RSA Charge 2019

September 16–19, 2019
The Walt Disney World Swan and Dolphin Resort | Orlando, FL

 

Business-Driven Security in Action
Innovative, Informative & Impactful
#RSACHARGE

There’s no better way to learn about RSA than by hearing from the people who create and deliver the products and services you use. RSA Charge speakers aren’t just leaders within RSA, they’re leaders in their field.

Breakout sessions offer a view into the work of customers who are pushing the boundaries of what’s possible with RSA and developing powerful use cases for their industries or organizations.

Looking for pre-conference training? Due to RSA Charge starting on a Monday and being in Disney, we have decided not to offer any pre-conference training this year but instead have a whole RSAU track dedicated to your favorite training topics at no extra cost to you. There will also be RSAU representatives onsite to talk shop and answer any of your questions. We look forward to seeing you in Orlando.

Agenda at a Glance

Subject to change


Monday, September 16


Time Session
9:00am – 6:00pm Registration Open 
6:30pm – 9:30pm  Welcome Reception sponsored by Archer Experts
9:30pm – 11:00pm  After Hours Party sponsored by Crowe & RiskRecon


Tuesday, September 17


Time Session Speaker/Instructor Track
7:15am – 8:30am  Breakfast     
8:30am – 10:30am Opening Keynotes     
10:30am – 5:30pm  World of Solutions Partner Expo Open     
10:45am – 11:30am TBD TBD Evolving Third Party Risk for the Digital Transformation
Managing Fraud Risks from Digital Transformation
Whether as a result of a new regulation (such as PSD2 in UK), a market demand, or as a result of an organization’s digital transformation, Financial Institutions are increasingly opening APIs and partnering with FinTech providers. This in turn results in new risks from non-traditional third parties. Join us to hear about these emerging risks and some best practices to managing it. 
Daniel Cohen, Director, Product Management, RSA Beyond the Checkbox: Modernizing Compliance Programs
How to Ensure a Robust RSA Archer Environment that is 'Always On'
Is your RSA Archer platform sick and not performing well, but you can't diagnose the issue? An “always on” state can only be achieved by maintaining a healthy RSA Archer environment. Dell Technologies has implemented a solution that automatically tracks key system metrics to minimize RSA Archer downtime.  By automating the tracking of data feeds, data publication, LDAP runtime health, calculation errors, and disk utilization, this unique Dell Technologies solution provides pro-active insight into system health and reduces reactive-management activities by assigning SLA (Service Level Agreements) to critical processes and risks to ensure their RSA Archer environment is always available to their users.
Lisa Semeraro, Consultant, eGRC Program, Dell and Bruce Kiley, Sr. GRC Consultant, Tutela Solutions Business Resiliency for the Always On Enterprise
Risky Business: From Appetite to RCSA in RSA Archer
It’s Risky Business managing risk! Risk management necessitates assimilating, documenting, monitoring, tracking, updating, validating, analyzing and trending colossal amounts of information. RSA Archer is helping financial institutions effectively wrangle and cross-connect this behemoth volume of data. This session will walk through two examples of how RSA Archer is being used by risk management at a $10B+ financial institution to effectively and successfully complete Risk Appetite Statement (RAS) reporting and Risk Control Self-Assessments (RCSA), including certification, validation and supporting documentation for reference.
Dawn Mugford, SVP Director Operational Risk, Eastern Bank and Jennifer Flynn, VP Operational Risk Management, Eastern Bank Managing Operational Risk for Impact
DevSecOps and RSA Archer: Customers First
Coupling DevSecOps techniques with RSA Archer allows our customer requirements to be quickly deployed to operations.  DevSecOps promotes automation and orchestration with goals of continuous improvement.  Collaboration between development and IT operations teams allows the Cyber Modernization Division to rapidly respond to organizational cybersecurity needs.  Prioritizing our customer’s satisfaction unites our efforts to continuously deliver valuable software that responds to highly dynamic cyber landscapes.  RSA Archer is the platform of choice to accelerate our ability to get security-relevant information in the hands of engineers, administrators, security professionals, and members of the C-Suite.
Troy Taitano, Chief, Cyber Modernization Division, Kyle Cribbs, Project Manager, SAIC and Christopher Jackson, Lead Engineer, SAIC  Transformation Cyber Threat Detection & Response
Castles in the Cloud: the Good, the Bad, and the Ugly of Cloud Security
This session will cover principles and technical aspects of securing a Cloud environment as well as the challenges any company faces to secure their assets from sophisticated attackers. We will present a use case where a company, migrating to the cloud, faced a significant breach and fought a long battle to regain control over their assets and data. We will show techniques used by attackers in order to showcase the mechanisms used to overcome typical security measures originally adopted to protect the cloud platforms. Finally, we will discuss lessons learned and best practices.
Stefano Maccaglia , Senior Principal Consultant, RSA  View from the Clouds: Securing IaaS/SaaS Transformation
Leveraging the RSA Product Suite: How RSA NetWitness, RSA Archer, RSA SecurID, and RSA FRI Can be Used Together
This session will showcase how RSA  NetWitness, RSA Archer, RSA SecurID, and RSA FRI I can be integrated and leveraged together to address customers’ challenges. Companies who are primarily utilizing one of our products may not be familiar with how our other products can support and meet their security needs. Engaging in digital risk management is a multi-pronged problem that is best met with our multi-product solutions. To that end, this session will provide attendees with a holistic picture of the RSA portfolio.
Dace McPherson, Consultant, Customer/Technical Training, RSA and Peter Hunt, Technical Training, RSA,  RSAU
You Asked, We Delivered. More Advanced Workflow Enhancements
Last year’s RSA Archer Summit saw a great deal of interest in recent improvements to Advanced Workflow. During those conversations the RSA Archer team learned of a number of other items that were causing frustration to a lot of attendees. We’re pleased to showcase how we absorbed this feedback into improving the product with the following features: Rules based enrollment, Ordering User Action buttons, custom validation messages for AWF rules, Bulk Update Jobs, full screen AWF Designer and more.
Bruce Allison, Senior Software Quality Engineer, RSA and Kosta Vakshteyn, Senior Principle Software Engineer, RSA Technical Tracks
User Creation and Permissions Using the Javascript Transporter - Part 1
The ability to pass API commands in the Javascript Transporter enables secure, scheduled, and programmatic access to utilities and functions in RSA Archer that previously required manual action. This presentation will demonstrate how the Javascript Transporter can be used to automate secure interact with both the RSA Archer Web Services and REST API utilities. Presented scripts will show the transporters ability to dynamically create, update and assign users based on record content. Specific use case demonstrations of automatic user creation and access granting in a third party portal environment to save administrative time and prevent delays.
Anthony Cellini, Staff Consultant, Crowe Performance Optimization: RSA Product Learning Lab 
Less is More – Use Less data feeds and Get Better Performance Using new RSA Archer Features - Part 1
Bulk Actions, Scheduled Actions, and Cross-References, oh my! Take advantage of new and exciting features in RSA Archer. Learn how to use them to increase your RSA Archer performance and decrease your reliance on Archer to Archer Data Feeds. By doing this, the overall number of data feeds and calculation jobs can be reduced, which helps the system run better. We will show how to use Advanced Workflow Rules-Based Enrollment, Scheduled Bulk Updates, Bulk Create Actions, Scheduled Re-Calculations, and Calculated Cross-References to trigger notifications, create, and update data faster and more reliably.
Sheila Gordon, Sales Engineer, RSA and Marcy  Gaynes, CISSP, Senior Principal Engineer, Technical Support, RSA Performance Optimization: RSA Product Learning Lab 
       
