The Security Leaders Summit

Where Industry Leaders Meet to Shape the Future
  • Home
  • /
  • Security Leaders Summit

The Security Leaders Summit New York Fall was held on Wednesday, September 10, 2014 at the Hilton Avenue of the Americas. The Summit brought together an outstanding community of senior IT executives for engaging peer-level interaction, discussions on new approaches to managing complexities in Information Security and provided opportunities to collaborate with leaders in the industry. Throughout the day, the Summit Hosts, representing companies across a diversity of industries and sizes, shared insights and knowledge with the distinguished group of attendees through their presentations, interviews and breakout roundtable discussions.

“The Security Leaders Summit New York was rocket fuel for the security professionals.”
Deborah Snyder, Acting Chief Information Security Officer – New York State, Office of Information Technology Services

“The Security Leaders Summit provided for a great program with great value.”
Rich Carson, Chairman – SAINT Corporation

Summit Recap

Summit Emcee, Richard Warner, kicked off the the 2014 Security Leaders Summit in New York with 80+ senior executives from across the area in attendance. Earlier in the morning, guests had the opportunity to enjoy breakfast and engage with their colleagues and Summit Sponsors.

“The Rising Value of the CISO” was the topic of the Opening Keynote, presented by Matt Comyns, Global Co-head of the Cyber Security Practice at Russell Reynolds Associates. Matt shared insights into the increasing value of the role to the business and the shift in compensation to align with the increased value. At large global companies where CISOs are dealing with a wide range of complex issues, compensations are in the $500,000+ range with bonuses. Matt stated the “rising tide in compensation is moving the average minimum to $300,000 and above.”

Matt wrapped up his keynote with his perspective on what separates the top tier CISOs from the rest – vision, polished communication skills that provide for a great presence, and the ability to attract talent to the organization. Matt stressed the use of an executive coach as a way to help fast track a CISO career.

In the interview session, “Leadership Challenges,” Todd Bearman, Chief Information Security Officer of Towers Watson, facilitated discussions with Justine Aitel, Chief Information Security Officer of Dow Jones & Company, and Anthony Johnson, VP & Chief Information Security Officer at Fannie Mae. In working for a publishing company, Justine is focusing on new ways to bring in revenues as a way to reflect increased value from her organization and working with the company to further leverage social media for both customer and employee retention. Anthony has laid out a plan to work closely with the business units to streamline complexities in managing risks. Todd brought to light the need for CISOs to more aggressively position themselves to have greater access to the C-Suite and Board.

The morning break provided guests with the opportunity to grab more coffee, enjoy fruit smoothies, and continue discussions with their peers.

In the Executive Briefing, “One Day Wonders…How Cyber Criminals Are Hiding in Plain Sight…” Grant Asplund, Director of Evangelism at Blue Coat Systems, Summit Platinum Sponsor, shared some of the latest trends that are highlighting the increased need for real time global intelligence. Over a 90 day period, of the 660 million new hostnames, 470 million existed 24 hours or less. Grant stated that while most of these are legitimate and exist to deliver a better user experience, 22% of the top 50 domains responsible for these ‘one-day-wonders’ were identified as malicious.

In his presentation, Grant discussed the need for organizations to utilize security controls with real-time global intelligence, have solutions in place that comprehensively assess and assign a risk value based on multiple factors including context around domains, IP address, and site popularity, the need for a baseline of hostnames for rapid detection of anomalies and the need for highly granular policy controls to include detailed policy creation, threat risk levels and hostname baselines to help automate defenses and fortify security postures.

After lunch, Emcee, Richard Warner, spoke with Shardul Shah, Principal at Index Ventures, on “Trends from an Investor’s Perspective.” Shardul discussed some of the latest trends in information security he is seeing, direction of products coming to market, and what a company like his looks for and invests in as far as the “next big idea.

ViJay Viswanathan, Chief Information Security Officer at HD Supply presented on “Intelligence Driven Security. ViJay shared the knowledge gained from his multi-year journey to create and implement a unique Intelligence driven Risk Management Framework. While the company is now beginning to reap rewards for efforts to-date, ViJay discussed the keys to success require a definite commitment from the business as substantial expense is involved, the collection of typically huge volumes of data to be able to baseline, and the need for a team that understands the business and has the expertise to filter data.

