Keynote - Day 1
Leading in the Age of Innovation
How do we establish relevant and effective controls in this era of constant change?
We lead with innovation and review past technological advancements to determine a renewed perspective. This perspective will lend itself to the need for control and agility as we realign the pace of gratification and that of continued vigilance. It is at this point in history we contemplate the cultural consciousness to understand the current risk landscape. As we approach the antithesis of digitalization, the methods of balancing risk and control require collaboration, agility and accountability.
Brig. Gen. Steven J. Spano (USAF, Ret.) is President and COO of CIS (The Center for Internet Security). CIS is an international nonprofit organization focused on enhancing cybersecurity readiness and response for the public and private sectors. Prior to CIS, General Spano served as the General Manager, Defense and National Security for Amazon Web Service's Worldwide Public Sector. He was one of the key leaders who helped launch and build the business from its inception in 2011.
Prior to Amazon Web Services, General Spano served over 28 years in the United States Air Force in a variety of leadership roles. He retired in 2011 from Air Combat Command (ACC) where he served as the Director of Communications, Headquarters Air Combat Command, Langley Air Force Base, VA, responsible for IT vision, policy guidance, and resource allocation supporting the command's warfighting mission.
Before ACC, General Spano served as the CJ6 for Multi-National Forces Iraq where he was responsible for all IT policy, interoperability and network operations supporting all joint and coalition forces. He also served as the principle advisor to the government of Iraq for Information and Communications Technology reconstruction. General Spano has commanded at the detachment, squadron and group levels. In addition, he served in key joint assignments at the National Security Agency, the Joint Staff, and U.S. Forces Korea.
General Spano was born in Albany, N.Y. He graduated from Christian Brothers Academy in 1979 and Norwich University, Northfield, VT where he was commissioned in 1983 through the Norwich ROTC program.
Keynotes - Day 2
CCAFE: The Country Cyber-Attack Forecasting Engine
When an outbreak such as WannaCry occurs, CISOs need to have a compelling answer to the following question: "How many machines in a given host population will be attacked by the malware m in question?" Using over 10B malware and telemetry reports from machines in 40 countries, we develop a model to predict how many machines in a given country will be attacked by a specific piece of malware. Not only are our predictive models highly accurate, they also provide detailed results on how well hosts in countries detect malware and how well they patch vulnerabilities exploited by malware. We will also discuss the relative efficacy of different countries in detecting and patching malware.
V.S. Subrahmanian is the Dartmouth College Distinguished Professor in Cybersecurity, Technology, and Society and Director of the Institute for Security, Technology, and Society. He previously served as a Professor of Computer Science at the University of Maryland from 1989-2017 where he created and headed both the Lab for Computational Cultural Dynamics and the Center for Digital International Governmen. He also served for 6+ years as Director of the University of Maryland's Institute for Advanced Computer Studies. Prof. Subrahmanian is an expert on big data analytics including methods to analyze text/geospatial/relational/social network data, learn behavioral models from the data, forecast actions, and influence behaviors. He has written five books, edited ten, and published over 300 refereed articles. He was named to ISIHighlyCited.com which lists the top-most cited computer scientists of all time. He is a Fellow of the American Association for the Advancement of Science and the Association for the Advancement of Artificial Intelligence. He has additionally received several awards. His work has been featured in numerous outlets such as the Baltimore Sun, the Economist, Science, Nature, the Washington Post, American Public Media. He serves on the editorial boards of numerous journals including Science, the Board of Directors of the Development Gateway Foundation (set up by the World Bank), SentiMetrix, Inc., and on the Research Advisory Board of Tata Consultancy Services. He previously served on DARPA's Executive Advisory Council on Advanced Logistics and as an ad-hoc member of the US Air Force Science Advisory Board (2001).
Driving Governance and Risk Management in a Digital Transformation Era
As the digital economy compels enterprises to leverage technology to transform their businesses, it is more critical than ever to build and mature risk-based capabilities rooted in good security governance of technology and, even more importantly, information/data. Security concerns remain a top-of-mind risk for Boards and executives, and this approach is a must to ensuring that enterprises are enabling "the good guys" while thwarting "the bad guys."
Knowing who's who today isn't straightforward. Risk decisions are being required at lightning speed, as the pace of change continues to accelerate. In this connected world, knowing and deciding when and how to act by continuously evaluating, building new, and improving current capabilities will drive our success.
To ensure providing effective information security governance, and to keep our leadership well informed, we need an agile, yet disciplined process for maintaining secure capabilities that enable digital business transformation. This calls for a Copernican shift from reactive compliance-driven actions to a more proactive, risk-informed approach. A dynamic, organization-based approach to governance and cybersecurity will enable enterprise leadership and operations to work together to effectively - and securely - enhance business performance in the digital economy.
Greg Witte is a Senior Security Engineer for G2 Inc and a member of the ISACA Cybersecurity Task Force. He supports federal and commercial clients with implementing enterprise governance and risk management, primarily as a guest researcher for the National Institute of Standards and Technology's IT Laboratory. Greg has been managing information technology for over 30 years, 20 of that in the information security arena. As part of his NIST support role, he was one of several primary authors of both the NIST Cybersecurity Framework (CSF) and the NICE Workforce Framework. Drawing on that experience and his many years with ISACA's COBIT framework, he co-wrote ISACA's guide for Implementing the NIST Cybersecurity Framework and the associated training/certification.