11:45am – 12:30pm Managing Third Party Access Made Easy: Bok Financial Case Study
Third party access can introduce substantial risk if not done properly. It requires sync with HR systems and recertification of access frequently due to project timline and turnover. Join our session to find out how BOK Financial turned thier old manual process, which took weeks to complete and was painful for the business, into a streamlined processes that just works, empowering business users to make access decisions. 
Becca Collins, IAM Solutions Engineer, BOK Financial and Rachel McCullough, Manager, Identity and Access Management, BOK Financial Evolving Third Party Risk for the Digital Transformation
Driving Risk Management Maturity through Automation and Integration
As a global medical technology company engaged in the development, manufacture and sale of a range of medical supplies, devices, laboratory equipment and diagnostic products, Becton Dickinson (BD) has undergone two major acquisitions in the last three years. By operationalizing key use cases such as - Risk Assessments, SecOps, VRM, etc. BD was able to transform siloed processes into automated and integrated processes, thus improving the overall maturity of BD’s cybersecurity operations. Come hear how BD was able to tackle new vendor relationships and new technologies as they continued to innovate and enhance current capabilities, leveraging innovative solutions including Robotic Process Automation (RPA) for some of the repetitive tasks such as risk reassessments.
Mark Lubas, Director, Global Information Security, Becton Dickinson, Devin Amato, Principal, Cyber Risk, Deloitte and Manohar Singh, Senior Manager, Cyber Risk, Deloitte Beyond the Checkbox: Modernizing Compliance Programs
Integration of Everbridge and RSA Archer… it’s totally possible, we promise!
Having a robust Crisis Communication process is something that is necessary is today’s environment. Should disaster strike, inadequate, belated and untested communication channels can result in much higher costs to organization in terms of people, processes, and technology.  The business continuity / disaster recovery team at BECU enhanced their crisis communication capabilities by integrating BC/DR plans in RSA Archer with the mass notification capabilities of Everbridge.  This integration enables end users to initiate the plan and call tree directly improving response times.  In this session, attendees will learn the steps BECU took to integrate the two systems to empower key personnel during critical events.
Justin Weber, Director - Risk Management, Boeing Employee Credit Union and
Jason York, Senior GRC Archer Consultant, Archer Experts, LLC
Business Resiliency for the Always On Enterprise
Dynamic Risk Assessment: RSA Archer
Dell Technologies’ Dynamic Risk Assessment approach employs a simple RSA Archer user interface for business teams to enter risk information and generate standardized Tableau reports to display the risks in an ERM heatmap, tracking risk movements over time. The process enables the business to self-report and better manage its risk profile, while providing executive management with a consistent view for executive committee decision-making. Learn how Dell Technologies enables Dynamic Risk Assessments for Operational Risk Management, allowing business units to document and analyze their risks in a risk register, capture trending results over time, identify risk treatments, and report their risk profile to executive management.
Philip Aldrich, Director, Enterprise GRC, Dell and Amanda Weis, GRC Analyst, Dell Managing Operational Risk for Impact
Congratulations! You Just Bought a Breach: The Importance of Cyber Risk Assessments in Mergers and Acquisitions
Cyber-related weaknesses or missteps add yet another wrinkle to the M&A process, which makes network and data due diligences a top priority in making deals. But how do you best assess industry-appropriate levels of cyber maturity, identify security gaps, validate necessary strategies, and remove friction from a challenging M&A process? What risks could negatively affect a transaction? How do you determine the appropriate investment levels to achieve cyber maturity across people, processes and technologies? Join an experienced global security experts and IT systems innovator and an accomplished attorney in the cyber risk field for an important and practical session. 
Doug Howard, VP Global Services and IT Innovation, RSA and Aravind Swaminathan, Partner, Global Co-Chair, Cybersecurity and Data Privacy White Collar & Corporate Investigations, aswaminathan@orrick.com   Transformation Cyber Threat Detection & Response
Emerging Fraud Threats
Organizations are taking on a number of digital transformation initiatives to grow and advance their business and expand their reach to customers. However, fraudsters and other bad actors are also undergoing their own form of digital transformation to make cybercrime activity more efficient. Join this session to learn about the latest techniques fraudsters are utilizing to conduct fraud. 
Alon Shmilovitz, Director, Head of FraudAction Services, RSA. View from the Clouds: Securing IaaS/SaaS Transformation
RSA Archer Advanced Workflow Features: Getting the Most Out of New Advanced Workflow Functionality
This session will cover recently deployed Advanced Workflow functionality and train RSA Archer administrators on e-Signatures, User Action by Email, Re-ordering of User Action buttons, and more. Those attending the session will learn how the new features work and see examples of how the features might be incorporated into existing Advanced Workflow processes.
Chris Madsen, Consultant, Customer/Technical Training, RSA and Finnegan Boson, Senior Analyst, Customer/Technical Training, RSA
RSAU
Up Around the Bend: Unlocking the Power of Calculated Cross-References
Have you ever been faced with a need to build extremely lengthy compliance assessments of over a thousand questions? As you read the requirements you already know it will be time-consuming to build and test and, when it is done, will cause long page load times (and user complaints) because of DDE overload. The great news is there is another way. In this session, I will demonstrate how U.S. Bank created a large dynamic survey with minimal DDEs using calculated cross-references that also allows our Compliance Administrators to seamlessly update their survey at any time. This process saved us time on both the front (configuration) and back end (support).  
Lucas Ingles, Application Configuration Manager, U.S. Bank Technical Tracks
User Creation and Permissions Using the Javascript Transporter - Part 2
The ability to pass API commands in the Javascript Transporter enables secure, scheduled, and programmatic access to utilities and functions in RSA Archer that previously required manual action. This presentation will demonstrate how the Javascript Transporter can be used to automate secure interact with both the RSA Archer Web Services and REST API utilities. Presented scripts will show the transporters ability to dynamically create, update and assign users based on record content. Specific use case demonstrations of automatic user creation and access granting in a third party portal environment to save administrative time and prevent delays.
