Legal | Insurance | Risk Management | Technology

Thank you for attending ALM's cyberSecure —  
cyberSecure 2016 will be held September 27-28, 2016 at the New York Hilton Midtown.  Check back soon for agenda and speaker updates.  
Stay connected with the cyberSecure community throughout the year - see below for information on how you can make connections in our online communities. 

Transforming Your Risk Management Preparedness And Response Strategy Into a Competitive Advantage.

With more that 70% of global organizations expecting to experience a breach in the next three years, ensuring business continuity has become a top priority. This fact is not lost on consumers and investors, who realize that while cybersecurity perfection is a difficult goal to achieve, companies of all sizes must be prepared to respond decisively and continue operations when a breach occurs. ongoing delivery of value to your company and customers in the midst of a crisis is essential to business survival. This now requires a team effort.


Make connections and find support in our online communities
Join the giant conversation happening in the social media stratosphere surrounding cyber security and the ALM cyberSecure Summit. Connect with us though our Newsletter, Twitter®, Facebook®, and LinkedIn® groups.  
Be part of our online “water cooler” conversation; post, listen, share, and learn.

  • twitter icon
  • facebook icon
  • linkedin icon
  • linkedin icon


  • ALM Legal Intelligence Cybersecurity Survey Reports Provide Best Practices to Help Industry Adapt to Evolving Landscape

  • Survey Finds Cybersecurity Ignorance is Big Risk for Law Firms & Corporate Counsel

REGISTER

WHY ATTEND?

Crafted with the entire team in mind, ALM's cyberSecure will bridge the dialects each of these stakeholders speak.

