Agenda Outline

Session breakout descriptions and speakers are located within the registration process and below. Click on each session to see all breakouts offered within that session. To view session tracks, click here. To view breakouts by session track, click here.

 

Wednesday, April 19

11:00 a.m. 
1:00 p.m. - 2:30 p.m.
2:45 p.m. - 3:45 p.m.
4:00 p.m. - 5:00 p.m.
5:15 p.m. - 6:15 p.m.
6:15 p.m. - 9:00 p.m.

Check-in Opens | Partner Pavilion Opens
Session I
Session II
Session III
Session IV
Welcome Reception

Thursday, April 20

7:30 a.m. - 8:30 a.m.
8:30 a.m. - 12:30 p.m.           12:30 p.m. - 1:45 p.m.  
1:50 p.m. - 2:50 p.m.
3:10 p.m. - 4:10 p.m.
4:30 p.m. - 5:30 p.m.                6:00 p.m. - 9:00 p.m.

Breakfast
General Session including keynote presentation by Dr. Michael A. VanPutte Lunch
Session V
Session VI
Session VII
Offsite Dinner Event @ Game-X Atlanta

Friday, April 21

7:30 a.m. - 8:30 a.m.
8:30 a.m. - 9:30 a.m.
9:50 a.m. - 10:50 a.m.
11:10 a.m. - 12:10 p.m.
12:10 p.m. 


Session Tracks

Click on each session track to see all breakouts within that track. For a listing of breakouts by session, click here

 

An exploration of specific practices and capabilities you can adopt across your environment to increase visibility and strengthen detection of advanced threats.  Hear how Counter Threat Unit researchers apply intelligence from the tactics, techniques and procedures used by threat actors to stop attacks.

As more applications “lift and shift” to the Cloud, are you confident that your security framework extends there as well?  Listen to external and internal experts who will debate the best practices for architecting the best security framework, whether AWS, Azure or hybrid in a shared security responsibility model.

The threat landscape challenges security professionals constantly.  Are you getting the most out of your SOC and SIEM?  Gain insight on leveraged resources that apply machine learning in real time, enhancing protection and minimizing false positives.

Responding effectively to a threat is a direct result of preparation. Hear key insights and best practices in Incident Management, addressing areas such as your Incident Response Plan, technologies and approaches that reduce the time-to-respond window, and strategies for use in Digital Forensics.  We will also highlight key examples of Incident Response from our most recent research findings.

In today’s threat environment, CISOs must deliver security for all aspects of an enterprise; it’s no longer just an IT issue.  Hear from current and former CISOs who will share their best approaches and recommendations for assessing risk, engaging the C-Suite and Board of Directors, how they managed their security initiatives and priorities, and how they see the security function and the role of the leader evolving over time. 


session listing

Click here to see the session listing matrix.

Click on each breakout below to see breakout description and speaker. Breakouts with A/B denote multiple offerings.


Breakout Descriptions by track

Click on each speaker to view photo and bio (coming soon). Breakouts with A/B denote multiple offerings.

BIRDS OF A FEATHER

1. INDUSTRY INSIGHTS: Finance and Banking

Get to know your industry peers and share insights through this interactive discussion with SecureWorks security experts.

Session I | Wednesday | 1:00 p.m. - 2:30 p.m.

2. INDUSTRY INSIGHTS: Insurance and Legal

Get to know your industry peers and share insights through this interactive discussion with SecureWorks security experts. 

Session I | Wednesday | 1:00 p.m. - 2:30 p.m.

3. INDUSTRY INSIGHTS: Health and Life Sciences

Get to know your industry peers and share insights through this interactive discussion with SecureWorks security experts.

Session I | Wednesday | 1:00 p.m. - 2:30 p.m.

4. INDUSTRY INSIGHTS: Manufacturing, Technology, Energy & Utilities

Get to know your industry peers and share insights through this interactive discussion with SecureWorks security experts.

Session I | Wednesday | 1:00 p.m. - 2:30 p.m.

5. INDUSTRY INSIGHTS: Retail & Hospitality

Get to know your industry peers and share insights through this interactive discussion with SecureWorks security experts.

Session I | Wednesday | 1:00 p.m. - 2:30 p.m.

6. INDUSTRY INSIGHTS: Public Sector

Get to know your industry peers and share insights through this interactive discussion with SecureWorks security experts.

