CISO New Jersey Summit | October 10, 2017 | Hilton Meadowlands - East Rutherford, NJ, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Tuesday, October 10, 2017 - CISO New Jersey Summit

7:00 am - 7:55 am

Registration and Networking Breakfast

 

8:00 am - 8:10 am

Welcome Address and Opening Remarks

 

8:10 am - 8:40 am

Keynote Presentation

Addressing Privacy on a Global Scale

Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.

Takeaways:

  • Privacy is one of the most challenging issues for any business and CISO to address
  • The difference in regulations between and among European countries (both those in and out of the EU itself) and North American ones means traversing a fraught landscape
  • A strong approach to privacy that addresses global differences is essential to being a stable and viable global business

Presented by:

Roland Cloutier, CISO, ADP View details

 
 
 

8:45 am - 9:15 am

Keynote Presentation

Security's Place in Enterprise Risk Management

While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.

Takeaways:

  • Just because information security is an aspect of enterprise risk doesn't mean that the CISO needs to take a back seat position
  • Enterprise risk is defined by the business but needs to be quantified by an expert; CISOs bring risk quantification expertise to the table
  • The end goal is not about fiefdoms and ownership, it is about improving enterprise value and success; maintaining focus is essential
 

9:20 am - 9:45 am

Executive Exchange

 

Thought Leadership

Identity and the New Age of Enterprise Security

From a technology standpoint, as a society the world of business has gone through two distinct stages in the evolution of its information security focus. The first addressed network based protection and preventative controls such as firewalls and anti-malware. The second looked at data-centric and detective controls such as encryption and intrusion/extrusion monitoring. Since breaches continue to occur at a record pace, what is need new is clearly a new evolution, one that pushes towards individual focused security through granular user monitoring and management as provided by solutions such as Identity and Access Management. While IAM isn't a new technology field, it is one whose time has come and CISO need to begin investing in modern-day, light-weight, easy to implement IAM solutions now to stay ahead of the curve, and reduce enterprise threats.

Takeaways:

  • The breach onslaught demonstrates that existing security solutions are incapable of defending current threats
  • Enterprises need to begin looking at security from an activity perspective rather than an artifact perspective
  • IAM provides activity insight, and therefore threat awareness, no other platform can equal

Sponsored by:

Fortinet View details

 
 
 

9:50 am - 10:15 am

Executive Exchange

 

Executive Boardroom

Increase Your Security Intelligence and Enterprise Compliance

The breadth and depth of security threats that are targeting the modern enterprise are bordering on overwhelming, but they're not alone as the breadth and depth of security solutions are also bordering on overwhelming. When security managers have to respond to alerts and warnings from dozens of security systems, and CISOs have to make strategic decisions based on fragmented data, it's hard to argue that security is improving. Security Information and Event Management (SIEM) platforms that aggregate the vast quantities of data, correlate diverse events, and filter the signal from the noise are allowing enterprises to get back ahead of the curve and make appropriate tactical and strategic decisions.

Takeaways:

  • The life of enterprise security staff is being complicated not just by the threats they face, but the tools they use
  • Abandoning tools isn't an option and CISOs need to help themselves and their staff get ahead of the curve
  • SIEM offers significant benefits in separating the wheat from the chaff and letting the business actually become secure

Executive Boardroom

Improving Email Deliverability AND Security

It may seem self-evident, but email is still the predominant form of business communication whether in B2B or B2C channels with business sending over 100 billion emails each and every day. Not all of this traffic is legitimate, desired, or safe however with estimates that as much as 90% of all email traffic can be considered spam or worse. In this environment businesses need to ensure that the email they send is viewed as trustworthy, and that the mail they receive is safe of threats. To do this email authentication is imperative and DMARC, Domain-based Message Authentication, Reporting, and Conformance is the gold standard. While DMARC policies are published to public DNS servers and already protect up to 60% of mailboxes for the most part these are public mailboxes from consumer email providers and many businesses are still on the outside looking in. Savvy IT Leaders know that they need to leverage commercial solutions that streamline DMARC management for their own email infrastructure to ensure they are protected from threats, and able to communicate with partners, clients, and prospects.

Takeaways:

  • Email authentication is essential in today's spam-centric world to ensure deliverability of key business communications
  • Email authentication also ensures businesses are protected from the myriad email based security threats that assail them every day
  • DMARC provides this protection but management can be convoluted and time consuming without focused management solutions
 

10:20 am - 10:30 am

Morning Networking Coffee Break

 

10:35 am - 11:00 am

Executive Exchange

 

Think Tank

Building Dynamic Security Teams

There's no other way to say it than bluntly; Information Security is a white-hot field within Information Technology as a whole " over the last dozen years it has gone from after-thought, to scapegoat, to critical enterprise success factor. As a result, the need for capable and qualified Information Security specialists, whether front-line Analysts, mid-level Managers, or top level CISOs is at an all time high, but personnel and skills availability is sinking to an all-time (at least in terms of supply and demand ratio) low. There simply isn't enough expertise in existence to go around, or enough education occurring to create it. In this environment, senior Information Security leaders have to get creative in their pursuit of the people, performance, and passion necessary to address this capability shortfall.

