Virtual Forum

Information Security Leaders vForum 2022


December 5 – 6, 2022

Join your peers virtually to discuss Information Security trends and challenges through open discussions, presentations, and roundtable sessions.

We invite Information Security executives to join us!

The SINC Information Security Leaders vForum will bring together the top innovative Security leaders from across North America for 2 days of virtual engagement. The forum will address the topics that most directly impact the resource challenges of the attendees, which in turn, will drive the growth of the IT Security community.

The forum will be geared towards strengthening the IT Security community while creating beneficial networking opportunities that will contribute to the industry’s growth. IT and Security service providers and executives alike will engage through presentations on top industry trends, one-on-one engagements, and roundtable discussions.

Interactive Sessions

  • No pre-recorded sessions
  • Interactive Roundtables: Share your thoughts and insights with your peers
  • Live case-studies and open discussions: See the presentation then discuss with the group

Attend Sessions.. Win Prizes!

The more sessions you attend, interact with your peers and participate in sessions you have a chance to win a prize. Examples of prizes won during a forum include:

  • Apple Watch Series 8
  • IdeaCentre AIO 5i
  • And much more!
  • iMac Desktop
  • Samsung Galaxy Watch 4

Forum Agenda

Agenda may be subject to change. Check back regularly for Updates.

12:00 - 12:45 PM CT
PRESENTATION & OPEN DISCUSSION - Data Security: How to Manage Security Around Your Critical Data

  • What is Critical Data
  • What is the lifecycle of Critical Data
  • Where does Critical Data Live
  • How to Identify Critical Data
  • Risks to Critical Data
  • Managing the Security of Critical Data

Speaker: Joe Marroquin, CISO, Encompass Digital Media


1:00 - 1:45 PM CT
PRESENTATION & OPEN DISCUSSION - Prioritize and Execute: Creating an Industry Specific Focus for Risk Based Vulnerability Management

Vulnerability management is not glamorous, but it is one of the best ways to be proactive in securing your organization. The problem lies in the volume of vulnerabilities that come to light each year. In fact, Gartner estimates that in the past decade an average of 8,000 new vulnerabilities were disclosed each year. There is good news however. Of that number only a small percentage are exploited in the wild, and fewer still pose any level of risk to your organization – but how do you determine what is critical, and what can be ignored?

In this presentation, we will be:

  • Walking through strategies to efficiently sort through mountains of data and determine which vulnerabilities pose actual risk to your organization.
  • Create targeted returns to better highlight industry specific vulnerability risk.
  • Demonstrate a data driven approach to better understand the tactics, techniques, and procedures of would-be attackers to enable teams to take proactive steps in their security programs.

Speaker: Nate Foster, Threat Intelligence Consultant, Recorded Future

Presented by: Recorded Future

2:00 - 2:45 PM CT
ROUNDTABLE DISCUSSION - Defending against API attacks

APIs are now at the core of modern business, yet we continue to see how “bad” APIs lead to business disruptions, fraud, and theft of critical business and sensitive data. While it is easy to perform after-the-fact API autopsies to understand where it all went wrong, we seem to lack guidelines on how to build and operate “good” APIs. This session will cover the aspects of what a “good” API looks like throughout the API lifecycle, including testing, management, operations, security, and non-functional requirements.

Moderator: Hamlet Khodaverdian, Vice President, Americas, LMNTRIX

3:00 - 3:45 PM CT
PRESENTATION & OPEN DISCUSSION - Improve Your Security Strategy: Master the 3 Levels of Decision-making

Your security team manages risks that affect business units and functions across your entire organization. Security is threaded through every aspect of your business, and your decisions have never mattered more. On a daily basis, you make decisions that affect day-to-day operations, data and system security, executive-level strategy and direction and quite possibly, the future success of your organization. Security leaders straddle the lines of executive, strategic, and tactical decision making, and must be experts at navigating all three of these levels. We’re wearing many hats, often switching between them from meeting to meeting, and it’s imperative that we can effectively communicate and drive decisions that improve and mature our security efforts across the board.

