The Security Leaders Summit New York Spring was held on Thursday, April 14, 2016 at the Hilton Midtown. The Summit brought together a community of senior IT executives for engaging peer-level interaction, discussions on new approaches to managing complexities in Information Security, and provided opportunities to collaborate with leaders in the industry. Throughout the day, the Summit Hosts, representing companies across a diversity of industries and sizes, shared their insights and knowledge with the distinguished group of attendees through their presentations, interviews and breakout roundtable discussions.
In the morning keynote, Shawn Banerji with Information Officers and FinTech Practices, Global Technology Sectorat Russell Reynolds, an executive leadership and search firm, delved into the role of the CISO moving forward and trends in compensation packages. Shawn highlighted cyber risk has become the #1 risk for most companies and boards and this is one of the leading indicators for increased responsibilities in a security organization and associated compensation. Emerging roles discussed included: Business Line Information Security Officer, Head of 3rd Party/Vendor Risk & Compliance, Head of Insider Threat, Regional Information Security Officers and Head of Product Security (IoT). With the new responsibilities and roles, HR teams are having to break with standards to accommodate highly sought after information security executives, who in many cases require compensation increases of 25% or more. Compensations are now running at $1.5+ million for CISOs at Fortune 500 companies and on average in the $300k – $750k range for senior security executives at medium to large organizations. For more information on Shawn’s presentation, please reach out to him directly at Shawn.Banerji@russellreynolds.com
In the executive briefing on “The Speed Of Business Is Breaking Security – Automate Or Die,” Mark Aklian, Cloud Security Evangelist for CloudPassage, Silver Sponsor,received very positive feedback from the attendee survey results on his insights into how to align security with the speed of modern IT. Download the presentation
With Richard Warner, Summit Emcee as the interview moderator for the session, “Conversations with Execs in the Corner Office,” David Hahn, CISO at the Hearst Corporation and John Masserini, CISO at MIAX Options,discussed how their own organizations are building trust across their companies, their need to move forward in helping to impact revenue, and the ongoing conversations they are holding with their teams focused much more on strategic versus tactical issues.
In the presentation, “The Industry Need for Cloud Generation Security,” Bradon Rogers, Senior Vice President, Product Strategy and Operations at Blue Coat Systems, Platinum Sponsor, shared insights into challenges dealing with the infrastructure used by attackers to gain information and the rise of encrypted traffic, which is now considered common ground for both the good and the bad guys. For ensuring safe passage of data to the cloud, Bradon highlighted the need to ensure control over the evolving network and protection of next-generation endpoints through device agnostic protection.Download the presentation
During the morning break, attendees and Summit sponsors had the chance to continue their conversations from the morning sessions.
In the session, “Securing Rogue File Sharing – Your Most Vulnerable Data Leak Threat Vector,” David Hart,Enterprise Account Sales with Accellion, Gold Sponsor,presented their research findings and best practices on the latest advancements in secure file sharing and collaboration, the ability to provide security without compromising productivity and how to leverage investments in existing content systems.
In a facilitated interview session, “Business Technologies for the Future,” with Joel Rosenblatt, Director, Computer & Network Security at Columbia University and Darin Mastricola, Vice President, of IT Security and Complianceat Endurance Specialty Holdings Ltd., discussions focused on the evaluation of their current arsenal of technology tools, the technologies they believe are the most successful in what they do to protect your business, their gaps and what is needed in the marketplace and technologies they think have promise for the future.
Neil Farquharson, Technology Evangelist for ZixCorp, Gold Sponsor presented on “Email Security.” Neil Farquharson shared insights into the latest and challenges they are seeing and how organizations are solving their most pressing secure email challenges.
During lunch, guests and sponsors had the opportunity to spend a relaxing hour meeting new people and catching up.
After lunch, the Summit kicked back into high gear with Nashira Layade, Executive Director, Privacy & Information Security at Time Warner, discussing the most critical areas of her organization where she needs to be innovative and what is driving the need, her strategies for building capabilities for an agile infrastructure, the most difficult obstacles in her way to being innovative and what are going to be the key factors to her success in the future.
Brian Henger, Regional Vice President of Malwarebytes, Gold Sponsor, presented on “Psychological Warfare: How Cyber Criminals Mess With People’s Minds.” Brian shared insights into how cyber criminals are now investing more time and resources in advertising and psychology than technologies to gain access to data, the underlying social engineering tactics to gain access and solutions to consider to protect against these tactics.
