CISO Atlanta Summit | March 21, 2023 | Atlanta, GA, USA
Trey Tunnell
Chief Information Security Officer (CISO)
Floor & Decor
Trey Tunnell is a Sr. Director and Chief Information Security Officer (CISO) at Floor & Decor. Floor & Decor is a 190-store, hyper-growth big box retailer of hard surface flooring with roughly $3.5 Billion in annual revenue. Trey is is relatively new to cyber security. He spent 20+ years in the development world and came to security 3 years ago where he found a renewed passion for technology. Trey has been on a 25-year tour or Atlanta retailers. After spending 15 years at The Home Depot in the application development space, he fulfilled similar roles for retailers Paradies (2 yrs) and NAPA Auto Parts (5 yrs) over the next seven. Trey found a new home in cyber at F&D in November of 2019 and has been completely geeked out by the technology and loves the security community. The comradery is amazing. Trey has a BS/BA degree in management information systems from Auburn University.
I’m a developer sitting in the CISO seat. When I started my career as a naïve developer on the PAINT system at Home Depot, all I wanted to do was GO FAST and KICK ASS. And some security folks angry at the world squashed my little spirit. (You know who you are)
Fast forward more years than I like to count (25), and my Security peers are talking about how to better serve. Better enable.
My talk is about the change I have seen in the Security space. Evolving to trusted partner and enabler of even development teams. From the Department of NO, to the Department of GO! I will also cover my transition into the world of security and some intriguing similarities and differences I see in the spaces.
I wrap by asking “What’s the answer – How does Security get a seat at the table”. We earn a seat at the table through ENABLING our business to GO FAST, KICK ASS, AND BE SECURE. In my opinion that starts with LEARNING your business, then SERVING your business which ultimately leads to SECURING your business because your team will have a hand in it. From the board to shareholders, associates to customers. Create a culture where security is part of everyone’s daily vocabulary.
Take Aways:
Trey Tunnell
Chief Information Security Officer (CISO)
Floor & Decor
Jeff Crume
Distinguished Engineer, CTO Americas Security Technical Sales, IBM Master Inventor
IBM
Jeff Crume is a Distinguished Engineer, Master Inventor and CTO for IBM Security Americas with 38 years’ experience in the IT industry. He has a PhD in Cybersecurity and serves as an Assistant Teaching Professor at NC State University. Jeff is the author of a book entitled “Inside Internet Security: What Hackers Don’t Want You To Know” as well as a contributing author to the “Information Security Management Handbook.” He is a member of the inaugural class of the NC State University Computer Science Alumni Hall of Fame where he has served on the school’s Strategic Advisory Board. He also serves on the editorial board for the “Information and Computer Security” research journal and is a member of the IBM Academy of Technology. He holds CISSP and ISSAP professional IT Security certifications as well as Distinguished Chief IT Architect credentials from The Open Group. Jeff lived in Beijing on assignment in 2006 and has worked with clients in more than 40 countries.
As we get into 2023, Security teams continue to be faced with critical questions: what is current state of the threat landscape? What are the latest malicious TTP’s and how can we prepare to defend against them?This year’s IBM Security X-Force Threat Intelligence Index (TII) Report presents an uncomfortable truth: cyberattacks are more prevalent, creative and faster than ever. 94% faster to be exact, as threat actors exponentially increase the time it takes to deploy ransomware from months to less than 4 days. The ransomware economy continues to add pressure with deployment of backdoors and ransomware attacks listed as the top 2 actions on objective from hackers, and attacks using extortion saw a sharp increase to more than a quarter of incidents observed.
Join IBM Security to hear the latest insights from the newly released 2023 TII Report, surfacing findings from thousands of real-life incident response engagements, top attack types and pathways to compromise, and recommendations to implement to strengthen your security posture. Discuss concrete actions that CISOs can take with their teams to proactively address the threats shown and shift from reactive to proactive threat management.
