East IT & Security Leaders Forum 2023

The latest snapshot of your network traffic logs may look innocent enough, but hidden within your common ports and protocols are the movements of a cybercriminal who has secretly breached your systems and is now trying to expand its foothold within your virtual walls in multi-cloud environments.

It’s this east-west infiltration that turns what could be just a relatively minor breach into a damaging data exfiltration incident or a full-scale ransomware attack. That’s why reducing attacker dwell time, curbing lateral movement and detecting advanced threats are essential components to any network security strategy, whether you operate largely on premises, in private clouds or multi-cloud architectures.

Gain key insights and strategies related to the defense against post-breach lateral movement:

• Research, statistical analysis and threat reports that underscore the threat that lateral movement represents
• Key metrics, strategies and solutions for detecting post-exploitation east-west movement, including behavioral analysis and identifying threat signatures
• A Guide To Detecting & Restricting Lateral Movement

Speaker: Chad Skipper, Global Security Technologist, VMware

Presented by: VMware

This session provides a comprehensive exploration of the challenges and opportunities that arise with the integration of Artificial Intelligence (AI) in various industries. We’ll examine the intricacies of managing risks associated with AI technologies, highlighting the potential pitfalls and benefits they bring. By examining real-world examples and case studies, we’ll shed light on the complexities and ethical considerations involved in harnessing AI’s power while mitigating potential risks.

Speaker: Supro Ghose, SVP, Chief Information Security Officer, EagleBank

Learn how to harness decentralized technologies to tranform your business. Understand how IoT & Blockchain work together to ensure security, transactional integrity, while reducing total cost of operations to near zero. During this session, you’ll engage in the process of building a Decentralized Autonomous Organization- brining the pieces together to provide a foundation to understand opportunities & risks as your organization drives to Next-Gen business.

Circle back with your Peers on the content so far while grabbing a coffee and a snack

IT organizations have two imperatives that seem to be at odds with each other: Maximize the velocity and quality of software development efforts – and – protect the firm’s systems and data from an ever increasing spectrum of threats. The teams clamoring for more autonomy and access to production systems, and the teams striving to protect the firm’s assets don’t have be adversaries.

In this session you will learn how Delphix’s zero trust – data automation platform combines virtual database replication with the industry’s most efficient masking platform to give developers automated / instant access to protected replicas of production databases.

Delphix’s unique approach enables application development teams to dramatically accelerate velocity and quality while at the same time enabling infosec teams to eliminate all the risks of infiltration or exfiltration of sensitive data from non-prod environments.

Speaker: Aaron Jensen, DevOps Strategic Advisory, Delphix

Presented by: Delphix

Weak identity and access management (IAM) practices result in considerable risk to the organization because IAM plays a role in most things in IT. Organizations typically do not have a high-level understanding of how identities and access are managed within the organization and no central ownership of IAM is a common reason why. Owners of IAM actions outside of IT may be resistant to adopting change but it’s our job to convey the importance and get the buy-in needed. This session will help identify the drivers behind improving your IAM practices and develop best practice processes for each section of the identity lifecycle.

The evolution of the cyber threat landscape can create an illusion of unpredictability. Understanding the significance of recent events gives visibility into the shifting dynamics of adversary tactics, which is critical for staying ahead of and ultimately defeating today’s threats. Today’s threat landscape features security concerns that must be shared across all levels of the organization. As security teams assess the evolving threat landscape, what changes are actually required, and what can be done about it?

Join this presentation as we discuss how:

• Sophisticated adversaries are exploiting stolen credentials and identities to amplify ransomware big game hunting attacks and infiltrate cloud environments
• Malicious actors are intensifying attacks on critical cloud infrastructure with new, sophisticated approaches
• Organizations can implement the right combination of security tools to stop an adversary with speed
• Effective security strategies help address the emerging threat landscape
• To look ahead to next-level threats

Presented by: CrowdStrike

Users have an on-demand mindset. Users want to be instantly connected to what they want, how, when, and where they decide. Users demand Integrated Experiences. Integrated Experiences are enabled through the confluence of information, integration, and interactions that transform engagement with customers, partners, employees. Integrated Experiences simplify your users’ life, increase trust and loyalty, and grant wishes.

During this session we will explore:

• What are Integrated Experiences and how do they create an advantage?
• How do you get started on your journey to enabling Integrated Experiences?
• How can we better understand and meet the on-demand mindset of our users?
• What strategies can we employ to increase trust and loyalty among our users through Integrated Experiences?

Dive into the exciting intersection of innovation and security! Join this session to unlock the secrets of securing your code while harnessing AI’s potential. Explore parallels between past open source security concerns and today’s AI-generated code anxieties. Just as we once questioned community-contributed code, now we face AI-driven fears of compromised security and lost control. Discover the essential threads linking these moments, offering insights for your software development journey. This discussion delves into historical context and modern discourse, emphasizing careful evaluation when adopting groundbreaking technologies. Don’t miss our in-depth analysis of GenAI’s security landscape. Gain knowledge to navigate this evolving terrain, mitigating risks and maximizing rewards. Join us at the innovation-security crossroads, ensuring AI-enhanced development upholds code integrity and product security.

