EVENT SUMMARY


SIM's Cybersecurity Special Interest Group (SIG) is hosting its debut Virtual Conference on Thursday, September 28, 2017 from 11:00 am ET - 5:00 pm ET.  This exclusive, high-level event will offer attendees the opportunity to engage with the sharpest minds on topics such as emerging cyber threats and what it takes to ensure your organization's security.

 The virtual conference will offer two concurrent tracks:

 UNDERSTANDING YOUR RISK & BUILDING RESILIENCE
•      Ransomware & Other Cyber Threats, Why Are We Losing?
•      Legacy Systems to the Internet of Things… Defending it All?
•      Your Critical Assets – Cost Effective Risk Identification
•      What Does the Dark Web Mean to You?

 COMMUNICATING & MITIGATING ENTERPRISE SECURITY RISK
•      Top 5 Things to Tell Your Board About Cybersecurity Risk
•      Managing Your Risk Profile Through Your Attackers’ Eyes
•      Cyber Innovation as a Competitive Advantage
•      Cybersecurity Information Sharing – How Organizations are Doing it

Formed in June 2016, the Cybersecurity SIG's mission is to prepare members and their organizations to meet the challenges and mitigate the risks of tomorrow's ever changing cyber threat landscape.

The practitioner-led Cybersecurity SIG is the premier venue for executive leaders to address timely cybersecurity issues from a strategic perspective. Members gain access to educational forums, peer-to-peer exchange of best practices, and a resource library of actionable intellectual assets.

Register for the Cybersecurity Virtual Conference today!


The cost of registration is only $49 for SIM Members and $199 for non-members.

SESSIONS

All times are Eastern Time Printable Schedule || Times, presenters and sessions are subject to change.

11:00:34 AM
-to-
11:14:30 AM


Track:
Risk

11:14:30 AM
-to-
12:00 PM


Track:
Risk

Opening Keynote - The Future of Risk and Cybersecurity, 2018 & Beyond

Nicole  Eagan
Cyber security risk management is more than a technology solution. Organizations are adopting new safeguards for digital business models as they begin to secure for the potential of the Internet of Things. Many are taking a proactive approach to managing geopolitical threats as they begin to implement business-critical threat intelligence and information-sharing platforms. Join us as Nicole Eagan shares their insights into the future of cyber security and how organizations are managing the challenges as part of an integrated risk management program.


12:00 PM
-to-
12:03 PM


Track:
Risk

Spotlight on APC

 


12:03 PM
-to-
12:19:30 PM


Track:
Risk

Cyber News of the Day

Laszlo  Gonc


12:19:30 PM
-to-
12:50 PM


Track:
Risk

Equifax Breach: What Does this Really Mean?

Bryce  Austin


12:50 PM
-to-
12:55 PM


Track:
Risk

Spotlight on SIM Chapters

Steve  Hufford


12:55 PM
-to-
1:09:30 PM


Track:
Risk

How to Bounce Back from Cyber Fatigue

Tony  Buffomante
There’s a rising chorus of “cyber fatigue” permeating boardrooms today. This phenomenon arises at a time when avoiding negative PR is paramount for success. Executives concede that a breach is no longer a matter of “if” but “when”,” it’s a given that some decision makers are exhausted as they revisit the same discussion every year, every quarter and every month. Tony Buffomante, Principal, KPMG Cyber Security Services – US Lead will lead a discussion that will address many of the cyber challenges facing financial executives today including:

  • Identifying the symptoms of cyber fatigue
  • The high costs of data breaches
  • Aligning cyber security solutions to business priorities
  • 5 ways to combat cyber fatigue


12:55 PM
-to-
1:09:30 PM


Track:
Strategy

Segregation of Duties: A Cybersecurity Safeguard

Chris  Johnson
Established risk management practices in banking should be extended to IT operations. For example, Segregation of Duties is a solid foundation for sustainable risk management. Your chief lending officer would not approve loans, nor would one person handle outgoing wires; yet IT sets up and monitors email, keeps the network running, arranges penetration testing, reports to the board, and works directly with auditors. In this session, we will discuss Segregation of Duties in IT governance.

Sponsored by:


1:09:30 PM
-to-
1:40 PM


Track:
Risk

Legacy Systems to Internet of Things, Defending It All?

