What’s Happening, and When

The agenda features best-in-class keynotes, conversations, and workshops that prepare you for the future of work in the coming year.

All times listed on the agenda are Eastern Standard Time.

day 1

Today’s Theme: Anticipating Threats

How Should We Anticipate Unknown Threats? Creating a Proactive Organization for Swift Response

Anticipation. It’s one of the U.S. Army’s eight principles of sustainment, along with integration, responsiveness, simplicity, economy, survivability, continuity, and improvisation. On the information security battlefield, CISOs and their organizations face growing needs to better anticipate threats. The downside if they don’t? Dwell time grows — and with it — exponential damage to revenue, operations, and reputation. Join us as information security and business experts discuss how to define risk tolerance, share anticipatory risk strategies for business, and how CISOs and security leaders can enable them for success in their organizations.

1:00pm - 1:45pm

Dealing with Disaster: Preparing for Key Threats

Juliette Kayyem, CNN National Security Analyst & Faculty Director, Homeland Security Project and Security and Global Health Project, Harvard’s Kennedy School of Government

Security is constantly evolving to become more sophisticated, and yet it can’t keep up with the threats from bad actors including nation states. The first step for organizations is realizing that you will be the target of attacks – a reality that some CEOs and boards find hard to accept. With that realization, you can begin to prepare your defense to minimize the consequences. Join us for a conversation about assessing the threat landscape, defining risk appetite and supporting that with appropriate resources, crisis management, how physical and cyber security are once again converging, and the kind of leadership necessary to meet the challenge.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

1:45pm - 2:15pm

Live Discussion Group with Juliette Kayyam: Meeting the Cybersecurity Challenge

Juliette Kayyem, CNN National Security Analyst & Faculty Director, Homeland Security Project and Security and Global Health Project, Harvard’s Kennedy School of Government

Ransomware, vulnerabilities, and state-sponsored attacks threaten to disrupt the business landscape. Bring your questions for a live discussion insights for what’s on the horizon and how to best to prepare your organization.

Is Your Organization Prepared to Fix Its Reputation?: An Interactive Workshop

Caroline Beckmann, Senior Director, Trident DMG
Josh Galper, Co-Founder & Partner, Trident DMG

Breaches and intellectual property theft are becoming more commonplace, and for each incident, an organization experiences not only financial harm, but reputational damage. Join us for this workshop to learn how you can prepare your organization to move quickly when reputational damage strikes.

2:15pm - 2:40pm

How to Take Control of Your Organization’s Security and Threat Prevention

Loren Hudziak, Chrome Customer Engineer, Google
Companies are facing unprecedented levels of IP, data, and identity sprawl beyond the enterprise firewall. Every endpoint has become an entry into businesses, and human error on the inside is a constant risk. Join us as we discuss how to take control of your security with built-in, intelligent security, granular policy controls, and automatic updates for continuous protection.

2:40pm - 3:05pm

Anticipating Rising Threats

Deneen DeFiore, Vice President & CISO, United Airlines

As one of the largest airlines in the world, United Airlines faces — and manages — rising threats every day. Join us to learn how they mitigate risks in an environment of unknown and rising threats.

Interviewed by: Derek Hulitzky, Former VP Content Development & Strategy, Foundry (formerly IDG Communications)

3:05pm - 3:20pm

Demo: Threat Intelligence and Digital Risk Protection

Alon Arvatz, Chief Product Officer, IntSights

Rapid7 Threat Command (formerly IntSights) is an advanced external threat intelligence tool that finds and mitigates threats directly targeting your organization, employees, and customers. Join us for this demo to understand how — by proactively monitoring thousands of sources across the clear, deep, and dark web — Threat Command enables you to make informed decisions and rapidly respond to protect your business.

Demo: New Innovations for Active Directory Protection

Joseph Salazar, CISSP, CEH, EnCE, Technical Marketing, Attivo Networks

Join us for this short demo to find out how to gain continuous visibility to Active Directory risk with ongoing insights into exposures, overprovisioning, and misconfiguration for domains, users, and devices. You’ll see how Attivo Networks’ ADAssessor evaluates Active Directory for exposures and misconfigurations and provides guidance to remediate them – and you’ll get a glimpse of how the Attivo ADSecure solution can increase protection.

