Midwest Cybersecurity Summit
Hybrid Summit April 5 - 6, 2022
ISMG's hybrid Midwest US Cybersecurity Summit's agenda will cover Zero Trust, IAM, Ransomware, Privacy, Fraud, Payments, IoT, Cryptocurrency, End Point Protection, Cloud Security and how it is impacting the region.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Convene
Name :
Convene
Address :
233 South Wacker Drive, Chicago, IL 60606, USA
Shefali Mookencherry
Chief Information Security Officer, System Director of Information Security
Edward-Elmhurst Health
Mookencherry is a CISO, responsible for developing, implementing and managing a cybersecurity program that includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. She also teaches graduate students at a local...
Erik Hart
CISO
Cushman & Wakefield
Hart oversees global information security for Cushman & Wakefield, a privately held commercial real estate services firm. He has over 20 years of experience providing information security and business continuity services to various industries and organizations and advises numerous companies...
Murad Dikeidek
Head of Information Security
University of Illinois Hospital & Health Sciences System
Dikeidek is the head of information security at the University of Illinois Hospital & Health Sciences System, or UI Health. In 2000, he was the first IT security analyst for the Military Nutrition Division at the U.S. Army Research Institute...
Mike Rastigue
Cyber Solutions Leader
Crum & Forster
Rastigue leads Crum & Forster’s cyber solutions team, bringing together cyber underwriting, claims and risk engineering. He advises customers on methods to improve their security posture before they have a loss and helps get customers back to business as usual...
Randy Lariar
Practice Director - Big Data & Analytics
Optiv
Ashley Huntington
Compliance Officer
Cook County Health
Huntington is the compliance officer and interim privacy officer for Cook County Health in Chicago, Illinois. She works closely with healthcare providers and workforce members on multiple compliance issues, including regulatory requirements, compliance audits, research compliance and compliance education. She...
Frank Viciana
Principal Sales Engineer
Sonatype
Anna Delaney
Director of Productions
ISMG
Fred Kwong
VP, Chief Information Security Officer
DeVry University
Kwong is the vice president and chief information security officer at DeVry University. He has been in the information security and technology field for the past 20 years, working in the education, financial, telecommunication, healthcare and insurance sectors. Kwong is...
Tom Field
SVP of Editorial
ISMG
Ted Kieffer
CISO
AZEK
Kieffer is the chief information security officer for The AZEK Company, a U.S.-based manufacturer of environmentally sustainable outdoor living building products, where he focuses on building pragmatic, forward-looking, business-relevant security programs that manage real risk. He is a 20-year information...
Bruce Phillips
SVP & Chief Information Security Officer
WEST, a Williston Financial Group company
Phillips is senior vice president and chief information security officer for WEST, a Williston Financial Group company that creates industry-leading technology to streamline and fully integrate the real estate process. He is responsible for the company’s information security practice as...
Paolo Vallotti
CISO and VP of Operations
Tate and Lyle
CyberEdBoard connects 1,300+ influential practitioners from 71+ countries, who are passionate about advancing cybersecurity best practices, collaboration, and the protection of technology worldwide. Visit www.cyberedboard.io to learn more about our global community and apply for membership consideration.
Steve Boone
Head of Product
Checkmarx Inc.
David Barton
CTO
High Wire Networks
Barton, who has over 20 years of experience in information security, has held various leadership roles across a variety of industries, including telecommunications, healthcare, software development, finance and government. He has led security teams in companies including Sprint, Cingular, AT&T,...
Karen Habercoss
Chief Privacy Officer
U. Chicago Medicine
Habercoss is the chief privacy officer for The University of Chicago Medicine and Clinical Biological Sciences Division. She is responsible for the enterprise multiyear strategy and day-to-day operations of the Health System Privacy Program, which has a workforce of more...
Danny Jenkins
CEO
ThreatLocker
Wolf Goerlich
Advisory CISO
Duo Security at Cisco
J. Wolfgang Goerlich is an Advisory CISO for Duo Security at Cisco. Prior to this role, he led IT and IT security in the healthcare and financial services verticals. He has led advisory and assessment practices in several cyber security...
Keith Bergin
Vice President, Cyber Claims
Tokio Marine HCC
Bergin is vice president of cyber liability claims at Tokio Marine HCC. As a cyber risk transfer, incident response and mitigation expert, he has assisted organizations across all industry types throughout their risk-based decision processes and has served the legal,...
Myles Musser
Technical Solutions Architect
Cisco
Musser is a technical solutions architect at Cisco. His interest in technology began in the days of Windows 3.x, when he fumbled around in MS-DOS command prompts and enjoyed graphically primitive games on his collection of floppy disks. That interest...
Bonnie Goins
Manager, Senior Specialist of Governance, Risk, and Compliance (GRC)
Illinois Institue of Technology
Goins is an adjunct industry professor of information technology management at the Illinois Institute of Technology. She has over 27 years of experience in building robust and compliant security programs with executive leadership, both as a professional consultant and as...
View Agenda
Opening Remarks
Tom Field, SVP of Editorial, ISMG
Anna Delaney, Director of Productions, ISMG
Erik Hart, CISO, Cushman & Wakefield
Welcome to the Midwest Cybersecurity Summit!
Tom Field
Anna Delaney
Erik Hart
  • 09:00 AM
  • 09:09 AM
Organizational Security Measures: The 80% of What CISOs Can Control and Should Put Efforts Into
Shefali Mookencherry, Chief Information Security Officer, System Director of Information Security, Edward-Elmhurst Health
Erik Hart, CISO, Cushman & Wakefield
Paolo Vallotti, CISO and VP of Operations, Tate and Lyle

