A zero trust approach to security has been steadily gaining steam for the last several years. The importance of this approach reached a new level with the May 2021 White House executive order requiring federal agencies to shift to this architecture by fall 2024.
Ransomware continues to grow and clearly as remote work became the new norm, and e-commerce increased. Leaders need to establish a mature level of cyber resilience to better handle ransomware and other potential data breaches. Luckily, zero trust can play a critical part in that strategy as more and more businesses are realizing that to build customer trust they must establish zero tolerance for trust in their security strategy. Will Zero Tolerance for Trust redefine the state of security as government and private industry scrutinize their trusted relationships more, and re-evaluate the ‘who, what, why’ in 2022 more than any other year?
The Future of Cybersecurity
CIO/CISO Think Tank
June 2, 2022 - Chicago, IL
Visionaries
Lee Painter
Global Head of Information Security Governance
Zurich Insurance Group
Think Tank Speaker
Lee has 20 years of experience in Cyber and Information Security. In his current role, he serves as the Global Head of Information Security Governance at Zurich Insurance group, a leading multi-line insurer that serves its customers in global and local markets. With about 55,000 employees, it provides a wide range of property and casualty, life insurance products and services in more than 215 countries and territories. Prior to Zurich Lee worked in various IT, Security, Governance, and Leadership roles including penetration testing, security consultant, network/domain administrator, and Director of Threat Analysis and Network Forensics for the US Navy’s enterprise environment. Lee has a significant amount of experience in Governance Risk and Compliance and works to maintain a current level of understanding on emerging threats as well as strategies to prepare, defend, and respond from an organizational standpoint.
Jason Lewkowicz
SVP Cyber Defense & Applied Security
Optiv
Think Tank Speaker
Jason is an experienced senior executive with over 2 decades in various aspects of business, specializing in: information security, risk governance, crisis management, technology consulting, outsourcing and operations. He is currently the Chief Information Security Officer (CISO) for Cognizant Technology Services supporting their global business. Prior to his current role at Cognizant, Jason was a Deputy CISO at Accenture where he managed a global team of more than 100 people operating across seven countries. His primary responsibilities included: Cyber Response, Forensic Investigations including eDiscovery, Data Loss Prevention (DLP), Threat Hunting, Red Team Exercises, Cyber Threat Intelligence and cyber metrics and automation. Jason developed Accenture’s Cyber Response program and all functions within it over a seventeen-year period. During his tenure he was also instrumental in the creation of Accenture’s overall Information Security Program. Jason holds certifications from ISACA, ISC2 and Open Text/Guidance Software. He has presented at industry recognized conferences and local law enforcement information sessions over the past ten years. He has served on advisory boards for: Symantec, McAfee, Digital Shadows and FireEye/Mandiant. Jason received his undergraduate degree from DePaul University in Chicago.
John Kellerhals
Security Operations Manager
CF Industries Holdings
Think Tank Speaker
Innovative executive that has experience making sound business decisions and can think rationally in difficult situations. Visualizes the big picture and provides proper context and perspective tailored for the target audience. Clearly articulates the mission, standards, and priorities to achieve strategic and tactical objectives.
Richard Rushing
CISO
Lenovo
Think Tank Speaker
Mr. Richard Rushing is the Chief Information Security Officer for Motorola Mobility LLC.; Richard participates in several corporate, community, private, and government Security Council’s and working groups setting standards, policies, and solutions to current and emerging security issues. As Chief Information Security Officer for Motorola Mobility, he has led the security effort by developing an international team to tackle the emerging threats of mobile devices, targeted attacks, and cyber-crime. He organized developed and deployed practices, tools and techniques to protect the intellectual property across the worldwide enterprise. A much-in-demand international speaker on information security Richard has presented at many leading security conferences and seminars around the world.
Michael Gross
Cybersecurity Manager
Cleveland Clinic
Think Tank Speaker
With over 30 years of experience in the IT industry, including more than two decades specializing in cybersecurity, I am a seasoned professional known for visionary leadership and comprehensive expertise in safeguarding organizations from evolving cyber threats. Key Highlights: * Cybersecurity Visionary: Throughout my career, I have consistently developed and executed robust cybersecurity strategies that align seamlessly with organizational objectives. I excel at protecting critical assets, data, and systems while proactively identifying and mitigating risks. My specialties encompass advanced threat analysis, cyber risk management, incident response, security architecture design, and regulatory compliance. As a cybersecurity visionary, I have pioneered solutions that fortify organizations against emerging threats. * Agility and Problem-Solving: My career has been marked by my ability to tackle complex challenges with agility and innovation. I leverage my expertise in cybersecurity methodologies, industry best practices, and compliance standards to provide effective solutions. * Mentorship and Leadership: I take pride in guiding and mentoring cybersecurity teams to excel in vulnerability assessment, threat detection, incident response, and recovery. I am deeply committed to fostering a culture of continuous learning and professional growth. * Communication and Work Ethic: My strong work ethic, exceptional interpersonal skills, and adept relationship-building capabilities are complemented by my proficiency in multitasking and effective communication. I thrive on embracing challenging tasks and delivering results. I am passionate about the ever-evolving field of cybersecurity and committed to contributing my expertise to secure and protect businesses in the digital age. Let's connect and explore opportunities to collaborate or share insights in this dynamic industry.
