Event Schedule

Mon & Tue, December 12-13: Pre-Conference Certificate Training Classes, All Day
Wed, December 13: Conference Day One, 8 AM to 6 PM
Thurs, December 14: Conference Day Two, 8 AM to 6 PM
Fri, December 15: Special Interest Group (SIG) Meetings

Times for this Event are in Central Time (CDT/CST).

• DAY ONE
• Welcome to the Central America & Caribbean Cybersecurity Conference
• AI & ML in Cybersecurity: Can We ‘Science the Heck’ Out of Trouble? 12:10 pm
  Add to Calendar20221214 12:10 pm20221214 12:30 pmAmerica/ChicagoAI & ML in Cybersecurity: Can We ‘Science the Heck’ Out of Trouble?

  We get it, Artificial Intelligence (AI) with particular focus on Machine Learning (ML) is one way to overcome advanced threats with particular attention to scale. That said, those terms are thrown at our executives to delight, amaze and confuse them. How do we really discern between them as tools in our kit versus ‘Weapons of Mass Distraction’? 

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  We get it, Artificial Intelligence (AI) with particular focus on Machine Learning (ML) is one way to overcome advanced threats with particular attention to scale. That said, those terms are thrown at our executives to delight, amaze and confuse them. How do we really discern between them as tools in our kit versus ‘Weapons of Mass Distraction’? 

  Click to Expand

  Collapse This Item

• Beyond SolarWinds: Supply Chain & Third-Party Risk Management for 2022 12:40 pm
  Add to Calendar20221214 12:40 pm20221214 1:00 pmAmerica/ChicagoBeyond SolarWinds: Supply Chain & Third-Party Risk Management for 2022

  Even before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020. As we go into 2022, this attack vector will continue to  receive tremendous attention. Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create a “perfect storm” threat for modern cyber executives.  

  In this session we will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third-party risks at a minimum.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Even before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020. As we go into 2022, this attack vector will continue to  receive tremendous attention. Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create a “perfect storm” threat for modern cyber executives.  

  In this session we will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third-party risks at a minimum.

  Click to Expand

  Collapse This Item

• IAM + WFH - Authentication vs Authorization 1:05 pm
  Add to Calendar20221214 1:05 pm20221214 1:25 pmAmerica/ChicagoIAM + WFH - Authentication vs Authorization

  The “perimeter” concept for organizational security… The castles and moats analogy no longer applies… As we all went to Work From Home quickly – we tested the boundaries of identity and authentication.

  Join this session to discuss the concepts and trends shaping identity and authentication, from IAM to passwordless, and PAM to zero-trust. 

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  The “perimeter” concept for organizational security… The castles and moats analogy no longer applies… As we all went to Work From Home quickly – we tested the boundaries of identity and authentication.

  Join this session to discuss the concepts and trends shaping identity and authentication, from IAM to passwordless, and PAM to zero-trust. 

  Click to Expand

  Collapse This Item

• Cybersecurity in Healthcare 1:25 pm
  Add to Calendar20221214 1:25 pm20221214 1:55 pmAmerica/ChicagoCybersecurity in Healthcare

  Cyber-attacks that target personal data are aiming for the ‘treasure trove’ of PII that healthcare, pharmaceutical and life sciences organizations have in their servers. In this panel, executives will talk about what they are doing to protect data at rest and in motion, what they see as the key challenges, and best practices they’d share with peer cyber leaders in the audience.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Cyber-attacks that target personal data are aiming for the ‘treasure trove’ of PII that healthcare, pharmaceutical and life sciences organizations have in their servers. In this panel, executives will talk about what they are doing to protect data at rest and in motion, what they see as the key challenges, and best practices they’d share with peer cyber leaders in the audience.

