RSA Charge 2019

September 16 – 19, 2019
The Walt Disney World Swan and Dolphin Resort | Orlando, FL

 

Helping You Manage Digital Risk
Innovative, Informative & Impactful
#RSACHARGE

 

Online registration for RSA Charge 2019 has closed, you will be able to register onsite. See you in Orlando!

There’s no better way to learn about RSA than by hearing from the people who create and deliver the products and services you use. RSA Charge speakers aren’t just leaders within RSA, they’re leaders in their field.

Breakout sessions offer a view into the work of customers who are pushing the boundaries of what’s possible with RSA and developing powerful use cases for their industries or organizations.

Looking for pre-conference training? Due to RSA Charge starting on a Monday and being in Disney, we have decided not to offer any pre-conference training this year but instead have a whole RSAU track dedicated to your favorite training topics at no extra cost to you. There will also be RSAU representatives onsite to talk shop and answer any of your questions. We look forward to seeing you in Orlando.

Agenda at a Glance

Subject to change


Monday, September 16


Time Session
9:00am – 6:00pm Registration Open 
6:30pm – 9:30pm  Welcome Reception sponsored by Archer Experts & EY 
9:30pm – 11:00pm  After Hours Party sponsored by Crowe & RiskRecon


Tuesday, September 17


Time Session Speaker/Instructor Track
7:15am – 8:30am  Breakfast     
8:30am – 10:30am Opening Keynotes:

Welcome and The New Why - Rohit Ghai, President, RSA; 
Risk & Reward in the Digital Era - Grant Geyer, SVP Product, RSA; 
Innovating the Future of Cybersecurity - Dr. Zulfikar Ramzan, CTO, RSA; 
Customer Panel: Digital Transformation and the Changing Nature of Risk - Moderated by Holly Rollo, SVP Digital Transformation & CMO; 
Guest speaker - Srinath Sampath, Gartner Analyst 
10:30am – 5:30pm  Partner Showcase Open     
10:30am – 5:30pm

RSA Charge Zones Open:

Connect - Schedule some time with a RSA Expert

Inspire - Check out cool new stuff in our RSA Innovations Lab, visit the RSA Charge SOC exhibit and tap into the RSA community at the RSA Exchange area

Share - Relax in the Customer Success Lounge and learn how to share information in the RSA Link Community area

Transform - Turn Information into Action with RSA Customer Experience and learn how to enhance performance at the RSA University area

   
10:45am – 11:30am  Leveraging Cybersecurity Ratings in your Third-Party GRC Program to Get Better Risk Outcomes: A Practical Healtcare Case Study
Digital transformation is transfiguring the enterprise into a complex ecosystem of vendors and partners – introducing a shared, common root system of risk. Managing the risk of digital transformation at the speed of business requires new approaches to achieve better risk outcomes more efficiently, beyond traditional questionnaires which lack contextualized risk insight, and are part of a slow, manual process.Learn insights into speeding vendor selection, targeting known weaknesses, verifying compliance into your security standards and handing critical vulnerabilities across the expansive vendor population. You’ll hear from a healthcare  practitioner on how they are operationalizing this integration. 
Kelly White, CEO and Founder, RiskRecon and Chris Golden, PhD, Director, Information Security, Horizon Blue Cross Blue Shield of New Jersey
Evolving Third Party Risk for the Digital Transformation
Managing Fraud Risks From Digital Transformation
Whether as a result of a new regulation (such as PSD2 in UK), a market demand, or as a result of an organization’s digital transformation, Financial Institutions are increasingly opening APIs and partnering with FinTech providers. This in turn results in new risks from non-traditional third parties. Join us to hear about these emerging risks and some best practices to managing it. 
Daniel Cohen, Director, Product Management, RSA Beyond the Checkbox: Modernizing Compliance Programs
How to Ensure a Robust RSA Archer Environment that is 'Always On'
Is your RSA Archer platform sick and not performing well, but you can't diagnose the issue? An “always on” state can only be achieved by maintaining a healthy RSA Archer environment. Dell Technologies has implemented a solution that automatically tracks key system metrics to minimize RSA Archer downtime.  By automating the tracking of data feeds, data publication, LDAP runtime health, calculation errors, and disk utilization, this unique Dell Technologies solution provides pro-active insight into system health and reduces reactive-management activities by assigning SLA (Service Level Agreements) to critical processes and risks to ensure their RSA Archer environment is always available to their users.
Lisa Semeraro, Consultant, eGRC Program, Dell and Bruce Kiley, Sr. GRC Consultant, Tutela Solutions Business Resiliency for the Always On Enterprise
Risky Business: From Appetite to RCSA in RSA Archer
It’s Risky Business managing risk! Risk management necessitates assimilating, documenting, monitoring, tracking, updating, validating, analyzing and trending colossal amounts of information. RSA Archer is helping financial institutions effectively wrangle and cross-connect this behemoth volume of data. This session will walk through two examples of how RSA Archer is being used by risk management at a $10B+ financial institution to effectively and successfully complete Risk Appetite Statement (RAS) reporting and Risk Control Self-Assessments (RCSA), including certification, validation and supporting documentation for reference.
Jennifer Flynn, VP Operational Risk Management, Eastern Bank Managing Operational Risk for Impact
DevSecOps and RSA Archer: Customers First
Coupling DevSecOps techniques with RSA Archer allows our customer requirements to be quickly deployed to operations.  DevSecOps promotes automation and orchestration with goals of continuous improvement.  Collaboration between development and IT operations teams allows the Cyber Modernization Division to rapidly respond to organizational cybersecurity needs.  Prioritizing our customer’s satisfaction unites our efforts to continuously deliver valuable software that responds to highly dynamic cyber landscapes.  RSA Archer is the platform of choice to accelerate our ability to get security-relevant information in the hands of engineers, administrators, security professionals, and members of the C-Suite.
Troy Taitano, Chief, Cyber Modernization Division, Kyle Cribbs, Project Manager, SAIC and Christopher Jackson, Lead Engineer, SAIC  Transformation Cyber Threat Detection & Response
Castles in the Cloud: the Good, the Bad, and the Ugly of Cloud Security
This session will cover principles and technical aspects of securing a Cloud environment as well as the challenges any company faces to secure their assets from sophisticated attackers. We will present a use case where a company, migrating to the cloud, faced a significant breach and fought a long battle to regain control over their assets and data. We will show techniques used by attackers in order to showcase the mechanisms used to overcome typical security measures originally adopted to protect the cloud platforms. Finally, we will discuss lessons learned and best practices.
Stefano Maccaglia , Senior Principal Consultant, RSA  View from the Clouds: Securing IaaS/SaaS Transformation
Leveraging the RSA Product Suite: How RSA  NetWitness, RSA Archer, RSA SecurID, and RSA Fraud and Risk Intelligence Can be Used Together
This session will showcase how RSA  NetWitness, RSA Archer, RSA SecurID, and RSA FRI can be integrated and leveraged together to address customers’ challenges. Companies who are primarily utilizing one of our products may not be familiar with how our other products can support and meet their security needs. Engaging in digital risk management is a multi-pronged problem that is best met with our multi-product solutions. To that end, this session will provide attendees with a holistic picture of the RSA portfolio.
Dace McPherson, Consultant, Customer/Technical Training, RSA and Peter Hunt, Technical Training, RSA,  RSAU
You Asked, We Delivered. More Advanced Workflow Enhancements
Last year’s RSA Archer Summit saw a great deal of interest in recent improvements to Advanced Workflow. During those conversations the RSA Archer team learned of a number of other items that were causing frustration to a lot of attendees. We’re pleased to showcase how we absorbed this feedback into improving the product with the following features: Rules based enrollment, Ordering User Action buttons, custom validation messages for AWF rules, Bulk Update Jobs, full screen AWF Designer and more.
Bruce Allison, Senior Software Quality Engineer, RSA and Kosta Vakshteyn, Senior Principle Software Engineer, RSA Technical Tracks
Get Your Day Job Back – Automate User Account Management - Part 1
Are you tired of manually assigning access roles and groups to 100’s, 1,000’s, or even 10,000’s user accounts? If you answered a resounding “Yes!”, then join Investors Bank and Crowe to learn how to automate access role and group assignments using the latest RSA Archer administration enhancements. We will show you how to utilize a simple utility that lets the RSA Archer system do all the manual work so you can get your day job back and better serve your end users.
Rich Zendrosky, VP, Head of Third Party Risk Management, Investors Bank and Andrea Dollen, Manager, Crowe LLP Performance Optimization: RSA Product Learning Lab 
Less is More – Use Less Data Feeds and Get Better Performance Using New RSA Archer Features - Part 1
Bulk Actions, Scheduled Actions, and Cross-References, oh my! Take advantage of new and exciting features in RSA Archer. Learn how to use them to increase your RSA Archer performance and decrease your reliance on RSA Archer to RSA Archer Data Feeds. By doing this, the overall number of data feeds and calculation jobs can be reduced, which helps the system run better. We will show how to use Advanced Workflow Rules-Based Enrollment, Scheduled Bulk Updates, Bulk Create Actions, Scheduled Re-Calculations, and Calculated Cross-References to trigger notifications, create, and update data faster and more reliably.
Sheila Gordon, Sales Engineer, RSA and Marcy  Gaynes, CISSP, Senior Principal Engineer, Technical Support, RSA Performance Optimization: RSA Product Learning Lab 
       