Jeff Crume
Distinguished Engineer, CTO Americas Security Technical Sales, IBM Master Inventor
IBM
Michael Cunningham
VP & CISO
Graphic Packaging International LLC
Michael Cunningham is a global leader with 20 years of dedicated Cyber Security experience, with a cumulation total of $220M in cyber security investments, inclusive to four Fortune 50 organizations. Michael is currently serving as the Chief Information Security Officer of Graphic Packaging International, a leading firm providing paperboard and paper-based packaging to some of the works most recognized brands products to consumer goods. Michael has a Bachelor of Science Degree from Capella University and Penn State University, with an emphasis on Law, Information Assurance and Cyber Security; and he possess his CISM, CRISC and CIPP US/EU. As a global change agent, he has been directly responsible for the design and architecture of a wide range of cyber security solutions and data breach response. Michael has particular knack in helping teams reading between the lines of technology value, inherent risks and potential in associated fraud.
Words and Actions Matter - Inclusion & Diversity, Transformation, Leading as a Change Sponsor
Sometimes, respectful discourse leads to underlying or unconscious bias. Cyber Security is often at the tip of the spear of change. Mainly because, it’s often identifying gaps or major risks. Emotional EQ and Situational awareness push these conditions to the forefront.
A successful CISO understands technology and secures their organization; but that is only one piece of their overall responsibilities. As strategic change agents, CISOs are tasked with expanding their influence in their organization to create an environment that supports diversity and inclusion. Join this session to:
Michael Cunningham
VP & CISO
Graphic Packaging International LLC
Evan Anderson
Principle Technologist
Randori
Evan Anderson is the Principle Technologist at Randori. He has over 15 years of experience in red teaming, vulnerability research and exploit development and is a long time member of the NCCDC Red Team. Prior to co-founding Randori, he worked at Kyrus Technologies supporting commercial and federal projects.
Embedding the attacker’s perspective: an inside look into how hackers prioritize targets at scale.
Join, Evan Anderson, Co-Founder & Principal Technologist at Randori, an IBM Company, for an exciting session that dives into the fast-paced world of offensive security.
It’s clear from talking with hundreds of organizations that attackers and defenders often come to dramatically different conclusions around risk - even when looking at the same information. In this session, switch teams for a day as we pull back the curtain behind the system that keeps one of the world’s most advanced attack platforms on target 24/7/365.
Through examples, Evan will show how Randori (and attackers) are leveraging AI and decades of experience to discover, classify and prioritize millions of targets daily across some of the world’s largest organizations. He’ll break down the 6 “tempting” factors every vulnerability team should be used to prioritize risk.
Evan Anderson
Principle Technologist
Randori
Nick Curcuru
Head of Solutions Marketing
Venafi
Nick is a dedicated, passionate executive on a mission to protect the organization’s revenue streams and brand reputation. He works with Venafi customers to prevent misuse and compromise and stop costly outages while modernizing their platforms, balancing fast development with high levels of security. He creates “fastsecure” cultures. He is known for breaking down complex ideas into simple terms. His unique data translator and storyteller skills enable him to bridge the gap between tactics and strategy. This made him recognized as one of the Top-three Data Futurists to Watch by Enterprise Management 360.
Simple and effective communication with other executives and the board is vital in communicating your story.
Attend this session to learn how to connect the dots between your metrics, industry standards, and dollars to tell your story in 15 minutes or less with value cards. Nick Curcuru will show real-world examples of how CISOs have connected the dots for their crypto and PKI teams using value cards. These cards told the story of the team's current efforts, laid out their future projects, built funding cases, and even minimized a reduction in force in their areas.
When you leave the session, you can return to your desk, shape your value card, and outline the story you must tell your fellow executives and the board.
Nick Curcuru
Head of Solutions Marketing
Venafi
Erwin Carrow
VP, Infosec, Innovation, Research & Dev.
