Agenda

Join us today, 7/28 and tomorrow 7/29 for live, premium content.

Already Registered? Visit How to Login or check your email for details.

Need to Register? Sign Up Here

 

12:30 PM

Virtual Event Space Opens

Arrive early or stay late.

Network with attendees, explore technology solutions in the exhibit hall, and view the many On-Demand sessions available.

1:00 - 1:05 PM

Welcome and Opening Remarks

John Gallant, Enterprise Consulting Director, IDG Communications, Inc.

1:05 - 1:30 PM

How An “All Hazards” Approach to Risk Creates Organizational Preparedness and Resilience

Tim Callahan, Global CISO, Aflac

Ranked 143 on the Fortune 500, Aflac provides financial protection to more than 50 million people worldwide. When the organization faced COVID-19’s rise and aftermath, it relied on an evergreen, “all hazards” approach to crisis management to ensure the business reamains in a constant state of readiness for hazards of all kinds. Join us for this session to understand how Aflac’s responded to the pandemic, how that response supports overall resiliency for the organization, and the lessons they’ve learned throughout this journey.

1:30 - 1:50 PM

Public Cloud Security: Real Threats. Real Solutions

Harish Grama, GM, IBM Public Cloud

Harish Grama has been a transformational tech executive for almost three decades with many major accomplishments. Currently, he’s General Manager of the multibillion-dollar IBM Public Cloud. In that role, Harish is on the front line of many of today’s most important and complex security issues. Here, he talks with Bob Bragdon, SVP/Worldwide Managing Director of CSO, about some of them. They discuss the crucial need to balance security and agility, top security factors that influence an enterprise’s public cloud decisions, security pain points and how to mitigate them, and more. Join this session to learn more about the future of public cloud security.

2:00 - 2:25 PM

How Crisis Management Inspires New Thinking

Emily Heath, Chief Trust & Security Officer, DocuSign

As the pioneer in developing e-signature technology, DocuSign helps organizations connect and automate how they prepare, sign, act on, and manage agreements. Now, more than ever, organizations are leveraging technologies that not only streamline business efficiency, but accelerate paperless and contact-free agreements. But to successfully manage this global business for employees and customers throughout COVID-19 requires focused crisis management. Join us for this session to learn about DocuSign’s journey through the pandemic, the ways they’re helping their employees while maintaining business operations, and how CISOs can leverage the COVID-19 experience as an opportunity to make their organizations stronger.

2:25 PM

On Demand Sessions Available

Adapting Security to the New Normal of a Distributed Workforce

Michael Suby, IDC, Research Vice President, Security & Trust, IDC

COVID-19 is pushing the boundaries of the IT estate outward. Over 35% of organizations surveyed in late-April 2020 indicated that they will be adapting their long-term IT strategies to accommodate greater instances of remote working and work from home. With this, security alarms are sounding. A near equal percentage of organizations point to cybersecurity and privacy associated with remote working and work from home as their biggest challenge. Security professionals already confronting the difficult objectives of maintaining business resiliency and protecting sensitive information from a constant barrage of cyber threats, an expanded and highly dynamic IT estate adds to their challenges. Favorably, there are sound strategies that can alleviate the security risks of IT estate expansion while supporting the agility digital organizations require. Please join Mr. Suby as he outlines the challenges and shares recommended strategies.

Best Practices for a Secure Cloud-Based Workforce

Donovan Blaylock, Emerging Technology Evangelist, SailPoint

Best practices in IT and access security are tried and true across the enterprise. And while we know how to eliminate the vast majority of threats that face a corporate enterprise, how does this old school wisdom apply to today’s rapid digital transformation? Moreover, with the speed and complexity involved with increased cloud adoption, how can an organization see the whole picture and potential risks? Join us for this session as we examine a common use case when managing access to the cloud: applying least privilege to your Identity as a Service (IaaS) infrastructure. We’ll explore common reasons why this isn’t performed effectively, and explain how to solve for it by bringing best practices to your enterprise cloud strategy.