James  Routh
The pace of technology continues to rapidly advance and cyber threats along with it. As our organizations are implementing mobile applications and cloud solutions along side our legacy systems, we’ve become more vulnerable than ever. Add to that the oncoming “Internet of Things”. How is a CIO to protect the organization? Listen to James Rouh as he explores an approach to defend it all.


1:09:30 PM
-to-
1:40 PM


Track:
Strategy

Your Sector Profile Doesn't Matter, Managing Your Risk Profile Through Your Attackers' Eyes

Karl  Gumtow


1:40 PM
-to-
2:24 PM


Track:
Risk

Vendor & Networking Lounge

 


2:24 PM
-to-
2:55 PM


Track:
Risk

Your Critical Assets - Cost Effective Risk Identification

 
Curious about the risk posture of your fellow SIM members? Attend this session and see how easy it is to gather accurate vulnerability data without any privileged network access. Join Mohamoud Jibrell of NormShield as he presents a meta-analysis of the biggest threats facing conference attendees generated with nothing more than a company URL. Using actual data from conference attendees, you'll learn how to approach your networks--or the networks of the 3rd party vendors you work with--from the outside in, gaining a hacker's perspective of what to prioritize. Session attendees will receive their personalized risk scorecard so they can compare their own grades to the average SIM organization!

Sponsored by:


2:24 PM
-to-
2:55 PM


Track:
Risk

CyberSecurity Innovation as a Competitive Advantage

Diana  Kelley
Enterprises and consumers usually say that security and privacy of their data is of high importance, but priorities often shift when it comes down to paying more for these features. And providers and sellers that invest in stronger security may find themselves at a disadvantage - a higher price point than their competitors. What’s causing this cognitive dissonance? Why do we say we value and want better cybersecurity yet in practice resist paying extra for it? In this talk we’ll discuss the very emotional reasons that shift our perceptions when purchasing technology solutions and explain how vendors and provides can shift the narrative to transform investment in CyberSecurity innovation from a potential cost barrier into a competitive advantage.


2:55 PM
-to-
3:00 PM


Track:
Risk

Spotlight on RLF

Kevin  Ryan


3:00 PM
-to-
3:14:30 PM


Track:
Risk

Integrating New Disruptive Technologies into your Existing Infrastructure

Caston  Thomas


3:14:30 PM
-to-
3:45 PM


Track:
Risk

What is the Dark Web?

Michael  Echols
You’ve heard about it but do you really know what it is? Just beneath the surface of the internet lies the Dark Web. Also known as the deep web, navigating this Internet space can be confusing and potentially dangerous. It’s the hub of illegal activity and also the best place to remain 100% anonymous. Join Michael Echols to learn how to best utilize the dark web and when to stay away.


3:14:30 PM
-to-
3:45 PM


Track:
Strategy

Cybersecurity Information Sharing - How Organizations Are Doing It

Laszlo  Gonc


3:45 PM
-to-
3:50 PM


Track:
Risk

Spotlight on SIM Programs / STEM

Janis  O'Bryan


3:50 PM
-to-
4:04:30 PM


Track:
Risk

TBD

Bob  Reny


Sponsored by:


3:50 PM
-to-
4:04:30 PM


Track:
Strategy

Alphabet Soup: How to Make Sense of all of the Cybersecurity Credentials

Blake  Holman
Cybersecurity is today's hot profession. As a result, there are any number of organizations offering different types of credentials. Some cybersecurity certifications are far greater than others. And there are real problems with people gaming the system to become certified “on paper,” but still lack any true knowledge or skill. As a hiring leader, you might ask how important are certifications anyway? Do they still matter for senior level positions, or are they only important for people looking to progress in their careers?


4:04:30 PM
-to-
4:50 PM


Track:
Risk

Closing Keynote

Michael  Daniel


4:50 PM
-to-
5:00 PM


Track:
Risk

SPEAKERS

Bryce Austin

Bryce Austin started his technology career on a Commodore 64 computer and a cassette tape drive. Today he is a leading voice on emerging technology and cybersecurity issues. Bryce holds a CISM certification and is known as a thought leader, cybersecurity expert, and internationally recognized professional speaker. With over 10 years of experience as a Chief Information Officer and Chief Information Security Officer, Bryce actively advises the boards of companies in industries as diverse as financial services, retail, healthcare, technology and manufacturing industries. He was the CIO and CISO of Wells Fargo Business Payroll Services, and a Senior Group Manager at Target Corporation. He has first-hand experience of what happens to a business and its employees during a cybersecurity crisis, as it did to Target because of their 2013/2014 PCI data breach. When Bryce isn’t spending quality time with his wife and two young sons, he spends his weekends as a high-speed track driver and coach at venues across the USA. He has over 15 years of experience, and has driven cars as diverse as an 85 horsepower Saturn to a 650 horsepower Porsche 911 Turbo. He has had well over 100 students none of whom have died while under his instruction.

