VIP Reception - Monday, October 19, 2015
|5:30 - 6:15 PM
||Check In and Networking
|6:20 - 6:25 PM
|6:25 - 6:45 PM
|7:05 - 7:30 PM
Tuesday, October 20, 2015
||Check-in Begins + Networking Breakfast
|8:00 – 8:15 AM
||Welcome + Year in Review
|8:15 – 8:25 AM
||Setting the Stage: The More You Know…
This brief talk will provide insight about how you may consider the various conference topics to aid you on your security journey. Knowledge of adversaries, threats, and mitigation techniques lead to improved security. No matter what you are securing…if you don’t know your systems AND what your adversaries capabilities are you will lose. This is Sun Tzu 101. Even more so...if you are unaware of your systems and adversaries then your mitigation techniques will be of little to no value. Increased knowledge and awareness ties directly to increased security. With that as a backdrop, some thoughts on how the great conference speakers will help you on your security journey will be shared.
Steen Fjalstad, MS, CISA, CISSP, CGEIT, CRISC, Security and Mitigation, Principal & President for MN ISACA, Midwest Reliability Organization, ISACA, InfraGard
|8:25 – 8:45 AM
||The New Executive Order: The Impact on Public and Private Sectors
|8:45 – 8:55 AM
||Opening Comments from Title Sponsor
|8:55 – 9:40 AM
||Keynote - Cybersecurity and Cyberwar: What Everyone Needs to Know
A generation ago, "cyberspace" was just a term from science fiction, used to describe the nascent network of computers linking a few university labs. Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the cybersecurity issues that result challenge literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right and wrong. Most of all, cybersecurity issues affect us as individuals. We face new questions in everything from our rights and responsibilities as citizens of both the online and real world to simply how to protect ourselves and our families from a new type of danger. And yet, there is perhaps no issue that has grown so important, so quickly, and that touches so many, that remains so poorly understood.
Speaker: P.W. Singer, Senior Fellow, New America Foundation
|9:45 – 10:30 AM
||Break in Exhibit Area
|10:30 – 11:45AM
||Panel Discussion - Cyber Security vs Cyber Warfare
When does cyber security become warfare? Our panel of experts from the public and private sectors will explore the distinction between corporate defense against cyber intrusions and nation state defense against foreign aggression. Do these threats originate from different places, or is there a common enemy? Along the spectrum of response options, learn how the Department of Defense determines its course of action, and how the increasing use of corporate cyber-hunters is changing the game.
Todd Rosenblum, Former Principal Deputy Assistant Secretary of Defense for Homeland Defense and Global Security, U.S. Department of Defense; Senior Fellow, The George Washington University Center for Cyber & Homeland Security
Shéna Boswell Crowe, Special Agent, Federal Bureau of Investigation
Brad Mecha, Senior Cyber Defense Consultant, Cybereason
Adam Meyer, Chief Security Strategist, SurfWatch Labs Inc.
|11:45AM – 12:30 PM
||Lunch in Exhibit Hall + Atrium
|1:15 - 2:30 PM
||Panel Discussion - Team-Based Cyber Risk Management Programs
Anthem BlueCross. The IRS. The Houston Astros. They can all testify that cyber attacks damage an organization far beyond the breached data. The ripple effect is felt on your relations with customers, investors, employees and investigators. This expert panel will discuss best practices to bring together a team of stakeholders from across your organization – including information security, legal and communications – to define your organization’s unique risk profile and design a cost-effective, holistic security program that accounts for all forms of risk and, most importantly, prepares you for the inevitable data compromise incident when it does occurs.
Jeffrey Man, Security Strategist & Evangelist, Tenable Network Security
Karl Mattson, CISSP, CISM, Senior Fellow, Technological Leadership Institute, University of Minnesota
Kerry Anderson, Lead Cyber Security Engineer, Shared Technology Services Group
Adam Meyers, Vice President Intelligence, CrowdStrike, Inc.
|2:30 - 3:00 PM
||Break with dessert in Exhibit Area
|3:00 - 3:20 PM
||Keynote - Cyber Response Strategies
Historically, the National Guard has been activated for State missions to provide emergency-relief support during natural disasters such as floods, earthquakes and forest fires; search and rescue operations. This evolving mission now encompasses cyber. In this session, MG Nash reviews how the MNARNG Cyber Response Strategy extends beyond defending military networks to include Coordination, Train, Advise, and Assist (C/TAA) functions, communication exercises and response exercises to increase NG capacity for accelerated response to a cyber incident.
Major General Richard C. Nash, Adjutant General, Minnesota National Guard
|3:20 - 3:40 PM
||Keynote - Critical Security Controls to reduce Cyber Risk
Security controls are essential for reducing cyber threats yet seem daunting and time consuming to implement. Leading threat research highlights how cyber hygiene through security controls could significantly reduce cyber threats. SANS Critical Security Controls (CSC) has emerged as a risk based list of security controls to mitigate the most common and damaging threats with a cost effective and consistent set of prioritized controls. This presentation evaluates threat report trends that emphasize the need for cyber hygiene, and reviews the CSCs top 20 security controls to reduce cyber risk and increase an organization's operational resilience. Use information to maximize communication efforts to business managers to explain the importance and benefit of implementing security controls.
Col. Stefanie Horvath, MSS, Colonel, MN Army National Guard
|3:40 - 4:15PM
||Keynote – The Frugal CISO
|4:15 - 5:30 PM
||Networking Reception in Exhibit Area
|5:00 - 6:00 PM
||Hands-on Tool Workshop available to Full Summit attendees
Wednesday, October 21, 2015
|7:45 – 8:45 AM
||CEO Breakfast - From Detection to Resolution: How a World-Leading Systems Engineering Firm Navigated a Cyber Crisis – Invitation Only
All organizations, regardless of size or industry, are susceptible to the risk of a data breach. While the overwhelming majority of data breach incidents do not generate headlines—there are simply too many of them – all such incidents tend to be disruptive and expensive. How disruptive and how expensive depends on your organization’s preparedness, to what degree you efficiently responded and the outcome of any legal action against you.