Anthony Cellini, Staff Consultant, Crowe Performance Optimization: RSA Product Learning Lab 
Less is More – Use Less data feeds and Get Better Performance Using new RSA Archer Features - Part 2
Bulk Actions, Scheduled Actions, and Cross-References, oh my! Take advantage of new and exciting features in RSA Archer. Learn how to use them to increase your RSA Archer performance and decrease your reliance on Archer to Archer Data Feeds. By doing this, the overall number of data feeds can be reduced, which helps the system run better. We will show how to use Advanced Workflow Rules-Based Enrollment, Scheduled Bulk Updates, Bulk Create Actions, Scheduled Re-Calculations, and Calculated Cross-References to trigger notifications and create data faster and more reliably than A2A data feeds.
Sheila Gordon, Sales Engineer, RSA and Marcy  Gaynes, CISSP, Senior Principal Engineer, Technical Support, RSA Performance Optimization: RSA Product Learning Lab 
12:30pm – 1:30pm  Lunch    
1:30pm – 2:15pm  Extreme Makeover: Third Party Risk Edition
Third party risk is constantly evolving and our programs need an occasional refresh or full remodel to keep up. Do you feel your program needs a shake up? Have you inherited someone else's third party risk management program? Are you looking for ideas to take your program to the next level? If so, join Berkshire Bank as they share their journey to revamp their third party risk management program with the RSA Archer platform in light of management turnover and increasing regulatory pressures. 
Melissa M. Taylor, GRCP, VP, Risk Governance Officer, Berkshire Bank and Patrick McGuigan, AVP, GRC Application Manager, Berkshire Bank Evolving Third Party Risk for the Digital Transformation
Powering Compliance in the Big Apple - A Utility's Journey (ConEdison) to Change its Compliance Culture
Many governing bodies and international management system standards are forcing companies to evaluate themselves in ways they may not be used to. Join us as we share how ConEdison efforts changed its culture; to think outside the box; and develop a compliance system built in RSA Archer, leveraging a data driven foundation for effective risk and quality management. 
Carl Johansen, Manager, Utility Shared Services Quality Management, ConEdison and Leon Bukhman, ConEdison Manager, Compliance Technology, ConEdison  Beyond the Checkbox: Modernizing Compliance Programs
Fight Like You Train: Arm Your Team for Battle with Effective Tabletop Exercises
The heat of the battle is the wrong time to discover weak spots in your organization’s handling practices. In this session we’ll cover three categories of incident simulation and offer a framework for development of exercises that meet training, response, and compliance objectives. Using these techniques, your team will have the confidence, workflow, and processes to better handle security incidents large and small.
Kevin Young, Incident Response Coordinator, Adobe Business Resiliency for the Always On Enterprise
Successfully Implementing and Managing Issues Management Across an Integrated Enterprise
Effective Issues Management requires cooperation and collaboration from various user groups across multiple departments.  From workflow to reporting, there are bound to be differences in process and requirements that must be overcome for the organization to gain the full benefits of the tool.  In this session, we will discuss how Global Payments overcame its pain points to implement and maintain a successful Issues Management solution for use across its global enterprise.
Jennifer Mast, Director, Enterprise Risk Management, Global Payments and Tuscany Justice, Senior Consultant, Templar Shield
Managing Operational Risk for Impact
Behind the Breach
Attackers will always find a way to breach the network they need access to. In order to detect these Advanced Persistent Threats (APT's) in a timely manner, organizations require untethered visibility, and in impeccable set of analysts who understand the tools, techniques and procedures (TTP's) used by APT's. This session will place an analytical lens on the first stages of an example attack from an APT, taking you behind the enemy lines to demonstrate the attack as well as showing the defenders perspective from RSA NetWitness to provide an all-inclusive threat hunting experience; understanding how attacks look within their environment, allow analysts to become better equipped to defend their organizations, while also allowing them to understand and reduce existing risk vectors.
Lee Kirkpatrick, Senior Incident Response Consultant, RSA Transformation Cyber Threat Detection & Response
Allstate Case Study: Migrate Securely to SaaS by Enhancing DETECT and RESPOND Capabilities
Smart executives know that visibility into their cloud migrations is a top prioritiy for end-to-end service assurance, optimizing cost and ensuring security of data. Learn how Allstate leveraged the inspection, identification and alerting capabilities of RSA NetWitness to improve network perimeter security posture. We will also share the common "people challenges" like skills and retention, and why that has a direct bearing on cloud adoption and migrations. We will use MS O365 as the SaaS application example. 
Ken Conquest, Manager, Network Security Engineering, Allstate Insurance View from the Clouds: Securing IaaS/SaaS Transformation
RSA Archer - LDAP/SSO Demonstration with a Q&A Session regarding All Education "Offerings to" and "Needs from" the Audience Peter Hunt, Technical Training, RSA and
Finnegan Boson, Senior Analyst, Customer/Technical Training, RSA 
RSAU
Omni Channel Fraud Protection
RSA is proud to showcase our Omni Channel fraud detection capabilities for ATM, Call Center, Branch and IVR channels.  Join us for a visual demonstration of how RSA's Adaptive Authentication can protect these various channels from fraudsters.  The presentation and demonstration will strike the appropriate balance to provide for both the business or technical attendee.
Jeffrey Jaros, Advisory Systems Engineer, RSA Technical Tracks
Hello, World! API Advanced Lab - Part 1
Building off of the "Hello, World! API Basics Lab" course from the past several years, the Advanced Lab will dive even deeper into the world of RSA Archer API utilization. This session will explore a how the APIs can be leveraged to develop middle-ware responsible for keeping RSA Archer and an external system in sync on a polled interval. Participants will be writing code alongside our guide to see how to make the most of their platform. Coding experience and/or prior Basics Lab participation is required.
Scott Hagemeyer, Senior Product Manager, RSA and David Petty, Advisory Consultant, RSA Performance Optimization: RSA Product Learning Lab 
Advanced Workflow: You Asked, We Delivered...In the Lab! - Part 1
This lab complements the session, “Advanced Workflow: You Asked, We Delivered!”, in providing a real hands-on experience.  We’ll highlight several of the changes and the overall transformation of Advanced Workflow. The feature has gone through many customer-inspired improvements, such as rules based enrollment, electronic signatures, full screen designer, and more.
Bobbi Ireton, Software Principal Engineer, RSA Performance Optimization: RSA Product Learning Lab 
       
