December 10 - 12, 2018
The Ritz-Carlton, Amelia Island, FL

Wednesday, December 12, 2018

8:00 am - 8:30 am Networking Breakfast

8:30 am - 8:35 am Chairperson's Opening Remarks

Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data and privacy are all components of proactive security leadership. Leadership needs to be in the forefront translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn how to:
•Engaging, managing, and exceeding expectations
•Top-down focus on risk management
•Evolving roles of the CISO, CIRO, and CIOs


Bhavesh Advani

Head of IT Risk and Governance
Dropbox, Inc.


Sherron Burgess

BCD Travel


Jim Kelly

Mission Health


Jeff Kennedy

Regions Bank

9:20 am - 9:50 am Integrating Zero Trust Networks

Randy Marchany - CISO Virginia Tech
Internet 1.0 servers and endpoints were static. Internet 2.0 servers were static and endpoints were mobile. In the Internet 3.0 world, servers utilizing cloud, containers and "serverless" apps and endpoints (mobile devices, tablets, IoT, etc.) are highly mobile. A new security architecture needs to be implemented to address these new requirements. The traditional perimeter-based security architecture used in various sectors (edu, gov, com, org, etc.) has basically failed to protect internal assets. New technologies such as IoT and mobile devices will force a new approach to network security architecture. Zero-trust networks (ZTNs) assume that the network is hostile, attackers are already inside the net, and segmentation isn't sufficient for determining trust among other characteristics. This talk will describe zero-trust network properties and how we are integrating this architecture with existing cybersecurity defense strategies. We believe all sectors will have to adopt this strategy in the near future. 

Randy Marchany

Virginia Tech

9:55 am - 10:25 am Business Meetings

10:25 am - 10:55 am Business Meetings

11:00 am - 11:30 am Evolving Data Privacy in a Global World

Security executives need to be attuned to privacy language, global privacy laws, and how to integrate security and privacy when building a cyber security program. This session will explore emerging state cyber regulations, GDPR challenges, and the basics of privacy as it affects corporate risk programs.
In this session:
•Integrating privacy by design
•Encouraging stakeholder collaboration 
•Empowering privacy in enterprise risk management

11:30 am - 12:00 pm Strengthening Third Party Risk Management

With the common practice of utilizing third parties in business transactions having a clear understanding of the risk of sharing data is necessary. Increased cross-industry collaboration. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and other current and pending regulations. Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
•Adjusting access levels for third parties user and system accounts
•Securing development of application integrations; including firewall configuration 
•Increasing industry collaboration and engagement to prioritize security

12:00 pm - 12:30 pm Chairperson's Closing Remarks