Session I | Wednesday | 1:00 p.m. - 2:30 p.m.

Countering the Advanced Threat

7. COUNTERING THE ADVANCED THREAT: Guidelines for Hardening Against the Commodity Threat

As many businesses plan for the targeted tradecraft of the advanced threat actor, they may be neglecting the commodity threats that pose an ongoing, opportunistic risk to their enterprise, such as ransomware, exploit kits and application attacks.  We'll address the basic network hygiene required to defend against opportunistic exploits and consequently, attacks of a more targeted variety.

Speakers: Justin Turner, Director, Counter Threat Unit, Special Operations, SecureWorks, and Ryan Cobb, Incident Response Consultant, SecureWorks

Session VIII | Friday | 8:30 a.m. - 9:30 a.m.

8. COUNTERING THE ADVANCED THREAT: Social Engineering:  What Open Source Intelligence Reveals About You

Even the most Internet-shy among us leaves behind a sizeable digital footprint.  Learn how large portions of your life are exposed online, and how these personal elements can be woven together for threat actors to target your person or to perpetrate fraud.

Speakers: Grant Katus, Researcher, SecureWorks, and Zachary Hill, Researcher, SecureWorks

Session VII | Thursday | 4:30 p.m. - 5:30 p.m.

9 A/B. COUNTERING THE ADVANCED THREAT: Hands-On Hunting

Take part in an audience-driven incident investigation, identifying and pursuing traces of an adversary who uses techniques and tools drawn from SecureWorks’ extensive real-world experience responding to targeted threats. See first-hand the challenges posed by stealthy intruders, and how to use their tradecraft to help hunt them down.

Speaker: Matthew Geiger, Researcher, SecureWorks

Session V | Wednesday | 1:50 p.m. - 2:50 p.m. AND Session X | Thursday | 11:10 a.m. - 12:10 p.m. 

10. COUNTERING THE ADVANCED THREAT: A Cradle-to-Grave Look at a Ransomware Attack

Delve into the sequence of events that makes up a targeted threat engagement.  Step through an actual Samsa ransomware incident and learn the techniques used to determine how the adversary gained access and executed the attack.  See how cleanup and ongoing remediation addressed the tactic to minimize reoccurrence and restore the client’s network to a trusted state. 

Speaker: Harlan Carvey, Researcher, SecureWorks

Session VI | Thursday | 3:10 p.m. - 4:10 p.m.

11 A/B. COUNTERING THE ADVANCED THREAT: Tilling the Land: How Adversaries Shape Your Environment to Suit Their Goals

Adversaries have become increasingly adept at living off the land, using native utilities and capabilities to operate undetected without malware in a targeted environment. This presentation focuses on the natural evolution of this approach: adversaries shaping the target environment to boost their yields. We examine the techniques we have seen adversaries use to reconfigure OS features and applications to expose new capabilities they can abuse. In the process, we discuss artifacts defenders can look for to detect these types of abuses.

Speakers: Matthew Geiger and Phil Burdette, Sr. Security Researchers, SecureWorks

Session II | Wednesday | 2:45 p.m. - 3:45 p.m. AND Session IX | Friday | 9:50 a.m. - 10:50 a.m.

12 A/B. COUNTERING THE ADVANCED THREAT: Attacks Are Advancing: Are Your Detection and Response Capabilities Advancing, Too?

Being resilient to a threat from an advanced adversary is dependent upon your organization's integrated capabilities to quickly detect and respond.  From advanced skills and threat intelligence to threat hunting and advanced analytics, we'll walk through what's necessary to take a proactive approach against an evolving threat landscape.

Speaker: John Collins, CTU Principal Architect, SecureWorks

Session III | Wednesday | 4:00 p.m. - 5:00 p.m. AND Session X | Friday | 11:10 a.m. - 12:10 p.m.

13. COUNTERING THE ADVANCED THREAT: Why Am I a Target? 

Fear-mongering aside, your brand faces a host of concerns as cybercriminals and hacktivists work their nefarious tactics.  No matter your vertical or your size, there’s always cause for concern as attackers with a variety of motives seek to inflict harm.  Take pause and see how the hacker sees you.  What kind of “target” do you represent in the fast moving geopolitical landscape?

Speaker: Alison Wikoff, Senior Security Researcher, SecureWorks

Session II | Wednesday | 2:45 p.m. - 3:45 p.m.