Remote Access and the Rising Tide of Sensitive Data

Doug Wick, VP, Product Marketing, ALTR

Cloud data warehouses like Snowflake, Amazon Redshift, and Google BigQuery are enabling organizations to share data across the enterprise while delivering convenience, portability, and user collaboration. Since these kinds of applications are so easy to spin up, it’s not surprising that security and compliance teams are not even aware of them, let alone the risks. Join us for this session to learn how to easily add granular visibility and control to optimize your investment in your cloud applications, thereby eliminating associated risks.

Why Your DLP Needs to Be Smarter to Prevent Insider Threats

Peter Hadjigeorgiou, Senior Security Customer Relationship Manager, Code42
Abhik Mitra, Senior Product Marketing Manager, Code42

Despite having a DLP and/or CASB in place, most organizations are looking for better threat intelligence, better detection and response, and faster time to mitigation. Policy-driven approaches have left organizations blind to the data security threats that are hard to tag and categorize. Join us for this session as we explore how to detect and respond to insider threats effectively, and ways to deliver better data context to make your DLP smarter.

Global Editors’ Roundtable: Security in the Age of COVID

Join IDG editors from around the world as they discuss the security implications of the new work dynamic, how security fits into the story of COVID-19, what tighter budgets mean for security and more. Host Bob Bragdon will be joined by Amy Bennett, Executive Editor, CIO & CSO, IDG Communications, Inc.; James Henderson, Editorial Director, IDG Asia; Jens Dose, Editor, CIO Magazine, IDG Business Media GmbH; and Dan Swinhoe, UK Editor, CSO.

12:30 PM

Virtual Event Space Opens

Arrive early or stay late.

Network with attendees, explore technology solutions in the exhibit hall, and view the many On-Demand sessions available.

1:00 - 1:05 PM

Welcome and Opening Remarks

John Gallant, Enterprise Consulting Director, IDG Communications, Inc.

1:05 - 1:30 PM

Best Practices in Supporting People, Partners, the Business and the Community

Meredith Harper, VP, CISO, Eli Lilly and Company

Ranked 123 on the Fortune 500, Eli Lilly is a global healthcare leader that unites caring with discovery to create medicines that make life better for people around the world. As a leading employer, Lilly’s response to the COVID-19 pandemic involves many facets of the organization. Join us for this session to learn valuable lessons on how Lilly is supporting its people, partners, business operations and the community.

1:30 - 1:50 PM

Securing the Enterprise Crown Jewels: What to do Now

Sherban Naum, SVP, Corporate Strategy and Technology, HP Inc.

Sherban Naum is smart, clear thinking, and one of the tech world’s leading minds when it comes to risk and security. He also happens to be SVP, Corporate Strategy and Technology, HP Security. Here Sherban talks with Bob Bragdon, SVP/Worldwide Managing Director of CSO, about what he considers to be today’s greatest security challenge: minimizing risk while meeting the needs of a large distributed workforce. What are the key impediments? What can CSOs and CISOs do to protect what he calls the “crown jewels” of an enterprise? What role does technical debt play in maintaining security? How can an enterprise modernize rapidly to meet today’s security challenges? His answers are blunt, revealing, and make perfect sense.

2:00 - 2:25 PM

Balancing Work-from-Home with Return-to-Office: Developing a Safe and Secure Roadmap

Todd Lukens, CISO, Nationwide

Ranked 74 on the Fortune 500, Nationwide, is one of the largest and strongest diversified insurance and financial services organizations in the United States. As the COVID-19 pandemic gathered momentum, Nationwide, like many large organizations, began planning its response early with a crisis management team led by its CISO. Join us for this session to understand how security and technology plays a critical role in both Nationwide’s work from home strategy, and their advanced efforts to safely bring the workforce back to the office environment.