Takeaways:

  • Learn how to build grass-roots programs that cultivate a farm full of potential security experts through internal and collaborative programs
  • Find out how to leverage key organizational traits to generate buzz and interest where none existed before
  • Understand the relevance of certs vs. experience and how to evaluate and validate the value of candidates

Think Tank

Utilizing Situational Awareness to Combat Ransomware!

Security situational awareness is an essential building block in order to estimate security level of systems and to decide how to protect networked systems from cyber-attacks. Thus it could be a great tool to use against ransomware attacks. Paying the ransom to regain access to data carries unacceptable risks. The attacker could refuse to unencrypt the data, or the payment could encourage additional malicious activity. Organizations of all sizes can take several actions to mitigate the threat of ransomware. We will look at situational awareness as one proactive tool.

 

11:05 am - 11:30 am

Executive Exchange

 

Case Study

Is Security Obscuring the Benefit of the Cloud?

Cloud delivered computing services, whether Software, Platform, or Infrastructure as a Service offer the potential of significant business advantages such as reduced cost and increased flexibility. These advantages however come with very real risks, chief among them security concerns and the risk of data and compliance breaches " how do you secure what you can't see, touch, and control? Join our panel as we explore both the security and compliance issues inherent in Cloud deployments, look at the hidden issues that first time Cloud adopters may simply not be aware of, and discuss through solutions that can be used to address these challenges and allow enterprises to fully and firmly embrace the Cloud.

Takeaways:

  • Be exposed to the true security and compliance cloud threat landscape
  • Learn how successful cloud adopters have mitigated these risks
  • Discover how to build cloud protection capabilities keyed to your needs
 

11:35 am - 12:00 pm

Executive Exchange

 

Executive Boardroom

Securing Divergent Endpoints

Over the last few years, as cloud and mobile technologies have taken hold within the enterprise, the concept of the network perimeter has dissolved, and with it the concepts around traditional network security. The broad scale adoption of IoT technologies however will make this first phase of network disaggregation seem trivial in comparison as enterprises begin to connect to not just thousands but millions of disparate and divergent endpoints. To ensure appropriate security in such a dispersed networking world and entirely new paradigm to security will be required that encompasses not just wildly diverse types of devices in wildly diverse locations, but the threat of low-powered, low complexity endpoints that have no internal capacity for monitored and managed security capabilities.

Takeaways:

  • The number and type of enterprise endpoints is about to go through explosive growth and each of these endpoints will represent security threat
  • These new endpoints will not have the capacity for internal security and so central security solutions will be required to ensure appropriate protection
  • The volume and variety of new security data feeds and security threat info will overwhelm traditional security platforms and capabilities

Executive Boardroom

The Year of Ransomware: Can Technology Alone Prevent Phishing Attacks and Breaches?
2016 is certainly shaping up to be the year of the ransomware attack. As ransomware and phishing attacks continue to grow in number and sophistication, organizations need to reconsider their current security strategy. Companies continue to invest billions of dollars in technology to shore up their defenses against these threats. But is that enough? Is complete reliance on technology the answer? Or should we focus on the human and human behavior?

Sponsored by:

PhishMe View details

 
 
 

12:05 pm - 12:30 pm

Executive Exchange

 

Think Tank

Robots and Automation Systems in the Cloud - Contrasting the Potential Advantages and Negatives Related to Security and Privacy

Robots and automation systems are no longer limited by onboard resources in computation, memory, or software. "Cloud Robotics and Automation" is where robots and automation systems share data and code and perform computation via networks building on emerging research in cloud computing. 

  • Teleoperation and cloud technologies will cause mass consumerization of robotics over the next five years
  • Between 2017 and 2022, Cloud Robotics will facilitate a major shift of manufacturing into cloud infrastructure 
  • The combined Cloud Robotics market will reach $18.2 billion by 2022

Think Tank

The Blockchain & Enhanced security

There is a definite need to rethink the future of identity management on the web. The ability to verify your identity is the lynchpin of financial transactions that happen online. In today's digital age, an individual's identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. However, remedies for the security risks that come with web commerce are imperfect at best. IF Blockchain is the answer? how are you going to take it from being seen by senior management, as a futuristic solution to the way your organization may survive competition in the next five years. 