14. COUNTERING THE ADVANCED THREAT: Are Red Teams 'Red' Enough?

While red teaming is a best practice embraced by many organizations, is this simulated adversary employing realistic tactics, or merely "going through the motions?"  Explore actual intrusions by nation states and compare those to the tactics leveraged by red team exercises.  What lessons can we take from this comparison and how can we challenge red teams to look and feel like the “real thing?”

Speaker: Dr. Andrew White, Sr. Security Researcher, SecureWorks

Session IV | Wednesday | 5:15 p.m. - 6:15 p.m.

50. COUNTERING THE ADVANCED THREAT: Malware-less Attacks: How Can Security Keep Up?

The security industry is witnessing a rapid evolution in attack techniques - including advanced polymorphic malware and file-less attacks. In fact, according to the 2016 Verizon Data Breach Report, the majority of breaches (53%) involve no malware.

Clearly, traditional antivirus (AV) solutions no longer stop advanced attacks. Modern attackers can easily get their hands on the static and highly predictable prevention models used by legacy AV vendors, which means they can reliably bypass them. Unfortunately, many emerging “next-gen” vendors are using approaches that fall victim to the same fundamental flaw.

Carbon Black's Paul Morville will talk about how to stop these pervasive attack techniques using Streaming Prevention.

Speaker: Paul Morville, VP Product Management, Carbon Black

Session IV | Wednesday | 5:15 p.m. - 6:15 p.m.

SECURING THE CLOUD

15. SECURING THE CLOUD: Accelerating Cloud Adoption

There's been a rapid shift in the past 18 months across our traditional customer base where CISOs and security leaders are starting to see friction as they try and apply traditional security models to the cloud. As the business demands more flexibility, lower costs and faster evolution, security needs to be an enabler of the cloud, not a blocker. In this discussion, we'll explore the philosophy of applying security "guard rails" to enable faster cloud adoption with security built in and reaffirm SecureWorks' belief that if done correctly the Cloud is absolutely a place to improve your security posture.

Speaker: Mike Bousquet, Product Management Director, SecureWorks

Session II | Wednesday | 2:45 p.m. - 3:45 p.m. 

16. SECURING THE CLOUD: Balance Agility With Security and Compliance

The future really is brighter behind the clouds. In this presentation, we'll take you through the fantastic security opportunity that the cloud presents. We've seen customers go from relatively insecure legacy environments to some of the most security aware deployments across our customer base simply by pausing and highlighting security as the reason they're going to cloud. We'll talk through the benefits of integrating the new level of visibility and real-time inventory that clouds offer with your business drivers producing a security opportunity that helps grow the value and differentiate your business.

Speaker: Ross Kinder, Researcher, SecureWorks

Session IV | Wednesday | 5:15 p.m. - 6:15 p.m.

17. SECURING THE CLOUD: Client Panel: Journey to the Cloud

Every organization’s cloud journey is a bit unique with different drivers, strategies, goals and approaches.  Drop in and hear from your peer security professionals about their journeys and how security gets addressed along the way.  The panel will discuss tips, lessons learned and what’s over the horizon in this informative round robin with security pros.

Speaker: Mike Bousquet, Product Management Director, SecureWorks

Session VII | Thursday | 4:30 p.m. - 5:30 p.m.

18 A/B. SECURING THE CLOUD: Cloud as a Shared Security Responsibility

There remains some confusion as to who is responsible for security in the cloud.  In this session we'll put that to rest.  When it comes to the security of your data, you are ultimately responsible.  However, help is at hand. We'll take you through the different cloud security models and talk through where we see clients succeeding, and highlight some areas where we see clear best practices.

Speaker: Cameron Smith, Product Management, SecureWorks

Session III | Thursday | 3:10 p.m. - 4:10 p.m. AND Session X | Friday | 11:10 a.m. - 12:10 p.m.

19. SECURING THE CLOUD: Cloud-Delivered Security (Security as a Service) Model

The security skills shortage is magnified when you need someone who not only understands Security, but has a deep understanding of Security in the Cloud. While those unicorns do exist, they're exceptionally hard to find, hire and retain. The alternative is working with security partners who deliver their capabilities as a service. In this session we'll take you through how SecureWorks is taking advantage of the new capabilities offered when security is not only delivered as a service, but also integrated with new cloud platforms.

Speaker: Phillip Simpson, Director of Cloud Solutions, SecureWorks

Session III | Wednesday | 4:00 p.m. - 5:00 p.m.

