infosecurity - iqpc corporate · infosecurity connect is a new exclusive event from worldwide...

March 6-8, 2017 • The Rancho Bernardo Inn, San Diego, CA www.infosecurityconnect.com

InfoSecurity

WHERE FINANCIAL CYBERSECURITY EXPERTS CONNECT

March 6-8, 2017 • The Rancho Bernardo Inn, San Diego, CA www.infosecurityconnect.com • 2InfoSecurity

WHAT IS INFOSECURITY CONNECT?InfoSecurity Connect is a new exclusive event from Worldwide Business Research (WBR) where senior cybersecurity executives from the financial services industry come together to discuss how to improve their cybersecurity and elevate their current information security programs and policies. The Summit also helps prequalify meetings with solution providers you want to learn from.

Attendance is by invitation-only and is strictly limited to 65 senior executives from some of North America’s top banks, credit unions, insurance and financial services organizations.

Let us give you the tools to stay safe!The financial services industry is the number one targeted sector by cyber criminals. Don’t let your company become the next headline. In its inaugural year, InfoSecurity Connect provides strategies and tactical guidelines for staying ahead of the FSI cybersecurity curve and keeping up with the ever-changing regulatory landscape.

We provide custom-made content and arranged networking that will set you up for success: Our mission is to make your job easier.

We look forward to welcoming you to San Diego!

Regards,

Kai Hahn Head of Production InfoSecurity Connect [email protected]


YOU’RE IN GREAT COMPANYTo ensure you receive the highest degree of specialized content, we’ve made InfoSecurity Connect an invitation-only gathering for the most senior level cybersecurity executives. Why? We want you to network with fellow executives whose problems are similar to yours and who’s insights will help protect your company.

You will be shaking hands and debating with CISOS, CSIRO, CRISO, CIOs, and VPs / Heads / Directors of:

· Information Security

· Cybersecurity

· Security Architecture

· Data protection

· Data privacy

· Data security

· IT Security

· Risk/Compliance

· Information protection

· Security technology and information

WBR Connect is a new division of WBR which focuses on bringing together the most senior-level executives for a by-invitation only gathering where they can share their actual business cases with other top executives and learn from a few selected solution providers about technologies that will aid them in their daily challenges. WBR Connect is a complement to our existing large scale conference business and serves as a sales platform for intimate business case sharing and gives us the opportunity to match senior executives with the solutions they need.

WBR - BUILDING RELATIONSHIPS ONE CONVERSATION AT A TIME.


WHAT MAKES THE EXPERIENCE UNIQUE?InfoSecurity Connect provides the right information in the right learning environment.

Panel Debates: Carefully selected topics that inspire controversy and generate passionate opinions from the participating speakers.

Workshops: Roll-up your sleeves and choose the topics that best fit your responsibilities from over 15 hands-on workshop sessions spread throughout the three days.

Facilitated Networking: Leveraging the valuable group of executives all in one place, we incorporate structured time in to your agenda to ensure you meet with the attendees you most want to.

TheFunStuff: There’s nothing like mixing business with pleasure, so we take full advantage of the beautiful setting to serve up spectacular social events for you and your fellow attendees to kick back and make the most of your time!

Keynote Presentations: Learn from senior-leadership representing the top financial organizations that deliver content relevant to your job function in a TED sytle format.

Roundtables: Informal discussions with your peers moderated by an industry expert. You choose the roundtable based on your interests and have actual conversations that produce actionable takeaways.

Consultative Business Meetings: An integral part of your agenda is the one-to-one consultative business meetings with leading solution providers. You choose who you want to meet based on the solutions your business needs. This unique aspect of InfoSecurity Connect serves to simplify and save you time for sourcing new cybersecurity solutions.


MEET OUR DISTINGUISHED SPEAKER FACULTY Frank Hsieh

SIRO - Asset Management BNY Mellon

Walt Czerminski Enterprise Information Security Officer (EISO) Brown Brother Harriman & Co

Peter DiSpirito Chief Information Security Officer Flushing Bank

Christopher Barber EVP and Chief Information Officer Commonwealth Business Bank

Ian Dawson Managing Director, Security Operational Assessment and Readiness Charles Schwab

Randal Behounek Vice President, Corporate Security, Third Party Risk Management, Bank of the West

Daniel Robbins Vice President, Information Security State Bank

George Goodlink Vice President, Information Security Manager Lake City Bank

Lucia Ziobro Section Chief, Federal Bureau of Investigation Cyber Division

Anne Marie Zettlemoyer Director, Information Security & Risk Management Capital One

Chuck Danley Cybersecurity and Information Assurance Thought Leader Independent Consultant