2:30pm – 3:15pm   Integrated Operational Risk Management: A Coordinated and Holistic Approach to Viewing Risk and Making Informed Decisions, and a Key Pre-Requisite for Adapting to the Digital Transformation Era
Risk teams manage specialized risk disciplines such as IT or third-party risk, but integration between these and others is essential in today’s complex world. How do we better integrate our separate risk management efforts? A common foundation, language, and methodologies is a start, but it also takes an enabler. That enabler is the suite of RSA Archer solutions, that when combined with an integrated framework, brings together risk intelligence and, more importantly, helps drive informed business decision-making.  Attend this session to learn about some best practices and recommendations from how Voya Financial does integrated risk management.
Chrys Torhan, Director, IT Operational Risk Management, Voya Financial and Lloyd Costello
Senior Analyst, TIO Operational Risk Management
Voya Financial
Evolving Third Party Risk for the Digital Transformation
Show and Share with Highmark Health: RSA Archer Policy Content Management
Learn how Highmark Health advanced the RSA Archer Policy Program Management use case by integrating real-time word processing capabilities. During this session Highmark Health will show and share how they reduced their policy content collaboration, review and approval life cycle from days and weeks - to hours. Invite policy stakeholders to review and comment through a word processing interface, to locate policies through simplified web search and to tag policies with key terms, definitions, authoritative sources and related procedures. Transform your policy management and compliance program into a modern, web-based user experience while leveraging the power of RSA Archer's Advanced Work Flow, Data Publication and Notification services. 
Tim Belardi, Director - Integrated Governance Risk and Compliance, Highmark Health and Shanti Ramaiah, Manager RSA Archer Platform, Highmark Health Beyond the Checkbox: Modernizing Compliance Programs
Operationalizing your RSA Archer at Scale
How does implementing a tool with a scaled agile multi-scrum team environment translate to a product like the RSA Archer Suite?  Learn how Duke Energy used DEV Ops strategies, automation, and other agile concepts to develop innovative ideas and technologies to support their development, testing and regression cycles better. 
Jeff Londeree, IT Manager, Duke Energy Business Resiliency for the Always On Enterprise
Case Study: Recharging Your GRC Program
Looking to generate tangible GRC impact? Learn how National Grid re-energized and re-oriented its RSA Archer implementation with a common risk-and-control approach across the entire organization. This session highlights actionable strategies for sparking a renewed focus on GRC and sustainable collaboration among all three lines of defense.
Marina McQuade, GRC Programme Director, National Grid and Ed Barone,  Director, Cyber Security Services, KPMG LLC Managing Operational Risk for Impact
RSA Netwitness Automation - Scripting with NwConsole, API and SDK Guy Bruneau, GSE, Senior, Security Consultant, IPSS Inc. Transformation Cyber Threat Detection & Response
Ameriprise Case Study: Rising to the Challenge of Database Account Loading
Challenged with inadequate collection capabilities, Ameriprise turned to RSA’s DataReach solution to govern and manage database access and to scale to daily database collection needs. Join us as we share our best practices and results to date by using a fully automated robust solution. 
Jennie Baxter, Director, Identify & Security Management, Ameriprise Financial and Anil Allaparthi, Senior Software Engineer, Ameriprise Financial Technical Tracks
Preparing for your RSA Archer “Journey to the Cloud”
Are you looking to migrate RSA Archer to a public cloud? In this session we’ll discuss lessons learned from Sallie Mae’s “journey to the cloud.”  The discussion will include recommended steps to take in the planning, migration and post-migration phases to set your team up for success
Kylie Pfeiffer, Manager, IT Controls and Security Risks, Sallie Mae View from the Clouds: Securing IaaS/SaaS Transformation
Services Panel – Netwitness Focus
RSA Netwitness experts come together to offer a closer look at Netwitness - from how it was designed to be used to how it’s used in practice, and offer advice on what to do when things don’t go as planned.
Dace McPherson, Consultant, Customer/Technical Training, RSA  RSAU
Hello, World! API Advanced Lab - Part 2
Building off of the "Hello, World! API Basics Lab" course from the past several years, the Advanced Lab will dive even deeper into the world of RSA Archer API utilization. This session will explore a how the APIs can be leveraged to develop middle-ware responsible for keeping RSA Archer and an external system in sync on a polled interval. Participants will be writing code alongside our guide to see how to make the most of their platform. Coding experience and/or prior Basics Lab participation is required.
Scott Hagemeyer, Senior Product Manager, RSA and David Petty, Advisory Consultant, RSA Performance Optimization: RSA Product Learning Lab 
Advanced Workflow: You Asked, We Delivered...In the Lab! - Part 2
This lab complements the session, “Advanced Workflow: You Asked, We Delivered!”, in providing a real hands-on experience.  We’ll highlight several of the changes and the overall transformation of Advanced Workflow. The feature has gone through many customer-inspired improvements, such as rules based enrollment, electronic signatures, full screen designer, and more.
Anthony Cellini, Staff Consultant, Crowe Performance Optimization: RSA Product Learning Lab 
3:15pm – 3:45pm  Networking Break    
3:45pm – 4:30pm   Don't Ask, Evidence
During an age of ever-changing global regulatory and client security requirements, learn how to maximize vendor risk management to pro-actively evidence control compliance. Gain insight into the most frequently requested security documents. Understand how to construct and leverage an internal evidence repository adding depth and maturity to your program. Revolutionize traditional risk assessments.
Jennifer Lee, Sr. Director, Global Security Services; Operations Principal, Aon Securities, Inc. Evolving Third Party Risk for the Digital Transformation
Deploying RSA Archer In a Mature Cybersecurity and Privacy Environment
Join us as we share how the National Institute of Standards and Technology (NIST) uses RSA Archer to help articulate enterprise IT risk posture to senior business/IT leadership resulting in the advancement of mission goals.  In addition, we'll focus on the improved efficiencies gained through the automation of security control assessments and the bandwidth created to help meet IT innovation demands.  Our demo will showcase RSA Archer public sector solutions including an integrated view of risk posture with quantitative metrics across the enterprise, automated display of data in multiple frameworks (e.g. CSF) and more frequent, near real-time risk information to System Owners and Authorizing Officials.     
Sheldon Pratt, National Institute of Standards & Technology and Christian Neeley, Advisory Principal, Deloitte Beyond the Checkbox: Modernizing Compliance Programs
Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You
Every breach response plan looks good on paper, but what about when it’s time for action? Breaches are an everyday part of business. This session will talk about the critical dos and don'ts during and after a breach, as well as circle back to left of breach.
Doug Howard, VP Global Services and IT Innovation, RSA, Evan Wolff, Partner, Crowell & Moring and Patrick Kerry, Senior Director Consultant, IR ACD Practice, RSA Business Resiliency for the Always On Enterprise
Utilizing RSA Archer for Risk Control Self-Assessment
In this session, you will learn how RSA Archer Operational Risk Management applications can be utilized to implement and execute a Risk and Control Self-Assessment (RCSA) Framework inclusive of control testing.  This session will cover the out of the box and custom applications that were utilized, as well as how they were linked together to form the RCSA program. The session will follow an example of risk and control data for an RCSA from beginning to end, utilizing RSA Archer applications to illustrate the benefits of utilizing the system, including reporting. 
Jen Harmon, Operational Risk Manager- RCSA Lead, SunTrust and Monica Generose, Internal Controls Lead, SunTrust Managing Operational Risk for Impact
Growing RSA Archer: How St. Luke's Health System Customized and Cultivated to Maximize our RSA Archer Yield
After customizing the application, St. Luke's Health System has successfully integrated devise risk management (vulnerability scanning), annual risk control procedure assessments, application tiering, Business Continuity and Disaster Recovery. In addition we are in the beginning phases of integrating RSA NetWitness to assist in yielding risk information for our applications and device
Dustin Aldrich, Cyber Security Analyst III, St. Luke's Health System and Dawn Teply, Cyber Security Analyst III, St. Luke's Health System Transformation Cyber Threat Detection & Response
Leverage DevOps Methodologies to Become More Resilient and Mitigate Risk Using the Global Cloud
The technical world moves fast, and with it, attackers move fast as well. With that fast pace comes a plethora of risk in both implementing change and attempting to mitigate security risks. Don't get left behind with security holes plaguing your organization and lack of visibility for risk mitigation. Apply DevOps methodologies in deploying RSA products flexibly in the cloud. Using Infrastructure as Code, we've been able to create deployments that are consistent, reliable, scalable, and resilient all across the globe within minutes.
Elijah Gartin, Technical Consultant/DevOps Engineer, RSA View from the Clouds: Securing IaaS/SaaS Transformation
The End-User Experience: How to Guide End-Users Through an Evolving RSA Archer Interface
As you move your RSA Archer environment from one build to the next, the challenge of training your end users on interface and other changes must be addressed. This session will present some tips and best practices on how to effectively train and guide end users through new UI and UX changes, and how to get the most value out of their RSA Archer experience.
Chris Madsen, Consultant, Customer/Technical Training, RSA and Finnegan Boson, Senior Analyst, Customer/Technical Training, RSA
RSAU
Through the Looking Glass with Data Gateway: Seamless Integration of External Data
The increasingly complex risk landscape has caused a spurt in data growth - and it shows no sign of slowing down. How will you assess, manage and track risks at scale? RSA Archer's emerging Data Gateway capabilities provide a mechanism to shift from point by point consumption of data, to the ability to analyze and report on bulk datasets wherever they exist around your organization. In this session we will demonstrate the power and flexibility of Data Gateway by showcasing two different applications of the technology: deriving risk scoring from very large datasets and reaching out in real time to other systems via a pilot Incident Management and Response integration with RSA NetWitness. 
Apoora Srivastava, Software Engineer 2, RSA Technical Tracks
TBD TBD Performance Optimization: RSA Product Learning Lab 
TBD TBD Performance Optimization: RSA Product Learning Lab 
       