20. SECURING THE CLOUD: Adopting the Cloud: Amazon, Azure or Hybrid

As a vendor-agnostic security partner to our clients, SecureWorks is in the unique position of helping clients on their cloud journey, regardless of the destination cloud.  In this session, we'll talk through what platforms we see clients moving to and how they regard necessary security imperatives.  Participate in a conversation about the  kinds of applications and data that are being moved to the Cloud and talk through the "new normal" of working with multiple cloud partners depending on the business need.

Speaker: Cameron Smith, Product Management, SecureWorks

Session IX | Friday | 9:50 a.m. - 10:50 a.m.

21. SECURING THE CLOUD: Best Practices for Incident Response in the Cloud Era

SecureWorks is the leading provider of Incident Response in Amazon Web Services. In addition to being a go-to partner for AWS and co-presenting with them, SecureWorks has put together some best practices for Incident Response preparedness in the public cloud, specifically within AWS. In this presentation one of our Principal Incident Responders will walk you through the most critical AWS capabilities, functions, and logging needed for comprehensive response, building a list of pre-requisites that will drastically improve your ability to respond quickly and effectively to a breach. Examples from real-world investigations will be provided to show the difference between being prepared to respond and not. 

Speaker: Jonathon Poling, Principal Consultant, SecureWorks

Session VIII | Friday | 8:30 a.m. - 9:30 a.m.

MODERNIZING SECURITY OPERATIONS

22. MODERNIZING SECURITY OPERATIONS: Cyber Threat Analysis Center (CTAC) Lessons Learned – Client Architectures and Security Methodologies

Client architectures and security methodologies are lagging behind changes in the threat landscape, i.e. insider threat, stolen credentials, etc. as well as  having the needed architecture to support security controls;  Clients rely on perimeter monitoring for evidence of compromise, but have little capability present to assess the real damage. Many of our clients still do not differentiate between compliance and security counter measures. The rapidity by which new exploits and malware become commodities is accelerating and an effective strategy to deal with them requires a full understanding of your network, your cyber key terrain, and your Cyber Vulnerability Footprint.  An enemy inflicted wound and a self-inflicted wound have the same operational impact but how we react to them is different; you must be instrumented to differentiate between the two. In this session, we will share with you our experiences in the CTAC on best practices and lessons learned over the past year to help you improve your overall architecture and security methodologies.  

Speaker: Terry McGraw, Vice President of the Counter Threat Analysis Center, SecureWorks

Session III | Wednesday | 4:00 p.m. - 5:00 p.m.

24. MODERNIZING SECURITY OPERATIONS: Constructing an Optimal Vulnerability Management Program

What are the key considerations in constructing a efficient and holistic vulnerability management program based on true risks to your organization? Consider Governance sand Testing as two paths to pursue.  What type of structure do you need to have around a good program and then how do you test it?  What activities do you need to go through, including overlay with our vulnerability management services?

Speaker: John Lhota, Sr. Security Manager, SecureWorks

Session V | Thursday | 1:50 p.m. - 2:50 p.m. 

25. MODERNIZING SECURITY OPERATIONS: SOC Readiness

Solving the people problem (hiring, staffing, training and retraining); solving the technology problem (lack of integration, deployment, engineering); solving the process problem (IT Shared Services vs. cybersecurity framework).

Speaker: Travis Wiggins, Principal Cyber Security Operations Consultant, SecureWorks

Session VII  | Thursday | 4:30 p.m. - 5:30 p.m.

26. MODERNIZING SECURITY OPERATIONS: Deriving Value from Your SIEM Investment

Significant investments required substantial returns; businesses must prove ROI and productivity improvements once this investment is made.  Explore the precise known and hidden costs associated with buying your own SIEM.

Speaker: Travis Wiggins, Principal Cyber Security Operations Consultant, SecureWorks

Session IX | Friday | 9:50 a.m. - 10:50 a.m.

27. MODERNIZING SECURITY OPERATIONS: A Peek Inside the CTOC

Learn more about our Security Operations Centers (SOCs) around the world.  This "virtual tour" will give you direct visibility on the environment, tools and talent we apply.

Speaker: Terry McGraw, Vice President of the Counter Threat Analysis Center, SecureWorks

Session V | Thursday | 1:50 p.m. - 2:50 p.m.