This session will explore ways to enhance engagement with technical teams, business units and executives alike, while still maturing your security program to be more efficient and effective at managing and mitigating risk. Concepts and topics covered will include:

  • The 3 levels of decision making you must navigate on a daily basis and how they impact the rest of the organization
  • Applying meaningful metrics to demonstrate value to executives and mature program operations for optimal effectiveness
  • Finding program gaps where remediation efforts or SLA compliance is lagging, and taking steps to help affected teams improve and succeed
  • How Tenable helps to improve operational efficiency, address threats and vulnerabilities faster, and demonstrate tangible business value at all levels of the organization

Speaker: Nathan Wenzler, Chief Security Strategist, Tenable

12:00 - 12:45 CT
PRESENTATION & OPEN DISCUSSION - Continuous Security Validation and You: A Tale as Old as Epoch

With Incident Response as the new normal, ensuring that our systems and processes support that effort and threat hunting are working as expected. We will discuss why and how to establish a Continuous Security Validation (CSV) program within your organization. Specifically, how such a program evolves beyond Breach and Attack Simulation (BAS) and provides teams a continuous feedback loop to understand their posture and identify gaps as they arise.

Speaker: Jose Barajas, Director of Global Sales Engineering, AttackIQ

Presented by: AttackIQ

1:00 - 1:45 PM CT
PRESENTATION & OPEN DISCUSSION - How to Actually Protect Your Software Supply Chain from Attacks

  • What is a software supply chain attack
  • How hackers infiltrate development through open-source software
  • What organizations can do to protect themselves

Organizations use open-source software to help their development teams be more innovative and the organization’s products be more competitive. But with software supply chain attacks on the rise, providing secure software development practices is more important than ever. This presentation shows the techniques used by hackers to infiltrate development teams and the types of tools available to protect software development programs.

Join us to learn how to actually protect your organization from a software supply chain attack

Speaker: Keith Thomas, CISO, AT&T

File:AT&T logo 2016.svg - Wikipedia

2:00 - 2:45 PM CT
ROUNDTABLE DISCUSSION - Presenting Risk Management and Cybersecurity to the Board of Directors

What do you feel needs to be included when reporting to the board on cybersecurity? What should not be included? This panel will bring together current CISOs to share their best practices for an concise and effective approach to presenting cybersecurity and threat management to the board. For example, do you include information internal to your organization, as well as information on your industry? Should you include vendors and show how they’re protecting your data, services provided, or other “assets”? What does the board want to know? What do you want them to do? How do you educate the board in a respectful manner?

Moderator: Hamlet Khodaverdian, Vice President, Americas, LMNTRIX

Frequently Asked Questions

Will SINC Healthcare IT Executives & Security Leaders vForum be virtual or in-person?

The Forum will be virtual and hosted online. Stay tuned for how you can join the event digitally.

How does a virtual forum work?

Enjoy all presentations, roundtable discussions, networking sessions, and executive meetings from the comfort of your computer screen, wherever you may be located.

Am I required to attend every session?

Not at all. You attend the sessions most relevant to you.

Is there a fee to attend the virtual event?

No, the event is complimentary to our attendees.

Do I need to register to access the event?

Yes, registration is required prior to accessing the event. Please complete the registration request form.

Will the format and content stay the same now that the Forum has gone virtual?

We are striving to replicate our in-person forums, but with a twist. The format will consist of traditional breakout sessions and keynote speakers, with the inclusion of Ask the Expert: Live Q&A Sessions, Interactive Roundtables, and Live Case Studies/Open Discussions after viewing the presentation.

How can I watch the Forum?

We will be providing attendees with the ability to pre-register for each session. Details on how to access the event will be emailed to all registered attendees prior to the event date.

Will there be any virtual networking opportunities during the forum?

Yes! Stayed tuned for an update on the exciting networking opportunities that we have planned.

Are there any sponsorship opportunities?

Yes, if you are interested in learning more about available sponsorship opportunities please fill out this form. A SINC employee will reach out as soon as possible.