Midwest IT & Security Leaders Forum 2023

The latest snapshot of your network traffic logs may look innocent enough, but hidden within your common ports and protocols are the movements of a cybercriminal who has secretly breached your systems and is now trying to expand its foothold within your virtual walls in multi-cloud environments.

It’s this east-west infiltration that turns what could be just a relatively minor breach into a damaging data exfiltration incident or a full-scale ransomware attack. That’s why reducing attacker dwell time, curbing lateral movement and detecting advanced threats are essential components to any network security strategy, whether you operate largely on premises, in private clouds or multi-cloud architectures.

Gain key insights and strategies related to the defense against post-breach lateral movement:

• Research, statistical analysis and threat reports that underscore the threat that lateral movement represents
• Key metrics, strategies and solutions for detecting post-exploitation east-west movement, including behavioral analysis and identifying threat signatures
• A Guide To Detecting & Restricting Lateral Movement

Speaker: Chad Skipper, Global Security Technologist, VMware

Presented by: VMware

In this session, attendees will delve into the influence of AI on risk management within organizations.

This workshop will cover critical AI vulnerabilities, including model drift, “hallucinations,” and privacy concerns associated with public versus private AI models.

We’ll differentiate generative AI from analytical AI using practical use cases.

Executives are encouraged to share their own experiences and solutions to showcase how various risk factors were identified and mitigated. The session will also feature case studies, best practices, and discussions on emerging trends ad challenges in the field, with ample time for questions and interaction.

Speaker: Kevin McDermott, CTO, Cook County

Speaker: Kader Sakkaria, Chief Digital and Technology Officer, Ruffalo Noel Levitz

As a research and advisory organization, we have a unique perspective on key trends in technology. This talk will cover the key trends such as generative AI, zero-trust security, recession preparation, Metaverse, digital processes, industry-based data models, recession preparation, environmental/social governance, and their applicability to IT organizations.

Join Sonatype’ as we discuss how companies can achieve digital transformation by delivering safer and faster applications, and the shift that needs to happen with companies becoming proactive in securing their Software Supply Chain.

Speaker: Maury Cupitt, RVP, Sales Engineering, Sonatype

Presented by: Sonatype

In the fast-paced world of IT and Security, optimizing software delivery and ensuring compliance are essential for organizations looking to remain competitive and meet ever-evolving customer demands. This presentation will explore the role of Value Stream Management (VSM) in accelerating software delivery, enhancing digital transformation efforts, and ensuring compliance within the IT & Security industry. Attendees will learn how VSM can drive innovation, efficiency, and compliance within their organizations by providing a comprehensive overview of VSM, discussing challenges and opportunities in the global context, and sharing best practices for successful implementation.

Speaker: Hope Lynch, Offshoot Evangelists, CloudBees

Presented by: Cloudbees

Circle back with your Peers on the content so far while grabbing a coffee or tea and a snack

Security programs have undergone major changes in recent years, to adapt to the changes that Agile development, DevOps pipelines, and faster deployments bring. New DevSecOps programs and models have resulted in a significant security ownership shift to the development teams. But in order for development teams to truly take responsibility for security, they need to embrace and adopt the new security practices. This is no easy feat! It introduces many organizational, process, and tooling challenges. In this session, we will discuss how others have successfully achieved this, and talk about tips and best practices on how you can improve the developer adoption of your security needs, as well as common pitfalls or problems to avoid.

Speaker: Anthony Sayre, Sr. Technical Success Manager, Snyk

Presented by: Snyk

In this session, you will learn how successful CIOs, CISOs, and CROs are proactively approaching security and compliance to reduce data exposure and recover from cyber events.

Silos between IT and SecOps have led to a lack of coordination and collaboration, resulting in breaches. Both groups must share the responsibility to improve posture in today’s threat landscape.

Rubrik has helped over 150 customers recover from cyber-attacks and is an industry leader in cyber resilience. Discover best practices for better preparation when adversaries breach your security wall and impact your data.

Speaker: Todd Barton, Regional Vice President of Sales Engineering, Rubrik

Presented by: Rubrik

In this session, we will gain valuable insights into the world of threat hunting and its role in fortifying security operations centers and incident response teams. The session will explore the latest methodologies, tools, and best practices utilized by SOC analysts and incident responders to actively detect and neutralize emerging cyber threats. Through real-world examples and practical demonstrations, Executives will learn how to leverage threat intelligence, conduct network and endpoint analysis, apply machine learning algorithms, and foster a collaborative security culture, empowering them to stay one step ahead of adversaries and protect their organizations from sophisticated attacks.

Speaker: Craig Guymon, Sr. Solutions Architect, Binalyze

Presented by: Binalyze

Discussing traditional approaches to Risk Management and why they are less and less effective as technology gets more complex and attacks get harder to detect. Including:

• Gaining comprehensive visibility across the modern attack surface
• Anticipating threats, identifying exposures and prioritizing efforts to prevent attacks
• Communicating cyber risk up and down the organization to help make better risk decisions

Speaker: Nathan Wenzler, Chief Security Strategist, Tenable

Presented by: Tenable

It is no secret that technology is changing the fabric of business operations and outcomes, and collaboration between IT and the business is more important than ever before. The conversation is no longer about how to align IT with the business, however in many cases technology is still viewed as a commodity rather than an enabler. So what can we do to successfully change this mindset both within our own organizations and across the industry as a whole? During this session, we will discuss the various challenges IT and digital leaders face when undergoing this cultural shift.