The majority of today's high profile breaches come down to poor cyber hygiene such as unpatched flaws, insecure APIs, misconfigured servers or compromised passwords. How can security leaders build the teams and resources they need in order to fully focus their efforts on the 80% of what they can control? 

Join Shefali Mookencherry, CISO, Edward-Elmhurst Health; Erik Hart, CISO, Cushman & Wakefield; and Paolo Vallotti, CISO & VP of Operations, Tate & Lyle to discuss:

  • The 80% of what you can control;
  • Tackling patching, passwords and misconfigurations;
  • Getting the resources you need on a limited budget.
Shefali Mookencherry
Erik Hart
Paolo Vallotti
  • 09:10 AM
  • 09:39 AM
Data Privacy Risk Management: Bridging the Gap Between Privacy and Security
Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine
Ashley Huntington, Compliance Officer, Cook County Health

We know that security teams should look to collaborate and work closely with privacy teams for the benefit of both departments and yet the notion of them being unrelated still exists. The DPO can help the CISO secure data more efficiently by collating only the most necessary data and keeping customers well-informed about the transfer and usage of data.

So, what are some best practices to improve collaboration? 

Join this Ashley Huntington, Chief Compliance Officer, Cook County Health and Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine to discuss:

  • Similarities and differences between security and privacy risk;
  • Where security and privacy teams can leverage each other;
  • How to quantify and qualify data risk.
Karen Habercoss
Ashley Huntington
  • 09:45 AM
  • 10:14 AM
Addressing Security in Modern Application Development: What You Need to Know Now
Steve Boone, Head of Product, Checkmarx Inc.

Today’s software-driven organizations know they need to keep innovating, but traditional software development models and release frequencies simply can’t keep up with seemingly ever-increasing demand. Clearly, Modern Application Development, or MAD, processes and innovative, cloud-native approaches are critical for organizations to stay viable.  

Not surprisingly, leadership support for MAD initiatives is building - and quickly. But MAD comes with cultural changes and some inherent application security challenges that need to be addressed proactively.

In this live session, we’ll cover what you’ll need to know about MAD, including:

  • Expected benefits and outcomes;
  • Likely hurdles and bumps you’ll run into; 
  • MAD’s expanding risk landscape;
  • Solutions and approaches you’ll need to properly secure MAD.

To learn more about Checkmarx, click here to visit our virtual booth and chat with a representative.

Steve Boone
  • 10:20 AM
  • 10:49 AM
Exhibits & Networking Break

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!


Stop by the Expo Hall.

