Please enable Javascript to experience full features of this website.

2015 Agenda


VIP Reception - Monday, October 19, 2015

5:30 - 6:15 PM Check In and Networking
6:15 - 6:25 PM Welcome + Introduction
6:25 - 6:45 PM Keynote Speaker
6:45 - 7:00 PM Q & A
7:05 - 7:30 PM Networking

Tuesday, October 20, 2015

7:00 AM Check-in Begins + Networking Breakfast
8:00 – 8:15 AM Welcome + Year in Review
8:15 – 8:25 AM Setting the Stage: The More You Know…

This brief talk will provide insight about how you may consider the various conference topics to aid you on your security journey. Knowledge of adversaries, threats, and mitigation techniques lead to improved security. No matter what you are securing…if you don’t know your systems AND what your adversaries capabilities are you will lose. This is Sun Tzu 101. Even more so...if you are unaware of your systems and adversaries then your mitigation techniques will be of little to no value. Increased knowledge and awareness ties directly to increased security. With that as a backdrop, some thoughts on how the great conference speakers will help you on your security journey will be shared.

Steen Fjalstad, MN ISACA President, InfraGard Intelligence Committee, Midwest Reliability Organization Security and Mitigation Principal


8:25 – 8:45 AM The New Executive Order: The Impact on Public and Private Sectors
8:45 – 9:40 AM Keynote - Cybersecurity and Cyberwar: What Everyone Needs to Know

A generation ago, "cyberspace" was just a term from science fiction, used to describe the nascent network of computers linking a few university labs. Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the cybersecurity issues that result challenge literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right and wrong. Most of all, cybersecurity issues affect us as individuals. We face new questions in everything from our rights and responsibilities as citizens of both the online and real world to simply how to protect ourselves and our families from a new type of danger. And yet, there is perhaps no issue that has grown so important, so quickly, and that touches so many, that remains so poorly understood.

Speaker: P.W. Singer, Senior Fellow, New America Foundation

9:45 – 10:30 AM Break in Exhibit Area
10:30 – 11:45AM Panel Discussion - Cyber Security vs Cyber Warfare

When does cyber security become warfare? Our panel of experts from the public and private sectors will explore the distinction between corporate defense against cyber intrusions and nation state defense against foreign aggression. Do these threats originate from different places, or is there a common enemy? Along the spectrum of response options, learn how the Department of Defense determines its course of action, and how the increasing use of corporate cyber-hunters is changing the game.


Todd Rosenblum, Senior Executive, Worldwide Business Dvelopment, IBM


Christopher J. Golomb, Supervisory Special Agent, FBI, Minneapolis Division

Rodney Hite, Director, BigData Solutions, ViON Corporation

Joel Hollenbeck, Strategic Accounts Engineering Manager, Check Point Software Technologies, Ltd.

Brad Mecha, Senior Cyber Defense Consultant, Cybereason

Adam Meyer, Chief Security Strategist, SurfWatch Labs Inc.

11:45AM – 12:30 PM Lunch in Exhibit Hall + Atrium
12:30 - 1:15 PM Keynote - Turning the Tables on Cyber Attackers

Cyber attackers have several advantages over defenders: they only have to get their attack right once, they can leverage the element of surprise, and they can readily acquire defense systems and practice against them to find holes. Despite all the attacker advantages, defenders have a potential advantage of their own that has yet to be fully exploited: the act of attacking inevitably creates a trail of evidence, and that evidence can be used to detect and block attacks. We will discuss a Big Data security analytics ecosystem that leverages defender advantages to turn the tables on the attackers.

Speaker: Alejandro Borgia, Vice President of Product Management, Symantec Corporation

1:15 - 2:30 PM Panel Discussion - Team-Based Cyber Risk Management Programs

Anthem BlueCross. The IRS. The Houston Astros. They can all testify that cyber attacks damage an organization far beyond the breached data. The ripple effect is felt on your relations with customers, investors, employees and investigators. This expert panel will discuss best practices to bring together a team of stakeholders from across your organization – including information security, legal and communications – to define your organization’s unique risk profile and design a cost-effective, holistic security program that accounts for all forms of risk and, most importantly, prepares you for the inevitable data compromise incident when it does occurs.


