Networking Breakfast

Meet, Engage & Enjoy Breakfast with fellow Business Leaders, Cyber Experts, Government Officials & Thought Leaders.

Morning Security Briefing

Briefing by

• Alan Davis, Special Agent, Electronic Crimes Task Force, U.S. Secret Service, Atlanta Field Office
• Chad Hunt, Supervisor of Computer Intrusion Squad, The FBI Atlanta Field Office

Morning Keynote with IBM Security: What’s Our Risk Score? – Enabling CISOs to Communicate Risk to the C Suite.

Although fundamentally intertwined, security teams and the rest of the business often struggle to communicate, especially when the topic is risk. Security teams measure this as technical risk, “how vulnerable are we?” The rest of the organization measures this as a business risk, “what will our losses be and how much will the recovery cost?” Join us to discuss how various scoring mechanisms can be implemented to bridge this gap to articulate risk in a way that all teams understand. 

Presented by Carl Kraenzel, Vice President and Distinguished Engineer, Chief Information Security Officer, IBM Watson Health

View Presentation →

Exhibitor Technology Showcase & Business Meetings / Networking

Red Canary Discussion: Winning the InfoSec Imitation Game

Following the same well-worn path to building a security program is comfortable, but is it delivering the security outcomes our businesses need? Security vendors are happy to slap a new coat of paint on the same old solutions and charge more for “next gen.” Modern security teams are breaking free from these chains. This talk will explore similar situations from history, key inflection points that changed the world, and lessons we can apply to infosec.

Presented by Chris Rothe, Chief Product Officer & Co-Founder, Red Canary

PANEL 1: Incident Response Orchestration & Beyond : The CISO and Senior Leadership’s Best Approach to Cyber Defense

Fact: A 2018 report researched by PwC interviewed 9,500 executives from 122 countries revealed that 54% do not have an incident response plan and 44% did not have an overall info security strategy. That indicates that the future of successful cyber attacks is inevitable. This panel discusses “Security Orchestration” which unites the security teams or “human element” with pre-existing automated tools and processes around security incidents. Effective alerts, automated incident response actions with solutions that integrate & communicate with each other can all assist in making sense of the breach and respond in an orchestrated fashion. A proper plan also includes a communication process incorporating the legal, law enforcement, insurance and public relations team. Today’s CISO needs to anticipate, and predict how the security challenges of the future may affect the business and be able to articulate that to the board along with eventually disseminating the breach to the media & public.

Moderated by David Mahon, VP & CSO, CenturyLink

• Doug Copley, Advisory CISO, DUO Security
• Jack Danahy, Chief Technology Officer, Barkly
• Stacy Scott, Managing Director, Cyber Security and Investigations, Kroll
• Cliff White, Chief Technology Officer, Accellion

CenturyLink Discussion: Be Careful What You Ask For: You Are Now The CISO

Competent CISOs are in high demand.  How do you become appointed to the position of the CISO.   The skills that got  you to the CISO position will not keep you there for long. Successful CISOs know how to lead a security and risk management organization that is well regarded and proficient in a number of areas. Dealing with ever increasing and sophisticated attacks, oversight by the Board of Directors, balancing threats versus compliance requirements, thought leadership, enabling digital transformation strategies, and more. There is a way to not just survive but thrive.

Presented by David Mahon, VP & CSO, CenturyLink

Catered Lunch

Think Tank: Getting Hacked by a Lawyer at a Deposition

Since the modern day security executive is on the hot seat after a data breach, it’s critical that CISOs understand what the role of the company’s lawyer is and the right way to engage with Counsel and to get themselves some form of liability protection. The downside is that such protection could shield those who deserve the blame for an incident. The truth is that it does not matter that CISOs warn executives, often repeatedly, that certain cultural or technological issues were putting the company at risk, or that the CISO had a shoestring budget with too little or no staff. Chances are that the CISOs is going to be on the front lines facing lawyers at a deposition after an incident. This discussion will offer a conversation that offers strategies for CISOs to utilize when facing a lawyer in a deposition; What happens? Why does it happen? How should you dress? How to ultimately survive?  

