  • Demonstrate making the sales case for deterrence by denial solutions

Firestone, Adam
Chief Engineering Officer
Secure Channels, Inc.
 

Where:The Westin Dallas Park Central | Dallas, Texas

Modern-day cybersecurity threats require close monitoring and effective response. However, as data expands from on-premises to the cloud – or somewhere in between – new blind spots are emerging. Threat actors are taking advantage and accomplishing their objectives faster than ever, and traditional SIEMs have proven to be ineffective at defending against new cyber-attacks and risks. Today’s hybrid IT environment therefore needs an additional spectrum of visibility with integrated detection and response capabilities to catch the most elusive of threat actors.

In this presentation, we will assess the evolution of data security, exploring:

  • Why traditional SIEMs are falling short
  • Why hybrid IT environments require an additional spectrum of visibility
  • The level of risk associated with differing levels of visibility and the effects the addition and removal of each data signal can have upon your risk profile

Eldon Spickerhoff
Founder and Chief Innovation Officer
eSentire
July 31st, 201911:30am1:30pm

Lunch / Closing Keynote