The Executive Roundtables received excellent feedback from the Summit attendees, including “valuable peer-to-peer discussions,” and “great way to round out the afternoon.” The roundtables were facilitated by Dana Thurston-Nuzzo, SVP & Group Information Security Officerwith Citigroup, Mike Lamberg, VP & CISO with OpenLink Financial, LLC, John Michaels, CTO & CISO with Maxim Group, Joel Rosenblatt, Director of Computer & Network Security with Columbia University, Sarathi Yerra, Information Security Officer, with MFA Financial, Inc., James Cusick, CSO & Director of IT Operations, with Wolters Kluwer, CT Corporation, and Preetam Sirur, Senior Director, IT Risk & Security, with Standard & Poor’s Rating Services.
Download an example of one of the roundtable discussions facilitated by James Cusick, Chief Security Officer & Director IT Operations at Wolters Kluwer, CT Corporation, on the topic “Information Security & the Business – Changing the Conversation.”
In the final session of the day, Jeremy Major, Regional Sales Manager with OpenDNS, now part of Cisco,provided an executive briefing on “Security Beyond the Firewall.” Jeremy shared how today’s threats are stealthy and patient where a decade ago, firewalls and antivirus software were enough to protect against infiltration. In his briefing he highlighted how a security team can identify adversarial patterns once they’ve entered the network, insights into new attack techniques, and what security approaches can leverage data to prevent attacks before they happen.
During the afternoon reception, attendees and Summit sponsors had the opportunity to unwind, keep the conversations going and have fun with the prize drawings, include a drone, bose speakers, an Apple TV and gift cards.
Be sure to visit the photo gallery.
Platinum Sponsor Blue Coat Systems
Blue Coat empowers enterprises to safely and securely choose the best applications, services, devices, data sources, and content the world has to offer, so they can create, communicate, collaborate, innovate, execute, compete and win in their markets. Blue Coat has a long history of protecting organizations, their data and their employees and is the trusted brand to 15,000 customers worldwide, including 86 percent of the FORTUNE Global 500. With a robust portfolio of intellectual property anchored by more than 200 patents and patents pending, the company continues to drive innovations that assure business continuity, agility and governance. For additional information, please visit www.bluecoat.com.
• A new study from ESG describing the growth of encryption and strategies for protection. Read the report, “Network Encryption and its Impact on Network Security” to get the facts and figures about the nature of the threat and the actions you can take now to deepen your defenses.
Gold Sponsor Malwarebytes
Malwarebytes protects businesses against malicious threats that escape detection by traditional antivirus solutions. Malwarebytes Anti-Malware, the company’s flagship product, has a highly advanced heuristic detection engine that has removed more than five billion malicious threats from computers worldwide. SMBs and enterprise businesses worldwide trust Malwarebytes to protect their data. Founded in 2008, the company is headquartered in California with offices in Europe, and a global team of researchers and experts. For more information, please visit www.malwarebytes.com/business.
Download a copy of the Malwarebytes Research Brief: Operation Fingerprint to get a look into several Angler Exploit Kit malvertising campaigns.
Silver Sponsor CloudPassage
CloudPassage Halo® is the world’s leading agile security platform that empowers our customers to take full advantage of cloud infrastructure with the confidence that their critical business assets are protected. Halo delivers a comprehensive set of continuous security and compliance functions right where it counts — at the workload. Our platform orchestrates security on-demand, at any scale and works in any cloud or virtual infrastructure (private, public, hybrid or virtual data center). For more information, please visit www.cloudpassage.com or contact Larry Bianculli.
Bronze Sponsor Alert Logic
Alert Logic, the leader in security and compliance solutions for the cloud, provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Fully managed by a team of experts, the Alert Logic Security-as-a-Service solution provides network, system and web application protection immediately, wherever your IT infrastructure resides. Alert Logic partners with the leading cloud platforms and hosting providers to protect over 3,000 organizations worldwide. Built for cloud scale, our patented platform stores petabytes of data, analyzes over 450 million events and identifies over 60,000 security incidents each month, which are managed by our 24×7 Security Operations Center. Alert Logic, founded in 2002, is headquartered in Houston, Texas, with offices in Seattle, Dallas, Cardiff, Belfast and London. For more information, please visit www.alertlogic.com.
