2021 EWF Virtual Annual Conference 2021 EWF Virtual Annual Conference

Live Conference Schedule

Schedule

Monday, October 18, 2021

- EDT
Rising Leaders Forum Workshop: Maximizing Your Hybrid World
Ashley Baich
Ashley Baich
Accenture, Cybersecurity Consulting Analyst
Linda Dolceamore
Linda Dolceamore
Executive Women's Forum, Director Leadership Development & Leadership Coach
Mary Barnor
Mary Barnor
Thomson Reuters, Senior Vendor Cyber Security Analyst
Sandra (Sandy) Lind
Sandra (Sandy) Lind
Oracle, Principle Program Manager
Angela Williams
Angela Williams
Hillrom, VP, Chief Information Security Officer
Sonia Sotomayor
Sonia Sotomayor
Deloitte, Cyber & Strategic Risk Senior Consultant
Chelsie Thompson
Chelsie Thompson
Microsoft, Security Technical Specialist

"Maximizing Your Hybrid World”

**This session is only for those who identify as Millennials and Gen Z generation.**


Welcome

"Navigating the Ebbs and Flows of Work and Life": A Gen Z & Millennial Panel Discussion with Sandy Lind, Sonia Sotomayor, Chelsie Thompson and Ashley Baich as moderator. Breakouts: Share best practices and challenges for the ebbs and flows of work and life

Break - 10 min break

Action Team Co-Lead Table Talks: Want to know more about the RLF? The Co-Leads of each Action Team will host a table to share the mission of their Action Team and answer any questions you have. 

"Maximize Your Hybrid World”: A Keynote on pivoting, standing out, and integrating it all for career promotion and advancement. Angela Williams with Mary Barnor as moderator.

“Maximizing Your Hybrid World Wheel Exercise": Led by Linda Dolceamore-This is an opportunity to look at the areas of focus in your hybrid world and understand positive changes you may want to make.

Table Conversations

Closing: Gamification Winners will be announced 


This workshop will be hosted on Airmeet.com, a browser based platform for networking. 

EDT (Day 1 of 4)
AWS Jam Lounge

The AWS JAM is an event where participants experience a wide range of AWS services in a series of prepared scenarios that represent common use-cases and operational tasks, such as remediation at scale, automation, forensics, incident response, compliance and many others. The event is gamified, with teams competing to score points by completing a series of challenges over the course of the event. AWS provides access to pre-created infrastructure that is based on common use cases that participants use to determine what happened, how to best respond, and deploy appropriate solutions. The challenges have varying degrees of difficulty and points associated with them. A live leader-board provides updates on stats and progress. Clues and guidance help your participants move through the challenges.

You build a team and just be “1” in a team or you can join an established team.

Teams who participate and complete the challenges will get the chance to win some prizes! The top three (3) teams will win some gift cards so make sure to get your team all set up for the AWS Jam Lounge! 

EDT (Day 1 of 4)
CyberEscape Virtual Rooms for our Corporate Benefactor Attendees

An immersive Team-Based Training Experience

Online Team-Based Cyber Security Training that creates an engaging Gamified Experience for All Levels of Employees

- EDT
Women of Influence Awards Ceremony

The annual Women of Influence Awards presented by Accenture Security and Avanade, honor five women for their accomplishments and leadership roles in the fields of Information Security, Risk Management and Privacy. Listen to each categories finalists as they go through their most valuable information and join us in celebrating those who are the recipient of each award. We will also showcase our Catalyst Awards to 5 male allies and an Appreciation award

Tuesday, October 19, 2021

EDT (Day 2 of 4)
AWS Jam Lounge

The AWS JAM is an event where participants experience a wide range of AWS services in a series of prepared scenarios that represent common use-cases and operational tasks, such as remediation at scale, automation, forensics, incident response, compliance and many others. The event is gamified, with teams competing to score points by completing a series of challenges over the course of the event. AWS provides access to pre-created infrastructure that is based on common use cases that participants use to determine what happened, how to best respond, and deploy appropriate solutions. The challenges have varying degrees of difficulty and points associated with them. A live leader-board provides updates on stats and progress. Clues and guidance help your participants move through the challenges.

You build a team and just be “1” in a team or you can join an established team.

Teams who participate and complete the challenges will get the chance to win some prizes! The top three (3) teams will win some gift cards so make sure to get your team all set up for the AWS Jam Lounge! 

EDT (Day 2 of 4)
CyberEscape Virtual Rooms for our Corporate Benefactor Attendees

An immersive Team-Based Training Experience

Online Team-Based Cyber Security Training that creates an engaging Gamified Experience for All Levels of Employees

- EDT (Part 1 of 5)
Sisterhood Networking Circles

Go to the EWF Sisterhood Networking icon to join our private video rooms to chat with other EWF Conference Attendees! Form life-long friendships, communicate with other like-minded women and find support amongst the EWF sisterhood. 

- EDT
Mindful Movement
Nadine Blinn
Nadine Blinn
Balanced Humans Office Yoga, Owner - Teacher

Unwind from your day

Join us for an all-levels mindful movement class

A soft stress relieving and stretching class available to all levels and body types. Class begins seated but incorporates standing poses and modifications. Expect a soft, feel-good class that incorporates breathing, guided meditation, and stretching. No mat - just bring yourself and a chair. 

- EDT
Newbie Session
Dana Brady
Dana Brady
EWF, Director of Corporate Partnerships

For any first-time attendees to gather the best tips and tricks on how to make sure you take full advantage of the EWF conference. We will learn how to navigate the platform, how to network with other attendees, and what to expect throughout the next 3 days. 

- EDT
- EDT
The Jetsons Are Here! Looking to the Future Panel
Lisa Lee
Lisa Lee
Microsoft, Chief Security Advisor/SCI Global Lead Vertical Industries
Patti Titus
Patti Titus
Markel Corporation, Chief Privacy and Information Security Officer
Theresia Gouw
Theresia Gouw
Acrew Capital, Founding Managing Partner
Prof. Andrea M. Matwyshyn
Prof. Andrea M. Matwyshyn
Assoc. Dean of Innovation/Prof. of Law | Prof., Engineering | Founder, Policy Innovation Lab of Tomorrow (PILOT) & Manglona Lab for Gender and Economic Equity at Penn State
Theresa M Payton
Theresa M Payton
Fortalice Solutions, CEO

If you had known about mobile phones, the Internet, or cloud computing before they arrived, would you have been better prepared or would you have planned, staffed, or trained differently? We often approach our long-term security strategy from the present looking at the future from today’s perspective and evaluating tomorrow’s needs based on today’s technology. What if we looked back from the future considering how technology and our world are going to change and what we may need for active defense and protection? 

This panel will walk through some of the most significant technological advances expected in the next 3-5 years many already starting to appear in the market. We will be joined by women with deep security expertise as well as experts from companies who are leading the charge in next-generation technologies. They will share how they approach technological advances and will help us consider the potential security and privacy implications of these specific advances. 

The panel will shed light on the shape of the future and encourage future-proof thinking.  As security, privacy, and risk management professionals, it is important for us to be visionary and strategic to prepare for the range of consequences from a future that is hurtling our way.   

- EDT
The Success Mindset
Magie Cook
Magie Cook
Magie Cook, LLC, CEO

**Attend Magie's session and be entered into a drawing to receive a personalized signed copy of Magie's book "Mindful Success: How To Use Your Mind To Transform Your Life"!**

When you are faced with a challenge or experience that is difficult to live through, you can still CHOOSE the best path forward.  When you are connected by purpose and hope you create the ability to overcome any adversity.  As I work with organizations throughout the world, I consistently hear the same challenge: We are facing constant change and we want to be resilient in order to overcome any adversity. 

 But, what most people don’t realize is that it all comes down to how much you CARE about what you do, the meaning behind why you do what you do, and the discovery or re-discovery of your true purpose.  Think about how you work towards something you truly care about. Always, you will see the same three-character traits present:  First, you’re resilient.  When you truly care, you’ll keep moving forward no matter how many setbacks you experience.  Second, you’re resourceful.  Your mind is constantly looking for what will work to achieve the success you want. And third, you’re relentless.  You don’t stop until you’ve achieved the outcome you’re working towards.   

These are the Three R’s that make up the Success Mindset.  It’s this mindset that led to me overcoming extreme poverty in Mexico to becoming a professional basketball player, building a salsa company that sold for $231 Million, and eventually building an international keynote speaking business to share this mindset with millions of people around the world. When you truly CARE, you will bring your best self to work, you will feel great about what you contribute, and you will achieve extraordinary results. That’s how you overcome any adversity.


- EDT
Innovation in Healthcare Security - How Can Security Invigorate Medical Research?
Salwa Rafee
Salwa Rafee
Accenture, Global Managing Director

Today, scientists and Healthcare organizations have begun to experiment with alternative approaches, such as artificial intelligence (AI), quantum computing, and human organs-on-chips, to make drug discovery and development faster and more cost-effective. Patient data collected from health sensors, wearables, and tiny medical gadgets is already transforming patient care. The industry’s digital transformation is creating enormous opportunities for innovation and for developing new life-saving medical applications.

Please note there will not be any Q&A for this session. 