  • 10:50 AM
  • 11:04 AM
Learning from the Log4j Vulnerability: Best Vendor Management and Communication Practices
Erik Hart, CISO, Cushman & Wakefield
Shefali Mookencherry, Chief Information Security Officer, System Director of Information Security, Edward-Elmhurst Health
Fred Kwong, VP, Chief Information Security Officer, DeVry University

The Apache Log4j zero-day that struck the world last December may have been the biggest incident of the year, but hardly the only one. SolarWinds, Microsoft Exchange and Kaseya all came prior. And it won't be the last. At a time when enterprises are increasingly vulnerable through their software supply chains, you know the next Log4j is far more "when" than "if."

So, how prepared are you for the next Log4j fire drill? Join this CISO panel to discuss:

  • Lessons learned from the first Log4j;
  • Questions to ask your critical vendors about preparedness and response;
  • How to make response and resiliency a part of your standard operating procedure.
Erik Hart
Shefali Mookencherry
Fred Kwong
  • 11:05 AM
  • 11:34 AM
Rationalizing Data Investments
Randy Lariar, Practice Director - Big Data & Analytics, Optiv
Bruce Phillips, SVP & Chief Information Security Officer, WEST, a Williston Financial Group company
Ted Kieffer, CISO, AZEK

The more data you use, the more data you find you’ll need. This leads to hard decisions about what investments to make in data projects, technology and personnel - with a limited budget. Cybersecurity teams need processes and tools to measure ROI and manage data sprawl. What are the best ways to think about optimizing your existing and upcoming data investments, and how have others approached the issue?

In this panel, Randy Lariar, practice director with Optiv’s Big Data and Analytics, discusses what he sees in the market and challenges organizations faced with rationalizing data investments. Top business leaders join Lariar to discuss what has worked for their organizations and their perspectives on how others can successfully decide what data investments are right for them.

To learn more about Optiv, click here to visit our virtual booth and chat with a representative.

Randy Lariar
Bruce Phillips
Ted Kieffer
  • 11:40 AM
  • 12:09 PM
Next-Generation Cyber Attacks – An Upstream and Downstream Moving Target
Frank Viciana, Principal Sales Engineer, Sonatype

Legacy software supply chain "exploits" prey on publicly disclosed open-source vulnerabilities left unpatched in the wild. Next-generation software supply chain "attacks" are more sinister because bad actors don't wait for public vulnerability disclosures. Instead, they take the initiative and actively inject malicious code into open-source projects that feed the global supply chain.

By shifting their focus "upstream," adversaries can infect a single component that is then distributed "downstream" using legitimate software workflows and update mechanisms.

Next-generation cyberattacks targeting open-source software projects have increased 430% year-over-year. The attacks are possible because:

  • Open-source projects rely on contributions from thousands of volunteer developers and discriminating between those with good or malicious intent is difficult, if not impossible. 
  • Open-source projects incorporate hundreds to thousands of dependencies from other open-source projects, many of which contain known vulnerabilities. 
  • The ethos of open source is built on shared trust between a global community of individuals, which creates a fertile environment for bad actors. 

When adversaries deliberately and secretly inject malicious code into open-source projects, they can surreptitiously "set traps" upstream and then carry out attacks downstream. This session explores: 

  • The evolution of software supply chain attacks; 
  • Their impact on open-source ecosystems; 
  • How companies can proactively protect themselves. 

To learn more about Sonatype, click here to visit our virtual booth and chat with a representative.

Frank Viciana
  • 12:15 PM
  • 12:29 PM
CyberEdBoard, A CISO Community

View our CyberEdBoard Profiles in Leadership Interviews with Marene Allison, CISO at Johnson & Johnson, Diego Souza, Global CISO at Cummins, Nicole Ford, VP & CISO at Carrier and more.

  • 12:30 PM
  • 01:17 PM
Best Practices to Prevent BEC Scams with Special Agent Cody Majereus

Business Email Compromise (BEC) and related email account compromise scams resulted in nearly $2.4 billion in reported losses from victims in 2021, the most of any category disclosed to the FBI’s Internet Crime Complaint Center (IC3.) In this presentation and fireside chat, Special Agent Cody Majerus will outline the anatomy of a BEC scheme, share insights into criminals' methods - and why they're working, and provide techniques to prevent these crimes.

