This agenda is preliminary. Check back weekly for updates.


Public Sector Workshop

  8:00 AM - 8:15 AM

Welcome Kickoff

Rohit Tandon
Assistant Commissioner, State Chief Information Security Officer, State of Minnesota, MNIT Services
Carlos Kizzee
Vice President, Stakeholder Engagement, MS-ISAC, Center for Internet Security

Rohit Tandon, CISO, Minnesota and Carlos Kizzee, MS-ISAC Stakeholder Engagement will introduce the Public Sector Summit; outlining key challenges, requirements, capabilities, and solutions being implemented to address and mitigate the cyber security concerns for this unique sector.

 8:15 AM - 8:45 AM

Public Sector Cybersecurity: The State of the States, Local Governments, Tribes, and Territories

Eugene Kipniss
MS-ISAC Member Programs Manager, Center for Internet Security

Eugene Kipniss, MS-ISAC Federal Engagement and SLTT Assessments will keynote the Public Sector Summit with critical observations from this year’s Nationwide Cybersecurity Review (NCSR); an anonymous cybersecurity maturity self-assessment completed by thousands of SLTT governments and presented to Congress bi-annually. His presentation will include a brief on the threats and trends currently observed by the MS-ISAC and impacting SLTT governments; providing a summary threat landscape of the community. He will explore what the NCSR data can tell us about our risk reduction priorities in light of increasing threats to SLTT, and help the audience consider how we can best leverage the NCSR to communicate those priorities to our law makers.

  8:45 AM - 9:15 AM

The value of your data

Government has a higher level or responsibility to protect data, as they force people to provide the data.

 9:15 AM - 9:45 AM

Critical Success Factors in Cybersecurity

Irrespective of whether the organization is public or private sector, any information security management program relies on several requirements and expectations at the organizational level to be successful. The degree of success is dependent upon the extent that these success factors are supported by the organization. This presentation will discuss the nature of these success factors.

  9:45 AM - 10:00 AM

Break in EXPO

Converse and connect with our Solution Strategy Providers.

  10:00 AM -10:30 AM

Sharing resources across the silos

  10:30 AM - 11:00 AM

State/Local Grants, Critical Infrastructure Funding for Services

Stephen Ellis
Government Solutions Lead , Zoom Video Communications

Integrating cyber practices for both givers and receivers of funding. Funding is generally associated with services for residents of your community. Technology plays a critical role in delivering critical services and protecting that technology from cyber threats also requires investment. What are some of the approaches to seek out investment opportunities that defend the technology and protect recipients data around social services.

  11:00 AM - 11:30 AM

Cybersecurity: Finding Common Ground in the Political Landscape

Cyber Zeros and Ones should not be red or blue. Explaining to your legislatures how technology has a corner stone impact to all citizens. Consumers have a choice to interact with private sector and provide personal data, however in the public sector the data collected is not optional for residents. This should place a higher burden on public sector to protect the sensitive data. There are also public disclosure expectations. (In the event of a data breach - how does the state rebuild confidence). Purpose - describe the why, and suggest how

  11:30 AM - 12:30 PM

Lunch Roundtables

Host a round table based on a topic from the public sector track committee members

  12:30 PM - 1:00 PM

Smart Cities need Smart Cyber

Jerry Driessen
Assistant Chief Information Officer / Chief Technology Officer , City of San José

Protecting citizens, service programs, infrastructure. How can we prapare for the smart cities that both public and private entities are responsbile for defending. What are some strategies to ensure there is a good foundation to build on to protect privacy and defend they way of life

  1:00 PM -1:30 PM

Building a “Cyber Prime” Workforce on a Hamburger Budget

Gretchen White
CISO, Minnesota Judicial Branch

Hiring restrictions, tight budgets, cut-throat hi-tech competition? How can public sector organizations find, attract, develop and retain cyber talent? Lessons Learned, Best Practices. Diversity of thought and experience when recruiting RSV Methods to retain talent (Training opportunities, e.g. discounted SANS)

 1:30 PM - 2:00 PM

Public Sector Cyber Insurance

Ryan Spelman
VP Cyber Risk, Kroll

Presentation on cyber risk insurance in general and how public sector entities are approaching this issue. Attendees will learn the different approaches public entities can consider for insurance and how some select states and groups work together to share the cost and reduce the risk of cyber incidents.