2:25 PM

On Demand Sessions Available

Managing Global Organizational Resilience During Crisis: Lessons Learned

Bob Varnadoe, CISO, NCR

A Fortune 500 company with 36,000 employees around the world, NCR Corporation is a global enterprise technology provider for the banking, retail and hospitality industries. To maintain consistent operations while safely transitioning employees to working from home, the organization mapped out its plans at a safe and rapid pace. Join us for this session as we explore lessons learned about organizational resilience during crisis, getting through supply chain challenges, and creating a secure technology environment for a global workforce safely transitioning to work from home.

Protecting Your Windows Perimeter: How to Keep Threats at Bay

Preston Gralla, Contributing Editor, Computerworld, IDG Communications, Inc.
Ken Mingis, Executive Editor, Computerworld, IDG Communications. Inc.

Because it’s so ubiquitous in the enterprise, Windows almost always has a big, fat bulls-eye on its back. But there are concrete steps companies can take to make sure their Windows environment is secure. Computerworld Windows expert Preston Gralla talks with Executive Editor Ken Mingis in detail about exactly what enterprises can do to keep their PCs, servers and networks out of trouble.

Credential Stuffing Attacks: How to mitigate with Auth0

Jamie Hughes, Lead Solutions Engineer, AuthO

As a central authentication service that processes billions of logins a month, credential stuffing attacks are the most common threats we observe. These attacks can lead to fraud, loss of reputation, and ultimately, loss of revenue.

In credential stuffing attacks, threat actors use stolen credentials from one breach to takeover users’ other accounts. This is effective because 65% of people reuse passwords across multiple accounts, according to Google. On some days, these attacks originate from more than 50,000 IP addresses and may account for as much as half of all login attempts using our platform. Even the most mature companies are vulnerable if they don’t have the right preventative measures in place.

Securing the New Normal: How Cyber AI Learns on the Job

Justin Fier, Director, Cyber Intelligence & Analysis, Darktrace

The future of work remains unpredictable and uncertain. More than ever before, business leaders need to remain confident that their operations can continue securely in the face of global or even regional crises, and while sections of the economy are slowly re-opening, cyber-attackers are ramping up their campaigns.

As businesses look set to rely on cloud and SaaS tools for the long term, our digital environments are going to be more dynamic than ever. Yet organizations are finding themselves undergoing a delicate balancing act—each new work practice and technology that is introduced also brings unforeseen risk. Static, legacy approaches have become redundant, both unintelligent and ill-equipped to adapt.

Organizations must rethink their approach to security, and rely on new technologies like AI to achieve much-needed adaptability and resilience. Darktrace is the world leader in cyber AI technology, and leverages unsupervised machine learning to seamlessly adapt and integrate into changing environments, and to detect and respond to attacks in the earliest moments.

In the face of an uncertain present and future, Cyber AI enables businesses to continue communicating, operating, and innovating.

12:30 PM

Virtual Event Space Opens

Arrive early or stay late.

Network with attendees, explore technology solutions in the exhibit hall, and view the many On-Demand sessions available.

1:00 - 1:05 PM

Welcome and Opening Remarks

John Gallant, Enterprise Consulting Director, IDG Communications, Inc.

1:05 - 1:30 PM

How Lessons Learned Can Improve Resilience

Dave Estlick, CISO, Chipotle Mexican Grill

With 85,000 employees around the world, Chipotle Mexican Grill is cultivating a better world by serving responsibly sourced, classically-cooked, real food with wholesome ingredients without artificial colors, flavors or preservatives. Like most organizations, the company’s risk journey through the pandemic was unique — and influenced by lessons learned by prior business disruptions, tabletop exercises, and health and wellness procedures already in place in their facilities. Join us for this session to learn how lessons learned allow an organization to focus outwardly – rather than internally – during a large-scale black swan event, and how the COVID-19 experience can make for easier risk conversations going forward among executive teams, technical teams and boards.

1:30 - 1:50 PM

Why Resiliency is a Shared Responsibility

Kurt Roemer, Chief Security Strategist, Citrix

Join us for this session as Bob Bragdon and Kurt Roemer, Chief Security Strategist at Citrix, discuss how expectations of IT services and resiliency have changed because of the COVID-19 pandemic. They also examine the greatest resiliency challenges facing businesses today.