John Tryon
Head- Information Security
Health Care Service Corporation
Think Tank Speaker
Joined Health Care Service Corporation, the nation’s largest customer owned health insurer offering Blue Cross Blue Shield plans in Illinois, Montana, Oklahoma, New Mexico and Texas, in September of 2017 as DVP Information Security Architecture and Design. In this role, John was responsible for driving the future state Cyber Security Architecture with a focus on securely enabling HCSC’s use of the public cloud for sensitive workloads, overall modernization of HCSC’s Member facing and Enterprise Identity & Access Management products and enhancements to Cyber Defense capabilities. Promoted to Deputy CISO / Head of Information Security for Health Care Service Corporation (HCSC) in Fall of 2021. John is responsible for delivering a fiscally responsible and pragmatic Information Security program that securely enables the HCSC enterprise, systems development entities, and strategic initiatives. He is an Information Services Security thought leader with over twenty-five years combined experience with Fortune 500 firms in life sciences, healthcare and consumer products industries. Actively participates on Executive Customer Advisory Boards and Healthcare Industry Executive Leadership forums. John has a bachelor’s degree in computer science from Temple University and holds CISSP certification.
Calvin Nobles Ph.D.
Chair Information Technology & Management
Illinois Institute of Technology
Think Tank Speaker
A recognized practitioner in human factors engineering and cybersecurity operations with 25 years of increasing responsibilities in leading security operations, advising senior executives on cyber policies, and driving enterprise-level solutions. An innovative and strategic leader with a record of delivering cyber solutions that impact national efforts; noted for driving change to achieve cybersecurity objectives.
Sean Boulter
Principal Security Engineer, US North Central
Salt Security
Think Tank Speaker
Sean Boulter is a technical leader with Salt Security where he helps his customers protect their APIs from abuse and keep their customers’ data secure. His career in IT and consulting spans three decades and covers a wide variety of infrastructure platforms and several industries including fintech, finserv, insurance, healthcare, medtech, and retail. He is lives in the Minneapolis area with his wife, and shares a passion for bicycling and wilderness expeditions with his two grown children.
Steve Zalewski
Former CISO
Levi Strauss & Co.
Think Tank Speaker
Mr. Zalewski currently provides CISO, security consulting and security advisory services. These include: • International cybersecurity advisor and trainer. • Executive advisory board member for security startups, providing guidance on security market direction and product requirements. • CISO advisory board member for venture capital firms internationally. • vCISO for companies requiring temporary or part-time CISO expertise. Services also include guidance and solutions to address incident response, security program design, security assessment, security due-diligence, vendor/supplier due-diligence, security architecture review, board reporting and other key security leadership requirements. Operational experience in Healthcare, Utilities and International Retail verticals. Key Strengths: •Organizational Management •Strategic Planning & Execution •Enterprise Security Architecture/Strategy •Executive and BOD Security Governance/Reporting •Cybersecurity Incident Response •Security Risk & Compliance Management Additionally, I co-hosts the CISOSeries Defense-in-Depth Podcasts and am a frequent speaker and panel moderator at industry events.
Brad Thies
Founder and President
BARR Advisory
Think Tank Speaker
As Founder and President of BARR Advisory, Brad Thies leads all aspects of the organization’s global client service delivery and security assessment services including SOC, ISO, PCI, NIST and HIPAA examinations, and Chief Information Security Officer (CISO) consulting services. Under Brad’s leadership, BARR has become one of the most sought-after third-party assessors and CISO advisors in the cloud computing space – serving high-growth startups to Fortune 1000 companies in the most regulated industries including technology, financial services, healthcare and government. Brad’s specialty is in helping cloud service providers assess, design and implement processes and controls to meet customer, regulatory and compliance requirements.
Ken Kazinski
Cyber Security - Attack Surface Management
Abbott Laboratories
Think Tank Speaker
Ken Kazinski is the manager of Abbott Laboratories Attack Surface Management team and has over twenty years of experience in the field of cybersecurity. His current cybersecurity focus is in application security, which is enhanced with his substantial knowledge of system security in both government regulated and non-regulated industries. These environments have provided him with a deep contextual understanding on the impact of security in a variety of organizational environments. In his role at Abbott, Ken provides leadership, program vision, and integration guidance on attack surface areas, including Threat and Vulnerability Management, Application Security, Cloud Security, Mobility, and Brand Reputation. As an Air Force veteran with a Master of Science in Cybersecurity, Ken has used both his professional and educational experience to create critical application security programs at multiple Fortune 100 companies. Prior to joining Abbott, Ken managed application security for Johnson Controls, Power Solutions division. His professional and military experience has provided him with the opportunity to work and live in multiple countries around the world.
