Saturday, October 21, 2017
For Early Arriving Attendees and Their Guests




4:30pm - 8:00pm

Evening Reception, Sunset Dinner Cruise and beach music on the Intracoastal Waterway.

A complimentary luxury motor coach will transport our guests round-trip to the boat

(based on availability as space is limited. 21 years and older)

Sunday, October 22, 2017


8:00am - 1:00pm

Golf at Tiburón Golf Course, Home of PGA Tour’s Franklin Templeton Shootout.

Tennis at the Ritz-Carlton Resort

Everglades Excursions Airboat Tour

7:00pm - 9:00pm
Opening Welcome Reception, Chef’s Dinner and Beach Music
Complimentary for Our Attendees and Their Guest  (21 years & older)

Monday, October 23, 2017

7:30am - 8:30am

8:30am - 8:40am

8:40am - 9:00am

Registration Opens with a Breakfast Buffet and Networking in the Sponsor Pavilion

Transition to Main Ballroom

Welcome and Opening Remarks

Mary Lou Heastings
Executive Alliance Inc.
Richard Warner
Symposium Moderator

9:00am - 9:30am

State of the Industry

Sanju Misra

Chief Information Security Officer

Praxair, Inc.


Gene Scriven

Chief Information Security Officer

ACI Worldwide, Inc.


In this opening session, Sanju Misra, CISO of Praxair and Gene Scriven, CISO of ACI Worldwide, will provide their insights into the comparison of past years to today’s security industry, the biggest hurdles that have been hard to overcome from a security perspective, the biggest successes that the security industry overall has accomplished, what CISOs need to focus on as they think about the future, and in terms of the future, what the biggest gaps are that the industry needs to focus on. 

Praxair, Inc. is an American worldwide industrial gases company. It is the largest industrial gases company in North and South America, and the third-largest worldwide by revenue. 

With revenues of over $1 billion, ACI Worldwide is a payment systems company with products and services designed to facilitate electronic payments and are used principally by financial institutions, retailers and electronic payment processors.


9:30am - 10:00am

CASB 2.0: Safely Adopt Cloud Apps with Integrated Cloud Security


Deena Thomchick

Senior Director Cloud Security

Symantec, Platinum Sponsor


Chances are employees within your organization are already using hundreds of cloud apps and services, even if IT is not in the loop. In addition, core business software is aggressively migrating to cloud-based models – including human resources, sales, marketing, finance and just about every functional part of the company. The rapid adoption of cloud applications and services has fueled the need for new security solutions, including Cloud Access Security Brokers (CASBs). What do you get with a CASB and how do these CASB systems weave into your overall security infrastructure? There are many intersections to consider, such as DLP, Advanced Malware Protection, Web Security and Endpoint where organizations are navigating how to best integrate cloud security solutions into their environment to improve security and reduce operational overhead.  

10:00am - 10:40am
Take a Break!  Coffee and Networking with Your Peers
10:40am -11:10am

The Expanding Footprint of Responsibilities

Alex Cunningham.png
Alex Cunningham
Chief Information Security Officer
Commonwealth Financial Network
Julie Porro.png
Julie Porro
Chief Information Security Officer
JetBlue Airways Corp.


In this interview session, Alex Cunningham, CISO of Commonwealth Financial Network, and Julie Porro, CISO of JetBlue Airways, will discuss  their new roles and responsibilities they are taking on in information security and the impact to their companies,  and looking into the future, what expectations they are setting for the leadership role they hold.

With over $1 billion in revenues, Commonwealth Financial Network is a privately held independent broker/dealer based in Waltham, Massachusetts and San Diego, California.

JetBlue Airways is an American low-cost carrier and the 6th-largest airline in the United States with revenues of over $6 billion. The airline is headquartered in Long Island City, New York City.


11:10am -11:40am

Practical Insider Threat


David Pogemiller

Vice President of Strategy   

Forcepoint, Platinum Sponsor


Organizations face increasingly asymmetric and unprecedented risks from insiders — employees and others who have valid access to enterprise networks and knowledge. In response, they are working to put in place pragmatic and impactful programs that protect the organization, its people and its customers. In this session, David will review who insiders are, discuss a framework for understanding how a “good” insider could turn “bad”, and walk through how to implement a practical insider threat program including best practices for prioritization (hint: it’s not all about malicious actors), identification and mitigation.

Learning Outcomes

  • Learn who insiders are, common personas, and the risks to your organization, its employees, and customers.
  • Learn how to identify internal threats with continuous monitoring
  • Learn a behavioral framework for thinking through how “good” employees may turn “bad”
  • Learn how technology, including the dark web, directly impacts an insider’s mindset, behaviors, and capabilities thereby creating unprecedented risk.
  • Take away several ideas and best practices for putting in place an effective insider threat program to help mitigate the insider risk


11:40am -12:05pm
Re-Evaluating Data Protection Strategies
Susan Koski

SVP, Security Operations

PNC Bank


Susan Koski, Senior Vice President at PNC Bank, will share her insights into changes that have been necessary in infrastructure and applications relative to data protection,  how the paradigm has shifted,  lessons learned to-date, and what she is considering for the future in terms of the impact of cloud and big data.