11:45am – 12:30pm Managing Third Party Access Made Easy: Bok Financial Case Study
Third party access can introduce substantial risk if not done properly. It requires sync with HR systems and recertification of access frequently due to project timline and turnover. Join our session to find out how BOK Financial turned thier old manual process, which took weeks to complete and was painful for the business, into a streamlined processes that just works, empowering business users to make access decisions. 
Becca Collins, IAM Solutions Engineer, BOK Financial and Rachel McCullough, Manager, Identity and Access Management, BOK Financial Evolving Third Party Risk for the Digital Transformation
Driving Risk Management Maturity Through Automation and Integration
As a global medical technology company engaged in the development, manufacture and sale of a range of medical supplies, devices, laboratory equipment and diagnostic products, Becton Dickinson (BD) has undergone two major acquisitions in the last three years. By operationalizing key use cases such as - Risk Assessments, SecOps, VRM, etc. BD was able to transform siloed processes into automated and integrated processes, thus improving the overall maturity of BD’s cybersecurity operations. Come hear how BD was able to tackle new vendor relationships and new technologies as they continued to innovate and enhance current capabilities, leveraging innovative solutions including Robotic Process Automation (RPA) for some of the repetitive tasks such as risk reassessments.
Mark Lubas, Director, Global Information Security, Becton Dickinson, Jack McNeil, eGRC Platform Senior Manager, Becton Dickinson, Devin Amato, Principal, Cyber Risk, Deloitte and Manohar Singh, Senior Manager, Cyber Risk, Deloitte Beyond the Checkbox: Modernizing Compliance Programs
Integration of Everbridge and RSA Archer… it’s Totally Possible, We Promise!
Having a robust Crisis Communication process is something that is necessary is today’s environment. Should disaster strike, inadequate, belated and untested communication channels can result in much higher costs to organization in terms of people, processes, and technology.  The business continuity / disaster recovery team at BECU enhanced their crisis communication capabilities by integrating BC/DR plans in RSA Archer with the mass notification capabilities of Everbridge.  This integration enables end users to initiate the plan and call tree directly improving response times.  In this session, attendees will learn the steps BECU took to integrate the two systems to empower key personnel during critical events.
Justin Weber, Director - Risk Management, Boeing Employee Credit Union, Aleta Rasmussen, BECU
Business Continuity Program Manager, Boeing Employee Credit Union, Andrew Gaines, BECU
Archer System Administrator,Boeing Employee Credit Union and Jason York, Senior GRC Archer Consultant, Archer Experts, LLC
Business Resiliency for the Always On Enterprise
Dynamic Risk Assessment: RSA Archer
Dell Technologies’ Dynamic Risk Assessment approach employs a simple RSA Archer user interface for business teams to enter risk information and generate standardized Tableau reports to display the risks in an ERM heatmap, tracking risk movements over time. The process enables the business to self-report and better manage its risk profile, while providing executive management with a consistent view for executive committee decision-making. Learn how Dell Technologies enables Dynamic Risk Assessments for Operational Risk Management, allowing business units to document and analyze their risks in a risk register, capture trending results over time, identify risk treatments, and report their risk profile to executive management.
Philip Aldrich, Director, Enterprise GRC, Dell and Amanda Weis, GRC Analyst, Dell Managing Operational Risk for Impact
Congratulations! You Just Bought a Breach: The Importance of Cyber Risk Assessments in Mergers and Acquisitions
Cyber-related weaknesses or missteps add yet another wrinkle to the M&A process, which makes network and data due diligences a top priority in making deals. But how do you best assess industry-appropriate levels of cyber maturity, identify security gaps, validate necessary strategies, and remove friction from a challenging M&A process? What risks could negatively affect a transaction? How do you determine the appropriate investment levels to achieve cyber maturity across people, processes and technologies? Join an experienced global security experts and IT systems innovator and an accomplished attorney in the cyber risk field for an important and practical session. 
Doug Howard, VP Global Services and IT Innovation, RSA and Aravind Swaminathan, Partner, Global Co-Chair, Cybersecurity and Data Privacy White Collar & Corporate Investigations Transformation Cyber Threat Detection & Response
Emerging Fraud Threats
Organizations are taking on a number of digital transformation initiatives to grow and advance their business and expand their reach to customers. However, fraudsters and other bad actors are also undergoing their own form of digital transformation to make cybercrime activity more efficient. Join this session to learn about the latest techniques fraudsters are utilizing to conduct fraud. 
Alon Shmilovitz, Director, Head of FraudAction Services, RSA. View from the Clouds: Securing IaaS/SaaS Transformation
RSA Archer Advanced Workflow Features: Getting the Most Out of New Advanced Workflow Functionality
This session will cover recently deployed Advanced Workflow functionality and train RSA Archer administrators on e-Signatures, User Action by Email, Re-ordering of User Action buttons, and more. Those attending the session will learn how the new features work and see examples of how the features might be incorporated into existing Advanced Workflow processes.
Chris Madsen, Consultant, Customer/Technical Training, RSA and Finnegan Boson, Senior Analyst, Customer/Technical Training, RSA
RSAU
Up Around the Bend: Unlocking the Power of Calculated Cross-References
Have you ever been faced with a need to build extremely lengthy compliance assessments of over a thousand questions? As you read the requirements you already know it will be time-consuming to build and test and, when it is done, will cause long page load times (and user complaints) because of DDE overload. The great news is there is another way. In this session, I will demonstrate how U.S. Bank created a large dynamic survey with minimal DDEs using calculated cross-references that also allows our Compliance Administrators to seamlessly update their survey at any time. This process saved us time on both the front (configuration) and back end (support).  
Lucas Ingles, Application Configuration Manager, U.S. Bank Technical Tracks
Get Your Day Job Back – Automate User Account Management - Part 2
Are you tired of manually assigning access roles and groups to 100’s, 1,000’s, or even 10,000’s user accounts? If you answered a resounding “Yes!”, then join Investors Bank and Crowe to learn how to automate access role and group assignments using the latest RSA Archer administration enhancements. We will show you how to utilize a simple utility that lets the RSA Archer system do all the manual work so you can get your day job back and better serve your end users.
Rich Zendrosky, VP, Head of Third Party Risk Management, Investors Bank and Andrea Dollen, Manager, Crowe LLP  
Less is More – Use Less Data Feeds and Get Better Performance Using New RSA Archer Features - Part 2
Bulk Actions, Scheduled Actions, and Cross-References, oh my! Take advantage of new and exciting features in RSA Archer. Learn how to use them to increase your RSA Archer performance and decrease your reliance on RSA Archer to RSA Archer Data Feeds. By doing this, the overall number of data feeds and calculation jobs can be reduced, which helps the system run better. We will show how to use Advanced Workflow Rules-Based Enrollment, Scheduled Bulk Updates, Bulk Create Actions, Scheduled Re-Calculations, and Calculated Cross-References to trigger notifications, create, and update data faster and more reliably.
Sheila Gordon, Sales Engineer, RSA and Marcy  Gaynes, CISSP, Senior Principal Engineer, Technical Support, RSA Performance Optimization: RSA Product Learning Lab 
12:30pm – 1:30pm  Lunch    
1:30pm – 2:15pm  Extreme Makeover: Third Party Risk Edition
Third party risk is constantly evolving and our programs need an occasional refresh or full remodel to keep up. Do you feel your program needs a shake up? Have you inherited someone else's third party risk management program? Are you looking for ideas to take your program to the next level? If so, join Berkshire Bank as they share their journey to revamp their third party risk management program with the RSA Archer platform in light of management turnover and increasing regulatory pressures. 
Melissa M. Taylor, GRCP, VP, Risk Governance Officer, Berkshire Bank and Patrick McGuigan, AVP, GRC Application Manager, Berkshire Bank Evolving Third Party Risk for the Digital Transformation
Powering Compliance in the Big Apple - A Utility's Journey (ConEdison) to Change its Compliance Culture
Many governing bodies and international management system standards are forcing companies to evaluate themselves in ways they may not be used to. Join us as we share how ConEdison efforts changed its culture; to think outside the box; and develop a compliance system built in RSA Archer, leveraging a data driven foundation for effective risk and quality management. 
Carl Johansen, Manager, Utility Shared Services Quality Management, ConEdison and Leon Bukhman, ConEdison Manager, Compliance Technology, ConEdison  Beyond the Checkbox: Modernizing Compliance Programs
Fight Like You Train: Arm Your Team for Battle with Effective Tabletop Exercises
The heat of the battle is the wrong time to discover weak spots in your organization’s handling practices. In this session we’ll cover three categories of incident simulation and offer a framework for development of exercises that meet training, response, and compliance objectives. Using these techniques, your team will have the confidence, workflow, and processes to better handle security incidents large and small.
Kevin Young, Incident Response Coordinator, Adobe Business Resiliency for the Always On Enterprise
Successfully Implementing and Managing Issues Management Across an Integrated Enterprise
Effective Issues Management requires cooperation and collaboration from various user groups across multiple departments.  From workflow to reporting, there are bound to be differences in process and requirements that must be overcome for the organization to gain the full benefits of the tool.  In this session, we will discuss how Global Payments overcame its pain points to implement and maintain a successful Issues Management solution for use across its global enterprise.
Jennifer Mast, Director, Enterprise Risk Management, Global Payments and Tuscany Justice, Senior Consultant, Templar Shield
Managing Operational Risk for Impact
Behind the Breach
Attackers will always find a way to breach the network they need access to. In order to detect these Advanced Persistent Threats (APT's) in a timely manner, organizations require untethered visibility, and in impeccable set of analysts who understand the tools, techniques and procedures (TTP's) used by APT's. This session will place an analytical lens on the first stages of an example attack from an APT, taking you behind the enemy lines to demonstrate the attack as well as showing the defenders perspective from RSA NetWitness to provide an all-inclusive threat hunting experience; understanding how attacks look within their environment, allow analysts to become better equipped to defend their organizations, while also allowing them to understand and reduce existing risk vectors.
Lee Kirkpatrick, Senior Incident Response Consultant, RSA Transformation Cyber Threat Detection & Response
RSA Cloud Authentication and Key Bank – A Success story
Key bank has a fully mobile population of more than 30% of its employees. Key Bank needed to increase the assurance level of access to its internal network from these remote workers using VPN. Key Bank extended their long term relationship with RSA to modernize multifactor authentication and move to a hosted service and the benefits it provides. This presentation provides a narrative, facts and figures of this successful journey.
Don Murphy, VP and Identity Architect, Keybank View from the Clouds: Securing IaaS/SaaS Transformation
RSA Archer - LDAP/SSO Demonstration with a Q&A Session regarding All Education "Offerings to" and "Needs from" the Audience Peter Hunt, Technical Training, RSA and
Finnegan Boson, Senior Analyst, Customer/Technical Training, RSA 
RSAU
Omni Channel Fraud Protection
RSA is proud to showcase our Omni Channel fraud detection capabilities for ATM, Call Center, Branch and IVR channels.  Join us for a visual demonstration of how RSA's Adaptive Authentication can protect these various channels from fraudsters.  The presentation and demonstration will strike the appropriate balance to provide for both the business or technical attendee.
Jeffrey Jaros, Advisory Systems Engineer, RSA Technical Tracks
Hello, World! API Advanced Lab - Part 1
Building off of the "Hello, World! API Basics Lab" course from the past several years, the Advanced Lab will dive even deeper into the world of RSA Archer API utilization. This session will explore a how the APIs can be leveraged to develop middle-ware responsible for keeping RSA Archer and an external system in sync on a polled interval. Participants will be writing code alongside our guide to see how to make the most of their platform. Coding experience and/or prior Basics Lab participation is required.
Scott Hagemeyer, Senior Product Manager, RSA and David Petty, Advisory Consultant, RSA Performance Optimization: RSA Product Learning Lab 
Advanced Workflow: You Asked, We Delivered...In the Lab! - Part 1
This lab complements the session, “Advanced Workflow: You Asked, We Delivered!”, in providing a real hands-on experience.  We’ll highlight several of the changes and the overall transformation of Advanced Workflow. The feature has gone through many customer-inspired improvements, such as rules based enrollment, electronic signatures, full screen designer, and more.
Bobbi Ireton, Software Principal Engineer, RSA Performance Optimization: RSA Product Learning Lab 
       