5:30pm – 8:30pm  "Be our Guest" Customer Dinner    
8:30pm – 11:00pm  Dessert & Fireworks @ Epcot    


Wednesday, September 18


Time Session Speaker/Instructor Track
7:15am – 8:30am  Breakfast     
8:30am – 10:30am Super Session - RSA Archer     
8:30am – 10:30am Super Session - RSA SecurID    
8:30am – 10:30am Super Session - RSA NetWitness    
8:30am – 10:30am Super Session - RSA Fraud     
10:30am – 10:45am Networking Break    
10:30am – 5:30pm  World of Solutions Partner Expo Open     
10:45am – 11:30am  TBD TBD Evolving Third Party Risk for the Digital Transformation
Turkcell Case Study: Security Governance Compliance
Challenges are increasing day by day due to security and governance issues, which are the fastest growing threats to IT and the telecom industry. With our constant digital transformation mindset, having key controls on systems, measuring and monitoring their compliance on a daily, weekly, and monthly basis is key to the on-going compliance success of the organization and its security strategy. This session will share Turkcell’s compliance approach, including  IAM, SOX Controls, Project Security, Security Awareness and Process Maturity.
Ahmet Denz Erol, Senior Process Management Specialist, Turkcell and Baris Efil, Process Management Expert, Turkcell Beyond the Checkbox: Modernizing Compliance Programs
TBD TBD Business Resiliency for the Always On Enterprise
Risky Business: Engaging Owners by Driving Accountability through Enterprise Issues Management
To truly empower and protect your business today, you must promote a culture of risk awareness, transparency, and accountability. In this session, you will learn how Regions Financial, in partnership with KPMG, worked to achieve this state by building out a consolidated enterprise-wide issues management program within the RSA Archer framework.
Callie Perkins, Vice President, Enterprise Risk Management, Regions Bank and Ryan Millerick, Lead Specialist, Cyber Security Services, KPMG LLP Managing Operational Risk for Impact
Panel Discussion: The Future of Digital Risk Management in the Workforce
What will the Digital Risk Management landscape look like in 3 years from now? Hear how Legal, Insurance and Technology are coming together to help customers better manage Digital Risk. Our knowledgeable speakers will share trends and challenges from their perspective including what key challenges their customers face and what their practice areas are doing to face those challenges. Topic will include: importance of frameworks; left and right of boom services; cyber due diligence with M&A; underwriting trends.
Doug Howard, VP Global Services and IT Innovation, RSA, Tracie Grella, Global Head of Cyber Risk Insurance, AIG, Lisa Sotto, Partner and Chair of Global Cyber Security Practice, Hunton Andrews Kurth LLP and Holly Rollo, Chief Marketing Officer, RSA Managing Risk in the Dynamic Workforce
Operationalizing Incident Response
Explore how and why key-business drivers shaper your security operations. Go beyond the guidance provided by NIST and examine how risk management, threat intelligence, and incident response come together in a sensible, practical, and operational detect and respond model that will meaningfully impact your cyber risk strategy. 
Shane Harsch, Senior Solutions Principal, RSA Transformation Cyber Threat Detection & Response
TBD TBD Managing Risk in the Dynamic Workforce
Services Panel: Identity Focus
RSA Identity experts come together to offer a closer look at how RSA can help you manage user authentication and access - from how RSA identity products are designed to be used to how they're used in practice, and offer advice on what to do when things don’t go as planned.
Peter Hunt, Technical Training, RSA and Jamie Pryer, Global Services Product Lead (SPL) - Identity , RSA RSAU
Getting to grips with RSA Archer JavaScript Transporter
The introduction of the JavaScript Transporter in RSA Archer 6.4 represents a seismic shift in the capabilities of the RSA Archer Data Feed Manager. In the past, the Data Feed Manager was ingest-only and limited to a single source. A file or report was fed into the transporter and the dataset was returned in RSA Archer. Every report or source would require its own data feed, each consuming more system resources. The world has changed! JavaScript Transporter infuses the Data Feed Manager with a shot of adrenaline designed to turbo-charge your data aggregation engine. Come and see how the JavaScript Transporter allows organizations to quickly and flexibly glean risk data from modern, web-based sources, as well as witnessing the new write to disk functionality introduced in RSA Archer 6.6. 
Wesley Loeffler, Systems Engineer, RSA and Mike Eilert, Software Senior Engineer, RSA        Technical Tracks
Automation to the Rescue: NASA Case Study - Part 1
Are your RSA Archer administrators overburdened by having to manually review and co-correct errors in user created CSV files used to bulk create/update RSA Archer records via data feeds?  Are you looking for ways to improve overall team efficiency and give your RSA Archer users more control and autonomy in this regard?  If so, come and learn how NASA leveraged a combination of an Excel template file, an attachment field, a PowerShell Script, a Data Feed, and results based emails to enable users to independently bulk create/update records in the Assessment and Authorization Hardware application with role-based limits on what records they can affect!
Stephen Kerney, Systems Architect 2, NASA Performance Optimization: RSA Product Learning Lab 
Regulatory Content Analysis: A Hands-On Introduction
This will be an instructor-lead lab session. Participants in this lab will have the opportunity to use the Regulatory Content Analysis application end-to-end, taking a closer look at features including the ability to upload training data and regulatory content, analysis of matches between existing controls and new regulations as suggested via a Natural Language Processing algorithm, searching for and creating new content matches, and exporting the new regulatory content for upload into their RSA Archer suite.
Douglas Heller, Software Quality Engineer 2, RSA and Corey Carpenter, Senior Advisor Product Management, RSA Performance Optimization: RSA Product Learning Lab 
11:45am – 12:30pm TBD TBD Evolving Third Party Risk for the Digital Transformation
Duke Energy Case Study: Avoid Compliance Testing Fatigue through Strategic Automation
This session will explore traditional testing pitfalls and alternatives.  Learn the “why's” and “how's” a team should use automation in a continuous development environment to enhance outcomes and productivity.  Change mindsets and standards by adopting automation practices. 
Christopher Wilson, SR IT Application Analyst, Duke Energy Beyond the Checkbox: Modernizing Compliance Programs
TBD TBD Business Resiliency for the Always On Enterprise
TBD TBD Managing Operational Risk for Impact
Threat Hunting in a Massive Network: Make it Hard to Hide
Would you know if one Domain Controller were acting differently than 400 others just like it? What about a single point of sale device, ATM or DNS server transmitting unusual traffic out of thousands of similar devices? Threat hunting is a truly massive network of millions of IPs requires unique approaches to work through petabytes of network traffic effectively. With over eight years of experience with a very large installation of RSA NetWitness this session will show you how to use the product to identity rare network behaviors that would ordinarily go unnoticed. This type of threat hunting transcends attack specifics, helping to eliminate IOC-focused hunting and instead focuses on behavior-based hunting. Open your eyes to machine behaviors you weren't aware of before!
 Vernon Habersetzer, Infosec Hunt Team Lead, CISSP, EnCE, GCFA, GCFE, GCIH, CISA, CFE, GREM, GCIA, Walmart Transformation Cyber Threat Detection & Response
Asset Criticality is Only Half the Story – User Risk Completes the Picture
In today’s dynamic workforce, understanding which assets in the organization are most critical is a good first step. But it is not sufficient to drive security or inform IT risk. To see the whole picture requires understanding the users of those assets as well. Each user has different resources they access and different access patterns. Leveraging the Identity Assurance capability within RSA SecurID Access provides visibility to the user-specific risk. These user level insights can help your risk management framework be more intelligent and impactful by helping you assess and implement the right controls. We will show how a recent proof of concept from RSA Labs can surface user risk in meaningful and actionable ways to better understand, manage, and reduce the risk, not just of the asset itself, but inherent in its users as well.