Jeffrey Man, Security Strategist & Evangelist, Tenable Network Security


Karl Mattson, CISSP, CISM, Senior Fellow, Technological Leadership Institute, University of Minnesota


Kerry Anderson, Lead Cyber Security Engineer, Shared Technology Services Group

Loren Mahler, Vice President Corporate Communications, MWW Group

Adam Meyers, Vice President Intelligence, CrowdStrike, Inc.


2:30 - 3:00 PM Break with Dessert in Exhibit Area
3:00 - 3:20 PM Keynote - Cyber Response Strategies

Historically, the National Guard has been activated for State missions to provide emergency-relief support during natural disasters such as floods, earthquakes and forest fires; search and rescue operations.  This evolving mission now encompasses cyber.  In this session, MG Nash reviews how the MNARNG Cyber Response Strategy extends beyond defending military networks to include Coordination, Train, Advise, and Assist (C/TAA) functions, communication exercises and response exercises to increase NG capacity for accelerated response to a cyber incident.

Major General Richard C. Nash, Adjutant General, Minnesota National Guard

3:20 - 3:40 PM Keynote - Critical Security Controls to reduce Cyber Risk

Security controls are essential for reducing cyber threats yet seem daunting and time consuming to implement. Leading threat research highlights how cyber hygiene through security controls could significantly reduce cyber threats. SANS Critical Security Controls (CSC) has emerged as a risk based list of security controls to mitigate the most common and damaging threats with a cost effective and consistent set of prioritized controls. This presentation evaluates threat report trends that emphasize the need for cyber hygiene, and reviews the CSCs top 20 security controls to reduce cyber risk and increase an organization's operational resilience. Use information to maximize communication efforts to business managers to explain the importance and benefit of implementing security controls.

Col. Stefanie Horvath, MSS, Colonel, MN Army National Guard

3:40 - 4:15PM Keynote – Evaluating Information Security Solutions to Optimize Successful Implementations

One of biggest budget busters for an information Security program is technology solutions that are not a good match for the organization. Often, the technology is more than adequate in terms of functionality. However, other attributes of the solution may clash with the organization’s needs and culture. Some acquisitions fail because there is a poor match between the solution’s functionality and the capabilities required to meet the real needs to assure the organization security posture. This presentation discusses an approach to identifying and evaluating security technology solutions to maximize the potential for a successful implementation.

Kerry Anderson, Information Technology and Services Professional

4:15 - 5:30 PM Networking Reception in Exhibit Area

Wednesday, October 21, 2015

7:45 – 8:45 AM CEO Breakfast - From Detection to Resolution: How a World-Leading Systems Engineering Firm Navigated a Cyber Crisis – Invitation Only

All organizations, regardless of size or industry, are susceptible to the risk of a data breach. While the overwhelming majority of data breach incidents do not generate headlines—there are simply too many of them – all such incidents tend to be disruptive and expensive. How disruptive and how expensive depends on your organization’s preparedness, to what degree you efficiently responded and the outcome of any legal action against you.

Join technology and intellectual property attorney, Eran Kahana, as he leads an informative panel discussion featuring Scott Singer, CSIO of PaR Systems, Inc., who will share details and lessons learned from his first-hand experience managing a data breach—from detection to resolution. Scott will be joined on the panel by experienced counsel Terrance C. Newby, and insurance expert L. Keith Burkhardt, who will share guidance on reducing data breach-related risk, coverage issues, the evolving legal climate, as well as lessons gleaned from caselaw and how various cases drive how business needs to prepare to react in the event of a breach


Eran Kahana J.D., Attorney, Maslon LLP; Research Fellow, Stanford Law School; General Counsel and Member of the Board of Directors, InfraGard


L. Keith Burkhardt, CISA, CISSP, Vice President, Kraus-Anderson Insurance

Terrance C. Newby, Attorney, Maslon LLP

Scott Singer, MBA, Captain, United States Navy Reserve; Chief Security and Information Officer, PaR Systems, Inc.