US Bank
Worked in the Information Management industry (Recall / Iron Mountain), Communications industry (Vonage), Financial industry (U.S. Bank) with roles and disciplines ranging from CISO, BISO, Security Architect, and Innovation, Research & Development. Former Vice President of Information Technology Services and Chief Information Officer in the University System of Georgia (USG). Contractual instructional corporate trainer for Google. USG Board of Regents Office of Internal Auditing and Compliance as the IT Audit Director to support auditing and consulting efforts throughout the entire USG. Instructor for Technical Colleges and Schools of Georgia (TCSG) teaching computer information systems and information security. Retired US Army (Active duty) as an Infantry Officer, and Chaplain in the Air Force (Reserve) stationed at Robins AFB in Warner Robins Georgia (29.5 years). Authored articles and Conference Speaking include: “Puppetnets and Botnets: Information Technology Vulnerability Exploits that Threaten Basic Internet Use” and “InfoSec Technology Management of User Space and Services Through Security Threat Gateways. Speaker for: ACUA National Conference [San Antonio, Texas] September 2012; EDUCAUSE SEC09 Conference – April 20-23, 2009; presented and chaired panel discussion for “IT Auditing in Higher Education” ACUA Regional Conference Speaker [USG Board of Regents – Atlanta Ga.] August 2010; SecureWorld Expo Conference Speaker “A Framework for Effective Information Security in the Business World” 2011; a guest speaker for Georgia Bureau of Investigations; and is a frequent guest speaker for various University System of Georgia institutions security conferences and forums. Industry standard certifications include: Microsoft Certified Professional (MCP+I) and Microsoft Certified Systems Engineer (MCSE), Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP), Cisco Certified Security Professional (CCSP), Cisco Certified Academic Instructor (CCAI) -for the CCNP, CCSP and CCNA, Federal Government designation for Information Security Professional (INFOSEC), Linux Certified Professional (LCP), Certified SAIR /GNU LINUX Instructor (LCI), Oracle Certified Master (OCM), Certified Information Systems Security Professional (CISSP) and a Lean Six Sigma Green Belt.
Introduce a framework and concepts that identify, create, and promote disruptive innovative ideas to enhance cybersecurity, reduce risk, enable business opportunities, influence industry standards and practices, and improve effectiveness and efficiency of the overall security program.
Takeaways:
Erwin Carrow
VP, Infosec, Innovation, Research & Dev.
US Bank
James Baird
CISO
Focus Brands, LLC
James Baird is Vice President and Chief Information Security Officer for Focus Brands, LLC, a leading developer of global, multi-channel foodservice brands including McAlister’s Deli, Moe’s Southwest Grill, Cinnabon, Carvel, and others. There, Baird leads the Information Security team responsible for Governance, Risk, and Compliance over Cyber Security, Security Engineering, and Security Analytics, and he is also responsible for Data Privacy & Data Protection which provides governance over programs and techniques that ensure security and privacy of personal information to its domestic and international customers. Mr. Baird has twenty-nine years in Information Technology with 22 of those in an information security role, and 15 of those years leading the information security program across FinTech, business process outsourcing, non-profit charity, loss mitigation/foreclosure, commercial real estate, and retail industries in the commercial facilities, financial services, food and agriculture, healthcare and public health, and information technology critical infrastructure sectors. He is on the Board of Directors for Georgia Radio Reading Service (GaRRS), and previously has held director-level roles with ISSA, ISACA, and InfraGard. He holds CISSP, CRISC, CISM, and CIPM certifications and a master’s degree in Information Assurance from Capital Technology University.
Risk management is an old and established part of security program capabilities. The identification of risks, measuring, ranking, prioritizing, attribution, remediation, and reporting of risks, is an evolving practice, however tied to existing standards and regulations. This isn’t a problem of what the next regulatory requirements will be, but of how we can do better with what we have.
James Baird
CISO
Focus Brands, LLC
Tamika Bass
Cybersecurity Technology Director
Gannett Fleming
Tamika Bass is an Information Security professional with more than 16 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA, CRISC, HCISPP, CBCP.
