Saturday, October 21, 2017
For Early Arriving Attendees and Their Guests


4:30pm - 8:00pm

Evening Reception, Sunset Dinner Cruise and beach music on the Intracoastal Waterway.

A complimentary luxury motor coach will transport our guests round-trip to the boat

(based on availability as space is limited. 21 years and older)

Sunday, October 22, 2017


8:00am - 1:00pm

Golf at Tiburón Golf Course, Home of PGA Tour’s Franklin Templeton Shootout.

Tennis at the Ritz-Carlton Resort

Everglades Excursions Airboat Tour

7:00pm - 9:00pm
Opening Welcome Reception, Chef’s Gourmet Dinner and Beach Music
Complimentary for Our Attendees and Their Guest  (21 years & older)

Monday, October 23, 2017

7:30am - 8:30am

8:30am - 8:40am

Registration Opens with a Breakfast Buffet and Networking in the Sponsor Pavilion

Transition to Main Ballroom

Welcome and Opening Remarks

Mary Lou Heastings
Executive Alliance Inc.
Richard Warner
Symposium Moderator

9:00am - 9:30am

Morning Keynote - State of the Industry

9:30am - 10:00am

A Risk-based Approach to Protecting Information in the Cloud – Achieving Visibility and Control Across the Apps, Users and Data

Today’s question is “how are you going to ensure employees make appropriate use of and interact safely with applications from cloud service providers?” Cloud governance, visibility and control are critical issues as for many organizations, cloud strategy still lags cloud use.  This session will focus on cloud ownership and risk acceptance, and will closely look at the two things you still have control over, and certainly accountability for — the people and the data.

10:00am - 10:40am
Take a Break!  Coffee and Networking with Your Peers
10:40am -11:10am

The Expanding Footprint of Responsibilities

Alex Cunningham.png
Alex Cunningham
Chief Information Security Officer
Commonwealth Financial Network
Julie Porro.png
Julie Porro
Chief Information Security Officer
JetBlue Airways Corp.
New York


In this interview session, Alex Cunningham, CISO of Commonwealth Financial Network, and Julie Porro, CISO of JetBlue Airways, will discuss  their new roles and responsibilities they are taking on in information security and the impact to their companies,  and looking into the future, what expectations they are setting for the leadership role they hold.

With over $1 billion in revenues, Commonwealth Financial Network is a privately held independent broker/dealer based in Waltham, Massachusetts and San Diego, California.

JetBlue Airways is an American low-cost carrier and the 6th-largest airline in the United States with revenues of over $6 billion. The airline is headquartered in Long Island City, New York City.


11:10am -11:30am
Innovation in Information Security

As security continues to evolve at a torrid pace, organizations are seeking answers to help remove complexity and to provide the ability to better understand the threat landscape.  This session will focus on insights into what executives are thinking in terms of bringing innovation into their organizations.


11:30am -11:55am
Re-Evaluating Data Protection Strategies
Susan Koski.png
Susan Koski
Chief Data Protection Officer
Aetna Inc.

Susan Koski, Chief Data Protection Officer at Aetna, will share her insights into changes that have been necessary in infrastructure and applications relative to data protection,  how the paradigm has shifted,  lessons learned to-date, and what she is considering for the future in terms of the impact of cloud and big data.

A Fortune 100 company with revenues of over $63 billion, Aetna Inc. is an American managed health care company, which sells traditional and consumer directed health care insurance plans and related services.

11:55am - 12:15pm

Trends, Drivers & Impacts

12:15pm - 1:30pm

Lunch and Networking in the Courtyard

1:30pm - 1:50pm

CIO Insights Into the Security Industry

In this session, CIOs will share their thoughts from discussions with their Boards and peers on what they believe the industry is facing and how they are leading their security organizations into the future

1:50pm - 3:00pm

Executive Roundtable Discussions with Debriefs

Peer-to-peer breakout sessions based on topics determined by attendees during registration.