AGENDA-AT-A-GLANCE:

DAY ONE • March 6, 2017

DAY TWO • March 7, 2017

DAY THREE • March 8, 2017

12:00 CONFERENCE REGISTRATION

1:00 SPONSOR ORIENTATION

1:10 WELCOME REMARKS & DELEGATE ORIENTATION

1:15 CHAIR’S WELCOME & OPENING REMARKS

1:30 ICE BREAKER: Speed Business Card-Swap And Delegate Introductions

2:00 CASE STUDY: Integrating Security Practices Across Your Business

2:20 PANEL DISCUSSION: Exploring The Expanding Cybersecurity Landscape And How Your Strategy Must Shift In Response

7:35 BREAKFAST

8:35 CHAIR’S DAY TWO WELCOME

8:50 WORKSHOP: Ethical Hacking And Red-Teaming: “Own Thyself”

9:35 PRESENTATION: Staying Ahead of the Curve with the FFIEC Cyber Assessment Tool

9:55 NETWORKING BREAK

10:20 DELEGATE TO DELEGATE NETWORKING: BIRDS OF A FEATHER SESSION

10:55 BUSINESS MEETINGS | THINK TANK: Beware Of The ShapeShifters:KeepingUpWithAttackProfiles

11:30 BUSINESS MEETING | WORKSHOP: Risk Framework Capabilities And Maturity

12:00 NETWORKING LUNCH

1:15 ROUNDTABLES: Four static roundtables with 10 delegates each

7:35 BREAKFAST

8:35 CHAIR’S DAY THREE WELCOME

8:40 WORKSHOP: Incident Analysis And Response

9:25 PANEL DISCUSSION: The Bigger Picture - How Finance Can Continue To Evolve To Support Customers

9:55 PANEL DISCUSSION: Strategies For Board-Level Reporting

2:50 PANEL DISCUSSION: Managing The Expectations Of The Regulators

3:25 BUSINESS MEETING | WORKSHOP



4:55 ROUNDTABLES: Four static roundtables with 10 delegates each


6:35 BUSINESS MEETING | WORKSHOP: Where Is The Threat

7:05 COCKTAIL HOUR

8:05 DINNER FOR ALL GUESTS




3:50 KEYNOTE SESSION: Assessing The Cyber Threat Landscape

4:10 KEYNOTE SESSION by an Event Partner

4:30 PANEL DISCUSSION: Managing Third Party Service Provider Risk



6:15 COCKTAIL HOUR


10:30 BUSINESS MEETINGS | THINK TANK Project Management: Don’t Lose Track Of Your Valuable Data


11:40 BUSINESS MEETINGS | MENTORSHIP PROGRAM

12:15 BUSINESS MEETINGS | MENTORSHIP PROGRAM

12:45 CLOSING LUNCH


DAY ONE: PROTECTION Monday, March 6, 2017

12:00 CONFERENCE REGISTRATION OPENS

1:00 SPONSOR ORIENTATION

1:10 WELCOME REMARKS AND DELEGATE ORIENTATION

A brief welcome from the event organizer with an overview of the day’s sessions and activities.

1:15 CHAIR’S WELCOME AND OPENING REMARKS

1:30 ICE BREAKER: Speed Business Card-Swap and Delegate Introductions

Delegates have an opportunity to introduce themselves to one another in a “speed-dating” format. They are each given three questions to answer during the introduction and then move on to the next delegate.

2:00 CASE STUDY: Integrating Security Practices Across Your Business

More often than not, there’s a disconnect between IT security and the business end of an organization. Let’s put a stop to that! This session will cover:• Bridging the Information Security gap• Conversation about the importance of

protecting data• Getting the message out about employee

behavior• Seeking to participate in meetings or training• Presenting the facts, never speculation

Daniel Robbins, VP, Information Security, State Bank and Trust Company

2:20 PANEL DISCUSSION: Exploring The Expanding Cybersecurity Landscape And How Your Strategy Must Shift In Response

The infosec landscape is continuously in flux – from threats to regulations and even the constant stream of new software. Sometimes it feels impossible to keep up with the industry. We feel you. That’s what this panel will cover.• Expanding Cybersecurity awareness for

employees• Understanding the drivers for information

security and how much of those are risk-based • Phishing, phishing awareness, testing your

employees via targeted phishing campaigns, tools to enable the Information Security Staff to conduct in-house Phishing Testing, 3rd party phishing testing

• In-house vulnerability assessments Peter DiSpirito, Chief Information Security

Officer, Flushing Bank Walt Czerminski, Enterprise Information Security

Officer (EISO), Brown Brother Harriman & Co Chuck Danley, Cybersecurity and Information