Kevin Bowers, Senior Technologist, RSA Labs, RSA and Sudarsan Kannan, RSA, Consultant, Product Management, RSA Managing Risk in the Dynamic Workforce
Services Panel: RSA Archer Advanced Workflow Focus
RSA Archer's Advanced Workflow is a powerful feature that can quickly become complex.  Join three RSA Archer services experts for a closer look at Advanced Workflow – from how it was designed to be used to how it’s used in practice, and learn what to do when things don’t go as planned.
Chris Madsen, Consultant, Customer/Technical Training, RSA, Jean Golka, Senior Manager, Professional Services, RSA and Greg Leichty, Principal Engineer, Technical Support, RSA RSAU
Job done! Automated Testing in RSA Archer.
Testing in RSA Archer can be a heavily manual process for all parties - developers, system administrators, and business/end users. It's painful at times. In response to these challenges the RSA Archer team at Nordstrom has developed "Advanced Deployment," a tool to simplify the RSA Archer SDLC and automate a number of those manual tasks. You can accomplish everything from bulk creating test users (with optional role and group assignments) to comparing the configurations of your dev/test/prod environments to testing Advanced Workflow paths (without logging in!) This session will provide an overview of the tool's capabilities followed by a live demo.
Wilson Hack, Engineer 2, Governance Management, Nordstrom Technical Tracks
Automation to the Rescue: NASA Case Study - Part 2
Are your RSA Archer administrators overburdened by having to manually review and co-correct errors in user created CSV files used to bulk create/update RSA Archer records via data feeds?  Are you looking for ways to improve overall team efficiency and give your RSA Archer users more control and autonomy in this regard?  If so, come and learn how NASA leveraged a combination of an Excel template file, an attachment field, a PowerShell Script, a Data Feed, and results based emails to enable users to independently bulk create/update records in the Assessment and Authorization Hardware application with role-based limits on what records they can affect!
Stephen Kerney, Systems Architect 2, NASA Performance Optimization: RSA Product Learning Lab 
Regulatory Content Analysis: A Hands-On Introduction
This will be an instructor-lead lab session. Participants in this lab will have the opportunity to use the Regulatory Content Analysis application end-to-end, taking a closer look at features including the ability to upload training data and regulatory content, analysis of matches between existing controls and new regulations as suggested via a Natural Language Processing algorithm, searching for and creating new content matches, and exporting the new regulatory content for upload into their RSA Archer suite.
Douglas Heller, Software Quality Engineer 2, RSA and Corey Carpenter, Senior Advisor Product Management, RSA Performance Optimization: RSA Product Learning Lab 
12:30pm – 1:30pm  Lunch    
1:30pm – 2:15pm  TBD TBD Evolving Third Party Risk for the Digital Transformation
Uniting Audit, Compliance, and Analysis with RSA Archer and RSA NetWitness in a Digital World
Our ever-evolving, organization-wide approach to continuous monitoring and risk reduction compels our team to continuously innovate.  We leverage RSA Archer to automatically federate significant audit events collected in RSA NetWitness to enable security professionals to effectively monitor and trend user activity across the enterprise.  Correlating NetWitness data with vulnerability scans, registered privileged users, security plan information, and many others provide actionable cybersecurity capabilities at all levels of the Risk Management Framework.
Troy Taitano, Chief, Cyber Modernization Division, Kyle Cribbs, Project Manager, SAIC and Christopher Jackson, Lead Engineer, SAIC  Beyond the Checkbox: Modernizing Compliance Programs
RSA Archer Alignment of Continuity and Disaster Recover
To protect and recover your systems, IT is quietly determining each system's organization criticality as they allocate resources and set restoration order. These are decisions your business should be making. Be a fly on the wall to watch how St. Luke's Health System utilized RSA Archer Business Continuity to align business continuity with IT disaster recovery to achieve this simple, but loft objective. 
Dustin Aldrich, Cyber Security Analyst III, St. Luke's Health System and Dawn Teply, Cyber Security Analyst III, St. Luke's Health System Business Resiliency for the Always On Enterprise
Balancing Fraud Risks, Consumer Experience, Revenues and Operational Costs
The consumer world is at a historical inflection point, as individuals interact and transact in more ways than ever before. Organizations are going through digital transformations, exposing more digital channels to their consumers in order to meet the growing demand for convenience. In turn, this leads to unprecedented business risk and security challenges ranging from legislative pressure, competition from new entrants, and an increase in potential vulnerabilities that can be exploited by fraudsters and cyber criminals. Attend this session to hear different perspectives on how to balance fraud risks, consumer experience, revenues, and operational costs.
Yael Gour, Product Marketing Manager, RSA  Managing Operational Risk for Impact
Protecting the Enterprise: Enabling Cyber Integration and Compliance Control Frameworks through RSA Archer
Presented will be an overview of RSA Archer integration projects to pull multiple external data sources from multiple external entities and sources to form a centralized enterprise framework to manage information related to policies, procedures and critical Cyber Security information for key business areas throughout the organization.  A previous manually intensive effort to ingest, identify changes and disseminate information is enabled through RSA Archer functionality that includes Corporate Obligations Management, Cyber Incident Breach Response, IT Security Vulnerabilities, IT Risk Management and the Issues Management solutions.  This session will explore both the strategic and technical aspects of RSA Archer data integration that includes Advanced Workflows, electronic approvals, RSS feeds, internal and external API integrations.
Warren Link, GRC Platform Technical Lead, Merck and Eric Schlarman, Risk Transformation Consultant, EY Transformation Cyber Threat Detection & Response
TBD TBD Managing Risk in the Dynamic Workforce
Services Panel: RSA Archer Access Control Focus
Controlling access to data within RSA Archer is a topic that seems straightforward enough on paper...but applying your knowledge within the actual system may require additional strategies. Join three RSA Archer services experts for a closer look at Access Control within Archer – from how it was designed to be set up to scenarios seen in actual practice, and learn what to do when things don’t go as planned.
Peter Hunt, Consultant, Customer/Technical Training, RSA, David Petty, Advisory Consultant, Professional Services, RSA, and Marcy Gaynes, Senior Principal Engineer, Technical Support, RSA RSAU
Small but Mighty: Administering RSA Archer Without a Massive Team
Managing an application, solution owners and end users when you have a small RSA Archer Administration team can be daunting.  In this session, I’ll share techniques that will help manage the everyday and long-term challenges.  Through scheduled communication, a unified support tracking solution, and clear prioritization rules, you’ll gain efficiencies to make better use of your most valuable resource: time. 
Kylie Pfeiffer, Manager, IT Controls and Security Risks, Sallie Mae Technical Tracks
Advanced Workflow: You Asked, We Delivered...In the Lab! - Part 1
This lab complements the session, “Advanced Workflow: You Asked, We Delivered!”, in providing a real hands-on experience.  We’ll highlight several of the changes and the overall transformation of Advanced Workflow. The feature has gone through many customer-inspired improvements, such as rules based enrollment, electronic signatures, full screen designer, and more.
Bobbi Ireton, Software Principal Engineer, RSA Performance Optimization: RSA Product Learning Lab 
Securing Office 365 the Easy Way - with RSA SecurID Access - Part 1
Microsoft Office 365 is a beautiful thing—it’s a very productive platform, full of your data, that is highly available to your end users…and threat actors! This lab will show you how to protect Office 365 with ease utilizing RSA SecurID. In this lab we will cover Access Policies, My Page, OpenID Connect, and the Office 365 integration.
Emilio Dunn, Systems Engineer, RSA Performance Optimization: RSA Product Learning Lab 
       