28. MODERNIZING SECURITY OPERATIONS: Lessons From the Field; An Inside View of How Our Technical Testers Test

Are you aware of and protected against the latest methods that attackers use to breach your security framework?  Listen and watch how our primary Technical Testers operate in the field and exploit the vulnerabilities and escalate access privileges to achieve their objective.

Speakers: Trenton Ivey, Researcher, SecureWorks; Chris Carlis, Researcher, SecureWorks; and Mike Kelly, Researcher, SecureWorks

Session II | Wednesday | 2:45 p.m. - 3:45 p.m.

29. MODERNIZING SECURITY OPERATIONS: Incident Investigation and Managing Alerts Using the SecureWorks Platform (Portal)

How can Clients leverage the SecureWorks platform and portal to Detect, Investigate, Contain, and Eradicate security incidents? This session will provide a walk-through and demonstration of SecureWorks’ new mobile app and client portal.

Speakers: Eric Hemmendinger, Product Management, SecureWorks, and Brian Miller, Researcher, SecureWorks

Session IV | Wednesday | 5:15 p.m. - 6:15 p.m. 

30. MODERNIZING SECURITY OPERATIONS: Reporting and Managing Alerts in the New SecureWorks Portal

How can Clients leverage the SecureWorks portal and new mobile app to manage alerts and execute reporting across all phases of incident management?  This session will provide a walk-through and demonstration using SecureWorks' new mobile app and client portal.

Speakers: Eric Hemmendinger, Product Management, SecureWorks, and Brian Miller, Researcher, SecureWorks

Session VI | Thursday | 3:10 p.m. - 4:10 p.m.

31. MODERNIZING SECURITY OPERATIONS: Navigating the Dreaded Waters of a Security Audit (While the rest of the work has to be done!)

This presentation will discuss the best practices for a Security Organization to survive and get the most out of an IT Audit.  Dennis Hawkins, from Marriott International, will share his own personal experience, including timing and resource constraints, as well as the parallel challenges of a large "must-do" activity such as a large merger or acquisition.  In this session, Dennis will cover the following: 1) address the anxiety that can occur during the fact gathering stage; 2) review the recommendations phase knowing that we always must improve; 3) how to act on recommendations when the audit is complete.

Speaker: Dennis Hawkins, Director of Cybersecurity, Marriott International

Session VII | Thursday | 4:30 p.m. - 5:30 p.m.

32. MODERNIZING SECURITY OPERATIONS: Analysis Paralysis - From Billions of Logs to Incidents That Matter

How to correlate security events with threat intelligence for better context that is actionable for incident response.

Speaker: Tony Merritt, Product Management, SecureWorks

Session VIII | Friday | 8:30 a.m. - 9:30 a.m.

52. MODERNIZING SECURITY OPERATIONS: Considering IDS/IPS Managed Services? How to Respond, Collect & Correlate Alerts for Fast Action

Responding to IDS/IPS alerts can be a challenge. We get an IDS/IPS alert or email alert, sometimes with only an IP address, which is not enough detail to act on without more research.  How do we take this IP address, get the sensor data into log management and use all the data from our sensors?  We must also consider the impact IDS/IPS sensor data may have to the log management license.  What useful data is in the sensor logs? 

In this talk we will walk the attendees through how we went from email alerts with only an IP address from our SecureWorks IDS/IPS managed service to automating the alert with what we actually need to respond effectively and quickly.  We will also discuss what it takes to configure, collect and normalize the IDS/IPS data from the iSensors so it makes sense, is formatted and useable.  In addition, what reports and alerts are created linking the IDS/IPS data to other log data in order to provide a more meaningful and actionable alert.  This automates it all before you get the call from the SOC letting you know there is an event to investigate.

Attendees will leave with actionable information of how this can be applied to their environments. Learning Objectives: 1)  What you need to get from your iSensor data into your log management solution; 2)  What formatting you will need to normalize the data with field names; 3)  What other logs you want and need to correlate an alert; 4)  What kinds of alerts you can make from this customization; 5)  Testing your IDS/IPS deployment

Speaker: Michael Gough, Malware Archaeologist, The Advisory Board Company

Session III | Wednesday | 4:00 p.m. - 5:00 p.m.