Speaker: Peter Chestna, CISO, North America, Checkmarx

Presented by: Checkmarx

We hear a lot of thoughts about selling into a C-Suite. It’s time to talk about it from the perspective of Executives within that suite and how we make buying decisions. We will discuss the various considerations and thought processes that C-Suite executives follow when buying products and services:

• Requirements vs Features
• Taking control of the buying schedule
• Follow through and Execution
• What products and services are purchased by the C-Suite and which are delegated to other teams?
• Pet peeves
  

Speaker: Andy Flatt, SVP/CIO, National Healthcare Corp (NHC Care)

It is no secret that technology is changing the fabric of business operations and outcomes, and collaboration between IT and the business is more important than ever before. The conversation is no longer about how to align IT with the business, however in many cases technology is still viewed as a commodity rather than an enabler. So what can we do to successfully change this mindset both within our own organizations and across the industry as a whole? During this session, we will discuss the various challenges IT and digital leaders face when undergoing this cultural shift.

Panelist: Kaseem Mabry, Director, Enterprise Application Services, Tampa International Airport

Open seating, Buffet-style lunch. Serving food for all tastes, pallets and preferences. Vegan, vegetarian, halal options available. 

As macro-economic concerns increase in 2023, organizations are looking to drive higher ROI from digital investments. Value Stream Management helps DevOps teams accelerate time to market and build on success by unifying your organization’s business and technology objectives. But accelerating revenue must be accompanied by optimized operational expenditures in order to maximize ROI. That’s where FinOps comes in.

In this session, you’ll learn how OpenText simplifies Value Stream Management by helping organizations track, analyze, and predict resourcing, reduce risk, and identify waste to help you increase value as a product flows from “strategy to delivery” to achieve superior business outcomes. Then you’ll learn how FinOps can help you optimize the cloud costs that are driven by agile development through a three-step approach: Inform, Optimize and Operate. This will enable you to:

• Maximize Business Value and Effectiveness: Discover, visualize, and manage the flow of value from “strategy to delivery” powered by AI and analytics that is easy to deploy.
• Accelerate Delivery and Efficiency: Integrate with your existing toolchains to improve productivity and remove friction in the value stream with smart automation.
• Gain Competitive Advantage: Differentiate customer experience with high-quality value stream insights to manage risk and streamline delivery.
• Empower continuous feedback, learning, and improvement.

Join OpenText to learn why the time for a joint VSM/FinOps approach is now and how to capitalize on it the easy way.

Presented by: OpenText

In today’s fast-paced work environment, time is a valuable commodity. In last 6 months, conversational AI has exponentially grown and Generative Pre-trained Transformer(GPT) models in natural language processing(NLP) has evolved at an exponential rate and technology is becoming more easy to implement with your own organizational data. When you use your own company data with conversational AI, employees can save time on repetitive tasks like answering routine questions, creating documentation, understanding policies and SOP’s, filling form, generating proposals and quotes etc. allowing them to focus on more important work.

Conversational AI-powered chatbots can now interact with your own company’s data in a secure manner and still leverage full power of GPT. They can not only answer employees’ questions, AI Bots can provide employees with the information they need to complete their work and even be part of process automation. Finally, conversational AI can also help improve the overall employee experience. By providing a more personalized and convenient interface, conversational AI-powered tools can help employees feel more engaged and empowered in their work. This, in turn, can lead to higher job satisfaction and improved retention rates.

Today, the primary CEO priority is growth, with technology as a key enabler. However, vendor policies pose major roadblocks to innovation, growth and competitive advantage by forcing you to spend limited budget, resources and time on projects that may not drive your business. ​Learn how you can take control of your IT roadmap by choosing a Business-Driven Roadmap designed around your business objectives and not the vendor’s. Leverage vendor software, but do it on your terms, on your timetable and with the flexibility, funding and freedom to focus on initiatives that support growth and competitive advantage.

This session offers a comprehensive exploration of the advantages, considerations, and best practices associated with adopting multi-cloud and hybrid cloud approaches for infrastructure management. We will explore the growing trend of organizations leveraging multiple cloud providers or combining public and private cloud environments to optimize their IT infrastructure and whether it makes sense for your Organization. We will also examine the benefits of distributing workloads across different clouds, such as increased flexibility, redundancy, and reduced vendor lock-in. Additionally, it delves into the intricacies of hybrid cloud deployments, which enable organizations to balance on-premises infrastructure with cloud resources for enhanced scalability and cost efficiency.

The evolution of the cyber threat landscape can create an illusion of unpredictability. Understanding the significance of recent events gives visibility into the shifting dynamics of adversary tactics, which is critical for staying ahead of and ultimately defeating today’s threats. Today’s threat landscape features security concerns that must be shared across all levels of the organization. As security teams assess the evolving threat landscape, what changes are actually required, and what can be done about it?

