VP & CISO
Campbell Soup Company

Emerging Security Threats and Industrywide Disruption: Cybersecurity Leaders Weigh in on the Need for Resiliency and Cooperation

This session aims to provide a strategic view of the challenge in securing the supply chain from the perspective of cybersecurity leaders at major consumer packaged goods organizations. Insights on the broadening and ever-changing supply chain threat landscape will be captured through questions posed to each of the participants. The panel goals are to determine how organizations prepare for and respond to unpredictable disruptions that threaten business continuity and system security.

Operating Partner CISO in Residence
Team8

Operational Resilience Framework Panel

In 2021, GRF’s Business Resilience Council (BRC) launched a multi-sector working group to develop the Operational Resilience Framework which will be released in October 2022. In this session, panelists will review with the audience the design and application of the framework, and describe how it supports rapid recovery of critical services to customers in the face of destructive attacks and adverse events.

CEO
SCYTHE

Benchmark Your Security

Your security is defined by the threat: from prevention that is left of boom to the speed with which you can detect, respond, and recover from a breach. Structural awareness consists of identification (what you have) and protection along with your exposure to third parties and your own development process (CI/CD pipeline). Operational awareness covers post-deployment (it's been thrown over the proverbial wall) phases of what we can control and understand post-incident. We will discuss beyond CIS controls as a benchmark in both pre/post operational environments to follow Dan Geer's philosophy that "the truth is best achieved by adversarial procedures." When it comes to compromises the adversary gets the only vote that really counts.

Global Head Third Party Risk
AWS

Tectonic Shifts in Supply Chain Management Panel

For the past several decades global enterprises have been diligent in their effort to optimize supply chain logistics and significantly reduced the amount of product inventory paid for while improving time to market for consumers. Several disruptive categories of events have jolted global enterprises to rethink this approach to supply chain management including:

• the global pandemic of COVID-19

• the war in Ukraine and aggressive posture of Russia toward the west

• increasing number of extreme weather events causing business disruption, large population migration and famine due to water shortages

• social responsibilities and accountabilities

• malicious and destructive software in the global software supply chain

Partner
KPMG

Emerging Security Threats and Industrywide Disruption: Cybersecurity Leaders Weigh in on the Need for Resiliency and Cooperation

This session aims to provide a strategic view of the challenge in securing the supply chain from the perspective of cybersecurity leaders at major consumer packaged goods organizations. Insights on the broadening and ever-changing supply chain threat landscape will be captured through questions posed to each of the participants. The panel goals are to determine how organizations prepare for and respond to unpredictable disruptions that threaten business continuity and system security.

Assurance & Compliance Senior Director
Mars

Emerging Security Threats and Industrywide Disruption: Cybersecurity Leaders Weigh in on the Need for Resiliency and Cooperation

This session aims to provide a strategic view of the challenge in securing the supply chain from the perspective of cybersecurity leaders at major consumer packaged goods organizations. Insights on the broadening and ever-changing supply chain threat landscape will be captured through questions posed to each of the participants. The panel goals are to determine how organizations prepare for and respond to unpredictable disruptions that threaten business continuity and system security.

Sales Engineering Leader
LogRhythm

Cloud Migration - Cybersecurity Success

What is Cybersecurity Success, and how can you apply that to your Cloud environments? Marco DiPasquale of Cipher and Jacob Eggemeyer of LogRhythm will introduce you to why our partnership is positioned to achieve success. Knowing your motivations for Cloud migration and use and Cybersecurity, regardless the platforms you choose, and the importance of collaborative design, along with 3 critical ingredients and questions you should ask yourself will be presented, leading to a cyber maturity discussion and summary information.

CEO
The Evanina Group, LLC

Building a Sustainable Enterprise Wide Corporate Risk Posture from the Board to the C-Suite

This session will detail the core foundations of building and sustaining a comprehensive enterprise wide security posture which descends from leadership through the entire enterprise. Such a posture uses intelligence based metrics, current threat identification, and repeatable business practices to ensure both sustainability and growth in protecting your brand and what you make and sell. Key focus areas will be crisis mitigation, ransomware and third party data storage and vulnerability.