2:30pm – 3:15pm   Expert Panel: Got Third-Party Risk?
Interested in understanding how digital risk management affects your third party risk management process? Need tips on how and where to put your third party risk management investment into action? Join us for an insightful panel discussion between third-party risk experts from the public and private sector on business, security and risk issues from third parties and the organizations that employ them. You’ll have an opportunity to hear real life examples and ask question. 
Patrick McGuigan, AVP, Third Party Risk Manager - Berkshire Bank; Kanitra Tyler, Supply Chain Risk Management Service Owner - Office of Cyber Security Services, NASA Office of the Chief Information Officer and Hank Schepker, Sr Manager, Supplier Risk Management, Altria Evolving Third Party Risk for the Digital Transformation
Show and Share with Highmark Health: RSA Archer Policy Content Management
Learn how Highmark Health advanced the RSA Archer Policy Program Management use case by integrating real-time word processing capabilities. During this session Highmark Health will show and share how they reduced their policy content collaboration, review and approval life cycle from days and weeks - to hours. Invite policy stakeholders to review and comment through a word processing interface, to locate policies through simplified web search and to tag policies with key terms, definitions, authoritative sources and related procedures. Transform your policy management and compliance program into a modern, web-based user experience while leveraging the power of RSA Archer's Advanced Work Flow, Data Publication and Notification services. 
Tim Belardi, Director - Integrated Governance Risk and Compliance, Highmark Health and Shanti Ramaiah, Manager RSA Archer Platform, Highmark Health Beyond the Checkbox: Modernizing Compliance Programs
Operationalizing Your RSA Archer at Scale
How does implementing a tool with a scaled agile multi-scrum team environment translate to a product like the RSA Archer Suite?  Learn how Duke Energy used DEV Ops strategies, automation, and other agile concepts to develop innovative ideas and technologies to support their development, testing and regression cycles better. 
Jeff Londeree, IT Manager, Duke Energy Business Resiliency for the Always On Enterprise
Case Study: Recharging Your GRC Program
Looking to generate tangible GRC impact? Learn how National Grid re-energized and re-oriented its RSA Archer implementation with a common risk-and-control approach across the entire organization. This session highlights actionable strategies for sparking a renewed focus on GRC and sustainable collaboration among all three lines of defense.
Marina McQuade, GRC Programme Director, National Grid and Ed Barone,  Director, Cyber Security Services, KPMG LLC Managing Operational Risk for Impact
Automate Security Analytics with RSA NetWitness
RSA NetWitness has three powerful command line tools that can be used to unlock expert features and automate some of your analysis, leveraging scripting with NwConsole, API and SDK! This presentation will demonstrate how to use RSA NetWitness’s NwConsole to query packets, search strings or regular expression in meta and/or payloads, use SDK to search and save metadata results to CSV and use the API to search the metadata from other tools. Finally, use RSA NetWitness’s NwConsole to run recurring tasks like sending files or meta to disks for further analysis.
Guy Bruneau, GSE, Senior, Security Consultant, IPSS Inc. Transformation Cyber Threat Detection & Response
Ameriprise Case Study: Rising to the Challenge of Database Account Loading
Challenged with inadequate collection capabilities, Ameriprise turned to RSA’s DataReach solution to govern and manage database access and to scale to daily database collection needs. Join us as we share our best practices and results to date by using a fully automated robust solution. 
Jennie Baxter, Director, Identify & Security Management, Ameriprise Financial and Anil Allaparthi, Senior Software Engineer, Ameriprise Financial Technical Tracks
Preparing for Your RSA Archer “Journey to the Cloud”
Are you looking to migrate RSA Archer to a public cloud? In this session we’ll discuss lessons learned from Sallie Mae’s “journey to the cloud.”  The discussion will include recommended steps to take in the planning, migration and post-migration phases to set your team up for success
Kylie Pfeiffer, Manager, IT Controls and Security Risks, Sallie Mae View from the Clouds: Securing IaaS/SaaS Transformation
Services Panel – RSA NetWitness Focus
RSA Netwitness experts come together to offer a closer look at Netwitness - from how it was designed to be used,  to how it’s used in practice, how to train up your teams, and what to do when things don’t go as planned.
Dace McPherson, Consultant, Customer/Technical Training, RSA  and Mitch Hanks, Advisor, Product Management, RSA  RSAU
Hello, World! API Advanced Lab - Part 2
Building off of the "Hello, World! API Basics Lab" course from the past several years, the Advanced Lab will dive even deeper into the world of RSA Archer API utilization. This session will explore a how the APIs can be leveraged to develop middle-ware responsible for keeping RSA Archer and an external system in sync on a polled interval. Participants will be writing code alongside our guide to see how to make the most of their platform. Coding experience and/or prior Basics Lab participation is required.
Scott Hagemeyer, Senior Product Manager, RSA and David Petty, Advisory Consultant, RSA Performance Optimization: RSA Product Learning Lab 
Advanced Workflow: You Asked, We Delivered...In the Lab! - Part 2
This lab complements the session, “Advanced Workflow: You Asked, We Delivered!”, in providing a real hands-on experience.  We’ll highlight several of the changes and the overall transformation of Advanced Workflow. The feature has gone through many customer-inspired improvements, such as rules based enrollment, electronic signatures, full screen designer, and more.
Bobbi Ireton, Software Principal Engineer, RSA Performance Optimization: RSA Product Learning Lab 
3:15pm – 3:45pm  Networking Break    
3:45pm – 4:30pm   Don't Ask, Evidence
During an age of ever-changing global regulatory and client security requirements, learn how to maximize vendor risk management to pro-actively evidence control compliance. Gain insight into the most frequently requested security documents. Understand how to construct and leverage an internal evidence repository adding depth and maturity to your program. Revolutionize traditional risk assessments.
Jennifer Lee, Sr. Director, Global Security Services; Operations Principal, Aon Securities, Inc. Evolving Third Party Risk for the Digital Transformation
Deploying RSA Archer In a Mature Cybersecurity and Privacy Environment
Join us as we share how the National Institute of Standards and Technology (NIST) uses RSA Archer to help articulate enterprise IT risk posture to senior business/IT leadership resulting in the advancement of mission goals.  In addition, we'll focus on the improved efficiencies gained through the automation of security control assessments and the bandwidth created to help meet IT innovation demands.  Our demo will showcase RSA Archer public sector solutions including an integrated view of risk posture with quantitative metrics across the enterprise, automated display of data in multiple frameworks (e.g. CSF) and more frequent, near real-time risk information to System Owners and Authorizing Officials.     
Sheldon Pratt, National Institute of Standards & Technology and Christian Neeley, Advisory Principal, Deloitte Beyond the Checkbox: Modernizing Compliance Programs
Utilizing RSA Archer for Risk Control Self-Assessment
In this session, you will learn how RSA Archer Operational Risk Management applications can be utilized to implement and execute a Risk and Control Self-Assessment (RCSA) Framework inclusive of control testing.  This session will cover the out of the box and custom applications that were utilized, as well as how they were linked together to form the RCSA program. 
Jennifer Harmon, Operational Risk Manager- RCSA Lead, Atlanta-based Regional Bank  and Monica Generose, Internal Controls Lead, Atlanta-based Regional Bank Managing Operational Risk for Impact
Growing RSA Archer: How St. Luke's Health System Customized and Cultivated to Maximize our RSA Archer Yield
After customizing the application, St. Luke's Health System has successfully integrated devise risk management (vulnerability scanning), annual risk control procedure assessments, application tiering, Business Continuity and Disaster Recovery. In addition we are in the beginning phases of integrating RSA NetWitness to assist in yielding risk information for our applications and device
Dustin Aldrich, Cyber Security Analyst III, St. Luke's Health System and Dawn Teply, Cyber Security Analyst III, St. Luke's Health System Transformation Cyber Threat Detection & Response
Leverage DevOps Methodologies to Become More Resilient and Mitigate Risk Using the Global Cloud
The technical world moves fast, and with it, attackers move fast as well. With that fast pace comes a plethora of risk in both implementing change and attempting to mitigate security risks. Don't get left behind with security holes plaguing your organization and lack of visibility for risk mitigation. Apply DevOps methodologies in deploying RSA products flexibly in the cloud. Using Infrastructure as Code, we've been able to create deployments that are consistent, reliable, scalable, and resilient all across the globe within minutes.
Elijah Gartin, Technical Consultant/DevOps Engineer, RSA View from the Clouds: Securing IaaS/SaaS Transformation
The End-User Experience: How to Guide End-Users Through an Evolving RSA Archer Interface
As you move your RSA Archer environment from one build to the next, the challenge of training your end users on interface and other changes must be addressed. This session will present some tips and best practices on how to effectively train and guide end users through new UI and UX changes, and how to get the most value out of their RSA Archer experience.
Chris Madsen, Consultant, Customer/Technical Training, RSA and Finnegan Boson, Senior Analyst, Customer/Technical Training, RSA
RSAU
Through the Looking Glass with Data Gateway: Seamless Integration of External Data
The increasingly complex risk landscape has caused a spurt in data growth - and it shows no sign of slowing down. How will you assess, manage and track risks at scale? RSA Archer's emerging Data Gateway capabilities provide a mechanism to shift from point by point consumption of data, to the ability to analyze and report on bulk datasets wherever they exist around your organization. In this session we will demonstrate the power and flexibility of Data Gateway by showcasing two different applications of the technology: deriving risk scoring from very large datasets and reaching out in real time to other systems via a pilot Incident Management and Response integration with RSA NetWitness. 
Apoorva Srivastava, Software Engineer 2, RSA and  Mohammed Ziauddin, Senior Software Engineer, RSA Technical Tracks
Make Your Digital Dream a Reality: Leveraging Identity Tools to Drive Innovation While Managing Risk
Security and risk professionals must deliver value using automation in three areas: Identity, data, and new product or service development. In this interactive session the RSA Professional Services team will discuss solutions around RSA SecurID Access, based on enterprise grade industry requirements. 
Jamie Pryer, Global Services Product Lead, Identity, RSA Performance Optimization: RSA Product Learning Lab 
Threat Aware Authentication:  Using the RSA NetWitness Platform to step-up RSA SecurID Authentication
Come learn how the RSA NetWitness Platform can enhance your RSA SecurID Access investment by providing threat aware authentication.  In this hands-on lab users will perform tasks that trigger an incident within RSA NetWitness that will require the user to step-up their authentication. Learn about new features that will help you protect your organization with this new enhanced integration between RSA NetWitness and RSA SecurID.
Larry Hammond, Senior Systems Engineer, RSA  Performance Optimization: RSA Product Learning Lab 
       