Always rated highly by Summit attendees, the Executive Roundtables offered the opportunity to spend the remaining afternoon in peer-to-peer discussions on a range of topics. Topics were facilitated by Summit hosts including Deb Snyder, Acting Chief Information Security Officer at NY State Office of Information Technology Services, Kostas Georgakopoulos, Americas Head of IT Security at UBS, John Hibbs, Chief Information Security Officer at GE Capital, John Whiting, Business Information Security Officer at AIG, Ray Hawkins, Chief Information Security Officer at Genesis HealthCare Corporation and Teresa Zielinski, Chief Information Security Officer and Risk Leader at GE Power and Water.

At the Executive Roundtable discussions, guests had the opportunity to rotate to a second topic that was of interest to them. The Roundtable discussions wrapped up with debriefs of each of the topics by the Summit Hosts. Picture is John Whiting, Business Information Security Officer at AIG, providing one of the debriefs.

The Summit concluded with guests enjoying the afternoon Reception.

Be sure to visit the photo gallery.

Platinum Sponsor

Blue Coat Systems

Blue Coat empowers enterprises to safely and securely choose the best applications, services, devices, data sources, and content the world has to offer, so they can create, communicate, collaborate, innovate, execute, compete and win in their markets. Blue Coat has a long history of protecting organizations, their data and their employees and is the trusted brand to 15,000 customers worldwide, including 86 percent of the FORTUNE Global 500. With a robust portfolio of intellectual property anchored by more than 200 patents and patents pending, the company continues to drive innovations that assure business continuity, agility and governance.

For additional information, please visit: www.bluecoat.com or contact Deborah.jagoe@bluecoat.com

Bronze Sponsors

AirWatch by VMware

AirWatch by VMware is the leader in enterprise mobility management, with more than 10,000 global customers. The AirWatch platform includes industry-leading mobile device, email, application, content, and browser management solutions. Acquired by VMware in February 2014, AirWatch is based in Atlanta and can be found online at http://www.air-watch.com/

NetSpi Corporation

Using our consulting team’s deep security knowledge and our proprietary CorrelatedVM vulnerability management & reporting solution, NetSPI acts as a trusted advisor to large enterprises by providing deep-dive, manual penetration testing – from mobile applications to entire networks and infrastructures. NetSPI also provides assessment and vulnerability management advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards.

Utilizing its proven and comprehensive methodology in conjunction with its adaptive and responsive client service – NetSPI is more than a vendor, its partner you can trust with your most critical assets. More information is available at http://www.netspi.com/

Security Innovation

Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches — insecure software applications. For more than a decade, we’ve helped organizations build internal expertise, uncover critical vulnerabilities, and improve the process by which applications are built. The company’s solutions are based on the three pillars of a secure Software Development Lifecycle (SDLC), which feed into one another to create an ecosystem of repeatable, secure software development: Standards, Education, and Assessment. Our flagship products include TeamProfessor, the industry’s largest library of application security eLearning courses, and TeamMentor, “out of the box” secure development standards. For more information visit: https://www.securityinnovation.com/

Wombat Security Technologies

Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.
Thank you for attending the Security Leader’s Summit in New York on September 10. We hope you had as many valuable and enlightening discussions as we did at the event. In case we didn’t get a chance to talk here’s a little bit about Wombat Security Technologies.

We help organizations teach their employees how to avoid cyber-attacks. You can change employee behavior and reduce organizational risk. You can implement a complete program through our Security Education Platform which includes knowledge assessments and mock attacks, a library of interactive training modules, awareness materials, and detailed reporting.

Our customers have achieved a 9x ROI within 6 months by significantly reducing malware infections and successful phishing attacks from the wild. You can too.

Here’s a link to a case study where you can learn about the results of one of our customers. http://info.wombatsecurity.com/decrease-phishing-attacks

If you’d like additional information or to schedule a demonstration please contact Pat Geloff at pgeloff@wombatsecurity.com.