3:20pm - 3:30pm

Break Time

3:30pm - 4:00pm

Cybersecurity on the National Agenda

Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA

As it pursues its mission of protecting and strengthening federal agencies and critical infrastructure against cyber threats, the Cybersecurity and Infrastructure Security Agency (CISA) is moving quickly. Join us for a conversation about the agency’s new initiatives, its operational collaboration with industry, and how it’s working to help prepare organizations against threats including “spillover” attacks from conflict zones like Ukraine. We will also discuss pending legislation that mandates the reporting of cyber incidents and what it means for businesses.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO
Foundry, formerly IDG Communications

Strategies for Finding, Growing and Retaining Security Talent

Tim Byrd, CISO, TIAA
Khalilah Scott, Founder, TechSecChix
Jeff Weber, Executive Director, Robert Half

There are millions of unfilled cybersecurity jobs, according to some estimates, increasing demand to unprecedented levels. At the same time, the frequency and severity of cyberattacks are also increasing, forcing organizations to stretch their security talent. Join us as our panel of experts explore short- and long-term solutions for recruiting and retaining security talent, while adding diversity to their teams.

Interviewed by: Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

4:00pm - 4:25pm

Ransomware: The Ultimate Test for Cyber Resiliency

Christopher Bontempo, CMO, IBM Americas
Charles Henderson, Global Head, X-Force, IBM

With its ability to shut down an entire business and prevent it from executing its mission, ransomware has become an omnipresent threat — and the ultimate test of an organization’s cyber-resilience. What are the bad actors doing? What proactive steps can you take to mitigate ransomware threats and maintain your cyber resilience? Join us to learn the latest findings from the IBM X-Force Threat Intelligence Index and the IBM X-Force Red and Incident Response teams. We’ll review the top ransomware entry points, the typical 5-step ransomware attack lifecycle, and the top approaches to protect, detect and respond to these attacks.

4:25pm - 4:50pm

Log4j, Open Source, and Why It’s a Big Deal

Chris Wysopal, founder and CTO, Veracode
Lucian Constantin, Senior CSO Writer

Ever since the Apache Software Foundation revealed a huge vulnerability in its Log4j Java logging library, organizations have been scrambling to secure their technology and prevent hackers from exploiting it. Beyond the time and work lost to address this specific vulnerability, it raises bigger questions about how to deal with unknown risks in open source tools. Join us to learn the latest on Log4j, and how to prepare your organization moving forward.

Why Time is Money with Incident Response

Martin Bally, VP & CISO, Campbell Soup Company

What happens between an incident and your organization’s response? Dwell time grows — and with it — exponential damage to revenue, operations and reputation. Join us as we discuss strategies to minimize time from incident to response.

Interviewed by: Bob Bragdon,SVP/Managing Director Worldwide, CSO
Foundry, formerly IDG Communications

4:50pm-5:15pm

Build Operational Resiliency in the Supply Chain

Stuart Phillips, Product Marketing Director for Cyber, Interos

Security must be considered beyond your employees, contractors, and systems. There is risk within your supply chain in the form of spyware or malware, classic criminal behavior, or problems with open source technologies. The danger affects every industry – from financial services to heavy infrastructure, and it’s something to pay attention not only when it comes to direct suppliers, but also their suppliers. This session explores the problem and tackles how to mitigate supply chain risk.

Interviewed by: Charles Pelton, Contributing Editor, CSO, Foundry, formerly IDG Communications, Inc.

5:15pm - 5:45pm

The Evolving Role of Cyber Insurance

Lori Bailey, Chief Insurance Officer, Corvus Insurance
Trent Cooksley, Co-Founder, Cowbell Cyber
Paul McKay, Security and Risk Analyst, Forrester

A key strategy for organizations to mitigate risk is to transfer it, and cyber insurance offers organizations important ways to soften the impact of a significant attack and breach. But as attacks have become more prevalent, the insurance landscape has evolved. Join us for an update on this important area of business

Moderated by: Michael Hill, UK Editor, CSO

IDC’s Predictions for the Future of Trust

Amita Potnis, Research Director, Future of Trust, IDC

To align traditional security and risk solutions with customer success, brand, and reputation, IDC predicts that by 2025, 35 percent of organizations will replace net promoter score-like metrics with trust indices in RFPs. Join us as IDC reveals why this, and other predictions, are important for CISOs in 2022.

