CISO Dallas Summit | October 11, 2018 | Dallas, TX, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Thursday, October 11, 2018 - CISO Dallas Summit

7:00 am - 7:55 am

Registration and Networking Breakfast

 

8:00 am - 8:10 am

Welcome Address and Opening Remarks

 

8:10 am - 8:40 am

Keynote Presentation

Addressing Privacy on a Global Scale

Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.

Takeaways:

  • Privacy is one of the most challenging issues for any business and CISO to address
  • The difference in regulations between and among European countries (both those in and out of the EU itself) and North American ones means traversing a fraught landscape
  • A strong approach to privacy that addresses global differences is essential to being a stable and viable global business
 

8:45 am - 9:15 am

Keynote Presentation

Security's Place in Enterprise Risk Management

While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.

Takeaways:

  • Just because information security is an aspect of enterprise risk doesn't mean that the CISO needs to take a back seat position
  • Enterprise risk is defined by the business but needs to be quantified by an expert; CISOs bring risk quantification expertise to the table
  • The end goal is not about fiefdoms and ownership, it is about improving enterprise value and success; maintaining focus is essential
 

9:20 am - 9:45 am

Executive Exchange

 

Thought Leadership

TBC


 

9:50 am - 10:15 am

Executive Exchange

 

Executive Boardroom

Unsupervised Machine Learning: A New Approach to Cyber Defense

From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. Legacy approaches to cyber security, which rely on knowledge of past attacks, are simply not sufficient to combat new, evolving attacks, and no human cyber analyst can watch so much or react quickly enough. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.  

Self-learning systems represent a fundamental step-change in automated cyber defense, are relied upon by organizations around the world, and can cover up to millions of devices. Based on unsupervised machine learning and probabilistic mathematics, these new approaches to security can establish a highly accurate understanding of normal behavior by learning an organization's 'pattern of life,'. They can therefore spot abnormal activity as it emerges and even take precise, measured actions to automatically curb the threat.  

Discover why unsupervised machine learning is the future of defense and how the 'immune system' approach to cyber security provides complete network visibility and the ability to prioritize threats in order to better allocate time and resources. 

In this session, learn: 

  • How new machine learning and mathematics are automating advanced cyber defense  
  • Why full network visibility allows you to detect threats as or before they emerge How smart prioritization and visualization of threats allows for better resource allocation and lower risk  
  • Real-world examples of unknown threats detected by 'immune system' technology

Executive Boardroom

Improving Email Deliverability AND Security

It may seem self-evident, but email is still the predominant form of business communication whether in B2B or B2C channels with business sending over 100 billion emails each and every day. Not all of this traffic is legitimate, desired, or safe however with estimates that as much as 90% of all email traffic can be considered spam or worse. In this environment businesses need to ensure that the email they send is viewed as trustworthy, and that the mail they receive is safe of threats. To do this email authentication is imperative and DMARC, Domain-based Message Authentication, Reporting, and Conformance is the gold standard. While DMARC policies are published to public DNS servers and already protect up to 60% of mailboxes for the most part these are public mailboxes from consumer email providers and many businesses are still on the outside looking in. Savvy IT Leaders know that they need to leverage commercial solutions that streamline DMARC management for their own email infrastructure to ensure they are protected from threats, and able to communicate with partners, clients, and prospects.

Takeaways:

  • Email authentication is essential in today's spam-centric world to ensure deliverability of key business communications
  • Email authentication also ensures businesses are protected from the myriad email based security threats that assail them every day
  • DMARC provides this protection but management can be convoluted and time consuming without focused management solutions
 

10:20 am - 10:30 am

Morning Networking Coffee Break

 

10:35 am - 11:00 am

Executive Exchange

 

Think Tank

Building Dynamic Security Teams

There's no other way to say it than bluntly; Information Security is a white-hot field within Information Technology as a whole " over the last dozen years it has gone from after-thought, to scapegoat, to critical enterprise success factor. As a result, the need for capable and qualified Information Security specialists, whether front-line Analysts, mid-level Managers, or top level CISOs is at an all time high, but personnel and skills availability is sinking to an all-time (at least in terms of supply and demand ratio) low. There simply isn't enough expertise in existence to go around, or enough education occurring to create it. In this environment, senior Information Security leaders have to get creative in their pursuit of the people, performance, and passion necessary to address this capability shortfall.