We will discuss:

• How sophisticated adversaries are exploiting stolen credentials and identities to amplify ransomware big game hunting attacks and infiltrate cloud environments
• Malicious actors are intensifying attacks on critical cloud infrastructure with new, sophisticated approaches
• How Organizations can implement the right combination of security tools to stop an adversary with speed
• Effective security strategies help address the emerging threat landscape to look ahead to next-level threats

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Too often, board and committee presentation materials are awash with lots of good information – but are they driving the right dialog? This session will cover how to structure the materials presented

Is it informational? What is your purpose in presenting? Is there a decision to be made? Is approval required? Is a recommendation to another committee the desired outcome? How should the lines of defense be represented in and by the materials?

This session will explore the topic of driving to better board and committee reporting – in a relatively painless fashion.

We might not yet be done with digital transformation but we must now deal with what could be waves of disruptions (Supply chain issues, inflation, and whatever comes next). How do we prepare our teams and our Organizations to not just survive but thrive in an environment of disruption? In this interactive session, we will cover the various approaches to best build resilience and adaptability, including:

• Loosely-couple everything
• Simplify, standardize and then simplify some more
• Build an empowered, resilient and adaptive culture
• Get good at agile principles

While the pool of talented IT & Cybersecurity professionals is increasing daily, there is still a shortage of professionals to go around. Meanwhile, Tech is poaching talent by offering unmatchable salaries and benefits. Yet with mass-layoffs, many are migrating back to companies in which they feel valued, often passing up higher salaries for job security. This session will dicuss how your Organization can stand out from the crowd while attract top talent while retaining it’s best and brightest.

The session will cover the following topics:

• How being an active CIO/CISO and Thought Leader is the best marketing for new talent
• Creative ways to compete and assets that are important outside of salary
• Providing upward mobility for high-performing assets while offering leadership coaching to excel in new management roles.
• Creating a diverse and inclusive workforce where employees feel valued.

This session presents a compelling examination of the challenges posed by a siloed approach to cybersecurity within organizations. We will examine the detrimental impact of isolated cybersecurity efforts and explore strategies to dismantle these barriers. By emphasizing the importance of collaboration, integration, and cross-functional cooperation, this session highlights how breaking down silos can foster innovation across the Business and enhance overall cybersecurity effectiveness.

Moderator: Ariel Weil, VP, GTM Strategies, Cyera

Panelists:

Nish Majmudar, VP, CISO, Mathematica

Frankie Ramos, CISO (Americas), DHL

Kashif Bukhari, Global CISO, SealedAir

Value Stream Management may be the next big thing but seems like a lot to swallow. Even organizations with mature Agile and DevOps processes are unsure how to capitalize on this proven method of process improvement. To front-load success and reduce risk, you’ll need to see value quickly and then build on that success. Properly implemented, VSM can boost time-to-market and a company’s ability to compete and win in the marketplace by maximizing ROI and unifying your organization’s business and technology objectives.

In this session, you’ll learn how VSM helps organizations track, analyze, and predict resourcing, reduce risk, and identifying waste to help you increase value as a product flows from “strategy to delivery” to achieve superior business outcomes:

Circle back with your Peers on the content so far while grabbing a coffee and a snack

IT organizations have two imperatives that seem to be at odds with each other: Maximize the velocity and quality of software development efforts – and – protect the firm’s systems and data from an ever increasing spectrum of threats. The teams clamoring for more autonomy and access to production systems, and the teams striving to protect the firm’s assets don’t have be adversaries.

Through real-world examples and practical insights, this session sheds light on the ways in which Zero Trust can empower DevOps teams to streamline their workflows, enhance agility, and accelerate innovation. Attendees will gain a deeper understanding of the importance of robust security measures and self-service capabilities in modern DevOps environments, ultimately driving more efficient and secure development practices.

The ongoing battle to effectively manage cyber threats and risks is only going to get fiercer and complex. As part of its efforts to fight the cybersecurity battle, a number of organizations are acknowledging the need to build and strengthen their third line of defense i.e. an independent review of cybersecurity measures and conduct by the internal audit function. The Internal audit function plays a critical role in identifying and evaluating prospects to bolster the enterprise security posture. Concurrently, the internal audit function has a responsibility to report to the audit committee and the board on whether controls to protect and defend against cybersecurity threats are designed and operating effectively.

As cyberattacks grow in volume and complexity, artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. Curating threat intelligence from millions of research papers, blogs and news stories, AI technologies like machine learning and natural language processing provide rapid insights to cut through the noise of daily alerts, drastically reducing response times.

The session covers real life practical use cases that have been deployed and wherein AI helps analysts connect the dots between threats and shape up the modern day Cybersecurity programs.

You’ve just stepped into your new IT leadership role. Your first 90 days should be focused on learning. Investing this time will help you understand the current state, appreciate the culture and inform your strategy. This session will serve as a comprehensive guide that provides essential insights and strategies for successfully transitioning into a new role.