Southeast IT & Security Leaders Forum 2023

The latest snapshot of your network traffic logs may look innocent enough, but hidden within your common ports and protocols are the movements of a cybercriminal who has secretly breached your systems and is now trying to expand its foothold within your virtual walls in multi-cloud environments.

It’s this east-west infiltration that turns what could be just a relatively minor breach into a damaging data exfiltration incident or a full-scale ransomware attack. That’s why reducing attacker dwell time, curbing lateral movement and detecting advanced threats are essential components to any network security strategy, whether you operate largely on premises, in private clouds or multi-cloud architectures.

Gain key insights and strategies related to the defense against post-breach lateral movement:

• Research, statistical analysis and threat reports that underscore the threat that lateral movement represents
• Key metrics, strategies and solutions for detecting post-exploitation east-west movement, including behavioral analysis and identifying threat signatures
• A Guide To Detecting & Restricting Lateral Movement

Speaker: Chad Skipper, Global Security Technologist, VMware

Presented by: VMware

We hear a lot of thoughts about selling into a C-Suite. It’s time to talk about it from the perspective of executives within that suite and how we make buying decisions. We will discuss the various considerations and thought processes that C-Suite executives follow when buying products and services:

• Requirements vs Features
• Taking control of the buying schedule
• Follow through and Execution
• What products and services are purchased by the C-Suite and which are delegated to other teams?
• Pet peeves

Join Grant and Joe as they discuss this important topic from an angle that other executives inside and outside of the C-Suite will relate.

Speakers: 

Grant Shih, Chief Technology Officer, Aramark

Joe Marroquin, Chief Information Security Officer / Chief Compliance Officer, Encompass Digital Media, Inc.

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Concerns of a Recession looms whether there results in one or not. With a war raging across the ocean, a potential European energy crisis this winter, and inflation numbers in the US refusing to subside, the macroeconomic environment has caused enterprise IT leaders to rethink their strategies. Learn how your peers are changing their plans to deal with the recession.

Speaker: Eric Helmer, Chief Technology Officer, Rimini Street

Presented by: Rimini Street

What if I told you that 80% of the source code for your application was written by strangers? Furthermore, your developers have implicitly invited those strangers to help on your digital transformation projects. By downloading and using open source libraries, you have decreased your time to market. What has it done to your risk? What governance do you have over open source in your enterprise, and can you detect if something is wrong?

Incidents such as the recent Log4J CVE, have reminded us that while not malicious, these libraries can be misused to attack us. If you were impacted by this event, you should have some idea of how mature your organization is and made some decisions on how to improve. Your ability to respond in a timely manner to these situations is critical.

Today we are seeing the rise of the criminal coder. Through various means, they are injecting open source software with malicious code. The ecosystem for sharing these libraries was created to share easily, not securely. Using some traditional attacks as well as some that are novel and unique to each ecosystem, they have put your company at risk.

Your ability to detect and react to this new threat landscape has three components:

1. Telemetry that alerts you to the suspicious and malicious software that your developers have inadvertently selected and integrated
2. The quality and maturity of your incident response playbook
3. The hygiene of your development organization and its ability to make production changes quickly and safely

Join us to learn about these topics and bring real improvements back to your workplace.

Speaker: Peter Chestna, CISO of North America, Checkmarx

Presented by: Checkmarx

It is no secret that technology is changing the fabric of business operations and outcomes, and collaboration between IT and the business is more important than ever before. The conversation is no longer about how to align IT with the business, however in many cases technology is still viewed as a commodity rather than an enabler. So what can we do to successfully change this mindset both within our own organizations and across the industry as a whole? During this session, we will discuss the various challenges IT and digital leaders face when undergoing this cultural shift.

Moderator: Ken Foster, VP IT Risk Governance and Compliance, Fleetcor

Speakers: 

Ed Moore, Sr. Director – Identity and Access Management, Carnival Corporation

Kevin Burns, CIO, City of Melbourne

Vladimir Svidesskis, CISO, Vaco

Danilo Nogueira, CISO, Roper Technologies

Open seating, Buffet-style lunch. Serving food for all tastes, pallets, and preferences. Vegan, vegetarian, and halal options available

Presented by: Vertica by OpenText

Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important tools of defense, leaders must balance the overwhelming speed and accuracy advantage of AI with the need for measured and intuitive interactions with a real-world human element.

Join this session to discuss:

• What these trends mean for the hands-on practitioner
• When velocity of innovation outpaces the capabilities of human intellect
• The role of automation in the effective practice of securing our digital world

Speaker: Michael Leland, Chief Cybersecurity Evangelist, SentinelOne

Presented by: SentinelOne

Weak identity and access management (IAM) practices result in considerable risk to the organization because IAM plays a role in most things in IT. Organizations typically do not have a high-level understanding of how identities and access are managed within the organization and no central ownership of IAM is a common reason why. Owners of IAM actions outside of IT may be resistant to adopting change but it’s our job to convey the importance and get the buy-in needed. This session will help identify the drivers behind improving your IAM practices and develop best practice processes for each section of the identity lifecycle.

Speakers:

Ben Field, Director of Information Security, Florida Crystals

Christine Vanderpool, CISO, Florida Crystals

 Check back for updates on this session.

