West IT & Security Leaders Forum Presentations

We invest a lot into patching and correction of misconfigurations, but we never really reach a point where we can say we have a tolerable amount of risk in our environment. We feel deeply, at a certain point, with a skilled enough attacker, or one bad decision, a breach is likely to happen. This can be incredibly taxing.

Join this session to discuss:

• Can I define a “tolerable” amount of risk?
• How do I measure more within my security program (and why should that matter)
• What helps me sleep the most at night?

Presented by: Eric Heiser, Principal Sales Engineer, Lacework

The world now depends on the digital economy. IT is central to the organization’s successful response and there are four pillars of strength required: re-coding the institutional DNA, treating security as survival, responding to the new relationship with work, and reducing the bureaucratic burden.

Presented by: Vijay Mohnish, CTO, Ria Financial

In today’s dynamic work environment, organizations across various industries are experiencing the unique challenge and opportunity of managing teams composed of multiple generations. This includes Baby Boomers, Generation X, Millennials, and Generation Z, each bringing their own distinct perspectives, experiences, and working styles. This session offers a comprehensive guide on the best practices for leading and managing these diverse teams effectively. It aims to promote collaboration and foster a positive team dynamic. We will share practical insights to provide leaders in any sector with the essential tools and understanding needed to successfully guide these diverse teams towards achieving organizational goals.

Understanding the Generational Differences: To lead a multigenerational team effectively, it’s crucial to recognize and appreciate the unique attributes, values, and experiences that each generation brings to the table.

• Baby Boomers (Born 1946-1964): Characterized by a robust work ethic, loyalty, and a preference for stability and structured communication, Baby Boomers bring a wealth of experience and dedication. –
• Generation X (Born 1965-1980): Known for their independence and desire for work-life balance, this generation excels in adaptability and values flexibility and autonomy within the workplace.
• Millennials (Born 1981-1996): Team-oriented and tech-savvy, Millennials thrive on collaboration, personal growth, and seek a workplace that emphasizes transparency, continuous feedback, and a balance between personal and professional life.
• Generation Z (Born 1997-2012): The newest entrants into the workforce, Gen Zers are digitally fluent and entrepreneurial, valuing diversity, inclusivity, and opportunities for meaningful work and personal development.

By understanding these generational dynamics, leaders across industries can tailor their approach to harness the strengths of each group, creating a harmonious and productive work environment.

Presented by: Khalid Turk, Chief Healthcare Information Officer, Santa Clara County

In this session, we learned how successful CIOs, CISOs, and CROs are proactively approaching security and compliance to reduce data exposure and recover from cyber events.

Silos between IT and SecOps have led to a lack of coordination and collaboration, resulting in breaches. Both groups must share the responsibility to improve posture in today’s threat landscape.

Rubrik has helped over 150 customers recover from cyber-attacks and is an industry leader in cyber resilience. Discover best practices for better preparation when adversaries breach your security wall and impact your data.

Presented by: Evan Shelley, VP of Sales Engineering Strategy, Rubrik & Tyler Baker VP, Sales Engineering & Nathan Bahls Director, Sales Engineering

In September 2023, two major casinos were hit with cyberattacks from the same ransomware threat actor. The first casino immediately paid a $15 million ransom and was back in business quickly. The second took a longer road by refusing to pay, which cost the company tens of millions in lost revenue due to more than 10 days of downtime.

The one that paid is now being sued in a class-action lawsuit for “inadequate data security.” In hindsight, which decision was better? Join this conversation to share your opinion.

Discussion Topic 1: Factors to consider in high-pressure decision-making:

• For the casino who paid the ransomware, how big a factor was luck in getting its system up and running again so quickly? Did they lose anything long-term for their choice to pay a ransom?
• Was 10 days reasonable for the second casino to return to business continuity? Did they gain anything in terms of long-term cybersecurity compared to the other?

Discussion Topic 2: Legal ramifications:

• Did both companies fulfill the requirements of the SEC disclosure rules in terms of details and timing?
• Why is one being sued and not the other?
• Does the second casino’s comprehensive review and restoration process, while more costly in the short term, affect the company differently in the long term concerning legal liability?