5:45pm - 5:55pm

Mitigating Risk with Machine Identity Management and Enhanced Email Security

Alon Nachmany, Field CISO, AppViewX

Some organizations find that security can be a barrier to their digital transformation journey. To solve for this, how can modern-day enterprises employ machine identity management and enhanced email security solutions to bridge security vulnerabilities? How do they reduce supply chain risk and address the prevalence of digital nomads? Join us for insights from a cybersecurity leader with more than 20 years of security expertise including WeWork and National Securities Corporation.

5:55pm - 6:25pm

Fireside Chat with IDC’s 2022 Best in Future of Trust Award Winner: Public.com

Stephen Sikes, Chief Operations Officer, Public.com
Amita Potnis, Research Director, Future of Trust, IDC

6:25pm - 7:00pm

Building Award-Winning Future of Trust Transformation

Stephen Held, Vice President and Chief Information Officer, Leo A Daly
Joan Zerkovich, SVP of Operations, American Association of Insurance Services (AAIS)

With trust emerging as a paramount concern for organizations and consumers, business leaders and technology suppliers must expand their understanding of trust and its importance to success in the digital transforming economy. Customers have an expectation of genuine ethical and moral compass of any company with whom they do business. Businesses, in turn, need to demonstrate transparency, accountability, authenticity and trustworthiness at scale by leveraging relevant technology. Join us for a discussion of these issues and more with the finalists in IDC’s Best in Future of Trust North America Awards, which recognize organizations that maintain trust amid the evolving needs of their customers.

Moderated by: Frank Dickson, Group Vice President, Security and Trust, IDC

Always On

Always On Sessions (March 2022)

Session descriptions listed in “Always On Sessions” tab above.

XDR and CTI: How they Converge to Improve Security Risk Mitigation
Alon Arvatz, Chief Product Officer, IntSights

How to Gain Operational Resilience in the Extended Supply Chain
Stuart Phillips, Product Marketing Director for Cyber, Interos

Controlling the Chaos of Collaboration: A Risk Management Perspective
Chris Plescia, Product Evangelist, Aware
Kaitlyn Debelak, Head of Customer Service, Aware

Are You Ready for Identity Security in 2022?
Carolyn Crandall, Chief Security Advocate & CMO, Attivo Networks
Tony Cole, Chief Technology Officer, Attivo Networks

Going Passwordless: Moving Beyond Username and Password
Teju Shyamsundar, Group Product Marketing Manager, Okta

Challenge the Rules of Security: Transform the Threat Surface to Proactive Control
Robert Devito, Global Director, Customer & Partner Sales Engineering, Google

Security Operations and the Convergence of Pretty Much Everything
Patrick Vowles, IBM Team Lead – North American Marketing, IBM Security

Identifying and Stopping Threats in a Zero Trust Architecture
James Young, Security Strategist, Splunk
Ward Holloway, Director of Technology Alliances, Zscaler

Best Practices for an Intelligence-Led Strategy
Jake Munroe, Senior Product Marketing Manager, Threat Intelligence & Geopolitical Intelligence, Recorded Future

Cyber Situational Awareness for Cybersecurity
Simon Aldama, Practice Director Risk Operations, Netenrich

Introduction to Commvault’s Ransomware Defense
Don Foster, Global Vice President of Sales Engineering, Commvault

Today’s Theme: Defensive Strategies

Curating the InfoSec Toolbox, and How to Master It: Choosing Wisely in the Always-Changing Security Superstore

Whether best-of-breed, or platform-based, many of today’s organizations use just a fraction of the security capabilities from the tools and services available to them, thereby diluting the value of their investment. At the same time, new tools, services, and capabilities continue to emerge that lower the value of existing investments — or render them obsolete. Smart organizations use strategies to maximize security investments, including rationalization, utilization, optimization, and savvy analysis. Join us as information security experts share proven strategies.

