Please enable Javascript to experience full features of this website.

2015 Agenda


VIP Reception - Monday, October 19, 2015

5:30 - 6:15 PM Check In and Networking
6:15 - 6:20 PM Welcome
6:20 - 6:25 PM Keynote Introduction
6:25 - 6:45 PM Keynote Speaker
6:45 - 7:00 PM Q & A
7:05 - 7:30 PM Networking

Tuesday, October 20, 2015

7:00 AM Check-in Begins + Networking Breakfast
8:00 – 8:15 AM Welcome + Year in Review
8:15 – 8:25 AM Setting the Stage: The More You Know…

This brief talk will provide insight about how you may consider the various conference topics to aid you on your security journey. Knowledge of adversaries, threats, and mitigation techniques lead to improved security. No matter what you are securing…if you don’t know your systems AND what your adversaries capabilities are you will lose. This is Sun Tzu 101. Even more so...if you are unaware of your systems and adversaries then your mitigation techniques will be of little to no value. Increased knowledge and awareness ties directly to increased security. With that as a backdrop, some thoughts on how the great conference speakers will help you on your security journey will be shared.

Steen Fjalstad, MS, CISA, CISSP, CGEIT, CRISC, Security and Mitigation, Principal & President for MN ISACA, Midwest Reliability Organization, ISACA, InfraGard


8:25 – 8:45 AM The New Executive Order: The Impact on Public and Private Sectors

The New Executive Cyber Security Order – What it means and the Impact Across both Public and Private Sectors.

Introduction by: Thomas A. Baden Jr.,Commissioner and MN State Chief Information Officer, MN.IT Services

Speaker: Chris Buse, CISA, CISSP, Assistant Commissioner and Chief Information Security Officer, MN.IT; MS-ISAC Executive Committee Member


8:45 – 8:55 AM Opening Comments from Title Sponsor
8:55 – 9:40 AM Keynote - Cybersecurity and Cyberwar: What Everyone Needs to Know

A generation ago, "cyberspace" was just a term from science fiction, used to describe the nascent network of computers linking a few university labs. Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the cybersecurity issues that result challenge literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right and wrong. Most of all, cybersecurity issues affect us as individuals. We face new questions in everything from our rights and responsibilities as citizens of both the online and real world to simply how to protect ourselves and our families from a new type of danger. And yet, there is perhaps no issue that has grown so important, so quickly, and that touches so many, that remains so poorly understood.

Speaker: P.W. Singer, Senior Fellow, New America Foundation

9:45 – 10:30 AM Break in Exhibit Area
10:30 – 11:45AM Panel Discussion - Cyber Security vs Cyber Warfare

When does cyber security become warfare? Our panel of experts from the public and private sectors will explore the distinction between corporate defense against cyber intrusions and nation state defense against foreign aggression. Do these threats originate from different places, or is there a common enemy? Along the spectrum of response options, learn how the Department of Defense determines its course of action, and how the increasing use of corporate cyber-hunters is changing the game.


Todd Rosenblum, Former Principal Deputy Assistant Secretary of Defense for Homeland Defense and Global Security, U.S. Department of Defense; Senior Fellow, The George Washington University Center for Cyber & Homeland Security


Shéna Boswell Crowe, Special Agent, Federal Bureau of Investigation

Brad Mecha, Senior Cyber Defense Consultant, Cybereason

Adam Meyer, Chief Security Strategist, SurfWatch Labs Inc.

11:45AM – 12:30 PM Lunch in Exhibit Hall + Atrium
12:30 - 1:15 PM Keynote
1:15 - 2:30 PM Panel Discussion - Team-Based Cyber Risk Management Programs

Anthem BlueCross. The IRS. The Houston Astros. They can all testify that cyber attacks damage an organization far beyond the breached data. The ripple effect is felt on your relations with customers, investors, employees and investigators. This expert panel will discuss best practices to bring together a team of stakeholders from across your organization – including information security, legal and communications – to define your organization’s unique risk profile and design a cost-effective, holistic security program that accounts for all forms of risk and, most importantly, prepares you for the inevitable data compromise incident when it does occurs.