  2:00 PM - 2:30 PM

Avoid a Cyber Splash

In this session we will learn about real life examples of attacks to our utilities and SCADA systems. We hope to offer real steps on what the future holds for this important sector and what our public officials are doing to meet this real and rapidly evolving threat to our citizens.

  2:30 PM - 3:00 PM

Break in EXPO

Converse and connect with our Solution Strategy Providers.

  3:00 PM - 3:30 PM

Cyber Governance Model

John Gilligan
President and Chief Executive Officer, Center for Internet Security

State government leaders must manage risk within a context where authority is distributed across sectors and levels and branches of government. Regardless of the structures and local culture that a governor and state legislature must operate within, they must establish cybersecurity governance that provides the mix of control and influence necessary and appropriate for their state, and that includes mechanisms for mitigating and responding to risk.

 3:30 PM - 4:00 PM

IT Operations or Cybersecurity? Pick any two!

The cloud adoption efforts will shift the balance of IT operations and cybersecurity for public sector entities that must select both. The benefits from the higher utilization of cloud services and what cyber risks should you start to navigate to ensure the value is in both.

 4:00 PM - 4:30 PM

Transforming Education and Cyber Operations

Shawn Riley
CIO , North Dakota Information Technology Department

As a national leader in energy and agriculture with a significant military footprint, North Dakota's cybersecurity strategy involves a whole-of-government approach - including training the next generation of cybersecurity professionals. The state's "PK-20W" Initiative aims to make “every student, computer science and cybersecurity educated, Kindergarten through PHD.” Shawn will talk through a model that can be applied to any state to bring their students to 21st Century Skills while also protecting the economy of the state, data of citizens, and security of all residents.

 3:30 PM - 5:00 PM

Networking Reception in EXPO

Join us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.

Technical Sessions

  8:45 AM - 9:15 AM

Women in Cyber - Networking and light breakfast/coffee

Learn about WiCyS and how to get involved

  9:00 AM - 9:20 AM

Women in Cyber - Namaste! Meditation and Mindfulness Session

Clark Whiting
Lead Security Architect, Best Buy

Clark Whiting, CISSP is a highly experienced and renowned information security architect with deep experience over XX years across many industries. Besides his important cybersecurity work for Best Buy, Clark is also a board-certified meditation and mindfulness instructor. To mix it up this year, Clark will host a meditation and mindfulness session designed to teach beginners (and experts) about meditation and mindfulness best practices. We will even meditate as a group through Clark’s expert guidance. Namaste!

  9:30 AM - 10:20 AM

Women in Cyber - Mentorships, The Circle of Life

Milinda Rambel Stone
CISO, Bremer Bank
Amy Fox
VP of Business Development, Ambient Consulting
Carey Lewis
Strategic Sales, Island

Mentorships are the circle of life throughout a cybersecurity or business career, and it is even more critical in providing support and unlocking career opportunities to advancing our profession to be the best it can be. Join this panel of impressive information security and business executive as they share stories and strategies to how mentorship helped boost their growth both as mentors and mentees.

  9:30 AM - 10:20 AM

Consider a Career in Cyber

The session will showcase leaders in cyber security to discuss the career opportunities, salary ranges, and broad range of industries in which you can be employed, how a non-traditional tech background can be valuable and the growth opportunity for women in this traditionally male dominated field.

  9:30 AM - 10:20 AM

Taking a People-Centric Approach to Securing the Remote Workforce

Brian Reed
Information Protection Evangelist , Proofpoint

Today’s threat landscape is constantly evolving, and securing your remote workforce is critical to success. Understanding people risk and protecting your most important asset—your people— with a people-centric approach to security, should be the fundamental focus of your cybersecurity program.

  9:30 AM - 10:20 AM

Social Engineering & Phishing

  10:30 AM - 11:20 AM

Why Asset Management Fails

John Seaman
Regional Director, Axonius
  10:30 AM - 11:20 AM

Building an intel-driven security program

  10:30 AM - 11:20 AM

Did You Just Click That!?

