NEACS 2016
North East Annual Cybersecurity Summit
October 7, 2016 
8:00 AM – 5:00 PM
Trumbull Marriott Merritt Parkway
180 Hawley Lane, Trumbull CT 06611

Register for NEACS 2016


Audit Track: Changing the Game on Cyber Risk: The imperative to be secure, vigilant and resilient

Opening Keynote: Organized Cybercrime: Threats, Trends, and Tactics

Vikram Rao, Senior Manager – Deloitte & Touche LLP
10:05 – 11:05 AM

Most reports on cyber security revolve around a common theme: despite heightened attention and unprecedented levels of security investment, the number of cyber incidents—and their associated costs—continues to rise. They typically point to the growing sophistication of hackers and other adversaries as a particularly intractable problem, and some deliberate over whether being secure is even possible in today’s rapidly evolving landscape of cyber-attacks. You can’t secure everything equally. It is important to take a risk intelligent approach to being secure, vigilant and resilient. This session will share cyber security insights on a risk intelligent approach, how executives should be thinking about it, and how to report to boards on cyber security.

Michael Shove, Special Agent – United States Secret Service , 09:00 – 10:00 AM

This keynote will address cybersecurity threat posed by financially motivated cyber criminals. During his talk, Michael
Shove will explore the role of law enforcement, academia, and the private sector in combating this growing—and highly
damaging—threat. Central to the discussion will be a case study that explores the coordination and speed with which
major cyber events take place, demonstrating why the implementation of proactive measures is so crucial. An analysis of incident response from the private and government sectors will then be explained, and some of the most pressing challenges faced by cybersecurity professionals will be shared.
Ideas and suggestions for identifying principles for
successful cyber incident response will be presented at the close of this talk, allowing attendees to bring new strategies
for fighting cybercrime back to their own offices.

Security Track: Cybersecurity & Privacy: Building a Sustainable Strategy and Program

Ken Mortensen, Senior Managing Director – PwC
Joe Krause, Director – Cybersecurity, Northeast Market – PwC
10:05 – 11:05 AM

Legal Track: Cyberliability/Cyberinsurance - Cyber and Privacy Overview

Developing a sustainable program for cybersecurity and privacy require a clearer understanding not only of the external threats and vulnerabilities, but also in how to understand the structures necessary to achieve sustainable governance. Understanding the core components of security and privacy and where they overlap combined with understanding how to link Key Performance Indicators for those programs to Key Risk Indicators for the organization not only develops the overall program, but also provides a platform to communicating the successes to executive leadership and the Board.

Sean Letz, Assistant Vice President, Cyber & E&O – Marsh
10:05 – 11:05 AM

Companies have significantly increased their budgets to avoid cyber incidents, yet the reality is that cyber risks are a peril that can be mitigated but not avoided. Many companies are now exploring insurance solutions to transfer the risk from their balance sheets. The session will explore the universe of insurable cyber risks through real world examples. The session will also discuss tools and strategies for companies to quantify their unique cyber risk.

Audit Track: Cyber Threat Scenario Planning/Testing

Governance Track: Board Risk Oversight

David Trollman, Senior Manager, Advisory Services – Ernst & Young LLP
11:20 – 12:20 PM

Panelist: Alfred R. Berkeley III, Chairman and Director – Princeton Capital Management, Inc.
Panelist: Margaret Pederson, President and CEO – National Association of Corporate Directors,
Connecticut Chapter
Panelist: Pamela Gupta, President – OutSecure Inc.
Moderator: Ken Mortensen, Senior Managing Director – PwC
11:20 – 12:20 PM

There’s an old saying: ‘The time to fix the roof is when the sun is shining’. Depending on your point of view – most of us are not fortunate enough to have the opportunity to exercise our Incident Response plans with a real-world adversary. This is unfortunate because as another old saying goes: ‘No plan of action survives first contact with the enemy.’ During this talk, EY will discuss our approach to planning, preparing, conducting, and reporting on Cyber Incident Tabletops. Our session will end with a sample scenario participants will walk through together facilitated by the presenter.
Ken Mortensen asks Board Members Alfred Berkeley and Margaret Pederson and cybersecurity advisor Pamela Gupta for their insights on topics such as the role of Board Directors and allocation of cyber-risk mitigation investments.