- EDT (Part 2 of 5)
Sisterhood Networking Circles

Go to the EWF Sisterhood Networking icon to join our private video rooms to chat with other EWF Conference Attendees! Form life-long friendships, communicate with other like-minded women and find support amongst the EWF sisterhood. 

- EDT
Strength & Stretch

Melt your muscles through slow and mindful low-impact combos, inspired by dance and barre. Lengthen and increase flexibility through breathwork set to music. Leave elevated in your body and mind.

Mat and towel recommended, no shoes required.

- EDT
Threat-relevant Decisions to Secure the Ecosystem
Michele Pittman
Michele Pittman
Fidelity Investments, SVP, Enterprise Cybersecurity
Trish Denno
Trish Denno
Fidelity Investments, Vice President for Cyberthreat Intelligence, Enterprise Cybersecurity

Engaging the customer has grown to include in person services, email and chat interactions, web-based interactions, and mobile applications. In a self-serve world the threats are agile and ready to exploit business and the customer. You cannot shut down access to the internet, it is up 24 hours-7 days a week. What threat-relevant decision points should be made based off these facts?


*Open to all attendees*

- EDT
Changing the Role of CPO, CISO and CIO
Meerah Rajavel
Meerah Rajavel
Citrix, CIO
Linda Thielova
Linda Thielova
OneTrust, DPO, Head of CPO CoE
LaLisha Hurt
LaLisha Hurt
Capital One, Head of Cyber Risk, Remediation and Governance

C-Suite roles are evolving and changing with our digital ecosystem each day. From digital technology, privacy to cybersecurity, the roles of Chief Information Officer (CIO), Chief Privacy Officer (CPO) and Chief Information Security Officer (CISO) are strongly interconnected and together are accelerating IT and business transformation for organizations in a dramatic way. In this panel discussion, three C-suite executives will share their industry perspective and how they see their respective roles evolving as companies take on digital transformation initiatives, align to increased privacy and security regulations while simultaneously cultivating a culture that embraces a new ‘work from anywhere’ paradigm shift. 

The panel dialogue will cover: 

  • The current and future state of the CIO, CPO and CISO role to include challenges + opportunities across industries 
  • The similarities, differences, and intersection of the three roles + the value of partnership 
  • Specific IT digital transformation strategic drivers, success stories and measures shared from three different vantage points 
  • Future predictions and one-word intentions for 2022 and beyond
- EDT
Own Your Career
Linda Dolceamore
Linda Dolceamore
Executive Women's Forum, Director Leadership Development & Leadership Coach
Stephanie Domas
Stephanie Domas
Intel, Director Strategic Security & Communications
Rinki Sethi
Rinki Sethi
Twitter, VP & CISO

Your career is as unique as you are and is yours to build and own. Join Linda Dolceamore to learn how to proactively manage your career in order to work and live by design not default.  Linda will offer questions for you to gain clarity, insights, and steps to build a framework for your career growth and fulfillment.  You will also learn from past EWF Women of Influence One to Watch recipients on how they architect their careers.

- EDT
Understanding the Need for Ethical & Responsible Frameworks for AI Governance
JoAnn C. Stonier
JoAnn C. Stonier
Mastercard, Chief Data Officer
Lydia Payne-Johnson
Lydia Payne-Johnson
The George Washington University, Director of IT Security, Identity Management and Cybersecurity Risk
Sheetal Rishi
Sheetal Rishi
Kyndryl, Senior Client Partner

Understanding and minimizing bias in AI requires a steady governance and disciplined approach toward how organizations understand the data used, the AI algorithms are created, how they are applied and how bias and drift is detected and monitored. Rather than expecting machines to figure everything out on their own, human-centric design would suggest that a combination of this emerging science with human oversight could yield the best results. This panel will focus on what can be done to address this important issue.

- EDT
Cultivating Positive Relationships to Deliver Big Results: Relationships are the key to everything
Martha VanDriel
Martha VanDriel
Merck & Co., Inc., Director, IT Risk Management Policy

The ISACA 2021 State of Cybersecurity report found that 56% of surveyed security professionals identified soft skills – including communication and flexibility – as one of the biggest skills gaps among today’s cyber professionals.  The report also said that emotional intelligence and the ability to integrate well with a team are among the most critical soft-skill qualities that a security professional can possess. 

Notice that these soft skills are needed to cultivate good relationships and that cyber professionals are lacking in these soft skills.  So how can we develop these soft skills and cultivate positive relationships to deliver big results? 

Let’s start by looking at an unlikely example – the Apple Store. Apple Stores generate more revenue per square foot than ANY other kind of brick-and-mortar store, regardless of whatever is being sold.  The secret to the Apple Store’s success is that they operate on a hospitality model (like hotels and travel resorts use), not around a transactional retail model.  So the salespeople at the Apple Store are not focused on selling you the most expensive Apple product; they are focused on selling you an enjoyable experience, by providing outstanding service support that saves the customer time and effort, even if you’re not there to buy anything.  In other words, providing a positive experience enables Apple to cultivate positive relationships which deliver big results.  

So what does this have to do with professional success for you and me?  Let’s say that you’re in charge of a major project that requires cross-functional cooperation from a large number of stakeholders, none of whom work for you, your boss, or even your boss’s boss.  You know that you want to cultivate positive relationships to make the project successful, but how do you do that? 

Think like the Apple Store:  Focus on providing the stakeholder with a positive experience when they interact with you, by saving your stakeholders time and effort.  So when you come to these stakeholders with a request for support, expend extra time and effort on your end in order to make it as easy as possible for the stakeholders to cooperate. In contrast, if you try to save your own time and effort by shifting the work onto your stakeholders, then you are using a transactional model, not a hospitality model.

This session will review two case studies where I personally invested extra time and effort in order to make it as easy as possible for my stakeholders to cooperate with my “ask.”  Not only did this result in my obtaining stakeholder cooperation, but the positive experience I provided enabled me to cultivate positive relationships, which delivered big results.

- EDT
Deep and Dark Web Scans to Identify Supply Chain Risk
Dr. Bilyana Lilly
Dr. Bilyana Lilly
Deloitte & Touche LLP, Manager

Software supply chain attacks pose a serious risk to organizations across the private and public sectors. Recent ransomware attacks have demonstrated the dangers of these kinds of attacks quite vividly. 

It is particularly difficult for organizations to defend themselves against software supply chain attacks because adversaries compromise legitimate software components that organizations’ threat detection systems can hardly recognize as threats. The malicious code infects organizations from an authorized third party and detecting that code requires sophisticated detection and monitoring solutions, which many organizations lack. In the absence of such sophisticated detection and monitoring solutions, organizations can consider monitoring the deep and dark web to increase their understanding of potential threats at various levels of the attack cycle.

Specifically, deep and dark web monitoring can help organizations:

  1. Anticipate threats during the reconnaissance stage of a supply chain attack
  2. Detect threats at the weaponization and intrusion stage of a supply chain attack
  3. Mitigate these threats

This talk will explain how organizations can use the dark and deep webs to their advantage and leverage various analytical tools to look for, collect and analyze information that can enhance their resilience against software supply chain attacks. The information organizations can collect falls into the following categories: 

  • Information about the tactics, techniques, and procedures (TTPs) of threat actors that are likely to target a particular organization. 
  • Information about the organization itself may be available on the deep and dark web and may increase the organization’s likelihood of becoming a target of a supply chain attack. 
  • Information about partners and third parties with which the organization works, which can make them targets and may turn them into “back doors” an adversary can exploit to gain access to an organization’s network.   

The talk will also discuss wherein the defense architecture of each organization the information can be used to enhance organizational defenses.

- EDT
Designing Trustworthy Equitable AI Solutions
Sherin Mathews
Sherin Mathews
McAfee, Senior Data Scientist

Artificial Intelligent (AI) systems are widely utilized in many mission-critical fields, such as cyber security, autonomous vehicle control, and precision medicine to support intelligent decision-making. However, developing robust, responsible, traceable, trustworthy AI systems is a challenging problem. It is critical to match these AI system designs with the underlying constraints concerning system resilience against ML-specific security attacks, privacy breaches, and users' trust in these systems.

Additionally, the proliferation of unreliable datasets is widely acknowledged. Datasets collected through crowdsourcing or scraping the web have far better scalability compared to expert-annotated datasets. However, these automatic processes are more likely to have hidden pitfalls. Datasets annotated without expert verification can have underlying bias and inadmissible properties that undermine their quality. This presentation will present strategies to identify flaws and hidden biases in unvetted training datasets. The use case study will also highlight confounding factors that lead to undesired and significant artifacts in datasets and illustrate the interplay of robustness and user trust in the context of ML systems. The work will also demonstrate the foundational principles and finest practices to develop a robust and trustworthy ML system. The talk will present techniques to design robust, trustworthy AI technology covering all secure ML system development aspects. Finally, the discussion will also outline and delve into steps to create more reliable datasets and future model development to ensure that AI-powered systems and products are fair and work for everyone.