Moderator: Tellis Williams, VP Risk Mgmt/Chief Information Security Officer, Dream Exchange Holdings

Panelists:

Tammylynne Jonas, CIO, Donaldson Company

Greg Malone, Global Chief Information Officer, Webster University 

Vinit Shah, Global Compliance Director, Aon

Steven Mullins, CISO, Stratosphere Quality LLC

Open seating, Buffet-style lunch. Serving food for all tastes, pallets, and preferences. Vegan, vegetarian, and halal options available

Adoption of Microsoft Teams has become widespread, with Microsoft reporting 300 million active users. While Teams has become the go-to platform for video meetings and team messaging, many organizations have discovered its telephony capabilities don’t meet their needs. As a result, many organizations just like yours are searching for third-party solutions that fit neatly into Teams to transform it into a stronger communications hub. Join your peers to network and discuss how they’re leveraging Teams and how they’re integrating other services to unleash its full potential

Speaker: Jeffrey Sieber, Solutions Engineer, RingCentral

Presented by: RingCentral

In our talk, we’ll first explain what generative AI is and why it’s exciting. We’ll then talk about potential risks.

Next, we’ll highlight the ethical side of AI, focusing on making it transparent, accountable, and fair. We’ll suggest ways to prevent risks, including robust testing, better rules, and the part public policy can play. Importantly, we’ll also delve into the crucial role of an AI architect. We’ll discuss how they can shape responsible AI from the ground up, set robust security protocols, and ensure ethical standards throughout the AI life cycle.

Lastly, we’ll share some real-world examples of responsible and secure AI, hoping to show a path forward where AI is both safe and beneficial to society.

Presented by: Senthil Kumar, Head Of Cloud Platform Architecture

Imagine a World Cup qualifying team that made it to the first match but had failed to prepare for its opponents. Stepping out on the pitch, the opposing team would run circles around them. This is the story in cybersecurity today. The impact of a lack of continuous security control validation is that security programs fail and breaches occur constantly. Only by testing controls against known threats can teams generate the data they need to understand performance, tune-up, and improve effectiveness.

In this talk, Jose will cover how the research team discovered that EDR controls in AttackIQ’s customer environments only stopped top adversary techniques 39 percent of the time, and outline recommendations for how to improve cybersecurity program performance at scale.

In their analysis, the AttackIQ Adversary Research Team selected real-world adversary techniques from MITRE ATT&CK under the following criteria, including: (1) they needed to be common techniques (not edge cases); (2) they needed to have had pronounced historical impacts, including in recent Russian operations in Ukraine; and (3) most importantly, the EDR solution providers needed to consistently block these key techniques in AttackIQ’s lab environment. The goal in selecting these techniques was to find a sweet spot for realistic and popular techniques that could be prevented by recommended security configurations but are not currently being prevented most of the time in customer environments.

Attendees will leave the talk with a deeper understanding of why advanced cyberdefenses fail against threats and how organizations can use automated testing and the MITRE ATT&CK framework to improve their overall security program performance

Speaker: Jose Barajas, VP, Global Sales Engineering, AttackIQ

Presented by: AttackIQ

All IT and security teams are responsible for innovating while keeping the trains running. Given today’s cybersecurity landscape, managing all of these priorities while protecting the organization can be a challenge. Join Tina Thorstenson, VP of the Industry Business Unit & Executive Strategist at CrowdStrike for an informative discussion that will not only highlight today’s threats and trends but also show how embracing a modern enterprise approach can enhance visibility, drive cloud innovation and security, and all the while help protect identities and technology assets.

This discussion will include success stories and lessons learned, plus highlight how effective teams frequently leverage partnerships, like CrowdStrike, as an extension of in-house security teams. Attendees will learn key approaches to help IT and security teams, drive operational efficiencies, lean into innovative projects and strengthen an institution’s overall security posture at the same time.

Speaker: Tina Thorstenson, VP of the Industry Business Unit and Executive Strategist, CrowdStrike

Presented by: CrowdStrike

Circle back with your Peers on the content so far while grabbing a coffee and a snack. 3:40 We will run our first Raffle Prize for those who have participated in the App today!

Managing endpoint risk and compliance is more challenging today than ever before. Today’s CISOs have to manage risk from many thousands of globally distributed, heterogeneous assets, while also responding to ever increasing audit scrutiny and regulatory compliance requirements.

Join this session, Achieving the Benefits of Converged Endpoint Management, to learn more about how to:

• Identify & remediate risks that create the greatest exposure.
• Assess & measure unknown vulnerabilities.
• Maximize IT budgets and staffing during economic uncertainty.
• Enhance existing investment in strategic technology vendors.