1:00pm - 1:40pm

Making Sense of the Security Provider Landscape

Jay Leek, Managing Partner & Co-Founder, SYN Ventures

As security solutions evolve, emerge, and disrupt incumbent players, buying organizations face challenges in vetting what’s right for their business. Join us for guidance from one of the industry’s leading watchers of enterprise security tech.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, formerly IDG Communications

1:40pm - 2:10pm

The Entire Cybersecurity Industry: Sorting Through the Toolbox

Richard Stiennon, Chief Research Analyst, IT-Harvest

Industry analyst Richard Stiennon presents his data on the 2,850 vendors of cybersecurity tools. He presents for the first time how each of 16 separate categories, performed in 2021; from Network, Endpoint, Identity, and GRC, down to Deception vendors. For the first time in over 20 years consolidation is evident in the Endpoint Security space. Knowing the entire vendor ecosystem is important for investors, CISOs, and policy makers. This presentation provides that knowledge.

Venture Capital and Security: An Insider’s View

Rick Grinnell, Founder and Managing Partner, Glasswing Ventures
Renee Guttmann, VC Advisor, Advisory Board Member and former CISO

It’s been a big year for venture capital in the security space. Join us as our panel of experts discusses the VC activity they’re seeing, and trends that could impact buyers of security technologies.

Interviewed by: Maryfran Johnson, CEO, Maryfran Johnson Media

2:10pm-2:35pm

The Journey to More Effective Threat Management

Patrick Vowles, Team Lead North America Marketing, IBM Security

You have no shortage of security tools and certainly no shortage of data about what’s happening in the wild and within your environment. But it’s very likely that you don’t have a clear view of your organization’s specific threat landscape, which makes it extremely challenging to efficiently identify and resolve attacks. In this session, hear what the IBM Security teams have learned from thousands of client engagements, on how an iterative approach can be used to build an effective, well-orchestrated program, that takes advantage of open standards-based integrations, machine learning, and other capabilities to help you get the most from your security teams and tools.

Interviewed by: John Gallant, Enterprise Consulting Director, Foundry, formerly IDG Communications

2:35pm - 3:00pm

Live Discussion with Irwin Lazar: Securing Collaboration Environments

Irwin Lazar, President & Principal Analyst, Metrigy

How can CSOs best engage with collaboration teams to ensure that they are implementing appropriate risk management approaches? It’s a tricky and timely subject that we’ll explore in a lively conversation. Bring your questions and insights to this live, interactive discussion of application security, Zero Trust approaches, and other challenges when trying to balance collaboration and security needs.

3:00pm - 3:25pm

Behind a More Holistic Approach to Cybersecurity

Jason Mical, Field Chief Technology Officer, Rapid7

Effective security is based on three key components: assessing the attack surface, detecting suspicious behavior, and responding and remediating quickly. And while there are point solutions, the Rapid7 approach is based on a holistic, integrated platform to help manage risk and attacks. The best solutions incorporate automation, data analytics buttressed by AI and machine learning, and a team approach to help fill in security specialist labor gaps which exist in so many organizations.

Interviewed by: Charles Pelton, Contributing Editor, CSO, Foundry, formerly IDG Communications

3:25pm - 3:35pm

Demo: New Innovations for Active Directory Protection

Joseph Salazar, CISSP, CEH, EnCE, Technical Marketing, Attivo Networks

3:35pm - 3:55pm

Building a Technology Rationalization Program

DJ Goldsworthy, VP & Global Practice Lead, Aflac

Whether best-of-breed, or platform-based, many organizations use just a fraction of the security capabilities in the tools and services available to them, thereby diluting the value of their investment. At the same time, new tools, services and capabilities continue to emerge that lower the value of existing investments — or render them obsolete. Smart organizations use strategies to maximize security investments, including rationalization, utilization, optimization, and savvy analysis. Join us to learn how a security rationalization program works.

Interviewed by: Derek Hulitzky, VP, Content Development and Strategy, IDG Communications, Inc.

