↓ Agenda Key
Visionary speaker presents to entire audience on key issues, challenges and business opportunities
Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.
Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics
Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.
Solution provider-led session giving high-level overview of opportunities
Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.
End user-led session in boardroom style, focusing on best practices
Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.
Interactive session led by a moderator, focused on industry issue
Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.
Overview of recent project successes and failures
Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.
Discussion of business drivers within a particular industry area
Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.
Analyst Q&A Session
Moderator-led coverage of the latest industry research
Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.
Several brief, pointed overviews of the newest solutions and services
Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.
Pre-determined, one-on-one interaction revolving around solutions of interest
Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.
Open Forum Luncheon
Informal discussions on pre-determined topics
Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.
Unique activities at once relaxing, enjoyable and productive
Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.
12:00 pm - 1:30 pm
7:00 am - 7:55 am
8:00 am - 8:10 am
8:10 am - 8:50 am
Today’s businesses are challenged to drive fast change through technology with minimal impact, yet the two common models of IT delivery leave little room for the flexibility and continuous change necessary to achieve success. Hear from Aflac Chief Information Officer Julia Davis how a trimodal approach incorporating legacy systems alongside modern development practices enabled Aflac to break down walls between business and IT, promote transparency and collaboration and support a successful migration to agile that fit into the company’s culture.
Julia Davis, CIO, Aflac
9:45 am - 10:15 am
The economic downturn has had significant and long-lasting effects on the banking industry, not the least of which is the reduction in interest based revenue as a result of tightened lending regulations and increased lending reticence. As these revenues stagnate, financial services organizations are having to find new sources of revenue to not just try and drive growth, but to halt shrinkage, and fees alone aren’t going to bridge that gap. What are needed are new and appealing products and services that will draw clients back into a relationship and drive increased non-interest based revenue. This will be a tumultuous time for the IT department as the lines of business experiment to find the sweet spot and will need dynamic and flexible support from their technology arm.
Matthew Burris, Global Vice President- Data Science, Citi
While the link between anti-fraud and anti-money laundering capabilities may be easy to draw on the surface, far too often these capabilities are siloed within the typical financial services organization. Under the covers areas that seem to have commonality are often separated by radically different cultural approaches, with fraud staff coming from an operational or IT background and AML staff drawing from experience in compliance, legal, and GRC. The key to overcoming the challenges of team integration first and foremost comes down to system and data integration and those financial services institutions that are able to operate both groups from common platforms and intermingled data will find that silos naturally erode, that barriers do break down, and that the two groups begin to work efficiently and effectively together such that the whole really is greater than the sum of the parts.
Omar Khawaja, CISO, Highmark
10:20 am - 10:50 am
Is mobility a cost? Or is it a key part of your strategy for business success? Many businesses are leveraging mobility to generate real and measurable returns and to increase their competitiveness. How? Join CDM Media and BlackBerry as we explore ways in which companies can strategically manage their mobility investments.
In our session we'll look at security - again from a strategic viewpoint. Security covers a wide range of issues in the modern enterprise. While protection of data is at the forefront, security involves many other aspects and issues from secure collaboration to the security and protection of employees in an increasingly tumultuous world. We'll deal not only with securing mobility, but how the strategic use of mobility can make you more secure.
10:55 am - 11:25 am
The hype around the cloud is pervasive and can be potentially overwhelming but numerous studies have shown that tangible benefits can be had, whether in cost savings, efficiency improvements, or flexibility enhancements. That said numerous impediments exist to not just realizing that value, but even considering adoption; regulatory issues, integration challenges, business process revamp, and a dozen other challenges can halt cloud projects in their tracks before they get off the ground. In this group discussion we’ll explore those inhibitors, understanding which challenges prevent adoption and what can be done to overcome them.
11:30 am - 12:00 pm
The discussion around the convergence of physical security and information security dates back over a decade, but though much was made of the concept in the early 2000’s little was actually done and the buzz faded. Flash-forward to today however and the buzz is back because of the increased focus on holistic risk management, the increased pressure of greater compliance requirements, and the increased demand for every aspect of the business to be a value generator. CISOs and CIROs need to evaluate the opportunities for both technology convergence (streamlining platforms) and organizational convergence (streamlining roles) to meet new threat protections mandates.
From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.
Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.
Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can cover up to millions of devices.
In this session, learn:
12:05 pm - 12:35 pm
Mobile technologies have swept the world, with the latest news that there are officially more such devices on the planet than there are people and across the board these devices have become the go-to way in which people interact with peers and providers. While banks have begun adopting mobile channels to engage and interact with their clients, they clearly need to go much, much further, embracing mobile payments (in store and for bills), P2P payments, and mobile only enrollments among other innovations. Wholesale adoption of mobile as the primary (and in some ways only) engagement and interaction channel means backend systems will need to be re-architected and CIOs need to begin thinking about the nature and scope of these changes, as well as initiating the dialogue about this revolution with their business partners now.