Takeaways:

  • Learn how to build grass-roots programs that cultivate a farm full of potential security experts through internal and collaborative programs
  • Find out how to leverage key organizational traits to generate buzz and interest where none existed before
  • Understand the relevance of certs vs. experience and how to evaluate and validate the value of candidates

Think Tank

Utilizing Situational Awareness to Combat Ransomware!

Security situational awareness is an essential building block in order to estimate security level of systems and to decide how to protect networked systems from cyber-attacks. Thus it could be a great tool to use against ransomware attacks. Paying the ransom to regain access to data carries unacceptable risks. The attacker could refuse to unencrypt the data, or the payment could encourage additional malicious activity. Organizations of all sizes can take several actions to mitigate the threat of ransomware. We will look at situational awareness as one proactive tool.

 

11:05 am - 11:30 am

Executive Exchange

 

Thought Leadership

TBC


 

11:35 am - 12:00 pm

Executive Exchange

 

Executive Boardroom

Best Practices to Establish and Maintain Robust Security in Public Cloud Environments

Even as the leading public cloud service providers have beefed up their security, customer concerns around securing their cloud environments remain high. According to a recent survey of security practitioners, security is the top barrier to cloud adoption. Organizations deploying workloads on public clouds such as Amazon Web Services (AWS) at scale are faced with new challenges because traditional tools and controls that worked well for security and compliance in the datacenter fail in public cloud environments. In this presentation, we will showcase a new breed of cloud-native security tools that simplify security operations and enable faster time to compliance.

Executive Boardroom

Security in an Outsourced World

Building security into your enterprise processes, and integrating it with your existing technology investments has never been more critical or complicated than it is in this era of decentralized computing, and ever-tightening compliance requirements. Furthering this complication is the impact that partnering deals can have since infrastructure, applications, and even data may now longer be under your direct control. To be able to ensure efficient and effective security capabilities you need to understand the nature of the threats that exist today, the impact a sourcing relationship can have on these threats, and the mitigation strategies and tools key industry leaders are using to address the challenge.

Takeaways:

  • Social, Mobile, Cloud, and Analytics is already having a significant impact on enterprise security, sourcing potentially adds another layer of complexity
  • Beyond simple security however there are also issues such as privacy and compliance that also need to be considered
  • Investing in the right tools and practices is essential to weather the storm without breaking the bank
 

12:05 pm - 12:30 pm

Executive Exchange

 

Think Tank

Robots and Automation Systems in the Cloud - Contrasting the Potential Advantages and Negatives Related to Security and Privacy

Robots and automation systems are no longer limited by onboard resources in computation, memory, or software. "Cloud Robotics and Automation" is where robots and automation systems share data and code and perform computation via networks building on emerging research in cloud computing. 

  • Teleoperation and cloud technologies will cause mass consumerization of robotics over the next five years
  • Between 2017 and 2022, Cloud Robotics will facilitate a major shift of manufacturing into cloud infrastructure 
  • The combined Cloud Robotics market will reach $18.2 billion by 2022 

Think Tank

Will IIoT Technologies Deliver Opportunities or Risk for Manufacturers?

Today's Industrial Internet of Things (IIoT), including wireless smart devices, can help rectify the sudden shut down of factory lines. The technologies involved do so by giving technicians quick access to the right information. What makes this an urgent topic is that maintenance budgets are under pressure even as population demographics indicate our most experienced and skilled technicians and engineers are near retirement or already retired. In these circumstances, wireless and other IIoT technologies can deliver real support to troubleshooting efforts, matching emerging technologies with a new generation of technicians. 

Takeaways: 

  • Can smart, connected devices deliver real-time information during a process restart. 
  • Will the risks outweigh the opportunity?
 

12:35 pm - 1:20 pm

Networking Luncheon

 

1:25 pm - 1:50 pm

Executive Exchange

 

Think Tank

Speaking the Language of the Business

For many years the CIO, has struggled with the concept of IT-Business alignment and finding ways to ensure that the IT department and the Lines of Business with which it integrates have a common understanding and ability to communicate. Now, as the CISO and the information security department grow out of the IT shadow, they increasingly find themselves in the same position. Their challenge however is greater in that the concepts of IT security are in many ways more abstract than those of generalist IT, and their activities often run counter to the goals of the rest of the organization. CISOs must learn for the trials and tribulations of the CIO and the IT department, and find common ground with the business, to ensure they can hear what their partners are saying, while communicating their own points in understandable terms.

