Day 1: Monday, December 4th

11:00 AM - 12:00 PM Welcome Brunch & Registration

12:00 PM - 12:15 PM Sponsor Orientation

12:00 PM - 12:15 PM Delegate Orientation

12:15 PM - 12:30 PM Ice Breaker

12:30 PM - 12:40 PM Chairperson’s Opening Remarks

Opening Keynote

12:40 PM - 1:40 PM Automation and Agility- Securing at the Speed of Business

Juan Gomez-Sanchez, Chief Security Officer, Lennar Margarita R. Santiago, Sr. Security Risk & Compliance Manager, Lennar Corporation
Businesses continue to evolve at a speed, which demands flexibility across the infrastructure. The Chief Information Security Officer facilitates mitigating and right-sizing risk to fit the appetite of the organization. The executive navigates the conversation, understanding the technical mechanics and making sure the corporation is getting good return on investment. Today’s enterprise requires heightened agility and innovation in security. This insightful presentation will examine practical, attainable and effective methods to transition the way security is approached.

In this session:

•Increasing customer satisfaction and improving operational efficiency

•Bringing together people, processes, and technology to address vulnerabilities and eliminate redundancies of tools

•Managing risk while integrating existing and new technologies


Juan Gomez-Sanchez

Chief Security Officer

Margarita R. Santiago

Sr. Security Risk & Compliance Manager
Lennar Corporation

Plenary Session

1:40 PM - 2:10 PM Say Goodbye to Vulnerability Backlogs: Using RASP to Reclaim Control and Reduce Risk

Kunal Anand, CTO, Prevoty
Knowing is half the battle when it comes to protecting applications and their sensitive data. Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality — not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol.

This session will review real-life case studies about enterprises that are adopting a savvy, new approach to protecting sensitive data and mitigating threats real-time. Explore available game-changing tools that are placed at the front of the line—directly in the application’s operating environment—to immediately lower risk and act as a compensating control at runtime.

In the case studies, explore ways to improve forensics, see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Through a demonstration observe live production attacks and generation of real-time security event logs and reports. Security teams can then correlate pre-production vulnerability scan results with runtime attack logs to go back, remediate based on actual risk—not just hypothetical threats. The result? Improved forensics.


Kunal Anand


Ignite Session A

2:10 PM - 2:30 PM Evolution of Phishing: The current state of attacks and countermeasures

With the rapid growth in phishing emails and increased sophistication leading to successful attacks, how effective are the current solutions? What will the future bring to combat phishing attacks?

Ignite Session B

2:10 PM - 2:30 PM Sponsored By MindPoint Group LLC

2:30 PM - 2:45 PM Networking Break

2:45 PM - 3:15 PM Business Meetings

3:15 PM - 3:45 PM Business Meetings

Master Class A1:

3:50 PM - 4:35 PM Best Practices and Future Direction of Security Awareness Training

Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4
2 Quick Fire Presentations in 20 Minutes. Why do cybercriminals target enterprise organizations? “It’s where the money is!”

Leverage effective security awareness and behavior management practices to strengthen your human firewall and gain greater organizational resilience.

Ignoring the human side of cybersecurity will leave your organization and customers vulnerable. Reported numbers may fluctuate from industry study to industry study, but they all agree on one thing: cybercriminals are successfully and consistently exploiting human nature to accomplish their goals. Employees are often the last line of defense between a sophisticated cyber-scam and your systems, data, and customers.

Prudent security leaders know that security awareness and training is key to strengthening their ‘human firewall’ – but they often don’t know where to start. This session will provide practical security awareness and behavior management tips, outline how and where tools are helpful, and discuss emerging industry trends.


Perry Carpenter

Chief Evangelist and Strategy Officer

Master Class A2:

3:50 PM - 4:35 PM Securing the Privileged Pathway—The Most Travelled Cyber Attack Route

Barak Feldman, National Director for the Privileged Account Security, CyberArk
Traditionally, much of the focus of a corporation’s InfoSec efforts have been placed on ensuring that the perimeter is secure. Recent attacks have shown an alarming shift from perimeter-based attacks to ones that originate inside the corporate network using privileged accounts. Once hackers establish a privileged foothold, they gain unfettered access to elevate privileges and move about the network freely without detection. Understanding this widely used method of attack is essential to developing ways to mitigate the risk. In this session, we’ll

• Review a case study demonstrating abuse of privileged credentials

•Discuss how privilege is used in these attacks

• Discuss effective prevention strategies

Barak Feldman

National Director for the Privileged Account Security

4:40 PM - 5:10 PM Business Meetings

5:10 PM - 5:40 PM Business Meeting

5:40 PM - 6:10 PM Business Meetings

Roundtable 1

6:15 PM - 7:00 PM Security Education and Awareness

Chris Gay, CISO, Southeastern Grocers

Chris Gay

Southeastern Grocers

Roundtable 2

6:15 PM - 7:00 PM Implementing and Innovating True Cloud Security

Michael Raeder, CISO, OrbitalATK


Michael Raeder


Roundtable 3

6:15 PM - 7:00 PM Developing and Sustaining a Cyber Security Risk Framework

7:00 PM - 8:00 PM Networking Cocktail Discussion