6:30 pm – 8:30 pm  "Be Our Guest" Customer Dinner    
8:30pm – 11:00pm  Dessert & Fireworks @ Epcot    


Wednesday, September 18


Time Session Speaker/Instructor Track
7:15am – 8:30am  Breakfast     
8:30am – 10:30am RSA Archer Super Session    
8:30am – 10:30am RSA SecurID Super Session    
8:30am – 10:30am RSA NetWitness Super Session    
8:30am – 10:30am RSA Fraud and Risk Intelligence Super Session    
10:30am – 10:45am Networking Break    
10:30am – 5:30pm  Partner Showcase Open     
10:30am – 5:30pm

RSA Charge Zones Open:

Connect - Schedule some time with a RSA Expert

Inspire - Check out cool new stuff in our RSA Innovations Lab, visit the RSA Charge SOC exhibit and tap into the RSA community at the RSA Exchange area

Share - Relax in the Customer Success Lounge and learn how to share information in the RSA Link Community area

Transform - Turn Information into Action with RSA Customer Experience and learn how to enhance performance at the RSA University area

   
10:45am – 11:30am  Building a Mature Third Party Risk Management Program Through Automation, Efficiencies and Monitoring.
Many organizations are using third parties to support and augment their operations to deliver products and services to their customers, yet doing so can result in performance risk. During this session you will learn best practices to reduce cycle processing time, manage 4th parties, and execution of continuous monitoring parameters. Help your team identify and take action through the OODA Loop process to appropriately monitor, understand and take necessary action on service provider issues. Learn to leverage technology tools, analyze third party data, and recognize obstacles. Discover best strategies other organizations have implemented to deliver successful and mature Third Party Risk Management Programs.
Mary Kay Merkt , SVP - Director Vendor Management & Procurement, Johnson Financial Group  Evolving Third Party Risk for the Digital Transformation
Turkcell Case Study: Security Governance Compliance
Challenges are increasing day by day due to security and governance issues, which are the fastest growing threats to IT and the telecom industry. With our constant digital transformation mindset, having key controls on systems, measuring and monitoring their compliance on a daily, weekly, and monthly basis is key to the on-going compliance success of the organization and its security strategy. This session will share Turkcell’s compliance approach, including  IAM, SOX Controls, Project Security, Security Awareness and Process Maturity.
Ahmet Denz Erol, Senior Process Management Specialist, Turkcell and Baris Efil, Process Management Expert, Turkcell Beyond the Checkbox: Modernizing Compliance Programs
Digital Risk Index: Tackling Digital Risk Together
This session is geared toward security and risk management leaders who are trying to improve visibility and collaboration between their functions. During this session, attendees will learn how to can use a new self-assessment tool, the RSA Digital Risk Index, to spark actionable conversations about digital risk with their peers.  Attendees can take the interactive assessment while in the session and will discuss challenges and practices necessary to manage digital risk.
Steve Schlarman, Director, Product Marketing and DRM Strategist, RSA Business Resiliency for the Always On Enterprise
Risky Business: Engaging Owners by Driving Accountability through Enterprise Issues Management
To truly empower and protect your business today, you must promote a culture of risk awareness, transparency, and accountability. In this session, you will learn how Regions Financial, in partnership with KPMG, worked to achieve this state by building out a consolidated enterprise-wide issues management program within the RSA Archer framework.
Callie Perkins, Vice President, Enterprise Risk Management, Regions Bank;
Robyn Harp, Vice President, GRCReach Center of Excellence, Regions Bank; Ryan Millerick, Lead Specialist, Cyber Security Services, KPMG, LLP
and Catherine Hykel, Senior Specialist, Cyber Security Services, KPMG, LLP