Takeaways:

  • IT-Business communications have long been strained and only now are improving across most organizations through concerted effort
  • IT has had to find ways to speak the language of the business " it was not the business that learned to speak IT
  • The CISO must adopt and emulate the successful communications practices and strategies of the IT department or risk serious relationship issues

Think Tank

The Blockchain & Enhanced security

There is a definite need to rethink the future of identity management on the web. The ability to verify your identity is the lynchpin of financial transactions that happen online. In today's digital age, an individual's identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. However, remedies for the security risks that come with web commerce are imperfect at best. IF Blockchain is the answer? how are you going to take it from being seen by senior management, as a futuristic solution to the way your organization may survive competition in the next five years. 

Takeaways:

  • Growth of trusted Blockchain providers is growing exponentially
  • It's not just the financial industry this will affect รข?" Retail, Health Care?are going to be in for the pound as well as in for the bitcoin.
  • Uses for Blockchain from ecommerce to supply chain management

 

1:55 pm - 2:20 pm

Executive Exchange

 

Fireside Chat

Balancing Reactivity and Proactivity in Enterprise Security

As with all things in life, the focus on how to conduct enterprise security ebbs and flows between varying degrees of reactivity and proactivity. In the old school Security 1.0 world, where the focus was almost completely on network security, efforts were in general proactive in nature with firewalls and anti-malware seeking to prevent threats before they even occurred. This didn't work so well and so Security 2.0 focused on reactivity, wrapping things like encryption around the data so that even if a breach occurred, the loss would be mitigated. Yet breaches, and losses, continue to occur. So if primarily proactive security doesn't work, and if primarily reactive security also doesn't work, how then do we find the right balance between the two to find a security posture that does work?

Takeaways:

  • Proactive security measures, those that prevent a threat from occurring are valuable and necessary but haven't proven effective
  • Reactive security measures, those that mitigate a threat that has occurred are also valuable but complicated a limit enterprise efficiency and efficacy
  • A new approach is needed, but is that one that blends techniques or one that finds new approaches (whether they be reactive, proactive, or both)?
 

2:25 pm - 2:50 pm

Executive Exchange

 

Executive Boardroom

Cyber-Espionage and the Advanced Persistent Threat

More and more C-level executives are realizing that cyber security is not just an IT function given the far-reaching and direct impact that cyber security threats can have on current and future business operations. As is evidenced in recent reports from security providers such as Mendicant, McAfee, SentinelOne and others, cyber espionage attacks by APT actors are breaching organizations both large and small, public and private. Whether the objective is Intellectual Property (IP), M&A information, financial records, or other business-sensitive protected data losses can result in significant brand, reputation, and financial impacts. To counter these risks, CISOs need to realize that traditional security techniques are insufficient, and that a new tier of security solutions are required to defend against the APT attack.

Takeaways:

  • The era of cheap, powerful, and unique security threats is upon us and in this era traditional tools are insufficient
  • These Advanced Persistent Threats can be targeted at any organization, not just the biggest and the richest
  • Tools that allow for quick detection AND dynamic response are key; it's not just finding the door is open, but closing it quickly that is key

Executive Boardroom

Cloudy with a Chance of Security Breach

Cloud encryption is not a new topic however, there are many approaches, architectures, and compromises based on what your provider offers and the tools available to your organization. In the last few years ?bring your own key? has emerged a top requirement of organizations that wish to embrace cloud services, yet have governance, corporate policy, or risk profiles that do not allow data and especially encryption keys to be managed by the cloud provider. In this talk, Chris Olive, will share different BYOK approaches across all cloud types (IaaS, PaaS, SaaS), compare BYOK to BYOE (bring your own encryption), some simple strategies to become successful, and arm you with a simple set of ?smart questions? to ask yourself and your providers.

 

2:55 pm - 3:20 pm

Executive Exchange

 

Think Tank

The Three Amigos of Security

Be Secure - Take a measured, risk-based approach to what is secured and how to secure it. 

Be Vigilant - Monitor systems, applications, people, and the outside environment to detect incidents more effectively. 

