Monday Events

8:30 a.m. - Building Blocks of a Security Program

• First 6 Months on the Job
  The morning starts off with a walkthrough of what you might expect during your first 6 months on the job. Learn where to spend your time and resources to be most effective without introducing more change than the organization can absorb. Think you should drop a 100 page vulnerability report on the CEO's desk on day 2? Think again. These long-time security leaders will point out the pitfalls to avoid as a new information security officer, and share their tips for building a strong program foundation.
  • Speaker: Dennis Devlin, CISO, Brandeis University
• Organizational Structure, What Works
  Once you have gotten past the first few months, you will be presented with several important decisions, like how to organize your team. Attendees will hear several approaches to handling critical security functions such as governance, operations, privacy, and incident investigations. There are so many ways to integrate information security responsibilities into the organization, and security officers are meeting the modern day challenges by evolving their program into a more decentralized group spread across various business units.
  • Speaker: Evan Wheeler, Director InfoSec, Omgeo
• Security Evangelism
  If you don't like politics, than CISO is probably not the job for you. On any given day you may find yourself negotiating with regulators, balancing a severe security exposure against a critical business initiative, and being grilled demanding customer due diligence questions. A critical skill for any security leader is knowing how to shape and improve the security posture of your organization without clashing with the company's culture. Learn from the experiences of a leading CISO how to promote a culture of security in your own organization.
  • Speaker: Bruce Bonsall, CISO, Mass Mutual

9:30 a.m. - Making Regulations & Audit Work for You

• Audit is Your Friend & Strategies for Working with the Regulators
  No matter what industry you are in these days it seems that you have to deal with some level of regulation. If you know how to approach it, you can really use this to your advantage to improve the security posture of your organization. The key is to really understand the audit function, their role and charter, and how to best maximize the relationship with them whether it be an internal audit group or an external assessor. Learn how to "manage" the audit process, and you will transform yourself from someone who dreads audit to an audit lover.
  • Speaker: Justin Peavey, CISO, Omgeo

10:00 a.m. - Break

10:30 a.m. - Managing the Breach

• The Long Walk to the CEO's Office
  No matter how good you are, you will someday experience the humbling effects of a data breach. Not only can how you handle the first few minutes, hours, and days of this experience make or break your career, also how you prepare for this event will often determine your tenure with the organization. Attendees will get a rare look into the mind of a CISO as he/she walks down the hall to the CEO's office. Can you guess what is on top of the list?
  • Speaker: Ron Baklarz, CISO, Amtrak
• Law School in 20 Minutes or Less
  If you aspire to lead a security program of any size, then this session is a must attend for you. More and more these days the CISO is called upon to provide guidance about the security, privacy, compliance requirements and constraints of various (and often conflicting) international laws. This crash course in legal must-know topics will give you a great place to start with your legal education.
  • Speaker: David Thomas, Shareholder, Greenberg Traurig, LLP
• Investigative and Forensic Considerations: Interaction with Law Enforcement
  Don't miss this unique experience to hear from a senior law enforcement agent what you can expect when you make the call to bring in help on an investigation. Law enforcement can be an invaluable resource to help you through a major breach, but you need to help them to help you. Preserving forensic evidence and coordinating resource are just some of the topics that will be covered.
  
  For those attendees who are lucky enough to have never had a serious breach that required law enforcement assistance, this session will conclude with a simulated meeting between a CISO, his legal counsel, and an FBI agent to discuss a new breach investigation. What better way to learn what to expect and how to prepare than to see it all in action. There may even be some unexpected developments in the investigation to really keep things interesting.
  • Speaker: James Burrell , Assistant Special Agent in Charge, Federal Bureau of Investigation

12:30 p.m. - Introductions

• Speakers: Mike Gentile, Founder and President, CISOHandbook.com
  Lee Kushner, President, LJ Kushner and Associates

12:40 p.m. - Trends Impacting the Sec. Skills Orgs Need & the Jobs People Want
The current characteristics of the information security domain have created a dynamic and challenging landscape for the development of the security professionals that participate within it. Some of these considerations or trends include the unique and demanding needs of the organizations that require security talent, the available training and certification mechanisms to attain these skills, extreme demand for a limited supply of talent, and the overall immaturity of the information security discipline. This panel will illustrate some unique perspectives on this topic, as well as, provide some practical tips to leverage these considerations in your day to day security travels.

• Speakers: Michael Assante, President and CEO, NBISE
  Chris Chock, Security Lead, Orange County Transportation Authority
  Mike Gentile, Founder and President, CISOHandbook.com (Moderator)
  Jeff Moss, Founder of Black Hat and DEF CON, Homeland Security Advisory Council Member
  Kevin Richards, President, ISSA International and Vice President, Risk & Security Services, Neohapsis

1:30 p.m. - Break

1:50 p.m. - Career Architecture - Building a Career Plan From the Ground Up
The battle for information security leadership jobs becomes more fierce each year. It is important that the Information Security professional prepare himself/herself to compete in this industry. This session will teach you to effectively plan for future success in your career, setting appropriate goals and targets and understanding your own skills and where you need to develop further.

• Speaker: Michael Murray, Co-Founder, Infosec Leaders

2:30 p.m. - Making the A-list - Differentiating Yourself as an Information Security Professional
Most security professionals are great at what they do, but fall short when it comes to presenting themselves for a career opportunity. This session will:

• Give an overview on how hiring managers and recruiters evaluate potential candidates
• Help define the qualities that make candidates stand out from the competition
• Provide insights on how to "product manage" one's professional assets.

• Speaker: Jeff Combs, Owner, J. Combs Search Advisors

3:10 p.m. - Break

3:30 p.m. - The CISO of the Future - Building a Competitive Skill Matrix
As companies look to select their information security leaders of the future, they will be more demanding. To be both effective and respected, the CISO will need to build a comprehensive skills matrix that places them on the same level as other senior executives. Attendees will learn which key skills and attributes companies search for when selecting their CISO's and how to acquire them.

• Speaker: Lee Kushner, President, LJ Kushner and Associates

4:10 p.m. - The Top of the Pyramid - Real Lessons from Today's Security Leaders
A diverse panel of recognized information security leaders, representing different perspectives and industries, will speak about their backgrounds and their career paths. Discussion points will include items such as how they achieved their success, the criteria that they utilize for their personal career decisions, recognizing and developing talent, as well as where they are heading next. Attendees will leave the session with ideas to apply to their own careers, in pursuit of their long term career goals. The session would allow for audience questions and answers.

• Speakers: Patrick Heim, CISO, Kaiser Permanente
  John Kirkwood, Global CISO, Royal Ahold
  Lee Kushner, President, LJ Kushner and Associates (Moderator)
  Stephen Scharf, CSO, Experian