  Click to Expand

  Moderator:

  Anita Allen

  Anita Allen

  CPA, NACD.DC, Board Member, Audit Committee Chair

  Panel Participants:

  Mark Jarrett

  Mark Jarrett

  Senior Health Advisor at Northwell Health

  Collapse This Item

• Compliance & Automation in Cybersecurity 2:20 pm
  Add to Calendar20221214 2:20 pm20221214 2:40 pmAmerica/ChicagoCompliance & Automation in Cybersecurity

  Managing compliance needs as a continuous, organizational process (as opposed to a reactive response), amid the ever-increasing myriad of industry regulations and legislation has become a full time job for most CISOs.  Automation – including artificial intelligence and machine learning will help, and are perhaps more critical than ever. As CRPA comes into play and brings the US closer to GDPR, there are also a number of touchpoints where the CDO and CISO interplay will be crucial over the coming months. 

  This session will discuss the current issues with regard to compliance, monitoring, and reporting.  Policy decisions and regulations that have kept CISOs busy of late, and what we can expect more of in 2022 will also be addressed. 

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Managing compliance needs as a continuous, organizational process (as opposed to a reactive response), amid the ever-increasing myriad of industry regulations and legislation has become a full time job for most CISOs.  Automation – including artificial intelligence and machine learning will help, and are perhaps more critical than ever. As CRPA comes into play and brings the US closer to GDPR, there are also a number of touchpoints where the CDO and CISO interplay will be crucial over the coming months. 

  This session will discuss the current issues with regard to compliance, monitoring, and reporting.  Policy decisions and regulations that have kept CISOs busy of late, and what we can expect more of in 2022 will also be addressed. 

  Click to Expand

  Collapse This Item

• Managing the Insider Threat 2:45 pm
  Add to Calendar20221214 2:45 pm20221214 3:05 pmAmerica/ChicagoManaging the Insider Threat

  An adversary who attacks an organization from within can prove fatal to the business and is generally impervious to conventional defenses. Social science research has been used to explain why traditional methods fail against these trusted betrayers.  Every company must identify and utilize new management techniques, increase security, and revise workplace strategies for categorizing and defeating insider threats.

  There are key players in positions to either effectively support or undermine the insider threats.  Leadership style can make a difference in the way an institution recognizes and identifies these threats from rethinking background investigations to recognizing deception and using lawful disruption. Join this session to learn about how organizations must circumvent these predators before they jeopardize the workplace and sabotage business operations.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  An adversary who attacks an organization from within can prove fatal to the business and is generally impervious to conventional defenses. Social science research has been used to explain why traditional methods fail against these trusted betrayers.  Every company must identify and utilize new management techniques, increase security, and revise workplace strategies for categorizing and defeating insider threats.

  There are key players in positions to either effectively support or undermine the insider threats.  Leadership style can make a difference in the way an institution recognizes and identifies these threats from rethinking background investigations to recognizing deception and using lawful disruption. Join this session to learn about how organizations must circumvent these predators before they jeopardize the workplace and sabotage business operations.

  Click to Expand

  Collapse This Item

• Operational Technology (OT) & Industrial Control Systems (ICS): Cybersecurity Concerns 3:20 pm
  Add to Calendar20221214 3:20 pm20221214 3:40 pmAmerica/ChicagoOperational Technology (OT) & Industrial Control Systems (ICS): Cybersecurity Concerns

  Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds. 

  This session will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections. 

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds. 

  This session will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections. 

  Click to Expand

  Collapse This Item

• Cyber Executive Panel 4:05 pm
  Add to Calendar20221214 4:05 pm20221214 4:50 pmAmerica/ChicagoCyber Executive Panel

  Submit your bio for consideration to participate on our Cyber Executive Panel

  to [email protected] or fill out our Call for Speakers form here.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Submit your bio for consideration to participate on our Cyber Executive Panel

  to [email protected] or fill out our Call for Speakers form here.

  Click to Expand

  Panel Participants:

  Collapse This Item

• Day One Closing Session 4:50 pm
  Add to Calendar20221214 4:50 pm20221214 5:00 pmAmerica/ChicagoDay One Closing SessionIn Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Collapse This Item

• Happy Hour Networking Reception 5:00 pm
  Add to Calendar20221214 5:00 pm20221214 6:00 pmAmerica/ChicagoHappy Hour Networking Reception

  Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds. 

  This session will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections. 

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds. 

  This session will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections. 

