Enterprise Risk / Security Management


Strategies for reducing risk to the enterprise.


September 30, 2021


8:30am-5:00pm CST; 9:30am-6:00pm EST


7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: ONLINE 




In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.


With all of these challenges, how do you make this happen?


In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn


In this one day conference attendees will learn:

  • Keeping Up with the Latest Security and Risk Management Trends
  • Reducing the Risk of An Attack: Getting the Most from Assessments/Pen Tests/Red Team Exercises
  • Disaster Recovery as Part of Your Security Plans
  • Know Where Your Next Attack is Coming From
  • How CISOs are Building Successful Cyber Security Teams (CISO Panel Discussion)
  • Managing Security Risk at the Speed of Business (Panel discussion)


Conference Price: $0.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

8:30am-9:15am CDT: Posture Security Validation Requirements: Fighting Ransomware and Enterprise Drift Effectively


Dave Klein, Director, Cyber Evangelist, Cymulate


In looking to fight ransomware and other cyberattacks and to prevent enterprise drift, the newest generation of Posture Security Validation combines BAS (Breach Attack Simulation), CART (Continuous Automated Red Teaming), Purple Teaming and ASM (Attack Surface Management) into comprehensive solutions that have become essential to the enterprises who have adopted it.


This session will cover:

  • Challenges facing enterprises today.
  • Issue with legacy ways attempted in the past.
  • The necessary requirements for an effective Posture Security Validation solution.
  • How CISOs can:
    • Quickly evaluate and decide what parts of their cybersecurity portfolio to keep, eliminate, or add.
    • Know that their investment in cybersecurity is optimized.
    • Easily explain enterprise risk and how to reduce it.
    • Know they are secure and in the unlikely event of a breach, recover
  • How security practitioners can:
    • Be confident in knowing that these innovative solutions are comprehensively covering all stages of the kill chain.
    • Easily implement and manage with their existing staff effectively.
    • Be confident in their ability to find gaps, misconfigurations, and vulnerabilities to shore up and optimize their security posture.
      Easily and quickly test new attacks and threats and report back to management.
  • A few real-world use case examples.



9:15am-10:00am CDT: 7 Habits of Highly Effective Cybersecurity Operators


Luis Quinones, Director of Cybersecurity, Lumu Technologies


In the era of high impact ransomware attacks combined with the unpredictable nature of the cybersecurity analyst’s job makes the day-to-day challenging to say the least. Too many alerts, too many tools to keep up with, and too much pressure to get it all right. There are powerful lessons that can make the daily job of the operator more beneficial to the organization and can lead to personal change. This session presents a holistic, integrated approach for solving the pressing problems, adapting a growing attack surface and taking advantage of opportunities created by change.




10:00am-10:30am CDT: Networking Break

10:30am-11:30am CDT:  What We End Up Doing Anyway, How Cloud Changes Things a Bit



Derek Milroy, Senior Security Architect, U.S. Cellular


This talk will discuss a dozen security processes we all end up implementing regardless of the Control Frameworks we utilize or any compliance mandates we have to fulfill (PCI, SOX, etc.). This talk will also highlight how using cloud platform changes things.



11:30am-12:30pm CDT: Securing Your Home, How the Pandemic has Shifted the Need for Home Security



Fred Kwong, Ph.D., CISO & AVP Security, Identity and Operations, Delta Dental Plans Association


In this session, we’ll cover:

  • Learn best practices on how to keep your cyber footprint secure at home
  • Know what challenges enterprises face securing the remote workforce
  • Understand what organizations need to do to ensure their people and assets safe




12:30pm – 1:30pm CDT: Lunch Break

1:30pm-2:30pm CDT: Securing the Modern API Ecosystem  



Karl Mattson, CISO, Noname Security



Key takeaways:

  • The impact trends such as zero trust, cloud migration, containerization, and shift-left are having on API security
  • The role of traditional security controls in API security – what they deliver and where they fall short
  • The value of a full lifecycle approach in grappling with API security
  • How to deploy dedicated API security that fits today’s automated, agile, and cloud-first environments



2:30pm-3:00pm CDT: Networking Break

3:00pm-4:00pm CDT: Securing Your Cloud in the Age of Hybrid Workplaces (Panel Discussion)

Paul Liesenberg, Director Product Marketing, Aryaka

Panelists will include:
Jonathan Lampe, InfoSec Manager, Kohl’s Department Stores
Brian Palmer, Director IT Security & Infrastructure, Ventas

and other Security Executives sharing experiences and lessons learned


In this session, Security Executives will share how they are leveraging cloud security best practices.

Areas that will be covered:

*How they pivoted to and supported Hybrid Workspaces

*How to balance the security sensitivities of remote access with the need of business critical information

*Handling third party risk



Lampe            Palmer

4:00pm-5:00pm CDT: Managing Security Risk at the Speed of Business (Panel discussion)

Marc Kreppel, Regional Manager, Zerto
David Gochenaur, Sr. Director, CyberSecurity, Ensono
Paul Bivian, Director, IT Security, Kirkland & Ellis
and other CISOs/Security Executives sharing experiences and lessons learned


As a valued partner to the business, CISOs need to lead with business first execution.


In this session, attendees will learn from CISOs/Security Executives as to how they are:

  • Leading a business first mentality
  • Looking at every security risk decision through the lens of business impact
  • How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on               exposure to business compromise and impact
  • Understand what Cloud/DevOps/Digital mean for your risk management program


Gochenaur    Bivian


As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the breaks, you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.