Enterprise Risk / Security Management: Chicago


Strategies for reducing risk to the enterprise.


May 31, 2018




7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois



In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.


With all of these challenges, how do you make this happen?


In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn


In this one day conference attendees will learn:

  • AI: The Good, the Bad, and Reality
  • Threats to Cyber Resilience and How to Overcome Them
  • Are you Protecting Enough, and Protecting Effectively Enough?
  • Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)
  • A Risk Adaptive Approach to Data Protection
  • Managing Security Risk at the Speed of Business (Panel discussion)

Conference Program

8:00am – 9:00am: Registration and Continental Breakfast

9:00am-9:50am: AI: The Good, the Bad, and Reality


Paul Mazzucco, Chief Security Officer, TierPoint


TierPoint’s Paul Mazzucco discusses:

  • Baseline understanding of the DarkNet or Dark Web and its impact on Enterprises
  • The Double Edged Sword of Artificial Intelligence
  • The Next Frontier in Attack Mitigation
  • The ever important Human Role in Attack Mitigation



9:50am -10:20am: Refreshment Break

10:20am-11:10am: Black Swans and White Rabbits—Threat Modeling Tools for Security Leaders


Rafal Los, VP, Solution Strategy, Armor


Enterprise security leaders struggle with budgeting even when they aren’t short on capital. Staffing, tools, services, and training are just some of the things on your budget to avoid the worst day of your security career. Except, at some point, we know that day will likely come. The secret to surviving that worst-case scenario is to build a healthy enterprise security program – which of course starts with a healthy budget, supported by a realistic threat model aligned to your business. Drawn from hundreds of CISOs and security leaders over the years, the speaker will provide effective knowledge one can leverage right away.


Attendees will learn:

  • An overview of threat modeling, focusing on relevant outcomes
  • Tools and techniques to build effective threat models
  • Experienced-based anecdotes



11:10am-12:00pm: Are you Protecting Enough, and Protecting Effectively Enough?


Robert Block, SVP Identity Strategy , SecureAuth 


Today’s attackers are focused on all your mission critical applications (O365, Portals, etc) and not only has their focused increased but their tools and tactics continue to evolve.


Whether it is brute force attacking, account fraud, and / or account takeover via password reset, credentials are involved in almost every attack at some point. Are you effectively detecting anomalies and protecting access? Is it enough? Long gone are the days of securing remote access and thinking you are covered.


This discussion will focus on elements of a modern approach to solving these continually evolving challenges and how the industry must also evolve in order to be proactive and most effectively protect access.



12:00pm – 12:50pm: OWASP Top 10 in Depth


Jerry Sanchez, Cloud, Security, and Technology, SoftServe


The OWASP Top 10 is a powerful awareness analysis for web application security. It represents a broad consensus about the most critical security risks to web applications. Contributors include a variety of security experts from around the world who have shared their expertise to produce the list. The presentation will cover each vulnerability in detail and mitigation strategies.



12:50pm – 1:50pm Luncheon

1:50pm-2:40pm: Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)


Jason Wankovsky, CTO & Vice President of Consulting Services, Mindsight
Jim Martin, Vice President of Security & Privacy, Maestro Health
Rick Gutierrez, Information Security Senior Manager, Option Care
Bob Duplessis, First VP & Information Security Officer, Old Second Bancorp

Lyn Vallow, Senior Manager, IT Risk and Compliance, US Cellular
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned



Topics that will be covered include:

  • Contract outlining the business relationship between your organization and 3rd party vendor
  • How to monitor vendor performance to ensure that contractual obligations are being met
  • Guidelines regarding which party will have access to what information as part of the agreement
  • How to ensure that 3rd party vendors meet regulatory compliance guidelines for your industry


Gutierrez     Duplessis     Vallow     Wankovsky

2:40pm – 3:10pm: Refreshment Break

3:10pm-4:00pm: A Risk Adaptive Approach to Data Protection


Eric DeLisle, Senior Sales Engineer, Forcepoint


Every IT security department’s job, to protect data, has become more challenging as the security perimeter has dissolved with the adoption of cloud applications. The traditional threat-centric approach is to apply rigid policies to a dynamic environment and decide what is good or bad without context. This black and white approach results in frustrated users and overwhelmed admins. The reality is, everybody operates in the grey. Join us as we discuss a new human-centric approach to security, which considers the context of user behavior and adapts appropriately to help security teams make better decisions. We will explore how an effective data security system should cut through the noise of alerts and provide early warning signals to prevent the loss of important data.


4:00pm-5:00pm: Managing Security Risk at the Speed of Business (Panel discussion)


Annur Sumar, CTO, Maetech
Carlos Pero, AVP, Head of Cyber Application Security, Zurich Insurance
Paul Munsen, Director, Global Identity & Access Management, McDonald’s
Michael York, Director, Cloud Operations, Easterseals
Jody Schwartz, Director IT InfoSec & Compliance, Marsh ClearSight
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned


As a valued partner to the business, CISOs need to lead with business first execution.


In this session, attendees will learn from CISOs/Security Executives as to how they are:

  • Leading a business first mentality
  • Looking at every security risk decision through the lens of business impact
  • How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
  • Understand what Cloud/DevOps/Digital mean for your risk management program


Pero            York          Schwartz     Sumar

Conference Price: $289.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.



As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.