Senior Director of Research and Analysis
Flashpoint

Ransomware Dumps Sites: Ongoing Challenges of Evaluating Your Exposure

Ransomware dumps sites are an ongoing issue for organizations. The advent of double-extortion has increased victims' willingness to pay, or risk their information appearing on ransomware dump sites. Due to the interconnected nature of business operations, these dumps can include sensitive information from third parties. Issues in accessing and downloading the data can affect companies ability to accurately mitigate these risks. In this presentation, we will evaluate some of the ongoing challenges associated with the exposure from ransomware leaks.

Regional CSO Latin America and the Caribbean
Mastercard

Finding Opportunities for the Adversary

Having an adversary focused approach to cybersecurity will assist organizations with shaping the malicious actor’s behavior, denying them benefits, and pressing costs on their efforts to successfully breach your company. Attendees will come away from this session thinking like an attacker, understanding the risk, and knowing how to leverage critical threat intelligence nodes to gain an edge in defeating cyber adversaries. As threats continue to be more complicated and severe, organizations need to make themselves not just a more hardened target, but a fiercer target causing attackers to seek gains somewhere else.

Director, Cyber Security Services
KPMG

Encouraging Consistent Third-Party Security Protocols: A Practical Framework

This session will showcase the current challenges and opportunities for practitioners in managing their third-party vendor ecosystem. Representatives from major consumer packaged goods organizations will participate in a roundtable discussion focused on each specific stage of the vendor lifecycle, from procurement to offboarding, to determine where collaboration amongst industry can better facilitate secure third-party procedures. For shared challenges, the group will look to identify collective best practices, as well as novel approaches to better address the issues at hand.

Security Assurance & Compliance Senior Lead
Mars

Encouraging Consistent Third-Party Security Protocols: A Practical Framework

This session will showcase the current challenges and opportunities for practitioners in managing their third-party vendor ecosystem. Representatives from major consumer packaged goods organizations will participate in a roundtable discussion focused on each specific stage of the vendor lifecycle, from procurement to offboarding, to determine where collaboration amongst industry can better facilitate secure third-party procedures. For shared challenges, the group will look to identify collective best practices, as well as novel approaches to better address the issues at hand.

Founder & Executive Director
National Security Institute
George Mason University - Antonin Scalia Law School

Colonial Pipeline, Ukraine, and Taiwan: How C-Suite Executives Ought to Think About the Threat of Cyber Collateral Damage and Destructive Cyber Attacks in the Modern Era

In light of the recent Russian attack on Ukraine and the potential threat of a Chinese invasion of Taiwan in the not-so-distant future, c-suite executives must increasingly consider the potential risk posed by cyber attacks that are either designed to create destructive effects against their organization or which may result as collateral damage to their organization even when they are not the intended target. This session will look at the historical lessons of cyber attacks like Colonial Pipeline, JBS, NotPetya, Sony Pictures, and Las Vegas Sands as well as recent trends in geopolitics and cyber offensive operations to help senior business executives think about and plan for threats to their operational and business infrastructure. The session will provide tools and frameworks for the assessment of cyber geopolitical risk in private sector boardrooms and executive offices.

Assistant Vice President
Cyber Solutions Broking
Aon

Cyber Risk Insurance Trends Panel

“Cybersecurity insurance is too expensive. Coverage is too narrow in scope. It’ll never pay out. I’m held to too high a defensive bar to meet coverage requirements. We have data backups so we won’t pay a ransom anyway.” Join this session to uncover misconceptions, learn how to prepare your organization and how to guard yourself in a rapidly evolving marketplace. Explore insurance risk management with a panel featuring an incident response practitioner, a broker, an attorney and an underwriting consultant.

Chief Executive Officer
Cybervadis

Managing Director
Operational Technology Information Sharing Analysis Centre (OT-ISAC)

OT Risk Management - Lessons Learnt from the Community

With the increasing industrial automation brought about by Industry 4.0, there will be greater connectivity between systems (internal and external). Operational Technology is a growing concern for many asset owners and operators. The talk will look at the drivers, challenges and enablers for securing OT assets.

Security Lead
Intel Corporation

Semiconductor supply chain security considerations

This presentation will provide an overview of semiconductor development phases and their associated threats when using third party tools, third party fabs and third party IPs. After understanding the threat landscape we will explore potential directions for mitigations, future standards and methods.