Michael Wyatt
Director, Threat Management , Surescripts LLC

We are all trained in our jobs and personal lives to be weary of suspicious emails and never click links or open attachments in them. But what happens when you do? We will look at phishing emails we have received and actually click links and/or open attachments to see what they try to do to our systems and accounts. Afterwards we’ll try and answer any security questions around phishing campaigns and or phishing in general.

  10:30 AM - 11:20 AM

Women in Cyber - Building & Leading Diverse Teams is an Artform

Tina Meeker
Sr. Director, Information Security, Sleep Number
Keely Ross
Enterprise Sales Executive, Zoom Video Communications
William Scandrett
Chief Information Security Officer , Allina Health
Adam Mishler
VP, Global Chief Information Security Officier, Best Buy

Building & Leading Diverse teams is an artform. Success means making a clear and visible commitment through recruiting, leading, and guiding team members through change and evolution while positioning your organization to pivot quickly to changing demographics, team member needs and market trends. Learn strategies and practices from this panel of proven architects of diverse teams

  11:30 AM - 12:30 PM

Women in Cyber - Luncheon Keynote (separate ticketed item)

As a technology executive, Louise McEvoy likes taking risks outside of work - mountainbiking on weekends and climbing the world’s highest mountains on vacations. Louise’s personal life goal was to climb Everest and she realized that goal when she summited on May 16, 2018. Louise is dedicated to helping others reach their “summit” and has spoken to many groups and organizations on that topic, knowing that sometimes the hardest things in life are also the most fulfilling.

  11:30 AM - 12:30 PM

Networking Luncheon (separate ticketed item)

  12:30 PM - 1:20 PM

Leveraging Zero Trust for the Hybrid Workplace

  12:30 PM - 1:20 PM

IAM in the post-pandemic world

  12:30 PM - 1:20 PM

A walk on the darkside - exposing the ransomware actors

Dave Gold
VP, Business Strategy, SentinelOne
  12:30 PM - 1:20 PM

Penetration Testing/ Red Team

  1:30 PM - 2:20 PM

How to Effectively Grow your Leadership as a Cyber Security Professional?

What does an effective SOC look like? How do you sucessfully measure whether its working or not working?

  1:30 PM - 2:20 PM

Steps on the path to passwordless Authentication

  1:30 PM - 2:20 PM

Vendor Risk Management

  1:30 PM - 2:20 PM

Security awareness that works

  2:30 PM - 3:20 PM

Cloud security requires more than securing S3 buckets

  2:30 PM - 3:20 PM

Keys to successful phishing defense

  2:30 PM - 3:20 PM

Insights from Target's Enterprise Journey to adopt FIDO

Tom Sheffield
Senior Director Technology, Target

Join us to hear Target's journey to adopt FIDO as a primary authentication capability across the Enterprise. We will share stories of some of the challenges and obstacles we had to overcome along the way. Our goal was not to drive users to our help desk so clarity of messages was key requirement in our program so we will talk about the importance of clear communication. We will share some of the key metrics that we identified along the way and how they helped to influence our program execution.

  2:30 PM - 3:20 PM

Developers Dislike Security: Ten Frustrations and Resolutions

Developers dislike security and won't always admit it. In a DevSecOps world, devs become security people, but did anyone ask dev? Devs dislike security because security doesn't understand, and often tries to force a process and toolset. Explore the ten main frustrations that cause a security dislike, dev empathy, and a collaborative- and culture-focused solution to address these frustrations.

  3:30 PM - 5:00 PM

Networking Reception in EXPO

Join us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.

Healthcare & Med Device Seminar

  9:30 AM -9:40 AM


Mary Diner
Security Director, Optum Technology
Judy Hatchett
CISO, Surescripts
  9:40 AM - 10:10AM

Healthcare Security Threat Landscape

This session will be a high-level summary of current security threats to medical devices and healthcare, and the efforts in place to address the risks. The end result will be a general understanding of the situation, terminology and players.