Achieving Secure Collaboration: 5 Steps to Take Now

Irwin Lazar, President & Principal Analyst, Metrigy

Enterprise collaboration has drastically changed in the last two years as messaging and video often replace phone and email, and as new applications rapidly enter the market. Achieving secure collaboration means establishing a proactive approach to identify and mitigate risk. Join us to learn the keys to successfully enabling internal — and cross-company collaboration – securely. We’ll cover the expanding collaboration security landscape beyond phones and email, along with the needs for a centralized policy enforcement point, to extend security to remote employees, and to leverage emerging capabilities including software-defined perimeter, zero trust, and secure access service edge (SASE).

3:55pm - 4:10pm

Quick Pitches: Micro Sessions to Get You Thinking (March 2022)

Join us for a series of 3-minute talks and hear a multitude of perspectives and services in record time.

Aware is the Future of Human-Centered Business
Presented by Aware

Cyber Situational Awareness Techniques
Presented by Netenrich

What is Zero Trust Security?
Presented by Okta

Securing the World With Intelligence
Presented by Recorded Future

Better Detection & Faster Response of True Threats
Presented by Cysiv — SOC-as-a-Service

Protecting Your Environment from a Ransomware Attack
Presented by Commvault

4:10pm-4:40pm

The Cyber Safety Review Board is Here: What Lies Ahead?

Michael Daniel, President & CEO, Cyber Threat Alliance

The long-anticipated Cyber Safety Review Board (CSRB), a public-private organization spelled out in President Biden’s cybersecurity executive order last year, is now a reality. Launched with 15 members consisting of top-tier cybersecurity experts drawn from the ranks of government and the private sector, the CSRB will bring together these leaders to improve the nation’s cybersecurity to review and assess significant cybersecurity events. First on the CSRB’s agenda is a review and assessment of the Log4j vulnerability which affected hundreds of millions of machines globally. Join us as experts discuss the importance of the CSRB, what the Board’s initial report on Log4j, slated for public release this summer, might look like, and the outlook for the future of the CSRB.

Interviewed by: Cynthia Brumfield, contributing writer, CSO

Threat Landscape: Healthcare and Medical Device Security

Bill Aerts, managing director of the Center for Medical Device Cybersecurity, the University of Minnesota

Healthcare is a prime target for cybersecurity attacks, and even more so since the onset of the COVID-19 pandemic. For consumers, it’s a life-or-death situation, and healthcare organizations and device manufacturers need a solid plan. We’ll take a deep dive into one of the newest initiatives in medical device cybersecurity, examining the threat landscape and how the University of Minnesota’s new Center for Medical Device Cybersecurity is working with private-sector partners like Medtronic and Boston Scientific to provide solutions.

4:40pm - 5:10pm

Privacy and the Transforming Digital Workforce

Lynn Haaland, Chief Compliance, Ethics & Privacy Officer, Zoom

Zoom’s compliance department ballooned from just one employee in January 2020 to a team of 75 professionals in less than two years. It’s a reflection of the company’s growth as well as the complex issues organizations today have to address. Join us to explore issues such as how a company’s culture and values should influence its privacy approach; practical tips for how security and privacy teams can work together; adopting a mindset of “getting to yes” where product innovation meets compliance; and the looming conflict between the globalization and sovereignty of security.

Interviewed by: Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

Getting the Business to Define Risk Tolerance

Renee Guttmann, VC Advisor, Advisory Board Member and former CISO

Security organizations are getting better at managing risk tolerance, but often the difficult part is trying to get the business to define what their risk tolerance is. For the CISO, it’s key to work with business leadership to reach a common understanding of the organization’s risk tolerance. Join us as we discuss approaches to tackle this critical objective.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

5:10pm - 5:30pm

How Ready Are You to Respond to a Major Incident?

Stephen Jensen, Senior Director of Operations, Center for Internet Security

Phishing, ransomware, insider threats – the range of possible attacks is growing, and organizations need to be prepared to respond quickly. While the foundation of incident response is a comprehensive playbook, it needs to be well-rehearsed with tabletop exercises that game out scenarios, practice readiness, and identify weak points – all to ensure swift response. Join us as our expert – experienced in building and running tabletop exercises for large-scale groups and executive leadership – gives tips to create effective tabletop exercises for your organization, along with the ways tools need to evolve to automate and accelerate response.