8:00 – 9:00 AM Check-in + Light Networking Breakfast
9:00 – 9:30 AM Welcome + Scholarship Presentation
9:30 – 10:20 AM Keynote – Why the Future Security Operation Center (SOC) must understand its Adversaries and their Intentions

Most Security Operations Centers (SOCs) today focus on detection, remediation and prevention, placing less emphasis on the source of the attack or breach. To be truly effective today, however, SOCs should focus on not just the what and when, but also the who (Threat Actor) and the how and why (Threat Vector). While this holistic intelligence approach is not new to the traditional national security and defense intelligence operations, it is new to Cyber Defense strategies. IBM i2 Enterprise Insight Analysis arms intelligence analysts with game changing investigative and analytical capabilities that perform at speed and scale, to create a comprehensive cyber threat intelligence picture. By combining critical data from both the physical and digital world with cyber event intelligence, organizations can visualize, correlate and analyze cyber data to identify threat actors, their purpose, intentions, employers, sponsors, as well as infrastructure location & weaknesses. This enables them to extend network defense perimeters to asymmetric areas not addressed and conquered by traditional security solutions, and turn their cyber defense strategy into a proactive one.

Randy Haines, Business Unit Executive - North America Sales Leader,
Enterprise Insight Analysis - i2, IBM Safer Planet

10:20 – 11:00 AM Networking Break in Exhibit Area
11:00 AM– 12:15 PM

Panel Discussion - Cyber Intelligence Sharing – Has the Time Finally Come for Real Collaboration?

Cyber security is rarely an area where information sharing is instictive. In the wake of President Obama’s Executive Order on cyber intelligence sharing, how is our nation’s information sharing ecosystem being transformed? Our panel will explore the impact the new requirements are having on organizations at all levels of government and industry, particularly on existing sector-based Information Sharing and Analysis Centers (ISACs).


Chris Buse, CPA, CISA, CISSP, Assistant Commissioner and Chief Information Security Officer, State of Minnesota; MS-ISAC Executive Committee Member


Mike Echols, Cyber Joint Program Management Office, National Protection and Program Directorate, US Department of Homeland Security

Carlos P. Kizzee, JD, LL.M, Executive Director, Defense Security Information Exchange

Erin Meehan, Program Lead of the State, Local, Tribal, and Territorial Cybersecurity Engagement Program, U.S. Department of Homeland Security, Office of Cybersecurity and Communications

12:15 – 1:30 PM Networking Lunch
1:30 – 3:00 PM Panel Discussion- What financial, retail and heath care companies can learn from 2015’s data breaches

They say you should never let a good disaster go to waste. After more than eighty million financial, retail and health records were compromised in the first half of 2015, companies found ample opportunity in the aftermath to review and update their data security practices. Today, however, a routine internal IT audit isn’t a sufficient response. The scale of recent incidents has prompted the courts to weigh-in on how companies should be responding. This panel brings together data security experts from the financial, retail and health sectors to discuss key lessons learned from recent data breaches and how they are being impacted by recent court rulings.


Eran Kahana, J.D., Attorney, Maslon LLP; Research Fellow, Stanford Law School; General Counsel and Member of the Board of Directors, InfraGard


Rozi Bhimani, Staff Attorney, Federal Trade Commission

Robert E. Booker, Vice President + Chief Information Security Officer, UnitedHealth Group

Barry Caplin, Vice President + Chief Information Security Officer, Fairview Health Services

Jay Spreitzer, MS, GIAC, GCED, Assistant Vice President, Wells Fargo Bank

3:00 - 3:30 PM Break + Dessert in the Exhibit Hall
3:30 - 4:35 PM Closing Keynote - Cyber Attacks and Our Nation's Security

Cyber attacks have emerged as a leading threat to our national security, endangering both government and private computer systems and networks. In the coming years, our adversaries will hone their skills, and the scope and scale of the threat will escalate. Companies will need to develop a sophisticated understanding of the nature of the threats, the government’s role in defending cyberspace, and the steps companies can take to secure their networks and information. With his extensive national security experience, Olsen brings discusses the myriad threats to companies in cyberspace and the government’s capabilities in this domain, as well as ways companies can enhance their cybersecurity.

Speaker: Matthew G. Olsen, President of Consulting, IronNet Cybersecurity; Former Director, National Counterterrorism Center

4:35 - 5:00 PM Closing Remarks

Register Now