Bill Aerts
Executive Director,Archimedes Center for Healthcare and Device Security
  10:10 AM - 10:40AM

What it Takes to Start a Medical Device Security Program

Benjamin Stock
Director of Healthcare Product Management, Ordr

The healthcare industry is continuously on the bleeding edge of innovation, deploying connected medical devices that significantly improve the quality and delivery of care. With nearly 15 connected devices per bed, the need for visibility and security of these devices is more critical than ever. But, while healthcare technology management (HTM), cybersecurity, and information technology teams share a common objective, there are still barriers to building a successful medical device security program. Join Ben Stock, Director of Healthcare Product Development at Ordr, to discuss ways to build a successful medical device security program and getting HTM, IT, and cybersecurity to work together.

  10:40 AM - 11:10AM

Why Does Cybersecurity Asset Management Matter for Healthcare?

Join this session to learn more about the emerging area of cybersecurity asset management, why all major security frameworks consider asset management to be foundational, and how healthcare organizations can use data from the tools already in place to solve asset management for cybersecurity.

John Seaman
Regional Director, Axonius
  11:10 AM - 11:40AM

Mayo Clinic Cybersecurity Resilience Program

Debra Bruemmer
Senior Manager, Mayo Clinic
Sarah Jopp
Principal Information Security Analyst, Mayo Clinic

Mayo Clinic will share its journey to develop and implement a proactive, ongoing asset “certification/validation” process spanning the life-cycle of an asset. The talk will focus on one foundational asset, Windows servers, and key deliverables: secure baseline requirements, certification program, asset drift, and risk measurement. The program measures cybersecurity risk empirically at the asset level, which is consolidated to a fleet view.

  11:40 AM - 12:45AM

Lunch Break

  12:45 PM - 1:15PM

Wrangling Ransomware Worry With Words

Ransomware has been frighteningly pervasive in the news over the past months. Through the lens of medical device security, we’ll scope out what ransomware is, box in legitimate fears, and drive out uncertainty and doubt.

Judd Larson
Principal Technologist, Global Quality - Product Security Office, Medtronic
  1:15 PM - 1:45PM

Legal Aspect of Incident Response

Ransomware is but one type of “incident.” Now, incidents are defined in various ways and contractual provisions can (and typically do) add a layer of complexity and urgency to getting it done right. To that end, it is necessary to begin by referencing the incident response plan and assembling the response team, which includes the company’s legal counsel. This presentation will highlight the critical legal aspects relative to an incident response and is aimed to assist in how to properly leverage legal counsel’s assistance.

Eran Kahana
Attorney, Maslon
  1:45 PM - 2:15PM

Securing the Patient Journey – Lessons from the trenches

Learn practical examples of how to leverage information security data to enable improvements to clinical risk and patient safety. Extending beyond the medical device security, we will showcase insights that require a holistic approach to what security in the next 2 to 3 years will look like related to healthcare device ecosystems.

Sumit Sehgal
Strategic Product Mktg Director, Armis
  2:15 PM - 2:30PM


  2:30 PM - 3:00PM

The Human Element

Healthcare and medical device companies are some of the most targeted organizations in the world. Humans, when appropriately involved in your phishing defense, can be very effective sensors against these attacks. Through empowering people, we can create a resilience not achieved by technology alone. The power of this collective is achieved through a comprehensive, positive, human-focused program looking at the issues from end to end. Join us to discuss how you can build a better employee: one who can better identify, report, mitigate and remediate zero-day attacks.

Keith Ibarguen
Chief Product Officer , Cofense
  3:00 PM - 3:30PM

Managing Healthcare Info in the Cloud

 3:30PM - 4:00PM

Breaking into Medical Device Cybersecurity: Career Transition

The global demand for Cybersecurity professionals is high, and the need for experts in cyber for medical devices is at the top of that list. This panel will discuss options and opportunities for employees from a wide variety of backgrounds to transition or prepare for a career in med device cybersecurity. The conversation will include perspectives from those who have made the transition as well as hiring managers.

IT / OT / IoT Convergence Seminar

  12:30 PM - 3:30 PM

IT / OT / IoT Convergence Seminar topics to be announced

Showcasing thought leaders, strategies, opportunities, and use and business cases of implementing Industrial Internet of Things (IIoT) security solutions across this broad spectrum of industries. IT, OT and IoT cybersecurity decision-makers and practitioners will discuss and evaluate the security risks in the context of IoT/IIoT/ICS/SCADA, to create insights into new technologies and best practices for securing smart, connected operations and facilities.