Executive Chairman and Co-Founder
Lewis & Clark Bancorp

Operational Resilience Framework Panel

In 2021, GRF’s Business Resilience Council (BRC) launched a multi-sector working group to develop the Operational Resilience Framework which will be released in October 2022. In this session, panelists will review with the audience the design and application of the framework, and describe how it supports rapid recovery of critical services to customers in the face of destructive attacks and adverse events.

Chief Security Advisor
Microsoft Security

Opening Keynote

Distinguished Fellow for Industrial Cybersecurity
University of Miami –Institute of Data Science & Computing

Securing America’s Manufacturers: Evolution of Cyberthreats in the 21st Century Panel

Attend this session to learn more about past, present and future threats to U.S. manufacturing through the lens of speakers representing healthcare, energy and public/private security partnerships. Speakers have extensive experience in securing different aspects of critical infrastructure, and all have witnessed a change in approach from threat actors as technology, nation-state requirements, ransom landscape, and individual sophistication have adapted to the times, and the targets.

Vice President of North America
Cipher

Cloud Migration - Cybersecurity Success

What is Cybersecurity Success, and how can you apply that to your Cloud environments? Marco DiPasquale of Cipher and Jacob Eggemeyer of LogRhythm will introduce you to why our partnership is positioned to achieve success. Knowing your motivations for Cloud migration and use and Cybersecurity, regardless the platforms you choose, and the importance of collaborative design, along with 3 critical ingredients and questions you should ask yourself will be presented, leading to a cyber maturity discussion and summary information.

CIPP/E, CIPM
Director of Strategy
Third-Party Risk Management
OneTrust

CEO
Axalton Group

Risks of digital exposure in the manufacturing and critical infrastructure sectors

A recent study by Cyber Intel Matrix provides a sectoral overview of typical vulnerabilities, weaknesses, and possible future threats in manufacturing.

The study found a complex and vertically large network infrastructure in each manufacturing company under scope, a large portion of which contained unmaintained legacy services. Every network examined in the study is filled with vulnerable points.

The network infrastructure of manufacturing companies relies on a large number of third-party maintainers, contractors, and developers and software. The amount of potential exposure menacingly increases with the size of this infrastructure.

Companies are seemingly trying to adopt state-of-the-art and secure cloud-based solutions and data management, while neglecting their parallel legacy frameworks, which run on outdated and vulnerable software (and firmware). Critical IoT and IIoT remains vulnerable and exposed in many cases.

Managing Director, Cyber Security Services
KPMG

Encouraging Consistent Third-Party Security Protocols: A Practical Framework

This session will showcase the current challenges and opportunities for practitioners in managing their third-party vendor ecosystem. Representatives from major consumer packaged goods organizations will participate in a roundtable discussion focused on each specific stage of the vendor lifecycle, from procurement to offboarding, to determine where collaboration amongst industry can better facilitate secure third-party procedures. For shared challenges, the group will look to identify collective best practices, as well as novel approaches to better address the issues at hand.

Senior Vice President
Cybersecurity Third Party Risk
Truist Financial Corp.

Third-Party Risk: Reactive to Predictive

It is not a question of if, but when your third-parties will have an incident or breach, causing disruption to your own operations. Learn how to take a risk-based approach to your vendor resilience to ensure that their incidents or breaches do not affect your organization's ability to continue operations.

Vice President, Information Technology
Otter Tail Corporation

Measuring Performance of a Security Program Through Maturity Models

Whether your company has mature security program or you are just beginning your journey, let's take a look through the inception, maturation and maintenance of the ICSP (Information and Cyber Security Program) at Otter Tail Corporation. This session will showcase how to map progress through maturity models and industry performance metrics and use results to target priorities, mature capabilities, and increase return on investments.

Vice President
BlueVoyant
Strategic Development Group

Operationalizing Supply Chain Defense from Findings to Mitigation

The evolution of supply chain cyber risk management has taken us from self-attestation questionnaires to security ratings services and advanced artificial intelligence (AI) technology. Along the way, organizations have acknowledged that extended supply chain ecosystems are a favorite attack vector, necessitating the need for comprehensive and continuous visibility across all of their suppliers. Now on the cusp of achieving operational efficiencies and true supply chain cyber defense, organizations are realizing that automated technology solutions need to be complimented with analyst-backed curation and validation in order to enable teams to prioritize supplier risk for rapid and direct remediation.

