Enterprise Security Summit — Recap

We recently held our inaugural Enterprise Security Summit at Work-Bench. Our half-day event brought together top security stakeholders from Fortune 1000 companies, executives from late stage security companies, and founders of emerging startups to discuss current security challenges, trends and solutions in the enterprise. See below for our recap which includes photos, slides, videos, and a few of our favorite tweets from each panel.

Gus Hunt, former CTO of the Central Intelligence Agency

Gus Hunt, former CTO of the CIA, kicked off the Summit with the keynote address “Rethinking Security for the 21st Century.” Some data shared was that cybercrime is the fastest growing crime trend in the US, that the cost of security breaches alone would be the 21st largest nation-state based on GDP, and that your smartphone’s accelerometer can identify you by your gait. For more, check out the video below.

There are only two kinds of companies in the world: those who have been hacked and those who didn’t realize it — Gus Hunt #wbSecurity
— Work-Bench (@Work_Bench) September 30, 2014
#wbSecurity — it’s about the data, stupid… Security needs to be data centric!
— Ron Copfer (@rcopfer) September 30, 2014
Fact of the day: the accelerometer in your smartphone can uniquely identify you by your gait, Gus Hunt says #wbSecurity @Work_Bench
— ROBERT HACKETT (@rhhackett) September 30, 2014

Current Challenges Facing Fortune 500 Security Teams

For our first panel, we had Bill Murphy (CTO, Blackstone), Paul Wood (Chief Risk & Compliance Officer, Bloomberg), and Dan Reynolds (VP, Chief of Security & Information Architecture, Omnicom) moderated by Steve Sparkes (former CIO of Tech & Info Risk, Morgan Stanley). The conversation touched on Bloomberg’s massive change in approach to cybersecurity and the frequency of security assessments at Omnicom.

There is no patch for stupidity. People will do stupid things — @Bloomberg risk chief Paul Wood on testing for cyber threats #wbSecurity
— Diane Brady (@dianebrady) September 30, 2014
Target terminating the CEO was a big wake up call for everyone. — Dan Reynolds Chief is Security Omnicom #wbSecurity
— Lucas Nelson (@LucasNelson) September 30, 2014

Protecting the Enterprise: The Human Element

For our second panel, Louis Briscoe (VP, Head of Information Security Operations Center, Thomson Reuters), Dimitri Sirota (SVP Strategy — Security Business Unit, CA Technologies) Neha Gupta (MD, Global Product Management, True Office), James Foster (CEO & Co-Founder, ZeroFOX) and moderator Robert Hackett (Reporter, Fortune) spoke about the need to educate employees on security precautions and the talent wars in security recruiting.

Teaching employees about security risks can backfire; they flag e-mails from HR as phishing — Thomson Reuters’ Louis Briscoe #wbSecurity
— Diane Brady (@dianebrady) September 30, 2014
“Learning a new app should be intuitive and adaptive if not you’re not building next gen s/w applications” James Foster @ZeroFox #wbSecurity
— Christina Morillo (@divinetechygirl) September 30, 2014
“We’re seeing security awareness training of executives family members at F100 companies.” James Foster, ZeroFOX. #wbSecurity
— Chris Wysopal (@WeldPond) September 30, 2014
Security is an industry that is going to be starved for talent for years to come -Louis Briscoe VP Head of ISOC Thompson Reuters #wbSecurity
— Lucas Nelson (@LucasNelson) September 30, 2014
We recruit like we’re a basketball team … emphasize excitement of competing against hackers — ZeroFOX CEO James Foster #wbSecurity
— Diane Brady (@dianebrady) September 30, 2014

Don’t Have A Big, Public Screwup: How To Do Cloud Right

For our third panel, we had Bob West (Chief Trust Officer, CipherCloud), Sekhar Sarukkai (Co-Founder & VP of Engineering, Skyhigh Networks), Elizabeth Lawler (Chief Executive Officer, Conjur), David Baker (Chief Security Officer, Okta) moderated by Diane Brady (Senior Editor, Bloomberg Businessweek). Key takeaways from the conversation included the need for transparency when dealing with cloud service providers, creating a culture of security, and understanding the implications of shadow IT.

#wbSecurity: biggest corporate security threat; insiders…Sekhar Sarukkai, Founder, @SkyhighNetworks
— Ron Copfer (@rcopfer) September 30, 2014
Takeaways @dianebrady panel on cloud screwups: Demand transparency. Have security culture. Ensure trust. Find cloud nirvana #wbSecurity
— ROBERT HACKETT (@rhhackett) September 30, 2014

Next-Gen Technologies from the Hottest Security Startups

During this session we featured presentations by some of the top next generation security startups: vArmour (securing the data-defined perimeter of enterprises), Better (next-gen mobile app security), Trapezoid (IT infrastructure security & compliance), Teradact Solutions (secure information sharing), Socure (identity verification using online & social data), and Veracode (cloud-based application security). The startups shared lightning-quick presentations about the pain points they solve and key features of their products.

The Changing Role of the CISO

For our fourth and final panel of the summit, we had David Hahn (VP Corporate Information Security & Risk, Hearst), Karl Mattson (Senior Vice President, Technology Risk Management, PNC Bank), and Ron Isaacson (Executive Director, Security Architecture, Morgan Stanley) moderated by Steve Rosenbush (Deputy Editor, WSJ CIO Journal). The conversation ranged from how an organization can quantify cybersecurity risk to encryption solutions and key management.

Interesting debate in how to balance distributing vs transferring risk to cloud providers on CISO panel #wbSecurity
— Stephen Coplan (@stavvmc) September 30, 2014
Procurement at a large corporation as a “cottage industry” — absolutely true. #wbSecurity
— Brook Conner (@nellardoventure) September 30, 2014
Securing applications vs protecting data debate reflects need to change from network focus because access is from everywhere #wbSecurity
— Stephen Coplan (@stavvmc) September 30, 2014

Many thanks to all who came out to our summit. We hope you were able to connect with fellow security leaders and new startups, and we look forward to seeing you at our next event.

Make sure to sign up for our newsletter to hear about future events, and big thanks again to our event sponsor iSEC Partners.

comments powered by