Data Breaches:  Defending Against and Responding To


Strategies to help your organization prepare for, defend against and respond to breaches.


December 4, 2019




7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois




It is not a matter of if, but when your organization will be breached. Against these threats, enterprises try to build higher and more secure walls around their data and networks. This seems to be a never-ending arms race, as even the most sophisticates systems may, before long, present weaknesses that malicious technology can overcome.

What You Will Learn


In this one day conference attendees will learn:

  • Aftermath of a Data Breach: Lessons Learned
  • 2019 Data Breach Trends and Mitigation Controls
  • Is it an Incident or a Breach? How to Tell and Why it Matters
  • Security Incident Response Processes
  • Incident Response Challenges in a Global Arena
  • Tool Sprawl – What It Is, and Why It Is Time For a New Approach to Cybersecurity
  • Third Party Assessment Prioritization: “Vendor Tiering and Due Diligence Levels”
  • THE ZERO TRUST FRAMEWORK: What the heck is it, and why is it important to me?
  • What Public Data Breaches Can Teach Us About Protecting Mainframe Applications
  • Breaches & Ransomware: How to Handle, How to Respond (Panel Discussion)

Conference Price: $289.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

8:00am – 8:30am: Registration and Continental Breakfast

8:30am-9:15am: Aftermath of a Data Breach: Lessons Learned


Dr. Michael Chahino, Chief Information Officer, Elgin Community College, President of the Information Technology Commission at ICCCA (Illinois Council of Community College Administrators)


As data breaches continue to hammer organizations with devastating outcomes, monetary as well as reputation costs continue to rise year after year. And while Cybersecurity professionals are tasked with securing and enhancing the information security posture of their organizations, they could find themselves consumed with gathering forensic evidence, executing data recovery plans, gathering facts, containing the damages and dealing with the aftermath in case of a data breach. Having a tested and verified data breach recovery plan is becoming more crucial than ever.


This session explores lessons learned from the aftermath of experiencing the discovery of and recovery from a data breach and provides some recommendations to help organizations deal with disruptive cyber-attacks.



9:15am-10:00am: 2019 Data Breach Trends and Mitigation Controls


Michael Manske, Security Practice Lead, Managed Services, West Monroe Partners
Joseph Rogalski, Director National & Strategic Partners, eSentire Inc.


  • Highlights from eSentire’s 2019 Security Operations Center (SOC) threat events and trends report
  • From the trenches: breach examples around ransomware, email compromise, and phishing
    • How to prepare for attack vectors, challenges, incident response, and mitigating controls
    • How and why advanced technologies enable quicker detection of and response to incidents
  • What’s coming: 2020 trends to be prepare for
    • The security landscape is always changing – why security control selection, implementation, and ongoing management are increasingly challenging all industries
    • Effective security monitoring and response depends on automation and analytics
    • Major changes in compliance and risk impact security program (CCPA, GDPR, etc.)


Manske      Rogalski

10:00am -10:30am: Refreshment Break

10:30am-11:15am: Is it an Incident or a Breach? How to Tell and Why it Matters


Trevor Bidle, Information Security and Compliance Officer, US Signal


How you determine whether it is an incident or a breach that may or may not involve the exposure of sensitive customer data will determine, among other things:

  • Which organizations should get involved
  • What actions should be taken
  • How it will be resolved
  • If notification required
  • Who? When? How?


How you respond will determine can minimize the monetary, regulatory, and reputational damages and risks to you, your enterprise, and your customers.



11:15am-12:00pm: Security Incident Response Processes


Derek Milroy, Enterprise Security Architect, U.S. Cellular


In this session, Derek will discuss:

  • Incident Response Overview
  • Breakdown of the SANS six step process
  • Concerns for DFIR in the Cloud



12:00pm – 12:45pm Luncheon

12:15pm – 12:35pm:  Incident Response Challenges in a Global Arena


Phil Campeau, Global Systems Engineering Manager, WireX Systems


This session discusses incident response in 2020 and how to stay ahead of the alert game. This presentation is geared for any security practitioner but heavily focused on those that have lead, managed or had experience as/are Tier Three security operations analysts. Either outsourced managed services or in house leverage of a SIEM, it is critical to be efficient in handling incidents. These range from a standard consultant or employee leaving and a Human Resources request or a call from a government agency letting you know you were identified by a breach. The impact is especially focused on how you respond and something that takes practice as you prepare for the inevitable.



12:45pm – 1:30pm:  Tool Sprawl – What It Is, and Why It Is Time For a New Approach to Cybersecurity


Ray Hicks, Founder & CEO, 5th Column


Despite the prolific expanse of new products and technologies, breach occurrence is on the rise. Record money each year is being poured into cybersecurity R&D, tools, and risk management. More money, more tools, more breaches, WHY? Tools and shoring up the defenses are not the answer so perhaps it’s time for a new approach to cybersecurity. Let’s explore a key problem facing security teams today, how to solve this problem, and a framework for improving the existing toolset(s) organizations have in place today.



1:30pm-2:15pm: Third Party Assessment Prioritization: “Vendor Tiering and Due Diligence Levels”


Chris Goettl, Director of Product Management, Ivanti


How do you balance limited resources with assuring 3rd party provider security?

  • Vendor Information Gathering
  • Inherent Risk Profiling
  • Categorizing Vendor Tiers
  • Setting acceptable levels of due diligence
  • Remediation and Acceptance Process
  • Vendor Oversight



2:15pm – 2:45pm: Refreshment Break

2:45pm – 3:30pm: THE ZERO TRUST FRAMEWORK: What the heck is it, and why is it important to me?


Matt Johnson, Systems Engineer, Illumio


In this session, you will learn about the Zero Trust framework, how it pertains to your infosec environment, provides some methodology, and gives you a teaser of the Forrester Zero Trust Wave from October 2019.



3:30pm-4:15pm: What Public Data Breaches Can Teach Us About Protecting Mainframe Applications


Barbara Ballard, Sr. Product Manager, Micro Focus


When it comes to delivering access to mainframe applications, organizations are faced with new and ever-evolving challenges. These challenges include access control (authentication and authorization), data privacy, endpoint management, and regulatory compliance audits.


And, even though organizations address these challenges at the enterprise level, the mainframe is often forgotten. This happens because (1) mainframe systems are viewed as secure because they are running in a private network, isolated from the public environment, and (2) security organizations do not often know how to extend enterprise security controls to the mainframe.


This session will provide valuable insights and lessons learned from past data breaches as well ways organizations can deliver reliable access to mainframe applications while meeting security, privacy, and regulatory demands.



4:15pm-5:00pm: Breaches & Ransomware: How to Handle, How to Respond (Panel Discussion)


Grant Garnett, RSM, Tanium
James Mountain, CISO, Palmer College of Chiropractic
Dave Gochenaur, Sr. Director, CyberSecurity, Ensono
Keith Conlee, CSO, IT, College of DuPage
Umesh K. Tiwari, Enterprise Security Architect and Sr. PCI Security Compliance Consultant, US Bank
Arlene Yetnikoff, Director of Information Security, DePaul University
and other enterprise IT CISOs sharing experiences and lessons learned




Mountain    Gochenaur   Conlee       Tiwari        Yetnikoff



As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.