Bronze Sponsor Exabeam
Forcepoint safeguards users, data and networks against the most determined adversaries, from accidental or malicious insider threats to outside attackers, across the entire threat lifecycle. Forcepoint protects data everywhere – in the cloud, on the road, in the office – simplifying compliance and enabling better decision-making and more efficient remediation. Forcepoint empowers organizations to concentrate on what’s most important to them while automating routine security tasks. More than 22,000 organizations around the world rely on Forcepoint. Based in Austin, Texas, with worldwide sales, service, security laboratories and product development, Forcepoint is a joint venture of the Raytheon Company and Vista Equity Partners. For more information, please visit www.forcepoint.com or contact Shaun Stalker, Sr. Enterprise Account Manager, or Jason DeHanes, Enterprise Account Manager.
Thales e-Security is a leading global provider of trusted cryptographic solutions with a 40-year track record of protecting the world’s most sensitive applications and information. Thales solutions enhance privacy, trusted identities, and secure payments with certified, high performance encryption and digital signature technology for customers in a wide range of markets including financial services, high technology, manufacturing, and government. Thales e-Security has a worldwide support capability, with regional headquarters in the United States, United Kingdom, and Hong Kong. Please visit www.thales-esecurity.com.
Gold Sponsor Accellion
Accellion, Inc. provides secure access to enterprise content wherever it is stored to enable increased enterprise productivity and ensure data security and compliance. Accellion, Inc. is the leading provider of private cloud solutions offering enterprise organizations the scalability, flexibility, control and security to enable a global workforce with the tools they need to securely create, access and share information, wherever work takes them. Accellion solutions are used by more than 12 million users and 2,000 of the world’s leading corporations and government agencies including Procter & Gamble; Indiana University Health; Kaiser Permanente; Hogan Lovells; Bridgestone; Harvard University; US Securities and Exchange Commission; and NASA. For more information, please visit www.accellion.com or call 650-485-4300.
Gold Sponsor Zixcorp
ZixCorp is a leader in email data protection. ZixCorp offers industry-leading email encryption, a unique email DLP solution and an innovative email BYOD solution to meet your company’s data protection and compliance needs. ZixCorp is trusted by the nation’s most influential institutions in healthcare, finance and government for easy to use secure email solutions. ZixCorp is publicly traded on the Nasdaq Global Market under the symbol ZIXI, and its headquarters are in Dallas, Texas. For more information, please visit www.zixcorp.com or contact Andrew Verderame, Regional Sales Manager, 603-777-7112.
Silver Sponsor OpenDNS
OpenDNS is a leading provider of network security and DNS services, enabling the world to connect to the Internet with confidence on any device, anywhere, anytime. The Umbrella cloud-delivered network security service blocks advanced attacks, as well as malware, botnets and phishing threats regardless of port, protocol or application. Its predictive intelligence uses machine learning to automate protection against emergent threats before they can reach customers. OpenDNS protects all devices globally without hardware to install or software to maintain. For more information, please contact Jeremy Majors or visit www.opendns.com.
Whitepaper available: Automated Protection Against Advanced Attacks
Bronze Sponsor BeyondTrust
BeyondTrust is a global cyber security company that believes preventing data breaches requires the right visibility to enable control over internal and external risks. We give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Account Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your company goes. BeyondTrust’s security solutions are trusted by over 4,000 customers worldwide, including half of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com or contact Kevin McNally.
Bronze Sponsor Security Innovation
Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches — insecure software applications. For more than a decade, we’ve helped organizations build internal expertise, uncover critical vulnerabilities, and improve the process by which applications are built. The company’s solutions are based on the three pillars of a secure Software Development Lifecycle (SDLC), which feed into one another to create an ecosystem of repeatable, secure software development: Standards, Education, and Assessment. Our flagship products include TeamProfessor, the industry’s largest library of application security eLearning courses, and TeamMentor, “out of the box” secure development standards. For more information, please visit: www.securityinnovation.com
Wifi Sponsor Saint
SAINT Corporation, a global leader in network security, offers the SAINT security suite including integrated vulnerability assessment, penetration testing, compliance reporting, and configuration assessment. Examine your network with the SAINT vulnerability scanner, and expose where an attacker could breach your network. Go to a higher level of visibility with penetration testing tools and exploit the vulnerability to prove its existence without a doubt. SAINT can help to:
• Manage and reduce security risks to your enterprise
• Document compliance with government and industry regulations like PCI, NERC, HIPAA, SOX, FISMA, and with internal policies.
• Emulate potential attackers with the suite of exploit tools.
• Perform configuration audits with policies defined by FDCC & USGCB.
SAINT software is available to download, as a cloud service (SAINTCloud), or preloaded on an appliance (SAINTbox). The software includes enterprise functionality; customizable dashboards and data analysis; and a friendly interface. For more information, please visit www.saintcorporation.com.