12:05pm -12:35pm

Privileged Attack Vectors - Building Effective Defense Strategies to Protect Organizations


Morey Haber

VP of Technology

BeyondTrust, Gold Sponsor


Cyber-attacks continue to increase in volume and sophistication. As a result, data breaches are no longer surprising or even news worthy. It’s not a matter of if, but a matter of when you will be successfully breached. This session will provide a comprehensive view of how privileges, passwords, and vulnerabilities are being leveraged as attack vectors and how you can properly take measurable steps to defend against them.

12:35pm - 1:40pm

Lunch and Networking in the Courtyard

1:40pm - 2:10pm

Talking Cars – A Privacy by Design Case Study 10 Years in the Making


Ed Adams

Distinguished Research Fellow at The Ponemon Institute

Co-founder and Chairman of OnBoard Security, Inc.

President and CEO of Security Innovation, Inc., Silver Sponsor


A fascinating topic for our attendees over the last two years, Ed Adams, CEO of Security Innovation, will provide the latest update on talking cars. Within 5 years, all cars manufactured in the US will carry Vehicle-to-Vehicle (V2V) equipment to broadcast their speed and location constantly. This mandate from the Department of Transportation is a safety of life program. V2V will sense hazards, alert drivers, and is estimated to save thousands of lives each year.  But these safety benefits carry serious concerns about security and privacy.  This presentation will discuss how the system designers used Privacy by Design to protect driver privacy. Moreover, we will discuss specific software security threats and the V2V certification management system, the largest ever conceived. Particular attention will be paid to the privacy concerns program inventors have dealt with over the past 10 years while planning this 50,000,000-unit IoT system.


2:10pm - 3:10pm

Executive Roundtable Discussions with Debriefs

Peer-to-peer breakout sessions based on topics determined by attendees during registration.

Topic #1: Adaptive Security – Innovating for the Future

Gartner states that the intelligent digital mesh (people, devices, content and services), and related digital technology platforms and application architectures create an ever-more-complex world for security. The continuing evolution of the "hacker industry" and its use of increasingly sophisticated tools — including the same advanced technologies available to enterprises — significantly increase the threat potential. Relying on perimeter defense and rule-based security is inadequate and outdated, and organizations will need security-aware application design, application self-protection, user and entity behavior analytics, API protection, and specific tools and techniques to address IoT and intelligent app/thing vulnerabilities.

In this roundtable, discuss with your peers:

  1. Discuss the technologies you are using or researching in order to build a more adaptive environment.
  2. In terms of user and entity behavior analytics, where is your organization relative to profiling and baselining the activity of users, peer groups and other entities, such as endpoints, applications and networks?
  3. Discuss the use of technologies that enable application security self-testing, self-diagnostics and self-protection.
  4. What are the main obstacles you are running into in building an adaptive environment?
  5. Describe the strategy you are building (or would like to build) to move into technologies that allow for the adaptive environment.

Facilitated by:

Avishai Avivi
Vice President, Information Security
E*TRADE Financial Corporation

Topic #2: Creating a High-Performing Information Risk Management Program

Cyber security readiness continues to evolve at a rapid pace as changes in the threat landscape forces organizations to be more vigilant than ever before.  In turn, the evaluation and prioritization of risk has taken on more importance to the business in order to make the right decisions.  

In this roundtable, discuss with your peers:

  1. How has your organization matured relevant to risk identification?
  2. Describe how your organization has been able to move from a security operations and technology focus to a more holistic, organization-wide approach involving multiple levels of people, processes and technology.
  3. What are some of the changes in the role and scope of your risk management program and what new activities are occurring as a result of the changes?
  4. Discuss the use of leading versus trailing indicators in developing your risk model.
  5. In terms of working towards building a more mature model of information risk, what areas are you still lacking in, in order to achieve the results you need?
  6. Where are the areas of success you have seen in your ability to evaluate risk?
  7. What are the key factors you believe an organization must consider for a risk management program to be “high performing?”


Topic #3:  Employee Knowledge - The Facts of Security

Global spending on security awareness training for employees is predicted to reach $10 billion by 2027. A sampling of recent prediction articles report data breaches will become better targeted and cost more, hackers will find more avenues to access sensitive data, and ransomware will “spin out of control.” Faced with this hostile environment, how are organizations working with their employees to focus on securing against these threats? 

