Day 1: Wednesday, September 27th

11:00 AM - 11:45 AM Registration

11:45 AM - 12:00 PM Orientation

12:00 PM - 12:15 PM Ice Breaker

12:15 PM - 12:25 PM Chairperson Official Welcome to IQPC's CISO Exchange

Opening Keynote Address

12:25 PM - 1:10 PM Robotic Process Automation in Critical Infrastructure: Next Generation Ope-RA-tions – What IT Security gear-up to?

Vishnu Murali, Director IT , NRG Energy
Year 2016, was called the year of the Robots. More than 60% of the organizations are still in the planning stage of Robotic Process Automation (RPA) adoption. 2017 will see a significant proliferation and more formal adoption of RPA in the automation of the mainstream business processes. In January 2017 this year, McKinsey Global Institute’s report stated that “almost half the activities people are paid almost $16 trillion in wages. The global economy has the potential to be automated by adapting currently demonstrated technology, according to an analysis of more than 2,000 work activities across 800 occupations. While less than 5 percent of all occupations can be automated entirely using demonstrated technologies, about 60 percent of all occupations have at least 30 percent of constituent activities that could be automated. More occupations will change than will be automated away”.

Globally organizations are increasingly gravitating towards “digital labor arbitrage” from “outsourcing labor arbitrage”, much of which is being driven by advances in software robotics, artificial intelligence, and machine learning, ushering the new age of automation, as machines match or outperform human performance in a range of work activities, including ones requiring cognitive capabilities. Energy service companies are no exceptions to these advancements. With ever increasing pressure to cut costs, to increase productivity and focus on customer centricity, Robotic Process Automation (RPA) can prove to be an important ally in achieving the business goals. However, this also brings a new dimension to the way we have looked at the enterprise IT security. Imagine creating a virtual identity for a virtual robot!

Key takeaways form this session are:

1.Get an overview of what RPA is and how it is evolving
2.Understand the technology landscape and its impact on the traditional IT
3.Explore typical use cases for retail energy service providers
4.Best practices in RPA adoption
5.Role of IT in RPA adoption
6.IT security implications

Vishnu Murali

Director IT
NRG Energy

1:10 PM - 1:55 PM Critical Infrastructure is Becoming More Critical Because of the Internet of Things Work Load

James Livermore , Global Cybersecurity Architect/CSO, CDM Smith
As technology continues to move away from the traditional perimeter, security teams need to access and protect all the touch point. This includes managing and controlling how the Internet of Things (IoT) works. The industry is in a period of rapid development. The Industrial IoT deploys a number of sensors, which expands what needs to be monitored and protected.

In this session:

•Optimizing critical infrastructure for the next-generation work load
•Creating purpose-built and high-performing network that is also well-connected
•Expanding on machine learning and big data
•Securing embedded systems


James Livermore

Global Cybersecurity Architect/CSO
CDM Smith

2:00 PM - 2:30 PM Business Meeting

2:30 PM - 3:00 PM Business Meeting

3:00 PM - 3:30 PM Business Meeting

3:00 PM - 3:30 PM Networking Break

Master Class

3:30 PM - 4:15 PM Developing an Efficient and Effective Application Security Program

Rob Caldwell, ICS Manager, Mandiant
While many companies have security programs covering infrastructure, an oft-overlooked but critical area is application security. The least-expensive point in time to prevent of security issues is during requirements definition and early in the development lifecycle. While the latest trends in application development focus on agility and speed, security cannot be overlooked without paying a price later. This session will examine ways to implement an application security program, what the minimum requirements for a successful program entail, and methods to work security into the latest software development practices.

Rob Caldwell

ICS Manager


3:30 PM - 4:15 PM The Defense-in-depth Continuum and its Impact on Critical Infrastructure

James Ball, Division Manager, MANDEX, Inc.
By identifying, quantifying and categorizing your risks, you are better able to mitigate those risks, while increasing your security posture and improving your ROI to stakeholders.
The implementation of a robust defense-in-depth methodology can reduce the risk of data/network compromise within a critical infrastructure (CI). Through the systematic identification, quantification , and categorization, you can determine effective mitigation strategies. This approach allows you to effectively allocate limited resources to critical, high-impact areas.

In this session:

1. Urgency
a.Attacks ↑
b.Risks ↑
c.Regulations ↑
d.Mandates ↑

2.Process: repeatable, institutionalized process, not an ad hoc solution or one-time fix.
a.Process aligns with federal framework

3.Pre-incident cost vs. Post-incident cost

James Ball

Division Manager

3:15 PM - 3:45 PM Business Meeting

4:45 PM - 5:15 PM Business Meeting

•Utilizing Artificial Intelligence in Incident Response- Sponsored by Cybraics

•Assessing, Building, Responding and Remediating Roadmaps for Operational Security- Sponsored by Revolutionary Security

Alan Ross

Chief Technology Officer
Integrated Defense (IT/OT/Physical) for Multi-Vector Threats

Rich Mahler

Vice President
Revolutionary Security

6:20 PM - 6:20 PM Evening Reception with Appetizers