  Click to Expand

  Collapse This Item

• DAY TWO
• Welcome / Introductions
• Supply Chain & Third Party Risk Management 9:30 am
  Add to Calendar20221214 9:30 am20221214 9:50 amAmerica/ChicagoSupply Chain & Third Party Risk Management

  A supply chain encompasses the entire network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product.  The ultimate goal of an effective supply chain is lower costs of doing business thus resulting in higher profits and improved customer satisfaction.  The process of bringing in a third party involves identifying, assessing and controlling all the various risks that can develop over the entire lifecycle of such relationships. 

  Join this session to drive into how sophisticated attackers can live quietly inside even organizations with significant expertise and mature security processes.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  A supply chain encompasses the entire network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product.  The ultimate goal of an effective supply chain is lower costs of doing business thus resulting in higher profits and improved customer satisfaction.  The process of bringing in a third party involves identifying, assessing and controlling all the various risks that can develop over the entire lifecycle of such relationships. 

  Join this session to drive into how sophisticated attackers can live quietly inside even organizations with significant expertise and mature security processes.

  Click to Expand

  Collapse This Item

• The Risk Management “Balance Sheet” 9:45 am
  Add to Calendar20221215 9:45 am20221215 10:05 amAmerica/ChicagoThe Risk Management “Balance Sheet”

  Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required.  Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand? 

  Attend this session to get these questions answered and more.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required.  Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand? 

  Attend this session to get these questions answered and more.

  Click to Expand

  Collapse This Item

• Financial Services Panel 10:20 am
  Add to Calendar20221215 10:20 am20221215 10:50 amAmerica/ChicagoFinancial Services Panel

  Risk comes from all angles. Users, vendors, partners, systems.  What can security teams improve when attempting to convey ‘risk’ to executive and board level people within an organization?

  In this panel, we will discuss some of the many facets encountered by security leaders in organizations of all sizes, with particular focus on the threat landscape seen across the region. 

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Risk comes from all angles. Users, vendors, partners, systems.  What can security teams improve when attempting to convey ‘risk’ to executive and board level people within an organization?

  In this panel, we will discuss some of the many facets encountered by security leaders in organizations of all sizes, with particular focus on the threat landscape seen across the region. 

  Click to Expand

  Moderator:

  Tony Cioffoletti

  Tony Cioffoletti

  Financial Services Sector Lead

  Brian Hansen

  Brian Hansen

  Regional Chief Security Officer for Latin America and the Caribbean at MasterCard

  Collapse This Item

• Cloud Clarity in 2022: Strategy, Execution & Alignment 11:25 am
  Add to Calendar20221215 11:25 am20221215 11:45 amAmerica/ChicagoCloud Clarity in 2022: Strategy, Execution & Alignment

  Securely optimizing the cloud for better business outcomes is the product of clear communication of terms and expectations, alignment with business processes and functions, and partnerships among multiple internal and external stakeholders. “Activity” does not equal “progress.”  In this session, attendees will hear about creating definitional clarity, building adaptability, and creating cross-functional, business-wide alignment. 

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Securely optimizing the cloud for better business outcomes is the product of clear communication of terms and expectations, alignment with business processes and functions, and partnerships among multiple internal and external stakeholders. “Activity” does not equal “progress.”  In this session, attendees will hear about creating definitional clarity, building adaptability, and creating cross-functional, business-wide alignment. 

  Click to Expand

  Collapse This Item

• Lunch Break
• Keynote Presentation 12:45 pm
  Add to Calendar20221215 12:45 pm20221215 1:30 pmAmerica/ChicagoKeynote Presentation

  Joe Serio, author, and advisor to U.S. Pentagon (DoD) on threats from Russia will discuss the latest organized crime actions impacting technology and the ramifications on supply chains, markets, and the business environment.  Joe Serio was the only American to work in the Organized Crime Control Directorate of the Ministry of Internal Affairs (MVD), USSR. He is the author of the critically acclaimed book ‘Investigating the Russian Mafia’.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Joe Serio, author, and advisor to U.S. Pentagon (DoD) on threats from Russia will discuss the latest organized crime actions impacting technology and the ramifications on supply chains, markets, and the business environment.  Joe Serio was the only American to work in the Organized Crime Control Directorate of the Ministry of Internal Affairs (MVD), USSR. He is the author of the critically acclaimed book ‘Investigating the Russian Mafia’.

