Conferences that solve current IT challenges

Enterprise Risk / Security Management

Strategies for reducing risk to the enterprise.

June 6, 2017


7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois


In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Cyber Attacks: How Can You Reduce the Risk?

  • Reducing Data Breach Risk: Protecting Information Assets from Internal & External Threats

  • Managing Security Risk at the Speed of Business (Panel discussion)

  • Insider Threats and Risk

  • Threats to Cyber Resilience and How to Overcome Them

  • Breaches in 2017: How is this Affecting Your Security/Risk Strategy (Panel)

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast



Cyber Attacks: How Can You Reduce the Risk?

Mark Sangster, Cybersecurity Evangelist, eSentire

Regulatory compliance management (such as PCI, HIPAA, ISO) and security breach protection, is already a complex challenge present in many organizations today. The complexity is continuing to grow, and exponentially, with the increasing sources, numbers and types of attacks being generated, with the proliferation of Cloud technologies. With this complexity also comes higher costs in terms of not only the number of security incidents that need to be investigated, the number of tools needed and in finding the skilled personnel to manage it. And, the cost of these breaches are being measured beyond mere dollars to their detrimental impacts on a company’s brand and reputation, customer and supplier relationships, employee productivity, and all the way up the organization’s board and C-Level reputations.

9:50am -10:20am - Refreshment Break



Reducing Data Breach Risk: Protecting Information Assets from Internal & External Threats

David Wiseman, Head of Product and Field Marketing, BlackBerry

The number of significant data breaches are growing in size and frequency. Some of these are from internal sources while others are through targeted external Cyberattacks. The associated business risk is a growing concern for corporate boards with a recent survey finding over 82% of boards are concerned about Cybersecurity. From a planning perspective one must assume data breaches will occur in your organization. This session will examine methods to protect your information assets even after a breach.







Managing Security Risk at the Speed of Business (Panel discussion)

Annur Sumar, CTO, Maetech; Microsoft MVP, Former Vice President of IT D&P 
John D. Johnson, Ph.D., CISSP, CRISC, Founder & CEO, Aligned Security; Former Security Architect, John Deere
Edward Marchewka, Director, IT, Information and Technology Services, Gift of Hope Organ & Tissue Donor Network
Yashwini Kamdar, Enterprise IT Professional, TEDx and professional speaker, leadership coach
Sarah Buerger, VP-Head of IT Security, ATI Physical Therapy
and others CISOs/Security Directors sharing their experiences

As a valued partner to the business, CISOs need to lead with business first execution.
In this session, attendees will learn from CISOs/Security Executives as to how they are:

  • Leading a business first mentality
  • Looking at every security risk decision through the lens of business impact
  • How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
  • Understand what Cloud/DevOps/Digital mean for your risk management program

12:00pm - 1:00pm Luncheon



Insider Threats and Risk

David Shefter, CTO, Ziften

At the end of day, people within your organization are the key to the company’s success, but also can be the greatest threat. Often, the cyber security discussion centers on malicious external actors and technology threats, but although less prevalent, insider threats pose arguably a higher degree of risk. We will discuss some of causes for the insider threat and approaches to managing insider risk through a people, process and technology framework.



2017 OWASP Top 10

Carlos Pero, AVP, Head of Cyber Application Security, Zurich Insurance

OWASP has proposed changes for the Top 10 critical risks for 2017. The two new ones are very important: risks with Web Service APIs, and the need to have a mechanism for defense. In this session, Carlos Pero, an IT Security/Risk executive will explain why this is more important than ever and steps you need to take.

2:40pm - 3:10pm - Refreshment Break



Threats to Cyber Resilience and How to Overcome Them

John D. Johnson, Ph.D., CISSP, CRISC, Founder & CEO, Aligned Security; Former Security Architect, John Deere

In this session, we will review the commonalities across all cyber black swan events. Cyber black swan are so-called events that can occur suddenly, with unexpectedly widespread ramification.

Attendees will learn:

  • How to train internal users – how culture impacts resilience
  • How to decipher the latest black swan threats
  • About the type and distribution of threats
  • How how to refine security implementations
  • How to treat cyber risks as corporate risks






Breaches in 2017: How is this Affecting Your Security/Risk Strategy (Panel)

Anders Norremo, CEO, ThirdPartyTrust
Fred Kwong, Ph.D., Director, Information Security (CISO), Delta Dental Plans Association
Victor Hsiang, CISO, GATX
Jason Ruger , Chief Security Officer, Motorola, a Lenovo Company
James Mountain, Director, Information Security, Palmer College
and other CISOs/Security Directors sharing their experiences

According to industry analysts, approximately 50% of organizations have had to reevaluate their information security standards as a result of recent well-publicized attacks.

In this session, attendees will learn from a panel of IT security executives as to how they are updating their security & risk strategies in the wake of massive security breaches.

Conference price: $289 per person.


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)˛, Inc.


As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.