Be Resilient - Be prepared for incidents and decrease their business impact by improving organizational preparedness to address cyber incidents before they escalate. 

Takeaways: 

  • Managing cyber risks as a team and strategies for deployment of enterprise and emerging technologies
  • Actively monitor the dynamic threat landscape 
  • Retain and use lessons learned

Think Tank

Best-of-Breed or Consolidated: Principles in Security Architecture Design

When it comes to implementing network security infrastructure there are two schools of thought: use best-of-breed point solutions, or go with all round consolidated platforms. Pros and cons abound for either approach revolving around varying levels of protection, integration, and administrative overhead but the increasing complexity of current security infrastructure is showing a winning approach. Even though consolidated solutions may offer greater benefits in the long run, no one exists in a green-field situation when it comes to network and infrastructure security so careful planning is required to ensure the necessary protection.

Takeaways:

  • The management burden of best-of-breed outweighs performance benefits
  • Consolidated platforms can lead to feature overlap and unnecessary cost
  • Planning is required to maximize coverage but minimize effort and spend
 

3:25 pm - 3:35 pm

Afternoon Networking Coffee Break

 

3:40 pm - 4:05 pm

Executive Exchange

 

Innovation Showcase

An exclusive opportunity to be exposed to the hottest new solutions providers in a quick-hit format designed to whet the appetite and spark immediate interest.
 

4:10 pm - 4:35 pm

Executive Exchange

 

Think Tank

Is Security Obscuring the Benefit of the Cloud?

Cloud delivered computing services, whether Software, Platform, or Infrastructure as a Service offer the potential of significant business advantages such as reduced cost and increased flexibility. These advantages however come with very real risks, chief among them security concerns and the risk of data and compliance breaches- how do you secure what you can't see, touch, and control? Join the conversation as we explore both the security and compliance issues inherent in Cloud deployments, look at the hidden issues that first time Cloud adopters may simply not be aware of, and discuss through solutions that can be used to address these challenges and allow enterprises to fully and firmly embrace the Cloud.

Takeaways:

  • Be exposed to the true security and compliance cloud threat landscape
  • Learn how successful cloud adopters have mitigated these risks
  • Discover how to build cloud protection capabilities keyed to your needs

Think Tank

How to be Socially Secure (or Securely Social)

Social media is the least hyped and potentially least adopted of the so-called disruptive technologies, at least by enterprises in general. This doesn't mean that employees are embracing these tools personally however, nor does it mean that enterprises should continue to avoid them. The fact of the matter is social platforms allow for incredible levels of interaction that when harnessed can lead to significant creativity and productivity gains allowing enterprises that adopt and encourage the use of social collaboration platforms to be more successful than their non-social peers. But every newly adopted technology brings with it unique problems and so it is the CISOs job to provide the secure landscape within which this social collaboration, both internal and external, sanctioned and not, can occur.

Takeaways:

  • Your employees are already social whether you realize it or not, facilitate it or not so ignoring the issue only leads to greater security problems
  • Social collaboration presents a real security threat as information is more freely shared, and interactions occur outside the boundaries of enterprise control
  • Social security programs must be built in layers, addressing first unsanctioned use, then sanctioned all while differentiating between internal and external social activity
 

4:40 pm - 5:20 pm

Executive Visions

Facilitating Technology-Enabled Business Transformation

The role of the modern IT Executive is more complex than it has ever been before, not just because the technology landscape has become more complex, but also because increasingly IT execs have had to become a business-focused executive, not just a technologist. Long have we talked about the CIO and CISO getting a seat at the table but modern businesses are now demanding that their technology impresario join them and leverage his deep and rich technical acumen to allow the organization as a whole to better position itself for market-place success. To be successful, CxOs need to invest in themselves, in their personnel, and in the right technologies to allow them to position the IT department to proactively address business needs as an innovator and driver, rather than order-taker and enabler.

Takeaways:

  • IT leadership can no longer be simply technology focused, but must instead take their visibility into business process and become business focused
  • A broader business-focus does not preclude maintaining technology excellence however and indeed may demand more of it than ever before
  • Success for CxOs will be measured not in how they can enable enterprise decisions, but in how they can drive growth
 

5:00 pm - 6:30 pm

Summit Happy Hour

 

5:20 pm - 5:30 pm

Thank You Address and Closing Remarks