- EDT
TikTok's Bug Bounty Year in Review
Roland Cloutier
Roland Cloutier
TikTok, Global Chief Security Officer
Suhana Hyder
Suhana Hyder
TikTok, Vulnerability Management Leader

At TikTok, safety and security is always a top priority. However, as a global entertainment and technology platform, it's not enough to only build strong defenses against malicious actors. It's also critical to continuously test your infrastructure and processes, uncover potential threats, and make your security defenses even stronger. This month marks TikTok's one-year anniversary with HackerOne, an industry-leading bug bounty program that helps TikTok stay ahead of next-generation threats. Join TikTok Chief Security Officer Roland Cloutier and Vulnerability Management Lead Suhana Hyder for a fireside chat about how the company works with top security researchers, academics, and other independent experts to safeguard the platform. This conversation will explore how organizations can work with white hat hackers, leverage advanced insights into emerging vulnerabilities, and allow companies to resolve potential issues before attackers can exploit them.

*No Q&A will take place during this session*


*Open to all attendees*

- EDT
Zero Trust Security Transformation: new strategies, skills, culture and staffing you can drive as a leader
Jason Keenaghan
Jason Keenaghan
IBM Security, Zero Trust Strategy Leader
Laurene Hummer
Laurene Hummer
IBM Security, Program Director, Product Management

Organizations are undergoing massive transformations across hybrid cloud and AI which requires an entirely new approach to security. The Zero Trust framework is the new approach that can safeguard critical assets and data with the least privilege model yet provide the transparency and agility needed when security incidents do happen. Protecting distributed users, devices and connected systems require security everywhere, in the fabric of your business. In this session, gather insights and hear from IBM Security leaders who specialize in the strategy and execution of zero trusts and how they apply it to some of the largest organizations in the world.


*Open to all attendees*

- EDT
BISO Panel: Bridging the gap between the business and IT security
Kim Salo
Kim Salo
Target, Director Cybersecurity
Ogor Oghedo
Ogor Oghedo
MassMutual, Business Information Security Officer
Arthureen Brown
Arthureen Brown
Altria, Business Information Security Officer
Nicole Dove
Nicole Dove
WarnerMedia, Business Information Security Officer

The Business Information Security Officers (BISOs) role strategically bridges the gap between the business and IT security.  It is an emerging strategic position that can build critical skills valuable across multiple roles within security and risk management. This session will explore the evolution of the role and its value to the business. Join our exceptional panelist if you are curious about the function of a BISO and what makes this senior information security role unique.

- EDT
Post-Quantum Cryptography: What Executives Should Know
Chujiao Ma
Chujiao Ma
Comcast Cable, Senior Security R&D Engineer

In the past decade, quantum computers have moved from theoretical research into something that can drastically change the way of computing. However, with great power comes great responsibility. Whereas classical computers process information in bits that are either 0 or 1, quantum computers process qubits that can be simultaneously 0 and 1. This means that some algorithms that have exponential complexity on classical computers can be solved in polynomial time on quantum computers. For example, Shor’s algorithm can be used to attack the underlying foundations of modern public-key cryptosystems, such as RSA and ECC, and render their security void. While it’s unclear when quantum computing will be commercially available, most experts agree that there is a substantial probability of this happening in the next 20 years. A transition across all cryptography can seem overwhelming. However, there is much cause to keep calm and carry on. NIST, for example, has a process underway to determine a list of post-quantum crypto (PQC) algorithms to replace current public-key cryptography. Cloud computing providers, such as AWS, provide the option of using hybrid cryptography, which combines PQC within a classical cryptography wrapper. This talk will help you plan for a post-quantum world. We begin by providing an overview of post-quantum cryptography, including the status of the NIST competition. Next, we introduce the different implementations that currently exist to incorporate PQC algorithms into your infrastructure. Then we discuss the state of complementary solutions specifically certificates, protocols, and cloud computing. Finally, we close with a roadmap to help you move forward efficiently by incorporating crypto agility according to your organizational needs.
 

- EDT
What Do You Bring To The Table? Knowing and Owning your Unique Value Proposition
Melissa Kepler
Melissa Kepler
Capital Humans, Coach and Owner

The most powerful and effective leadership is authentic – that is, it comes from a person who isn’t trying to pretend to be anything they aren’t. But how do you find the core of who you are and translate that through a workplace lens to connect with others? The key is to focus on your strengths – not your weaknesses. 

We learn, early on, to figure out where we aren’t great at things and to work hard at improving those areas. But no one ever rose to success based on what they were BAD at – at best, that kind of effort prevents failure. To do great – to BE great – you need to build on what you already do naturally and well. What 

There is no one right way to be or to lead. But explaining those differences in a way that reaches others can be difficult. Strengths provide us with the language to confidently describe the good things we do in ways other people can understand.

Join this session to learn more about:

  • How to tell what you’re good at – and then use that to keep improving
  • How focusing on the positive is a fast track to growth
  •  How to turn your natural tendencies into superpowers
  • How to explain yourself to others
  • How your skills and talents affect how you view the world
  • And, finally: what you should DO about this!

Taking the CliftonStrengths assessment is NOT a pre-requisite for this session. However, those who have taken the CliftonStrengths assessment are welcome to bring their results with them for a more personalized understanding of the topic.

- EDT
Women's History Trivia + Female Empowerment Hour! Prizes will be given away!

In this hour, we'll get energized with great music and interactive games.

Our funny and professional host, Crystal Sparks, will fill the break with trivia, chat challenges, and contests to get us laughing and moving.

Prizes to be given away will be!

  • Wireless Logitech Keyboard and mouse
  • Multifunctional LED desk lap with Wireless Charger
  • Wireless desktop charger
  • Portable Bluetooth speaker
  • Bluetooth Headphones with microphone 

Wednesday, October 20, 2021

EDT (Day 3 of 4)
AWS Jam Lounge

The AWS JAM is an event where participants experience a wide range of AWS services in a series of prepared scenarios that represent common use-cases and operational tasks, such as remediation at scale, automation, forensics, incident response, compliance and many others. The event is gamified, with teams competing to score points by completing a series of challenges over the course of the event. AWS provides access to pre-created infrastructure that is based on common use cases that participants use to determine what happened, how to best respond, and deploy appropriate solutions. The challenges have varying degrees of difficulty and points associated with them. A live leader-board provides updates on stats and progress. Clues and guidance help your participants move through the challenges.

You build a team and just be “1” in a team or you can join an established team.

Teams who participate and complete the challenges will get the chance to win some prizes! The top three (3) teams will win some gift cards so make sure to get your team all set up for the AWS Jam Lounge! 

EDT (Day 3 of 4)
CyberEscape Virtual Rooms for our Corporate Benefactor Attendees

An immersive Team-Based Training Experience

Online Team-Based Cyber Security Training that creates an engaging Gamified Experience for All Levels of Employees

- EDT (Part 3 of 5)
Sisterhood Networking Circles

Go to the EWF Sisterhood Networking icon to join our private video rooms to chat with other EWF Conference Attendees! Form life-long friendships, communicate with other like-minded women and find support amongst the EWF sisterhood. 

- EDT
A fireside chat with Accenture’s Britta Simms and Tina Slankas on: Digital transformation with SAP and beyond
Tina Slankas
Tina Slankas
Accenture, Security Delivery Lead
Britta Simms
Britta Simms
Accenture, Managing Director - Security Service

Growing numbers of companies across most industries are adopting internet-of-things (IoT) devices and moving more of their data into cloud environments. This digital transformation is fueling firms to reimagine traditional business models and innovate new ways to leverage data for growth. 

However, these complex hybrid environments also bring challenges. The most prevalent being the security risks to the more complex enterprise architecture. These risks are being worsened by:

 •    Lack of awareness and strategy to address security risks in a complex technology landscape 

•    Limited automation capabilities 

•    Known or weak security misconfigurations that create opportunities for attackers 

•    Siloed security products and processes that limit visibility across the enterprise What is needed to address these challenges are well-defined security requirements and a digital transformation roadmap that defines what security should look like.

In this presentation, Britta Simms, Managing Director at Accenture, will discuss the evolution of digital transformation and opportunities it presents to businesses. She will share examples and best practices from her 20 years in the SAP Security space leading large and small cloud migrations and assisting companies globally with their digital transformation efforts. 

 Participants will gain an understanding of the security impacts and opportunities involved in digital transformations to help drive requirement definitions. Britta will discuss how to analyze a company’s current state of security and define a vision for where a security program should be based on organizational requirements and/or maturity goals.  Leveraging client use cases, Britta will outline how to apply the Secure by Design methodology to digital transformation initiatives.

 Overall, attendees with gain a solid understanding, best practices, and tips/tricks to drive security efforts for their digital transformation with SAP and beyond. 

*Open to all attendees*

- EDT
Building a Career of Passion and Purpose: A Fireside Chat with Vasu Jakkal
Vasu Jakkal
Vasu Jakkal
Microsoft, CVP, Security Compliance & Identity
Jeff Dubois
Jeff Dubois
Microsoft, Sr. Communications Manager

With so much of our time spent at work, Vasu Jakkal believes you have to love what you do. Her own career journey has been one of many stops - some intentional and some accidental. Born and raised in India, she came to the U.S. to study engineering and was the first woman in her family to work outside the home. The support and encouragement she received has inspired her throughout her career to help empower others, particularly women, to break boundaries and achieve their goals. Today, she is a passionate advocate for enabling and supporting a new generation of cybersecurity defenders that truly reflects the whole of the world we live in. Join us for a moderated discussion as Vasu reflects on her leadership journey, life lessons that have made a big impact on her career choices, and her personal mission to help make the world a safer place for all.