Small Business Seminar

  1:30 PM - 5:00 PM

Introduction to Today's Threats and Resources to Mitigate Them: Covid-19 impact on Small Businesses

Lyle Wright
Associate State Director, Minnesota Small Business Development Center
  1:30 PM - 5:00 PM

Government Resources for Small Business

  1:30 PM - 5:00 PM

Efficiently Managing Risk as a Small Business

  1:30 PM - 5:00 PM

A Cost-Effective Model to Safeguard your Small Business from Cybersecurity Threats

  1:30 PM - 5:00 PM

How the Government is Helping Small Businesses Build a Defense

Christopher Gabbard
Cyber Security Advisor – Region V, Office of Cybersecurity & Communications, Cybersecurity and Infrastructure Security Agency (CISA)
  1:30 PM - 5:00 PM

Protecting Your Business Now & What to do when you have and Incident

  1:30 PM - 5:00 PM

Key Session Takeaways

  1:30 PM - 5:00 PM

The Victim's View

The Cybercrime Support Network is developing a national reporting and support system for victims of cybercrime. Standardize reporting formats nationally; linking local response, Law Enforcement, social services into a nationwide network. There are lots of numbers about scope of victimization, but a good session could help personalize this issue for individuals and small businesses. Possibilities (I can write an abstract for anything):
• A talk on the victim issues, and the development of resources for victims; Kristin Judge, CEO of CSN.
• A panel on the topic: Cybercrime Support Network, maybe AARP (from their FraudWatch program, I don’t have a contact there), “Bits and Bytes” (a non-profit cyber frontline education thing, run by a teenage intern who works for CIS- amazing!).

Full Summit Agenda - Tuesday

  7:30 AM - 8:00 AM

Cyber Career Exploration

Rohit Tandon
Assistant Commissioner, State Chief Information Security Officer, State of Minnesota, MNIT Services
Nancy Skuta
Senior Information Security Analyst, ITS4, Threat and Vulnerability Management, MNIT Services

Deputy CISO for the State of Minnesota presents timely advice and career-shaping insights for future cyber security professionals.

  8:00 AM - 8:20 AM

Opening Welcome

Mike Johnson
Director of Graduate Studies and Renier Chair, Technological Leadership Institute
Eileen Manning
Co-Founder, Executive Producer, Cyber Security Summit

An eleven year journey brings us to today. Eleven years ago the University of MN, Technological Leadership Institute had the foresight to raise concerns that cyber security was to become a household concern, and the Summit was born.

  8:00 AM - 8:35 AM

The Power and Peril of Connection

Jennifer Czaplewski
Senior Director, Cyber Security, Target
Wade Van Guilder
Principal Advisor, Cybersecurity SLED, World Wide Technology

Connections are powerful. Most of us realized the value of our interpersonal connections in 2020 as the pandemic changed the way we interact with colleagues, friends and family. The proliferation of mobile devices and sensors in everyday items has created the most powerful network of interconnected devices imaginable. But with great power comes great responsibility. Protecting the estimated 21.5 Billion devices in use today requires security professionals to adapt and learn faster than ever before.

  8:35 AM - 9:15 AM

Opening Keynote

  9:15 AM - 9:45 AM

Staying out of Trouble: DOJ’s Former Top Cyber Prosecutor On Staying Safe

Now a cybersecurity leader at EY, Brian Levine served for the last 20 years as a cybercrime prosecutor with the U.S. Department of Justice, National Coordinator for all 300 federal cybercrime prosecutors, an Assistant Attorney General with the New York Attorney General’s Office, and a civil litigator. Brian will address how those of us in security can stay out of legal and regulatory trouble, including discussing such topics as breach communications, incident reports, informed consent, ransom payments, hack back, bug bounty programs, and more.

Brian Levine
Managing Director, Cybersecurity & Data Privacy, EY
  9:30 AM - 10:15 AM

Ransomware Panel: FBI/DOJ, Water/Electric sector/ Healthcare/ DHS/ Financial Sector

To pay or not to pay, protection from. German hospital where patient died last year being transferred from another hospital. Contrast FEDS saying don't pay and then people dying. Reclaimed Funds. Practical Application.

