Please enable Javascript to experience full features of this website.

2015 Agenda

The Summit producers and Advisory Board are currently working to put together a fantastic agenda for the 2015 Cyber Security Summit. Check back for updates!

Until then, take a look at the 2014 agenda and speakers.

VIP Reception - Monday, October 20, 2014

5:30 - 6:15 pm Check In and Networking
6:15 - 6:20 pm Welcome
6:20 - 6:25 pm Keynote Introduction - Michael C. McCarthy
6:25 - 6:45 pm Keynote Speaker — Stewart A. Baker
6:45 - 7:00 pm Q & A
7:05 - 7:30 pm Networking

Tuesday, October 21, 2014

7:00 am Check-in Begins + Networking Breakfast
8:00 – 8:30 am Welcome
8:30 – 9:25 am Opening Remarks - The Ever Changing Threat Landscape

In today’s ever changing threat landscape, you want your IT environment to be secure. We will walk you through various security vectors and how cyber criminals obtain access to your valuable data that can mean disaster for your brand’s reputation. Learn what the latest and most popular threats are and how you can avoid them. Gain knowledge and understanding that one security product can only protect you at specific entry points. In order to create a fortress for your IT environment you will need multiple layers of security defense to keep cyber criminals out.

From managing increased IT workloads that continue to transform the business to adopting new mobile devices and applications that live in the cloud to securing a "borderless" border with an ever-changing threat landscape, IT professionals are faced with a daunting task: Making information readily available while keeping it secure. By adopting an intelligent, information-centric approach to your organization’s data, you can be confident your critical information is secure.

Kevin McPeak, CISSP, ITILv3, Technical Architect, Security Public Sector Strategic Programs, Symantec Corporation

Brought to you by Symantec

9:25 – 10:10 am Keynote - What the Cyber Security Crisis Means for American Business

The headlines are full of new breaches, and Washington seems intent on punishing the victims. Stewart Baker will talk about what the growing cybersecurity crisis means for American business. From direct regulation to indirect influence on negligence suits, the government is doing what it can to change network security practices around the country. But regulation alone will not solve the problem. Instead, Baker thinks, we need to focus on the attacker. Knowing your adversary tells you what you have to do to defend yourself, and perhaps how to deter future attacks.

Stewart A. Baker, Partner, Steptoe & Johnson LLP, Washington DC; Former Assistant Secretary of Homeland Security and Former General Counsel, National Security Agency


10:10 – 10:30 am Break and Book Signing by Keynote Stewart A. Baker
10:30 – 11:45 am Panel Discussion - Year of the Large Scale Breach “Crimeware as a Service”

Large-scale criminal cyber activity has reached new levels of sophistication with malware vendors providing malicious code for targeted use. This “Crimeware as a Service” provides well-designed, configurable malware complete with customer support and periodic upgrades and bug fixes. The customers for this malicious code are sophisticated criminals, organized crime, and nation states intent on stealing funds and critical intellectual property.

Lance James, Head of Cyber Intelligence, Deloitte & Touche LLP

Michael Mimoso, Editor, Kaspersky Lab –
Chris Nutt, Director of Incident Response, Mandiant, A FireEye Company
Charles Ross, Sr. Director, Technical Account Management, Tanium, Inc.
Brad Rossiter, MS, CISSP, CRISC, CISA, Principle Security Architect, Verizon Security Solutions


11:45am – 12:35 pm Networking Lunch with Roundtable Discussions
12:35 – 1:15 pm Keynote - Cyber After Snowden: Can D.C. Help Protect Your Networks?

This session will discuss the impact the materials leaked by Edward Snowden had on the cyber security debate in Congress; the prospects for cyber security legislation in a lame duck year — 2015 — and beyond; and a case study: "legislating after a crisis — what that may mean for cyber.”