Topic #1: Adaptive Security – Innovating for the Future

Gartner states that the intelligent digital mesh (people, devices, content and services), and related digital technology platforms and application architectures create an ever-more-complex world for security. The continuing evolution of the "hacker industry" and its use of increasingly sophisticated tools — including the same advanced technologies available to enterprises — significantly increase the threat potential. Relying on perimeter defense and rule-based security is inadequate and outdated, and organizations will need security-aware application design, application self-protection, user and entity behavior analytics, API protection, and specific tools and techniques to address IoT and intelligent app/thing vulnerabilities.

In this roundtable, discuss with your peers:

  1. Discuss the technologies you are using or researching in order to build a more adaptive environment.
  2. In terms of user and entity behavior analytics, where is your organization relative to profiling and baselining the activity of users, peer groups and other entities, such as endpoints, applications and networks?
  3. Discuss the use of technologies that enable application security self-testing, self-diagnostics and self-protection.
  4. What are the main obstacles you are running into in building an adaptive environment?
  5. Describe the strategy you are building (or would like to build) to move into technologies that allow for the adaptive environment.

Facilitated by:

Avishai Avivi
Vice President, Information Security
E*TRADE Financial Corporation

Topic #2: Creating a High-Performing Information Risk Management Program

Cyber security readiness continues to evolve at a rapid pace as changes in the threat landscape forces organizations to be more vigilant than ever before.  In turn, the evaluation and prioritization of risk has taken on more importance to the business in order to make the right decisions.  

In this roundtable, discuss with your peers:

  1. How has your organization matured relevant to risk identification?
  2. Describe how your organization has been able to move from a security operations and technology focus to a more holistic, organization-wide approach involving multiple levels of people, processes and technology.
  3. What are some of the changes in the role and scope of your risk management program and what new activities are occurring as a result of the changes?
  4. Discuss the use of leading versus trailing indicators in developing your risk model.
  5. In terms of working towards building a more mature model of information risk, what areas are you still lacking in, in order to achieve the results you need?
  6. Where are the areas of success you have seen in your ability to evaluate risk?
  7. What are the key factors you believe an organization must for their risk management program to be considered “high performing?”
Andy Kim.png

Facilitated by:

Andy Kim
VP, Director of Risk Management
Brown-Forman Corporation



Topic #3:  Employee Knowledge - The Facts of Security

Global spending on security awareness training for employees is predicted to reach $10 billion by 2027. A sampling of recent prediction articles report data breaches will become better targeted and cost more, hackers will find more avenues to access sensitive data, and ransomware will “spin out of control.” Faced with this hostile environment, how are organizations working with their employees to focus on securing against these threats? 

In this roundtable, discuss with your peers:

  1. How has your awareness training strategy changed as the exposure has increased?
  2. How are you overcoming the “noise” associated with security awareness training so that employees don’t tune out?
  3. Discuss the use of behavior analytics to deliver a more targeted training program at the individual level.
  4. What is your strategy in terms of security and privacy awareness training tailored specifically to executives?
  5. In terms of application security development, how is your organization dealing with IoT?
  6. What best practices have you implemented recently to prevent and detect risks that have proven to be extremely successful with your employees? How are you giving visibility to these successes?
  7. Where are there still gaps and why?
  8. In preparation for the future, where will your focus be in terms of security awareness?
Ans Claiborn.png

Facilitated by:

Ans Claiborn
Vice President, Information Security Management
State Street Corporation



Topic #4:  Security Analytics & Threat Intelligence - Leveraging the Knowledge

As security organizations have access to technologies that allow them greater insight, analysis, intelligence and forecasting capabilities, the focus now sharpens on how to detect and mitigate risks faster, and leverage the knowledge acquired.  