2:30pm – 3:15pm   Protecting Zelle transactions with RSA Adaptive Authentication
Being a service that helps attract and maintain customers, Zelle has made inroads into the peer to peer payments space. Zelle's own social media feeds recommend against using its service for payments to people the payer does not know. Yet this happens. In this session RSA will discuss its best practices for its customers to use RSA Adaptive Authentication to protect Zelle transactions.
Gregory Dicovitsky, Field CTO, RSA Evolving Third Party Risk for the Digital Transformation
TBD TBD Beyond the Checkbox: Modernizing Compliance Programs
TBD TBD Business Resiliency for the Always On Enterprise
Utilizing RSA Archer to Motivate Users and Promote a Risk Culture
GRC systems and processes need to be nurtured and users kept motivated for continued and timely usage. If this is not achieved, systems can ‘wither on the vine’ and end up shelved, wasting capital and human investment. In this session, you will learn how Royal London plans to address this issue by linking users compensation and department KPIs to RSA Archer processes. In this way, Royal London Group will create an improved and effective risk culture throughout the enterprise.
Paul Hughes, Group Risk Director, Royal London Group Managing Operational Risk for Impact
Log Anything: Keeping you Ahead of the Expanding Attack Surface
As organizations continue their digital transformation, there are increasing vectors for attackers to leverage, from home grown applications to new on-premise applications to a myriad of cloud services.  We will walk through the options RSA NetWitness Platform offers for collecting new log sources as well as parsing them, including Dynamic Log Parsing Rules, the Log Parsing Tool, NW Endpoint Insights, and Collection Plugins.  We will also review RSA NetWitness Platform deployment options for Cloud and Hybrid Cloud and currently supported Cloud sources.
Guy Williams, Principal Product Manager, RSA and Michael Gallegos, Principal Product Manager, RSA  Transformation Cyber Threat Detection & Response
Risk Technology Solutions: A Transitional Tale of Workforce Optimization
What will the Digital RIsk Mangaement landscape look like in 3 years from now? Hear how Legal, Insurance and Technology are coming together to help customers better manage Digital Risk. Our knowledgeable speakers will share trends and challenges from their perspective inlcuding what key challenges their customers face and what their practice areas are doing to face those challenges. Topic will include: importance of frameworks; left and right of boom services; cyber due diligence with M&A; underwriting trends.
Nicholaus Lyschik, RSA Archer Support Manager, U.S. Bank Managing Risk in the Dynamic Workforce
Services Panel: RSA Archer Data Feed Manager Focus
RSA Archer Data Feed functionality is a proven tool, well-used for both automation and integration. Join three RSA Archer services experts for a closer look at the Data Feed Manager – from best practice recommendations to scenarios seen in actual practice, and learn what to do when things don’t go as planned.
Chris Madsen, Consultant, Customer/Technical Training, RSA,  BJ Johnson, Senior Principal Engineer, Professional Services, RSA and Jeff Letterman, Senior Principal Engineer, Technical Support, RSA RSAU
Modernized Reporting with RSA Archer 6.6
"A picture is worth 1,000 words.", is how the saying goes, and we are enhancing RSA Archer's reporting capabilities to make sure they ring true. This session will highlight all of the reporting enhancements made to the product recently. From new defaults on Dashboards, iViews, and Charts, to Featured Metrics and Geographical Map Type reports, and a look at what lies ahead for reporting, this is one session you won't want to miss!
Scott Hagemeyer, Senior Product Manager, RSA and Anand Deshpande, Consultant Product Manager, RSA Technical Tracks
Advanced Workflow: You Asked, We Delivered...In the Lab! - Part 2
This lab complements the session, “Advanced Workflow: You Asked, We Delivered!”, in providing a real hands-on experience.  We’ll highlight several of the changes and the overall transformation of Advanced Workflow. The feature has gone through many customer-inspired improvements, such as rules based enrollment, electronic signatures, full screen designer, and more.
Bobbi Ireton, Software Principal Engineer, RSA Performance Optimization: RSA Product Learning Lab 
Securing Office 365 the Easy Way - with RSA SecurID Access - Part 2
Microsoft Office 365 is a beautiful thing—it’s a very productive platform, full of your data, that is highly available to your end users…and threat actors! This lab will show you how to protect Office 365 with ease utilizing RSA SecurID. In this lab we will cover Access Policies, My Page, OpenID Connect, and the Office 365 integration.
Emilio Dunn, Systems Engineer, RSA Performance Optimization: RSA Product Learning Lab 
3:15pm – 3:45pm  Networking Break    
3:45pm – 4:30pm   Vendor Risk Management About-Face
What do you do when you are the vendor? How do you organize and manage client contractual and regulatory audit requirements efficiently? Discover how to re-invent your vendor risk management solution to implement a client tiering framework, establish repeatable business engagement processes and streamline delivery with accurate, consistent messaging. Be the vendor your clients expect.
Jennifer Lee, Sr. Director, Global Security Services; Operations Principal, Aon Securities, Inc. Evolving Third Party Risk for the Digital Transformation
Straight Talk on Implementing RSA Archer for Financial Institution Governance
Hear Northwest Federal Credit Union ($3.4 billion credit union) tell its story regarding the implementation of RSA Archer as its GRC solution.  The memorable successes that worked and the not-so-easy to forget challenges they faced along the way. Learn about the 4 key components to a successful GRC implementation: People, Processes, Technology and External Events, and some of the benefits gained from the implementation. 
Jaon Ahmad, VP Risk Management, Northwest Federal Credit Union and Amy Baker, Sr. Manager ERM Compliance, Northwest Federal Credit Union Beyond the Checkbox: Modernizing Compliance Programs
Leveraging BCM Data to Drive Broad Enterprise Awareness and Resilience
Learn how Voya Financial leverages the RSA Archer Business Resiliency solution to serve as a holistic center point to drive separate, yet complementary priorities, drive data aggregation, and seed cross-discipline insights and awareness. This session will explore the value proposition of linking business continuity and disaster recovery data with operational process mapping aligned with operational risk management (ORM) incidents and the synergies between crisis management and third party risk management. Using these principles, Voya Financial addresses common IRM priorities such as business impact analysis (BIA) and other enterprise engagements by combining the separate parts of the continuity, technology, and operational risk components.
Marc Kantor, VP, Head of Business Resilience and Stephanie Samuels, Business Continuity Manager, Voya Financial Business Resiliency for the Always On Enterprise
Integrated Operational Risk Management: A Coordinated and Holistic Approach to Viewing Risk and Making Informed Decisions, and a Key Pre-Requisite for Adapting to the Digital Transformation Era
Risk teams manage specialized risk disciplines such as IT or third-party risk, but integration between these and others is essential in today’s complex world. How do we better integrate our separate risk management efforts? A common foundation, language, and methodologies is a start, but it also takes an enabler. That enabler is the suite of RSA Archer solutions, that when combined with an integrated framework, brings together risk intelligence and, more importantly, helps drive informed business decision-making.  Attend this session to learn about some best practices and recommendations from how Voya Financial does integrated risk management.
Chrys Torhan, Director, IT Operational Risk Management, Voya Financial and Lloyd Costello
Senior Analyst, TIO Operational Risk Management
Voya Financial
Managing Operational Risk for Impact
Congratulations! You Just Bought a Breach: The Importance of Cyber Risk Assessments in Mergers and Acquisitions
Cyber-related weaknesses or missteps add yet another wrinkle to the M&A process, which makes network and data due diligences a top priority in making deals. But how do you best assess industry-appropriate levels of cyber maturity, identify security gaps, validate necessary strategies, and remove friction from a challenging M&A process? What risks could negatively affect a transaction? How do you determine the appropriate investment levels to achieve cyber maturity across people, processes and technologies? Join an experienced global security experts and IT systems innovator and an accomplished attorney in the cyber risk field for an important and practical session. 
Doug Howard, VP Global Services and IT Innovation, RSA and Aravind Swaminathan, Partner, Global Co-Chair, Cybersecurity and Data Privacy White Collar & Corporate Investigations, Orrick   Transformation Cyber Threat Detection & Response
TBD TBD Managing Risk in the Dynamic Workforce
Services Panel: RSA Archer Infrastructure Focus
There's a good amount of behind-the-scenes infrastructure required to make Archer run. Join three RSA Archer experts for a closer look at the infrastructure needed to support RSA Archer – from best practice recommendations to scenarios seen in actual practice, and learn what to do when things don’t go as planned.
Peter Hunt, Consultant, Customer/Technical Training, RSA,  BJ Johnson, Senior Principal Engineer, Professional Services, RSA and Doug Swarts, Senior Principal Engineer, Technical Support, RSA RSAU
The Easy Button: Managing Users and Roles Through RSA Archer APIs
If you are using inherited record permissions throughout RSA Archer for assigning ownership/tasks to users, this session is for you! Does users moving between departments and teams cause you problems? Do you find it hard to keep track of changes in roles and which records should be assigned to which user? Do you spend time and effort manually searching for each and every record that needs to be updated? Learn how to overcome these obstacles and more by updating issue owners automatically through RSA Archer's APIs. You are one click away from the solution.  
Arvind Khakad, Consultant, Ministry of Interior/The Royal Commission of Jubail and Yanbu and Mohammad N. Almutiri, Major, National Information Center, Riyadh, KSA Technical Tracks
TBD TBD Performance Optimization: RSA Product Learning Lab 
TBD TBD Performance Optimization: RSA Product Learning Lab 
       
