September 23 - 25, 2018
FAIRMONT CHICAGO – MILLENNIUM PARK, CHICAGO, IL

Sunday, September 23

11:00 am - 11:45 am Registration

11:45 am - 12:00 pm Orientation

12:00 pm - 12:10 pm Chairperson’s Opening Remarks

Fred Kwong - CISO Delta Dental
img

Fred Kwong

CISO
Delta Dental

12:10 pm - 12:45 pm The New School of Security: Responsive, Effective and Ready

Aaron Rinehart - Chief Enterprise Security Architect United Health Group
Modern Security looks completely different and there is a new playbook that changes how security exists from design, to operations, and all the way towards a shift in mindset from security testing to security experimentation. This talk breaks out three key areas: security chaos experimentation, adversity testing and operational instrumentation.

Chaos Engineering takes an approach to injecting controlled objective failure in complex systems. In this presentation, you will learn how to do this in real life from starting small with game day exercises, developing chaos experimentation, and eventually maturing into production level testing. After all, Production systems are always different that Stage. Your attacker is not going to be instrumenting your systems in Stage and neither should you. Aaron Rinehart, the innovation leader behind the Open Source Software tool, ChaoSlingr, will show you why this is important and how security automation and chaos experimentation can you help understand how your security really works. 

Adversity Testing shifts security left and adds off-the-shelf attack tools to your CI/CD pipeline. This gets security testing moving in sync with software development and Aaron will cover both conceptual and pragmatic examples of accomplishing this in your organization.

Operational Instrumentation is not unfamiliar to modern engineering organizations, however in the area of security we hope to expose new types of monitoring that modern security teams are implementing. We will cover how this fits into a feedback loop from security to ops to dev and back again. This area is critical for achieving successful outcomes with modern security in distributed systems.

Security is changing and this talk gets you ready for what’s just around the corner.

Session Takeaways: 

  • New Methods for Instrumenting Security
  • Core differences in Security Testing & Security Experimentation
  • How to Transform your Security Organization into a Learning Organization
  • A broad understanding of Chaos Experimentation
  • The Business Value of Security Chaos Engineering & Control Validation
  • Exposure to a New Open Source Tool that uses this new method
  • Ways to Think Differently about how we Build Security

img

Aaron Rinehart

Chief Enterprise Security Architect
United Health Group

12:50 pm - 1:50 pm Networking Lunch



1:55 pm - 2:25 pm Teaming Humans and Machines: Intelligent and Proactive Defense

Collaborative internal and external partnerships are vital to bridge across siloes within healthcare. Security teams create robust, scalable and repeatable processes, which are proportionate to the risk being mitigated. Streamlining the human role in cyber security as automation provides ways to secure efficiently and effectively especially with the continued growth of electronic health records, Artificial Intelligence, block chain, imaging, interoperability and telemedicine.

In this session:

  • Intrusion prevention / detection
  • Anti-malware / machine based learning protection
  • Efficiency in the resolution process



2:25 pm - 2:55 pm Threats in a Connected Healthcare World

Cybersecurity in the healthcare industry is often fraught with technological misunderstanding and a lack of institutional knowledge about organizational attack surfaces. Attackers use this misunderstanding to find intrusion avenues that may not be protected via already deployed enterprise security solutions.

This talk will cover an overview of healthcare security risks, threats, attack avenues and approaches for defending patients, their records and your systems.

3:00 pm - 3:30 pm Business Meetings

3:30 pm - 4:00 pm Business Meetings

4:00 pm - 4:30 pm Business Meetings

MasterClass

4:30 pm - 5:15 pm Serving and Protecting While Improving Security Awareness
Evolving medical technologies improve lives as well as expand access to data and devices for hackers. Cyber criminals continue to successfully and consistently exploit human nature to accomplish their goals. Employees are often the last line of defense between a sophisticated phishing scheme and internal systems, data, and medical devices. This session will provide practical advice to help organizations leverage timely and consistent security awareness and behavior management practices to strengthen the human link. 

In this session:

  • Providing relatable and relevant case studies to engage employees
  • Outlining how and where tools are helpful
  • Motivating continuous, positive security actions
  • Shifting to detection and response 



BrainWeave

4:30 pm - 5:15 pm When Shrinkage is Good- Reduce Incident Response Times from Hours to Minutes
Is your security team challenged with alert fatigue, a shortage of skilled staff, and maximizing the company’s product arsenal investment? 

Solving such challenges isn’t easy and requires a delicate balance of people, processes, and tools.  Investing in a comprehensive platform that enables security operation teams to reduce MTTR, create consistent and audited incident management process and increase analyst productivity is a step in the right direction.  

Attend this discussion to learn how a security orchestration platform can automate manual-intensive tasks and reduce response times from hours to minutes.

See how the product’s machine learning suggestions can help your team become smarter with every incident and  resolve complex threats faster and more accurately.  

Benefits from shrinking your time to respond for every incident include:

  • Improve your overall security posture,
  • Enhance analyst productivity (from Tier 1-3), and 
  • Future-proof security operations.


5:15 pm - 5:30 pm Networking Break



Ignite Session: Three Quick Fire Presentations in Thirty Minutes. Talk about getting to the crux of the matter, fast!

5:30 pm - 6:05 pm Securely Share Files Beyond Your Enterprise Borders with Full Governance and Control




Ignite Session: Three Quick Fire Presentations in Thirty Minutes. Talk about getting to the crux of the matter, fast!

5:30 pm - 6:05 pm Secure the Unsecurable: 3 Tips for CISOs to Control for Employee Behavior




Ignite Session: Three Quick Fire Presentations in Thirty Minutes. Talk about getting to the crux of the matter, fast!

5:30 pm - 6:05 pm Strengthening Medical Device Security


Cyber Health CISO Roundtable Discussions: Engage in your choice of targeted discussions for open exchange among industry peers.

6:05 pm - 6:45 pm Empowering Security through the Cloud
Darren Dannen - Director Security Architecture & Engineering Wellmark Blue Cross and Blue Shield
The cloud offers economic, competitive and collaborative benefits to healthcare. But the sensitive and regulated data kept by healthcare requires heightened security measure. In this session, discuss the challenges and benefits of moving to the cloud. Look at how the changing threat landscape creates risks to traditional security practices. Examine current security trends affecting healthcare  and approaches to protecting sensitive data: 

•Prioritizing and overcoming challenges to the cloud 
• Embracing the cloud with full visibility while managing shadow IT 
•Identifying gaps and ensuring regulatory compliance through the cloud

img

Darren Dannen

Director Security Architecture & Engineering
Wellmark Blue Cross and Blue Shield

Cyber Health CISO Roundtable Discussions: Engage in your choice of targeted discussions for open exchange among industry peers

6:05 pm - 6:45 pm Tackling Compliance- Collaborative Approaches in the Healthcare Community
Healthcare organizations must balance compliance and risk with changing markets and government regulation. Emerging technologies including the Internet of Medical Things, machine learning, and software platforms for managing medical records are constantly added to the healthcare ecosystem.. Industry standards and government regulations add another level of complexity. Information  risk executives need to stay up-to-date in order to minimize risk and maximize response and efficiency.

In this session:
 
•Staying ahead of new and evolving healthcare legislation
•Keeping up with the effect of tax reform 
•Affecting the organizations ability to manage data through intelligent technologies

6:45 pm - 7:15 pm Networking Cocktail