- EDT
Data Protection in Financial Services
Eleni Rundle
Eleni Rundle
Fidelity Investments, SVP of Software Engineering
Jill Bibb
Jill Bibb
Fidelity Investments, Vice President Internal Investigations

Join us for this fireside chat where we will discuss all things Data protection in the Financial services industry. Topics will include protecting data in the cloud, high value technologies for data protection, as well as what could be coming next! Joining us will be Eleni Rundle and Jill Bibb two of the top leaders of Software Engineering at Fidelity Investments, as they share their experiences and perspectives regarding data protection throughout their careers.


*Open to all attendees*

- EDT
Different Paths Lead to The Same Road—A Career Journey Panel Discussion
Jackie Grochowalski
Jackie Grochowalski
MassMutual, Head of Identity and Access Management and Security Engineering
Susan Whittemore
Susan Whittemore
MassMutual, Head of Cyber Risk
Anne Coulombe
Anne Coulombe
MassMutual, Head of Data Cyber Security
Lindsey Basara
Lindsey Basara
MassMutual, Next Generation Authentication (NGA) Program Owner

What do a former TV news intern, a sailing race competitor, and an antiques buff have in common? A shared passion for Cyber Security whose paths led them to MassMutual! Come and leave inspired as this panel of Cyber Security Professionals share their career stories and prove that the model to success is not linear.

*Open to all attendees*

- EDT
Leadership Lesson: Running a global security practice with cross-functional female partners
Dimple Ahluwalia
Dimple Ahluwalia
IBM Security, VP & Managing Partner
Katherine Fick
Katherine Fick
IBM Security, Senior Counsel
Laurene Hummer
Laurene Hummer
IBM Security, Program Director, Product Management
Rosalia Gomez Thomas
Rosalia Gomez Thomas
IBM Corporation, Director, People and Culture
Kandyce Tripp
Kandyce Tripp
IBM Security Services, Partner, Global IBM Security Services Alliances

Today, every business is uniquely different, but security remains in the fabric of how we safeguard and protect systems, applications and deliver resiliency for operations. A strong leadership team can drive transformation, success, and a culture of improvement. In this session, hear from leaders across multiple business functions on how they bring together a diverse perspective on talent, strategy, product, legal and ecosystem to run a world class security operation for clients around the world.


*Open to all attendees*

- EDT
Leading through Humility
Andy Kirkland
Andy Kirkland
Starbucks, Global CISO

Starbucks believes in Our employees – who we call partners – are at the heart of the Starbucks experience. We are committed to making our partners proud and investing in their health, well-being and success and to creating a culture of belonging where everyone is welcome. Join Andy Kirkland global CISO for Starbucks as he reflects on his leadership journey in a new role and how through the lens of Humility was able to impact change in both team culture and unlocking business value.


*Open to all attendees*

- EDT
The Journey to TikTok's Global Security Organization
Roland Cloutier
Roland Cloutier
TikTok, Global Chief Security Officer
Kim Arabella
Kim Arabella
TikTok, Integrated Risk Lead
Katie Stefanich
Katie Stefanich
TikTok, Business Resilience and Crisis Management Lead
Luna Wu
Luna Wu
TikTok, Shared Business Operations & Portfolio Management Office Lead

Ever wonder what it takes to defend and protect a global entertainment and technology company? Join TikTok Chief Security Officer Roland Cloutier for a conversation with global security leaders working to keep the platform safe and secure for billions of users around the world. Roland will host a panel featuring Kim Arabella, Katie Stefanich, and Luna Wu on their journeys to TikTok, and how they're building next-generation security and privacy controls to protect a global community.


**No Q&A will take place during this session**

- EDT
What does growth look like during a Pandemic?
Syamla Bandla
Syamla Bandla
Facebook, Director of Production Engineering
Sid Sidhu
Sid Sidhu
Facebook, Production Engineering Manager
Maureen McKenna
Maureen McKenna
Facebook, Director, Production Engineering

For the past year and a half, the entire world and industry has been tested during these unprecedented times. Most of us have found ourselves addressing new struggles and juggling different sets of responsibilities, all while trying to keep up with our careers. Many have found it difficult to thrive as our ways of life have been heavily impacted and taken a toll. Please join us and hear from a few senior Women leaders from Facebook speak about their own experiences and how they were able to continue to grow in their roles while maintaining work-life balance.


*Open to all attendees*

- EDT
A Conversation with Feminist Icon Gloria Steinem
Gloria Steinem
Gloria Steinem
Feminist Icon
Joyce Brocaglia
Joyce Brocaglia
EWF, Alta Associates and BoardSuited, Founder and CEO

In 1848, the first women’s rights convention was held in Seneca Falls, New York. This conference was a pivotal moment in women’s history, bringing women together to share, learn, advocate, and organize. After more than a century, the EWF, in the tradition of the Seneca Falls Convention, is sharing an exclusive conversation with feminist icon Gloria Steinem and our CEO Joyce Brocaglia with our annual conference attendees. Join us for a candid discussion on women’s rights, the power of women’s conferences, ways to fight gender disparity in the workplace, and much more.

- EDT
Balancing Security, Privacy, and Usability
Beth A. Kost
Beth A. Kost
SVP & Chief Compliance Officer
Roshunda Drummond-Dye
Roshunda Drummond-Dye
Corporate Compliance Wellstar Health System, Chief Privacy Officer & Executive Director

In this session, presented by a Chief Compliance Officer (CCO) and a Chief Privacy Officer (CPO), attendees will learn practical methods for balancing privacy & security requirements with the ability to run an agile business using data. At their organization, the speakers need to balance complying with regulations, enabling mitigating controls and supporting the operations of 11 hospitals and approximately 400 clinics as a daily part of their collective work. 

1) How to deploy privacy & security professionals to the field for an on the ground view of the impact of operational constraints related to privacy and security

2) Share actual formats and practices to enable operations to use data without always having to obtain "permission" from the privacy & security team

3) Discuss the development of risk tolerance programs and the importance in the area of usability as well as the involvement of Senior Leadership in the determination of risk tolerance.

- EDT
RESToring a Women's Well Being
Dr. Saundra Dalton-Smith
Dr. Saundra Dalton-Smith
DSE Corporate Solution, Physician-Researcher, Bestselling Author, and founder

In this talk for busy over-stressed women, Dr. Dalton-Smith shares keys to restoring your wellbeing. Discover how better self-awareness can lead to greater resilience. Through the use of relatable real-life examples, Dr. Dalton-Smith shares the role of resilience, change management, and self-care in optimizing personal productivity, improving time/energy management, increasing efficiency, and cultivating a life you enjoy. You will leave this session with actionable next steps you can begin implementing immediately.

- EDT
The Future of Security Cloud Native
Caroline Wong
Caroline Wong
Cobalt.io, Chief Strategy Officer

In recent years, we have witnessed an explosive uptick in cloud-native security implementations for their myriad of benefits. As modern development processes speed up, organizations have recognized the urgent need for integrated security. In this talk, Caroline will share her observations on how companies must change the way they build security into their cloud-native projects, and forecast what’s next for cloud-native security. She will discuss how, when it comes to the future of cloud-native security, organizations must double down on people and process innovation to overcome the misconceptions, education gaps and common mistakes we see when it comes to the cloud. Cloud native is here; it is scaling, and it is not going anywhere. The more we can see the reality and necessity of what security must become, the better we will all be in the long run.

- EDT
Cyber Insurance and Securing the Digital Ecosystem
Alyssa R. Watzman
Alyssa R. Watzman
Lewis Brisbois, Partner
Stephanie Dannan
Stephanie Dannan
Markel Corporation, Application Security Analyst
Kathleen Lewis
Kathleen Lewis
Aon, Assistant Vice President - Cyber Solutions, Commercial Risk Solutions
Yasmine Abdillahi
Yasmine Abdillahi
Comcast, Senior Director Security Risk & Compliance
Kelly Castriotta
Kelly Castriotta
Markel Corporation, Managing Director, Global Cyber Underwriting Executive

As more business information moves online, cybercrimes are increasing—and both small and large businesses are a target. However, many businesses don’t realize their company is at risk. Cyber threats from a cyber-attack, theft or loss of data, unauthorized system access, or the adverse consequences that arise from email, website and social media misuse, can occur at any time. That is where cyber insurance can help.

There are a lot of misconceptions about cyber insurance: such as Cyber coverage is just for the technology that is associated with an organization (not true), my organization is too small to be hacked (not true),  and cyber insurance is too expensive (again, not true). Compared to no cyber insurance coverage, cyber insurance can offset risk within an organization and enhance company resiliency (it can also help you get the cybersecurity budget you need to protect your organization).

In this panel, we will review the current and future state of cyber insurance, why Chief Information Security Officers should be more involved in the procurement process of cyber insurance, and the short and long-term benefits of procuring cyber insurance.

Join us, as we discuss why cyber insurance has a place in every organization. 

