Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois

Strategies for reducing risk to the enterprise.

February 22, 2024

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

• Top Trends for Cybersecurity in 2024 and How to Prepare
• Generative AI Security Risks & Mitigations: How Should We Plan? Where Should We Start?
• Quantifying Cyber Risk to Drive Business Decisions
• Third Party Risk: The Knowns and the Unknowns and Business Resiliency
• How CISOs Evaluate the Benefits and Risks of New Enterprise Technologies (CISO Panel Discussion)
• How Security and the CSO Can Build Trust with the Business (CISO Panel Discussion)

Conference Price: $299.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

CONFERENCE AGENDA

8:00am – 9:00am: Registration and Continental Breakfast

9:00am – 10:00am: Managing Risks is not Optional Anymore and Empowering Our Teams is the Call of the Hour

Karthik Swarnam, Chief Security and Trust Officer, ArmorCode; former CISO, Kroger

With siloed tooling generating a massive number of security alerts and vulnerabilities identified, teams are unable to keep pace with the speed of software delivery. As a result, security and development teams struggle to understand their security posture, exposure, highest risks, etc.

As technologies, processes, and cultures continue to evolve, the need to have a comprehensive view of cyber risk is becoming a necessity. Applications and infrastructure are no longer two separate considerations from a security perspective.

In this session, we’ll cover why we need to rethink how we provide security and functional teams with the insights, agility, and cross-team collaboration needed to build, deliver, and scale a robust vulnerability management program while eliminating tedious processes like data unification, manual review, and workflows.

Swarnam

10:00am – 10:30am: Refreshment Break

10:30am – 11:30am: Generative AI Security Risks & Mitigations: How Should We Plan? Where Should We Start?

Paul Niser, CTO, Walton Street Capital

AI is all the buzz as it promises tremendous value for the business, but what are the inherent security risks and how should you plan for them.

In this session you will learn about the top security risks of GenAI which include prompt injection, resilience, data loss, output risk, data poisoning, and retrieval risk and how to build an infosec framework to address them early in the process.

Niser

11:30am – 12:30pm: Quantifying Cyber Risk to Drive Business Decisions – Fireside Chat

Dr. Edward Marchewka, CIO, Pryor Health

John Kellerhals, vCISO, Ascend; President, InfraGard Chicago Members Alliance

Jody Schwartz, Information Security Office- Card, Capital One

Cyber risk management programs serve a wide array of stakeholders across the organization (executive team members, audit boards, governance committees, and technical teams). One common question that all stakeholders can relate to is “Where do I spend my limited time and budget to reduce risk in the most effective way?” When faced with multiple risks rated as critical or high, determining where to focus your resources can be challenging. Cyber risk quantification can bring a fresh perspective to your cybersecurity program by answering the questions below:

How much would a cyber event cost our organization?
Which projects or initiatives will reduce the most amount of risk?
Are we over or under insured with our current cyber insurance policy?

Marchewka                Kellerhals                    Schwartz

12:30pm – 1:30pm: Lunch and Exhibit Break

1:30pm – 2:30pm: Automation in the SOC: A Winning Recipe

Joe Morin, Chief Executive Officer, Cyflare

Join us for an insightful exploration of “Automation in the SOC: A Winning Recipe” as we navigate the realm of SOC automation, its challenges, and its transformative potential. Our presentation will pivot around the supremacy of automation within the SOC environment, applicable across diverse scenarios. Focusing on proactive threat detection, rapid incident response, and seamless collaboration, we will unveil cutting-edge solutions that redefine the trajectory to SOC success.

Morin

2:30pm – 3:00pm: Refreshment Break

3:00pm – 4:00pm: How CISOs Evaluate the Benefits and Risks of New Enterprise Technologies (Panel Discussion)

Moderated by: Annur Sumar, Chief Technology Officer, Cloud Unity

Panelists will include:

• James Mountain, Director of Information Security / HIPAA Security Officer / Data Protection Officer, Palmer College of Chiropractic
• Ron Zochalski, CTO & CISO, Lake County Government – Indiana
• Sebastiaan Gybels, Global CIO & CISO, CoinFlip
• Lori Kevin, Vice President, Enterprise IT & Security, Intelligent Medical Objects
• Hal Kochiu, Chief Information Security Officer, Crisis Prevention Institute
• Mark Houpt, Chief Information Security Officer, Databank
• Additional  CISOs/Information Security Executives sharing strategies, tactics and lessons learned

Sumar                           Mountain                       Zochalski                               Gybels                         Kevin                            Kochiu                                   Houpt

Executives and their teams are under constant pressure to add value to the enterprise. There are a myriad of technologies that can help organizations and at times it can be very confusing.

In this session, attendees will learn from CISOs and InfoSec executives as to how they evaluate the benefits and risk of new technologies for their respective organizations.

4:00pm – 5:00pm: How Security and the CSO Can Build Trust with the Business (Panel Discussion)

Moderated by: Joe Morin, Chief Executive Officer, Cyflare

Panelists include:

• Josh Bloss, CISO, First Busey Corporation
• Michael Babischkin, Vice-President, Deputy Director of Information Security, Federal Home Loan Bank of Chicago
• Victor Hsiang, CISO, GATX
• Alex Dickson, CISO, GCM Grosvenor
• Maura O’Leary, CISO, Ryan Specialty Group
• Additional CISOs and Information Security Executives sharing experiences and lessons learned

Morin                      Bloss                               Babischkin                   Hsiang                       Dickson

O’Leary

In this session, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to ensure their efforts are in sync with business priorities.

Topics covered:

How to identify leverage areas of value (reputation, regulation, revenue, resilience, and recession) for continued investment and security spending
How to assess, understand, and define security’s current and future roles in the extended enterprise
Where are security investments being made on personnel, processes, and technologies?

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

CONFERENCE SPONSORS