Steve Rubinow
Director Institute for Professional Development - Computing & Digital Media
DePaul University Jarvis College of Computing and Digital Media
Think Tank Speaker
An exceptional, multifaceted, global executive, strategist and technology expert who has transformed companies in a variety of industries, including the New York Stock Exchange. Award-winning Chief Information and Technology Officer with deep experience on many boards and in university classrooms. • Versed in the latest advances in technology software and hardware. • Brings a multidisciplinary perspective and imagination to transforming industries from the bottom up in complex and highly competitive industries. • A visionary leader who often breaks free of conventional thinking and encourages others to do the same to create innovative strategies. • Valued for the exceptional ability to utilize existing and find new, substantial ways to use technology to improve and impact businesses, achieve company goals, reduce costs and develop people. • A creative problem-solver who generates first-in-industry business initiatives. Leader and manager of highly successful teams, who inspires and motivates people to perform at their highest levels. • Trusted advisor to top management. • A clear, persuasive communicator skilled at cultivating and fostering partnerships. • Extensive experience teaching university-level computer science courses. • Government clearance from major federal security, intelligence and law enforcement agencies for addressing cybersecurity/counter-terrorism issues.
June 2, 2022
Attend this event
Agenda
All times Central Time
12:30 PM-1:30 PM
Registration & Networking Lunch
1:30 PM-1:40 PM
Welcome
1:40 PM-2:35 PM
Keynote Panel
Zero Trust Network
Panelists
Richard Rushing
CISO
Lenovo
John Tryon
Head- Information Security
Health Care Service Corporation
Lee Painter
Global Head of Information Security Governance
Zurich Insurance Group
Calvin Nobles Ph.D.
Chair Information Technology & Management
Illinois Institute of Technology
2:35 PM-2:50 PM
Networking Break
2:50 PM-3:35 PM
Fireside Chat
What’s AI Doing for You?
The terms "Artificial Intelligence" and "Advanced Machine Learning" are often thought of interchangeably. While there is a relationship between AI and AML, to say they are the same thing is an oversimplification and misclassification. Rather, one begets the other with AI being the basic principle upon which AML is developed. As AI begins to mature and migrate away from purely advanced mathematical operations into decision making paradigms, AML steps forward as the predictive ability of machines to process vast quantities of data. As data and analytics becomes foundational to the way every business operates, AI and AML will become foundational capabilities.
Panelists
John Kellerhals
Security Operations Manager
CF Industries Holdings
Steve Rubinow
Director Institute for Professional Development - Computing & Digital Media
DePaul University Jarvis College of Computing and Digital Media
3:40 PM-3:55 PM
Disruptor
The Explosion of API Security
How do CISOs get the most out of APIs while limiting the risk? 20 years ago the motives for hackers were website defacement and getting your name on all those defacements. That was the point of hacking. Now, it’s all about monetizing the data you can steal. Just as cloud computing initially seeped into organizations under the cloak of shadow IT, application programming interface (API) adoption has often followed an organic, inexact, and unaudited path. IT leaders know they are benefiting from APIs, internal, via third parties, and often outwardly exposed. They just don’t know where they are, how much they support key services, and how they’re being used, or abused!
In this session we will discuss if APIs are meant to be exposed, and discuss if the startups API software companies are ready for the explosion.
3:55 PM-4:10 PM
Networking Break
4:10 PM-4:25 PM
Disruptor
Building Trust and Resilience Through Cloud Security and Compliance
With a mass migration to the cloud due to the ongoing pandemic, now is the perfect time to talk about cloud security and compliance. For organizations in every industry, the cloud is now omnipresent, and therefore, security is paramount. We’ll discuss the balancing act between security and compliance and explore how when security comes first, compliance follows. By understanding what goes into a successful cloud security program, how to implement those strategies and—most importantly and distinctively—how to use security and compliance as a differentiator, organizations will build trust with their clients, create cybersecurity resilience, and boost their brand.
4:30 PM-5:25 PM
Panel
Guarding the Doors: Navigating 3rd Party Risk
As organizations expand their third-party ecosystem, many are challenged with executing core activities that are critical to operations, risk profiles, and compliance posture without compromising the quality of data collection, evaluation, and mitigation measures increasingly outsourcing business activities to 3rd-party vendors. It is critical for an organization to be vigilant when selecting the right 3rd-party vendor with the appropriate security posture, as many vendors are hosting, processing and transmitting sensitive regulatory information with unrestrained access to our IT assets. At the highest level, third-party incidents can result in reputational damage, non-compliance, or even criminal activity, which can negatively impact earnings and shareholder value. To address this challenge, many organizations are investing in technology to support vendor risk management. Technology isn’t the entire answer to managing third-party risk, however the right technology or collection of technologies, coupled with optimal processes, can enable organizations to bridge the gap.
Panelists
Jason Lewkowicz
SVP Cyber Defense & Applied Security
Optiv
Michael Gross
Cybersecurity Manager
Cleveland Clinic
Ken Kazinski
Cyber Security - Attack Surface Management
Abbott Laboratories