Ashwin Rajendra
Manager, Cybersecurity Incident Response
Kimberly-Clark Corporation
Skilled cybersecurity manager with over 11+ years of experience in incident response, threat intelligence and digital forensics. Developed and implemented an operational data store from ground up including data models, correlation rules, input lookup tables building rules in operational data store to detect more than hundred security correlations. Designed, developed, and implemented Splunk Enterprise Security to posture Kimberly-Clark security notables and alerts. Deployed Next Generation Firewalls, end point detection and response to large enterprise networks. Firewall setup and administration, VPNs, NAT’s, IPS, IDS and content filtering to network architectures. Applied knowledge of network infrastructure including enterprise routing, unified threat management, cloud security, end point security, and associated network protocols and concepts to provide overall solution for network cybersecurity. Developed cybersecurity future state roadmap for setting up cybersecurity and network security governance with technical expertise to multiple clients with specific requirements. Managed a team of security operations analysts, incident response analysts and threat intel engineers in day-to-day functioning, design decisions and implementations of incident response technology.
Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and It is not only about training and awareness. It is about the way users must behave online and IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.
Tamika Bass
Cybersecurity Technology Director
Gannett Fleming
Ashwin Rajendra
Manager, Cybersecurity Incident Response
Kimberly-Clark Corporation
Michael Wood
Field CTO
HashiCorp
Michael Wood is Field CTO at HashiCorp. In his 20+ year career, he has gone from practitioner to executive. In driving large-scale optimizations, Michael built best practice labs across the globe. He gained experience with all aspects of the developer experience, including onboarding, automated application scheduling, infrastructure, security automation, and more. In his spare time, he also runs an Apiary for honeybees, both for the honey and the ecological benefits to the area.
Michael Wood
Field CTO
HashiCorp
Bryant Tow
CSO
Leapfrog Services
Bryant and his team assist clients with complete security programs that include strategy, governance, and operations, focusing on managing risk within Leapfrog’s Ring of Security methodology. Bryant has over 25 years of providing a unique blend of combined expertise in technology, cyber risk management, and physical risk management. He has held responsibilities as an entrepreneur and senior executive in all aspects of risk management, including thought leadership in the area of cybersecurity, award-winning development of security solutions, and management within large global enterprises. He has also held executive leadership positions in multinational consulting firms and been involved in several startups. Recently, he was the Chief Security Officer for CSC’s Financial Services Group and was responsible for securing 143 applications in 52 countries. Bryant’s leadership positions across the security industry include the Department of Homeland Security Sector Coordinating Council, ISSA, ISACA, and as a board member and vice president of InfraGard National Members Alliance. He is recognized as a Distinguished Fellow by the Ponemon Institute, the industry’s leading research organization. He has also has published several books and articles on cybersecurity topics and has received several awards, including the Governor’s Office of Homeland Security Award for Exceptional Contribution in Recognition of Outstanding Support of Tennessee’s Counter Terrorism Program.
Bryant Tow
CSO
Leapfrog Services
Steve Ripple
Director, Information Security - Governance, Risk & Compliance
Newell Brands
Steve joined Newell Brands in May 2017 and leads the Governance, Risk & Compliance team that focuses on managing Global Information Security Policies, third party risk management, and on-site security assessments and training. Steve identifies and evaluates risks across Newell Brands then works with leadership and business partners to mitigate those risks and ensure compliance with security-related contractual and regulatory requirements. Steve holds a Bachelor’s degree in Accounting from Kent State University in Ohio and currently resides in Atlanta, GA. His experience over the past 10+ years spans internal and external IT audits, SOC Reporting, risk-based audits, physical and third-party security assessments, policy management, regulatory compliance, and information security assurance.
Steve Ripple
Director, Information Security - Governance, Risk & Compliance
Newell Brands
Jonathan Waldrop
Senior Director, Cyber Security
Insight Global
Jonathan Waldrop
Senior Director, Cyber Security
Insight Global
Ryder Gaston
Chief Revenue Officer
WinMagic
Ryder has over 25 years of experience in Security, Identity Management and Authentication. He has an exceptional track record for building effective sales teams and rapidly expanding global revenues for both emerging and large technology vendors. Ryder started his career as a digital security engineer in the United States Air Force. Further, he has several years of experience with both technical and sales leadership. In addition, prior to taking his current position at WinMagic as Chief Revenue Officer, Ryder worked with companies such as Computer Associates, RSA and Secret Double Octopus.