  10:15 AM - 10:45 AM

Break in EXPO

Converse and connect with our Solution Strategy Providers.

  10:45 AM - 11:15 AM

What is cyber insurance and why do I need it? Do/how can you qualify for it?

General overview of what cyber insurance is and is not. Discussion of how cyber insurance is different than general business liability insurance and how businesses should use cyber insurance products as a part of their overall business resiliency strategy.


Mario Paez
Director, Cyber & Technology E&O, Marsh & McLennan Agency LLC

General overview of what cyber insurance is and is not. Discussion of how cyber insurance is different than general business liability insurance and how businesses should use cyber insurance products as a part of their overall business resiliency strategy.

  11:15 AM - 11:45 AM

Is your Human Firewall Working?

No matter how much we automate, we still rely on people to prevent incidents. So how do we get our users to understand how important their role is and to keep security top of mind? Based on the bestseller, Made to Stick, we will address how to help your security messages not only get through to your users but how to change behaviors. We will walk through basics you can put into use immediately to get your users on board and soaring as security advocates.

  11:45 AM - 1:00 PM

Lunch in EXPO or Invitatonal CISO Luncheon

  1:00 PM - 2:00 PM

Human Factors in Cybersecurity: Threats from Within


Sean Costigan
Professor, Director and Co-Founder, George C. Marshall European Center for Security Studies, ITL Security


Andrew Borene
Civil Liberties & Privacy Officer, National Counterintelligence and Security Center (NCSC), Office of the Director of National Intelligence
W. Anders Folk
Acting United States Attorney , U.S. Department of Justice
Rebecca Morgan
Deputy Assistant Director, Insider Threat; Deputy Director, National Insider Threat Task Force , National Intelligence and Security Center

Whether as a malicious act or inadvertent actions by careless employees, the greatest threat to an organization's information system is often on the inside. Subject matter experts from the National Counterintelligence and Security Center (NCSC) and the Department of Justice will examine the role of insider threat mitigation in cybersecurity. Join our panelists for a discussion on the threats and vulnerabilities of insiders operating in the cyber realm and the role of insider risk programs in deterring, detecting, and mitigating risk while protecting the privacy and civil liberties of the workforce. Discussion will cover the current risk environment, including heightened vulnerabilities created by the Global Pandemic; potential threats posed by trusted insiders and the adversaries and competitors who seek to co-opt or exploit them; best practices and resources to mitigate risk; and a live Q&A with audience.

  2:00 PM - 2:30 PM

Shift Left: Easier said than done

Larry Maccherone
DevSecOpps Transformation, Contrast Security

Shift Left. A phrase that is easy to say, but a strategy that many organizations struggle to effectively implement. This talk, presented by industry expert Larry Maccherone, will discuss the top 5 reasons that "shift left" is hard and the best ways to overcome the challenges.

  2:30 PM - 3:00 PM

Break in EXPO

Converse and connect with our Solution Strategy Providers.

  3:00 PM - 3:30 PM

Securing the Development & Supply Chain of Open Source Software (OSS)

Derek Weeks
Senior Vice President, The Linux Foundation

Open Source Software (OSS) is being distributed and consumed today on a massive scale through software supply chains. While OSS delivers tremendous benefit in terms of accelerated development and innovation, it is an increasing common target of cyber adversaries. Join Derek for a discussion of how OSS is developed, distributed, maintained, and attacked.

Derek will reveal insights on how open source projects with 1.5x more frequent releases and 530x faster open source dependencies upgrades harness this speed to dramatically improve security within their code. He will also share insights on how high performance enterprise software development teams simultaneously boost productivity and security - achieving 15x faster deployments and 26x faster remediation of application security vulnerabilities. Derek then will show how you can apply these exemplary practices to stay a step (or more) ahead of your adversaries using by sharing a set of best practices and attack countermeasures.

