TOLA IT & Security Leaders Forum 2023

 Check back for updates on this session.

Moderator: Bryan Tutor, CIO & Executive Counselor, Info-Tech Research Group

Panelists:

Nellson Burns, Managing Partner, Destination IT

Mark Walters, Trial Lawyer

The definition of work-life balance has changed, and the nature of work has changed. Life, family, and work are all integrated, we need software solutions that allow us the flexibility to live our lives and attract a diverse talent. Solutions that improve experience locally while allowing us to operate globally removing the friction, increasing productivity improving employee experience and in turn positively impacting the customer experience. Focused on retention and customer satisfaction.

Speaker: Matt Lehman, Industry Principal, Financial Services, RingCentral

Presented by: RingCentral

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Imagine a World Cup qualifying team that made it to the first match but had failed to prepare for its opponents. Stepping out on the pitch, the opposing team would run circles around them. This is the story in cybersecurity today. The impact of a lack of continuous security control validation is that security programs fail and breaches occur constantly. Only by testing controls against known threats can teams generate the data they need to understand performance, tune-up, and improve effectiveness.

In this talk, Jose will cover how the research team discovered that EDR controls in AttackIQ’s customer environments only stopped top adversary techniques 39 percent of the time, and outline recommendations for how to improve cybersecurity program performance at scale.

In their analysis, the AttackIQ Adversary Research Team selected real-world adversary techniques from MITRE ATT&CK under the following criteria, including: (1) they needed to be common techniques (not edge cases); (2) they needed to have had pronounced historical impacts, including in recent Russian operations in Ukraine; and (3) most importantly, the EDR solution providers needed to consistently block these key techniques in AttackIQ’s lab environment. The goal in selecting these techniques was to find a sweet spot for realistic and popular techniques that could be prevented by recommended security configurations but are not currently being prevented most of the time in customer environments.

Attendees will leave the talk with a deeper understanding of why advanced cyberdefenses fail against threats and how organizations can use automated testing and the MITRE ATT&CK framework to improve their overall security program performance.

Speaker: Jose Barajas, VP, Global Sales Engineering, AttackIQ

Presented by: AttackIQ

When building or changing an enterprise analytics architecture, there are a lot of things to consider–Cloud or on-prem, hybrid or multi-cloud, this cloud or that cloud, containerized, build tech, buy tech, use the skills in house, train new skills, etc. While balancing those decisions, there are a lot of considerations, but the main three are performance, costs, and planning for the future including future growth in analytics demand.

Learn how several companies like the Index Exchange, Simpli.fi, Philips, and the Tradedesk analyze data from a single terabyte up to multiple petabyte ranges, track millions of realtime actions, generate 10’s of thousands of reports a day, keep thousands of machine learning models in production and performing, and still keep budgets under control.

In this session:

• Discover the high-level principals that underly every decision around building a data analytics architecture for performance and rapid growth, without breaking the budget
• Evaluate examples of successful analytic data architectures at several companies that are tackling some of the toughest analytics use cases.
• Learn from others’ mistakes and successes managing and analyzing data with multiple simultaneous workloads, exponential growth, spikey workloads, or hundreds of concurrent users.

Speaker: Paige Roberts, Open Source Relations Manager, Vertica by OpenText

Presented by: Vertica by OpenText

Security programs have undergone major changes in recent years, to adapt to the changes that Agile development, DevOps pipelines, and faster deployments bring. New DevSecOps programs and models have resulted in a significant security ownership shift to the development teams. But in order for development teams to truly take responsibility for security, they need to embrace and adopt the new security practices. This is no easy feat! It introduces many organizational, process, and tooling challenges. In this session, we will discuss how others have successfully achieved this, and talk about tips and best practices on how you can improve the developer adoption of your security needs, as well as common pitfalls or problems to avoid.