Executive Management

Legal Counsel

Law Firm Management

IT & Technology


Risk Manager

Insurance
 

Financial Services

Consultants
 

Up top

SPEAKERS

  • Isaias "Cy" Alba
  • Partner
  • PilieroMazza PLLC
  • Dmitri Alperovitch
  • Co-Founder and CTO
  • CrowdStrike Inc.
  • Justin Antonipillai
  • Deputy General Counsel
  • Department of Commerce
  • Jerry Archer
  • SVP, Chief Security Officer
  • Sallie Mae
  • Jennifer Archie
  • Partner
  • Latham & Watkins
  • Andrea Arias
  • Attorney
  • Federal Trade Commission, Division of Privacy and Identity Protection
  • Richard Batchelder, Jr.
  • Partner
  • Ropes & Gray
  • Austin Berglas
  • Senior Managing Director - Head of US Cyber Investigations and Incident Response
  • K2 Intelligence
  • Lyle Bingham
  • eBusiness Project Manager
  • EMC Corporation
  • Morgan Bjerke
  • Vice President of Incident Response
  • Stroz Friedberg, LLC
  • Matt Blake
  • CEO
  • Franklin Data
  • Dennis Brixius
  • VP Risk Management & CSO
  • The McGraw-Hill Companies
  • Erick Burchfield
  • Managing Director, Research
  • ALM Legal Intelligence
  • Eduardo Cabrera
  • Vice President Cybersecurity Strategy
  • Trend Micro
  • JoAnn Carlton
  • General Counsel and Corporate Secretary
  • Bank of America Merchant Services
  • Mark Clancy
  • Chief Executive Officer
  • Soltra
  • Jonathan Couch
  • Vice President, Intelligence Information Services
  • iSIGHT Partners
  • Robert Craig
  • Managing Director
  • BDO USA, LLP
  • Carr Davis
  • Partner
  • ISMS Solutions
  • Richard DeNatale
  • Partner
  • Jones Day
  • Emy Donavan
  • National Practice Leader - Cyber, Tech, Media & Specialty PI
  • Allianz - AGCS
  • Stephen Doty
  • Managing Director, Security Science
  • Stroz Friedberg, LLC
  • Thomas Dunbar
  • SVP, Head of Information Risk Management
  • XL Catlin
  • Nicole Eagan
  • CEO
  • Darktrace
  • John Farley
  • Vice President, Cyber Risk Practice Leader
  • HUB International
  • Eric Feldman
  • Chief Information Officer
  • The Riverside Company
  • Tom Finan
  • Senior Cybersecurity Strategist and Counsel
  • Department of Homeland Security
  • Patrick Flanagan
  • VP, Digital Marketing & Strategy
  • Simon Property Group
  • Bob Flores
  • Partner
  • Cognitio Corp.
  • former CTO, Central Intelligence Agency (CIA)
  • Martin Frappolli, CPCU, FIDM, AIS
  • Senior Director of Knowledge Resources
  • The Institutes
  • Henry French
  • Corporate Compliance Director
  • XL Catlin
  • Anthony Giles
  • Director
  • North American Operations-NSF-ISR
  • Charles "Chip" Gilgen
  • Assistant Special Agent in-Charge, New York Office
  • FBI
  • Jason Gonzalez
  • Partner, Practice Group Leader, Data Privacy & Cybersecurity
  • Nixon Peabody
  • Scott Greaux
  • Vice President, Product Management
  • PhishMe
  • Peter Hedberg, RPLU
  • Senior Underwriter, Technology and Privacy
  • Hiscox USA
  • Daniella Isaacson
  • Senior Analyst
  • ALM Legal Intelligence
  • Junaid Islam
  • President and CTO
  • Vidder, Inc.
  • Michael Jacobs
  • Principal
  • Law Office of Michael A. Jacobs
  • Richard Jacobs
  • Assistant Special Agent in-Charge of the Cyber Branch, New York Office
  • FBI
  • Gary Kibel
  • Partner
  • Davis & Gilbert LLP
  • Anthony Kim
  • Partner
  • Orrick
  • Sachin Kothari, CIPP
  • Director of Online Privacy & Compliance
  • Telecommunications
  • Steve Kovalan
  • Senior Analyst
  • ALM Legal Intelligence
  • Brian Kudowitz
  • Commercial Product Director – IP, Privacy & Data Security, and Technology
  • Bloomberg BNA
  • David Lashway
  • Partner
  • Baker & McKenzie LLP
  • Chaim Levin
  • Chief US Legal Officer
  • Tradition Group
  • Christopher Liu
  • Lead CyberEdge Specialist, Financial Institutions Group - US & Canada
  • AIG
  • Michelle Lopilato
  • Director of Cyber and Technology Solutions
  • HUB International
  • John Loveland
  • Managing Director, Practice Group Leader, Information Governance, Risk & Compliance
  • Huron Legal
  • Jason Maloni
  • Senior Vice President; Chair, Litigation Practice
  • LEVICK
  • Richard Martinez
  • Partner; Chair, Privacy and Cybersecurity Litigation
  • Robins Kaplan
  • Edward McAndrew
  • Assistant United States Attorney, Cybercrime Coordinator
  • U.S. Attorney’s Office
  • Todd McClelland
  • Partner
  • Jones Day
  • Jennifer Mercer
  • Senior Vice President of Communications
  • Epiq Systems
  • Shawn Moynihan
  • Editor-in-Chief
  • National Underwriter Property & Casualty
  • John Mullen
  • Managing Partner of the Philadelphia Regional Office and Chair of the US Data Privacy and Network Security Group
  • Lewis Brisbois Bisgaard & Smith
  • Mauricio Paez
  • Partner
  • Jones Day
  • Pamela Passman
  • President and CEO
  • Center for Responsible Enterprise and Trade (CREATe.org)
  • Pedro Pavón, CIPP/US
  • Senior Corporate Counsel
  • Oracle Legal
  • Kimberly Peretti
  • Partner, Co-Chair of Cybersecurity Preparedness & Response Team
  • Alston & Bird
  • Dwayne Perry
  • Director – Americas
  • CSC Digital Brand Services
  • Vince Polley
  • Principal
  • KnowConnect PLLC
  • Jeff Rabkin
  • Partner
  • Jones Day
  • Sara Robben
  • Statistical Advisor
  • NAIC
  • Michelle Rodenheiser, PMP, CSM
  • Digital Advisor
  • CSC Digital Brand Services
  • Greg Schaffer
  • CEO and Founder
  • First72 Cyber
  • Mary Seek
  • IT Security, Vulnerability Management
  • PenFed Credit Union
  • Shahryar Shaghaghi
  • Managing Director
  • BDO Consulting
  • Rick Shutts, CISSP, CRISC
  • Chief Information Officer
  • Harris Beach PLLC
  • Bill Sieglein
  • Founder
  • CISO Executive Network
  • Lisa Sotto
  • Partner
  • Hunton & Williams
  • Eldon Sprickerhoff
  • Founder & Chief Security Strategist
  • eSentire Inc.
  • Eric Stevens
  • Director, Strategic Consulting Services
  • Raytheon | Websense, Inc.
  • Michael Stiglianese
  • Senior Managing Director
  • Axis Technology, LLC
  • Mark Szpak
  • Partner
  • Ropes & Gray
  • Brookes Taney
  • Vice President of Data Breach Solutions
  • Epiq Systems
  • Mercedes Tunstall
  • Partner
  • Pillsbury Winthrop Shaw Pittman LLP
  • Danielle Vanderzanden
  • Shareholder; Co-Chair of the Firm’s Data Privacy Practice Group
  • Ogletree Deakins
  • David Wainberg
  • VP, Privacy & Policy Counsel
  • AppNexus
  • Alan Winchester
  • Partner, Practice Group Leader Cybersecurity Protection and Response
  • Harris Beach PLLC
  • John Woods
  • Partner
  • Baker & McKenzie LLP
up arrow Up top

AGENDA

  • 9:00am- 10:00amPRO-ACTIVITY: The Evolution of Cybersecurity Preparedness

    • WANTED: Cyberinvestigator (preferably ex-NSA or ex-CIA). Travel to Dark Web required. Responsibilities include:
    • • Find out who is stealing our information and how they are monetizing it
    • • Find out their IP address
    • • Launch a counterattack

    What do offensive measures mean to your organization? As frustrated companies master breach response and ongoing surveillance techniques, instigating counter moves such as hiring a cyberinvestigator has become an increasingly common practice. These responses have brought some satisfaction, albeit unfortunately accompanied with the need to respond to government investigations and mitigate a dangerous array of potential liability.

    CyberSecure is about how to proactively monitor for, assess, and counter information security threats without going dark yourself. It is only fitting that this opening keynote will prime you for the event by leading you through the landscape on:

    • • How to safely pursue an offensive strategy
    • • Examples from the health care and financial services industries
    • • The latest ISP (Information Security Program) approaches and compliance initiatives
    • • Upgrading of IT Systems and New Continuous Monitoring platforms in IT
    • Dennis Brixius
    • VP Risk Management & CSO
    • McGraw Hill Financial
    • Jonathan Couch
    • Vice President, Intelligence Information Services
    • iSIGHT Partners
    • Stephen Doty
    • Managing Director, Security Science
    • Stroz Friedberg, LLC
    • Mauricio Paez
    • Partner
    • Jones Day
    • Bill Sieglein
    • Founder
    • CISO Executive Network

       
  • 10:00am- 10:30amExhibit Hall Break

  • 10:30am- 11:30amLOOK IN THE MIRROR: Where the Legal and Insurance Industries Stand on Cybersecurity

    Counsel are guiding clients on the myriad of complex legal and communication issues that arise in the aftermath of a cyberattack, and insurance organizations are underwriting the risk. While serving as strategic advisors on this multifaceted problem, law firms and insurance companies alike are prime targets for a cyberattack. What can they do to protect their data?