Discussion highlights:

  • What cyber insurance covers;
  • The current and future state of cyber insurance;
  • How executives can utilize cyber insurance to offset risk within their organization;
  • How to leverage cyber insurance properly, to get the budget you need;
  • How cyber insurance can enhance company resiliency;
  • Why CISO’s should be more involved in the cyber insurance procurement process;
  •  Should cyber insurance be part of your incident response process? (hint: yes, it should);
  • Advice on purchasing cyber insurance;
  • Are you using your cyber insurance features to their full potential? (e.g., table top exercise that they pay for); and
  • Benefits and limitations of cyber insurance, from a legal perspective
- EDT
The Sooner, The Better: Threat Modeling Workshop
Sneha Aravind
Sneha Aravind
Comcast Corporation, Security Architect III
Vidya Murthy
Vidya Murthy
MedCrypt, Chief Operating Officer

Today, cybersecurity isn’t just a “nice to have,” it’s the next imperative across industries for delivering important services and creating new innovations. Threat modeling frameworks provide organizations with a repeatable way to incorporate key cybersecurity considerations into their software design and subsequently prevent or mitigate unacceptable compromises to confidentiality, integrity, availability, and safety. While threat modeling is a practice developed in the traditional software industry, it has been globally advocated. It is critical to be incorporated into any and all deployment strategies. In this workshop, we will walk through threat modeling processes with examples, to explore the cross-functional nature of threat modeling, and to assess risk levels for mitigation. Threat modeling can look different based on the domain/industry. Every threat model must consider the use case and business needs of the process. Through simulated tabletop exercises, this session will be an interactive workshop exploring the organization and development of a threat model. The exercise will illustrate four main steps of the threat modeling process: diagram (what are we building?), identify (what can go wrong?), mitigate (what are we doing about it?), and validate (did we do it sufficiently?). Each step of the process will be explored using an example while discussing best practices and risk level assessment strategies. Participants will walk away from this workshop with an improved understanding of threat modeling as a practice, knowledge of how threat modeling fits into risk management, techniques & tools for tailoring threat modeling to the needs of your organization, and available resources for additional learning.

- EDT
Women Leaders Pivot to Lead in the Cloud
Jyoti Wadhwa
Jyoti Wadhwa
T-REX Solutions, Director, Cybersecurity Solutions Architect
Meagan Ringel
Meagan Ringel
JPMorgan Chase, Managing Director
Mignona Cote
Mignona Cote
AWS, Head of Security for Global and Strategic Accounts
Ranae Moore
Ranae Moore
Target, Principal Cyber Security Analyst

Worldwide public cloud services grew 24.1% year over year in 2020 with revenues totaling $312 billion. This rapid pace of cloud adoption reflects how organizations are becoming more agile and scalable in response to their customers' needs.  With a current market penetration of 5% of information technology, the cloud is a critical technology platform that requires modern security leadership.  EWF has taken the lead in developing Next-Gen Cloud Leaders by forming the EWF Women Leaders in the Cloud Forum!  Founding members will talk about this new EWF Forum and share insights on the importance of the cloud, what you need to know and how to translate your skills to the cloud. 

In this session, we will hear from four industry executives engaged in the cloud journey. 

- EDT
Announcing leadership development program scholarships!
Linda Dolceamore
Linda Dolceamore
Executive Women's Forum, Director Leadership Development & Leadership Coach
Kerstin Zell
Kerstin Zell
EWF, Vice President, Strategy and Operations
Brenda Bjerke
Brenda Bjerke
Target, Senior Director, Cybersecurity

If you are interested in expanding your capabilities and advancing your career join this session to learn about exciting leadership development scholarships sponsored by Target.  Brenda, Kerstin and Linda will share everything you need to know about the scholarships, the application process, and  The Leader Within six-month program.  Please note The Leader Within is recommended for women with  7+ years of experience.

- EDT (Part 4 of 5)
Sisterhood Networking Circles

Go to the EWF Sisterhood Networking icon to join our private video rooms to chat with other EWF Conference Attendees! Form life-long friendships, communicate with other like-minded women and find support amongst the EWF sisterhood. 

- EDT
A CISO's Frenemy: The Human X Factor
Masha Sedova
Masha Sedova
Elevate Security, Co-Founder

Even with decades of effort, security teams cannot effectively protect their organization against ransomware, account takeover and data loss. Reactive technologies like UEBA and SIEMs have failed to appropriately gain context and visibility into these risks to protect and reduce the impact of incidents, friction to the business and both financial and data loss. By understanding unintentional but risky past decisions of users along with access levels and attack frequency, CISOs can paint a picture of where they are most vulnerable to attack and predict where the next incident will come from. This insight unlocks the capability for security teams to enable proactive security controls and tailor security precisely to each individual, minimizing risk without adding unnecessary business friction. This talk will discuss new strategies to contend with ransomware, data loss and account takeover that involve proactively managing insider risk in an organization.

- EDT
- EDT
Pushing Past Pandemic Privacy Predicaments with Privacy by Design
Sharon Polsky
Sharon Polsky
AMINAcorp.ca and Privacy & Access Council of Canada, President

The pandemic proved to be a perfect platform for promoting privacy-invasive programs, practices, and platforms — from contact tracing apps to Zoom meetings and proving who’s had which vaccine. 

Remote work, remote medicine, and other technological innovations facilitated life and work through the pandemic. Many of the new technologies and processes are here to stay — but at a cost to individuals’ privacy and organizational risk.

Incorporating Privacy by Design — an internationally recognized framework that promotes privacy and data protection compliance from the start — is an effective way to reduce risk while increasing compliance with privacy laws, and garnering public trust. 

Drawing on real-life examples, this session will break through the legalese and technical jargon of Privacy by Design, and provide practical tips and techniques so you can ensure your post-pandemic practices comply with privacy laws.

- EDT
Assessing your Vendors, Which ones are Riskier and How do you Know?
Debbie Zaller
Debbie Zaller
Schellman & Company, LLC, Managing Principal
Katie Barton
Katie Barton
Gallup, CIO

Third parties continue to be one of the main causes of breaches and this trend is growing. Vendor management is critical to an organization, during the initial engagement and throughout the relationship. Vendors need to be monitored often to ensure they are meeting the security and privacy requirements based on the services they provide. There are many different methods and tools that can be used to monitor vendors, including compliance assessments.  Of course, these tools are only helpful if organizations know how to understand the results, risks related to the results, and how to act on the results. 

This presentation will provide an overview of how an organization should assess vendors.  Assessing your vendors is a multi-step process. The process starts with discovering the vendors, which also includes vendors of your vendors (subcontractors), often referred to as Fourth or Fifth parties.  The next step in the process is to place these vendors in a risk category.  The risk category should be defined as part of the vendor assessment program and include prioritization tiers. The next step is to evaluate the vendors, based on their risk level. For example, you might send questionnaires for lower-risk vendors or you might require compliance reports that include certain control domains or a right to audit more risky vendors. There are tools that can also be used in place of questionnaires to evaluate all vendors against a predefined set of criteria.  

Once you have evaluated the vendors, reporting the results is key in order to communicate and determine the risk mitigation procedures. Reporting the results should allow for comparison scoring against other vendors in a similar category.  It should also allow the organization to document the risk mitigation activities based on the vendor scoring. The risk mitigation activities should include the final step, which is continuous monitoring.

Continuous monitoring is really necessary for all vendors but the methods and frequency will vary based on the scoring results and risk mitigation activities defined by the organization. Continuous monitoring may determine that certain vendors should be monitored annually while others should be monitored more frequently (i.e., quarterly). Additionally, monitoring should also identify when changes occur in the services provided by a vendor that might place them in a more, or less, risk category. Finally, the methods on how an organization will monitor the vendor should be defined. Again, questionnaires may be suitable, a monitoring tool, or compliance reports, depending on the risk category.

- EDT
Future of Cybersecurity
Hemma Prafullchandra
Hemma Prafullchandra
Microsoft, CTO M365 Security, Compliance and Management

In this session we will present top trends in technological innovation, threats and adversaries, and global regulatory initiatives. Given these and the progress made on digital transformation journeys by majority of organizations world-wide and the new norm of hybrid work, we will explore what the future of cybersecurity holds across technology, process, and people.

- EDT
Keeping it Simple: Eliminate the Fear of Jumping into Kubernetes
Sakuntaladevi Vidhyasankar
Sakuntaladevi Vidhyasankar
JPMorgan Chase, Vice President

As part of the modernization journey, container adaption is on rise and Kubernetes has become the buzzword in the infrastructure world and in cloud transformation. This session provides lightening style insight into Kubernetes will replace the misconception - ‘Kubernetes is scary and challenging’ with a compelling thought – ‘Key to overcome any challenge is by applying the right strategy with a growth mindset’. We use the logical questioning strategy “5 Ws and a H – Why, What, When, Where, Who and How” to demystify this emerging technology by starting with What Kubernetes and Why is it so beneficial, before unveiling its architecture, features and expanding on How to deliver resilient applications using Kubernetes. We provide a glimpse into cloud native history and explain the Kubernetes evolution and current state in cloud transformation. The session finishes with ‘What’s next in Kubernetes and What to look for’, to take full advantage of this powerful technology.

