Enterprise Risk / Security Management: Minneapolis


Strategies for reducing risk to the enterprise.


June 6, 2018




7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: Minneapolis Convention Center



In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.


With all of these challenges, how do you make this happen?


In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn


In this one day conference attendees will learn:

  • AI: The Good, the Bad, and Reality
  • Threats to Cyber Resilience and How to Overcome Them
  • A Risk Adaptive Approach to Data Protection
  • Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)
  • The Threat of Fileless Malware
  • Managing Security Risk at the Speed of Business (Panel discussion)


Conference Program

8:00am – 9:00am: Registration and Continental Breakfast

9:00am-10:00am: AI: The Good, the Bad, and Reality


Paul Mazzucco, Chief Security Officer, TierPoint


TierPoint’s Paul Mazzucco discusses:

  • Baseline understanding of the DarkNet or Dark Web and its impact on Enterprises
  • The Double Edged Sword of Artificial Intelligence
  • The Next Frontier in Attack Mitigation
  • The ever important Human Role in Attack Mitigation



10:00am -10:30am: Refreshment Break

10:30am-11:30am: A Risk Adaptive Approach to Data Protection

Mark Bennett, Sr. UEBA & Insider Threat Specialist, Forcepoint


Every IT security department’s job, to protect data, has become more challenging as the security perimeter has dissolved with the adoption of cloud applications. The traditional threat-centric approach is to apply rigid policies to a dynamic environment and decide what is good or bad without context. This black and white approach results in frustrated users and overwhelmed admins. The reality is, everybody operates in the grey. Join us as we discuss a new human-centric approach to security, which considers the context of user behavior and adapts appropriately to help security teams make better decisions. We will explore how an effective data security system should cut through the noise of alerts and provide early warning signals to prevent the loss of important data.




11:30am-12:30pm: Trends in Information Security Protection from 1993-2018


Carlos Munoz, Regional Director, Menlo Security
David Klein, Senior Security Engineer, Menlo Security


The threats have become much more advanced over the past two decades and striking us at an exceedingly aggressive pace.  In this session, Carlos, will cover the trends and where things are headed and how our methodologies need to change.



12:30pm – 1:30pm Luncheon

1:30pm-2:30pm: Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)


David Sommers, Regional Director, Cybereason
Sara Ratner, SVP – Compliance and Corporate Systems, RedBrick Health
Brad Quast, Senior Compliance Director & Data Privacy Officer, Allianz Life
Rob Hanson, Head of Information Security, Privacy and Cyber Risk (CISO, DPO), National Donor Marrow Program
Marina Kapustin, Principal IS&T Risk and Compliance Analyst, HealthPartners
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned



Topics that will be covered include:

  • Contract outlining the business relationship between your organization and 3rd party vendor
  • How to monitor vendor performance to ensure that contractual obligations are being met
  • Guidelines regarding which party will have access to what information as part of the agreement
  • How to ensure that 3rd party vendors meet regulatory compliance guidelines for your industry


Ratner       Quast          Hanson      Kapustin

2:30pm – 3:00pm: Refreshment Break

3:00pm-4:00pm: The Threat of Fileless Malware


Jim Van De Ryt, SE, Cybereason


As cyber threat adversaries evolve, so do their methods. Today, file-less malware is more prevalent in organization’s environment than file-based malware because file-based malware can be detected and blocked with current security controls due to the fact that file-based malware is detectable via artifacts known as Indicators Of Compromise. To resolve this dilemma, cyber threat adversaries had to find a way to complete their malicious operations without being detected by current controls. Since file-less malware leaves almost no artifacts, there can be no threat detection or threat hunt using Indicators Of Compromise because no IOCs exist. Instead, Tactics, Techniques and Procedures (TTPs) that cyber threat adversaries use are the way to detect modern attack scenarios.



4:00pm-5:00pm: Managing Security Risk at the Speed of Business (Panel discussion)


Rob Slaughter, Manager, Infoblox
James Straub, Director, Information Security, Bright Health
Teresa Luke, IS&T Director Risk and Compliance, HealthPartners
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned


As a valued partner to the business, CISOs need to lead with business first execution.


In this session, attendees will learn from CISOs/Security Executives as to how they are:

  • Leading a business first mentality
  • Looking at every security risk decision through the lens of business impact
  • How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
  • Understand what Cloud/DevOps/Digital mean for your risk management program



Straub         Luke

Conference Price: $289.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.



As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

Conference Co-Sponsors