INCIDENT MANAGEMENT AND RESPONSE

33. INCIDENT MANAGEMENT AND RESPONSE: Beazley Breach Response

Any business handling customer data will, sooner or later, be confronted with the challenge of a data breach.  Beazley Breach Response's Brett Anderson and Jeffrey Carpenter, Senior Director of Incident Response and Threat Intelligence at SecureWorks will discuss trends in cyber insurance and how it can augment Incident Management and Response.

Speakers: Jeff Carpenter, Senior Director of Incident Response and Threat Intelligence, SecureWorks, and Brett Anderson, Beazley

Session IX | Friday | 9:50 a.m. - 10:50 a.m.

34. INCIDENT MANAGEMENT AND RESPONSE: Integration of Privacy Groups During a Breach

In the course of handling an incident, several privacy issues are impacted (some obvious and some ambiguous).  Chief Privacy Officer Kathy Fithen of The Coca-Cola Company and Jeffrey Carpeter, Senior Director of Incident Response and Threat Intelligence at SecureWorks will discuss the integration of privacy groups and Incident Response during a breach.

Speakers: Jeff Carpenter, Senior Director of Incident Response and Threat Intelligence, SecureWorks, and Kathy Fithen, Chief Privacy Officer, Coca-Cola

Session V | Thursday | 1:50 p.m. - 2:50 p.m.

35. INCIDENT MANAGEMENT AND RESPONSE: Bridging the Time Distance Gap of Incident Response

The time between an attacker committing his misdeeds and the detection and response to those actions results in a Time-Distance Gap problem:  the gap between how far the attacker can travel in your network versus how long it takes for you to detect him and travel the same distance using common Incident Management and analysis processes.  Invariably, the detection and analysis “pursuit” will always be slower than the attacker can move.  The longer he remains undetected in the network and the lower the capability to detect and pursue the attacker, the harder it is to close that gap, resulting in more exposure and business unknowns. The SecureWorks Incident Response Team will share strategies, tactics and recommended approaches and technologies for organizations to shorten the Time-Distance Gap, accelerating their ability to respond to and resolve a security threat.

Speaker: Randy Stone, Incident Response, SecureWorks

Session VII | Thursday | 4:30 p.m. - 5:30 p.m.

36 A/B. INCIDENT MANAGEMENT AND RESPONSE: The Most Interesting Incident Response Engagements or Findings in 2016

In this session, our Incident Responders will share our top most interesting engagements in terms of what was found, tradecraft and methods used by attackers and what learnings can be applied to your environment.

Speakers:  Zoher Anis, Sr. Consultant, SecureWorks, and Kevin Strickland, Sr. Incident Response Consultant, SecureWorks

Session V | Thursday | 1:50 p.m. - 2:50 p.m. AND Session X | Friday | 11:10 a.m. - 12:10 p.m.

37. INCIDENT MANAGEMENT AND RESPONSE: Imperatives for Growing Businesses

Your security staff has just informed you that they have found evidence of a potential data breach… how confident are you in your team's response?  Do you suddenly fear the worst?  How will your company endure the potentially devastating effects of a data breach?  We will share the "must-haves" for incident response for large enterprises based on our experience in private industry, government and consulting.  We'll cover best practices in plan development, technical controls, data analytics, and engaging in internal and external partnerships that will take your incident response capability to the next level.

Speaker: Tony Kirtley, Incident Response, SecureWorks

Session II | Wednesday | 2:45 p.m. - 3:45 p.m.

38. INCIDENT MANAGEMENT AND RESPONSE: Developing and Implementing an Enterprise Incident Response Exercise Regimen

In large, complex organizations, it is imperative that independently operating organizational components are provided with an opportunity to refresh familiarization with processes and practice their ability to respond. Due to the unavoidable variance in capability and capacity of individual incident response teams across a large organization, this likely requires an individualized approach to ensure effective and efficient evaluation and exercise of each team. During this session, SecureWorks and a client who was faced with this challenge will discuss the approach they took to developing and implementing such a program, and lessons learned from those efforts after roughly a year of engagement.

Speakers: Tony Kirtley, SecureWorks, and Marian Reed, Sr. Director, Information Security and Risk Management, McKesson Worldwide

Session VI | Thursday | 3:10 p.m. - 4:10 p.m.

39. INCIDENT MANAGEMENT AND RESPONSE: Incident Response Planning:  Are You Protecting the Business or Simply Securing the Enterprise?