Join Special Agent Cody Majerus to learn about:

  • The reality of BEC scams today - and how the criminals are succeeding;
  • Best practices to prevent BEC scams;
  • Ways to report cyber-enabled financial fraud cybercrimes.
  • 01:15 PM
  • 01:44 PM
To CERT or Not to CERT: Establishing Trust without Certificates
Myles Musser, Technical Solutions Architect, Cisco

Critical resources need defense in depth beyond validating identity. Certificates provided a method to establish this trust. It is time to remove the calendar reminder for our certificate renewal. Duo’s Device Health Application can verify enrollment into corporate management systems without deploying certificates. Learn how this is done with some common asset management solutions.

To learn more about Cisco, click here to visit our virtual booth and chat with a representative.

Myles Musser
  • 01:50 PM
  • 02:04 PM
Cyber Insurance and Risk: What's New in 2022?
Mike Rastigue, Cyber Solutions Leader, Crum & Forster
Keith Bergin, Vice President, Cyber Claims, Tokio Marine HCC

When CNA Financial - a top U.S. insurance company - was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data. How do record-high ransomware incidents - and ransoms - affect the cyber insurance sector? What are the emerging standards for coverage and the legislative trends affecting the practice?

This exclusive panel tackles these questions as well as:

  • How to be a better partner to buyers;
  • The rising bar for entities to qualify for cyber insurance;
  • The growing role of cyber insurance companies in incident response.
Mike Rastigue
Keith Bergin
  • 02:10 PM
  • 02:39 PM
Zero Trust for Applications
Danny Jenkins, CEO, ThreatLocker

The Zero Trust framework is based on the principle of "never trust, always verify." Join us to learn about Zero Trust, how to adopt it for applications, and the technologies you need to take control of your environment in the fight against ransomware.

To learn more about ThreatLocker, click here to visit our virtual booth and chat with a representative.

Danny Jenkins
  • 02:45 PM
  • 02:59 PM
Exhibit & Networking Break

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!


Stop by the Expo Hall.

  • 03:00 PM
  • 03:14 PM
The Evolution of Ransomware- Where it Began, Where is it Now?
David Barton, CTO, High Wire Networks
Bruce Phillips, SVP & Chief Information Security Officer, WEST, a Williston Financial Group company
Murad Dikeidek, Head of Information Security, University of Illinois Hospital & Health Sciences System

The vulnerabilities are old, the tactics are predictable and the potential impacts are crippling. The subject is ransomware, and this panel intends to breathe new life into the urgent topic by discussing key points, such as:

  • How to be a less likely victim;
  • How the threat has morphed - and how our response must change;
  • The true costs of "just pay the ransom."
David Barton
Bruce Phillips
Murad Dikeidek
  • 03:15 PM
  • 03:44 PM
Absolute Musts When Building a Comprehensive Data Governance and Valuation Program
Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine
Fred Kwong, VP, Chief Information Security Officer, DeVry University
Bonnie Goins, Manager, Senior Specialist of Governance, Risk, and Compliance (GRC), Illinois Institue of Technology

The growth in information production appears unstoppable: Businesses recognize data as a guide to strategic decision-making and a way to garner better business results. This also means that the demand for robust regulatory data governance has never been so great. 

How confident are you in determining the right roles, processes, policies, standards, and metrics to guarantee the efficient and effective use of information for your organization to reach its goals?

Join this panel to learn how to build a comprehensive data governance valuation program - regardless of whether your organization has a data governance officer or not.

Fred Kwong, CISO & VP, DeVry University; Bonnie Goins, Adjunct Professor, Illinois Institute of Technology; and Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine discuss:

  • Misconceptions about data governance;
  • Best practices to build a data governance valuation program;
  • Why communication is key to ensure efficient and effective use of information.
Karen Habercoss
Fred Kwong
Bonnie Goins
  • 03:50 PM
  • 04:19 PM
Closing Comments
  • 04:20 PM
  • 04:29 PM
Cocktail Reception
  • 04:30 PM
  • 05:29 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM CT on Day 2, Wednesday, March 9th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