  3:30 PM - 4:00 PM

Defragging Our Cyber Strategy

We must improve our system performance to defend American interests in the cyber domain. Defragging our current strategy involves reorganizing individuals and companies in a position of strength, and removing the seams and gaps cyber criminals use to attack. BG Horvath combines military strategic examples and cybersecurity analysis to visualize a stronger defensive cyber strategy.

  4:00 PM - 4:40 PM

Closing Keynote - You CAN stop stupid

Ira Winkler
CISO, Skyline Technology Solutions
  4:40 PM - 5:00 PM

Closing Takeaways

Jennifer Czaplewski
Senior Director, Cyber Security, Target
Wade Van Guilder
Principal Advisor, Cybersecurity SLED, World Wide Technology

The Summit is developed to both enlighten and provide actionable takeaways, reviewed in this closing session.

  5:00 PM - 6:00 PM

Networking Reception in EXPO

Join us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.

  6:00 PM - 9:00 PM

Visionary Leadership Awards Dinner (separate ticketed item)

The Morries™ Visionary Leadership Awards recognize innovative practitioners from across the cybersecurity ecosystem working to develop and foster strategies that protect critical systems and data. Join us as we honor the exemplary leadership of our colleagues in the field, including security awareness leaders, audit leaders, academic leaders, governance champions and more. This year’s expanded awards program featured a lively environment offering refreshments, networking, compelling photo opportunities, dinner and entertainment from The Cyber Rocks Band!

Full Summit Agenda - Wednesday

  8:00 AM - 8:10 AM

Visionary Leadership

Christopher Buse
SVP, Chief Information Security Officer, Old Republic

Start the day inspired by the accomplishments of the Morries.

  8:10 AM - 8:45 AM

The Psychology behind Security Leadership: Making Strategic Impacts

Shayla Treadwell
Executive Director, Cybersecurity Center of Excellence Governance, Risk & Compliance, ECS

With the evolution of technology, cyber threats continue to impact people and organizations daily even with enhanced technical controls in place. Because of this, there is a heightened importance on the direction that information security executives provide organizations to ensure timely and proactive remediation. However, research indicates that the leadership methodologies deployed by security leaders are not always the same as other leadership roles within organizations. This presentation explores the methodologies behind the roles and decisions of these executives and how they impact the strategic futures of information security.

  8:45 AM - 9:30 AM

How to leverage the power of ISAC's

Christopher Buse
SVP, Chief Information Security Officer, Old Republic
Carlos Kizzee
Vice President, Stakeholder Engagement, MS-ISAC, Center for Internet Security

Information Sharing & Analysis Centers (ISACs) have been an integral part of the nation’s cyber defenses since the very late 1990’s. Within each of the nation’s critical infrastructures, they bring together owners and operators to collect analyze, and share information on cyber and physical threats, as well as develop best practices for mitigation. At their best ISACs are active, ongoing communities of trust that cut through the noise and complexity of cyber issues and help their members focus on things that really matter to their sector and their enterprise.

Since the public sector touches all critical infrastructures, in this session we’ll look at the wide range of activities, partnerships, and business models seen across the ISAC community. We’ll then focus in on the Multi-State ISAC in more detail and explore examples of actionable information sharing, products and services that are available, and success stories of cybersecurity improvements. To get full value from an ISAC requires active engagement, and we’ll also discuss what you have to do and have in place to make best use of ISACs.
And don’t let “Sharing and Analysis” in the name mislead you – ISACs are a powerful means to our real goal of action leading to better, higher confidence delivery of public sector services.

  9:30 AM - 10:00 AM

Beyond Adaption, Flipping the Switch to Acceleration

Gary Sorrentino
CISO, Global Deputy CIO, Zoom

Zoom has a unique Case Study. The company rose to prominence in the midst of a pandemic. How were they able to react so quickly. All the factors they had to work through while also onboarding more users every day compared to any competitor. How did they do it? Cyber-security veteran Katie Moussouris from Luta Security helped revamp their Bug Bounty program, growing pains around the revamp. Through everything they still improved their product. How did they rise to the challenge. How you have an agile environment to be so responsive

  10:00 AM - 10:20 AM

Break in EXPO

Converse and connect with our Solution Strategy Providers.