Matthew Rhoades, Director, Cyberspace & Security Program, Truman National Security Project & Center for National Policy

1:15 – 1:30 pm Networking Break
1:30 - 2:45 pm Panel Discussion - Liability

See a case study and learn first-hand from what one company experienced when they filed for reimbursement following a cyber security incident. Explore ways to approach a Board of Directors with an incident/breach without creating liability for the CEO, directors, or managers. Learn exclusions; triggers organizations do that result in denied coverage.


Eran Kahana, Attorney, Maslon Edelman Borman & Brand, LLP

L. Keith Burkhardt, Vice President, Kraus-Anderson Insurance
Douglas DeGrote, CISO and director of IT Security & Risk Management, Xcel Energy
Scott Singer, Chief Security and Information Officer, PaR Systems, Inc.

2:45 - 3:00 pm Break
3:00 - 4:00 pm Keynote - Cyber Security: A Team Effort

Brian Levine, a prosecutor with the Computer Crime and Intellectual Property Section of the U.S. Department of Justice, will discuss recent trends in cybercrime and the current cyber threat environment. He will address how the private sector can work collaboratively with law enforcement to reduce the cyber threat, catch the criminals, and mitigate loss. He will also provide examples of successful strategies to help minimize risk from hackers and insider threats.

Brian L. Levine, Trial Attorney, Computer Crime and Intellectual Property Section (“CCIPS”), U.S. Department of Justice

4:00 - 6:00 pm Opening of Exhibit Area, Reception
5:00 - 8:00 pm Hacker Showcase

Want to know more about the fundamentals of encryption and how it works? Want to understand "practical paranoia" and how to secure your social media? Or how to use GPG to securely transfer information? Then attend the "Security B-Sides MSP Hacker Showcase" session at the Cyber Security Summit. This special event is being hosted at the end of Day 1 of the Summit by Security B-Sides MSP, a group that provides a launchpad for security professionals and offers hands-on security training, and is free to all registered attendees. Other topics that will be touched on include critical security controls, USB “rubber duckies,” exploitation methodology, how to pick a lock, and more.

Wednesday, October 22, 2014

7:15 – 8:15 am CEO Breakfast

As a CEO, how do you develop the next generation of information security leaders who will protect your company from an increasing number of cyber security threats? Currently, many who rise through the information technology ranks have the necessary technical background to succeed but lack awareness of the broader business issues that today's IT leaders must contend with. This panel of current IT executives will discuss the issues they face today and the qualities that will be required for the leaders of tomorrow. They will also explain why business professionals must start to understand that cyber security is not just an IT issue, it is an important factor that needs to be woven into everyday management practices.


Bruce Loppnow, Ph.D., Assistant Professor and Associate Dean, Graduate School, College of Business and Management, Cardinal Stritch University


Souheil Badran, Senior Vice President and General Manager, Digital River Digital River World Payments

Mike Johnson MSST, CISM, Chief Information Security Officer/Operations Risk Director, Bremer Financial Services, Inc

Dave Notch, Director of Information Protection and Business Resilience, Advisory Services, KPMG

7:30 – 8:30 am Networking Breakfast
8:30 – 8:40 am Welcome
8:40 – 9:40 am Keynote - Gaining Visibility, Meaningful Information Security and Fraud Data in Seconds

A big data case study on using a risk-based approach for Information Security and Fraud analytics to protect a company brand, intellectual property, and customer data. This case study is based on Laz' four years experience as a CISO for a Fortune 100 retailer. Laz will discuss the build out of the Information Security program in an agile environment while using big data for Information Security and Fraud Analytics to make better decisions faster. This case study has been referred to by Gartner in their areas of research with Big Data analytics.

Demetrios (Laz) Lazarikos, CISA, CISM, CRISC, CSSLP, IT Security Strategist, Blue Lava Consulting, LLC


9:40 – 10:40 am Break in Exhibit Area
10:40 am– 12:00 pm

Panel Discussion - Beyond Passwords: Something You Have, Something You Know, Something You Are

When a cyber security breach occurs, often one of the first questions asked is, "Did they get any passwords?" The reason is simple: a password is frequently the only thing that stands between criminals and our confidential data, financial information or other sensitive online documents.