ISMG's hybrid Midwest US Cybersecurity Summit's agenda will cover Zero Trust, IAM, Ransomware, Privacy, Fraud, Payments, IoT, Cryptocurrency, End Point Protection, Cloud Security and how it is impacting the region.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Convene
Name :
Convene
Address :
233 South Wacker Drive, Chicago, IL 60606, USA

Shefali Mookencherry
Chief Information Security Officer, System Director of Information Security
Edward-Elmhurst Health
Mookencherry is a CISO, responsible for developing, implementing and managing a cybersecurity program that includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. She also teaches graduate students at a local...
Erik Hart
CISO
Cushman & Wakefield
Hart oversees global information security for Cushman & Wakefield, a privately held commercial real estate services firm. He has over 20 years of experience providing information security and business continuity services to various industries and organizations and advises numerous companies...
Murad Dikeidek
Head of Information Security
University of Illinois Hospital & Health Sciences System
Dikeidek is the head of information security at the University of Illinois Hospital & Health Sciences System, or UI Health. In 2000, he was the first IT security analyst for the Military Nutrition Division at the U.S. Army Research Institute...
Mike Rastigue
Cyber Solutions Leader
Crum & Forster
Rastigue leads Crum & Forster’s cyber solutions team, bringing together cyber underwriting, claims and risk engineering. He advises customers on methods to improve their security posture before they have a loss and helps get customers back to business as usual...
Randy Lariar
Practice Director - Big Data & Analytics
Optiv
Ashley Huntington
Compliance Officer
Cook County Health
Huntington is the compliance officer and interim privacy officer for Cook County Health in Chicago, Illinois. She works closely with healthcare providers and workforce members on multiple compliance issues, including regulatory requirements, compliance audits, research compliance and compliance education. She...
Frank Viciana
Principal Sales Engineer
Sonatype
Anna Delaney
Director of Productions
ISMG
Fred Kwong
VP, Chief Information Security Officer
DeVry University
Kwong is the vice president and chief information security officer at DeVry University. He has been in the information security and technology field for the past 20 years, working in the education, financial, telecommunication, healthcare and insurance sectors. Kwong is...
Tom Field
SVP of Editorial
ISMG
Ted Kieffer
CISO
AZEK
Kieffer is the chief information security officer for The AZEK Company, a U.S.-based manufacturer of environmentally sustainable outdoor living building products, where he focuses on building pragmatic, forward-looking, business-relevant security programs that manage real risk. He is a 20-year information...
Bruce Phillips
SVP & Chief Information Security Officer
WEST, a Williston Financial Group company
Phillips is senior vice president and chief information security officer for WEST, a Williston Financial Group company that creates industry-leading technology to streamline and fully integrate the real estate process. He is responsible for the company’s information security practice as...
Paolo Vallotti
CISO and VP of Operations
Tate and Lyle
CyberEdBoard connects 1,300+ influential practitioners from 71+ countries, who are passionate about advancing cybersecurity best practices, collaboration, and the protection of technology worldwide. Visit www.cyberedboard.io to learn more about our global community and apply for membership consideration.
Steve Boone
Head of Product
Checkmarx Inc.
David Barton
CTO
High Wire Networks
Barton, who has over 20 years of experience in information security, has held various leadership roles across a variety of industries, including telecommunications, healthcare, software development, finance and government. He has led security teams in companies including Sprint, Cingular, AT&T,...
Karen Habercoss
Chief Privacy Officer
U. Chicago Medicine
Habercoss is the chief privacy officer for The University of Chicago Medicine and Clinical Biological Sciences Division. She is responsible for the enterprise multiyear strategy and day-to-day operations of the Health System Privacy Program, which has a workforce of more...
Danny Jenkins
CEO
ThreatLocker
Wolf Goerlich
Advisory CISO
Duo Security at Cisco
J. Wolfgang Goerlich is an Advisory CISO for Duo Security at Cisco. Prior to this role, he led IT and IT security in the healthcare and financial services verticals. He has led advisory and assessment practices in several cyber security...
Keith Bergin
Vice President, Cyber Claims
Tokio Marine HCC
Bergin is vice president of cyber liability claims at Tokio Marine HCC. As a cyber risk transfer, incident response and mitigation expert, he has assisted organizations across all industry types throughout their risk-based decision processes and has served the legal,...
Myles Musser
Technical Solutions Architect
Cisco
Musser is a technical solutions architect at Cisco. His interest in technology began in the days of Windows 3.x, when he fumbled around in MS-DOS command prompts and enjoyed graphically primitive games on his collection of floppy disks. That interest...
Bonnie Goins
Manager, Senior Specialist of Governance, Risk, and Compliance (GRC)
Illinois Institue of Technology
Goins is an adjunct industry professor of information technology management at the Illinois Institute of Technology. She has over 27 years of experience in building robust and compliant security programs with executive leadership, both as a professional consultant and as...

