Skip to content

PAST EVENTS

Enterprise Risk / Security Management

Strategies and techniques for leading and guiding a business driven risk/security approach during dynamic times.

February 21, 2019

8:30am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois


Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.


What You Will Learn

In this one day conference attendees will learn:

  • Reducing the Risk of An Attack: Getting the Most from Assessments/Pen Tests/Red Team Exercises
  • 2019: What are the Top Threats to Your Business and How Should You Prepare?
  • Effective Procurement and Vendor Management Strategy for IT Security
  • CISO Leadership – How to Lead Your Team During Crisis (Panel discussion)
  • Digital Business and Your Security Architecture
  • A Security Framework for Cloud Computing
  • Managing Security Risk at the Speed of Business (Panel discussion)

Conference Price: $289.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.


Conference Program


7:00am – 8:30am: Registration and Continental Breakfast


8:30am-9:20am: Reducing the Risk of An Attack: Getting the Most from Assessments/Pen Tests/Red Team Exercises

Derek Milroy, Senior Security Engineer, US Cellular

In this session, Derek will provide you with a framework to get the most from your assessments, pen tests and red team exercises.


Milroy


9:20am -10:10am:  Close the Policy to Execution Gap to Manage Risk

Altaz Valani, Director of Research, Security Compass

One of the biggest challenges facing organizations today is the need to manage cybersecurity risk without slowing down the business. Our research has shown that a root cause of this problem lies in an incomplete Policy to Execution pipeline for custom software systems. Creating this pipeline addresses two fundamental requirements for risk management today:

  1. Obtaining near real time status of risk
  2. Adherence to an established Risk Management Framework

We intend to demonstrate the creation of a tool agnostic Policy to Execution pipeline through a use case using NIST Risk Management Framework, ISO 27001, COBIT, and secure coding standards. We will walk through the traceability achieved by mapping the frameworks to achieve bi-directional traceability for near real time risk management.

In addition to the pipeline, we will also discuss essential business architecture to enable the creation of a Policy to Execution pipeline. It will include a discussion on integrating Risk, Security, Compliance, Development, and Operations teams as a normative practice for achieving near real time risk management for custom software systems.

In the end, Policy to Execution and its concrete applications like DevSecOps are essential to helping organizations manage their cybersecurity risk without slowing down.

Key takeaways from this presentation will be:

  • Identification of a Policy to Execution gap
  • Resolution of the gap through a compliance and governance risk use case
  • Business architecture requirements to achieve an efficient Policy to Execution pipeline


Valani


10:10am – 10:40am Refreshment Break


10:40am-11:30am: 2019: What are the Top Threats to Your Business and How Should You Prepare?

Richard Hahn, Manager, Information Security Consulting, Sungard

The environment grows more dangerous daily. How should you plan for 2019?

In this session particular attention will be paid to the following:

  • Phishing Schemes
  • Cloud Cyber Security Threats
  • Cryptojacking
  • Ransomware
  • Unsecured IoT Devices
  • Attacks on Operational Technology (OT) Systems

Attendees will be provided with a framework and suggestions to help reduce the risks in these areas.


Hahn


11:30am-12:20pm: Effective Procurement and Vendor Management Strategy for IT Security

Michael Winkler, Director Information Security & Compliance, Matthews International

The number of Information Security Vendors has been increasing for several years with no signs of slowing. Vendors have leveraged Fear, Uncertainty and Doubt to drive their agenda at the board level, often influencing strategic decisions before IT Security departments have a chance to weigh in. With the desire to maximize profits, vendors can have an upper hand when not properly managed. Using real world examples and a proven strategy, this presentation will help demystify product hype, identify true differentiating factors, and maximize investment dollars.

What You Will Learn:

  • Owning the Security Strategy & Value Proposition
  • Selling Concepts Internally
  • Engaging Procurement Professionals
  • Effective Vendor Selection Processes
  • In-Depth Negotiation Strategy & Process: How to Leave Nothing on the Table


Winkler


12:20pm – 1:00pm Luncheon


1:00pm – 1:50pm:  CISO Leadership – How to Lead Your Team During Crisis (Panel discussion)

Moderator:
Steve Shelton, RSM, Avanan
Panelists:
Adam Zoller, Chief Information Security Officer, GE Healthcare
Syed Hussaini, CISO, Director of Cybersecurity, Grant Thornton
Victor Hsiang, CISO, GATX
Craig George, CISO, Central States Funds
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned

Every day we are bombarded with more aggressive threats and the pressure on IT becomes more intense. How do we lead and keep up morale in this never ending fight? How do we keep our teams engaged when they are being heavily recruited by your competitors? How will you effectively lead when every day presents another crisis?

                    
Hussaini      Zoller        Hsiang       George         Shelton


1:50pm-2:40pm: Navigating IOT- The Digital Revolution During InfoSec’s Mid-Life Crisis

Jim Hebler, Director of Americas’ CyberSecurity Solutions, Pulse Secure

Hebler’s passionate-dynamic presentation evolves in unison with that week’s headlines as he takes his audience on the daunting realities and challenges of rapid change, aligning demographics, tech-savvy solutions, and overwhelming change at the intersection where fear, human-fragility and the Art-of-the Possible intersect.

Developed to inform, educate, captivate while providing fact-based perspective, Navigating IOT- The Digital Revolution During InfoSec’s Mid-Life Crisis is sure to keep audiences thinking and talking – and hopefully taking action – moving forward post-the-presentation.


Hebler


2:40pm – 3:10pm: Refreshment Break


3:10pm-4:00pm: A Security Framework for Cloud Computing


Nathan Smolenski, Director, Enterprise Strategy, Netskope

This session will explore the challenges and issues of security concerns of cloud computing through different standards and solutions. It will provide an analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, with a focus on IaaS and PaaS systems.


Smolenski


4:00pm-5:00pm: Managing Security Risk at the Speed of Business (Panel discussion)

Moderator:
Dave Klein, Senior Director, Engineering & Architecture, GuardiCore
Panelists:
Mia Boom-Ibes, VP of Security Innovation, Strategy, Analytics, and GRC, Allstate Insurance
Jenny Inserro, Senior Director, HealthTech Governance Risk and Compliance, Health Care Service Corporation
Seth McCallister, Chief Information Security Officer, HUB International Limited
Corbin Del Carlo, Cyber Security and Data Privacy Director and Advocate, Discover
Jesse Miller, CISO, Stratosphere Networks, LLC
Siavash Kazemian, Senior Security Engineer, Morphisec
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned

As a valued partner to the business, CISOs need to lead with business first execution.

In this session, attendees will learn from CISOs/Security Executives as to how they are:

  • Leading a business first mentality
  • Looking at every security risk decision through the lens of business impact
  • How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
  • Understand what Cloud/DevOps/Digital mean for your risk management program

                                   
Boom-Ibes  McCallister     Miller       Del Carlo      Inserro        Kazemian     Klein


Conference Price: $289.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.


Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.


CONFERENCE CO-SPONSORS