    Vulnerable to increasingly sophisticated attacks from cyber criminals breaching sensitive and confidential customer or client information, the legal and insurance industries need to be proactive in evaluating their own cyber risk, and establishing a plan to protect their digital assets. Topics of discussion will include:

    • • Evaluating an organizations’ digital assets and vulnerabilities
    • • Implementing a cybersecurity strategy, program and governance
    • • Responding to cyberattacks, identifying the cause, and remediating
    • • Applying industry agnostic measures to triage and protect the most valuable assets
    • Jennifer Archie
    • Partner
    • Latham & Watkins
    • Mark Clancy
    • Chief Executive Officer
    • Soltra
    • Sara Robben
    • Statistical Advisor
    • National Association of Insurance Commissioners (NAIC)
    • Shahryar Shaghaghi
    • Managing Director
    • BDO Consulting

           
  • 11:30am- 12:30pmSOUND THE ALARM: When Do You Make the Decision to Trigger Incident Response?

    External cyber incident, internal malfeasance, systems malfunction, or other network anomaly? When outages were reported at the New York Stock Exchange (NYSE), the Wall Street Journal and United Airlines in summer 2015, many were quick to assume that these glitches were associated with a cyber attack. Large organizations with complex systems, which can be provided and managed by third party providers, are tasked with a herculean effort of monitoring and responding to such activity, and initiating the appropriate response. Failure to response appropriately can result in significant business interruption, reputational harm, and even legal liability.
    This session will examine the crucial questions organizations must ask when suspicion of an attack has arisen.

    • • How do you and your team investigate and assess when you have a legitimate security incident?
    • • How do you classify your response, depending on the risk profile of the incident?
    • • What are some best practices in developing an enterprise risk-based breach response program?
    • • How can your response better assist in the discharge of legal obligations, such as notification to customers and the authorities?
    • • Best practices for network activity triage
    • Richard Jacobs
    • Assistant Special Agent in-Charge of the Cyber Branch, New York Office
    • FBI
    • Eldon Sprickerhoff
    • Founder & Chief Security Strategist
    • eSentire Inc.
    • Vince Polley
    • Principal
    • KnowConnect PLLC

  • 12:30pm- 1:15pmCyberClinic Alpha - Data Breach Triage 101: Be Prepared to Hit the Ground Running

    When a data breach arises, one of the first calls you will need to make is to outside counsel experienced in handling all aspects of a data breach response. They, in turn, will want to engage a top notch forensic investigation firm on your behalf to assist them. In fast-paced response situations, there are specific questions and conversations you should have with your advisors that are essential to your response. Are you ready? Join this session to find out:

    • • Who you should have on speed dial
    • • What crisis responsibilities you should entrust to them
    • • What questions you should be asking as you develop your action plan
    • Richard Batchelder, Jr.
    • Partner
    • Ropes & Gray
    • Morgan Bjerke
    • Vice President of Incident Response
    • Stroz Friedberg, LLC
    • Mark Szpak
    • Partner
    • Ropes & Gray
  • 12:30pm- 1:15pmCyberClinic Bravo - From Reactive to Resilient Cyber Security: Building Intelligence-led Security Programs and Leveraging Models for Enterprise Risk Evaluation, Mitigation and Transfer

    In an increasingly complex and sustained threat environment, the traditional perimeter-based approach to cyber security is no longer adequate. No combination of technologies will ever be sufficient to mitigate the risk of a cyber breach. Instead more forward thinking companies are adopting an asset-based approach that uses sophisticated intelligence to guide decision-making, facilitate agility, and ultimately the ROI for your security spending. This panel will examine key aspects of the new model of cyber resiliency including asset identification, exposure assessment and the use of contextual cyber intelligence, and risk mitigation and transfer techniques.

    • Tom Finan
    • Senior Cybersecurity Strategist and Counsel
    • US Department of Homeland Security
    • John Loveland
    • Managing Director, Practice Group Leader, Information Governance, Risk & Compliance
    • Huron Legal
    • Kimberly Peretti
    • Partner, Co-Chair of Cybersecurity Preparedness & Response Team
    • Alston & Bird
  • 1:15pm- 1:30pmExhibit Hall Break

  • 1:30pm- 2:15pmCyberClinic Charlie - Global Developments in Cybersecurity

    • Dmitri Alperovitch
    • Co-Founder and CTO
    • CrowdStrike Inc.
    • David Lashway
    • Partner
    • Baker & McKenzie LLP
  • 1:30pm- 2:15pmCyberClinic Delta - Beyond Sandboxing and Honeypots – How to Diagnose and Rid Your System of Achilles Heel Syndrome

    It is stunning to consider that all recent breaches started from the exploitation of a single perimeter vulnerability resulting in a catastrophic system failure. How can this be? Join Bob Flores, the former CTO of the Central Intelligence Agency (CIA) and Junaid Islam the CTO of Vidder, as they explain why catastrophic cyber failures have become the new norm and how to design networks to withstand multiple failures yet still protect high value assets.