View Agenda
Opening Remarks
Tom Field, SVP of Editorial, ISMG
Anna Delaney, Director of Productions, ISMG
Erik Hart, CISO, Cushman & Wakefield
Welcome to the Midwest Cybersecurity Summit!
Tom Field
Anna Delaney
Erik Hart
  • 09:00 AM
  • 09:09 AM
Organizational Security Measures: The 80% of What CISOs Can Control and Should Put Efforts Into
Shefali Mookencherry, Chief Information Security Officer, System Director of Information Security, Edward-Elmhurst Health
Erik Hart, CISO, Cushman & Wakefield
Paolo Vallotti, CISO and VP of Operations, Tate and Lyle

The majority of today's high profile breaches come down to poor cyber hygiene such as unpatched flaws, insecure APIs, misconfigured servers or compromised passwords. How can security leaders build the teams and resources they need in order to fully focus their efforts on the 80% of what they can control? 

Join Shefali Mookencherry, CISO, Edward-Elmhurst Health; Erik Hart, CISO, Cushman & Wakefield; and Paolo Vallotti, CISO & VP of Operations, Tate & Lyle to discuss:

  • The 80% of what you can control;
  • Tackling patching, passwords and misconfigurations;
  • Getting the resources you need on a limited budget.
Shefali Mookencherry
Erik Hart
Paolo Vallotti
  • 09:10 AM
  • 09:39 AM
Data Privacy Risk Management: Bridging the Gap Between Privacy and Security
Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine
Ashley Huntington, Compliance Officer, Cook County Health

We know that security teams should look to collaborate and work closely with privacy teams for the benefit of both departments and yet the notion of them being unrelated still exists. The DPO can help the CISO secure data more efficiently by collating only the most necessary data and keeping customers well-informed about the transfer and usage of data.

So, what are some best practices to improve collaboration? 

Join this Ashley Huntington, Chief Compliance Officer, Cook County Health and Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine to discuss:

  • Similarities and differences between security and privacy risk;
  • Where security and privacy teams can leverage each other;
  • How to quantify and qualify data risk.
Karen Habercoss
Ashley Huntington
  • 09:45 AM
  • 10:14 AM
Addressing Security in Modern Application Development: What You Need to Know Now
Steve Boone, Head of Product, Checkmarx Inc.

Today’s software-driven organizations know they need to keep innovating, but traditional software development models and release frequencies simply can’t keep up with seemingly ever-increasing demand. Clearly, Modern Application Development, or MAD, processes and innovative, cloud-native approaches are critical for organizations to stay viable.  

Not surprisingly, leadership support for MAD initiatives is building - and quickly. But MAD comes with cultural changes and some inherent application security challenges that need to be addressed proactively.

In this live session, we’ll cover what you’ll need to know about MAD, including:

  • Expected benefits and outcomes;
  • Likely hurdles and bumps you’ll run into; 
  • MAD’s expanding risk landscape;
  • Solutions and approaches you’ll need to properly secure MAD.

To learn more about Checkmarx, click here to visit our virtual booth and chat with a representative.

Steve Boone
  • 10:20 AM
  • 10:49 AM
Exhibits & Networking Break

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!


Stop by the Expo Hall.

