In today’s shifting threat landscape, threat management must be a part of an organizations comprehensive information security and risk management program. An effective threat management program combines IT security disciplines of threat detection, incident management, and monitoring and logging in order to in order to reduce the impact of risks to an organization’s IT systems and data.
In this session, various presenters will cover emerging technologies and approaches to threat management as well as the key elements of a threat management program, its challenges and insight as to how to overcome common challenges.
Event kickoff opening remarks 2:00 - 2:10: NYM ISSA President - Joseph Rivela, CISSP
- Session 1 – Leveraging a Human-Centric Approach to Mitigate Risk Inside the Extended Enterprise - Guy Filippelli, CEO of RedOwl
Abstract: Well publicized breaches highlight the harm that insiders can cause – as intentional malice, unknowing compromise by an outsider, or merely negligence as a careless user. The dramatic growth in information sharing within an enterprise, increased scale and complexity of enterprise IT infrastructure, and greater presence of employee-owned devices are all contributing factors to the increased risk from insiders. However, mitigating the harm that insiders can cause must be approached from a human perspective, because human actions remain at the core of insider risks. This session will provide recommendations for CISOs to effectively leverage and analyze the human-generated data sources in the enterprise – from email and chat communications to file and web browser activity – and successfully tackle insider risks from a human perspective. Key themes that will be emphasized include: enabling visibility across multiple modes of human-generated data sources; gaining context on digital activity for improved understanding and situational awareness of risks inside the enterprise; and adopting a proactive approach to identify suspicious activities before they become significant incidents.
Presenter Bio: Guy Filippelli is the CEO of RedOwl, which provides a software platform for organizations to monitor and investigate high-risk activities inside the enterprise. He leads RedOwl’s overall strategy with the vision of delivering unparalleled visibility and context of activities inside the enterprise, while enabling human inference through a powerful user experience that reflects a fundamental appreciation for analytic workflows. Prior to founding RedOwl, Guy co-founded Berico Technologies, a high-end engineering firm, and Praescient Analytics, a data analytics and training company that works with cutting-edge software platforms to service a variety of industries. Guy holds a B.S. in Economics from the United States Military Academy at West Point, and received his B.A. and M.A. in Philosophy, Politics, and Economics from Oxford University.
- Session 2 – Insider Threat Analytics - Nanda Santhana, VP of Solutions at Securonix
Presenter Bio: Nanda has over 10 years’ experience serving organizations in information security, risk management, and compliance. He specializes in the domains of Data Protection, Insider Threat, Identity Management, Role Based Access Controls, Cyber Threat Management, PCI DSS Compliance and Third Party Risk Management and frequently speaks on these topics. As an information security professional, Nanda has served several global clients across industry verticals on engagements ranging from information security strategy development, insider threat, risk assessments, to detailed design & deployment of enterprise security solutions. Prior to Securonix, Nanda worked for Oracle and Sun Microsystems where he was responsible for Global Fortune 500 solution implementations and sales for all security products.
- Session 3 – Threat Management Panel
Abstract: Inquires to the professionals who leave and breach threat management on a day to day basis. Panelists will include professionals from Bloomberg and Blackstone, with more to be announced