    • Bob Flores
    • Partner
    • Cognitio Corp.
    • former CTO, Central Intelligence Agency (CIA)
    • Junaid Islam
    • President and CTO
    • Vidder, Inc.
  • 2:15pm- 2:30pmExhibit Hall Break

  • 2:30pm- 3:30pmPR: Using A Crisis as an Opportunity to Protect and Enhance the Company's Reputation

    Living with the actuality that all companies will experience a breach (if they haven't already) exposes the need for a strong communication structure to preserve a company's reputation.

    • • Understanding the latest issues and trends impacting the PR/legal dynamic in a crisis
    • • Strategies for balancing an executive charter to advise the company about its legal and ethical obligations and to uncover and defend against charges of company misconduct
    • • Using a crises as an opportunity to protect and enhance the company's reputation by promoting the public interest and transparency
    • • Why an Issues Management Committee can identify and resolve smoldering problems
    • • How a "Reputation Czar" can focus your reputation enhancement strategy
    • • Why companies are adopting "campaign rapid response" communications capabilities
    • • How your company can welcome dissent and encourage open dialogue
    • • Overcoming human nature
    • • Understanding the litigation risk of statements made during a crisis
    • Jason Maloni
    • Senior Vice President; Chair, Litigation Practice;
    • LEVICK
    • Danielle Vanderzanden
    • Shareholder; Co-Chair of the Firm’s Data Privacy Practice Group
    • Ogletree Deakins

  • 3:30pm- 4:00pmExhibit Hall Break

  • 4:00pm- 5:00pmBREAKING THE KILL CHAIN: Informing Your Cybersecurity Due Diligence with an Appraisal of What Motivates Hackers

    Cybercriminals prey on organizations through reconnaissance, luring victims, redirecting web traffic, executing exploit kits, deploying dropper files, calling home and ultimately stealing critical data. With so much sensitive data to protect, organizations worldwide are bombarded with technology to leverage across each of these stages but often the solutions are disparate or too resource intensive. How do you take all of these solutions and information available and streamline it to a structure that fits your organization and clients? Join Eric Stevens who leads the Raytheon|Websense Strategic Security Consulting team as he shares how to advance the concept of due diligence beyond perimeter security.

    • Eric Stevens
    • Director, Strategic Consulting Services
    • Raytheon|Websense, Inc.
  • 5:00pm- 6:00pmWhat Actually Works? Proven Strategies in Cyber Security Risk Management

    How does an organization develop a cyber-security program worthy of national recognition? What are the steps taken that make them the best? National Underwriter Property & Casualty Editor-in-Chief Shawn Moynihan sits down with the winner of NU’s 2015 Cyber Security Risk Management Award — XL Catlin’s Head of Information Risk Management Thomas Dunbar — to learn the secrets of his award-winning program.

    Sponsored by: The Institutes

    • Thomas Dunbar
    • SVP, Head of Information Risk Management
    • XL Catlin
    • Martin Frappolli, CPCU, FIDM, AIS
    • Senior Director of Knowledge Resources
    • The Institutes
    • Henry French
    • Corporate Compliance Director
    • XL Catlin
    • Shawn Moynihan
    • Editor-in-Chief
    • National Underwriter Property & Casualty
  • 6:00pm- 7:00pmNetworking Reception

  • 9:00am- 9:30amMorning Briefing: Industry Trends in Cybersecurity Practices with ALM's Market Intelligence Analysts

    At this session ALM Intelligence analysts will present the latest cybersecurity data and market analysis. The discussion will include the release of proprietary research data undertaken by ALM and will provide insights into how cybersecurity is effecting the legal, financial, insurance, and real estate markets. This multi-industry ground-breaking research review will serve as a mental springboard into cyberSecure’s Day 2 content.

    • Daniella Isaacson
    • Senior Analyst
    • ALM Legal Intelligence
    • Steve Kovalan
    • Senior Analyst
    • ALM Legal Intelligence
    • Erick Burchfield - Discussion Leader
    • Managing Director, Research
    • ALM Legal Intelligence
  • 9:35am-10:35amTRACK SESSIONS

  •  LEGAL TRACK
    Translating Cybersecurity Preparedness Into a Business Requirement

    Board level interest in cybersecurity has exploded, but how can in-house and outside counsel explain the threat landscape in terms that will engender buy-in for risk mitigation strategies? Topics of discussion will include:

    • Defending against insider threats

    • JoAnn Carlton
    • General Counsel and Corporate Secretary
    • Bank of America Merchant Services
    • Edward J. McAndrew
    • Assistant United States Attorney, Cybercrime Coordinator
    • U.S. Attorney’s Office
    • Mercedes Tunstall
    • Partner
    • Pillsbury Winthrop Shaw Pittman LLP
    • Brian Kudowitz Esq. - Discussion Leader
    • Commercial Product Director - IP, Privacy & Data Security and Technology
    • Bloomberg BNA
  • TECHNOLOGY TRACK
    Offense Informs Defense: Minimizing the Risk of a Targeted Attack

    Targeted attacks and data breaches seem to occur weekly and even those organizations who you assume would have the most impenetrable security have proved vulnerable to hacks. The reality that threat actors will persist until they find the one weak link in your defenses to access your network demands constant vigilance and understanding of the latest tactics. This session will discuss who is attacking you, the motivations behind these attacks, how the attack works, and what they typically want to steal. This session will also focus on what you can do today to minimize your risk of a breach and make your network more secure.