4:30pm – 6:30pm  World of Solutions Expo Partner Reception     
7:30pm – 12:00am   Customer Appreciation Party sponsored by Deloitte and KPMG (buses start leaving @ 7:15)     


Thursday, September 19


Time Session Speaker/Instructor Track
8:00am – 8:45am  Breakfast 
8:00am – 8:45am  Healthcare Industry Breakfast - REGISTER NOW
8:00am – 8:45am  Public Sector Industry Breakfast - REGISTER NOW
8:00am – 8:45am  Finance Industry Breakfast - REGISTER NOW
8:00am – 8:45am  Energy Industry Breakfast  - REGISTER NOW
9:00am – 9:45am     Evolving Third Party Risk for the Digital Transformation
    Beyond the Checkbox: Modernizing Compliance Programs
Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You
Every breach response plan looks good on paper, but what about when it’s time for action? Breaches are an everyday part of business. This session will talk about the critical dos and don'ts during and after a breach, as well as circle back to left of breach.
Doug Howard, VP Global Services and IT Innovation, RSA, Evan Wolff, Partner, Crowell & Moring and Patrick Kerry, Senior Director Consultant, IR ACD Practice, RSA  Business Resiliency for the Always On Enterprise
ORM, from a Regulatory Requirement to a Value Added Change Factor Governing Non-financial Risk Management
Because operational risk management (ORM) is generally viewed as a limited value-added regulatory requirement that organizations must comply with, allocated resources are typically not sufficient to allow for change. If the ORM framework is properly implemented, it becomes the central element of non-financial risk management, a powerful tool to facilitate decision-making, a driver of efficiency and continuous improvement, and a strong guarantee toward an organization’s sustainability. This session will examine the true definition of ORM as it is meant to be and how current technologies, including GRC, can facilitate the implementation of a strong, value-added ORM framework.
Toufik Charrat, Group Head of Operational Risk Management & Fraud Risk Prevention, ADIB Bank Managing Operational Risk for Impact
3 Types of UEBA models for any Security Use Case
Learn how RSA NetWitness UEBA (User, Entity and Behavioral Analytics) engine works, from pulling raw data through enrichment, to aggregation and modeling, and all the way to detection and alerting.  We will explore the 3 types of UEBA models that can be applied to almost any security use-case. Our demonstration shows how the pipeline works and defines anomalous indicators for security insights.
Rohit Unnikrishnan, Principal Product Manager, RSA  Transformation Cyber Threat Detection & Response
The Human Firewall Program A Risk Based, Measureable Approach to Securing the Weakest Link in the Chain
The Human Firewall system is a concept based on the fact the human is the weakest link the security chain. Social engineering happens to be the primary vector of attack in more than 90% of the data breaches across the world. In order to mitigrate this risk, an organization needs to continuously assess it and mitigate it. But, before setting a taget to lower that risk, an orgniztaions needs to meausre the current value of that risk and set. 
Ayad (Ed) Sleiman, CISM®, CRISC®, PMP®, ISO 27K LI, SCF, CBP®, Head of Information Security, KAUST Managing Risk in the Dynamic Workforce
Leveraging the RSA Product Suite: How RSA  NetWitness, RSA Archer, RSA SecurID, and RSA FRI Can be Used Together
This session will showcase how RSA  NetWitness, RSA Archer, RSA SecurID, and RSA FRI can be integrated and leveraged together to address customers’ challenges. Companies who are primarily utilizing one of our products may not be familiar with how our other products can support and meet their security needs. Engaging in digital risk management is a multi-pronged problem that is best met with our multi-product solutions. To that end, this session will provide attendees with a holistic picture of the RSA portfolio.
Peter Hunt, Technical Training, RSA and
Dace McPherson, Consultant, Customer/Technical Training, RSA
RSAU
NetWitness Technical Session TBD   Technical Tracks
       
10:00am – 10:45am Calling All Suppliers: T-Mobile’s Third-Party Evolution
Through a sophisticated RSA Archer deployment, T-Mobile and KPMG worked together to transform T-Mobile’s third-party risk management program from a disconnected cluster of manual activities to a streamlined progression of automated processes. This session looks at TPRM holistically, focusing on the value of unifying TPRM practices in an effort to strengthen supplier relationships in today’s digital global economy. 
David Howard, Sr. Manager, Third Party Risk Management, T-Mobile US Inc. and Andi Cescolini, Senior Associate, Cyber Security Services, KPMG LLC Evolving Third Party Risk for the Digital Transformation
Lowering the Cost of Compliance Through the Better Use of Data
Companies are too focused and distracted by data when it comes to compliance. In order to sustain compliance and risk management, companies must start with an intimate understanding of business processes, and must be familiar with how and why high-risk business processes gather, use and store data. With this understanding organizations can make risk-based determinations about governance investments and risk management. Learn how Cisco using RSA Archer was able to work with their clients to deliver real business value by materially lowering the cost of compliance.
Dave Vander Meer, CyberSecurity Architect, Cisco Systems and Aaron Boylan, CyberSecurity Architect, Cisco Systems Beyond the Checkbox: Modernizing Compliance Programs
    Business Resiliency for the Always On Enterprise
Cool Story, Bro! How Our Development Process Strives To Improve Efficiencies
In this session, you will learn how the RSA Archer development process has evolved. The session will be delivered from the perspective of a team that played multiple roles in the development cycle, working with specialized core teams to allow faster turnaround for RSA Archer development and focus on user experience, creating efficiencies between processes. The session will include an example of the tools and techniques utilized to help business partners produce actionable user acceptance criteria for faster development with minimal defects or errors.
Samit Patel, Senior Manager Corporate Risk Business Analyst, Discover Financial Services and Emily Burke, Senior Business Analysis, Discover Financial Services Managing Operational Risk for Impact
    Transformation Cyber Threat Detection & Response
    Managing Risk in the Dynamic Workforce
How-to: Industry and NIST Collaboration: Cybersecurity Maturity, Risk Reduction, and Architecture
Against the backdrop of our increasing dependency on digital solutions, this session will consider different risk management approaches with special attention to the widely adopted NIST framework and approaches to using commercial cybersecurity to achieve important standards.. With practical applications in mind, our presenters will share how RSA leverages the power of NIST’s federally funded National Cybersecurity Center of Excellence (NCCoE) operated by MITRE in its efforts to protect assets from myriad cyber threats, while at the same time reducing deployment risk and lowering costs
Doug Howard, VP Global Services and IT Innovation, RSA, Steve Bergman, General Manager, RSA, Sam Visner,  Director, National Cybersecurity Federally Funded Research Center, The MITRE Corporation  RSAU
RSA Archer Ask the Admin Panel
The ever-popular panel session where YOU get to set the agenda returns for another year. The experienced panelists and fellow users of RSA Archer are waiting to answer any and every question you can throw at them. Be sure to get to the room early as this session fills up fast!
Toby Maack, System Liaison 3, First Interstate Bank, Darcey Mooney, Archer Administration & Development, Technology Services and Compliance, ATT and TBD Technical Tracks
   
11:00am – 11:45am Closing Remarks & Awards
Inspirational speaker and British sailor Tracy Edwards, who skippered the first all-female crew in the Whitbread Round the World Yacht Race, becoming the first woman to receive the Yachtsman of the Year Trophy and was awarded an MBE honor.
12:30pm – 3:00pm  Working Group: User Experience (limit 50 attendees) - REGISTER NOW
12:30pm – 3:00pm  Working Group: Third Party Risk (limit 50 attendees) - REGISTER NOW
12:30pm – 3:00pm  Working Group: Regulatory & Corporate Compliance (limit 50 attendees) - REGISTER NOW
12:30pm – 3:00pm  Working Group: SysAdmin (limit 50 attendees) - REGISTER NOW
12:30pm – 3:00pm  Working Group: SaaS/Cloud (limit 50 attendees) - REGISTER NOW
12:30pm – 3:00pm  Working Group: ITSRM (limit 50 attendees) - REGISTER NOW


Questions? Don't hesitate to reach out.

For general questions about the event, contact rsa.events@rsa.com or Stacy Sakellariou @ 571-277-1055.