Tony Buffomante

Tony Buffomante is a Principal at KPMG and the US Lead for the firm's Cyber Security Services practice. Over the past 22 years, he has managed and executed cyber security assessments, strategies and implementations for some of the largest, most complex global organizations. Tony is a recognized industry leader in the IT Risk Management field, speaking at industry conferences and instructing training seminars.

Michael Daniel

Cybersecurity Advisor to President Barack Obama (2012 - 2016) & President, Cyber Threat Alliance

Michael Daniel draws from his post at the highest echelon of government to sound the alarm on the global security threats of the 21st century, revealing the necessary steps for managing your organization’s cyber risk.

From the attack on Sony Pictures Entertainment to the intrusion into the Office of Personnel Management and the Russian efforts to meddle in the U.S. electoral process, Michael Daniel has maintained a pivotal role leading the government’s response to the most prominent cyber incidents of our time. As cybersecurity coordinator to President Barack Obama, Michael led the nation’s cybersecurity strategy and policy efforts from 2012 to 2016.

Widely recognized as one of the world’s top cybersecurity experts, Michael specializes in managing cyber risk to critical infrastructure systems, such as financial services assets, electronic medical records and industrial control systems. As president of the newly formed nonprofit alliance, Cyber Threat Alliance, Michael leads a team of cybersecurity giants, such as Intel, Cisco and Symantec, to improve information sharing about cybercrime and other threats.

With proven strategies for identifying and alleviating threats, and responding to cyber incidents, Michael unveils key insights for safeguarding assets in an era of precarious digital disruption and connectivity. As attacks increase in sophistication and hackers prove more brazen each day, Michael’s authoritative outlook on the global security landscape and applicable action plans help business leaders avoid becoming the next breaking cyber news story.

Nicole Eagan


As Chief Executive Officer of Darktrace, Nicole Eagan has positioned the company as an international leader in cyber defense. Nicole was named ‘Woman of the Year’ at the 2016 Cyber Security Awards for successfully introducing disruptive machine learning technology to the global market. Her extensive career as a technology executive includes over 25 years of commercial and marketing experience. An expert in developing and executing strategies for high-growth businesses, Nicole helped Darktrace secure $65 million in Series C funding from KKR and led the company to 600% year-on-year growth. Under her leadership, Darktrace’s innovative approach to cyber security has won over 50 awards, including World Economic Forum Technology Pioneer. The company is headquartered in San Francisco, CA and Cambridge, England and now has more than 400 employees working across 24 countries.

Laszlo Gonc

Laszlo is a recognized senior executive with over twenty-five years of progressive experience in business and information technology. He is responsible for helping organizations, corporate and non-profit alike, navigate the digital frontier advising on cyber security, IT risk mitigation, and building digital technology strategies that drive performance and business value. He has experience across a number of industries advising senior executives, developing security strategies, evaluating IT risk and spearheading critical security projects for senior leadership.

A member of Infragard, ISSA and ISACA, he serves as Chair of the Project Management Institute (PMI) Executive Council, Executive Vice President for the Chicago chapter of the Association of Information Technology Professionals (AITP) as well as the boards of Society for Information Management (SIM) and Illinois Technology Foundation (ITF). In early 2016, he helped form the SIM national Cybersecurity SIG for senior technology leaders and continues to serve as Programming Lead.

He is an invited guest speaker at professional associations, industry conferences and universities providing thought leadership on the state of cyber security, mitigating technology risk, and implementing project management best practices.

Laszlo holds a Bachelor of Science Commerce degree in Operations Management from DePaul University and is a certified CISSP security professional.