    • Eduardo Cabrera
    • Vice President Cybersecurity Strategy
    • Trend Micro
    • Pamela Passman
    • President & CEO
    • Center for Responsible Enterprise and trade (CREATe.org)
  •  INSURANCE & RISK TRACK
    The Role of Insurance in Managing a Cyber Risk

    Given that cyber insurance policies are relatively new, it is no surprise that the wording can vary significantly from policy to policy and may not insure what you expect. This panel discussion brings together leading cyber insurance providers and legal counsel to take you through insurance coverage terms and their litigation history to equip you with the tools you need to understand just what your policy is good for. The panel will cover:

    • •Key cyber insurance coverage terms and the changing market
    • •The evolving legal landscape and key court decisions that impact businesses
    • • Case studies – what we can learn from recent data breaches
    • • The cyber war vs. the insurance industry – How might your policy respond?
    • John Farley
    • Vice President, Cyber Risk Practice Leader
    • HUB International
    • Michelle Lopilato
    • Director of Cyber and Technology Solutions
    • HUB International
    • John Mullen
    • Managing Partner of the Philadelphia Regional Office and Chair of the US Data Privacy and Network Security Group
    • Lewis Brisbois Bisgaard & Smith
  •  2020 TRACK
    $1B = The New Benchmark in Cyberindustry Sales, if You Are Contracting with Uncle Sam

    In the wake of the OPM and IRS breaches, the government has made shoring up its networks a top priority. One need look no further than the Department of Homeland Security’s recent award of a contract to Raytheon to secure government agency networks that is potentially worth $1B to know that this emphasis is creating unprecedented opportunities for both commercial and government contractors who can provide cybersecurity products and services. Whether working with the government is uncharted territory or you are an existing government contractor who needs to stay apprised on the needs of this special customer, join this session to scope the rapidly evolving terrain of a client who is the biggest buyer of products and services in the world. The discussion will start with the basics of contracting and special guidance from an experienced practitioner on navigating the maze of regulations and potential pitfalls. It will continue with an explanation of how new, innovative methods of contracting with the federal government can relieve sellers from the rigorous application of inflexible regulatory rules in the government’s source selection process through DoD’s new Better Buying Power 3.0 guidance for agency buyers.

    • Robert Craig
    • Managing Director
    • BDO USA, LLP
  •  DEEP DIVE WORKSHOPS
    8:00 am - 10:00 am | Cyber 101: Building Bytes

    Please Note - This Session Runs from 8:00 am - 10:00 am

    Just what do all those acronyms stand for? Rattle them off like a pro after this deep dive into the alphabet soup of technical, legal, and coverage terms that you need to fully grasp and participate in cybersecurity discussions.

    This workshop will start with linguistic building blocks and expand into the basics of IT:

    • • What is a megabyte?
    • • How are networks formed and connected?
    • • How does a cybersecurity program protect your data and how can user error or malicious actors bypass technical protections?
    • Rick Shutts, CISSP, CRISC
    • Chief Information Officer
    • Harris Beach PLLC
    • Alan Winchester
    • Partner, Practice Group Leader Cybersecurity Protection and Response
    • Harris Beach PLLC
  • 10:35am- 11:00amExhibit Hall Break

  • 11:00am-12:00pmTRACK SESSIONS

  •  LEGAL TRACK
    Negotiating and Assessing Cyberrisk in Third Party Agreements

    Interactive mock negotiation session

    Attendees will be provided with sample commercial agreements and partner with their fellow audience members for a hands-on approach to learning about how to:

    • • Spot red flags and hidden landmines to in contract terms related to cyberrisk and compliance
    • • Structuring terms that deal with reporting, auditing, subcontractors, and conflicts of law
    • • Best practices for vendor management and cyberrisk oversight
    • David Lashway - Discussion Leader
    • Partner
    • Baker & McKenzie LLP
    • Neal Pollard
    • Director, Cyber
    • PwC
    • Greg Schaffer
    • CEO and Founder
    • First72 Cyber
    • John Woods
    • Partner
    • Baker & McKenzie LLP
  •  TECHNOLOGY TRACK
    What Does This Mean for Quarterly Projections? Making IT Metrics Meaningful to Your Board

    Data protection and cybersecurity have evolved from the micro responsibility of the IT team to a macro business priority. While cybersecurity has moved onto the boardroom agenda, few organizations have yet to implement comprehensive cybersecurity strategies that protect their critical digital assets. Many organizations today are even unsure of whether they have a cyber-incident response plan or cyber-risk requirements for third-party vendors – a major source of cyberattacks.

    In a threat landscape that requires a high-level understanding of tech to inform corporate strategy, what are your cybersecurity strategies?

    Attend this session to learn how to benchmark your approach to board-IT team communications and gain practical guidance about crucial activities that can keep your company out of tomorrow’s headlines. Topics include:

    • Raising cyber threat awareness to the board and making it actionable

    • Creating a plan and inspiring a sense of ownership in cybersecurity measures

    • Allocating resources and funding initiatives based on risk

    • Balancing cybersecurity needs with trying to protect the board from bad news

    • Building and maintaining a strong, invested chain of governance

    • Jerry Archer
    • SVP, Chief Security Officer
    • Sallie Mae
    • Antony Kim
    • Partner
    • Orrick
    • Christopher Liu
    • Lead CyberEdge Specialist, Financial Institutions Group - US & Canada Director
    • AIG
    • Shahryar Shaghaghi
    • Managing Director
    • BDO Consulting
    • Michael Stiglianese
    • Senior Managing Director
    • Axis Technology, LLC
  •  INSURANCE & RISK TRACK
    Contracts, Compliance, and Confusion: Addressing Cybersecurity in Third Party Vendor Contracts

    In a world of compliance, your clients are most likely confused about their contractual obligations. Security breaches often increase tension with their business partners and vendors. Questions like— What do I need? What do I do? And Where do I go? — are echoed when clients panic over cybersecurity and compliance concerns. This session will delve into one of the trickiest areas of cybersecurity – your business relationships – and how they are impacted by and contribute to data breach. Bring your pain points to the table and be ready to discuss your approaches to the pre-RFP Process, ongoing compliance needs, and supply chain management. From there we’ll discuss solutions that can lead your clients down the path of compliance without losing business.