How does your organization get there? Like many organizations, your maturity level may not be where you’d like it to be. You may still be relying on point-in-time questionnaires or be experiencing the frustration of too many false positive alerts and not enough staff to prioritize what’s really important. In this session, you’ll hear about how combining AI technology and human investigations may comprise the next step in your evolution to operationalizing supply chain cyber risk management.

Executive Director of Operational & Cyber Resilience
Sumitomo Mitsui Banking Corporation

Operational Resilience Framework Panel

In 2021, GRF’s Business Resilience Council (BRC) launched a multi-sector working group to develop the Operational Resilience Framework which will be released in October 2022. In this session, panelists will review with the audience the design and application of the framework, and describe how it supports rapid recovery of critical services to customers in the face of destructive attacks and adverse events.

Board member, Advisor & Faculty member, former CSO at CVS Health and former CISO at MassMutual

Tectonic Shifts in Supply Chain Management Panel

For the past several decades global enterprises have been diligent in their effort to optimize supply chain logistics and significantly reduced the amount of product inventory paid for while improving time to market for consumers. Several disruptive categories of events have jolted global enterprises to rethink this approach to supply chain management including:

• the global pandemic of COVID-19

• the war in Ukraine and aggressive posture of Russia toward the west

• increasing number of extreme weather events causing business disruption, large population migration and famine due to water shortages

• social responsibilities and accountabilities

• malicious and destructive software in the global software supply chain

Director of Cyber Security &
Risk Management
AmLaw 200 Law Firm

Advanced Monitoring

Looking back at some of the most sophisticated attacks experienced over the past couple of years, organizations have grappled with tuning their preventative controls in an attempt to get ahead of advanced persistent threats. Monitoring for compromised vendors, living off the land and Ransomware activity has grown into its only cyber-discipline.

What are the most important technologies, tools and tactics you should build in your program? How do you avoid alert fatigue? These are topics we'll explore to enhance your detection capabilities or make the case for the tools you'll need to get there.

Cybersecurity Director
J&J Consumer Health

Encouraging Consistent Third-Party Security Protocols: A Practical Framework
&
Emerging Security Threats and Industrywide Disruption: Cybersecurity Leaders Weigh in on the Need for Resiliency and Cooperation

Consultant, Cyber Risk Solutions
WTW

Cyber Risk Insurance Trends Panel

“Cybersecurity insurance is too expensive. Coverage is too narrow in scope. It’ll never pay out. I’m held to too high a defensive bar to meet coverage requirements. We have data backups so we won’t pay a ransom anyway.” Join this session to uncover misconceptions, learn how to prepare your organization and how to guard yourself in a rapidly evolving marketplace. Explore insurance risk management with a panel featuring an incident response practitioner, a broker, an attorney and an underwriting consultant.

CEO & CTO
HYPR

A perfect storm 50 years in the making: Why authentication is broken and what it’s going to take to fix it.

Despite the oft-quoted statistic that 80% of all security breaches are related to passwords, the situation is actually getting worse with traditional MFA solutions already being bypassed at scale. HYPR CEO, CTO and one-time hacker Bojan Simic describes how attacks take place today and provides a vision for how authentication needs to evolve to address the changing nature of security at every point in the enterprise, consumer and even IoT lifecycle.

VP, Engagement Management
Stroz Friedberg

Cyber Risk Insurance Trends Panel

“Cybersecurity insurance is too expensive. Coverage is too narrow in scope. It’ll never pay out. I’m held to too high a defensive bar to meet coverage requirements. We have data backups so we won’t pay a ransom anyway.” Join this session to uncover misconceptions, learn how to prepare your organization and how to guard yourself in a rapidly evolving marketplace. Explore insurance risk management with a panel featuring an incident response practitioner, a broker, an attorney and an underwriting consultant.