Karl Gumtow

Karl Gumtow is Chief Executive Officer and founder of CyberPoint International, a cyber security company delivering innovative, leading-edge products, solutions, and services to customers worldwide. One of CyberPoint’s missions is identifying promising global technologies and bringing them to the US market. Karl has worked for more than two decades at all levels of the commercial and US Government security communities. He is known for his deep technical expertise in cyber security and his record of leading organizations though complex, challenging, and mission-critical problems in this rapidly evolving field. Before founding CyberPoint, Karl directed large engineering organizations, led programs and initiatives related to security technologies, and developed innovative business strategies for both large and small enterprises. Karl is equally committed to corporate social responsibility. From pioneering new ways to help school children learn about technology, to sharing his time and expertise with government and business leaders, CyberPoint is always looking for opportunities to give back to the community. Karl holds a Master of Science in Electrical Engineering (MSEE) from the Johns Hopkins University and a Bachelor of Science in Electrical Engineering (BSEE) from George Washington University.

Blake Holman

Blake Holman is currently Chief Information Officer and HIPAA Security Officer at St. David’s Foundation in Austin, Texas, a position he has held since September, 2015. Prior to St. David’s Foundation, Blake served as Sr. Vice President and Chief Information Officer at Ryan, LLC in Dallas, Texas. Blake has over 25 years of experience leading Information Technology Strategy, Development and Operations for several public and private companies in the Consulting, Telecommunications and Financial Services industries. Blake holds a Bachelor of Science degree in Mechanical Engineering from Southern Methodist University, and a Strategic IT Management Certificate from the Scandinavian International Management Institute in Copenhagen, Denmark. Blake is currently working on a Master of Science degree in Information Security and Assurance at Western Governor’s University. Blake holds a number of industry certifications including CEH, CHFI, C-CISO, CISM and CISSP. In 2011 and 2012, Blake’s efforts were recognized in the InformationWeek 500 listing of the most innovative business technology companies in the United States. In 2011, Ryan was ranked 130th, and in 2012, Ryan's ranking rose to 98th. In both cases, Ryan was the highest ranked corporate tax services firm on the list. In December 2012, Blake was named by Computerworld magazine as one of its 2013 "Premier 100 IT Leaders.” The Computerworld Premier 100 IT recognition is an international lifetime award that shines a spotlight on technology and business leaders from a broad range of organizations. Outside the world of technology, Blake is a retired Rugby player, enjoys supporting his Rugby Club and the sport of Rugby at every available opportunity.

Chris Johnson

Chris has more than a decade of experience in IT services and web development. Chris specializes in helping Small to mid-size businesses make strategic IT decisions and technology implementations that improve their cyber-security posture by lowering their risk and exposure in an ever evolving threat landscape. Because of his dual comfort zones of knowing IT “bits and bytes, speeds and feeds,” as well as being able to deliver strategic counsel for how technology can protect and secure their business, makes Chris an invaluable resource to their business. A thought leader in his industry, Johnson is the Ex-Officio chairperson of the CompTIA Security Community and an active CompTIA Ambassador. In these roles, he champions the abilities of managed services providers seeking to develop a book of business that focuses on cybersecurity. His work focuses on the knowledge transfer that must occur for an MSP to transition to MSSP. This “group within a group” of MSPs is a thriving community of practice because of Johnson’s day-to-day involvement, his insights and support and his real-world experience earned in the trenches as he assists MSPs across the United States.

Diana Kelley

Chief Security Advisor, SecurityCurve Diana Kelley is a cybersecurity thought leader and co-founder of SecurityCurve. She was Global Executive Security Advisor at IBM and managed the IBM Security Research Community Newsroom. Diana leverages her 25+ years of risk and security experience to provide guidance to CSOs and CISOs at some of the world’s largest companies. At IBM Diana contributed to X-Force Research and was lead author of IBM’s “5 Indisputable Facts about IoT Security.” Before joining IBM Diana was a VP at Burton Group, GM at Symantec and Manager at KPMG. Diana is a faculty member with IANS Research, a Mentor at CyberSecurity Factory and a guest lecturer at Boston College’s Master of Science in Cybersecurity program. She was an IEEE “Rock Star of Risk” and appears frequently in media as a cybersecurity expert. She co-authored the book Cryptographic Libraries for Developers.