- EDT
Navigating through Sticky Communications
Lisa Kaplin
Lisa Kaplin
Lisa Kaplin, LLC, Speaker, Psychologist, Coach

Clear, assertive, and concise communication can be extremely tricky. When a situation becomes tense or sticky, communication is even more challenging. Join psychologist and executive coach, Lisa Kaplin for a powerful communication talk that will lead you to feel fully confident about how you show up and what you want to communicate in any situation. Lisa will teach you a simple, yet extremely powerful communication tool that you can use with comfort and ease. The tool will help you to:

  •  Organize your thoughts so that your words match what you are trying to express.
  • Plan your approach even if you have very limited time to do so. 
  • Take the emotion and tension out of your communication so that you can manage all conversations calmly and clearly.
  •  Feel fully confident in your ability to both give and receive feedback in a professional and positive manner. 

In this ½ hour session, Lisa will guide you through the tool and walk through some common sticky situation conversations and how to manage them. Lisa will demonstrate not only how to prepare for discussions using this tool, but she will also demonstrate examples of actual conversations. 

This will be a highly interactive, engaging talk and you will leave with a powerful tool for your communication toolbox and the confidence that goes with having that tool. How often have you wished for a script to manage challenging conversations? After this session, you will walk away with that very script.

- EDT
EWF Theme Party-Broadway Sings!

You are cordially invited to the ultimate celebration of live theater hosted by Broadway Sings PARTY!, a virtual event platform featuring Broadway trivia, games, dancing, and live performances from Broadway Stars performing just for you! The fast paced event will bring the magic of live theater straight into your office (or living room!). Sit back, relax, and most of all, ENJOY the best that Broadway has to offer in a jam-packed hour of entertainment, music, and FUN!

Brittney Johnson- WICKED!

uwpkyvzvd9MXHARbTPa8wWxnq27bKRn9ITPt2H7G.png

Corey Mach- Kinkey Boots!

V48wtVJAWrjQabWR9ONELzrrJWR8hVBJMOKk7F5a.png

Jackie Burns- Wicked!

KWcTnxmpBw9ClHJjomA7JccjY3TWD2rsUdTQDoPU.png


Taylor Iman Jones- Hamilton

ny5npEZhUwUZSVOhQWEJwOV8eje2dPyQwUrFiySA.png

Thursday, October 21, 2021

EDT (Day 4 of 4)
AWS Jam Lounge

The AWS JAM is an event where participants experience a wide range of AWS services in a series of prepared scenarios that represent common use-cases and operational tasks, such as remediation at scale, automation, forensics, incident response, compliance and many others. The event is gamified, with teams competing to score points by completing a series of challenges over the course of the event. AWS provides access to pre-created infrastructure that is based on common use cases that participants use to determine what happened, how to best respond, and deploy appropriate solutions. The challenges have varying degrees of difficulty and points associated with them. A live leader-board provides updates on stats and progress. Clues and guidance help your participants move through the challenges.

You build a team and just be “1” in a team or you can join an established team.

Teams who participate and complete the challenges will get the chance to win some prizes! The top three (3) teams will win some gift cards so make sure to get your team all set up for the AWS Jam Lounge! 

EDT (Day 4 of 4)
CyberEscape Virtual Rooms for our Corporate Benefactor Attendees

An immersive Team-Based Training Experience

Online Team-Based Cyber Security Training that creates an engaging Gamified Experience for All Levels of Employees

- EDT
Joy, Health and Wholeness Through the Power of Sound
Ruth Ratliff
Ruth Ratliff
Ruth Ratliff, Voice and Vibrational Sound Professional

When was the last time you felt totally comfortable, safe and connected to your ground of being? Come find out how you can relieve the daily stress of life with profound relaxation through Sound Therapy. This cutting edge modality helps to build resiliency to cultivate equanimity, focus and creativity so you can live a life of joy, health and wholeness. Sound Therapy is an up and coming healing art that has the potential to change the face of healthcare.

- EDT
Plotting the Course for Your Personal Brand
Elana Anderson
Elana Anderson
Veracode, Chief Marketing Officer

From brand awareness to lead generation, the aim of any marketing program is to build connections with people. It’s central to what marketers do every day and key to the marketing efforts led by Elana at Veracode. But how often as women do we invest the time to build our own personal brand with an aim of promoting ourselves as we aspire to our career goals?

As a lifelong student of marketing and former analyst at Forrester Research focused on helping clients achieve their marketing goals, Elana recognizes and understands the importance of personal brand and the steps necessary to build and maintain it. In this session, Elana will provide attendees with helpful insights to guide them on their journey toward building a personal brand. 

Elana will open by ‘plotting the course’ for your personal brand, starting with Purpose and Prioritization. Next, she’ll look at Strength and Leadership, acknowledging that the key to building your personal brand is understanding and leveraging your leadership style. Thirdly, she’ll cover the Brand Statement. As you start to execute the development and promotion of your personal brand, begin with your brand statement to keep you focused and true to your core values. Finally, Elana will demonstrate how to implement your personal brand. She’ll take time to review practical ways to begin building your personal brand using opportunities in day-to-day work assignments, social media channels and other vehicles that reflect your identity and values.

- EDT
The Cyberweapons Arms Race To The Bottom: How America moved from first mover to the most vulnerable nation state on earth, and what everyday Americans can do about it
Nicole Perlroth
Nicole Perlroth
The New York Times, New York Times Bestselling Author "This Is How They Tell Me The World Ends," Digital Espionage Reporter

 Nation-states are building arsenals of zero-day exploits and other cyber weapons to stage surveillance, intelligence gathering and military strikes in cyberspace. Ms. Perlroth offers a glimpse into the cyber arms race and the short-of-war conflict that is engulfing the economy, elections, hospitals, infrastructure, our privacy and psyche on a daily basis.

- EDT
Building Resilient Teams
Brenda Bjerke
Brenda Bjerke
Target, Senior Director, Cybersecurity
Ann Johnson
Ann Johnson
Microsoft, Corporate Vice President

The lessons we have learned during the past 18 months have demonstrated that our ability to respond to and bounce back from adversity in general, can impact the short-and long-term success of any organization. It can even dictate the leaders and laggards in any industry. Ann Johnson, CVP Security, Compliance, & Identity at Microsoft and Brenda Bjerke, Sr. Director, Cybersecurity at Target share their secrets for building resilient teams who thrive during constant disruption and where they find their own points of inspiration to inspire the next generation of female leaders and cultivate inclusive company cultures during this motivational keynote conversation.

- EDT
Ransomware Response Tabletop Exercise [WORKSHOP]
Cristina Messerschmidt
Cristina Messerschmidt
Baker McKenzie, Associate
Shelbi Rombout
Shelbi Rombout
U.S. Bank, Deputy Chief Information Security Officer
Jessica Nall
Jessica Nall
Baker & McKenzie LLP, Principal
Judith Branham
Judith Branham
Aon Cyber Solutions (formerly Stroz Friedberg), Managing Director
Judy Titera
Judy Titera
USAA, Chief Privacy Officer

This interactive session will unveil a ransomware attack in real-time and seek guidance from the attendees on how to best respond given the limited facts often known during an attack. As the exercise evolves, participants will gain first-hand experience in dealing with threat actors and will see why attackers increased sophistication is causing more and more companies to pay ransom. Conducting a tabletop exercise to practice responding to a ransomware incident has never been more critical. Cyber-attacks involving ransomware were already on the rise prior to the pandemic, but with the move to a work from home (“WFH”) environment, criminals have taken advantage of the crisis to exploit the vulnerabilities of the disrupted work force. In 2020, we saw ransomware increase to epidemic proportions, reportedly up 714% from the previous year. If the historical increase in ransomware attacks wasn’t enough to cause companies to consider how to best respond to an attack, the White House issued a memo on ransomware following the Colonial Pipeline attack, cautioning companies that no one is safe from a ransomware attack. The memo went on to provide a list of five best practices for safeguarding against ransomware, including practicing an incident response plan. 

Key takeaways from the exercise will include gaining an understanding of the increased sophistication of ransomware attacks along with the increased legal and regulatory obligations. This tabletop exercise is designed to provide attendees with a realistic simulation of an incident in an informal, stress-free environment. The session will educate attendees on the changing landscape of ransomware attacks and the countless decisions and questions that arise during an attack. Guiding attendees through the exercise will be professionals in cyber security, privacy, law, and forensic investigation. 

Join us as we consider a host of questions facing companies today experiencing a ransomware attack: 

• Who should be involved in responding to the incident? 

• Should law enforcement be involved? 

• How do we notify clients that information may have been released? 

• Should we pay the ransom? If we do, how do we do it? How do we know we are not dealing with a threat actor that is listed on Office of Foreign Assets Control’s (“OFAC’s”) Specially Designated Nationals (“SDNs”) list? 

• What are our legal and regulatory requirements?

- EDT
Virtual Meetings and Ephemeral Messages: Thinking about Preservation, Discovery, and Sanctions for Loss
Galina Datskovsky Ph.D., CRM, FAI
Galina Datskovsky Ph.D., CRM, FAI
OpenAxes, Member of the Board
Gail Gottehrer
Gail Gottehrer
Law Office of Gail Gottehrer LLC, Founder
Hon. Lisa Walsh
Hon. Lisa Walsh
Miami, Florida, 11th Judicial Circuit Court

The pandemic has led to an explosion in the use of remote (or virtual) meetings by public and private entities. At the same time, there has been a proliferation in so-called ephemeral messaging apps available to individuals and used for personal as well as business reasons, sometimes without the knowledge or permission of entities. These technologies present questions as to whether and how content should be recorded and dealt with for information governance purposes. At the same time, virtual meeting content and ephemeral messages might be subject to a duty to retain or to preserve for litigation. This panel will explore these, and other considerations related to virtual meetings and ephemeral messages, as well as possible sanctions for failure to make or preserve content.