    • Isaias "Cy" Alba
    • Partner
    • PilieroMazza PLLC
    • Carr Davis
    • Partner
    • ISMS Solutions
    • Anthony Giles
    • Director, North American Operations
    • NSF-ISR
    • Michael Jacobs
    • Principal
    • Law Office of Michael A. Jacobs
    • Todd McClelland - Discussion Leader
    • Partner
    • Jones Day
  •  2020 TRACK
    Crystal Ball: What Do You Think the Next Big Cybercrime Will Be?

    As part of your organization's cybersecurity defense team, you can and will learn from past attacks, and integrate those lessons into your strategies. However, cybercriminals are changing tactics every day and anticipating where they may strike next is a crucial perspective to keep in mind. This cross-industry panel of experts will bring their breach experiences and insider information on current trends to the fore as they sound off on: what next?

    • Justin Antonipillai
    • Deputy General Counsel
    • Department of Commerce
    • Matt Blake - Discussion Leader
    • CEO
    • Franklin Data
    • Jason Maloni
    • Senior Vice President; Chair, Litigation Practice
    • LEVICK
    • Edward McAndrew
    • Assistant United States Attorney, Cybercrime Coordinator
    • U.S. Attorney's Office
  •  DEEP DIVE WORKSHOPS
    10:30 am - 12:30 pm | "You've Been Hacked!" Response Workshop

    Please Note - This Session Runs from 10:30 am - 12:30 pm

    You get the call - "You've been hacked!" - now what? Breach response plans on paper are an important step but don't miss this unique chance to prepare yourself to expect the unexpected through an interactive, hands-on fire-drill exercise among your peers. Join an interdisciplinary team of workshop leaders with actual breach response experience to walk you through a post-breach protocol including:
    • Alerting law enforcement and working with the authorities
    • Assessing the technical damage
    • Crafting a public relations and communications response
    • Understanding the legal and compliance risks at play depending on the early and ongoing assessments to the incident

    • Austin Berglas
    • Senior Managing Director - Head of US Cyber Investigations and Incident Response
    • K2 Intelligence
    • Peter Hedberg, RPLU
    • Senior Underwriter, Technology and Privacy
    • Hiscox USA
    • Jennifer Mercer
    • Senior Vice President of Strategic Communications
    • Epiq Systems
    • Lisa Sotto
    • Partner
    • Hunton & Williams
    • Brooks Taney
    • Vice President of Data Breach Solutions
    • Epiq Systems
    • Jeff Rabkin - Discussion Leader
    • Partner
    • Jones Day
  • 12:00pm- 1:00pmExhibit Hall Break

  • 1:00pm-2:00pmTRACK SESSIONS

  •  LEGAL TRACK
    Current and Emerging Standards of Cybersecurity Due Care

    Despite several years of headline-grabbing data breaches, the U.S. still does not have a clear statutory or regulatory scheme setting forth applicable cybersecurity standards. Nonetheless, courts and regulators are using existing common law doctrines and statutory enactments to hold companies accountable for cyber-attacks. This leaves companies wondering, what are the standards? Where do they come from? And where are they going? This session will:

    • • Review of recent litigation
    • • What are the new minimum cybersecurity requirements?
    • • Identify relevant standards
    • • Consider the consequences of such standards
    • • Identify opportunities presented by such standards
    • • Explore the next wave of litigation for cybersecurity breaches
    • Richard Martinez
    • Partner; Chair, Privacy and Cybersecurity Litigation
    • Robins Kaplan
  •  TECHNOLOGY TRACK
    Don’t Click Here: How to Train Your Employees to Recognize Phishing Attacks

    Distressed Nigerian princes are a thing of the past.  With 91% of attacks starting with sophisticated spear phishing that can often look identical to every day requests, the most important factor in your cybersecurity strategy is the human one – your employees.  This session will take you through the straightforward, interactive training you can use to arm your employees with the tools they need to discern between a phishing attack and a legitimate request for sensitive information. Return to your office armed with insights on how to:

    • • Prepare employees to be more resilient and vigilant against targeted cyber attacks
    • • Empower employees to easily report suspicious emails to the internal security teams in a timely manner
    • • Provide incident responders with the ability to effectively prioritize, analyze, and act on suspect email reports detected by users, producing actionable intelligence that can be integrated with and employed by an organization’s existing security infrastructure and analytics capabilities.
    • Scott Greaux
    • Vice President, Product Management
    • PhishMe
  •  INSURANCE & RISK TRACK
    Digital Advertising: Managing Privacy and Cybersecurity Risks

    Digital advertising expenditures hit a record $15 billion in the third quarter of 2015. The use of digital to connect with customers is only slated to grow, with even TV advertising now losing its supremacy to the flashing screen in your hands and on your desktop. With these sorts of revenue figures, it’s more likely than not that your organization has a digital footprint – or will soon. Learn about avoiding missteps while exploring the potential of this expanding industry when you join this session to discuss:

    • • Digital media fraudulent schemes, remedies and preventative measures
    • • FTC enforcement and liability
    • • Internal security controls
    • Gary Kibel
    • Partner
    • Davis & Gilbert LLP
    • Pedro Pavón, CIPP/US
    • Senior Corporate Counsel
    • Oracle Legal
    • David Wainberg
    • VP, Privacy & Policy Counsel
    • AppNexus
  •  2020 TRACK
    The Enterprise Immune System: A New Approach to Cyber Defense

    While a layered approach to security can help catch ‘known' threats, today's adversaries have upped the ante. Cyber-threats against law firms involve a wide range of actors, from nation-state and criminal groupsto rogue employees and insiders. Faced with the difficulty of protecting intellectual property, client data and market reputation from constantly-evolving threats, prioritizing cyber defense is critical.