Wi-Fi Sponsors

SAINT Corporation

SAINT Corporation, a global leader in network security, offers the SAINT security suite including integrated vulnerability assessment, penetration testing, compliance reporting, and configuration assessment. Examine your network with the SAINT vulnerability scanner, and expose where an attacker could breach your network. Go to a higher level of visibility with penetration testing tools and exploit the vulnerability to prove its existence without a doubt.

SAINT can help to –
• Manage and reduce security risks to your enterprise
• Document compliance with government and industry regulations like PCI, NERC, HIPAA, SOX, FISMA, and with internal policies.
• Emulate potential attackers with the suite of exploit tools.
• Perform configuration audits with policies defined by FDCC & USGCB.

SAINT software is available to download, as a cloud service (SAINTCloud), or preloaded on an appliance (SAINTbox). The software includes enterprise functionality; customizable dashboards and data analysis; and a friendly interface. For more information, visit http://www.saintcorporation.com/

SecureAuth

Located in Irvine, California, SecureAuth is a technology leader and creator of the award-winning SecureAuthIdP that uniquely delivers multi-factor authentication and single sign-on together in a powerful solution for mobile, cloud, web, and network resources without requiring supplementary components or add-ons. For more information visit: http://www.secureauth.com/

Hosts

The Security Leaders Summit New York Fall 2014 was hosted by information security and IT executives from across the region. The Summit Hosts served as the face of the Summit and throughout the day, they shared their insights during presentations, interactive sessions, and facilitate peer-to-peer executive roundtable discussions. The hosts were:

MaddenS Justine Aitel
Chief Information Security Officer
Dow Jones & Company, Inc.
Read Bio

photo_comingSoonS Todd Bearman
Chief Information Security Officer
Towers Watson
Read Bio

MaddenS Matt Comyns
Global Head of Cyber Security Practice
Russell Reynolds Associates
Read Bio

MaddenS Kostas Georgakopoulos
Americas Head of IT Security
UBS
Read Bio

photo_comingSoonS Ray Hawkins
Chief Information Security Officer
Genesis HealthCare Corporation
Read Bio

photo_comingSoonS John Hibbs
Chief Information Security Officer
GE Capital
Read Bio

photo_comingSoonS Anthony Johnson
VP & Chief Information Security Officer
Fannie Mae
Read Bio

MaddenS Shardul Shah
Principal
Index Ventures
Read Bio

MaddenS Deb Snyder
Acting Chief Information Security Officer
NY State Office of Information Technology Services
Read Bio

MaddenS John Whiting
Business Information Security Officer
AIG
Read Bio

MaddenS ViJay Viswanathan
Chief Information Security Officer
HD Supply
Read Bio

MaddenS Teresa Zielinski
CISO and Risk Leader
GE Power and Water
Read Bio

Time Description
7:30am – 8:30am Registration Opens with Breakfast Buffet and Networking in the Sponsor Pavilion Rendezvous Ballroom
8:30am – 8:40am Transition to Ballroom
8:40am – 9:00am Welcome and Opening Remarks Trianon Ballroom
9:00am – 9:35am

“Opening Keynote – The Rising Value of the CISO”

Geoff AranoffMatt Comyns
Global Head of Cyber Security Practice
Russell Reynolds Associates
Read Bio

In the morning Opening Keynote, Matt Comyns, Global Co-head of the Cyber Security Practice and a leader in the Digital Transformation practice at Russell Reynolds Associates, will share his insights into the CISO of the future, the increasing value of the role to the business, the shift in compensation to align with the increased value, his discussions with the C Suite, and what separates the top tier CISOs from the rest.

Russell Reynolds Associates is an executive leadership and search firm, serving clients globally for 45 years. The company advises clients on recruiting and retaining outstanding and impactful leaders.

Trianon Ballroom
9:35am – 10:15am

“Game Changers – Leadership Challenges”

ZandoliSJustine Aitel
Chief Information Security Officer
Dow Jones & Company, Inc.
Read Bio

ZandoliSTodd Bearman
Chief Information Security Officer
Towers Watson
Read Bio

ZandoliSAnthony Johnson
VP & Chief Information Security Officer
Fannie Mae
Read Bio

In this interview session, Todd Bearman, Chief Information Security Officer of Towers Watson, will facilitate discussions with Justine Aitel, Chief Information Security Officer at Dow Jones & Company, and Anthony Johnson, VP & Chief Information Security Officer at Fannie Mae, on how they are moving their organizations to the next level, partnering better with the business, and enabling employees to truly be part of a borderless enterprise.