- EDT
Demystifying 5G Security & Zero Trust
Wendy Frank
Wendy Frank
Deloitte & Touche LLP, Principal

5G is not just another generation of wireless connectivity for people to make phone calls or exchange data; it is an intelligent platform that powers sophisticated wireless connectivity and advanced consumer and enterprise applications. 5G will deliver higher speeds, lower latency, and more capacity for billions of connected IoT devices, while also bringing together a myriad of cutting-edge technologies. 5G leverages the latest cloud-native technologies, including mobile edge computing, artificial intelligence and machine learning, and open network interfaces, making it a platform for innovation and endless application possibilities. 

 

5G will empower a world of IoT devices, autonomous vehicles, and mobile users interacting via complex meshes of protocols and interfaces, connecting homes, hospitals, schools, banks, power grids, and numerous aspects of our lives. Demystifying how data navigates such complex networks is only the first step toward mastering how sensitive information is secured and digital identities are protected. The Department of Homeland Security (DHS) has determined that 5G implementation will introduce vulnerabilities in the areas of supply chain, deployment, network security, and competition and choice. 5G will be a core communication technology for most countries, making it a tempting target for nation-state actors and hackers.  So how can this network of the future be built while trusting applications run by third parties? How can organizations make sure that their software and hardware supply chains meet the standards of national security? How can organizations leverage leading practices and the most advanced cybersecurity solutions available today? The answers to these questions can be found in a comprehensive 5G zero trust framework.  

 

We will present Deloitte’s 5G zero trust framework that is built on two pillars: don’t trust, always verify. As organizations build their private 5G networks and connect to hybrid and public networks such as 4G or public cloud, the layers of connectivity and complexity simultaneously rise, and the need for end-to-end visibility of data paths and device authenticity becomes paramount to threat intelligence and early detection. Threat actors and bounty hunters are always searching to infiltrate critical infrastructure, looking for vulnerabilities in the technology fabric to initiate their cyberattacks. By empowering security by design, organizations can embed security into the low-level design of their networks to elevate defense lines and protect their users, devices, cloud infrastructure, physical infrastructure, applications, data storage, and supply chain.  

 

Securing a 5G ecosystem begins with introducing zero trust to the DNA of the network blueprint by embracing the latest advances in wireless connectivity, reaping the security benefits of 5G’s protocol, and building a network that users can trust with their lives; because at some point, somewhere, their lives may depend on it.

This talk will also present a Case Study of 5G adoption by Smart Factory @ Wichita, one of the early adopters of 5G technology is industry 4.0 where smart manufacturing spurs innovation and growth.


- EDT
Leveraging Time to Find Peace of Mind
Jessica Valentine Patterson
Jessica Valentine Patterson
Optiv Security, Client Advisor

The intention of this session is to help you Leverage Time to Find Peace of Mind.

When we can shift from a 24/7, scarcity mindset into a 52-week, growth mindset, we are able to operate from our inner wisdom.

As women leaders, it is critical that we elevate our self-care and well-being through our work. Within our industry, the sense of urgency has never been greater to show up and perform with purpose.

In this session you will leave with innovative systems and new insights to create a weekly ritual and quarterly strategy to help you slow down and do work  that is most important  to you now.

Whether it is related to organizational performance, creating positive business outcomes for clients or internal stakeholders, or being a more present, purposeful leader, you will walk away with a deep sense of purpose and a plan to implement.

I often find that it is not the plan, but the pause that allows us to cultivate our light.

Learn to lean in, level up, and leverage time to find peace of mind.

This session is inclusive to those who may feel burned out, overworked, or overwhelmed, and desire developing a new pace to plan, strategize, and be successful.

- EDT
Managing Risk in the Software Supply Chain
Saoirse Hinksmon
Saoirse Hinksmon
Veracode, Product Marketing Manager

Software is both critical and pervasive, but also very vulnerable – whether you build it or buy it. As software security changes rapidly, an application or open-source library that is secure today may not be tomorrow. How can organizations ensure that security is a top priority on an ongoing basis and manage risk in the software supply chain by using tools to test and evaluate vendor partners?  

 

In this session, Saoirse Hinksmon, Product Marketing Manager at Veracode, the largest global provider of software security solutions, will discuss:

  • Open source risk and the benefits of a software bill of materials (SBOM)
  • Security requirements to protect the software supply chain as outlined in the recent Biden administration executive order on cybersecurity, including the new NIST standards for critical software security
  • The need for vendor transparency regarding security posture
  • The value of third-party assessments
  • Tools available to assess third-party vendor security and reduce organizational risk
  • What is needed to ensure that applications are built securely from the start
- EDT
Reducing Software Security Risk: How MassMutual Empowers the Business with Tools, Techniques and Teaching
Ogor Oghedo
Ogor Oghedo
MassMutual, Business Information Security Officer
Valerie Desroches
Valerie Desroches
MassMutual, Web Developer

Software Security is critical to ensuring that an organization is able to build software in a secure way.  This can be a highly complex area with implementation challenges, especially in a large organization. Join us and learn more about MassMutual’s Software Security Program and our business-centric approach that provides a holistic toolkit of tools, techniques, and training that empowers developers to make security decisions for their software.


*Open to all attendees*

- EDT
Proteins and Supplements for your Lifestyle
Lauren Figueroa
Lauren Figueroa
West Monroe, Health and Wellness Coach and Senior Human Resources Manager

I will be educating participants on selecting various proteins and supplements to fit their lifestyle needs, whether they are active, have dietary restrictions, or are simply looking at making simple nutritional tweaks. We will focus on the different types of proteins, what ingredients to look for and those you should avoid, and how you can add specific vitamins and supplements to improve various areas of your health.


- EDT (Part 5 of 5)
Sisterhood Networking Circles

Go to the EWF Sisterhood Networking icon to join our private video rooms to chat with other EWF Conference Attendees! Form life-long friendships, communicate with other like-minded women and find support amongst the EWF sisterhood. 

- EDT
Down the Rabbit Hole into the Dark Web
Michele (Micki) Boland
Michele (Micki) Boland
Check Point Software Technologies, Cloud Security Architect and Evangelist Office of the CTO

A Tour into the Dark Web. Frequently, Alice in Wonderland is used as the main analogy to the Dark Web, but just like in the book, no one tells us how this magical world was made and what the motive for its creation was. If one wants to become wise on a matter and have a solid opinion on a subject, one needs to learn its historical events and evolution. In our journey through this session, we take you through the evolution, goals and motivation of the Dark Web. I will share with attendees what and whom you can find on the platforms as well as the major conflicts individuals face while exploring this part of the web. The session also exposes attendees to the syndicates and structures running on the Dark Web platforms. Surprisingly we will see how those groups were among the first to embrace and implement Blockchain technology and created a major global demand for cryptocurrencies. Join us to listen, learn and be exposed to the deepest secrets of the Dark Web.

- EDT
More is not better when Designing Ethical ML/AI
Ruby Booth
Ruby Booth
Sandia National Laboratories, Principal Cyber Security Systems Analyst

Finding Truth in a vast sea of unvetted data may be one of the greatest challenges of the next decade. Current approaches such as unsupervised clustering or association rule learning generate “insights” from these data pools with relatively little human involvement. Such techniques have real dangers. When designing or using AI, considering what should be done is at least as essential as considering what can be done. When decision makers act on ML/AI derived insights from unvetted data collections, they may act on the information received without a clear sense of the limits of the recommendations. In fact, determining these limits can be difficult when the characteristics of the collections are incompletely known. Adding to the potential problems, large data sets often embody poor decisions of the past. Basing future decisions on past data can amplify historical biases, inefficiencies, and injustice. Unvetted collections or, worse, incorrectly vetted collections lead to costly inaccuracies, including those with legal and/or ethical implications. All scientific progress carries risk. Placing work on AI within a larger ethical frame provides a means to anticipate adverse consequences and build remedies before irrevocable harm occurs. In this talk, Dr. Ruby Booth will provide examples of seemingly innocuous data elements that can lead to biased, even discriminatory algorithms. She’ll discuss strategies for moving test cases earlier in the design process to mitigate this risk. Finally, she will review ethical design practices, show unintended (but likely) consequences of AI decision support, and discuss techniques to help reframe the way participants approach AI/ML driven decision support. Because, it doesn’t matter how “true” your results are if they aren’t trusted. 

Disclaimer: Any subjective views or opinions expressed in this presentation do not necessarily represent the views of the U.S. Department of Energy or the United States Government. SNL is managed and operated by NTESS under DOE NNSA contract DE-NA0003525.

- EDT
The Art of Story Telling for Security Leaders
Sadhana Joliet
Sadhana Joliet
Accenture, Principal Director

Effective communication and effective leadership are closely intertwined. How you communicate affects how people perceive you, trust you, and engage with you.  