Senior Vice President
ProcessUnity

Third-Party Risk Deep Dive: Calculating Inherent Risk

When building an efficient vendor risk management program, it is critical to prioritize which vendors present the most risk. Knowledge of your third parties’ inherent risks can help increase security and performance and change the way you run your vendor risk management program. In addition, by understanding where to prioritize your time, you can invest resources in assessing and monitoring the third parties that matter most to your business.

In this webinar, you’ll learn how to: 

• Develop inherent risk calculations and a scoring methodology

• Tier your third parties by criticality and high risk

• Scope and schedule vendor assessments based on inherent risk scores 

Assoc. Laboratory Director, National and Homeland Security Science & Technology
Idaho National Laboratory

Securing America’s Manufacturers: Evolution of Cyberthreats in the 21st Century Panel

Attend this session to learn more about past, present and future threats to U.S. manufacturing through the lens of speakers representing healthcare, energy and public/private security partnerships. Speakers have extensive experience in securing different aspects of critical infrastructure, and all have witnessed a change in approach from threat actors as technology, nation-state requirements, ransom landscape, and individual sophistication have adapted to the times, and the targets.

Co-Chair, Data Privacy & Cybersecurity Practice
Spencer Fane LLP

Cyber Risk Insurance Trends Panel

“Cybersecurity insurance is too expensive. Coverage is too narrow in scope. It’ll never pay out. I’m held to too high a defensive bar to meet coverage requirements. We have data backups so we won’t pay a ransom anyway.” Join this session to uncover misconceptions, learn how to prepare your organization and how to guard yourself in a rapidly evolving marketplace. Explore insurance risk management with a panel featuring an incident response practitioner, a broker, an attorney and an underwriting consultant.

Chairman & CEO
Supply Wisdom

Tectonic Shifts in Supply Chain Management Panel

For the past several decades global enterprises have been diligent in their effort to optimize supply chain logistics and significantly reduced the amount of product inventory paid for while improving time to market for consumers. Several disruptive categories of events have jolted global enterprises to rethink this approach to supply chain management including:

• the global pandemic of COVID-19

• the war in Ukraine and aggressive posture of Russia toward the west

• increasing number of extreme weather events causing business disruption, large population migration and famine due to water shortages

• social responsibilities and accountabilities

• malicious and destructive software in the global software supply chain

Managing Director of Operational Resilience
SVB

Building vs. Maturing a Third-Party Risk Program

Initial build out of Third Party Risk Management (TPRM) poses a different set of challenges when compared to enhancement of a program in a mature state. During this session we will dive into different approaches firms can adopt to maximize and expedite value proposition to the organization tailored to the different maturity levels of third-party risk program. Whether it’s initial determination of people, process and technology or modeling of concentration and vulnerabilities stakeholder buy in is key to the operational effectiveness and sustainability of the TPRM. This session is dedicated to lessons learned and best industry practice for building and maturing third-party risk programs within your organizations.

Chief Information Security Officer
Stoel Rives LLP

Operational Resilience Tabletop – When Critical Assets Live in the Cloud

Cloud services have become an integral part of nearly every business strategy. As organizations leverage the agility and efficiency of cloud-based solutions to host business critical workloads and data, cloud service providers get better and better at providing reliable and resilient solutions. But how much faith can you really put in a cloud based solution, even when the provider has a strong security program and many layers of security and redundancy?

Referencing rules in the new GRF Operational Resilience Framework, Jon Washburn will lead attendees through Stoel Rives’ assessment of risk to its document management (“DMS”) cloud and what led the organization to engineer a separate, immutable backup of this 20+TB information store - despite strong assurance from the cloud service provider. The session will then move through a tabletop scenario designed to highlight when the organization may be placing too many critical assets in one basket – even when that basket seems ‘bullet-proof,’ and end with Q&A.

Senior Manager, Information Risk
Campbell Soup Company

Encouraging Consistent Third-Party Security Protocols: A Practical Framework

This session will showcase the current challenges and opportunities for practitioners in managing their third-party vendor ecosystem. Representatives from major consumer packaged goods organizations will participate in a roundtable discussion focused on each specific stage of the vendor lifecycle, from procurement to offboarding, to determine where collaboration amongst industry can better facilitate secure third-party procedures. For shared challenges, the group will look to identify collective best practices, as well as novel approaches to better address the issues at hand.