UPCOMING EVENTS

CONFERENCE AGENDA

8:00am – 9:00am: Registration and Continental Breakfast

9:00am – 10:00am: Keeping Up with the Latest Security and Risk Management Trends

What’s the best approach to enterprise security? The prevailing consensus in the industry has generally been threat-based or compliance-based approaches. However, many organizations that use these approaches struggle to strike the right balance between technical tools and practical outcomes.

The answer is to focus on reducing risk.

Join us to get an actionable roadmap for success, including:

• Examining 20 plus years of security paradigms — and learn why many of them fail
• Explore the increasing risks tied to digital transformation initiatives
• Understand how security intelligence helps teams make better decisions based on contextual data and metrics
• Discover a proven, comprehensive framework for cybersecurity that emphasizes risk over threats
• Learn how to create a persistent information advantage for better security — with a focus on being profitable

10:00am – 10:30am: Refreshment & Exhibit Break

10:30am – 11:30am: How to Build an Insider Threat Program

Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.

Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything changes so quickly. Insider threat initiatives require a new, more focused approach.

This presentation will explore:

• The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools
• Four attributes of a successful insider threat program
• How behavioral analytics baseline “normal” behavior of users and devices – showing risk faster

11:30am – 12:30pm: How to Ensure Your Suppliers are Meeting Your Security Requirements

Even the greatest security programs could have hidden back doors when it comes to ensuing your suppliers are meeting your security requirements. In the growing trend of outsourcing more and more to cloud vendors, does your company have a process to ensure you are holding your suppliers accountable to your security best practices at a contractual level.

For example, it seems like common sense that your supplier would have good security practices around protecting your credentials and login to their cloud solution as well as have proactive monitoring/alerting for suspicious login. Have you confirmed they encrypt your passwords? Have you confirmed they require strong passwords and have appropriate password policies? If you have not specified that in your contract, you might be surprised what you find if you ask what they actually have in place.

Do you assume a supplier will meet your security requirements if they have a SOC II and can provide it to you yearly? Have you read their SOC II to see if they have a good/bad security program? Could their security program be designed to patch twice a year which they meet, thus pass their SOC II? Are you ok with that? Are you aware of that?

12:30pm – 1:30pm: Lunch & Exhibit Break

1:30pm – 2:30pm: Managing Security Risk at the Speed of Business (Panel Discussion)

As a valued partner to the business, CISOs need to lead with business first execution.

In this session, attendees will learn from CISOs/Security Executives as to how they are:

• Leading a business first mentality
• Looking at every security risk decision through the lens of business impact
• How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
• Understand what Cloud/DevOps/Digital mean for your risk management program

Panelists include:

• Christopher Clai, Director, Information Security, Green Thumb Industries
• Raum Sandoval, CISO, Entara Group
• Other CISOs and IT Security Leaders experiences, tactics, and lessons learned

Clai                             Sandoval

2:30pm – 3:00pm: Refreshment & Exhibit Break

3:00pm – 4:00pm: Achieving Governance and Security through Cloud Management

This session will explore the business challenges and issues related to security and management through various different standards and solutions. It will provide an analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, with a focus on hybrid IaaS and PaaS systems and how to achieve security and governance for successful adoption.

4:00pm – 5:00pm: Embedding a Culture of Security to Enable Smart, Secure Decision-Making (Panel Discussion)

With the increased adoption of remote and hybrid work, the cybersecurity framework continues to expand. Security must be a high-priority for every company stakeholder, and CISOs must lead the charge.

Panelists include:

• Derek Milroy, Information Security, U.S. Cellular
• Other CISOs and IT Security Leaders experiences, tactics, and lessons learned

Milroy

Conference Price: $299.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

conference sponsors