Speaker: Jim Armstrong, Sr. Director, Product Marketing, Snyk

Presented by: Snyk

It is no secret that technology is changing the fabric of business operations and outcomes, and collaboration between IT and the business is more important than ever before. The conversation is no longer about how to align IT with the business, however in many cases technology is still viewed as a commodity rather than an enabler. So what can we do to successfully change this mindset both within our own organizations and across the industry as a whole? During this session, we will discuss the various challenges IT and digital leaders face when undergoing this cultural shift.

Moderator: Ross Tucker, CIO, Texas United Management Corporation

Panelists:

Lucy Mariappa, CIO, International Leadership of Texas

Damian Mobley, CTO, IM Academy

Marc Paige, VP, GC Services

Rinkesh Patel, VP, Fidelity Investments

Open seating, Buffet-style lunch. Serving food for all tastes, pallets and preferences. Vegan and vegetarian options available. 

 Check back for updates on this session.

Speaker: Michael Anderson, CISO, Dallas ISD

Ransomware is no longer just a problem for businesses and industries. Many school districts are now the target of ransomware attacks. But they assume they aren’t at risk and end up having to respond to a ransomware attack without proper preparation and plans in place. Get firsthand information and hear lessons learned from one district’s ransomware incident this year. Be better prepare and secure your staff, hardware, data, and network.

Speaker: Brad Stewart, CTO, Lufkin ISD

To increase security readiness given today’s dynamic attack surfaces and diverse cyberthreats,  security professionals need to move away from traditional vulnerability-centric methods to a new approach that identifies exploitable security exposures in their live IT environments.

Gartner describes Exposure Management (EM) as a new framework that incorporates the adversary’s view to continuously uncover exploitable security gaps, and prioritize remediation accordingly. One of the pillars of EM is security validation, which provides evidence of attackers’ possible achievements in the context of an organization’s deployed assets, configurations, and security controls.

During this session, we will present a pragmatic approach to implementing an Exposure Management strategy, focusing on automated security validation.

Speaker: Autumn Stambaugh, Senior Solutions Engineer, Pentera

Presented by: Pentera

The overall business transition to the Cloud is happening far faster than many experts predicted. That speed has left most companies reliant on security platforms built for a bygone world dominated by on-premises data centers. The covid pandemic further accelerated and complicated the situation, stressing CISOs and CIOs who are responsible for protecting a work-from-home staff that may not ever fully return to the office. Organizations are rapidly adopting SASE to safeguard data wherever it moves, support digital transformation efforts, and realize better efficiency and ROI from their technology. Come hear how Netskope’s converged SASE platform provides AI-driven zero trust security and simplified, optimized connectivity to any network location or device, including IoT.

Speaker: Gerry Plaza, Field CTO, Netskope

Presented by: Netskope

The threat landscape continues to evolve rapidly, and attacks are getting more sophisticated every day. Many organizations can no longer cope with the volume of alerts to the extent that 93% of organizations confirmed that they couldn’t respond to new alerts within the first 24 hours. As a result, the Mean-Time-To-Detect (MTTD), and Mean-Time-To-Respond (MTTR), which are two of the primary metrics for any Security Operations Center (SOC), continue to increase for the majority of organizations. In this session, we will discuss some of the main challenges that result in alert fatigue and an increase in MTTD and MTTR metrics and how Artificial Intelligence can play a vital role in driving efficiency for your team.

Speaker: Mani Keerthi Nagothu, Field CISO, Americas, SentinelOne

Presented by: SentinelOne

Innovation driven by DevOps, cloud and AI/ML emboldens businesses to expand access to the essential fuel for those programs– enterprise data. At the same time, stringent privacy laws and frequent cyber attacks increase pressure to mitigate sensitive data risks. With more and more interaction shifting to the digital brand experience, how can today’s enterprises effectively unlock the power of their enterprise data and eliminate friction between data usage and data security?

Join this interactive session to discuss the cultural shift modern enterprises are actively engaged in to make data more available, secure, compliant and resilient.