Effective Incident Response requires planning that ensures an understanding of the potential business consequences of a cybersecurity incident, and addresses them by ensuring a comprehensive cross-organization approach to response. While Incident Response plans often focus on the technical implications of a cybersecurity incident, misunderstanding, underestimating,  or insufficiently addressing the business operations, financial, regulatory, and other less-technical factors can have deeper and longer lasting impact on the organization. In this session we will discuss some of these concerns that should be taken into account, how to approach developing an actionable and effective incident response plan, and what resources may be necessary to address the full scope of risk that these incidents may present.

Speaker: Neal McCarthyIncident Response, SecureWorks

Session IV | Wednesday | 5:15 p.m. - 6:15 p.m.

40. INCIDENT MANAGEMENT AND RESPONSE: When Good Security Tech Breaks Bad

You have spent significant financial and human resources to configure and protect your network and digital assets, purchased several new security tools and software, and now you’re wondering if those technologies will be able to protect your organization against potential cyber intrusions.

Speaker: Dan Gortze, Incident Response, SecureWorks

Session III | Wednesday | 4:00 p.m. - 5:00 p.m.

Risk management and reporting

41. RISK MANAGEMENT AND REPORTING: Plugging the Holes: Integrating Solutions to Reduce Risk

An integrated approach to building managed programs is essential in today's environment. Integrating  Threat Management, Vulnerability Management, Threat Intelligence feeds, Incident response and remediation creates  a more airtight and well-oiled operational machine that makes the most of managed services by prioritizing your effort where it matters most. Learn about leading practices from our clients regarding staffing, organizational structures, governance, metrics, and program models they have built.  

Speaker: John Lhota, Sr. Security Manager, SecureWorks

Session IV | Wednesday | 5:15 p.m. - 6:15 p.m. 

42. RISK MANAGEMENT AND REPORTING: Stop the Fire Drills:  Better Business Alignment and Risk Reporting to Management and Board

When security program priorities are out of alignment with business priorities, you're likely to experience more roadblocks than runways:  a lack of "buy in" for initiatives, difficulty enforcing necessary policies, inadequate funding, and over- or under-reaction to specific risks. This interactive roundtable-style program will provide you with useful tips for engaging more productively with management and board, as well as reducing the fire drill effect when business leaders have a question. Learn how your peers are developing a common language for reporting risk metrics "up the ladder", how they're securing funding and support, and how they're positioning themselves to lead through crisis rather than become a victim after a breach. The format will foster an exchange of ideas so you hear what’s working best for your peers in other companies.

Speakers: Ashley Ferguson, Global Director, Advisory Services, Governance, Risk, Compliance, Security Architecture & Design, SecureWorks; Mihir Mistry, Sr. Security Manager, SecureWorks; and Lynn Lovelady, VP of IT, Energen.

Session II | Wednesday | 2:45 p.m. - 3:45 p.m. 

43. RISK MANAGEMENT AND REPORTING: Anatomy of a Continuous-Improvement CIRT That Performs Under Pressure

Learn the step-by-step processes and mechanics of building a CIRT with a continuous improvement feedback flow for better preparedness, faster response and better outcomes. Our speaker from SecureWorks' Office of the CISO will share leading practices from experience and provide examples comparing the performance of a dynamic, well-built CIRT to one that is less adaptive.

Speaker: Thomas Clements, IT Director, SecureWorks

Session VI | Thursday | 3:10 p.m. - 4:10 p.m.

44. RISK MANAGEMENT AND REPORTING: Tackle the Talent Shortage With An Inside/Out Productivity Boost

With no end in sight to the talent shortage, it's clear that security teams have to do more with less, even in a highly complex environment. This session offers some solutions: tips for developing and retaining high-performing teams, ways to determine when outsourcing is better than insourcing, and action steps for optimizing what you have and prioritizing effort across security operations. 

Speakers: John Lhota, Sr. Security Manager, SecureWorks

Session VIII | Friday | 8:30 a.m. - 9:30 a.m.

45. RISK MANAGEMENT AND REPORTING: Leading Through Crisis: Be Part of the Solution, Not The Problem

At no time are security professionals more tested, or in danger of losing management's confidence, then in a crisis breach situation. Security leaders who resign themselves to “surviving” a breach are at great risk of losing influence, and possibly even their jobs. Join an experienced CISO and a seasoned attorney who will share ways you can  take action now in your everyday interactions with the business to ensure that you’re part of the solution when breaches occur,  not just "part of the problem."