Legal Track: Data Security and Privacy - Regulations and Compliance

Michael Money, Director - Security & Privacy – Protiviti, Inc.
11:20 – 12:20 PM 

Lunch/Keynote: New Perimeter in Security

The topic of "Data Security and Privacy - Regulations and Compliance" is very broad. This session will focus on new regulations and frameworks that you may need to worry about, as well as recent case studies in security and privacy failure. Several agencies (e.g. FTC, HHS, SEC) have increased their compliance enforcement mechanisms and these have had wide-reaching impacts that may affect your security and privacy programs.

Stephen Cox, Chief Security Architect – SecureAuth
12:20 – 01:00 PM

Are failing protection methods are forcing you to rethink your security strategies and embrace the concept of identity as
the new perimeter? Join Stephen Cox, Chief Security Architect at SecureAuth as we discuss how you can better protect
your resources and detect intrusions with new technologies that enable you to treat identity as the perimeter and stop
attackers in their tracks. Stephen will explore:
- Why identity is the perimeter you should be most concerned about
- Strategies for protecting identities with adaptive authentication
- Techniques to leverage contextual, risk-based authentication to data detect intrusions
- Approaches for eliminating data blind spots in your forensics

Afternoon Keynote: title TBD

Audit Track: Chief Risk Officer Perspective

Matthew Fitzsimmons, Chair – Privacy Task Force, Assistant Attorney General –
Connecticut Attorney General's Office
01:05 – 02:05 PM

William Feher, Vice President, Internal Audit and Chief Risk Officer – ITT
02:10 – 03:10 PM

No longer is cyber security the concern of only the Chief Information Security Officer or the Chief Information Officer. Increasingly boards of directors and management teams are turning to their Chief Risk Officer for an independent view of how cyber risk is managed across the enterprise. An important part of the solution is a strong partnership with all of the stakeholders in cyber security. This session will share strategies and success stories.
AAG Fitzsimmons will discuss the role of the Connecticut Attorney General relative to privacy and data security. Beginning with the organization of the Attorney General' s Office, and specifically the creation and function of the AG's Privacy and Data Security Department, AAG Fitzsimmons will then discuss some of the state laws that the Attorney General enforces in this area, including our breach notification and personal information safeguards laws. Finally, AAG Fitzsimmons will discuss the conduct of Attorney General investigations, including what questions companies can expect to be asked, and what his expectations are of companies responding to investigative requests.

Security Track: Actionable Threat intelligence Requirements for Businesses

Pamela Gupta, President – OutSecure Inc.
Abhi Singh, Specialist Manager – Deloitte & Touche LLP
02:10 – 03:10 PM

Governance Track: Risk Posture

Mike DaGrossa, Chief Information Security Officer – Essextec
02:10 – 03:10 PM

An in-depth analysis of individual attack campaigns and their associated infrastructure, motivations, tactics, techniques and procedures (TTPs) and Processes Businesses require to be agile in meeting the dynamic cyber threat landscape.
In order to fully prepare and address future threats we need to first understand what a threat is and understand how these threats affect us. This is done by Risk Posturing. The purpose of the presentation will be to help executive management to fully embrace the governance ideal. By understanding what your posture looks like you will be able to create a program that not only addresses threats, audits, third parties, etc., but positions your environment to allow security and risk to not just be a cost and burden, but a business enabler. During the presentation, we will discuss several “incidents” that DaGrossa and his team have investigated over the last year and correlate a pattern that left unchanged will continue to wreak havoc aground the digital landscape.

Panel Discussion: “Hacked by Acquisition”

Panelist: Daniel Conroy, Chief Information Security Officer – Synchrony Financial
Panelist: Bill Lavalette, Global Chief Information Security Officer – ITT
Panelist: Mike DaGrossa, Chief Information Security Officer – Essextec
Moderator: William Feher, Vice President, Internal Audit and Chief Risk Officer – ITT
03:30 – 04:30 PM

A round-table discussion by leading CISOs on the subject of Governance, Audit & Security. Bill Lavalette, CISO of ITT and Daniel Conroy, CISO of Synchrony Financial will lead a discussion on security exposures acquired by companies through mergers and acquisitions.