1:50 pm - 2:15 pm

Cyber Resilience: Lessons for a Post-Pandemic Landscape

Selim Aissi, CISO, Ellie Mae
Thor Olavsrud, Senior Writer, CIO.com, IDG Communications, Inc.

Join us for this session with Thor Olavsrud, senior writer, CIO.com, as he talks with Selim Aissi, CISO at Ellie Mae, a leading cloud-based platform provider for the mortgage finance industry. They discuss what cyber resilience means for the company, how the concept of resiliency has evolved in the face of the pandemic, and why it’s important to establish and maintain strong relationships between the CISO and the executive board.

2:15 - 2:35 PM

The Age of Any Access: The Evolution of Zero Trust, Trends, and What’s Next

Sudhakar Ramakrishna, CEO, Pulse Secure

The growth of workforce mobility combined with the recent dramatic increase in workplace flexibility requires businesses to provide employees with fluid, yet secure access from anywhere, at any time, and from any device. Moreover, all of this must enable access to distributed applications and resources in data center and multi-cloud environments. In this “age of any access,” what should organizations consider to fortify their security posture? What innovations are on the horizon? Join us for this session as we discuss how secure access has evolved, where the Zero Trust model is being applied, and new technologies available to ensure user productivity, operational visibility and compliance.

2:35 PM

On Demand Sessions Available

Practical DevSecOps Guardrails that Enable Safer Innovation

Eric Mumford, Enterprise Architect, Homesite Insurance
Tom Sweet, VP, IT Solutions, GM Financial
Isaac Sacolick, Contributing Editor, InfoWorld, IDG Communications, Inc.

DevOps catalyzed collaboration between Dev and Ops teams to drive more frequent and reliable application releases and innovations. Despite all the right intentions, testing, security, and monitoring practices often fell to second priorities as many DevOps organizations focused on automation with CI/CD, and Infrastructure as Code (IaC). COVID-19 has reminded organizations that driving recklessly fast isn’t the answer and that resilient organizations require DevSecOps to establish guardrails for safer and fast innovation. Hear from DevSecOps leaders who are instrumenting proactive testing, security, and monitoring practices in their organizations.

What CISOs Need to Know About Protecting Employee COVID-19 Health Data

Enza Iannopollo, Senior Analyst, Forrester
Marcus Vass, Partner, Osborne Clark
Dan Swinhoe, UK Editor, CSO Online, IDG Communications, Inc.

As companies begin to reopen, many are looking at tracking coronavirus-related health data of their employees. This sensitive data presents additional risk for CISOs, and needs to be secured carefully. Forrester Senior Analyst Enza Iannopollo, and Marcus Vass, partner at law Osborne Clarke leading the Digital Health team, discuss what CISOs should bear in mind around securing this new dataset.

Meeting the Real World Challenges of Securing Critical Infrastructure

Lesley Carhart, Principal Threat Analyst, Threat Operations Center, Dragos, Inc.
Cynthia Brumfield, CSO Online, IDG Communications, Inc.
Michael Nadeau, CSO Online, IDG Communications, Inc.

Water facilities, power plants, communications systems, and other core infrastructure are under constant attack. Nation-states and their proxies look for ways to disrupt services for geopolitical gains, and criminals seek to extort ransomware payments. Our expert panel talks about the actual scope of the threat and the potential risk, and they offer advice for how providers of critical services can mitigate that risk, even if they have limited resources.

12:30 PM

Virtual Event Space Opens

Arrive early or stay late.

Network with attendees, explore technology solutions in the exhibit hall, and view the many On-Demand sessions available.

1:00 - 1:05 PM

Welcome and Opening Remarks

John Gallant, Enterprise Consulting Director, IDG Communications, Inc.