Assurance Thought Leader, Independent Consultant

2:50 PANEL DISCUSSION: Managing The Expectations Of The Regulators

You’ve heard from the regulators, now what? This panel discussion delves deeper into how info security experts can balance the demands of their jobs and their business objectives with their compliance requirements. In day-to-day operational, we’re dealing with policy exceptions, decryption, projects and fielding escalations, etc. We need to talk about balance!• How are future and current regulatory

guidelines impacting your bottom line?• What does government policies, standards and

compliance mean to you?• Ensure you fully understand the standards for

vendor assessment Frank Hsieh, SIRO Asset Management, BNY Mellon Christopher Barber, EVP and Chief Information

Officer, Commonwealth Business Bank


DAY ONE: CONTINUED

3:25 BUSINESS MEETINGS

Concurrent with Business Meeting

30MIN WORKSHOP: Adapting Your Strategy To Prevent Data Loss



30MIN WORKSHOP: The A To Z Of Encryption


4:55 ROUNDTABLES 1. ROUNDTABLE : Discuss the Intersection Of

Cyber Crime And Law Enforcement Lucia Ziobro, Section Chief, Federal Bureau of

Investigation, Cyber Division 2. ROUNDTABLE : Putting Together An

EffectiveDisasterRecoveryPlan George Goodlink, Vice President, Information

Security Manager, Lake City Bank Other topics may include: Developing An Enterprise Risk Management

Team ConfigurationAndDataProtection:AreYou

Doing It Right? Making The Cloud Safe



30MIN WORKSHOP: Leverage Intelligence Collaboration Platforms



30MIN WORKSHOP: Where is The Threat?

Is the financial sector different than any other sector with respect to protecting its digital presence? Not really! The same methodologies are used to gain access. After that the application used may vary depending on the actual targeted information. There are several common behaviors that put everyone at risk. This session will cover the following: • Use of passwords instead of passphrases • Use of public WiFi • Charging portable devices can be risky • Relying on technology to protect

Chuck Danley, Cybersecurity and Information Assurance Thought Leader, Independent Consultant

7:05 COCKTAIL HOUR



DAY TWO: DETECTIONTuesday, March 7, 2017

7:30 BREAKFAST

8:35 CHAIR’S DAY TWO WELCOME

8:50 WORKSHOP: Ethical Hacking And Red-Teaming: “Own Thyself”

Whether you engage a third party to perform penetration testing, or you have an internal Red-Team diligently hacking your own environment, choosing your targets and objectives is key! In this workshop we will talk about some of the common pitfalls associated with penetration testing and red-team exercises as well as how to ensure that you get as much value out of these activities as possible. We will also demonstrate some real-world ethical hacking examples to illustrate some uncommon common-sense approaches to ensuring that you not only ask the right questions when determining what to test, but that you get the right answers!• Building a team to do that internal vs. third

parties• Blending ethical hacking with red team

and penetration testing as well as other initiatives

• Case study and walk through an ethical demonstration for end-to-end hacking

Ian Dawson, Managing Director, Security Operational Assessment & Readiness, Charles Schwab

9:35 PRESENTATION: Staying Ahead of the Curve with the FFIEC Cyber Assessment Tool

The goal of the presentation is to cover the FFIEC Cybersecurity Assessment Tool (CAT). One of the key talking points is identifying why the FFIEC created the tool, what are the components to the tool, and how a bank should use it. We’re covering how to use the tool to determine an inherent risk profile and how to grade your organization’s cybersecurity maturity.

The final talking point will be covering what to do with the information from the CAT.• Why did the FFIEC make the CAT and

what should my bank do with it?• Using the tool to determine my inherent

risk and cybersecurity maturity.• I used the tool, so now what do I do with

the information it is giving me? George Goodlink, Vice President,

Information Security Officer Manager, Lake City Bank


10:20 DELEGATE TO DELEGATE & SPONSOR TO SPONSOR NETWORKING: Birds Of A Feather Session



30MIN THINK TANK: Beware Of The Shape Shifters: Keeping Up WithAttackProfiles

The threat landscape is constantly changing. It seems like every day, there’s a new cyber villain to be aware of, a new vulnerability we didn’t even know existed. In this Think Tank we’re addressing the following questions: • What are the new vulnerabilities that

should be on every info sec leader’s radar?

• Are we updating and reacting accordingly to these shape-shifting hackers?