Join technology and intellectual property attorney, Eran Kahana, as he leads an informative panel discussion featuring Scott Singer, CSIO of PaR Systems, Inc., who will share details and lessons learned from his first-hand experience managing a data breach—from detection to resolution. Scott will be joined on the panel by experienced counsel Terrance C. Newby, and insurance expert L. Keith Burkhardt, who will share guidance on reducing data breach-related risk, coverage issues, the evolving legal climate, as well as lessons gleaned from caselaw and how various cases drive how business needs to prepare to react in the event of a breach
Eran Kahana J.D., Attorney, Maslon LLP; Research Fellow, Stanford Law School; General Counsel and Member of the Board of Directors, InfraGard
L. Keith Burkhardt, CISA, CISSP, Vice President, Kraus-Anderson Insurance
Terrance C. Newby, Attorney, Maslon LLP
Scott Singer, MBA, Captain, United States Navy Reserve; Chief Security and Information Officer, PaR Systems, Inc.
|8:00 – 9:00 AM
||Check-in + Light Networking Breakfast
|9:00 – 9:30 AM
||Welcome + Scholarship Presentation
|9:30 – 10:20 AM
||Keynote – Why the Future Security Operation Center (SOC) must understand its Adversaries and their Intentions
Most Security Operations Centers (SOCs) today focus on detection, remediation and prevention, placing less emphasis on the source of the attack or breach. To be truly effective today, however, SOCs should focus on not just the what and when, but also the who (Threat Actor) and the how and why (Threat Vector). While this holistic intelligence approach is not new to the traditional national security and defense intelligence operations, it is new to Cyber Defense strategies. IBM i2 Enterprise Insight Analysis arms intelligence analysts with game changing investigative and analytical capabilities that perform at speed and scale, to create a comprehensive cyber threat intelligence picture. By combining critical data from both the physical and digital world with cyber event intelligence, organizations can visualize, correlate and analyze cyber data to identify threat actors, their purpose, intentions, employers, sponsors, as well as infrastructure location & weaknesses. This enables them to extend network defense perimeters to asymmetric areas not addressed and conquered by traditional security solutions, and turn their cyber defense strategy into a proactive one.
Michael Kehoe, MBA, Professional, IBM Worldwide IR Enterprise Insight Analysis Leader, IBM
|10:20 – 11:00 AM
||Networking Break in Exhibit Area
|11:00 AM– 12:15 PM
Panel Discussion - Cyber Intelligence Sharing – Has the Time Finally Come for Real Collaboration?
Cyber security is rarely an area where information sharing is instictive. In the wake of President Obama’s Executive Order on cyber intelligence sharing, how is our nation’s information sharing ecosystem being transformed? Our panel will explore the impact the new requirements are having on organizations at all levels of government and industry, particularly on existing sector-based Information Sharing and Analysis Centers (ISACs).
Chris Buse, CISA, CISSP, Assistant Commissioner and Chief Information Security Officer, State of Minnesota; MS-ISAC Executive Committee Member
Mike Echols, Cyber Joint Program Management Office, National Protection and Program Directorate, US Department of Homeland Security
Carlos P. Kizzee, JD, LL.M, Executive Director, Defense Security Information Exchange
Erin Meehan, Program Lead of the State, Local, Tribal, and Territorial Cybersecurity Engagement Program, U.S. Department of Homeland Security, Office of Cybersecurity and Communications
|12:15 – 1:45 PM
|1:45 – 3:00 PM
||Panel Discussion- What financial, retail and heath care companies can learn from 2015’s data breaches
They say you should never let a good disaster go to waste. After more than eighty million financial, retail and health records were compromised in the first half of 2015, companies found ample opportunity in the aftermath to review and update their data security practices. Today, however, a routine internal IT audit isn’t a sufficient response. The scale of recent incidents has prompted the courts to weigh-in on how companies should be responding. This panel brings together data security experts from the financial, retail and health sectors to discuss key lessons learned from recent data breaches and how they are being impacted by recent court rulings.
Eran Kahana, J.D., Attorney, Maslon LLP; Research Fellow, Stanford Law School; General Counsel and Member of the Board of Directors, InfraGard
Rozi Bhimani, Staff Attorney, Federal Trade Commission
Robert E. Booker, Vice President + Chief Information Security Officer, UnitedHealth Group
Barry Caplin, Vice President + Chief Information Security Officer, Fairview Health Services
Jay Spreitzer, MS, GIAC, GCED, Assistant Vice President, Wells Fargo Bank
|3:00 - 3:30 PM
||Break + Dessert in the Exhibit Hall
|3:30 - 4:35 PM
||Closing Keynote - Cyber Attacks and Our Nation's Security
Cyber attacks have emerged as a leading threat to our national security, endangering both government and private computer systems and networks. In the coming years, our adversaries will hone their skills, and the scope and scale of the threat will escalate. Companies will need to develop a sophisticated understanding of the nature of the threats, the government’s role in defending cyberspace, and the steps companies can take to secure their networks and information. With his extensive national security experience, Olsen brings discusses the myriad threats to companies in cyberspace and the government’s capabilities in this domain, as well as ways companies can enhance their cybersecurity.
Speaker: Matthew G. Olsen, Co-Founder and President, IronNet Cybersecurity; Former Director, National Counterterrorism Center
|4:35 - 5:00 PM
||Closing Summit Remarks