CISOs, who are typically masters at describing emerging threats and security technologies, have had to quickly learn how to effectively convey the value of a security program in business terms.  With security in the headlines and increasingly essential to the business, it’s now an imperative that we all step out of our technology comfort zones and into the shoes of key stakeholders when communicating. Whether it’s the board of directors, customers, or leaders of product lines, compliance, and IT, security professionals at all levels need to be able tell the story of how security can be a critical enabler – rather than a blocker – of stakeholder business objectives.  

In this interactive presentation, Sadhana Joliet will take attendees through the art of storytelling and demonstrate how to transform the technical security narrative into a clear and impactful business message. Drawing from her 25+ years in product, marketing, and engineering roles, she will share examples of how storytelling techniques are being used, present a practical use case for storytelling, and assist participants with identifying their own stories to leverage. 

Sadhana will also present a step-by-step approach for building a security narrative that resonates with its intended audience, including how to:

•    Identify and understand key stakeholders

•    Clearly define the value security provides

•    Create a compelling security story

•    Amplify and reinforce the story

- EDT
Closing Remarks
Joyce Brocaglia
Joyce Brocaglia
EWF, Alta Associates and BoardSuited, Founder and CEO

Wrap up the 2021 conference with closing remarks from Joyce Brocaglia, including recognition of our 5 and 10 year CB supporters and a recap video of this year's conference!

Featured

Yasmine Abdillahi
Comcast, Senior Director Security Risk & Compliance
Dimple Ahluwalia
IBM Security, VP & Managing Partner
Elana Anderson
Veracode, Chief Marketing Officer
Kim Arabella
TikTok, Integrated Risk Lead
Sneha Aravind
Comcast Corporation, Security Architect III
Ashley Baich
Accenture, Cybersecurity Consulting Analyst
Syamla Bandla
Facebook, Director of Production Engineering
Mary Barnor
Thomson Reuters, Senior Vendor Cyber Security Analyst
Katie Barton
Gallup, CIO
Jill Bibb
Fidelity Investments, Vice President Internal Investigations
Brenda Bjerke
Target, Senior Director, Cybersecurity
Nadine Blinn
Balanced Humans Office Yoga, Owner - Teacher
Michele (Micki) Boland
Check Point Software Technologies, Cloud Security Architect and Evangelist Office of the CTO
Ruby Booth
Sandia National Laboratories, Principal Cyber Security Systems Analyst
Lindsey Basara
MassMutual, Next Generation Authentication (NGA) Program Owner
Ioana Bazavan
Accenture Security, Managing Director
Dana Brady
EWF, Director of Corporate Partnerships
Judith Branham
Aon Cyber Solutions (formerly Stroz Friedberg), Managing Director
Joyce Brocaglia
EWF, Alta Associates and BoardSuited, Founder and CEO
Arthureen Brown
Altria, Business Information Security Officer
Kelly Castriotta
Markel Corporation, Managing Director, Global Cyber Underwriting Executive
Roland Cloutier
TikTok, Global Chief Security Officer
Magie Cook
Magie Cook, LLC, CEO
Mignona Cote
AWS, Head of Security for Global and Strategic Accounts
Anne Coulombe
MassMutual, Head of Data Cyber Security
Stephanie Dannan
Markel Corporation, Application Security Analyst
Galina Datskovsky Ph.D., CRM, FAI
OpenAxes, Member of the Board
Trish Denno
Fidelity Investments, Vice President for Cyberthreat Intelligence, Enterprise Cybersecurity
Valerie Desroches
MassMutual, Web Developer
Linda Dolceamore
Executive Women's Forum, Director Leadership Development & Leadership Coach
Stephanie Domas
Intel, Director Strategic Security & Communications
Nicole Dove
WarnerMedia, Business Information Security Officer
Roshunda Drummond-Dye
Corporate Compliance Wellstar Health System, Chief Privacy Officer & Executive Director
Jeff Dubois
Microsoft, Sr. Communications Manager
Katherine Fick
IBM Security, Senior Counsel
Lauren Figueroa
West Monroe, Health and Wellness Coach and Senior Human Resources Manager
Wendy Frank
Deloitte & Touche LLP, Principal
Gail Gottehrer
Law Office of Gail Gottehrer LLC, Founder
Theresia Gouw
Acrew Capital, Founding Managing Partner
Jackie Grochowalski
MassMutual, Head of Identity and Access Management and Security Engineering
Saoirse Hinksmon
Veracode, Product Marketing Manager
Laurene Hummer
IBM Security, Program Director, Product Management
LaLisha Hurt
Capital One, Head of Cyber Risk, Remediation and Governance
Suhana Hyder
TikTok, Vulnerability Management Leader
Vasu Jakkal
Microsoft, CVP, Security Compliance & Identity
Ann Johnson
Microsoft, Corporate Vice President
Lydia Payne-Johnson
The George Washington University, Director of IT Security, Identity Management and Cybersecurity Risk
Sadhana Joliet
Accenture, Principal Director
Lisa Kaplin
Lisa Kaplin, LLC, Speaker, Psychologist, Coach
Jason Keenaghan
IBM Security, Zero Trust Strategy Leader
Melissa Kepler
Capital Humans, Coach and Owner
Andy Kirkland
Starbucks, Global CISO
Beth A. Kost
SVP & Chief Compliance Officer
Lisa Lee
Microsoft, Chief Security Advisor/SCI Global Lead Vertical Industries
Kathleen Lewis
Aon, Assistant Vice President - Cyber Solutions, Commercial Risk Solutions
Dr. Bilyana Lilly
Deloitte & Touche LLP, Manager
Sandra (Sandy) Lind
Oracle, Principle Program Manager
Chujiao Ma
Comcast Cable, Senior Security R&D Engineer
Sherin Mathews
McAfee, Senior Data Scientist
Prof. Andrea M. Matwyshyn
Assoc. Dean of Innovation/Prof. of Law | Prof., Engineering | Founder, Policy Innovation Lab of Tomorrow (PILOT) & Manglona Lab for Gender and Economic Equity at Penn State
Cristina Messerschmidt
Baker McKenzie, Associate
Maureen McKenna
Facebook, Director, Production Engineering
Ranae Moore
Target, Principal Cyber Security Analyst
Vidya Murthy
MedCrypt, Chief Operating Officer
Jessica Nall
Baker & McKenzie LLP, Principal
Ogor Oghedo
MassMutual, Business Information Security Officer
Jessica Valentine Patterson
Optiv Security, Client Advisor
Theresa M Payton
Fortalice Solutions, CEO
Nicole Perlroth
The New York Times, New York Times Bestselling Author "This Is How They Tell Me The World Ends," Digital Espionage Reporter
Michele Pittman
Fidelity Investments, SVP, Enterprise Cybersecurity
Sharon Polsky
AMINAcorp.ca and Privacy & Access Council of Canada, President
Hemma Prafullchandra
Microsoft, CTO M365 Security, Compliance and Management
Salwa Rafee
Accenture, Global Managing Director
Meerah Rajavel
Citrix, CIO
Ruth Ratliff
Ruth Ratliff, Voice and Vibrational Sound Professional
Meagan Ringel
JPMorgan Chase, Managing Director
Sheetal Rishi
Kyndryl, Senior Client Partner
Shelbi Rombout
U.S. Bank, Deputy Chief Information Security Officer
Eleni Rundle
Fidelity Investments, SVP of Software Engineering
Kim Salo
Target, Director Cybersecurity
Masha Sedova
Elevate Security, Co-Founder
Rinki Sethi
Twitter, VP & CISO
Sid Sidhu
Facebook, Production Engineering Manager
Britta Simms
Accenture, Managing Director - Security Service
Tina Slankas
Accenture, Security Delivery Lead
Dr. Saundra Dalton-Smith
DSE Corporate Solution, Physician-Researcher, Bestselling Author, and founder
Sonia Sotomayor
Deloitte, Cyber & Strategic Risk Senior Consultant
Katie Stefanich
TikTok, Business Resilience and Crisis Management Lead
Gloria Steinem
Feminist Icon
JoAnn C. Stonier
Mastercard, Chief Data Officer
Linda Thielova
OneTrust, DPO, Head of CPO CoE
Rosalia Gomez Thomas
IBM Corporation, Director, People and Culture
Chelsie Thompson
Microsoft, Security Technical Specialist
Judy Titera
USAA, Chief Privacy Officer
Patti Titus
Markel Corporation, Chief Privacy and Information Security Officer
Kandyce Tripp
IBM Security Services, Partner, Global IBM Security Services Alliances
Martha VanDriel
Merck & Co., Inc., Director, IT Risk Management Policy
Sakuntaladevi Vidhyasankar
JPMorgan Chase, Vice President
Jyoti Wadhwa
T-REX Solutions, Director, Cybersecurity Solutions Architect
Hon. Lisa Walsh
Miami, Florida, 11th Judicial Circuit Court
Alyssa R. Watzman
Lewis Brisbois, Partner
Susan Whittemore
MassMutual, Head of Cyber Risk
Angela Williams
Hillrom, VP, Chief Information Security Officer
Caroline Wong
Cobalt.io, Chief Strategy Officer
Luna Wu
TikTok, Shared Business Operations & Portfolio Management Office Lead
Debbie Zaller
Schellman & Company, LLC, Managing Principal
Kerstin Zell
EWF, Vice President, Strategy and Operations