Enterprise Risk / Security Management: Dallas

Conference Chair: Jim Desmond, Chief Security Officer, Elevate



Strategies and techniques for leading and guiding a business driven risk/security approach during dynamic times.


February 1, 2018




7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: Crowne Plaza Dallas – Market Center


In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn


In this one day conference attendees will learn:


  • The Nine Cybersecurity Habits
  • Creating an Incident Response Plan and Training Team Members
  • The Connected Worker and the Enterprise of Things: How to Reduce Security Risks
  • Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)
  • Offensively Defensive: A Tale of Enterprise Risk Management
  • Breaches & Ransomware: How to Handle, How to Respond

Conference Program

8:00am – 9:00am: Registration and Continental Breakfast

9:00am-10:00am: The Nine Cybersecurity Habits


George Finney, Chief Security Officer, Southern Methodist University


The most significant risks that businesses today face is Cybersecurity. Security is a people problem, not a technology problem, which is why 95% of breaches are caused by the human element. Cybersecurity is a behavior, not a skill. Yet, we’ve taught cybersecurity awareness for years as though it were a skill to be learned like any other technology. To change behaviors, we need to understand the underlying habits that govern our responses. This presentation will explore nine key cybersecurity habits, and will look at how you can use those habits to focus on changing behaviors in your security training. Join this session to tailor your approach to awareness training and have the greatest impact for all of your employees.



10:00am -10:30am: Refreshment Break

10:30am-11:30am: UEBA Implementation – Lessons Learned


Chris McLelland, Security Operations Manager, Elevate 


UEBA can provide some incredible insight into your network, but to do that it needs to leverages some complex technologies that are not just plug-n-play. This presentation discusses the lessons learned from our recent implementation.



11:30am-12:30pm: The Connected Worker and the Enterprise of Things: How to Reduce Security Risks


Chris Hazelton, Director, Enterprise Product Marketing at BlackBerry


The dependency on mobile devices will translate into a majority of enterprise computing outside of traditional PC computing. This will have the greatest impact with on campus (non-office-based) and off campus mobile workers who are becoming increasingly connected by rich real time communications powered by mobile applications running on wearable devices such as smart glasses. The rise of IoT in the enterprise, or the Enterprise of Things, will allow these workers to instantly connect with assets in the field to gain immediate understanding of the situation around them. This session will explore security concerns that come with these new tools and how to best address them.



12:30pm – 1:30pm Luncheon

1:30pm – 2:30pm: Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)


Jim Desmond, Chief Security Officer, Elevate

John Woods, Vice President, Information Security, PDX-NHIN
Joshua Danielson, CISO, Copart
Mark Nagiel, SVP/CISO, PrimeLending
Daryl Hykel, Manager of Security Assurance, HMS
and other CISOs sharing their experiences and lessons learned


Topics that will be covered include:

  • Contract outlining the business relationship between your organization and 3rd party vendor
  • How to monitor vendor performance to ensure that contractual obligations are being met
  • Guidelines regarding which party will have access to what information as part of the agreement
  • How to ensure that 3rd party vendors meet regulatory compliance guidelines for your industry


Woods      Danielson       Nagiel       Hykel      Desmond

2:30pm – 3:00pm: Refreshment Break

3:00pm – 4:00pm: Offensively Defensive: A Tale of Enterprise Risk Management


Aamir Lakhani, Leading Senior Security Strategist, Fortinet


How motivated are organizations in securing their infrastructure and customer data? Time after time we have seen organizations fail with cyber security policies and practices while continuing to invest in the latest technologies without deterring attacks or slowing down data breaches. This talk will examine how and why organizations continue to fail when playing the game of cyber security.


Participants will be introduced to the following concepts:

  • What are common hacker techniques and how they are used by attackers to infiltrate an organization
  • What is takes to be successful in cyber security enterprise risk management
  • What is Core 4 and going to the basics for infrastructure defense



4:00pm – 5:00pm: Breaches & Ransomware: How to Handle, How to Respond


Annur Sumar, Chief Technical Officer, MaeTech,  Microsoft MVP, Former Vice President of IT D&P

Andy Sawyer, CISM, C|CISO, Director of Security, Locke Lord
Jerry Tilson, Global Information Security Leader, Mary Kay
Kory Anderson, Manager, Security Operations, HMS
and other CISOs and InfoSec Executives will share their experiences


Attendees will walk away with shared strategies and tactics that other organizations are employing.


Sawyer          Tilson       Anderson    Sumar


Conference Price: $289.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.



As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

Conference Co-Sponsors