  • 10:50 AM
  • 11:04 AM
Learning from the Log4j Vulnerability: Best Vendor Management and Communication Practices
Erik Hart, CISO, Cushman & Wakefield
Shefali Mookencherry, Chief Information Security Officer, System Director of Information Security, Edward-Elmhurst Health
Fred Kwong, VP, Chief Information Security Officer, DeVry University

The Apache Log4j zero-day that struck the world last December may have been the biggest incident of the year, but hardly the only one. SolarWinds, Microsoft Exchange and Kaseya all came prior. And it won't be the last. At a time when enterprises are increasingly vulnerable through their software supply chains, you know the next Log4j is far more "when" than "if."

So, how prepared are you for the next Log4j fire drill? Join this CISO panel to discuss:

  • Lessons learned from the first Log4j;
  • Questions to ask your critical vendors about preparedness and response;
  • How to make response and resiliency a part of your standard operating procedure.
Erik Hart
Shefali Mookencherry
Fred Kwong
  • 11:05 AM
  • 11:34 AM
Rationalizing Data Investments
Randy Lariar, Practice Director - Big Data & Analytics, Optiv
Bruce Phillips, SVP & Chief Information Security Officer, WEST, a Williston Financial Group company
Ted Kieffer, CISO, AZEK

The more data you use, the more data you find you’ll need. This leads to hard decisions about what investments to make in data projects, technology and personnel - with a limited budget. Cybersecurity teams need processes and tools to measure ROI and manage data sprawl. What are the best ways to think about optimizing your existing and upcoming data investments, and how have others approached the issue?

In this panel, Randy Lariar, practice director with Optiv’s Big Data and Analytics, discusses what he sees in the market and challenges organizations faced with rationalizing data investments. Top business leaders join Lariar to discuss what has worked for their organizations and their perspectives on how others can successfully decide what data investments are right for them.

To learn more about Optiv, click here to visit our virtual booth and chat with a representative.

Randy Lariar
Bruce Phillips
Ted Kieffer
  • 11:40 AM
  • 12:09 PM
Next-Generation Cyber Attacks – An Upstream and Downstream Moving Target
Frank Viciana, Principal Sales Engineer, Sonatype

Legacy software supply chain "exploits" prey on publicly disclosed open-source vulnerabilities left unpatched in the wild. Next-generation software supply chain "attacks" are more sinister because bad actors don't wait for public vulnerability disclosures. Instead, they take the initiative and actively inject malicious code into open-source projects that feed the global supply chain.

By shifting their focus "upstream," adversaries can infect a single component that is then distributed "downstream" using legitimate software workflows and update mechanisms.

Next-generation cyberattacks targeting open-source software projects have increased 430% year-over-year. The attacks are possible because:

  • Open-source projects rely on contributions from thousands of volunteer developers and discriminating between those with good or malicious intent is difficult, if not impossible. 
  • Open-source projects incorporate hundreds to thousands of dependencies from other open-source projects, many of which contain known vulnerabilities. 
  • The ethos of open source is built on shared trust between a global community of individuals, which creates a fertile environment for bad actors. 

When adversaries deliberately and secretly inject malicious code into open-source projects, they can surreptitiously "set traps" upstream and then carry out attacks downstream. This session explores: 

  • The evolution of software supply chain attacks; 
  • Their impact on open-source ecosystems; 
  • How companies can proactively protect themselves. 

To learn more about Sonatype, click here to visit our virtual booth and chat with a representative.

Frank Viciana
  • 12:15 PM
  • 12:29 PM
CyberEdBoard, A CISO Community

View our CyberEdBoard Profiles in Leadership Interviews with Marene Allison, CISO at Johnson & Johnson, Diego Souza, Global CISO at Cummins, Nicole Ford, VP & CISO at Carrier and more.

  • 12:30 PM
  • 01:17 PM
Best Practices to Prevent BEC Scams with Special Agent Cody Majereus

Business Email Compromise (BEC) and related email account compromise scams resulted in nearly $2.4 billion in reported losses from victims in 2021, the most of any category disclosed to the FBI’s Internet Crime Complaint Center (IC3.) In this presentation and fireside chat, Special Agent Cody Majerus will outline the anatomy of a BEC scheme, share insights into criminals' methods - and why they're working, and provide techniques to prevent these crimes.

