Enterprise Risk / Security Management


Strategies for reducing risk to the enterprise.


October 1, 2020


9:00am-5:00pm CST


7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: ONLINE




In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.


With all of these challenges, how do you make this happen?


In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn


In this one day conference attendees will learn:

  • 2020/2021: What are the Top Threats to Your Business and How Should You Prepare?
  • Security and Risk Management Trends / Protecting your Data During a Pandemic
  • “No More Soft Chewy Centers” – Applying Zero Trust to Prevent and Respond to Breaches In Today’s Data Centers and Clouds
  • Metrics and Resources: How To Get Free Gold
  • CISO Leadership – How to Lead Your Team During Crisis (Panel discussion)
  • How to Integrate Security Planning into Digital Transformation Efforts (Panel discussion)


Conference Price: $0.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

8:45am-9:00am: Registration and Networking

9:00am-9:50am: Threat Actors’ New Blueprint: Combining Email and Cloud Threat


Tim Choi, VP Product Marketing, Proofpoint
Christopher Iezzoni, Director, Threat Intelligence, Proofpoint


The campaigns that combine email and cloud vectors are on the rise. In this session, we will expose how attackers use legitimate cloud services, like Microsoft Sharepoint, to redirect people to phishing sites, phish for login credentials and Office 365 OAuth tokens, or compromise a cloud account to launch a BEC attack.

In this session, Tim and Chris will cover what they see in changes in threats associated with email and cloud.



Choi            Iezzoni

9:50am -10:20am: Networking Break

10:20am-11:10am: Security and Risk Management Trends / Protecting your Data During a Pandemic  


Jacob Ansari, Senior Manager, Schellman & Company


Topics that will be covered during this session will include:

  • Pandemic has forced us to look forward for both existing assessment method and for the future
  • Remote methods of observation and other assurances have been largely successful in the last six months
  • New standards emerging to drive better security and offer more latitude
  • PCI SSF and PCI DSS 4.0 allow more focus on objectives vs. prescriptive requirements



11:10am-12:00pm: Zero Trust and Secure Access: What, Why, How, Where, When


Scott Gordon (CISSP), Chief Marketing Officer, Pulse Secure


In this interactive session Scott will explore:

  • Current hybrid IT and post-pandemic secure access drivers
  • Zero Trust tenets applied to secure access
  • Software Defined Perimeter advantages
  • Zero Trust Network Access (ZTNA) considerations
  • Consolidating your secure access tech stack
  • Migrating to cloud-delivered secure access
  • Mitigating access risks: dark cloud, CARTA, UEBA




12:00pm – 12:50pm Lunch

12:50pm-1:40pm: Metrics and Resources: How To Get Free Gold


Edward Marchewka, Director, Information and Technology Services, Gift of Hope Organ & Tissue Donor Network


In this session, Edward will discuss:

  • Communicating Information Security Risks
  • Gaining/Earning needed resources
  • What to tactically measure
  • Visualization discussion
  • Demo of prioritizing with aggregated KRIs



1:40pm – 2:30pm: When VLANs, Firewalls, & Cloud Security Groups Fail


William Sims, Senior Sales Engineer, Guardicore


Business, viewing IT as a competitive differentiator has demanded speed, efficiencies and enterprise environments that integrate easily into business processes.  IT has delivered utilizing DevOPs/Cloud Models.   Along with it has come risk, compliance concerns and IT management hassles.  Traditional segmentation techniques like VLANs, Firewalls and Cloud Security Groups fail to provide visibility, automation and granular protection enough to be utilized.  Micro-Segmentation, also known as Software-Defined Segmentation has risen to handle a broad spectrum of use cases and provide that much needed speed, granularity and automation necessary to succeed.


We will dive into the concept of software-defined segmentation and the challenges it brings about, along with outlining the essential components and steps that should be on your list when embarking on a segmentation project to guarantee an improved security posture.




2:30pm – 3:00pm: Refreshment Break

3:00pm-3:50pm: CISO Leadership – How to Lead Your Team During Crisis (Panel discussion)


Tuyen Tran, Regional Manager, Zerto
Joe Barnes, Chief Privacy and Security Officer, Assistant HIPAA Privacy and Security Official, University of Illinois at Urbana-Champaign, University of Illinois
Victor Hsiang, CISO, GATX
Greg Bee, CISO, Pekin Insurance
Todd Drake, Head of SDI Business Relationship Management – NA and SOI Service Strategy Support, Zurich
and other
CISOs and IT Security Executives sharing strategies, tactics and lessons learned


Every day we are bombarded with more aggressive threats and the pressure on IT becomes more intense. How do we lead and keep up morale in this never ending fight? How do we keep our teams engaged when they are being heavily recruited by your competitors? How will you effectively lead when every day presents another crisis?



Barnes       Hsiang         Bee             Drake         Tran

3:50pm-4:40pm: How to Integrate Security Planning/Zero Trust into Digital Transformation Efforts (Panel discussion)


Cliff Hieronymus, RSD, Ordr
Ed Ho, Chief Information Security Officer, Navistar
James Mountain, Director of Information Security, Information Technology, Palmer College
Richard Rushing, CISO, Motorola Mobility
and other CISOs and IT Security Executives sharing strategies, tactics and lessons learned


Digital transformation initiatives continue to question conventional information risk and security management. It requires a focused digital security program based on a clear vision and strategy.


In this session attendees will learn how to:

  • articulate a compelling vision for security and risk management.
  • identify the key ‘digital differences’ that must be integrated into the security program.



Ho           Mountain     Rushing    Hieronymus


As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.