PAST EVENTS
Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare)
Strategies for reducing risk to the enterprise.
June 20, 2024
9:00am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Overview
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.
What You Will Learn
In this one day conference we’ll cover:
- 2023 Cyber Threat Landscape: Insights and Predictions for 2024 & Beyond
- How Security and the CSO Can Build Trust with the Business (Panel Discussion)
- Gaps in EASM and Why Accuracy Matters
- The Power of Network Visibility for Threat Detection and Response
- INFOSEC Basics, Not So Basic After All – How They Actually Contribute to Your Risk
- Driving a Culture of Security Consciousness in Your Organization (Panel Discussion)
- Beyond Buzzwords: Practical Tactics for Modern Network Segmentation
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
CONFERENCE AGENDA
8:00am – 9:00am: Registration and Continental Breakfast
9:00am – 9:50am: INFOSEC Basics, Not So Basic After All – How They Actually Contribute to Your Risk
Derek Milroy, Senior Security Architect, U.S. Cellular
INFOSEC basics, they’re not so basic. And the (necessary) exceptions that result from mature “basics” processes can increase your risk.
This talk will be focused on how several of the “INFOSEC Basics” are difficult to implement, and how risks can come up no matter how mature your process are. (Disclaimers Matter 🙂 )
Milroy
9:50am – 10:20am: Refreshment & Exhibit Break
10:20am – 11:10am: 2023 Cyber Threat Landscape: Insights and Predictions for 2024 & Beyond
Megan Keeling, Senior Strategic Threat Intelligence Analyst, Recorded Future
Join us for an insightful presentation based on Insikt Group’s 2023 Annual Report, where we unveil critical cyber threat dynamics over the past year and offer forward-looking predictions into 2024 and beyond. Discover how cybercriminals exploited the interconnectedness of enterprise software to launch unprecedented attacks, like the MOVEit exploit, which marked a significant shift in the threat landscape. We’ll delve into the evolving use of generative AI by cyber threat actors, highlighting its impact on phishing and information operations. This session is a must-attend for those looking to understand the convergence of cybercrime with geopolitical instability.
Keeling
11:10am – 12:00pm: Beyond Buzzwords: Practical Tactics for Modern Network Segmentation
Ken Ward, Customer Engineer, Zero Networks
Looking to fast-track your zero trust journey? The NSA suggests saving segmentation as a last resort or deems it fit only for large and/or mature organizations with hefty budgets and resources to burn on complex, lengthy implementations. But it’s time to challenge that notion.
Join Ken Ward, Customer Engineer at Zero Networks, to see how segmentation is now accessible to organizations of any size and maturity level and can be deployed easily and effectively, halting lateral movement.
In this session, you’ll uncover how starting with segmentation not only stops lateral movement but also simplifies the entire zero trust roadmap, making the rest of the journey fall seamlessly into place.
Plus:
- What to look for when implementing a segmentation solution
- Modern MFA solutions have gaps – know what they are and how to navigate them
- Light on resources? Understand the difference between agent vs agentless solutions on the market today
Ward
12:00pm – 12:40pm: Lunch & Exhibit Break
12:40pm – 1:30pm: The Power of Network Visibility for Threat Detection and Response
Larry Hammond, Senior System Engineer, Stamus Networks
The network carries the lifeblood of every organization. And through modern threat detection and response technology, the network can provide visibility and uncover details that other threat detection tools will miss. Exposing these insights without the tumult of low quality alerts can allow SOC personnel to quickly spot and understand security events taking place in the environment. In this talk, we will provide overview guidance on how to implement network monitoring as either a starting point or as an augmentation to a more fully-developed cyber security program. And we’ll share tips on how to do so without generating an overwhelming volume of unnecessary alerts that the SOC team must address.
Hammond
1:30pm – 2:20pm: How Security and the CSO Can Build Trust with the Business (Panel Discussion)
This hour, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to ensure their efforts are in sync with business priorities.
Topics covered:
- How to leverage areas of value (reputation, regulation, revenue, resilience, and recession) for continued investment and security spending
- How to assess, understand, and define security’s current and future roles in the extended enterprise
- Where are security investments being made on personnel, processes, and technologies?
Moderated by Michael Corvo, RSD, Pentera
Panelists will include:
- Lori Kevin, Vice President, Enterprise IT & Security, Intelligent Medical Objects
- Nitin Raina, Global CISO and Global Head of Enterprise Risk, Thoughtworks
- Ron Zochalski, CTO & CISO, Lake County, Indiana Government
- Other CISOs/Information Security Executives sharing strategies, tactics and lessons learned
Corvo Kevin Raina Zochalski
2:20pm – 2:50pm: Refreshment & Exhibit Break
2:50pm – 3:40pm: Gaps in EASM and Why Accuracy Matters
Jeff Thurston, VP, Censys
Ever since Enterprises began establishing their presence on the Internet over 25 years ago, they’ve struggled to maintain accurate inventory of the systems, software, certificates and services that are presented publicly. Technology evolution such as the shift to cloud computing, CDNs, Work-From-Home combined with business events such as Mergers & Acquisitions have only complicated the visibility challenges. Vendor solutions to address these visibility gaps have been around for years, yet accuracy still remains elusive.
This session will:
- Highlight the key External Attack Surface visibility gaps that most enterprises face
- Describe the accuracy challenges seen in most of the common solutions and why they occur
- Offer concrete solutions to improve visibility and efficient management of your External Attack Surface
Thurston
3:40pm – 4:30pm: Driving a Culture of Security Consciousness in Your Organization (Panel Discussion)
The human firewall is the most frequent contributor to data breaches. Legacy approaches no longer effective. CIOs and CISOs must look beyond merely raising ‘security awareness’ and embed an overarching security culture in their organization.
Learn from CISOs and Information Security Executives as they share how they continue to build and deliver an effective security behavior and culture change program.
Moderated by: Scott Hunter, RSM, Snyk
Panelists will include:
- Juliet DeVries, Director, IT Security and Compliance. GTreasury
- Kevin Novak, Chief Information Security Officer, Old National Bancorp
- Mike Neuman, AVP, Security & Compliance, VelocityEHS
- Other CISOs/Information Security Executives sharing strategies, tactics and lessons learned
Hunter DeVries Novak Neuman
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.
CONFERENCE SPONSORS