-
Building a World-Class AppSec Program
Jeremy Brooks, Information Security Architect, Aaron’s, Inc.
Eric Simmons, Information Security Manager & Application Security Lead, Aaron’s, Inc.
Eric Simmons, Information Security Manager and Application Security Lead at Aaron’s, and Jeremy Brooks, Information Security Architect at Aaron’s, led a CSO50 award-winning project to rethink application security for efficiency and speed. Partnering with QA, development, and DevOps, they built a platform enabling integration of application security across Aaron’s technologies. Join us to learn how they now deliver faster feedback to development teams with self-service processes and automation.
Interviewed by: Derek Hulitzky, VP, Content Development & Strategy, IDG Communications, Inc.
-
Establishing Security Ambassadors to Fortify a Secure Organizational Culture
Omar Prunera, Senior Director ESI Business Security Office and Global Programs, ADP
ADP’s Senior Director, ESI Business Security Office and Global Programs Omar Prunera leads the development of ADP’s Security Ambassadors for Excellence (S.A.F.E.) program to inform and train employees about security, improve their knowledge and behavior, and maintain the highest levels possible for ADP’s security posture. Join us to learn the benefits of the S.A.F.E. program up to present day, including the metrics framework designed to measure its impact, and where this project is headed.
Interviewed by: Derek Hulitzky, VP, Content Development & Strategy, IDG Communications, Inc.
-
Expanding Fraud Prevention and Detection and Cybersecurity at Scale
Stephen Pedersen, Director, Information Security, Coast Capital Savings
Coast Capital Savings Director of Information Security Stephen Pedersen leads a team that focuses on cybersecurity along with fraud prevention and detection as it expands its business nationally through a digital banking platform. Join us to learn how their security strategy creates a trusted digital banking experience with a scalable cybersecurity ecosystem by assembling and configuring out-of-the-box technologies while leveraging multiple cloud capabilities.
Interviewed by: Derek Hulitzky, VP, Content Development & Strategy, IDG Communications, Inc.
-
GE's Journey to Zero Trust
Justin Acquaro, Global CISO, GE
As Global CISO for GE, Justin Acquaro is an expert at providing access to critical applications for a large employee population – all with trust at scale. With an emphasis on strong user investment, a dedicated cross-function team, and strategic executive sponsorship, GE won a CIO 100 award for its MyApps Anywhere employee access project. Join us for this session to hear how the project unfolded, the ups and downs during the process, and how Zero Trust is embedded in the outcome.
Interviewed by: Derek Hulitzky, VP, Content Development & Strategy, IDG Communications, Inc.
-
Challenge the Rules of Security by Proactively Transforming the Threat Surface
Robert DeVito, Global Chrome Customer and Partner Sales Engineering, Google Chrome
Robert DeVito with Google Chrome says that increases in distributed workforces and adoption of cloud applications means companies face new levels of IP, data, and identity sprawl beyond the enterprise firewall. Since every endpoint is an entry, cybercriminals now have more ways to break in, and human error on the inside is a constant risk. Join us to see how Chrome OS and Chrome Browser embed security into every workflow to provide proactive protection for users, devices, applications, and data.
-
Success Factors for Securing a Multi- or Hybrid-cloud Environment
John Swensson, Customer Success Manager, CloudPassage
As more organizations experience the benefits of public cloud infrastructure, we’re seeing an increase in the adoption of hybrid- and multi-cloud environments. This enables development teams to select the best infrastructure for the specific needs of their application, such as one cloud provider over another, or leveraging the data center to host a portion of their assets and resources. This creates a challenge for InfoSec, as the security tooling used for one cloud service provider is often not portable to another and the security tooling for the data center is not optimized for the cloud. As a result, InfoSec can find themselves accessing multiple dashboards and security tools in the course of their daily activities, reducing productivity, increasing costs, and leaving gaps in security controls across environments. This session will look at the key pitfalls to avoid and the success factors for effectively securing these diverse and complex environments.
-
The CISO's Evolving Role: Career Tips and Guidance for Today's Security Leaders
Tim Youngblood, Corporate VP, Global CISO, McDonald’s
Tim Youngblood is Corporate VP, Global CISO at McDonald’s, one of the world’s largest food service companies. Having worked at other large organizations, Tim’s developed a unique understanding of the various stages in evolving your career to the CISO level. Join us for this in-depth interview to understand Tim’s views on the evolving CISO role, his career and skills advice for aspiring security leaders, why expertise in operational excellence and partnering is essential, and the future of information security.
Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO
-
CISOs and Personal Liability in Today's Business Climate
Aravind Swaminathan, Global Co-Chair, Cyber, Privacy & Data Innovation, Orrick, Herrington & Sutcliffe LLP
Aravind Swaminathan is a former cybercrime prosecutor and is currently Global Co-Chair, Cyber, Privacy & Data Innovation at Orrick, Herrington & Sutcliffe LLP where he’s directed more than 200 cybersecurity and data breach investigations. Join us for this session as he discusses the current breach landscape, why CISOs can be in the crosshairs for personal liability, the implications if they conceal information or mislead investigators, and what CISOs should ask when considering a new CISO role.
Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO
-
Aligning Security, Compliance and Privacy Across Inventory Tracking
Kandice Samuelson, Senior Director, IT Governance, PPD
Brad Wells, Executive Director, Information Security, PPD
Brad Wells, Executive Director, Information Security, and Kandice Samuelson, Senior Director, IT Governance at PPD lead a team enhancing PPD’s inventory tracking system that identifies PPD’s most valuable assets. Join us to learn how they distribute security resources for appropriate levels of protection, maintain compliance with government regulations and industry standards, and leverage information security controls aligned with client requirements, industry frameworks and privacy regulations.
Interviewed by: Derek Hulitzky, VP, Content Development & Strategy, IDG Communications, Inc.
-
Keeping a Remote Workforce Secure: Lessons Learned, Tips for the Future
Lucian Constantin, Senior Writer, CSO Online, IDG Communications, Inc.
Matthew Finnegan, Senior Reporter, Computerworld, IDG Communications, Inc.
Ken Mingis, Executive Editor, Computerworld, IDG Communications Inc.
CSO’s Lucian Constantin joins Computerworld’s Matthew Finnegan and Executive Editor Ken Mingis to explain what companies should do to keep their remote employees — and valuable corporate data and info — safe. Secure remote access is key, and it means more than getting everyone on a VPN. Zero-trust access gateways, network segmentation, user and device verification, and role-based access control policies are all part of today’s security tool kit.
-
An IT Operations, Security, and Risk Management Platform That Responds to Plain English Queries
Advances in technology allow security and IT operations teams to ask questions about their entire environment — in plain English – and then retrieve accurate and complete data so they can take corrective action on endpoints at scale. Join us as we demonstrate this, along with how Tanium’s data visualization capabilities make it easier to measure and communicate insights across your environment. We’ll also show Tanium’s extensibility via a variety of ready-to-use connectors and open APIs, which allow seamless integration of endpoint data with other IT systems.
-
Protecting Against Next-Gen Software Supply Chain Attacks
Ax Sharma, Developer Advocate, Sonatype
Michelle Dufty, Senior Vice President of Marketing, Sonatype
Legacy software supply chain exploits, like the Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities left unpatched in the wild. Conversely, next-generation software supply chain attacks are far more sinister because bad actors aren’t waiting for public vulnerability disclosures. Instead, they’re actively injecting malicious code into open source projects that feed the global supply chain. Join us to learn how your organization can proactively protect itself against software supply chain attacks.
-
Cybersecurity Trends: Defeating Hackers Before They Attack
Cole Humphreys, Global Cyber Security Product Management, Hewlett Packard Enterprise
Supply chain attacks, insider threats, persistent malware and ransomware are becoming highly sophisticated. With 66 percent of security teams struggling to protect complex, granular and dynamically changing attack surfaces, enterprises need new lines of defense to shift the focus from fighting fires to driving secure digital transformation. Join us as we dive into the foundational elements you need to build a zero trust approach into your IT supply chain and infrastructure.
-
Streamlining Your SOC Operations with Risk Based Alerting
Robert Wagner, Security Executive Advisor, Splunk
Risk based alerting (RBA) can streamline your queue while producing higher fidelity alerts. Join us for this session to understand how this new process works, and how it leverages your existing Splunk investment.
-
How to Achieve Least Privilege at Cloud Scale with Cloud Infrastructure Entitlement Management (CIEM)
Maya Neelakandhan, Head of Customer Success and Support, CloudKnox Security
Achieving security in the cloud is an always-moving target. With more than 95 percent of human and machine identities using less than five percent of the permissions granted, this “cloud permissions gap” has become the biggest roadblock to organizations protecting their critical cloud infrastructure. Join us to learn about Cloud Infrastructure Entitlement Management (CIEM), a new approach to closing the gap by managing permissions with continuous and automated enforcement of least privilege in the cloud.
Click here to watch session!