Speakers:

Brandon Burge, Director IT, Express Scripts

Corey Brune, Senior Principal Solutions Engineer, Delphix

Presented by: Delphix

Circle back with your Peers on the content so far while grabbing a coffee and a snack

As macro-economic concerns increase in 2023, organizations are looking to drive higher ROI from digital investments. Value Stream Management helps DevOps teams accelerate time to market and build on success by unifying your organization’s business and technology objectives. But accelerating revenue must be accompanied by optimized operational expenditures in order to maximize ROI. That’s where FinOps comes in.

In this session, you’ll learn how OpenText simplifies Value Stream Management by helping organizations track, analyze, and predict resourcing, reduce risk, and identify waste to help you increase value as a product flows from “strategy to delivery” to achieve superior business outcomes. Then you’ll learn how FinOps can help you optimize the cloud costs that are driven by agile development through a three-step approach: Inform, Optimize and Operate. This will enable you to:

• Maximize Business Value and Effectiveness: Discover, visualize, and manage the flow of value from “strategy to delivery” powered by AI and analytics that is easy to deploy.
• Accelerate Delivery and Efficiency: Integrate with your existing toolchains to improve productivity and remove friction in the value stream with smart automation.
• Gain Competitive Advantage: Differentiate customer experience with high-quality value stream insights to manage risk and streamline delivery. Empower continuous feedback, learning, and improvement.

Join OpenText to learn why the time for a joint VSM/FinOps approach is now and how to capitalize on it the easy way.

Speakers:

Parker Reguero, Enterprise Sales Director, ADM West, OpenText

Travis Greene, Sr. Director of Product Marketing, OpenText

Presented by: OpenText

In most markets, there is an abundance of open IT jobs with fewer people able to fill them – and the positions are getting more expensive. Working remotely is the norm, but not optimal (usually). There is less off-shoring and more resources are focused locally or within the same hemisphere.

Additionally, we are still not recruiting enough women and minorities into the rank and file, especially senior IT roles, and we’re losing talent to major tech hubs.

Join us at the roundtable with your peers as we dive into solutions to tackle the following challenges:

• How do you scale staff/team without losing them to major tech hubs?
• How do you create more diversity – not only among race and gender – but diversity of thought Old vs New Thinking?
• How do we mentor universities to implement actionable steps for supplying more IT talent?

Moderator: Helen Knight, Founder & CEO, Helen Knight Consulting

Panelists:

Charles Ahn, Director of SAP Technology Integration and Enablement, Kimberly-Clarke

Angela McGuire, VP of Digital Financial Services, Worldlink

Nickoria Johnson, Chief Diversity Officer, Credera

Robert Pace, VP & CISO, Invitation Homes

For years, organizations have struggled to meet the requirements of regulatory compliance, incident response, security, and best practice for their critical data.

And now, with the huge upsurge and modernization of business applications and the pressure to migrate to the cloud or to manage a hybrid environment, data security, and compliance requirements are evolving to the point where traditional solutions are no longer enough to provide every answer, and the demand for a modernized data security solution is growing .

Modern Data Security requires:

1. Support for any location, Multi-cloud, on-prem, both.
2. Coverage for any data type
3. Convergence of Legal, Risk, IT and Security
4. Augmenting hard to find expertise
5. Building Data security into Business Processes

Join Imperva’s Terry Ray to learn what to consider when modernizing your data security solutions to meet the constantly changing security challenges of the modern enterprise

Speaker: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow, Imperva Inc

Presented by: Imperva

No surprise in the era of digital transformation: In its API Security and Management report, Gartner predicts that by 2023, API abuses will move from infrequent to the most frequent attack vector, and by 2025, more than 50% of data theft will be due to unsecure APIs. And yet many security leaders, when pressed, do not even know how many APIs they have in their environments – never mind their level of security. So, what are you doing proactively to protect your environment from API vulnerabilities, design flaws, and misconfiguration?

