Day 1: Wednesday, September 27th
11:00 am - 11:45 am Registration
11:45 am - 12:00 pm Orientation
12:00 pm - 12:15 pm Ice Breaker
12:15 pm - 12:25 pm Chairperson Official Welcome to IQPC's CISO Exchange
12:25 pm - 1:10 pm Robotic Process Automation in Critical Infrastructure: Next Generation Ope-RA-tions – What IT Security gear-up to?Vishnu Murali - Director IT NRG Energy
Year 2016, was called the year of the Robots. More than 60% of the organizations are still in the planning stage of Robotic Process Automation (RPA) adoption. 2017 will see a significant proliferation and more formal adoption of RPA in the automation of the mainstream business processes. In January 2017 this year, McKinsey Global Institute’s report stated that “almost half the activities people are paid almost $16 trillion in wages. The global economy has the potential to be automated by adapting currently demonstrated technology, according to an analysis of more than 2,000 work activities across 800 occupations. While less than 5 percent of all occupations can be automated entirely using demonstrated technologies, about 60 percent of all occupations have at least 30 percent of constituent activities that could be automated. More occupations will change than will be automated away”.
Globally organizations are increasingly gravitating towards “digital labor arbitrage” from “outsourcing labor arbitrage”, much of which is being driven by advances in software robotics, artificial intelligence, and machine learning, ushering the new age of automation, as machines match or outperform human performance in a range of work activities, including ones requiring cognitive capabilities. Energy service companies are no exceptions to these advancements. With ever increasing pressure to cut costs, to increase productivity and focus on customer centricity, Robotic Process Automation (RPA) can prove to be an important ally in achieving the business goals. However, this also brings a new dimension to the way we have looked at the enterprise IT security. Imagine creating a virtual identity for a virtual robot!
Key takeaways form this session are:
1.Get an overview of what RPA is and how it is evolving
2.Understand the technology landscape and its impact on the traditional IT
3.Explore typical use cases for retail energy service providers
4.Best practices in RPA adoption
5.Role of IT in RPA adoption
6.IT security implications
Vishnu MuraliDirector IT
1:10 pm - 1:55 pm Critical Infrastructure is Becoming More Critical Because of the Internet of Things Work LoadJames Livermore - Global Cybersecurity Architect/CSO CDM Smith
As technology continues to move away from the traditional perimeter, security teams need to access and protect all the touch point. This includes managing and controlling how the Internet of Things (IoT) works. The industry is in a period of rapid development. The Industrial IoT deploys a number of sensors, which expands what needs to be monitored and protected.
In this session:
•Optimizing critical infrastructure for the next-generation work load
•Creating purpose-built and high-performing network that is also well-connected
•Expanding on machine learning and big data
•Securing embedded systems
James LivermoreGlobal Cybersecurity Architect/CSO
2:00 pm - 2:30 pm Business Meeting
2:30 pm - 3:00 pm Business Meeting
3:00 pm - 3:30 pm Business Meeting
3:00 pm - 3:30 pm Networking Break
Master Class3:30 pm - 4:15 pm Developing an Efficient and Effective Application Security Program Rob Caldwell - ICS Manager Mandiant
While many companies have security programs covering infrastructure, an oft-overlooked but critical area is application security. The least-expensive point in time to prevent of security issues is during requirements definition and early in the development lifecycle. While the latest trends in application development focus on agility and speed, security cannot be overlooked without paying a price later. This session will examine ways to implement an application security program, what the minimum requirements for a successful program entail, and methods to work security into the latest software development practices.
Rob CaldwellICS Manager
BrainWeave3:30 pm - 4:15 pm The Defense-in-depth Continuum and its Impact on Critical Infrastructure James Ball - Division Manager MANDEX, Inc.
By identifying, quantifying and categorizing your risks, you are better able to mitigate those risks, while increasing your security posture and improving your ROI to stakeholders.
The implementation of a robust defense-in-depth methodology can reduce the risk of data/network compromise within a critical infrastructure (CI). Through the systematic identification, quantification , and categorization, you can determine effective mitigation strategies. This approach allows you to effectively allocate limited resources to critical, high-impact areas.
In this session:
2.Process: repeatable, institutionalized process, not an ad hoc solution or one-time fix.
a.Process aligns with federal framework
3.Pre-incident cost vs. Post-incident cost
James BallDivision Manager
3:15 pm - 3:45 pm Business Meeting
4:45 pm - 5:15 pm Business Meeting
5:15 pm - 6:20 pm RoundtableAlan Ross - Chief Technology Officer Cybraics
•Utilizing Artificial Intelligence in Incident Response- Sponsored by Cybraics
•Assessing, Building, Responding and Remediating Roadmaps for Operational Security- Sponsored by Revolutionary Security
Alan RossChief Technology Officer