Steven Daniels, SVP EDM, eCRM, Architecture, Strategy & Innovation, U.S. Bank
Since regulatory (and industry) compliance became a notable “thing” in the early-mid 2000’s it has been intimately linked with information security and often times has been the lever (or hammer) by which enterprises made necessary investments in security. But being “compliant” and being “secure” aren’t the same thing, and in too many cases enterprises that were perfectly compliant have been perfectly breached. A new focus is needed; one that respects that while security and compliance are not the same thing, they are working towards the same goal (a reduction in overall enterprise risk exposure) and sees that compliance flows from security.
Andy Villareal, Senior Vice President and Chief Compliance Officer, MoneyGram International
12:40 pm - 1:40 pm
1:45 pm - 2:15 pm
The constant stream of raw data produced by an enterprise has grown more valuable, but the ability to harness this value effectively has proven difficult. Home grown warehouses, multiple copies of the same data being siphoned under cover of darkness, lack of consensus on who's data is correct, poor data quality at point of capture - all contribute to an inefficient ecosystem that can smother value and create frustration all around. Adding data generated about your customers from systems external to your enterprise and the problem becomes even further compounded.
By understanding the breadth of the situation and driving a deeper appreciation of how we got here, it is possible to evolve the conversation beyond ineffective quick fixes to create a more sustainable and comprehensive approach.
Brian Lavery, SVP | US Technology Solutions, TD
Keys and certificates are vital to the digital authentication and authorization used with SSL/TLS, SSH, Mobile devices, and VPN access. The use of keys and certificates will continue to grow as businesses need to ensure appropriate access across servers, applications, mobile devices, cloud computing and the Internet of Things. Key and certificate management is complex, especially with the use of multiple key and certificate vendors, hardware security modules, and other technologies. There is an increase in the use of keys and certificates by cybercriminals in their attacks which is jeopardizing the digital trust which underpins most of the global economy.
Stephen Jordan, SVP Cryptographic Services Enterprise Information Security Engineering & Services, Wells Fargo
2:20 pm - 2:50 pm
From a technology standpoint, as a “society” the world of business has gone through two distinct stages in the evolution of its information security focus. The first addressed network based protection and preventative controls such as firewalls and anti-malware. The second looked at data-centric and detective controls such as encryption and intrusion/extrusion monitoring. Since breaches continue to occur at a record pace, what is need new is clearly a new evolution, one that pushes towards From a technology standpoint, as a “society” the world of business has gone through two distinct stages in the evolution of its information security focus. The first addressed network based protection and preventative controls such as firewalls and anti-malware. The second looked at data-centric and detective controls such as encryption and intrusion/extrusion monitoring. Since breaches continue to occur at a record pace, what is need new is clearly a new evolution, one that pushes towards individual focused security through granular user monitoring and management as provided by solutions such as Identity and Access Management. While IAM isn’t a new technology field, it is one whose time has come and CISO need to begin investing in modern-day, light-weight, easy to implement IAM solutions now to stay ahead of the curve, and reduce enterprise threats.
2:55 pm - 3:25 pm
Privilege access abuse is often a top use case for user and entity behavior analytics (UEBA) however it begins with first knowing what is privilege access and what has been granted and what privilege users are doing with this access in order to monitor abuses. This is also known as discovery, and both IAM and PAM solutions have been challenged with closing this gap. Legacy methods of tracking privilege accounts include prefixes, tags and access management solutions providing reports. The challenge is these methods likely track less than 50% of privilege access and may not include entitlements within accounts.
Identity Analytics (IdA) is machine learning from big data to provide a dynamic, context aware risk-based approach to complement access management. To detect privilege access abuses with UEBA, one must learn all privilege access down to the entitlement level with IdA. This provides a risk-based approach to remove excess access, provide risk-based certifications in order to gain a full understanding of privilege access and activity to close the gap. This roundtable will discuss the implications of UEBA and IdA in respect to machine learning providing privilege access intelligence.
3:30 pm - 4:00 pm
Cyber enabled threats have evolved over time from relatively simple approaches to highly complex targeted attacks, and companies have to defend themselves at all levels of this “threat pyramid.” While many organizations now recognize that Security Analytics plays an important role in detecting patterns in the data like the footprints attackers leave behind. The challenge for many is that they aren’t sure exactly what that means or how to get started. This is in part because analytics is an overused term that is often left undefined. Join us in a conversation about Security Analytics – with a focus on demystifying the term and working out how to get started.
BAE Systems Applied Intelligence
4:05 pm - 4:35 pm
Acquiring and retaining cyber talent to protect organizations from harm is on the minds of many senior executives, however, good talent is a scarce resource. This discussion will address ways in which you can stay in the driver’s seat when it comes to hiring, promoting and keeping good cyber talent. Several options will be discussed including both internal and external solutions.
Jay VanDerwerken, Senior Managing Director, NYU Tandon School of Engineering
It's well documented that Millennials are significantly different than any previous generation. Their purchase behavior, borrowing and savings behavior, ethnic diversity and use of digital technology are causing banks to rethink how they deliver services and engage what is now the largest generational population in the country. Understanding the dynamics of this generation and its impact on the bank of the future including marketing, branch strategies, online banking and portfolio management is essential for long term success.