Speakers: Ashley Ferguson, Global Director, Advisory Services, Governance, Risk, Compliance, Security Architecture & Design, SecureWorks, and Nick Oldham, Partner, King & Spalding

Session VII | Thursday | 4:30 p.m. - 5:30 p.m.

46. RISK MANAGEMENT AND REPORTING: Client Presentation: Information Security and the Business Risk of End User Behavior

The way end users respond, either positively or negatively, to social engineering events is a significant challenge for security teams today. This situational problem continues to grow as the volume of Social Engineering attacks has increased exponentially and “security fatigue” has set in with many end users. Learn how you can take steps to reinvigorate a culture of security vigilance. 

Speaker: Daniel Robbins, VP Information Security Officer, State Bank & Trust

Session VI | Thursday | 3:10 p.m. - 4:10 p.m.

47. RISK MANAGEMENT AND REPORTING: CISO 2020: Future Opportunities and Challenges for Security Operations…And Professionals

Identify and prepare for emerging issues and opportunities that will impact cybersecurity operations and risk management in the future. External disruptors, emerging threat environment, new business models. Anticipating these issues now -- through the eyes of a CISO in the future -- will help all security professionals make informed decisions today with better outcomes tomorrow.   

Speakers: Ashley Ferguson, Global Director, Advisory Services, Governance, Risk, Compliance, Security Architecture & Design, SecureWorks; Chris Bullock, SecureWorks; and David S. Haley, CISO, Fidelity Bank

Session V | Thursday | 1:50 p.m. - 2:50 p.m.

48. RISK MANAGEMENT AND REPORTING: Compliance as a Competitive Advantage, a View From GEICO

Businesses in every sector must innovate to maintain their competitive position. This means differentiating to outpace, outmaneuver or outflank competitors. Businesses are at a critical turning point in how they look at their risk, finance and compliance functions. Faced with the dual pressure of increased regulatory activity and ongoing economic pressures, companies are looking to transform the role of these activities by bringing them under a single, enterprise-wide framework.

Evidence suggests that companies spend upwards of $10,000 per employee on compliance. And with good reason. A company’s reputation, financial well-being, organizational morale and relationship with regulators may hinge on these decisions. Furthermore, corporate executives and boards of directors can be held personally liable for non-compliance.

Additionally, more businesses are being impacted by increasing State & Federal regulatory actions, and substantiating compliance to them is often an entry point to bid on business contracts. 

Given this challenge, how can businesses meet the cost of complying with changing regulations while identifying ways to innovate and gain a competitive advantage?

The answer is to use regulatory change as a stimulus for innovation, seizing opportunities to involve thought leaders from multiple business areas to challenge ‘the way we do business.”

Join Carl Konzman, Manager for Strategy, Compliance, Audit & Risk Management for GEICO, as he shares his views on how compliance, when viewed as both dynamic and driven by efficiency, empowers businesses to evolve past mere conformity and into profit-maximizing innovation.

Speaker: Carl Konzman, Manager for Strategy, Compliance, Audit & Risk Management, GEICO

Session III | Wednesday | 4:00 p.m. - 5:00 p.m.

49. RISK MANAGEMENT AND REPORTING: Compliance Management: A Comprehensive Approach to Reducing Risk

As organizations continue to struggle with the quantity and rate of regulatory change, the need for cohesive and proficient compliance programs that maximize efficiency has never been greater. As a result, SecureWorks believes an effective compliance management system is comprised of three components to ensure success:  a) Board, Audit and management impact and oversight; b) an organization-wide holistic compliance program; and c) point-in-time assessments through compliance audits and gap analysis.

Speaker: Mihir Mistry, Sr. Security Manager, SecureWorks

Session IX | Friday | 9:50 a.m. - 10:50 a.m.

51. RISK MANAGEMENT AND REPORTING: Dos and Don’ts of Establishing Metrics that Cultivate Real Security

To be effective, security teams need to move their focus from counting problems and measuring “work” to those that incentivize behaviors that reduce risk. Security metrics need to account for probabilities, impact and loss frequencies to ensure your limited resources are focused on risk reduction. In this session we’ll discuss what makes up a good security metrics program and how to develop and operationalize these using risk management and a data-driven approach.

Speaker: Ed Bellis, Co-Founder and CTO, Kenna Security

Session VIII | Friday | 8:30 a.m. - 9:30 a.m.