Jeffrey Man, Security Strategist & Evangelist, Tenable Network Security


Karl Mattson, CISSP, CISM, Senior Fellow, Technological Leadership Institute, University of Minnesota


Kerry Anderson, Lead Cyber Security Engineer, Shared Technology Services Group

Adam Meyers, Vice President Intelligence, CrowdStrike, Inc.


2:30 - 3:00 PM Break with dessert in Exhibit Area
3:00 - 3:20 PM Keynote - Cyber Response Strategies

Historically, the National Guard has been activated for State missions to provide emergency-relief support during natural disasters such as floods, earthquakes and forest fires; search and rescue operations.  This evolving mission now encompasses cyber.  In this session, MG Nash reviews how the MNARNG Cyber Response Strategy extends beyond defending military networks to include Coordination, Train, Advise, and Assist (C/TAA) functions, communication exercises and response exercises to increase NG capacity for accelerated response to a cyber incident.

Major General Richard C. Nash, Adjutant General, Minnesota National Guard

3:20 - 3:40 PM Keynote - Critical Security Controls to reduce Cyber Risk

Security controls are essential for reducing cyber threats yet seem daunting and time consuming to implement. Leading threat research highlights how cyber hygiene through security controls could significantly reduce cyber threats. SANS Critical Security Controls (CSC) has emerged as a risk based list of security controls to mitigate the most common and damaging threats with a cost effective and consistent set of prioritized controls. This presentation evaluates threat report trends that emphasize the need for cyber hygiene, and reviews the CSCs top 20 security controls to reduce cyber risk and increase an organization's operational resilience. Use information to maximize communication efforts to business managers to explain the importance and benefit of implementing security controls.

Col. Stefanie Horvath, MSS, Colonel, MN Army National Guard

3:40 - 4:15PM Keynote – The Frugal CISO
4:15 - 5:30 PM Networking Reception in Exhibit Area
5:00 - 6:00 PM Hands-on Tool Workshop available to Full Summit attendees

Wednesday, October 21, 2015

7:45 – 8:45 AM CEO Breakfast - From Detection to Resolution: How a World-Leading Systems Engineering Firm Navigated a Cyber Crisis – Invitation Only

All organizations, regardless of size or industry, are susceptible to the risk of a data breach. While the overwhelming majority of data breach incidents do not generate headlines—there are simply too many of them – all such incidents tend to be disruptive and expensive. How disruptive and how expensive depends on your organization’s preparedness, to what degree you efficiently responded and the outcome of any legal action against you.

Join technology and intellectual property attorney, Eran Kahana, as he leads an informative panel discussion featuring Scott Singer, CSIO of PaR Systems, Inc., who will share details and lessons learned from his first-hand experience managing a data breach—from detection to resolution. Scott will be joined on the panel by experienced counsel Terrance C. Newby, and insurance expert L. Keith Burkhardt, who will share guidance on reducing data breach-related risk, coverage issues, the evolving legal climate, as well as lessons gleaned from caselaw and how various cases drive how business needs to prepare to react in the event of a breach


Eran Kahana J.D., Attorney, Maslon LLP; Research Fellow, Stanford Law School; General Counsel and Member of the Board of Directors, InfraGard


L. Keith Burkhardt, CISA, CISSP, Vice President, Kraus-Anderson Insurance

Terrance C. Newby, Attorney, Maslon LLP

Scott Singer, MBA, Captain, United States Navy Reserve; Chief Security and Information Officer, PaR Systems, Inc.