Trianon Ballroom
10:15am – 10:45am Break and Networking in the Sponsor Pavilion Rendezvous Ballroom
10:45am – 10:55am Transition to Ballroom
10:55am – 11:25am

Executive Briefing – “One Day Wonders…How Cyber Criminals Are Hiding in Plain Sight…”

Geoff AranoffGrant Asplund
Director of Evangelism
Blue Coat, Platinum Sponsor
Read Bio

Over a 90 day period, of the 660M new Hostnames, 470M existed 24 hours or less. While most of these are legitimate and exist to deliver a better user experience, there is a darker side. Of the top 50 domains responsible for these ‘one-day-wonders’ fully 22% were identified as malicious. This tactic is popular with cyber criminals because they 1.) Keep security solutions guessing since dynamic domains are harder to thwart than static domains. 2.) Overwhelm security solutions by generating a high volume of domains increasing the chances some percentage will be missing security controls and 3.) Hide from security solutions simply by combining ‘one-day-wonders’ with encryption and running incoming malware and/or outgoing data theft over SSL.

This presentation will discuss:
• Why organizations should utilize security controls with real-time global intelligence in order to identify One-Day-Wonders
• Why organizations should have solutions in place that comprehensively assess and assign a risk value based on multiple factors including context around domains, IP address, site popularity
• The need for a baseline of hostnames for rapid detection of anomalies
• Highly granular policy controls must include detailed policy creation, threat risk levels and hostname baselines to help automate defenses and fortify security postures
• Why ETM (Encrypted Traffic Management) is rapidly becoming a top priority for enterprises in order to expose vulnerabilities and risks as a result of the significant increase in use of SSL

Trianon Ballroom
11:25am – 12:00pm

“Trends from an Investor’s Perspective”

Geoff AranoffShardul Shah
Principal
Index Ventures
Read Bio

Index Ventures is a global venture capital firm, focused on making investments in information technology and life sciences companies. In this interview session, Summit Emcee, Richard Warner, will ask Shardul Shah, Principal at Index Ventures, to bring to light what is going on in the information security industry relative to trends, direction of products coming to market, and what a company like his looks for and invests in as far as the “next big idea.” Shardul leads Index’ security practice, which has invested over $50m in security startups in the last 18 months.

Trianon Ballroom
12:00pm – 1:00pm Lunch in the Sponsor Pavilion Rendezvous Ballroom
1:00pm – 1:10pm Transition to Ballroom
1:10pm – 1:50pm

“Intelligence Driven Security”

Geoff AranoffViJay Viswanathan
Chief Information Security Officer
HD Supply
Read Bio

ViJay Viswanathan, CISO of HD Supply with over $8.5 billion in sales, has been on a multi-year journey creating and implementing a unique Intelligence driven Risk Management Framework. ViJay will explore the requirements, benefits and challenges of developing the Intelligent driven Risk Management practice that will include –

1. Threat recognition and predictive analytics
2. The use of big data analytics to give context to SIEM
3. Right information, at the right time, at the right place

Trianon Ballroom
1:50pm – 3:00pm

Executive Roundtable Discussions Facilitated by Summit Hosts

Breakout sessions with your peers on topics determined by attendees during registration. The topics are facilitated by the Summit Hosts.