Bob Reny

Bob Reny has been working in Information Technology for 23 years. He is a Certified Information Systems Security Professional (CISSP) and has been for almost 17 years. His diverse background in IT and then IT security started in the United States Air Force. Bob then moved to network security auditing for many large Commercial and several Federal customers. A broad base of experience covering firewalls, Intrusion protection, cryptography, large authentication systems, and network access control ensures he is an active participant in best of bread security discussion, design, and auditing. Recently Bob Reny helped provide design and IT security services for the Republican and Democrat National Conventions, helping to ensure the high level of Internet of Things (IoT), Guest users, and data communications were secured for attendees to both conventions. Bob’s understanding in current trends including IoT, Software Defined Networks(SDN), and the evolving threats to the enterprise ensure customers sensitive data remains protected.

James Routh

Jim Routh is the Chief Security Officer and leads the Global Security function for Aetna. He is the Chairman of the NH-ISAC Board. He serves on the Board of the National Cyber Security Alliance and is a member of the Advisory Board of the ClearSky Security Fund. He is on the Advisory Committee for the UC Berkeley Center for Long-Term Cybersecurity. He previously served as a Board member of the FS-ISAC and led several committees and working groups. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express and has over 30 years of experience in information technology and information security as a practitioner, management consultant and leader of technology, analytic and information security functions for global firms. Jim is the winner of the 2016 Security Alliance Award for Innovation, 2016 ISE Luminary Leadership Award, the Northeast and the 2014 North American Information Security Executive of the Year for Healthcare, the 2009 BITS Leadership Award for outstanding leadership of the Supply Chain Working Group sponsored by the financial industry in collaboration with NIST and the Department of Treasury. He was the 2007 Information Security Executive of the Year for the Northeast. He is a widely recognized expert in designing innovative controls using early stage technology companies that improve risk management while also being cost effective.

Caren Shiozaki

Caren Shiozaki is Executive Vice President and Chief Information Officer for TMST, Inc., a mortgage company based in Santa Fe, NM. The company is currently in Chapter 11. Due to the company’s circumstance, in addition to the usual CIO duties she focuses on cybersecurity, risk management, and information governance. She is responsible for litigation support projects involving large scale data management and forensic data analysis. Prior to TMST, Ms. Shiozaki was Vice President and CIO for Belo Corp, one of the nation’s largest media companies with a diversified group of market-leading television, newspaper, cable and interactive media assets headquartered in Dallas, TX. She has extensive experience in both technologies and business roles at American Express and Bank of America. Ms Shiozaki is Vice Chair of the SIM National Board of Directors, and is a member of the Dallas and Arizona chapters. She is the founder of SIM’s national Cybersecurity Special Interest Group. She holds ISACA’s CGEIT certification, and is also a certified e-Discovery Specialist.

Sponsors





Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.




Developing and Connecting Cybersecurity Leaders Globally. ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

Women in Security
Creating Leaders Together. ISSA WIS IG embraces a spirit of collaboraton within its organization and throughout the industry. We collaborate with organizations to provide leadership programs and services, and challenge these ompanies to create ybersecurity-oriented professional advancement opportunities for women.




Automatically see, prioritize and act on cyber threats with NormShield. NormShield Cloud integrates robust cyber security tools into one cloud platform: unified vulnerability management, cyber threat intelligence, security operations 360o, and a risk scorecard for security executives. Data is automatically orchestrated in real-time to identify the highest risks for rapid remediation.




SIM is the only national professional network that connects senior-level IT leaders with peers in their communities — providing valuable opportunities for knowledge sharing, professional development, collaboration, and career advancement. The strength of the SIM Organization is built around its Local Chapters to create a rewarding membership experience for all members. With 40 Chapters, members can participate in these local communities for knowledge sharing and networking.




ForeScout Technologies is transforming security through visibility, providing agentless visibility and control of traditional and IoT devices the instant they connect to the network. Our technology works with disparate security tools to help accelerate incident response, break down silos, automate workflows and optimize existing investments. See devices. Control them. Orchestrate multivendor response. Learn how at www.forescout.com.




Founded 1991, onShore Security provides security-as-a-service real-time monitoring, correlation and analysis of organization-wide network data, from packet captures to logs, to achieve an end-to-end security view we call Panoptic Cyberdefense. Specializing in banking, onShore acts as a Security Operations Center and plays a critical role with our Cybersecurity Leadership consulting.