Speaker: Mike Bitz, RVP Technical Account Management, Tanium

Presented by:Tanium

In most markets, there is an abundance of open IT jobs with fewer people able to fill them – and the positions are getting more expensive. Working remotely is the norm, but not optimal (usually). There is less off-shoring and more resources are focused locally or within the same hemisphere.

Additionally, we are still not recruiting enough women and minorities into the rank and file, especially senior IT roles, and we’re losing talent to major tech hubs.

Join us at the roundtable with your peers as we dive into solutions to tackle the following challenges:

• How do you scale staff/team without losing them to major tech hubs?
• How do you create more diversity – not only among race and gender – but diversity of thought Old vs New Thinking?
• How do we mentor universities to implement actionable steps for supplying more IT talent?

Moderator: Brittney Harrell, Director of Cybersecurity, Zelis Healthcare

Panelists:

Aditya Kaushal, Sr Director, Walgreens Boots Alliance (Former)

Arlene Yates, VP Quality Engineer, Bank of America

Radhika Murudeshwar, Director Architecture, United Health Group

Digvijay Shanker, Director of IT, Optum

As macro-economic concerns increase in 2023, organizations are looking to drive higher ROI from digital investments. Value Stream Management helps DevOps teams accelerate time to market and build on success by unifying your organization’s business and technology objectives. But accelerating revenue must be accompanied by optimized operational expenditures in order to maximize ROI. That’s where FinOps comes in.

In this session, you’ll learn how OpenText simplifies Value Stream Management by helping organizations track, analyze, and predict resourcing, reduce risk, and identify waste to help you increase value as a product flows from “strategy to delivery” to achieve superior business outcomes. Then you’ll learn how FinOps can help you optimize the cloud costs that are driven by agile development through a three-step approach: Inform, Optimize and Operate. This will enable you to:

• Maximize Business Value and Effectiveness: Discover, visualize, and manage the flow of value from “strategy to delivery” powered by AI and analytics that is easy to deploy.
• Accelerate Delivery and Efficiency: Integrate with your existing toolchains to improve productivity and remove friction in the value stream with smart automation.
• Gain Competitive Advantage: Differentiate customer experience with high-quality value stream insights to manage risk and streamline delivery. Empower continuous feedback, learning, and improvement.

Join OpenText to learn why the time for a joint VSM/FinOps approach is now and how to capitalize on it the easy way.

Speakers:

Chris Rollinger, Solution Architect | ITOM OpsB & NOM, OpenText

Dave Flynn, Chief Technologist, OpenText

Presented by: OpenText

Aggressive attacks on Enterprise computer networks are continuing with increased frequency and threatening economic and national security. Actions like vulnerability reduction and passive defenses on their own simply are not cutting it and there needs to be a functional shift in the way we mitigate this substantial threat. Companies can seek to protect their most sensitive data by implementing an environment of actionable intelligence and detection to bring the fight to the adversaries and ensure a proactive approach to securing data. This session will discuss best practices in managing the constant evolution in the security environment.

Moderator: Tellis Williams, VP Risk Mgmt/Chief Information Security Officer, Dream Exchange Holdings

Panelists:

Christer Swartz, Industry Solutions, Director, Illumio

Bradley Schaufenbuel, CISO, Paychex

MJ McSheehy, CISO, Addison Group

Erwin Carrow, Confidential

IT organizations have two imperatives that seem to be at odds with each other: Maximize the velocity and quality of software development efforts – and – protect the firm’s systems and data from an ever increasing spectrum of threats. The teams clamoring for more autonomy and access to production systems, and the teams striving to protect the firm’s assets don’t have be adversaries. In this session you will learn how Delphix’s zero trust – data automation platform combines virtual database replication with the industry’s most efficient masking platform to give developers automated / instant access to protected replicas of production databases. Delphix’s unique approach enables application development teams to dramatically accelerate velocity and quality while at the same time enabling infosec teams to eliminate all the risks of infiltration or exfiltration of sensitive data from non-prod environments.

Speaker: Ilker Taskaya, Field CTO, Compliance Solutions, Delphix

Instructed by: Delphix

Circle back with your Peers on the content so far while grabbing a coffee or tea and a snack

Speaker: Frank Reneke, GVP, Global Pre-Sales​, Rimini Street

Presented by: Rimini Street

Today, the primary CEO priority is growth, with technology as a key enabler. However, vendor policies pose major roadblocks to innovation, growth and competitive advantage by forcing you to spend limited budget, resources and time on projects that may not drive your business. ​Learn how you can take control of your IT roadmap by choosing a Business-Driven Roadmap designed around your business objectives and not the vendor’s. Leverage vendor software, but do it on your terms, on your timetable and with the flexibility, funding and freedom to focus on initiatives that support growth and competitive advantage.

Presented by: Sean Willeford, Sr. Director Application Development, Discover

We will raffle off prizes for who provides the most feedback on our app and who has the most engaging LinkedIn post!

Serving to-go boxes for those in a hurry. Serving food for all tastes, palates, and preferences. Vegan, vegetarian and halal options available.