Managing Operational Risk for Impact
Operationalizing Incident Response
Explore how and why key-business drivers shaper your security operations. Go beyond the guidance provided by NIST and examine how risk management, threat intelligence, and incident response come together in a sensible, practical, and operational detect and respond model that will meaningfully impact your cyber risk strategy. 
Shane Harsch, Senior Solutions Principal, RSA Transformation Cyber Threat Detection & Response
Panel Discussion: The Future of Managing Workforce Transformation Risk
What will the Digital Risk landscape look like 3 years from now? Join our panel of experts as they discuss how the Legal, Insurance and Technology sectors are joining forces to help customers manage Digital Risk spawned by workforce transformation. Our insightful speakers will share their experiences, including top challenges faced by customers and how their collective industries are responding. Learn about the importance of using risk frameworks, left and right of boom services, cyber due diligence within M&A and the latest underwriting trends.
Doug Howard, VP Global Services and IT Innovation, RSA, Lisa Sotto, Partner and Chair of Global Cyber Security Practice, Hunton Andrews Kurth LLP and Holly Rollo, Chief Marketing Officer, RSA Managing Risk in the Dynamic Workforce
Services Panel: Identity Focus
RSA Identity experts come together to offer a closer look at how RSA can help you manage user authentication and access - from how RSA identity products are designed to be used to how they're used in practice, and offer advice on what to do when things don’t go as planned.
Peter Hunt, Technical Training, RSA,  Jamie Pryer, Global Services Product Lead (SPL) - Identity , RSA, and Geoff Cairns, Sr. Practice Manager,
Professional Services, Identity Assurance Practice, RSA
RSAU
Getting to Grips with RSA Archer JavaScript Transporter
The introduction of the JavaScript Transporter in RSA Archer 6.4 represents a seismic shift in the capabilities of the RSA Archer Data Feed Manager. In the past, the Data Feed Manager was ingest-only and limited to a single source. A file or report was fed into the transporter and the dataset was returned in RSA Archer. Every report or source would require its own data feed, each consuming more system resources. The world has changed! JavaScript Transporter infuses the Data Feed Manager with a shot of adrenaline designed to turbo-charge your data aggregation engine. Come and see how the JavaScript Transporter allows organizations to quickly and flexibly glean risk data from modern, web-based sources, as well as witnessing the new write to disk functionality introduced in RSA Archer 6.6. 
Wesley Loeffler, Systems Engineer, RSA and Mike Eilert, Software Senior Engineer, RSA        Technical Tracks
Automation to the Rescue: NASA Case Study
Are your RSA Archer administrators overburdened by having to manually review and co-correct errors in user created CSV files used to bulk create/update RSA Archer records via data feeds?  Are you looking for ways to improve overall team efficiency and give your RSA Archer users more control and autonomy in this regard?  If so, come and learn how NASA leveraged a combination of an Excel template file, an attachment field, a PowerShell Script, a Data Feed, and results based emails to enable users to independently bulk create/update records in the Assessment and Authorization Hardware application with role-based limits on what records they can affect!
Stephen Kerney, Systems Architect 2, NASA and Tiffany Snyder, RISCS Project Manager, NASA Performance Optimization: RSA Product Learning Lab 
Regulatory Content Analysis: A Hands-On Introduction
This will be an instructor-lead lab session. Participants in this lab will have the opportunity to use the Regulatory Content Analysis application end-to-end, taking a closer look at features including the ability to upload training data and regulatory content, analysis of matches between existing controls and new regulations as suggested via a Natural Language Processing algorithm, searching for and creating new content matches, and exporting the new regulatory content for upload into their RSA Archer suite.
Douglas Heller, Software Quality Engineer 2, RSA and Corey Carpenter, Senior Advisor Product Management, RSA Performance Optimization: RSA Product Learning Lab 
11:45am – 12:30pm Manage Third-Party Risk with Visibility, Insight and Action
As third-party ecosystems grow and become more complex as a result of digital transformation, so does the risk.  In fact, third-party risk is not just one type of risk - it consists of security risk, access risk, compliance risk, resiliency risk, cyber risk, fraud risk and more.  These new, related and evolving risks are driving the need for more effective risk management and efficient governance because traditional methods are not scalable for growing third-party ecosystems.  Any one of these areas of third-party risk has the ability to disrupt the objectives of your organization. Attend this session to learn how you can take a unified, phased approach to managing these third-party risks.
Patrick Potter, Risk Strategist, RSA Evolving Third Party Risk for the Digital Transformation
Duke Energy Case Study: Avoid Compliance Testing Fatigue through Strategic Automation
This session will explore traditional testing pitfalls and alternatives.  Learn the “why's” and “how's” a team should use automation in a continuous development environment to enhance outcomes and productivity.  Change mindsets and standards by adopting automation practices. 
Christopher Wilson, SR IT Application Analyst, Duke Energy Beyond the Checkbox: Modernizing Compliance Programs
Risks Lurking in the Shadows of Digital Transformation
For all of the considerable benefits that come with Digital Transformation, there are also the inevitable outcomes of new types of risk to the business. The winners in the race to transform to new business models, new levels of customer engagement, and new operational efficiencies driven by expanded use of technology will be those that most effectively identify, assess and manage those risks. This session will explore the state of the enterprise, and specific verticals in getting their arms around the ‘digital risks’ inherent in their transformation efforts. The session will feature recent market research conducted by RSA on the ways different companies, and different teams within the enterprise view these risks and the responsibility of managing them. 
Ben Desjardins, Vice President, Product Marketing, RSA  Business Resiliency for the Always On Enterprise
The Evolution of the Risk Register Makeover Edition
Many organizations are realizing that their risk registers are in need of a makeover. In this session we will explore topics around normalizing existing risk registers, moving toward continuous risk monitoring and revamping risk intake and triage, and improving executive reporting. This open discussion will be the foundation used to build an ongoing group of companies that are looking to evolve their programs in light of a very dynamic risk landscape.
Christopher Patteson, Director, Risk Transformation Office, RSA and Philip Aldrich, Director, Enterprise GRC, Dell  Managing Operational Risk for Impact
Threat Hunting in a Massive Network: Make it Hard to Hide
Would you know if one Domain Controller were acting differently than 400 others just like it? What about a single point of sale device, ATM or DNS server transmitting unusual traffic out of thousands of similar devices? Threat hunting is a truly massive network of millions of IPs requires unique approaches to work through petabytes of network traffic effectively. With over eight years of experience with a very large installation of RSA NetWitness this session will show you how to use the product to identity rare network behaviors that would ordinarily go unnoticed. This type of threat hunting transcends attack specifics, helping to eliminate IOC-focused hunting and instead focuses on behavior-based hunting. Open your eyes to machine behaviors you weren't aware of before!
 Vernon Habersetzer, Infosec Hunt Team Lead, CISSP, EnCE, GCFA, GCFE, GCIH, CISA, CFE, GREM, GCIA, Walmart Transformation Cyber Threat Detection & Response
Asset Criticality is Only Half the Story – User Risk Completes the Picture
In today’s dynamic workforce, understanding which assets in the organization are most critical is a good first step. But it is not sufficient to drive security or inform IT risk. To see the whole picture requires understanding the users of those assets as well. Each user has different resources they access and different access patterns. Leveraging the Identity Assurance capability within RSA SecurID Access provides visibility to the user-specific risk. These user level insights can help your risk management framework be more intelligent and impactful by helping you assess and implement the right controls. We will show how a recent proof of concept from RSA Labs can surface user risk in meaningful and actionable ways to better understand, manage, and reduce the risk, not just of the asset itself, but inherent in its users as well.
Kevin Bowers, Senior Technologist, RSA Labs, RSA and Sudarsan Kannan, RSA, Consultant, Product Management, RSA Managing Risk in the Dynamic Workforce
Services Panel: RSA Archer Advanced Workflow Focus
RSA Archer's Advanced Workflow is a powerful feature that can quickly become complex.  Join three RSA Archer services experts for a closer look at Advanced Workflow – from how it was designed to be used to how it’s used in practice, and learn what to do when things don’t go as planned.
Chris Madsen, Consultant, Customer/Technical Training, RSA, Jean Golka, Senior Manager, Professional Services, RSA and Greg Leichty, Principal Engineer, Technical Support, RSA RSAU