• How can we keep up? Ian Dawson, Managing Director, Security

Operational Assessment & Readiness, Charles Schwab


DAY TWO: CONTINUED



30MIN WORKSHOP: Risk Framework Capabilities And Maturity• Understanding Why It’s Important To Make

The Business Case• Discuss The Business Point Of View And The

Issues Around It• Talking About Framework As A Strategic

Initiative

12:00 NETWORKING LUNCH

1:15 ROUNDTABLES - Topics may include: Discussing Your Biggest Mistakes

Best Practices For Training

Information Security Service Management and How to Use it to Our Advantage

The Importance Of Timely Maintenance



30MIN WORKSHOP: End-Point Protection And Privileged Access Restriction



30MIN WORKSHOP: Disruptions And Innovation In Cloud Technologies


3:50 KEYNOTE: Assessing The Cyber Threat Landscape• Bridging the gap between public and private

sector IT intelligence and sharing of key cyber threat and vulnerability information

• Threat indicators and malware• Case studies

Lucia Ziobro, Section Chief, Federal Bureau of Investigation, Cyber Division

4:10 KEYNOTE: Managing An IT Audit Effectively

4:30 PANEL DISCUSSION: Managing Third Party Service Provider Risk

Develop a framework of assessment to measure data• Share PRI with multiple vendors and figuring

out how we get a hold around security capabilities who hold our data

• Best practices for reviews, onsite visits Randal Behounek, Vice President, Corporate

Security, Third Party Risk Management, Bank of the West



30MIN WORKSHOP: EffectivePhishing Tests



30MIN WORKSHOP: Closing Loopholes With An End To End Approach

6:15 COCKTAIL HOUR



DAY THREE: RESPONSE Wednesday, March 8, 2017

7:35 BREAKFAST

8:35 DAY THREE WELCOME

8:40 WORKSHOP: Incident Analysis And Response

According to a Forrester report, it can take 220 days to detect a cyber attack on your environment. There’s no such thing as a perfect defense. Instead, we must be pros at detecting, mitigating and acting on data breaches immediately. This workshop will lay strategies for accelerated incident response time and effective analysis. • Key metrics for time to awareness • Develop a response plan for a breach

Anne Marie Zettlemoyer, Director, Information Security & Risk Management, Capital One

9:25 PANEL DISCUSSION: The Bigger Picture - How Finance Can Continue To Evolve To Support Customers

Customers are our livelihood. They’re the reason we’re doing all of this! So let’s make sure that we’re adapting as an industry to meet the needs of our customers. We’ll focus on:• Keeping the trust: ensuring that your

customers know they’re the number one priority

• Finding that balance between convenience and trust

• Forecasting the future of finance and how we should be preparing

Christopher Barber, EVP and Chief Information Officer, Commonwealth Business Bank

9:55 PANEL DISCUSSION: Strategies For Board-Level Reporting

We’re all on the same team here, but we don’t all speak the same language when it comes to cybersecurity. Our experienced panel will delve into the challenges and best practices for sharing insights with the c-suite and upper management.• Speaking the same language and ensuring

that your team stays in the know

• Translating insights, statistics and dashboards

• Delivering digestible information to management

Frank Hsieh, SIRO Asset Management, BNY Mellon

Anne Marie Zettlemoyer, Director, Information Security & Risk Management, Capital One

Walt Czerminski, Enterprise Information Security Officer (EISO), Brown Brother Harriman & Co



30MIN THINK TANK: Project Management: Don’t Lose Track of Your Valuable Data• Having a workable data inventory• Behavior of employee’s holding data• When does data become stale• Steps to mitigate risk

Daniel Robbins, VP, Information Security, State Bank and Trust Company



30MIN WORKSHOP: StaffEducation And Training



30MIN MENTORSHIP PROGRAM



30MIN MENTORSHIP PROGRAM

12:45 CLOSING LUNCH


INTERESTED IN ATTENDING?

INTERESTED IN SPONSORING?

If you’re the cybersecurity leader in your business and could benefit from exclusive knowledge sharing with your peers and insight into the most innovative technologies on the market, then Infosecurity Connect is designed specifically for you. To request an invite please contact:

Leah Price Head of Delegate Acquisition Phone: 646.200.7512 Email: [email protected]

Meet senior cybersecurity executives, benchmark and build relationships to advance deals with your target market. You’ll meet with companies that are qualified - and presently looking to - invest in your area of expertise. For more information on a customized package which can include: 1-to-1 meetings, networking and speaking engagements please contact:

Felippe Velloso Managing Director Phone: 646-200-7840 Email: [email protected]

Stephen Simmons Sponsorship Director Phone: 6462007447 [email protected]

Brandon Abramowitz Sponsorship Director Phone:6462007521 [email protected]

infosecurity - iqpc corporate · infosecurity connect is a new exclusive event from worldwide...

Documents