Topic 1: Information Security’s Strategic Value to the Business

Robert MimsDeb Snyder
Acting Chief Information Security Officer
NY State Office of Information Technology Services
Read Bio

read more

Topic 2: Advanced Persistent Threats – Building Cyber Resilience

Robert MimsKostas Georgakopoulos
Americas Head of IT Security
UBS
Read Bio

read more

Topic 3: Reducing Application Security Risk

Robert MimsJohn Hibbs
Chief Information Security Officer
GE Capital
Read Bio

read more

Topic 4: Information Security Governance and Compliance

Robert MimsJohn Whiting
Business Information Security Officer
AIG
Read Bio

read more

Topic 5: Security Awareness and Changing Behavior

Robert MimsRay Hawkins
Chief Information Security Officer
Genesis HealthCare Corporation
Read Bio

read more

Topic 6: Leveraging the Cloud for Business Agility While Managing Risks

Robert MimsTeresa Zielinski
CISO and Risk Leader
GE Power and Water
Read Bio

read more

Topic 7: Big Data in Cyber Security – From Hindsight, To Insight, To Predictive

Robert MimsTodd Bearman
Chief Information Security Officer
Towers Watson
Read Bio

read more

Trianon Ballroom
3:00pm – 3:15pm Break
3:10pm – 4:15pm

2nd Rotation of Executive Roundtable Discussions Facilitated by Summit Hosts

Breakout sessions continue as attendees move to another topic for discussion with their peers. At the end of the 2nd rotation, a debrief of the discussions on each of the topics will be provided by the Summit Hosts.

Trianon Ballroom
4:15pm – 4:30pm Closing Remarks Trianon Ballroom
4:30pm – 5:30pm Reception in the Sponsor Pavilion with Prize Drawings Rendezvous Ballroom

Venue

Hilton New York, Avenue of the AmericasHilton Avenue of the Americas

1335 Avenue of the Americas, New York, NY 10019
(212) 586-7000

Located in the heart of New York City, the Hilton New York is just steps away from New York’s premier attractions. Conveniently situated in Midtown Manhattan, the hotel is one of the most sophisticated New York hotels and is within walking distance of Times Square, Radio City Music Hall, Fifth Avenue shopping, the Broadway Theatre district, Central Park, The Museum of Modern Art (MOMA) and many more iconic New York landmarks.

Room Rate and How To Book

Hilton New York, Avenue of the AmericasSelect from a variety of modern, spacious guest rooms featuring on-demand entertainment and high-speed internet access. Upgrade to a suite and enjoy complimentary Executive Lounge access. This exquisite New York hotel provides a diverse choice of dining options.

Information on how to book your room will be available shortly.

Amenities

The hotel has a fitness center, business center, valet parking, rooftop lounge, onsite restaurants, and room service.

Parking

  • Self parking – Not Available
  • Valet parking – $60.00 ($51 for Sedan Cars)
  • Other Parking Information – Entrance located in back-W.53rd bet 6&7th Ave

Directions

On Avenue of the Americas (6th Ave.) between West 53rd and West 54th Streets. 53rd street is west bound and 54th street is east bound.Laguardia is 8 miles, JFK is 17 miles, Newark is 15 miles, Grand Central station is 15 minutes across town, Penn Station is 15 minutes downtown and Port Authority is 10 minutes downtown.

View Larger Map

John F. Kennedy International Airport

  • Van Wyck Expressway North To Long Island Expressway (LIE) West and watch for signs to Queens Midtown Tunnel to 34th street . Go west accross 34th street to Avenue of the Americas (6th Avenue). Make a right and go up the Avenue to 53rd st.

Newark International Airport

  • Look for signs to New Jersey Turnpike (I-95 N) follow signs to Lincoln Tunnel, tunnel exits at west 40th street and 9th ave, drive east on 40th street to Avenue of the Americas and turn left on 53rd street

La Guardia Airport

  • Grand Central Parkway to Brooklyn Queens Expressway South to Long Island Expressway West. Follow signs for Queens Midtown Tunnel to 34th Street . Take 34th Street West to Avenue of the Americas (6th Avenue). Make a right and go to 53rd st.

If you are interested in sponsoring the event or would like more information about sponsor packages, please call 678-445-1919 or email us at info@execalliance.com.

Platinum Sponsor

spo_blueCoatAbout Blue Coat Systems

Blue Coat empowers enterprises to safely and securely choose the best applications, services, devices, data sources, and content the world has to offer, so they can create, communicate, collaborate, innovate, execute, compete and win in their markets. Blue Coat has a long history of protecting organizations, their data and their employees and is the trusted brand to 15,000 customers worldwide, including 86 percent of the FORTUNE Global 500. With a robust portfolio of intellectual property anchored by more than 200 patents and patents pending, the company continues to drive innovations that assure business continuity, agility and governance.