Join Special Agent Cody Majerus to learn about:

  • The reality of BEC scams today - and how the criminals are succeeding;
  • Best practices to prevent BEC scams;
  • Ways to report cyber-enabled financial fraud cybercrimes.
  • 01:15 PM
  • 01:44 PM
To CERT or Not to CERT: Establishing Trust without Certificates
Myles Musser, Technical Solutions Architect, Cisco

Critical resources need defense in depth beyond validating identity. Certificates provided a method to establish this trust. It is time to remove the calendar reminder for our certificate renewal. Duo’s Device Health Application can verify enrollment into corporate management systems without deploying certificates. Learn how this is done with some common asset management solutions.

To learn more about Cisco, click here to visit our virtual booth and chat with a representative.

Myles Musser
  • 01:50 PM
  • 02:04 PM
Cyber Insurance and Risk: What's New in 2022?
Mike Rastigue, Cyber Solutions Leader, Crum & Forster
Keith Bergin, Vice President, Cyber Claims, Tokio Marine HCC

When CNA Financial - a top U.S. insurance company - was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data. How do record-high ransomware incidents - and ransoms - affect the cyber insurance sector? What are the emerging standards for coverage and the legislative trends affecting the practice?

This exclusive panel tackles these questions as well as:

  • How to be a better partner to buyers;
  • The rising bar for entities to qualify for cyber insurance;
  • The growing role of cyber insurance companies in incident response.
Mike Rastigue
Keith Bergin
  • 02:10 PM
  • 02:39 PM
Zero Trust for Applications
Danny Jenkins, CEO, ThreatLocker

The Zero Trust framework is based on the principle of "never trust, always verify." Join us to learn about Zero Trust, how to adopt it for applications, and the technologies you need to take control of your environment in the fight against ransomware.

To learn more about ThreatLocker, click here to visit our virtual booth and chat with a representative.

Danny Jenkins
  • 02:45 PM
  • 02:59 PM
Exhibit & Networking Break

Enhance your Summit experience by visiting the Sponsors’ Interactive Booths. Chat with Representatives at each Booth, access valuable resources, schedule a demo and more!


Stop by the Expo Hall.

  • 03:00 PM
  • 03:14 PM
The Evolution of Ransomware- Where it Began, Where is it Now?
David Barton, CTO, High Wire Networks
Bruce Phillips, SVP & Chief Information Security Officer, WEST, a Williston Financial Group company
Murad Dikeidek, Head of Information Security, University of Illinois Hospital & Health Sciences System

The vulnerabilities are old, the tactics are predictable and the potential impacts are crippling. The subject is ransomware, and this panel intends to breathe new life into the urgent topic by discussing key points, such as:

  • How to be a less likely victim;
  • How the threat has morphed - and how our response must change;
  • The true costs of "just pay the ransom."
David Barton
Bruce Phillips
Murad Dikeidek
  • 03:15 PM
  • 03:44 PM
Absolute Musts When Building a Comprehensive Data Governance and Valuation Program
Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine
Fred Kwong, VP, Chief Information Security Officer, DeVry University
Bonnie Goins, Manager, Senior Specialist of Governance, Risk, and Compliance (GRC), Illinois Institue of Technology

The growth in information production appears unstoppable: Businesses recognize data as a guide to strategic decision-making and a way to garner better business results. This also means that the demand for robust regulatory data governance has never been so great. 

How confident are you in determining the right roles, processes, policies, standards, and metrics to guarantee the efficient and effective use of information for your organization to reach its goals?

Join this panel to learn how to build a comprehensive data governance valuation program - regardless of whether your organization has a data governance officer or not.

Fred Kwong, CISO & VP, DeVry University; Bonnie Goins, Adjunct Professor, Illinois Institute of Technology; and Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine discuss:

  • Misconceptions about data governance;
  • Best practices to build a data governance valuation program;
  • Why communication is key to ensure efficient and effective use of information.
Karen Habercoss
Fred Kwong
Bonnie Goins
  • 03:50 PM
  • 04:19 PM
Closing Comments
  • 04:20 PM
  • 04:29 PM
Cocktail Reception
  • 04:30 PM
  • 05:29 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM CT on Day 2, Wednesday, March 9th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Speaker Interviews

April 5 - 6, 2022

Midwest Cybersecurity Summit