Day 2: Tuesday, December 5th

Breakfast Briefing

8:00 AM - 8:45 AM Case Study: Strengthening Security Through SWIFT’s Customer Security Programme

Stefano Ciminelli, Deputy CISO – Global Security, SWIFT
(Breakfast service will begin at 7:45 a.m.)

Combating fraud is a challenge for the entire financial industry. The threat landscape adapts and evolves daily, and both SWIFT and its customers have to remain vigilant and proactive over the long term.

While all customers are responsible for protecting their own environments, SWIFT has established the Customer Security Programme (CSP) to support customers in the fight against cyber-attacks.

The CSP is articulated around three mutually reinforcing areas. Customers will first need to protect and secure their local environment (You), it is then about preventing and detecting fraud in your commercial relationships (Your counterparts) and continuously sharing information and preparing to defend against future cyber threats (Your community).


Stefano Ciminelli

Deputy CISO – Global Security

Vendor Session

8:45 AM - 9:15 AM Evolving Security for the Internet of Things

As technology continues to move away from the traditional perimeter, security teams need to access and protect all the touch points; managing and controlling how the Internet of Things (IoT) works. The Internet of Things is exploding for commercial and personal use. The fear part is well-established; now proactive measures need to be enacted. Today the devices most vulnerable to cyber threats are mobile phones and tablet, which means implementing mobile threat detection solutions with employees accessing calendars, email and other internal resources from personal devices.

This session will explore new and emerging IoT technologies which are increasingly becoming part of our connected world. We will discuss the risks and security concerns associated with these technologies, examples of where cyber criminals have exploited these technologies, and what can be done to secure them.

In this session:

•Optimizing enterprise systems for the next-generation work load
•Updating BYOD security policies
•Exploring leading practices in mobile device security

9:20 AM - 9:50 AM Business Meeting

9:50 AM - 10:20 AM Business Meetings

10:20 AM - 10:35 AM Networking Break

BrainWeave B

10:35 AM - 11:20 AM Strengthening Data Center Security in Face of Breaches

In this interactive session discuss common security needs of all data centers. The session will explore operator versus attacker and who has the information advantage along with what decisions add or reduce complexities. Review what has changed in data center security along with emerging trends.

In this session:

•Evaluating models for hosting
•Navigating benefits and risks of data center solutions
•Analyzing the data center’s role with the expanding endpoints in need of protection

Master Class B

10:35 AM - 11:20 AM Case Study: Applying Cognitive Cybersecurity to Existing Environments

Bob Kalka, VP of the IBM Security Business Unit, IBM
The evolving landscape of cybersecurity threats is outpacing humans' ability to properly harness and process data, especially in critical infrastructure environments. This session will discuss a real case study about how cognitive computing and machine learning can be applied to impact the discovery, understanding and mitigation of these threats.


Bob Kalka

VP of the IBM Security Business Unit

Ignite Session

11:20 AM - 12:05 PM 4 Quick Fire Presentations in 40 Minutes

•New Approaches to Data Storage to Combat Real Threats
•Anticipating the Breach- Integrated Crisis Response
•Empowering Employees to Combat Phishing and Ransomware Attacks
•The Wild West of Shadow IT- Exploring New Kinds of Renegades and Why Rogue Ideas Flourish

12:05 PM - 1:05 PM Networking Lunch

Afternoon Keynote

1:05 PM - 1:40 PM Managed Security Service Providers (MSSP) - Opportunities and Challenges

Jim Kastle, CISO, ConAgra Foods, Inc.
• Effectively managing a security team when most of the resources are offshore

• Selecting a MSSP for a particular function (e.g. Security Operations Center)

• Cost/Benefit analysis – what is the reason for outsourcing and how to avoid a degradation in services

• Achieving (and maintaining) an appropriate level of service

• Leveraging technologies to optimize the service, but reduce the need (in terms of overall headcount)


Jim Kastle

ConAgra Foods, Inc.

1:45 PM - 2:50 PM Roundtable Discussions

A. Analyzing Attack Vectors and Providing Succinct Information for Sharing
B. Innovating Email Security: A Common Gateway to Your Networks
C. Navigating Regulations and Legislation: Discuss Practical Implications to Your Security Program

2:55 PM - 3:25 PM Business Meetings

3:25 PM - 3:55 PM Business Meetings

BrainWeave C

4:00 PM - 4:45 PM Enterprise Fraud Prevention with Insider Threats

Insider Threats cost organizations financial resources, lost data and reduced productivity. Effective controls and monitoring are necessary to prevent malicious insiders’ actions going undetected. The insider’s organizational familiarity allows greater opportunity to perpetrate fraud or take information in the workplace. This session will dissect employee theft and discuss best practices to mitigate risk via proactive monitoring and reporting techniques.

In this session:

  • Integrating cyber security into the broader risk discussion
  • Discovering and stopping fraud, employee espionage and other internal threats
  • Implementing risk modelling and analytics

MasterClass C

4:00 PM - 4:45 PM Drawing out the Kill Chain

Staying ahead of the threat actors by sharing and learning from your colleagues and law enforcement. Map the tools to the kill chain and where each tool plays in by stage. Ensure the tools are fully capitalized; leverage existing investments and make the best of it. Hit and share metrics to demonstrate the value of the program in improving security posture.

In this interactive discussion explore:

•Segmenting and preventing various attack vectors on your networks
•Examining most advanced discovery and detection techniques
•Plan to bring and hear examples of what is and is not working to prevent and mitigate attacks

4:45 PM - 5:00 PM Networking Break

5:00 PM - 5:30 PM Business Meeting

5:30 PM - 6:00 PM Business Meetings

Evening Keynote

6:00 PM - 6:30 PM Crisis Management- The Waffle House Index

Pat Warner, Director of Public Relations and External Affairs , Waffle House
Pat Warner is the Director of Public Relations and External Affairs for Waffle House restaurants. His duties include developing and executing strategies intended to create and uphold a positive public image for the restaurant company. An 18-year Associate, Pat’s “Waffle House Experience” has included weddings, funerals, major motion pictures and Kid Rock.

A member of the corporate crisis team, he’s been involved in the Waffle House response to more than twelve hurricanes, and numerous ice storms and tornadoes. Pat will introduce you to the Waffle House Index and the company’s unique way of responding to major storms. In relation to crisis management --from planning, to practice, to after action reviews-- which Chief Information Security Officers must navigate in the light of a breach.


Pat Warner

Director of Public Relations and External Affairs
Waffle House

6:30 PM - 7:30 PM Networking Reception