    In spite of traditional security controls, threats will always get inside, just as our own staff sometimes expose us to vulnerabilities. However, immune system technologies are today helping leading firms get ahead of this threat landscape, by learning ’ self’ within our busy networks, and detecting abnormal activities before a crisis strikes.

    In this session, learn

    • • How new machine learning and mathematics are automating advanced threat detection
    • • Why 100% network visibility and intelligency allow you to pre-empt emerging situations, in real time
    • • How smart prioritization of threats means better resource allocation, and lower risk
    • Nicole Eagan
    • CEO
    • Darktrace
  • 2:00pm- 2:30pmExhibit Hall Break

  • 2:30pm-3:30pmTRACK SESSIONS

  •  LEGAL TRACK
    Is Privacy Dead? Structuring Your Data Collection and Handling Programs

    Businesses today have available to them more and more information about individuals than ever before. That information potentially presents great opportunities, and significant risks. Topics of discussion will include:

    • • Should your enterprise risk litigation and regulatory scrutiny for the potential benefits of mining your customer data?
    • • Where do the minefields lie?
    • • What are ethical considerations to keep in mind when it comes to the collection and use of personal information?
    • • What constitutes sufficient notice and how is that expected to change?
    • Andrea Arias
    • Attorney
    • Federal Trade Commission, Division of Privacy and Identity Protection
    • Jason Gonzalez - Discussion Leader
    • Partner, Practice Group Leader, Data Privacy & Cybersecurity
    • Nixon Peabody
    • Chaim Levin
    • Chief US Legal Officer
    • Tradition Group
    • Sachin Kothari, CIPP
    • Director of Online Privacy & Compliance
    • Telecommunications
  •  TECHNOLOGY TRACK
    Insider Threats: You Are Your Own Worst Cyber Enemy

    Do you know what an insider threat looks like? Look in the mirror. From intentional employee data siphoning like Chelsea Manning and Edward Snowden to the security breaches caused by negligence and compromised credentials - organizations must equate internal data protection hazards with outside attacks as part of their data protection regimes. How are companies balancing employee privacy with the need to monitor and contain network activity? Join this session to benchmark your approach to:

    • • Addressing instances of unauthorized access
    • • Identifying when employees are in violation of organization policies
    • • Conducting ongoing internal reconnaissance
    • • Red flagging data hoarding
    • • Recognizing imminent data loss
    • Eric Feldman
    • Chief Information Officer
    • The Riverside Company
    • Charles "Chip" Gilgen
    • Assistant Special Agent in-Charge, New York Office
    • FBI
    • Mauricio Paez - Discussion Leader
    • Partner
    • Jones Day
    • Pamela Passman
    • President and CEO
    • Center for Responsible Enterprise and Trade (CREATe.org)
  •  INSURANCE & RISK TRACK
    Negotiating and Understanding Cyber Liability Insurance

    As cyber losses mount, policyholders turn to insurance as a method for mitigating both first-party and third-party risk. The market for cyber insurance is growing, but policies are complicated and standard forms have not yet developed. Even sophisticated policyholders may not fully understand what coverages they have – or don’t have. For companies looking to augment their coverage, the underwriting process has become more challenging. The days of the one-page application are over, and companies must demonstrate their breach preparedness and provide detailed information about their controls

    This session will review emerging trends in cyber coverage and the policy provisions that matter most in the event of a breach. We will explore the “Dating Game” between underwriters and prospective policyholders to uncover what insurers look for before they write coverage. We will discuss options available for companies – including those with prior breach history or weak data protection regimes – to make themselves more attractive in the market.

    Other issues covered will include:
    • • What underwriters expect in the application process
    • • Most common reasons insurers walk away from underwriting risk
    • • The critical features you should look for in policies
    • • Strategies for strengthening and tailoring coverages based on your companies needs
    • • Emergence of new exclusions
    • • The risk of rescission and how to avoid it
    • • Managing breach claims and recovery efforts
    • Richard DeNatale
    • Partner
    • Jones Day
    • Emy R. Donavan
    • National Practice Leader - Cyber, Tech, Media & Specialty PI
    • Allianz - AGCS
  •  2020 TRACK: It's Not Just About Your Network Anymore: Protect Your Brand from Cybersquatters, Typosquatters, and Fraudsters

    With cybercrime on the rise, accounting for millions of dollars lost by businesses every year, securing your company’s online assets and protecting your digital IP is not only important, it’s essential. We take a look at the major actors and cyber threats now, and how they might evolve in the future. Our panelists will also share insights into how companies can protect their digital assets and brands from the evolving threats of cybersquatting, typosquatting, domain hacking, DNS attacks, and phishing attacks.