Presented by

• David Cass, CISO, IBM
• Daniel Garrie, Partner & CISO, Zeichner Ellman & Krause LLP, Managing Partner, Law & Forensics

PANEL 2: Ransomware: To Pay or Not Pay – That is the Question!

Ransomware sales have increased by over 1,400% over the last two years. The impact of ransomware, destructive malware and related attacks is growing globally as the statistics illustrate. This panel addresses the question of whether your company should pay the cyber criminals with the fact that you may not retrieve your data regardless. Best practices including continually backing up your critical files to multiple locations including the cloud, the use of decryption tools when your assets are held for ransom, keeping your security software up to date and training the employees about the dangers of opening the wrong attachment or link. 

Moderated by Daniel Garrie, Forensic Neutral, Arbitrator, Mediator at JAMS; Partner & CISO, Zeichner Ellman & Krause LLP; Executive Managing Partner, Law & Forensics

• Linda Marcone, CISO, Serta Simmons Bedding
• Joe Meyer, Director of Risk Management, Compliance, and Governance, NCC Group
• Brad Tompkins, Security Engineer, LogRhythm

Darktrace Discussion: AI-based Autonomous Response: Are Humans Ready?

Global ransomware attacks like WannaCry already move too quickly for humans to keep up, and even more advanced attacks are on the horizon. Cyber security is quickly becoming an arms race — machines fighting machines on the battleground of corporate networks. Algorithms against algorithms.

Artificial intelligence-based cyber defense can not only detect threats as they emerge but also autonomously respond to attacks in real time. As the shortage of trained cyber analysts worsens, the future of security seems to be automatic. But are humans ready to accept the actions machines would take to neutralize threats? 

Darktrace recently ran tests across enterprises of all sizes in a variety of industries and has subsequently deployed AI-based autonomous response in over one hundred organizations. In this presentation and panel discussion, we will discuss our lessons learned and explore several use-cases in which autonomous response technology augmented human security teams.

In this session learn about:

• AI approaches and algorithms for detecting and responding to threats
• How human teams adopt (or resist) automated defenses
• The concepts of ‘human confirmation’ mode and ‘active defense’
• Success stories across Smart Cities, genomics organizations, and industrial control systems

In this presentation, explore lessons learned and hear about several use-cases in which autonomous response technology augmented human security teams.

Presented by Justin Fier, Director of Cyber Intelligence & Analytics, Darktrace

PANEL 3: Protecting your Enterprise from the Human Element: Your Employees and Corporate Spies

With 90% of organizations feeling vulnerable to insider attacks and a majority of organizations confirming insider attacks against their organizations in the past 12 months, insider threat proves to be even more virulent than malicious attacks by actors beyond your network walls. On your payroll in one way or another, these dissatisfied employees, corporate spies and the like, have the means to harm your business. These insiders also have the ability to cause harm without meaning to! This panel will enlighten you on what insider threat & corporate espionage put at risk in your business. You will learn how identify threats inside your business (malicious and accidental) and leave with strong takeaways that will allow you to fortify your company defenses.

Moderated by Ed Pascua, Senior Vice President, Simeio Solutions; Board Member, CSA & ISSA; Co-Chairman, Information Security Society, Technology Association of Georgia

• David Lee, Identity Strategist Office of the CTO, SailPoint
• Kevin Peterson, Founder & Chief Content Officer, ZecurityAscent
• Rem Purushothaman, Cyber Security Specialist, Mimecast
• Chris Stoneking, Senior Consulting Engineer, RedSeal, Inc.

Closing Remarks

Kamal Ghali of the U.S. Attorney’s Office, Northern District of Georgia will address the following issues:

• Cyber threat trends
• Recent successful prosecutions of cyber-actors
• Role of corporate victims in helping law enforcement

Presented by Assistant United States Attorney Kamal Ghali, Deputy Chief Cyber and Intellectual Property, U.S. Attorney’s Office, Northern District of Georgia

Sponsor / Exhibitor Technology Showcase, Business Meetings & Cocktail / Cigar Reception