8:00 – 9:00 AM Check-in + Light Networking Breakfast
9:00 – 9:30 AM Welcome + Scholarship Presentation
9:30 – 10:20 AM Keynote – Why the Future Security Operation Center (SOC) must understand its Adversaries and their Intentions

Most Security Operations Centers (SOCs) today focus on detection, remediation and prevention, placing less emphasis on the source of the attack or breach. To be truly effective today, however, SOCs should focus on not just the what and when, but also the who (Threat Actor) and the how and why (Threat Vector). While this holistic intelligence approach is not new to the traditional national security and defense intelligence operations, it is new to Cyber Defense strategies. IBM i2 Enterprise Insight Analysis arms intelligence analysts with game changing investigative and analytical capabilities that perform at speed and scale, to create a comprehensive cyber threat intelligence picture. By combining critical data from both the physical and digital world with cyber event intelligence, organizations can visualize, correlate and analyze cyber data to identify threat actors, their purpose, intentions, employers, sponsors, as well as infrastructure location & weaknesses. This enables them to extend network defense perimeters to asymmetric areas not addressed and conquered by traditional security solutions, and turn their cyber defense strategy into a proactive one.

Michael Kehoe, MBA, Professional, IBM Worldwide IR Enterprise Insight Analysis Leader,  IBM

10:20 – 11:00 AM Networking Break in Exhibit Area
11:00 AM– 12:15 PM

Panel Discussion - Cyber Intelligence Sharing – Has the Time Finally Come for Real Collaboration?

Cyber security is rarely an area where information sharing is instictive. In the wake of President Obama’s Executive Order on cyber intelligence sharing, how is our nation’s information sharing ecosystem being transformed? Our panel will explore the impact the new requirements are having on organizations at all levels of government and industry, particularly on existing sector-based Information Sharing and Analysis Centers (ISACs).


Chris Buse, CISA, CISSP, Assistant Commissioner and Chief Information Security Officer, State of Minnesota; MS-ISAC Executive Committee Member


Mike Echols, Cyber Joint Program Management Office, National Protection and Program Directorate, US Department of Homeland Security

Carlos P. Kizzee, JD, LL.M, Executive Director, Defense Security Information Exchange

Erin Meehan, Program Lead of the State, Local, Tribal, and Territorial Cybersecurity Engagement Program, U.S. Department of Homeland Security, Office of Cybersecurity and Communications

12:15 – 1:45 PM Networking Lunch
1:45 – 3:00 PM Panel Discussion- What financial, retail and heath care companies can learn from 2015’s data breaches

They say you should never let a good disaster go to waste. After more than eighty million financial, retail and health records were compromised in the first half of 2015, companies found ample opportunity in the aftermath to review and update their data security practices. Today, however, a routine internal IT audit isn’t a sufficient response. The scale of recent incidents has prompted the courts to weigh-in on how companies should be responding. This panel brings together data security experts from the financial, retail and health sectors to discuss key lessons learned from recent data breaches and how they are being impacted by recent court rulings.


Eran Kahana, J.D., Attorney, Maslon LLP; Research Fellow, Stanford Law School; General Counsel and Member of the Board of Directors, InfraGard


Rozi Bhimani, Staff Attorney, Federal Trade Commission

Robert E. Booker, Vice President + Chief Information Security Officer, UnitedHealth Group

Barry Caplin, Vice President + Chief Information Security Officer, Fairview Health Services

Jay Spreitzer, MS, GIAC, GCED, Assistant Vice President, Wells Fargo Bank

3:00 - 3:30 PM Break + Dessert in the Exhibit Hall
3:30 - 4:35 PM Closing Keynote - Cyber Attacks and Our Nation's Security

Cyber attacks have emerged as a leading threat to our national security, endangering both government and private computer systems and networks. In the coming years, our adversaries will hone their skills, and the scope and scale of the threat will escalate. Companies will need to develop a sophisticated understanding of the nature of the threats, the government’s role in defending cyberspace, and the steps companies can take to secure their networks and information. With his extensive national security experience, Olsen brings discusses the myriad threats to companies in cyberspace and the government’s capabilities in this domain, as well as ways companies can enhance their cybersecurity.

Speaker: Matthew G. Olsen, Co-Founder and President, IronNet Cybersecurity; Former Director, National Counterterrorism Center

4:35 - 5:00 PM Closing Summit Remarks

Register Now