Job done! Automated Testing in RSA Archer
Testing in RSA Archer can be a heavily manual process for all parties - developers, system administrators, and business/end users. It's painful at times. In response to these challenges the RSA Archer team at Nordstrom has developed "Advanced Deployment," a tool to simplify the RSA Archer SDLC and automate a number of those manual tasks. You can accomplish everything from bulk creating test users (with optional role and group assignments) to comparing the configurations of your dev/test/prod environments to testing Advanced Workflow paths (without logging in!) This session will provide an overview of the tool's capabilities followed by a live demo.
Wilson Hack, Engineer 2, Governance Management, Nordstrom Technical Tracks
Automation to the Rescue: NASA Case Study
Are your RSA Archer administrators overburdened by having to manually review and co-correct errors in user created CSV files used to bulk create/update RSA Archer records via data feeds?  Are you looking for ways to improve overall team efficiency and give your RSA Archer users more control and autonomy in this regard?  If so, come and learn how NASA leveraged a combination of an Excel template file, an attachment field, a PowerShell Script, a Data Feed, and results based emails to enable users to independently bulk create/update records in the Assessment and Authorization Hardware application with role-based limits on what records they can affect!
Stephen Kerney, Systems Architect 2, NASA and Tiffany Snyder, RISCS Project Manager, NASA Performance Optimization: RSA Product Learning Lab 
Regulatory Content Analysis: A Hands-On Introduction
This will be an instructor-lead lab session. Participants in this lab will have the opportunity to use the Regulatory Content Analysis application end-to-end, taking a closer look at features including the ability to upload training data and regulatory content, analysis of matches between existing controls and new regulations as suggested via a Natural Language Processing algorithm, searching for and creating new content matches, and exporting the new regulatory content for upload into their RSA Archer suite.
Douglas Heller, Software Quality Engineer 2, RSA and Corey Carpenter, Senior Advisor Product Management, RSA Performance Optimization: RSA Product Learning Lab 
12:30pm – 1:30pm  Lunch - Guest Speaker: Tracy Edwards, MBE, Round The World Sailor and Social Activist
1:30pm – 2:15pm  Realizing the Strategic Value of Good Third-Party Risk Management - A Comprehensive Approach
What does good third-party cybersecurity risk management look like? Well, look no further than the patterns used to manage internal enterprise information security risk. How do you do this? With good processes operated on a foundation of good data, analytics, and automation. We will share how Fidelity has applied core patterns of internal information security risk management to build an effective third-party risk management program. This collaborative discussion will focus on key components of an effective third-party risk management program, from initial business risk identification, on through to assessment, monitoring, and remediation. We will focus on proven suggestions and knowledge sharing to help you get ahead of and effectively manage third-party risks.
Kelly White, CEO and Founder, RiskRecon and  Manuel Rios, VP Cyber Security, Fidelity Investments Evolving Third Party Risk for the Digital Transformation
Uniting Audit, Compliance, and Analysis with RSA Archer and RSA NetWitness in a Digital World
Our ever-evolving, organization-wide approach to continuous monitoring and risk reduction compels our team to continuously innovate.  We leverage RSA Archer to automatically federate significant audit events collected in RSA NetWitness to enable security professionals to effectively monitor and trend user activity across the enterprise.  Correlating RSA NetWitness data with vulnerability scans, registered privileged users, security plan information, and many others provide actionable cybersecurity capabilities at all levels of the Risk Management Framework.
Troy Taitano, Chief, Cyber Modernization Division, Kyle Cribbs, Project Manager, SAIC and Christopher Jackson, Lead Engineer, SAIC  Beyond the Checkbox: Modernizing Compliance Programs
RSA Archer Alignment of Continuity and Disaster Recovery
To protect and recover your systems, IT is quietly determining each system's organization criticality as they allocate resources and set restoration order. These are decisions your business should be making. Be a fly on the wall to watch how St. Luke's Health System utilized RSA Archer Business Continuity to align business continuity with IT disaster recovery to achieve this simple, but loft objective. 
Dustin Aldrich, Cyber Security Analyst III, St. Luke's Health System and Dawn Teply, Cyber Security Analyst III, St. Luke's Health System Business Resiliency for the Always On Enterprise
Balancing Fraud Risks, Consumer Experience, Revenues and Operational Costs
The consumer world is at a historical inflection point, as individuals interact and transact in more ways than ever before. Organizations are going through digital transformations, exposing more digital channels to their consumers in order to meet the growing demand for convenience. In turn, this leads to unprecedented business risk and security challenges ranging from legislative pressure, competition from new entrants, and an increase in potential vulnerabilities that can be exploited by fraudsters and cyber criminals. Attend this session to hear different perspectives on how to balance fraud risks, consumer experience, revenues, and operational costs.
Elizabeth O'Brien, Senior Manager, Customer Success, Fraud and Risk Intelligence Professional Services, RSA Managing Operational Risk for Impact
Protecting the Enterprise: Enabling Cyber Integration and Compliance Control Frameworks through RSA Archer
Presented will be an overview of RSA Archer integration projects to pull multiple external data sources from multiple external entities and sources to form a centralized enterprise framework to manage information related to policies, procedures and critical Cyber Security information for key business areas throughout the organization.  A previous manually intensive effort to ingest, identify changes and disseminate information is enabled through RSA Archer functionality that includes Corporate Obligations Management, Cyber Incident Breach Response, IT Security Vulnerabilities, IT Risk Management and the Issues Management solutions.  This session will explore both the strategic and technical aspects of RSA Archer data integration that includes Advanced Workflows, electronic approvals, RSS feeds, internal and external API integrations.
Warren Link, GRC Platform Technical Lead, Merck and Eric Schlarman, Risk Transformation Consultant, EY Transformation Cyber Threat Detection & Response
Maximize End User Adoption with Creative Training and Marketing Strategies
You have spent weeks configuring and testing your new RSA Archer use case. Now it’s time to roll it out to the masses! Then you start thinking, “What if our employees don’t adopt the new system? How do we get people excited about our brand new shiny RSA Archer system?” Learn how Delta Air Lines and Crowe maximized user adoption by launching creative training and marketing strategies using industry-leading training tools.
Robert Lewis, Principal – Information Security, Delta Air Lines and Tony Classen, Senior Manager, Crowe LLP Managing Risk in the Dynamic Workforce
Services Panel: RSA Archer Access Control Focus
Controlling access to data within RSA Archer is a topic that seems straightforward enough on paper...but applying your knowledge within the actual system may require additional strategies. Join three RSA Archer services experts for a closer look at Access Control within RSA Archer – from how it was designed to be set up to scenarios seen in actual practice, and learn what to do when things don’t go as planned.
Peter Hunt, Consultant, Customer/Technical Training, RSA, David Petty, Advisory Consultant, Professional Services, RSA, and Marcy Gaynes, Senior Principal Engineer, Technical Support, RSA RSAU
Small But Mighty: Administering RSA Archer Without a Massive Team
Managing an application, solution owners and end users when you have a small RSA Archer Administration team can be daunting.  In this session, I’ll share techniques that will help manage the everyday and long-term challenges.  Through scheduled communication, a unified support tracking solution, and clear prioritization rules, you’ll gain efficiencies to make better use of your most valuable resource: time. 
Kylie Pfeiffer, Manager, IT Controls and Security Risks, Sallie Mae Technical Tracks
Advanced Workflow: You Asked, We Delivered...In the Lab! - Part 1
This lab complements the session, “Advanced Workflow: You Asked, We Delivered!”, in providing a real hands-on experience.  We’ll highlight several of the changes and the overall transformation of Advanced Workflow. The feature has gone through many customer-inspired improvements, such as rules based enrollment, electronic signatures, full screen designer, and more.
Bobbi Ireton, Software Principal Engineer, RSA Performance Optimization: RSA Product Learning Lab 
Securing Office 365 the Easy Way With RSA SecurID Access - Part 1
Microsoft Office 365 is a beautiful thing—it’s a very productive platform, full of your data, that is highly available to your end users…and threat actors! This lab will show you how to protect Office 365 with ease utilizing RSA SecurID. In this lab we will cover Access Policies, My Page, OpenID Connect, and the Office 365 integration.
Randy Belbin, Systems Engineer, RSA Performance Optimization: RSA Product Learning Lab 
       