Join the Noname Security session on API security to discover:

• How are adversaries exploiting API security gaps to launch successful attacks?
• What are the top API vulnerabilities, and how are proactive enterprises mitigating them?
• How can API visibility be enhanced for automated monitoring, detection, and response?

Speaker: Henry Obialisi, Director, Solutions Architects West, Noname Security

Presented by: Noname Security

Aggressive attacks on Enterprise computer networks are continuing with increased frequency and threatening economic and national security. Actions like vulnerability reduction and passive defenses on their own simply are not cutting it and there needs to be a functional shift in the way we mitigate this substantial threat. Companies can seek to protect their most sensitive data by implementing an environment of actionable intelligence and detection to bring the fight to the adversaries and ensure a proactive approach to securing data. This session will discuss best practices in managing the constant evolution in the security environment.

Moderator: Erik Boemanns, VP of Technology, Cybersecurity, Improving

Panelists:

Sujeet Bambawale, VP & CISO, 7-Eleven

Ted Layne, CISO/CSO, Fairway Independent Mortgage Corporation

Ray Texter, CISO, Texas United Management Corporation

Keith Donnelly, VP, Global Head of Risk Management, Broadridge Financial

David Mata, SVP, Global Head of Incident Management, Darktrace

What if I told you that 80% of the source code for your application was written by strangers? Furthermore, your developers have implicitly invited those strangers to help on your digital transformation projects. By downloading and using open source libraries, you have decreased your time to market. What has it done to your risk? What governance do you have over open source in your enterprise, and can you detect if something is wrong?

Incidents such as the recent Log4J CVE, have reminded us that while not malicious, these libraries can be misused to attack us. If you were impacted by this event, you should have some idea of how mature your organization is and made some decisions on how to improve. Your ability to respond in a timely manner to these situations is critical.

Today we are seeing the rise of the criminal coder. Through various means, they are injecting open source software with malicious code. The ecosystem for sharing these libraries was created to share easily, not securely. Using some traditional attacks as well as some that are novel and unique to each ecosystem, they have put your company at risk.

Your ability to detect and react to this new threat landscape has three components:

1. Telemetry that alerts you to the suspicious and malicious software that your developers have inadvertently selected and integrated
2. The quality and maturity of your incident response playbook
3. The hygiene of your development organization and its ability to make production changes quickly and safely

Join us to learn about these topics and bring real improvements back to your workplace.

Speaker: Peter Chestna, CISO of North America, Checkmarx

Presented by: Checkmarx

Concerns of a Recession looms whether there results in one or not. With a war raging across the ocean, a potential European energy crisis this winter, and inflation numbers in the US refusing to subside, the macroeconomic environment has caused enterprise IT leaders to rethink their strategies. Learn how your peers are changing their plans to deal with the recession.

Speaker: Eric Helmer, Chief Technology Officer, Rimini Street

Presented by: Rimini Street

Circle back with your Peers on the content so far while grabbing a coffee and a snack

The current “shift-left” mindset to assess, assert, and evidence compliance and to harden the software supply chain are a DevOps antipattern. The impact goes well beyond over-burdening developers with toil that distracts them from innovation, unplanned audits are highly disruptive, and management is left to make decisions without defensible data. We will discuss this impact as a tax and suggest attributes of solutions to do Shift-Left right.

Speaker: Tim Johnson, Senior Product Marketing Manager, CloudBees

Presented by: Cloudbees

Review of Scattered Spider and Slippy Spider, the updated attack techniques observed, and changes in the eCrime landscape

Speaker: Aaron Ausherman, Sales Engineering Manager, CrowdStrike

Presented by: CrowdStrike

 Check back for updates on this session.

Speaker: Nickoria Johnson, Chief Diversity Officer, Credera

Serving food for all tastes, pallets, and preferences. Vegan and vegetarian options available. Serving to-go boxes for those in a hurry!