For years, passwords have provided a sense of security online, but today the question is whether a password alone is enough. A panel of experts will address that question. Advances in biometrics and security tokens can offer an additional layer of security and are already being embraced by some large financial institutions.


Andrew Borene, Attorney, Steptoe & Johnson LLP


Brett Beranek, Senior Principal Marketing Manager, Nuance Communication Inc.

Jay Meier, Vice President of Corporate Development, BIO-key International, Inc.

John Rome, CEO and Co- Founder, Intensity Analytics Corporation

12:00 – 1:00 pm Lunch
1:15 – 2:15 pm Keynote- The National Conversation No One Wants to Have: A New Paradigm for Cyber Resiliency

The United States has developed over the years, an incredibly powerful and complex information technology (IT) infrastructure—an infrastructure that is inexorably linked to the economic and national security interests of the Nation. The total dependence on IT infrastructure for mission and business success in both the public and private sectors, including the critical infrastructure, has left the Nation extremely vulnerable to hostile cyber-attacks and other serious threat events, including natural disasters, structural/component failures, and errors of omission and commission. The susceptibility to the cyber threat is a concern for both public and private networks. In light of the current state of the IT infrastructure, it will be important going forward to build an effective response to measurably increase confidence in the IT systems we depend on (public and private) and at the same time, decrease a would-be attacker's confidence in the effectiveness of their capabilities to compromise our systems.

Ron Ross, Fellow, National Institute of Standards and Technology (NIST), Information Technology laboratory, Computer Security Division

2:15 - 3:30 pm Panel Discussion - Cyber Resiliency - Preparing for the Inevitable

Increasingly, cyber security professionals are focusing on cyber resiliency. Even organizations with the best security programs are at risk of being exploited, and must be prepared to respond to the inevitable, successful attack. Cyber resiliency starts with prevention and preparedness, but goes beyond, focusing on how well, and how quickly, an organization can recover from an incident. This idea of cyber resiliency started gaining traction prior to the massive Target breach, but has since gained more attention. The panel will discuss what it means to be resilient, and how organizations can develop comprehensive risk-managed cost-effective resiliency frameworks. These frameworks span the entire enterprise (internal and external stakeholders, including operational, legal, financial, technological, and PR/marketing), and address resiliency from early detection and prevention, to crisis management and rapid recovery.

Philip Schenkenberg, J.D., Attorney, Director, and Shareholder, Briggs and Morgan, P.A.

Mark Abbott, Chief Information Officer, Atomic Data
Dr. Massoud Amin, Director, Technological Leadership Institute, University of Minnesota
Loren Dealy Mahler, Vice President Corporate Communications, MWW Group
Jeremy Wunsch, Fouder & CEO, LuciData Inc.

3:30 - 4:15 pm Break in Exhibit Area
4:15 - 4:25 pm 2015 Vision
4:25 - 5:00 pm Keynote- Lessons Learned

It seems that nearly every day, the headlines announce a new security breach impacting yet another company. With such a steady stream of incidents, why do some stories seem to grow legs and drag on long after the incident has occurred, while others are mere blips on the radar? The answer oftentimes has to do with the company’s own reaction. Whether in the strategic development of an incident response plan or in the frantic aftermath of a breach, it’s often easy to overlook the potential damage to your most valuable asset – your corporate reputation. How then can you take steps both before and after to mitigate that impact, even while you’re throwing all your resources at preserving more tangible assets? Loren will walk through key lessons learned from recent high-profile data breaches, and discuss how you can apply them to your own preparation and response planning.

Loren Dealy Mahler, Vice President Corporate Communications, MWW Group

5:00 pm Post-Event Networking at Beacon Public House