1:05 - 1:30 PM

The Resilience Imperative

Jim Routh, Head of Enterprise Information Risk Management, MassMutual

Ranked 84 on the Fortune 500, MassMutual offers a wide range of financial products and services, including life insurance, disability income insurance, long term care insurance, annuities, retirement plans and other employee benefits. With a vast portfolio of resources to protect, the organization invests wisely in resilience across its technology environment. Join us for this session to learn how resilience is a key ingredient to their risk management strategy.

1:30 - 1:50 PM

Hardware-Enhanced Protection

Abhilasha Bhargav-Spantzel, Principal Engineer, Intel

Many businesses are implementing software security solutions. But as hackers get more sophisticated, threats are attacking the hardware layer. Hardware-based security features built-in to the hardware provide an important layer of protection for business devices, applications, and data. Join us for this session as we discuss the groundbreaking of the Intel vPro® technology that accelerates and scales security beyond software or human based approaches alone. We’ll explore hardware-enhanced security features designed to help protect the other layers of the computing stack, features to help protect against below-the-OS attacks and safeguard apps and data, and advanced threat detection that offloads routine security functions for lower user impact and continued productivity.

1:50 - 2:15 PM

How Resilient IT Mitigates Risk and Creates Value for the Organization

Raj Madan, Managing Director, Technology, BNY Mellon | Pershing

With $1.8 trillion in assets under custody, BNY Mellon’s Pershing (“Pershing”) and its affiliates provide advisors, broker-dealers, family offices, hedge fund and ’40 Act fund managers, registered investment advisor firms and wealth managers with a broad suite of global financial business solutions. Pershing’s proactive approach to IT, security, data centers, cloud, architecture and testing has helped protect the firm’s clients’ interests in an ever changing marketplace, while providing them with the most innovative solutions possible. Join us for this session to understand how the organization builds resilient IT designed to adapt and perform –and how that approach has helped the firm address the significant market volatility resulting from the COVID-19 pandemic.

2:15 - 2:35 PM

A Data-Driven Approach to Security Operations

Yassir Abousselham, CISO, Splunk

Data is the lifeblood of modern organizations – and modern security operations. Today’s SecOps teams must be more data-driven, leveraging automation, machine learning and other tools to quickly identify threats and reduce response times, while freeing up critical engineering and analyst resources. Join us for this session as we discuss the evolving threat landscape and a vision for helping businesses move faster — and more securely.

2:35 - 2:50 PM

Understanding and Mitigating Software Supply Chain Risks

Brian Fox, SVP & CTO, Sonatype

If you’re application development team is using open source software components, as most all teams do today, then you need to be keeping an eye on the risks posed by adversaries inserting malicious code into shared development resources. Like flaws hidden in a subcomponent of a huge piece of machinery, they present risks that can have a profound impact to the security of your enterprise. Brian Fox, SVP & CTO of Sonatype and CSO’s Bob Bragdon discuss these risks and how application development and security teams can work together to mitigate them.

2:50 PM

On Demand Sessions Available

Ransomware: How it Evolves, How to Fight It

Lucian Constantin, Senior Writer, CSO Online, IDG Communications, Inc.
Ken Mingis, Executive Editor, Computerworld, IDG Communications, Inc.

Ransomware never goes away; it just evolves. That’s the main message from CSO security reporter Lucian Costantin, who talks with Computerworld Executive Editor Ken Mingis about the latest tactics used by bad actors hoping to extract a little – or a lot – of cash from the companies they threaten. Costantin details how companies can go about beefing up security to keep threats out. And if worse comes to worse and corporate data is in danger from an attack, he explains what corporate execs should do.

Remote Access: How to Trust Untrustworthy Devices

Juliet Beauchamp, Video Content Producer, IDG Communications, Inc.
Lucian Constantin, Senior Writer, CSO Online, IDG Communications, Inc.

The transition to managing a remote workforce happened virtually overnight. With it came the challenge of managing employees’ security while they work on their home networks and sometimes on their personal devices. Traditional VPN solutions can be expensive and not always the most secure way to manage traffic coming into corporate servers. CSO senior writer Lucian Constantin discusses why zero-trust framework and mesh VPNs can be effective tools for IT teams to deploy to remote workers.