  Click to Expand

  Speaker:

  Joe Serio

  Joe Serio

  Author, Trainer, and Keynote Speaker

  Collapse This Item

• The Evolution of the Threat: Hunting, Detection, & Response 1:50 pm
  Add to Calendar20221215 1:50 pm20221215 2:10 pmAmerica/ChicagoThe Evolution of the Threat: Hunting, Detection, & Response

  Nation-State attacks are not always focused on political or military adversaries. Recently, below-military-grade action can create havoc or destabilize adversaries, or manipulate markets.  Hard to trace and even harder to convict, they may affect stock price or even influence the outcome of elections. 

  Attend to talk about the problem, and see what US enterprises are doing to prepare themselves for these situations.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Nation-State attacks are not always focused on political or military adversaries. Recently, below-military-grade action can create havoc or destabilize adversaries, or manipulate markets.  Hard to trace and even harder to convict, they may affect stock price or even influence the outcome of elections. 

  Attend to talk about the problem, and see what US enterprises are doing to prepare themselves for these situations.

  Click to Expand

  Collapse This Item

• Managing Risk: Seek Forward Accountability and Assume a Stormy Seas 2:15 pm
  Add to Calendar20221215 2:15 pm20221215 2:35 pmAmerica/ChicagoManaging Risk: Seek Forward Accountability and Assume a Stormy Seas

  While managing risk has always been a part of the CISO office, most resources turn to stopping new ransomware threats, managing supply chain attacks and mitigating third-party vulnerabilities. How can CISOs truly move to managing risk? And by extension, how can they clearly communicate risk, and measure the efficacy of mitigation activities? 

  Join this session to learn how to facilitate the risk conversation with non-technical leaders, determine priorities, and counterbalance cybersecurity considerations against business requirements. This session will also address risk quantification, accounting, budgeting and resourcing, and building more resilience rather than taller walls.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  While managing risk has always been a part of the CISO office, most resources turn to stopping new ransomware threats, managing supply chain attacks and mitigating third-party vulnerabilities. How can CISOs truly move to managing risk? And by extension, how can they clearly communicate risk, and measure the efficacy of mitigation activities? 

  Join this session to learn how to facilitate the risk conversation with non-technical leaders, determine priorities, and counterbalance cybersecurity considerations against business requirements. This session will also address risk quantification, accounting, budgeting and resourcing, and building more resilience rather than taller walls.

  Click to Expand

  Collapse This Item

• Guest Keynote Presentation 3:35 pm
  Add to Calendar20221215 3:35 pm20221215 4:15 pmAmerica/ChicagoGuest Keynote PresentationIn Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  Collapse This Item

• The Cybersecurity Skills Shortage 4:20 pm
  Add to Calendar20221215 4:20 pm20221215 4:40 pmAmerica/ChicagoThe Cybersecurity Skills Shortage

  There are currently 310,000 unfilled cybersecurity jobs in the United States, and millions around the world. However, there is no shortage of cybersecurity hopefuls – millions of students, career changers, and people from all walks of life hoping to break into cybersecurity. 

  This session will explore the issues around cybersecurity jobs.  Breaking into the field, the relative need for certifications, formal education, on-the-job training and more.  The discussion will explore the supply and demand disconnect that has been created – resulting in both a ton of great candidates looking for roles, and a cybersecurity skills shortage.

  In Front Of Multiplaza Shopping Center
  San Jose, CR 11856-1000

  .

  There are currently 310,000 unfilled cybersecurity jobs in the United States, and millions around the world. However, there is no shortage of cybersecurity hopefuls – millions of students, career changers, and people from all walks of life hoping to break into cybersecurity. 

  This session will explore the issues around cybersecurity jobs.  Breaking into the field, the relative need for certifications, formal education, on-the-job training and more.  The discussion will explore the supply and demand disconnect that has been created – resulting in both a ton of great candidates looking for roles, and a cybersecurity skills shortage.

  Click to Expand

  Collapse This Item

• Conference Closing Session
• Happy Hour Networking Reception