Join, Ryder Gaston, Chief Revenue Officer at WinMagic for an exciting session that will dive into the world of passwordless authentication. WinMagic's, recently released, MagicEndpoint protects access by focusing on the endpoint, for the user. It requires no user action, and no third-party devices or keys, so it’s seamless, secure and virtually invisible.
The solution goes beyond traditional MFA, with phishing resistance that can be applied to a number of use cases including, Pre-Boot login, Windows login, VDI & RDP login, and Email (Office 365). The authentication to remote services is so seamless that it requires no user action, delivering frictionless and secure Single Sign-On (SSO).
In this session, you’ll also see an exclusive demonstration of MagicEndpoint. Join to learn how WinMagic is making the world more secure.
Ryder Gaston
Chief Revenue Officer
WinMagic
Ken Foster
VP, IT Risk, Governance and Compliance
Fleetcor
Ken Foster
VP, IT Risk, Governance and Compliance
Fleetcor
Sandeep Lota
Field CTO
Nozomi Networks
With over two decades of progressive experience designing and architecting system breakthroughs, Sandeep Lota is a Network Security Expert proven in supporting national and global projects for the world’s largest companies. Sandeep has a long record of success innovating complex, large enterprise solutions for network and security infrastructures. He is known as an industry thought leader, and sought after across North America and internationally. In his current role as Field CTO at Nozomi Networks, Sandeep enables the success of Nozomi’s sales and channel force, and is both a leader and expert in executing complex design and systems engineering configurations. This combined with his first-rate sales and customer skills make him especially effective at contributing to worldwide team success. Having spent the first decade of his career working on the operations and project teams for global energy super-giants; Sandeep gained a powerful knowledge base of IT & OT principals which have been the foundation of his success. Sandeep holds active & advanced certifications from many best-in-breed security and networking vendors. This training background coupled with years of practical experience has positioned him as an instructor for a number of advanced networking and security courses.
Sandeep Lota
Field CTO
Nozomi Networks
Mark Roberts
CRO
CoSoSys
Mark has been in software sales leadership roles for over 20 years. Prior to CoSoSys, he led teams at PTC, BMC, and most recently at Pindrop Security. Mark earned a BA in Economics and an MBA from Duke University. He currently resides in the Washington, DC area.
Mark Roberts
CRO
CoSoSys
Lee Parrish
VP & CISO
Newell Brands
Lee Parrish is the Vice President, Chief Information Security Officer for Newell Brands, responsible for the strategic vision, execution, and ongoing operations of the information security program for the company. In a career that has spanned over two decades, Lee has effectively served as CISO for four Fortune 500 global corporations. Lee is an active participant in the information security industry as a frequent speaker, Adjunct Professor, podcast guest, and a member of two corporate Advisory Boards. He has been published in multiple security industry books/journals and authored a children’s book on cyber security. Lee won the North America Information Security Executive of the Year, as well as the Top 100 CISO’s award. He holds two graduate degrees: a Masters of Business Administration and a Masters of Science in Information Security and is credited with the Certified Information Systems Security Professional and the Qualified Boardroom Technology Expert designations. Lee is a combat veteran of the United States Marine Corps.
Shilpi Ganguly
VP, IT Cybersecurity
Weather Channel
Deena Swatzie
VP, Information Security
Truist
Arati Chavan
Staff Vice President Identity and Access Management
Elevance Health
Lee Parrish
VP & CISO
Newell Brands
Shilpi Ganguly
VP, IT Cybersecurity
Weather Channel
Deena Swatzie
VP, Information Security
Truist
Arati Chavan
Staff Vice President Identity and Access Management
Elevance Health