2:30pm – 3:15pm   Protecting Zelle Transactions with RSA Adaptive Authentication
Being a service that helps attract and maintain customers, Zelle has made inroads into the peer to peer payments space. Zelle's own social media feeds recommend against using its service for payments to people the payer does not know. Yet this happens. In this session RSA will discuss its best practices for its customers to use RSA Adaptive Authentication to protect Zelle transactions.
Gregory Dicovitsky, Field CTO, RSA Evolving Third Party Risk for the Digital Transformation
Raiffeisen Bank International Case Study: Challenges and Tools for Internal Control System (ICS) Framework
The set-up and implementation of an ICS Framework in a large multinational organization bears inherent challenges. Join us as we take a closer look on the used control examination approaches (control reviews, control assessments, self certification), Group steering (via Group Key Controls) and Reporting. Control review scripts and standards, sampling and validation are all documented in RSA Archer. We will share how the  process looks like from both from a Head Office perspective as well as from a local perspectives and share practical examples. 
Caliopi Ionela Galindo-Trigos, Internal Control System Specialist, Raiffeisen Bank International/Internal Control Beyond the Checkbox: Modernizing Compliance Programs
Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You
Every breach response plan looks good on paper, but what about when it’s time for action? Breaches are an everyday part of business. This session will talk about the critical dos and don'ts during and after a breach, as well as circle back to left of breach.
Doug Howard, VP Global Services and IT Innovation, RSA, Evan Wolff, Partner, Crowell & Moring and Patrick Kerry, Senior Director Consultant, IR ACD Practice, RSA  Business Resiliency for the Always On Enterprise
Rio Tinto’s Journey Towards Integrated Enterprise Wide Management of Risk
Rio Tinto is pioneering the production of materials essential to human progress. The minerals and metals we produce play a vital role in a host of everyday items and innovative technologies that help make modern life work.  This presentation will share an overview of our vision for integrated management of risk across the 3 lines of defense, progress made and lessons learnt to date.  Highlights include embedding risk appetite in practical thresholds, integrating risk, control and assurance, an integrated internal control framework, deep diving on patterns of user activity and reporting for business insight.
Mathew Hancock, Principal Advisor - Risk, Rio Tinto  Managing Operational Risk for Impact
Log Anything: Keeping you Ahead of the Expanding Attack Surface
As organizations continue their digital transformation, there are increasing vectors for attackers to leverage, from home grown applications to new on-premise applications to a myriad of cloud services.  We will walk through the options RSA NetWitness Platform offers for collecting new log sources as well as parsing them, including Dynamic Log Parsing Rules, the Log Parsing Tool, NW Endpoint Insights, and Collection Plugins.  We will also review RSA NetWitness Platform deployment options for Cloud and Hybrid Cloud and currently supported Cloud sources.
Mitchell Hanks, Prodcut Manager, RSA and Michael Gallegos, Principal Product Manager, RSA  Transformation Cyber Threat Detection & Response
Risk Technology Solutions: A Transitional Tale of Workforce Optimization
What will the Digital RIsk Management landscape look like in 3 years from now? Hear how Legal, Insurance and Technology are coming together to help customers better manage Digital Risk. Our knowledgeable speakers will share trends and challenges from their perspective including what key challenges their customers face and what their practice areas are doing to face those challenges. Topic will include: importance of frameworks; left and right of boom services; cyber due diligence with M&A; underwriting trends.
Nicholaus Lyschik, RSA Archer Support Manager, U.S. Bank Managing Risk in the Dynamic Workforce
Services Panel: RSA Archer Data Feed Manager Focus
RSA Archer Data Feed functionality is a proven tool, well-used for both automation and integration. Join three RSA Archer services experts for a closer look at the Data Feed Manager – from best practice recommendations to scenarios seen in actual practice, and learn what to do when things don’t go as planned.
Chris Madsen, Consultant, Customer/Technical Training, RSA,  BJ Johnson, Senior Principal Engineer, Professional Services, RSA and Jeff Letterman, Senior Principal Engineer, Technical Support, RSA RSAU
Modernized Reporting with RSA Archer 6.6
"A picture is worth 1,000 words.", is how the saying goes, and we are enhancing RSA Archer's reporting capabilities to make sure they ring true. This session will highlight all of the reporting enhancements made to the product recently. From new defaults on Dashboards, iViews, and Charts, to Featured Metrics and Geographical Map Type reports, and a look at what lies ahead for reporting, this is one session you won't want to miss!
Scott Hagemeyer, Senior Product Manager, RSA and Anand Deshpande, Consultant Product Manager, RSA Technical Tracks
Advanced Workflow: You Asked, We Delivered...In the Lab! - Part 2
This lab complements the session, “Advanced Workflow: You Asked, We Delivered!”, in providing a real hands-on experience.  We’ll highlight several of the changes and the overall transformation of Advanced Workflow. The feature has gone through many customer-inspired improvements, such as rules based enrollment, electronic signatures, full screen designer, and more.
Bobbi Ireton, Software Principal Engineer, RSA Performance Optimization: RSA Product Learning Lab 
Securing Office 365 the Easy Way With RSA SecurID Access  - Part 2
Microsoft Office 365 is a beautiful thing—it’s a very productive platform, full of your data, that is highly available to your end users…and threat actors! This lab will show you how to protect Office 365 with ease utilizing RSA SecurID. In this lab we will cover Access Policies, My Page, OpenID Connect, and the Office 365 integration.
Randy Belbin, Systems Engineer, RSA Performance Optimization: RSA Product Learning Lab 
3:15pm – 3:45pm  Networking Break    
3:45pm – 4:30pm   Vendor Risk Management About-Face
What do you do when you are the vendor? How do you organize and manage client contractual and regulatory audit requirements efficiently? Discover how to re-invent your vendor risk management solution to implement a client tiering framework, establish repeatable business engagement processes and streamline delivery with accurate, consistent messaging. Be the vendor your clients expect.
Jennifer Lee, Sr. Director, Global Security Services; Operations Principal, Aon Securities, Inc. Evolving Third Party Risk for the Digital Transformation
Straight Talk on Implementing RSA Archer for Financial Institution Governance
Hear Northwest Federal Credit Union ($3.4 billion credit union) tell its story regarding the implementation of RSA Archer as its GRC solution.  The memorable successes that worked and the not-so-easy to forget challenges they faced along the way. Learn about the 4 key components to a successful GRC implementation: People, Processes, Technology and External Events, and some of the benefits gained from the implementation. 
Amy Baker, Sr. Manager ERM Compliance, Northwest Federal Credit Union  Beyond the Checkbox: Modernizing Compliance Programs
The Current State of Digital Risk
It’s official: digital transformation is having a palpable impact on companies’ risk profiles, according to the results of our landmark RSA® Digital Risk Report, the first definitive survey of organizations’ perceptions of—and plans for managing—digital risk.  An overwhelming 90 percent of survey respondents indicate their organization’s risk profile is expanding as a result of their digital transformation initiatives.  This session will break down the results of the RSA Digital Risk Report and take a closer look at digital risk
Steve Schlarman, Director, Product Marketing and DRM Strategist, RSA Business Resiliency for the Always On Enterprise
Integrated Operational Risk Management: A Coordinated and Holistic Approach to Viewing Risk and Making Informed Decisions, and a Key Pre-Requisite for Adapting to the Digital Transformation Era
Risk teams manage specialized risk disciplines such as IT or third-party risk, but integration between these and others is essential in today’s complex world. How do we better integrate our separate risk management efforts? A common foundation, language, and methodologies is a start, but it also takes an enabler. That enabler is the suite of RSA Archer solutions, that when combined with an integrated framework, brings together risk intelligence and, more importantly, helps drive informed business decision-making.  Attend this session to learn about some best practices and recommendations from how Voya Financial does integrated risk management.
Chrys Torhan, Director, IT Operational Risk Management, Voya Financial and Lloyd Costello
Senior Analyst, TIO Operational Risk Management
Voya Financial
Managing Operational Risk for Impact
Congratulations! You Just Bought a Breach: The Importance of Cyber Risk Assessments in Mergers and Acquisitions
Cyber-related weaknesses or missteps add yet another wrinkle to the M&A process, which makes network and data due diligences a top priority in making deals. But how do you best assess industry-appropriate levels of cyber maturity, identify security gaps, validate necessary strategies, and remove friction from a challenging M&A process? What risks could negatively affect a transaction? How do you determine the appropriate investment levels to achieve cyber maturity across people, processes and technologies? Join an experienced global security experts and IT systems innovator and an accomplished attorney in the cyber risk field for an important and practical session. 
Doug Howard, VP Global Services and IT Innovation, RSA and Aravind Swaminathan, Partner, Global Co-Chair, Cybersecurity and Data Privacy White Collar & Corporate Investigations, Orrick   Transformation Cyber Threat Detection & Response
The Human Firewall Program A Risk Based, Measureable Approach to Securing the Weakest Link in the Chain
The Human Firewall system is a concept based on the fact the human is the weakest link in the security chain. Social engineering happens to be the primary vector of attack in more than 90% of the data breaches across the world. In order to mitigate this risk, an organization needs to continuously assess it and mitigate it. But, before setting a target to lower that risk, an organizations needs to measure the current value of that risk and set. 
Ayad (Ed) Sleiman, CISM®, CRISC®, PMP®, ISO 27K LI, SCF, CBP®, Head of Information Security, KAUST Managing Risk in the Dynamic Workforce
Services Panel: RSA Archer Infrastructure Focus
There's a good amount of behind-the-scenes infrastructure required to make RSA Archer run. Join three RSA Archer experts for a closer look at the infrastructure needed to support RSA Archer – from best practice recommendations to scenarios seen in actual practice, and learn what to do when things don’t go as planned.
Peter Hunt, Consultant, Customer/Technical Training, RSA,  BJ Johnson, Senior Principal Engineer, Professional Services, RSA and Doug Swarts, Senior Principal Engineer, Technical Support, RSA RSAU
The Easy Button: Managing Users and Roles Through RSA Archer APIs
If you are using inherited record permissions throughout RSA Archer for assigning ownership/tasks to users, this session is for you! Does users moving between departments and teams cause you problems? Do you find it hard to keep track of changes in roles and which records should be assigned to which user? Do you spend time and effort manually searching for each and every record that needs to be updated? Learn how to overcome these obstacles and more by updating issue owners automatically through RSA Archer's APIs. You are one click away from the solution.  
Arvind Dhakad, Consultant, National Information Center, Riyadh, KSA and Mohammad N. Almutiri, Major, National Information Center, Riyadh, KSA Technical Tracks
Meeting the Challenge of Identity Governance in the Age of Digital Transformation
Come join experts from the RSA Professional Services team as they share best practices when using RSA Identity Governance and Lifecycle,  including IAM Blueprints. Learn how the solution can enable your identity management strategy at a time when  digital identities are multiplying faster than ever and how a governance strategy helps mitigate risk and maintain a continuous state of compliance. 
Jamie Pryer, Global Services Product Lead, Identity, RSA Performance Optimization: RSA Product Learning Lab 
Hands On Threat Hunting Competition:  Help Save Mickey!
Please join us in a hands-on competition to threat hunt in the RSA NetWitness Platform.  Participants will be presented with a drive by download use case where a series of questions will be asked.  Participants will use the RSA NetWitness Platform to search for the answers and the participant with the the most points at the end of the session will win a prize.  
Percy Tucker, Senior Manager, RSA  Performance Optimization: RSA Product Learning Lab 
       