Takeaways:

  • Growth of trusted Blockchain providers is growing exponentially
  • It's not just the financial industry this will affect Retail, Health Care...are going to be in for the pound as well as in for the bitcoin.
  • Uses for Blockchain from ecommerce to supply chain management

 

12:35 pm - 1:20 pm

Networking Luncheon

 

1:25 pm - 1:50 pm

Executive Exchange

 

Think Tank

GDPR is Coming - Is your Cyber Security Program prepared?

The EU's General Data Protection Regulation goes into effect in May 2017 and tightens privacy protections for EU residents by outlining new provisions and compliance requirements for -personal data-. The new regulation may have serious implications to an organization's Cyber Security program. This Think Tank will discuss general themes the CISO should consider as they prepare their organization to obtain GDPR compliance. 

Takeaways: 

  • Understand key components of GDPR and how they may impact your organization's Cyber Security program 
  • Highlight core Cyber Security practices that should be established and implemented to prepare for GDPR compliance 
  • Discuss ongoing efforts that may be needed to maintain compliance

Presented by:

Nashira Layade, CISO, Realogy Holding Corp. View details

 
 

Think Tank

Building a Collaborative and Social IT Security Program

In todays environment there can be no arguing that a comprehensive IT Security program is a de facto requirement for every organization. Such a program needs to address the full range of security threats that can be leveraged against an organization, needs to be integrated into whatever regulatory and governance requirements exist, but beyond that it needs to be accessible, consumable, and actionable by everyone that is influenced by it, or interacts with it. Building a program that is shared through social channels and relies on the collaborative input of employees and constituents for not only creation but enforcement will drive higher levels of adoption, responsiveness and, ultimately, protection.

Takeaways:

  • A security program, that is the stated intentions of the organization combined with the policies and tools to back those intentions up is essential
  • The program needs to be easily communicated, easily consumed, and easily complied with
  • Using an open social and collaborative approach to creation, distribution, and enforcement ensure greater adoption and ultimately greater security
 

1:55 pm - 2:20 pm

Executive Exchange

 

Share:

Thought Leadership

Comprehensive Visibility: Is it a Technical Challenge, or a Business Challenge?

In the constantly changing landscape of cyber risk, security and risk management teams (including executives and board members) are increasingly forced to take ownership of and accountability relating to digital risks. Yet, many lack the critical knowledge to make effective risk management decisions and incorporate them into their overall business strategy. This inevitably leads to security strategies which are ineffective and reactionary. This presentation will outline RSA's Business-Driven Security strategy, and will focus on the importance of comprehensive visibility (for both security and risk management teams).

Sponsored by:

RSA View details

 
 
 

2:25 pm - 2:50 pm

Executive Exchange

 

Executive Boardroom

Cyber-Espionage and the Advanced Persistent Threat

More and more C-level executives are realizing that cyber security is not just an IT function given the far-reaching and direct impact that cyber security threats can have on current and future business operations. As is evidenced in recent reports from security providers such as Mendicant, McAfee, SentinelOne and others, cyber espionage attacks by APT actors are breaching organizations both large and small, public and private. Whether the objective is Intellectual Property (IP), M&A information, financial records, or other business-sensitive protected data losses can result in significant brand, reputation, and financial impacts. To counter these risks, CISOs need to realize that traditional security techniques are insufficient, and that a new tier of security solutions are required to defend against the APT attack.

Takeaways:

  • The era of cheap, powerful, and unique security threats is upon us and in this era traditional tools are insufficient
  • These Advanced Persistent Threats can be targeted at any organization, not just the biggest and the richest
  • Tools that allow for quick detection AND dynamic response are key; it's not just finding the door is open, but closing it quickly that is key

Executive Boardroom

Applying Big Data Principles to Security Paradigms

Volume, variety, velocity, veracity; all four of the hallmarks of Big Data have a clear fit in the world of security as the number of threats grows, their natures diverge, the speed with they are encountered (and subsequently have to be dealt with) accelerates, and the need to be ever more accurate enhances. As enterprises have made significant investments in Big Data programs and analytics platforms, they are beginning to reap real benefits in terms of business efficiency and innovation. The time then has come to begin applying those same principles and platforms to the security challenges facing enterprises to allow for faster, more effective overall security.