In this roundtable, discuss with your peers:

  1. How has your awareness training strategy changed as the exposure has increased?
  2. How are you overcoming the “noise” associated with security awareness training so that employees don’t tune out?
  3. Discuss the use of behavior analytics to deliver a more targeted training program at the individual level.
  4. What is your strategy in terms of security and privacy awareness training tailored specifically to executives?
  5. In terms of application security development, how is your organization dealing with IoT?
  6. What best practices have you implemented recently to prevent and detect risks that have proven to be extremely successful with your employees? How are you giving visibility to these successes?
  7. Where are there still gaps and why?
  8. In preparation for the future, where will your focus be in terms of security awareness?
Ans Claiborn.png

Facilitated by:

Ans Claiborn
Vice President, Information Security Management
State Street Corporation



Topic #4: Governance and the Cloud – Strategies for Confidence

As organizations continue to move data to the cloud, major challenges still exist.  Privacy, confidentiality, availability, integrity and security of data across private and public clouds all have to be taken into consideration as organizations look to achieve potential cost savings and increased productivity. 

In this roundtable, discuss with your peers:

  1. What has your organization done to improve confidence of governance and protection in cloud development?
  2. How will you align your information security programs to enable future business growth that leverages the cloud?
  3. What are the key areas of our strategy that will take your organization to the next level?
  4. What are the gaps you still see in successfully leveraging the cloud environment and how do you expect to overcome them?

Facilitated by:

Liz Johnson

Vice President, Chief Risk and Compliance Officer

The Christ Hospital



Topic #5:  Finding the Right Talent 

It’s no secret that finding, hiring, and retaining top cybersecurity talent is one of the biggest challenges for all security organizations. As today’s security environment will most likely become even more complex, how are you approaching hiring the right talent who can positively impact your organization?

In this roundtable, discuss with your peers:

  1. What are the key skills you believe someone must have to be successful in your organization and how has it changed from the past?
  2. What are the key traits that you believe will put someone on a leadership path in your organization?
  3. Cybersecurity roles are becoming more multidisciplinary and cross-functional.  Ideally, what type of experience is needed in a new hire for someone to be able to work with different functions in the enterprise—HR, legal, public relations, and marketing, as examples?
  4. In a MIT Technology Review survey, respondents said their organizations lack adequate forensics skills to lead so-called “hunt teams.”  These are people who can perform a Sherlock Holmes type of investigation around a breach or a compromise. What are your thoughts on how to acquire this type 1of talent?
  5. What type of methodology are you using to identify talent gaps for the future and what is your strategy for ensuring you can fill these gaps?
Wayne Washburn.png

Facilitated by:

Wayne Washburn
Director, IT Operations & Security
HSF Affiliates LLC



Topic #6: How do we discuss cyber risk with corporate leadership?

As information on the challenges surrounding information security continues to gain traction with senior business leaders, security organizations need timely and actionable data to help reduce their company’s risk profile.  Access to information is moving a security organization from assuming a total technology defense posture to a risk-based approach.  Discussions being held at corporate leadership levels have moved to a more mature conversation with the focus on risk and its impact to a company’s brand, customer and revenues.

In this roundtable, discuss with your peers:

  1. According a recent survey, senior leadership said they are very involved in making cyber risk decisions and cyber risks were the highest priority for many of the members surveyed. What is your feedback on the awareness and involvement of senior leadership today?
  2. What are the key issues you feel your leadership and boards are grappling with now?
  3. What are your comments on the main issues senior leadership now needs to be aware of?
  4. What is your approach, relative to using metrics, analytics, etc., in communicating information to the senior leadership for them to have the capabilities to look forward?

Facilitated by:

Richard Rosano

SVP, Critical Infrastructure Protection

EXCEL Services 



Topic #7:  The $191 Billion Cloud Market – Security and Compliance for the Future

With Forrester stating public cloud is in hypergrowth mode, with expectations of a $191 billion marketplace by 2020, organizations are being forced to rethink traditional and often manual IT controls to prove compliance.  With the many variables, including the cloud platform, the workload, access, and sensitivity of data, how does a security organization move into the future to secure, control, and validate?

In this roundtable, discuss with your peers:

  1. What has your organization done to improve confidence of compliance and protection in cloud development?
  2. Discuss how you are developing a comprehensive cloud-aware security plan.
  3. What are you doing to gain better visibility into your cloud environment?
  4. What are the key areas of your strategy that will take your organization to the next level?
  5. What are the gaps you still see in successfully leveraging the cloud environment and how do you expect to overcome them?
  6. Discuss how you are setting up your organization for the future to continue to leverage the cloud. 

Facilitated by:

Howard Miller


Columbia University Business School

3:10pm - 3:15pm
Day One Wrap-Up
3:15pm - 6:00pm
Break - Free Time for Attendees
6:00pm - 7:30pm

Evening Cocktail Reception with Prize Drawings
Complimentary for Our Attendees and Their Guest  (21 years & older)


Tuesday, October 24, 2017

8:00am – 9:00am

Breakfast and Networking in the Sponsor Pavilion for Attendees