    • Lyle Bingham
    • eBusiness Project Manager
    • EMC Corporation
    • Patrick Flanagan
    • VP, Digital Marketing & Strategy
    • Simon Property Group
    • Dwayne Perry - Discussion Leader
    • Director – Americas
    • CSC Digital Brand Services
    • Michelle Rodenheiser
    • Digital Advisor
    • CSC Digital Brand Services
    • Mary Seek
    • IT Security, Vulnerability Management
    • PenFed Credit Union
up arrow Up top

CREDITS

Secure Your Credits

ALM's cyberSecure is the premier destination for acquiring powerful insights, extensive education (see below for CLE information) and actionable plans to prevent and limit disruption caused by cybersecurity incidents. All while presenting a platform for elite industry leaders, strategic partners, and prospective clients to meet and engage in impactful and influential discussions.

Make sure you check back often to see the latest speakers and keynotes, or click here to be notified of our conference updates.

CLE - 9.5 credits approved which includes 2 ethics credits

ALM has been certified by various CLE boards for continuing legal education. ALM will apply for approval in multiple jurisdictions subject to the rules, regulations and restrictions dictated by those state organizations.

For specific information about CLE contact Lazette Jackson at 212-457-7912 or email cle-dept@alm.com.

CE

Insurance CE credits have been applied for in NY, CT, PA, NJ, IL & MA and is pending until further notice.

For specific information about Insurance CE contact Joyce Coots at 859-692-2263 or email jcoots@alm.com.

CPD

NASBA - ALM is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website at www.learningmarket.org.

NYS Board of Accountancy - ALM is registered with the NYS board for public accountancy under sponsor license number 0022403. ALM has been approved for the subject areas of Accounting, Auditing, Taxation, Advisory Services and Specialized Knowledge and Applications. ALM will award CPE credits to NY CPA's based on the guidelines implemented by the NYS Board of Accountancy.

up arrow Up top

SPONSORS

  • Legal Chair
  • jones day
  • Advisory Chair
  • bdo
  • Sponsors
  • baker mckenzie
  • bloomberg law
  • CSC
  • nixon peabody
  •  
  • darktrace
  • epiq
  • esentire
  • franklin data
  •  
  • harris beach
  • hub international
  • huron legal
  • ISMS
  •  
  • ISMS
  • ogletree deakins
  • phish me
  • trend micro
  •  
  • raytheon
  • robins kaplan
  • ropes gray kaplan
  • ropes gray kaplan
  • stroz friedberg kaplan
  •  
  • vidder
  • Media Partner
  • federal publications seminars
  • information security forum
  •  
  • Executive Partner
  • Award Sponsor
  • ALM Media Partners
  • alm legal intelligence
  • tal
  • corporate counsel
  • consulting magazine
  •  
  • fcs legal
  • globe st
  • inside counsel
  • kennedy
  •  
  • lawcom
  • legaltech
  • legaltech news
  • nlj
  •  
  • national underwriter
  • property casualty 360
  • real estate forum

SPONSORSHIPS

Supported by ALM's industry-leading brands, cyberSecure will attract decision makers from multiple industries which include legal, technology, real estate, financial services, consulting, insurance and risk management.

This collective reach ensures sponsors and exhibitors will be afforded an opportunity unlike any other to showcase their expertise, products and services in front of a large and multidisciplined national audience.

Make sure you check back often to see the latest speakers and keynotes, or click here to be notified of our conference updates.

up arrow Up top

PRICING

  • Register by Phone: 877-693-9063
  • Submit an Inquiry by Email
Benefits General Registration   Exhibit Hall Pass
Includes All sessions on Day 1 and 2    
CyberClinics  
VIP Networking Reception    
Exclusive All Survey Results    
Includes Access to Day 1 Keynotes    
Exhibit Hall on Day 1 and Day 2  
Standard (Oct 1 - Dec 14, 2015) $795   Free
On Site (After Dec 14, 2015) $995   $95
  REGISTER   REGISTER
Team Pass Rate is Available* *This offer cannot be applied retroactively and cannot be combined with any other registration offers or discounts.
2-5 Team Pass $1,695 REGISTER
6-10 Team Pass $3,295 REGISTER
Vendors & Service Providers If you are part of an organization that provides goods and/or services to the legal, insurance, real estate, consulting, or financial services industries, please contact Frank Wolson for registration options. If you attempt to register under one of the existing registration categories and you are deemed to be a vendor or service provider, you will be contacted directly about your registration by our customer service team.

TERMS & CONDITIONS

SUBSTITUTION AND CANCELLATION POLICY Substitutions may be made at any time. Cancellations are accepted and registration fees refunded (less a 25% cancellation fee) if notice is received in writing 30 days prior to the event. If cancellation is received less than 30 days before the event, 50% of the fee will be forfeited and the remainder of the fee will be applied toward another upcoming ALM event (within the same calendar year). If cancellation is made less than one week prior to the event, no refund will be given. If for any reason ALM cancels this conference, it is not responsible for any costs (including travel and hotel accommodations) incurred by the registrant. For more information regarding administrative processes such as substitutions, cancellations, refunds or complaints, you may contact Customer Care at 877-693-9063 or email CustomerCare@alm.com.

up arrow Up top

LOCATION

www.themecircle.net

The Sheraton New York Times Square
811 Seventh Avenue, New York, NY 10019

  • Discounted Rate: $319 single/double (excluding taxes & fees)
  • Discount Deadline: November, 23, 2015

For your convenience hotel reservations can be made at the Sheraton Times Square at a discounted group rate of $319 single/double (excluding taxes & fees). Attendees are invited to secure their accommodations online or by phone. If you are making a reservation by phone be sure to mention cyberSecure to obtain the group rate.

Rates will remain in effect until November 23, 2015. However, please note that the discounted group rate is subject to availability and is not guaranteed. Rooms are available on a first come, first served basis, so be sure to book your room early!

up arrow Up top