Takeaways:

  • The nature of the enterprise security challenge closely mimics many of the Big Data challenges business are beginning to learn how to solve
  • Just as Big Data challenges required different tools to address for Line of Business and general IT issues, so they will for information security challengeSecurity must become the next focus for analytics capabilities, and analytics the next focus for security professionals
 

2:55 pm - 3:20 pm

Executive Exchange

 

Think Tank

Data-Centric Security

For years the security focus of the enterprise was to build a hardened perimeter at the edge of the network, an impenetrable shell that kept the good out and the bad in. Over the last few years this model has fallen by the wayside. Technologies such as Cloud and Mobility have pushed the enterprise beyond its traditional perimeter while increased levels of partnership have created inroads through that shell. As a result, infrastructure based security is no longer sufficient or appropriate and enterprises everywhere are having to make the shift to a new security paradigm, one that is centered on the data itself, not on the infrastructure that houses it.

Takeaways:

  • Learn the principles of data-centric security
  • Understand the role encryption plays and how it should be integrated
  • Determine when and where data monitoring tools make sense

Think Tank

The Three Amigos of Manufacturing and Retail

Be Secure - Take a measured, risk-based approach to what is secured and how to secure it. 
Be Vigilant - Monitor systems, applications, people, and the outside environment to detect incidents more effectively. Be Resilient - Be prepared for incidents and decrease their business impact by improving organizational preparedness to address cyber incidents before they escalate. 

Takeaways: 

  • Managing cyber risks as a team and strategies for deployment of enterprise and emerging technologies
  • Actively monitor the dynamic threat landscape 
  • Retain and use lessons learned

 

3:25 pm - 3:35 pm

Afternoon Networking Coffee Break

 

3:40 pm - 4:05 pm

Executive Exchange

 

Innovation Showcase

An exclusive opportunity to be exposed to the hottest new solutions providers in a quick-hit format designed to whet the appetite and spark immediate interest.

Sponsored by:

Arbor Networks View details

 
 
 

4:10 pm - 4:35 pm

Executive Exchange

 

Think Tank

Disaster Recovery and Preparing for the Inevitable

Like death and taxes, IT outages are an inevitability whether as the result of power loss, telecommunications outage, or any one of a myriad other potential technical and non-technical issues. In this environment, the savvy CIO knows that what matters most is preparation â?" being ready for that next outage with an IT infrastructure that is both resilient and flexible and Disaster Recovery procedures that allow for efficient and effective recovery, balancing Recovery Time and Recovery Point objectives with appropriate cost. Disasters happen but with proper planning they don't have to be disastrous to your business.

Takeaways:

  • In the event of a severe outage, businesses without a Disaster Recovery plan are at a significant disadvantage when it comes to recoverability and viability
  • DR planning cannot be an ?at all costs? proposition and appropriate planning must take into account reasonable Recovery Time and Recovery Point objectives
  • Catastrophic outages get the press but are the thin end of the wedge â?" minor service interruptions are far more common and must be planned for as well

Think Tank

How to be Socially Secure (or Securely Social)

Social media is the least hyped and potentially least adopted of the so-called disruptive technologies, at least by enterprises in general. This doesn't mean that employees are embracing these tools personally however, nor does it mean that enterprises should continue to avoid them. The fact of the matter is social platforms allow for incredible levels of interaction that when harnessed can lead to significant creativity and productivity gains allowing enterprises that adopt and encourage the use of social collaboration platforms to be more successful than their non-social peers. But every newly adopted technology brings with it unique problems and so it is the CISOs job to provide the secure landscape within which this social collaboration, both internal and external, sanctioned and not, can occur.

Takeaways:

  • Your employees are already social whether you realize it or not, facilitate it or not so ignoring the issue only leads to greater security problems
  • Social collaboration presents a real security threat as information is more freely shared, and interactions occur outside the boundaries of enterprise control
  • Social security programs must be built in layers, addressing first unsanctioned use, then sanctioned all while differentiating between internal and external social activity
 

4:40 pm - 5:20 pm

Executive Visions

Facilitating Technology-Enabled Business Transformation

The role of the modern IT Executive is more complex than it has ever been before, not just because the technology landscape has become more complex, but also because increasingly IT execs have had to become a business-focused executive, not just a technologist. Long have we talked about the CIO and CISO getting a seat at the table but modern businesses are now demanding that their technology impresario join them and leverage his deep and rich technical acumen to allow the organization as a whole to better position itself for market-place success. To be successful, CxOs need to invest in themselves, in their personnel, and in the right technologies to allow them to position the IT department to proactively address business needs as an innovator and driver, rather than order-taker and enabler.

Takeaways:

  • IT leadership can no longer be simply technology focused, but must instead take their visibility into business process and become business focused
  • A broader business-focus does not preclude maintaining technology excellence however and indeed may demand more of it than ever before
  • Success for CxOs will be measured not in how they can enable enterprise decisions, but in how they can drive growth
 

5:20 pm - 5:30 pm

Thank You Address and Closing Remarks

 

5:30 pm - 7:00 pm

Cocktail Reception