  10:20 AM - 10:50 AM

CMMC (Cyber Security Maturity model)

Cyber-attacks happen, and the last six months have seen more groundbreaking hacks from Solar Winds to the Exchange hack we have continued to chart new territory. In reaction to that the Federal government is driving new regulations and accountability across the Defense Industrial Base (DIB), Critical Infrastructure, and in the future all Federal contractors. A leader in that space is the Cybersecurity Maturity Model Certification (CMMC). CMMC is the new DoD standard for contractor cybersecurity and has the potential to expand to more or all of the Federal Government. Join our panel of experts to hear perspectives on the new standard, what the key components are, and what business and counsel should be concerned about in the emerging compliance environment.

  10:50 AM – 11:45 AM

Software Supply Chain Security


Sailesh Gadia
Partner, KPMG


Gretchen Block
Vice President, Optum Technology

Once considered an esoteric domain of cybersecurity, Software Supply Chain security is now a Board Room conversation. Action must be taken to protect and safeguard us. The conversation will cover the current policy landscape, which includes actions from all branches of government, as well as how thinking on risk has evolved over the past several years. Our panel will touch on the notion of shared risk and how to think through responsibilities for government, the private sector, software vendors and the consumer.

  11:45 AM – 1:00 PM

Networking Luncheon (separate ticketed item)

While taking a session break, please converse and connect with our Solution Strategy Providers.

  1:00 PM - 1:30 PM

The Attack of the Cyber Supply Chain

SolarWinds defined the attack of the cyber supply chain. One of the most extensive, stealthy attacks ever discovered, organizations were attacked through trojanized updates to legitimate monitoring and management software. SolarWinds provides a discussion opportunity of the infinite horizon, the importance of attribution, and improvements to information sharing.

  1:30 PM - 2:00 PM

Artificial Intelligence in Cybersecurity Present and Future Role

Tony Lee
VP, Global Services Technical Operations, Blackberry

Have you ever wondered about Artificial Intelligence (AI) in Cybersecurity? Maybe you are curious to know how it is currently being applied or how it might be applied in the future? Better yet, how AI relates to the current threat landscape and even your environment. If so, join us! Where we will break it down using real-world examples. This is a zero to hero session so you don’t need a PhD in math or data science to enjoy the topic and learn something new.

  2:00 PM - 2:30 PM

The Darkside of Commercialization

  2:30 PM - 3:00 PM

Break in EXPO

Converse and connect with our Solution Strategy Providers.

  3:00 PM - 3:30 PM

Future Proof Security for a Connected World - Cybereason

Sam Curry
CSO, Cybereason

The benefits the connected world gives. The human experience is enriched. Company mission is to reverse the hacker advantage. Intro what we all want, what does it mean, why its at risk. Examination of trends and future proof. Improve our skills - a race of speed. Find tools and techniques that survive skills of the enemy. Heart of EDR, .... How do you access, what should you be doing with your supply chain. TCall to innovation. Takeaway slide...

  3:30 PM - 4:00 PM

Cyber Defense Operations in an Interconnected World

Tim Crothers
SVP, Chief Security Officer, FireEye

The speed of adversarial advancement is at an all time high. Cyber Defense Operations must mature almost in real time to keep pace. The added complexity of defending remote workers in the faces of unprecedented ransomware attacks puts the potential business impact of a miss at severe levels. In this talk we’ll examine ideologies and real-world war stories of organizational defense in 2021. We’ll look at lessons learned where cyber defense operations were key to effective defense with approaches from the organizations that are succeeding.

  4:00 PM - 4:30 PM

Adversary Trends: What You Need to Know

Maggie McDaniel
Vice President, Insikt Group, Recorded Future

The adversarial landscape has broadened and deepened in recent years. Enterprises are expected to defend against complex, protracted attacks like SolarWinds while also protecting users from lightning-fast, adaptable ransomware attacks. We’ll review the latest trends in adversaries including what we see on the horizon from attackers, and discuss how intelligence can be leveraged throughout the enterprise to plan and maximize an effective response.

  4:30 PM - 5:00 PM

Wrap Up and Practical Takeaways

Jennifer Czaplewski
Senior Director, Cyber Security, Target
Wade Van Guilder
Principal Advisor, Cybersecurity SLED, World Wide Technology