Mircea Mihaescu, Chief Operating Officer, Moven
4:40 pm - 5:20 pm
The role of the modern CIO is more complex than it has ever been before, not just because the technology landscape has become more complex, but also because increasingly the CIO has had to become a business-focused executive, not just a technologist. Long have we talked about the CIO “getting a seat at the table” but modern businesses are now demanding that their technology impresario join them and leverage his deep and rich technical acumen to allow the organization as a whole to better position itself for market-place success. To be successful, CIOs need to invest in themselves, in their personnel, and in the right technologies to allow them to position the IT department to proactively address business needs as an innovator and driver, rather than order-taker and enabler.
Paul Valente, Director Information Security/ Head IS, Lending Club
Rajiv Sondhi, Sr Director - Software Engineering & Technology, Capital One
5:20 pm - 6:30 pm
6:30 pm - 8:00 pm
8:00 pm - 10:00 pm
7:00 am - 8:05 am
8:10 am - 8:50 am
While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.
Ron Green, EVP, CISO, Mastercard
8:55 am - 9:35 am
User and Entity behavior analytics (UEBA) and identity analytics (IdA) created from behavior-based machine learning models are changing security methodologies and architecture in many domains. UEBA and IdA are converging with SIEM, IAM, DLP, CASB and EDR solution areas to impact security solution design and functionality. The shift includes moving from a declarative rules and roles-based environment into behavior-based risk scoring to determine intelligent roles, adaptive access, plus predicting and detecting insiders, account hijacking, data exfiltration and cloud access and abuse. We are surrounded by many uses of machine learning in our daily lives and until only recently are security solutions catching up to this force multiplier.
9:45 am - 10:15 am
On the surface, wholesale adoption of cloud delivered services seems to signal the end of the IT department as we know it as the vast majority of the extant roles and responsibilities become outsourced. While that may be true, it doesn’t necessarily mean the end of the IT department in its entirety. A variety of studies have shown that expansion of the IT department is just as likely as contraction as a result of broader cloud adoption. While the sysadmins and other server-huggers may well go away cloud adoption signals growth in at least four keys areas: Business Management, Vendor Management, Information Security, and Systems Integration. IT Leaders must begin the work now of recasting their IT department to position is for success if the brave new cloud world.
Radha Kuchibhotla, VP IT, State Street
Cloud delivered computing services, whether Software, Platform, or Infrastructure as a Service offer the potential of significant business advantages such as reduced cost and increased flexibility. These advantages however come with very real risks, chief among them security concerns and the risk of data and compliance breaches – how do you secure what you can’t see, touch, and control? Join the discussion as we explore both the security and compliance issues inherent in Cloud deployments, look at the hidden issues that first time Cloud adopters may simply not be aware of, and discuss through solutions that can be used to address these challenges and allow enterprises to fully and firmly embrace the Cloud.
10:20 am - 10:50 am
You may not realize that your customers are on a journey, but they know. The customer experience consists of a series of touchpoints, from marketing to purchase to servicing. In Insurance, each one of these touchpoints is a moment of truth, an opportunity to either improve or reduce customer satisfaction. In today’s competitive, rapidly evolving market, customer satisfaction is one true durable competitive advantage.
Do you have a good understanding of these customer touchpoints, and how effective each one is? Are these customer touchpoints improving the customer experience, or making it worse? Can you build a strategic view, and keep that view up to date? Many companies take an offline approach to building customer journey maps. However, with the rapid proliferation of channels, keeping these offline models up to date is a huge challenge, as is effectively tying in key performance indicators.
With GMC Software’s new Customer Journey Mapping technology you can build a true strategic view of all touchpoints, and show how those touchpoints link into a journey. With Social Commenting and other collaborative tools, you can involve all departments in maintaining these maps, and ensuring that each one remains relevant and effective.
GMC Software Technology
10:55 am - 11:25 am
Wireless connectivity has become like oxygen. Your users, whether they are employees, customers, or partners, rely on it to conduct business with your enterprise. The challenge is that with the ubiquity of wireless connectivity, the enterprise has lost control over to which networks users connect, both in and out of the office, and with that, the knowledge on how risky those networks might be. Taking away wireless connectivity is not an option, so what is a CISO to do? In this talk, we will explore the issues that face the enterprise which is empowering users to conduct business (at any location, on any device), while at the same time maintaining security and control.
11:30 am - 12:15 pm
The importance technology plays within an enterprise will only continue to gain momentum as more developers, engineers, and programmers enter the workforce. As these segments continue to grow, so does the diversity of the workforce within the technology field. For a field that is severely constrained by a talent and skills gap, this influx of bodies can only be a good thing. Beyond the basic ability to deliver of identified capabilities a diverse workforce, whether cultural or gender influenced offers a whole that is more than the sum of the parts. Finding ways to drive and increase diversity in IT then should be a key focus for every IT executive.
Tara Kissoon, Managing Director, Head of IT Risk Management, Corporate Support Area (CSA) , BMO Financial Group
Julia Davis, CIO, Aflac
Janga Aliminati, Chief Architect - Cloud , Visa
Sreesh Inguva, VP Cloud Architecture, Citi
12:15 pm - 12:20 pm
12:20 pm - 2:00 pm