Bronze Sponsor

spo-accellionAbout AirWatch by VMware

AirWatch by VMware is the leader in enterprise mobility management, with more than 10,000 global customers. The AirWatch platform includes industry-leading mobile device, email, application, content, and browser management solutions. Acquired by VMware in February 2014, AirWatch is based in Atlanta and can be found online at www.air-watch.com.

spo-proofPointAbout NetSPI

Using our consulting team’s deep security knowledge and our proprietary CorrelatedVM vulnerability management & reporting solution, NetSPI acts as a trusted advisor to large enterprises by providing deep-dive, manual penetration testing – from mobile applications to entire networks and infrastructures. NetSPI also provides assessment and vulnerability management advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards.

Utilizing its proven and comprehensive methodology in conjunction with its adaptive and responsive client service – NetSPI is more than a vendor, its partner you can trust with your most critical assets.

More information is available at www.netspi.com

spo-securityInnovationAbout Security Innovation

Security Innovation focuses on the most difficult IT Security problem, and the root cause of most data breaches — insecure software applications. For more than a decade, we’ve helped organizations build internal expertise, uncover critical vulnerabilities, and improve the process by which applications are built. The company’s solutions are based on the three pillars of a secure Software Development Lifecycle (SDLC), which feed into one another to create an ecosystem of repeatable, secure software development: Standards, Education, and Assessment. Our flagship products include TeamProfessor, the industry’s largest library of application security eLearning courses, and TeamMentor, “out of the box” secure development standards.

spo-securityInnovationAbout Wombat Security Technologies

Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

Wi-Fi Sponsor

spo-securityInnovationAbout SAINT

SAINT Corporation, a global leader in network security, offers the SAINT security suite including integrated vulnerability assessment, penetration testing, compliance reporting, and configuration assessment. Examine your network with the SAINT vulnerability scanner, and expose where an attacker could breach your network. Go to a higher level of visibility with penetration testing tools and exploit the vulnerability to prove its existence without a doubt. SAINT can help to –

• Manage and reduce security risks to your enterprise
• Document compliance with government and industry regulations like PCI, NERC, HIPAA, SOX, FISMA, and with internal policies.
• Emulate potential attackers with the suite of exploit tools.
• Perform configuration audits with policies defined by FDCC & USGCB.

SAINT software is available to download, as a cloud service (SAINTCloud), or preloaded on an appliance (SAINTbox). The software includes enterprise functionality; customizable dashboards and data analysis; and a friendly interface. For more information, visit www.saintcorporation.com

spo-securityInnovationAbout SecureAuth

Located in Irvine, California, SecureAuth is a technology leader and creator of the award-winning SecureAuth IdP that uniquely delivers multi-factor authentication and single sign-on together in a powerful solution for mobile, cloud, web, and network resources without requiring supplementary components or add-ons.

Guest Feedback

Each time I participate in an Executive Alliance Summit, the attendees are very interactive and have a variety of backgrounds and experiences. I thoroughly...

Geoff Aranoff, Chief Information Security Officer, Broadcom
VIEW MORE GUEST FEEDBACK IT Security Leaders

The Security Leaders Summit brings together security execs who come at problems from multiple angles and backgrounds, but usually share common challenges. We don't always...

Justine Aitel, Chief Information Security Officer, Dow Jones & Company, Inc.
VIEW MORE GUEST FEEDBACK IT Security Leaders

As Cyberthreat is the number one threat, it is everyone’s responsibility to educate themselves to protect us from cyberwar. ...

Raj Patel, Chief Information Security Officer, City of Palo Alto
VIEW MORE GUEST FEEDBACK IT Security Leaders

I look forward to the Executive Alliance event each year. The agenda provides a variety of topics and formats that generate stimulating conversations that I...

Darin Mastricola, AVP, IT Risk, Security, and Compliance, Endurance Services Ltd.
VIEW MORE GUEST FEEDBACK IT Security Leaders