Presented by: Ben Corll, CISO, Americas, Zscaler

Organizations are challenged to secure and manage a new kind of hybrid network. Not on-prem and cloud, but work in the office, from home, and anywhere. Expanding endpoints beyond your organization’s perimeter in the outside world makes them ideal targets for cyber attackers. While traditional risk-scoring systems can create a sense of security, many fail to factor in endpoint data. During this discussion, we’ll focus on one of the most significant challenges you face – endpoint devices, and how people and processes, coupled with endpoint and asset visibility, will provide you with best-of-breed solutions to manage today’s threat landscape.

Presented by: Chris Cruz, CIO Public Sector, Tanium

The hype around generative AI is only the beginning. This game-changing technology is poised to disrupt high-tech industries. But with new AI tools popping up every day, choosing the wrong one can have profound effects on a company’s security, customer satisfaction, and productivity.

As a trusted partner, OpenText is pioneering the era of new possibilities where generative AI complements human creativity to become tomorrow’s solutions across DevOps and ITSM.

In our talk, we will cover how OpenText AI and automation:

• Predicts and anticipates software delivery times.
• Unlocks deep insights into projects and potential risks.
• Addresses skilled staff shortages and optimizes service desk costs.
  
• Minimizes manual repetitive tasks and resolves issues without ethical compromise.

Presented by: Travis Greene, Sr. Director of ITOM Product Marketing, OpenText & Keith Flournoy, Solution Architect, OpenText

Adoption of Microsoft Teams has become widespread, with Microsoft reporting 300 million active users. While Teams has become the go-to platform for video meetings and team messaging, many organizations have discovered its telephony capabilities don’t meet their needs. As a result, many organizations just like yours are searching for third-party solutions that fit neatly into Teams to transform it into a stronger communications hub. Join your peers to network and discuss how they’re leveraging Teams and how they’re integrating other services to unleash its full potential.

Presented by: Jon House, Solution Engineer III, Enterprise, RingCentral

The plethora of security vendors operating in today’s marketplace can be overwhelming. With so many options, it’s easy to be distracted with the latest, greatest, shiny tool. Join ThreatLocker’s Rob Allen for a deep dive into the purpose of cybersecurity and how you can use it to your operational advantage today.

Presented by: Rob Allen, CPO, ThreatLocker

Imagine a World Cup qualifying team that made it to the first match but had failed to prepare for its opponents. Stepping out on the pitch, the opposing team would run circles around them. This is the story in cybersecurity today. The impact of a lack of continuous security control validation is that security programs fail and breaches occur constantly. Only by testing controls against known threats can teams generate the data they need to understand performance, tune-up, and improve effectiveness.

In this talk, Jose will cover how the research team discovered that EDR controls in AttackIQ’s customer environments only stopped top adversary techniques 39 percent of the time, and outline recommendations for how to improve cybersecurity program performance at scale.

In their analysis, the AttackIQ Adversary Research Team selected real-world adversary techniques from MITRE ATT&CK under the following criteria, including: (1) they needed to be common techniques (not edge cases); (2) they needed to have had pronounced historical impacts, including in recent Russian operations in Ukraine; and (3) most importantly, the EDR solution providers needed to consistently block these key techniques in AttackIQ’s lab environment. The goal in selecting these techniques was to find a sweet spot for realistic and popular techniques that could be prevented by recommended security configurations but are not currently being prevented most of the time in customer environments.

Attendees left the talk with a deeper understanding of why advanced cyberdefenses fail against threats and how organizations can use automated testing and the MITRE ATT&CK framework to improve their overall security program performance

Presented by: Jaymin Patel, Solutions Engineer, AttackIQ

In the debate over an all-in-one cyber security platform versus best-of-breed solutions, the overwhelming majority lean towards best-of-breed in order to leverage the most impactful technology. However, does true best-of-breed exist? This session will look to explore this debate and how to implement a best-of-breed strategy when tech doesn’t necessarily integrate with other tech.

Presented by: Tanweer Surve, Sr. Cloud Control Management Officer, Wells Fargo Bank