Presented by: Lorenzo Hines, Global SVP of Information Technology, Citi

As cloud data volumes grow, so does cloud complexity. Traditional security infrastructure is no match for the constant changes, updates, and shifts that come with the cloud – let alone the rapid rise of sophisticated, malicious threats. That’s a lot to get your teams’ arms around! We’ve got three things you can focus on this year to ease that complexity and keep your business safe in the cloud.

Join this session to discuss how:

• Shifting left will be essential
• Supply chain risk will be a major concern
• Securing your cloud will be impossible without comprehensive visibility

Speaker: Tim Chase, Field CISO, Lacework

Presented by: Lacework

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Value Stream Management may be the next big thing but seems like a lot to swallow. Even organizations with mature Agile and DevOps processes are unsure how to capitalize on this proven method of process improvement.  To front-load success and reduce risk, you’ll need to see value quickly and then build on that success. Properly implemented, VSM can boost time-to-market and a company’s ability to compete and win in the marketplace by maximizing ROI and unifying your organization’s business and technology objectives.

In this session, you’ll learn how OpenText simplifies Value Stream Management by helping organizations track, analyze, and predict resourcing, reduce risk, and identify waste to help you increase value as a product flows from “strategy to delivery” to achieve superior business outcomes:

• Maximize Business Value and Effectiveness:  Discover, visualize and manage flow of value from “strategy to delivery” powered by AI and analytics that is easy to deploy
• Accelerate Delivery and Efficiency: Integrates with your existing toolchains to improve productivity and remove friction in the value stream with smart automation
• Gain Competitive Advantage: Differentiate customer experience with high quality value stream insights to manage risk and streamline delivery. Empower continuous feedback, learning and improvement.

Join OpenText for this discussion, including why the time for VSM is now and how to capitalize on it the easy way.

Speaker: Lydia Casillas, Director of NA East Enterprise Accounts, Micro Focus

Presented by: Micro Focus 

Presented by: Crowdstrike

The definition of work-life balance has changed, and the nature of work has changed. Life, family, and work are all integrated, we need software solutions that allow us the flexibility to live our lives and attract a diverse talent. Solutions that improve experience locally while allowing us to operate globally removing the friction, increasing productivity improving employee experience and in turn positively impacting the customer experience. Focused on retention and customer satisfaction.

Presented by: RingCentral

In most markets, there is an abundance of open IT jobs with fewer people able to fill them – and the positions are getting more expensive. Working remotely is the norm, but not optimal (usually). There is less off-shoring and more resources are focused locally or within the same hemisphere.

Additionally, we are still not recruiting enough women and minorities into the rank and file, especially senior IT roles, and we’re losing talent to major tech hubs.

Join us at the roundtable with your peers as we dive into solutions to tackle the following challenges:

• How do you scale staff/team without losing them to major tech hubs?
• How do you create more diversity – not only among race and gender – but diversity of thought Old vs New Thinking?
• How do we mentor universities to implement actionable steps for supplying more IT talent?

Moderator: Sue Tripathi, Partner, Data, Analytics, Technology, Transformation, IBM

Panelists:

Jaye Anna Hill, VP Cyber Security Manager, Truist

Lorenzo Hines, Global SVP of Information Technology, Citi

Christine Vanderpool, CISO, Florida Crystals

Ashok Narayan, Global Director of Applications and Emerging Technology, Tosca Services

With many economists are anticipating a recession in 2023, the impact on IT departments is unclear. One would expect companies to pull back across the board and for those cuts to include IT. But the big surprise is that spending on IT is expected to increase.

Speaker: Mark Roman, CIO & Executive Counselor, Info-Tech Research Group

Presented by: Info-Tech Research Group

Security leaders are facing an increasingly complex, dangerous, and difficult digital landscape. Software supply chain attacks have increased an average of 742% each year since 2019. The average cost of a data breach is an astounding $4.35 million–not to mention the potential shareholder lawsuits, loss of customers, and damage to brand reputation. Earlier this month, The White House released a new cybersecurity strategy that calls for greater cybersecurity liability and holding software providers responsible for insecure products released to consumers. Meaning, it’s now an organizational imperative at the highest level to get serious about securing your software supply chain and stop malicious open-source codes before their download.

Join Sonatype’s Maury Cupitt as he discusses how companies can achieve digital transformation by delivering safer and faster applications, and the shift that needs to happen with companies becoming proactive in securing their Software Supply Chain.

Speaker: Maury Cupitt, Regional Vice President, Sales Engineering, Sonatype

Presented by: Sonatype

Circle back with your Peers on the content so far while grabbing a coffee and a snack

We all rely on third parties to help our companies succeed. Working with these third parties to help protect the privacy and security of our company data is critical. This has been a challenge for years. Let’s discuss what is and isn’t working for companies of all sizes. How we can help each other hold these third parties accountable and perhaps work toward a standard framework.

Presented by: Elliott Franklin, CISO, ServiceMaster Brands

 Check back for updates on this session.

Presented by: Michael Marsilio, CISO, Paradies Lagardère

Presented by: Ashok Narayan, Global Director of Applications and Emerging Technology, Tosca Services

You’ve just stepped into your new IT leadership role. Your first 90 days in a new IT leadership role should be focused on learning. Investing this time will help you understand the current state, appreciate the culture and inform your strategy. Prioritize these steps to kickstart improvement:

• Understand your job. Learn the organization and industry you are in
• Define and revise measurements for success
• Articulate your vision and strategy
• Organize people for success
• Build culture
• Revise processes for success & delivery, and suitable for the environment and the times
• Upgrade technologies