In this roundtable, discuss with your peers: 

  1. Describe your current framework for using security analytics today.
  2. What are the pain points or obstacles in the way to being able to pull intelligence out of the data you are gathering?
  3. Is there a dedicated group within your organization focused on the analytics? If not, how are you approaching building intelligence capabilities with your staff?
  4. In the lifecycle of security analytics (capture, detect in real-time, analysis, measure & remediate, prevent), what areas have you built strong capabilities and where do you need to focus?
  5. What is your vision for use of security analytics in the future?
David Anderson.png

Facilitated by:

David Anderson
Director, IS Security Operations
Adventist Health System



Topic #5:  Finding the Right Talent 

It’s no secret that finding, hiring, and retaining top cybersecurity talent is one of the biggest challenges for all security organizations. As today’s security environment will most likely become even more complex, how are you approaching hiring the right talent who can positively impact your organization?

In this roundtable, discuss with your peers:

  1. What are the key skills you believe someone must have to be successful in your organization and how has it changed from the past?
  2. What are the key traits that you believe will put someone on a leadership path in your organization?
  3. Cybersecurity roles are becoming more multidisciplinary and cross-functional.  Ideally, what type of experience is needed in a new hire for someone to be able to work with different functions in the enterprise—HR, legal, public relations, and marketing, as examples?
  4. In a MIT Technology Review survey, respondents said their organizations lack adequate forensics skills to lead so-called “hunt teams.”  These are people who can perform a Sherlock Holmes type of investigation around a breach or a compromise. What are your thoughts on how to acquire this type 1of talent?
  5. What type of methodology are you using to identify talent gaps for the future and what is your strategy for ensuring you can fill these gaps?
Wayne Washburn.png

Facilitated by:

Wayne Washburn
Director, IT Operations & Security
HSF Affiliates LLC



Topic #6:  Maturing the Discussions with the Board on Cyber Risk

As information on the challenges surrounding information security continues to gain traction with senior business leaders, security organizations need timely and actionable data to help reduce their company’s risk profile.  Access to information is moving a security organization from assuming a total technology defense posture to a risk-based approach.  Discussions being held at board levels have moved to a more mature conversation with the focus on risk and its impact to a company’s brand, customer and revenues.

In this roundtable, discuss with your peers:

  1. According a recent survey, 89% of board members said they are very involved in making cyber risk decisions and cyber risks were the highest priority for 26% of board members surveyed.  What is your feedback on the awareness and involvement of boards today?
  2. What are the key issues you feel boards are grappling with now?
  3. What are your comments on the main issues a board now needs to be aware of?
  4. What is your approach, relative to using metrics, analytics, etc., in communicating information to the board for them to have the capabilities to look forward?
Wayne Hilt.png

Facilitated by:

Wayne Hilt
Managing Director, Cyber Security
NiSource Inc.



Topic #7:  The $191 Billion Cloud Market – Security and Compliance for the Future

With Forrester stating public cloud is in hypergrowth mode, with expectations of a $191 billion marketplace by 2020, organizations are being forced to rethink traditional and often manual IT controls to prove compliance.  With the many variables, including the cloud platform, the workload, access, and sensitivity of data, how does a security organization move into the future to secure, control, and validate?

In this roundtable, discuss with your peers:

  1. What has your organization done to improve confidence of compliance and protection in cloud development?
  2. Discuss how you are developing a comprehensive cloud-aware security plan.
  3. What are you doing to gain better visibility into your cloud environment?
  4. What are the key areas of your strategy that will take your organization to the next level?
  5. What are the gaps you still see in successfully leveraging the cloud environment and how do you expect to overcome them?
  6. Discuss how you are setting up your organization for the future to continue to leverage the cloud.
3:00pm - 3:15pm
Day One Wrap-Up
3:15pm - 6:00pm
Break - Free Time for Attendees
6:00pm - 7:30pm

Evening Cocktail Reception with Prize Drawings
Complimentary for Our Attendees and Their Guest  (21 years & older)


Tuesday, October 24, 2017

7:30am – 8:30am

Registration, Breakfast and Networking in the Sponsor Pavilion for Attendees