4:30pm – 6:30pm  Partner Showcase Reception     
4:30pm – 6:30pm  Women's Leadership Celebration Reception    
7:30pm – 12:00am   Customer Appreciation Party in Disney's Animal Kingdom sponsored by Deloitte and KPMG     


Thursday, September 19


Time Session Speaker/Instructor Track
8:00am – 8:45am  Breakfast 
8:00am – 8:45am  Healthcare Industry Breakfast - REGISTER NOW
8:00am – 8:45am  Public Sector Industry Breakfast - REGISTER NOW
8:00am – 8:45am  Finance Industry Breakfast - REGISTER NOW
8:00am – 8:45am  Energy Industry Breakfast  - REGISTER NOW
9:00am – 9:45am Expert Panel: Got Third-Party Risk?
Interested in understanding how digital risk management affects your third party risk management process? Need tips on how and where to put your third party risk management investment into action? Join us for an insightful panel discussion between third-party risk experts from the public and private sector on business, security and risk issues from third parties and the organizations that employ them. You’ll have an opportunity to hear real life examples and ask question. 
Patrick McGuigan, AVP, Third Party Risk Manager - Berkshire Bank; Kanitra Tyler, Supply Chain Risk Management Service Owner - Office of Cyber Security Services, NASA Office of the Chief Information Officer and Hank Schepker, Sr Manager, Supplier Risk Management, Altria Evolving Third Party Risk for the Digital Transformation
Beyond Basics: From Simple Compliance Programs to a Risk Based Approach
It does not take long for many practitioners or leaders to realize that they need to transition from a foundational compliance based program to a risk based program for prioritizing critical controls. The challenge becomes how to understand how it fits into current “well established” processes within an organization. And, this can often becomes a bigger topic of how do we change our “risk culture”. Join us as we discuss ways to drive towards the goal of compliance while at the same time maximizing investment in risk posture.
Christopher Patteson, Director, Risk Transformation Office, RSA and Philip Aldrich, Director, Enterprise GRC, Dell  Beyond the Checkbox: Modernizing Compliance Programs
ORM, from a Regulatory Requirement to a Value Added Change Factor Governing Non-Financial Risk Management
Because operational risk management (ORM) is generally viewed as a limited value-added regulatory requirement that organizations must comply with, allocated resources are typically not sufficient to allow for change. If the ORM framework is properly implemented, it becomes the central element of non-financial risk management, a powerful tool to facilitate decision-making, a driver of efficiency and continuous improvement, and a strong guarantee toward an organization’s sustainability. This session will examine the true definition of ORM as it is meant to be and how current technologies, including GRC, can facilitate the implementation of a strong, value-added ORM framework.
Toufik Charrat, Group Head of Operational Risk Management & Fraud Risk Prevention, ADIB Bank Managing Operational Risk for Impact
3 Types of UEBA models for any Security Use Case
Learn how RSA NetWitness UEBA (User, Entity and Behavioral Analytics) engine works, from pulling raw data through enrichment, to aggregation and modeling, and all the way to detection and alerting.  We will explore the 3 types of UEBA models that can be applied to almost any security use-case. Our demonstration shows how the pipeline works and defines anomalous indicators for security insights.
Rohit Unnikrishnan, Principal Product Manager, RSA and Lior Govrin, Principal Engineer, RSA Transformation Cyber Threat Detection & Response
Leveraging the RSA Product Suite: How RSA  NetWitness, RSA Archer, RSA SecurID, and RSA Fraud and Risk Intelligence Can be Used Together
This session will showcase how RSA  NetWitness, RSA Archer, RSA SecurID, and RSA FRI can be integrated and leveraged together to address customers’ challenges. Companies who are primarily utilizing one of our products may not be familiar with how our other products can support and meet their security needs. Engaging in digital risk management is a multi-pronged problem that is best met with our multi-product solutions. To that end, this session will provide attendees with a holistic picture of the RSA portfolio.
Peter Hunt, Technical Training, RSA and
Dace McPherson, Consultant, Customer/Technical Training, RSA
RSAU
Finding the Unknown - Threat Hunting @Work by RSA IR
In this session a member of the RSA IR team will describe and walkthrough the IR team’s Hunting methodology that they leverage to discover and proactively identify unknown/undetected threats. This hunting methodology will be complemented with real world examples from recent incidents and customer breaches involving targeted attacker activity. The session will cover the building blocks of our approach, some detailed examples of the hunting methodology as it pertains to common protocols in large networks, and sample cases from past incidents. By the end of this session, the attendees should have a better idea of how to approach threat hunting, insight into recent real-world threats, and how some of these methods can be applied to their own environments.
Rui Ataide, Principal Incident Response Consultant, RSA Technical Tracks
       
10:00am – 10:45am Calling All Suppliers: T-Mobile’s Third-Party Evolution
Through a sophisticated RSA Archer deployment, T-Mobile and KPMG worked together to transform T-Mobile’s third-party risk management program from a disconnected cluster of manual activities to a streamlined progression of automated processes. This session looks at TPRM holistically, focusing on the value of unifying TPRM practices in an effort to strengthen supplier relationships in today’s digital global economy. 
David Howard, Sr. Manager, Third Party Risk Management, T-Mobile US Inc. and Andi Cescolini, Senior Associate, Cyber Security Services, KPMG LLC Evolving Third Party Risk for the Digital Transformation
Lowering the Cost of Compliance Through the Better Use of Data
Companies are too focused and distracted by data when it comes to compliance. In order to sustain compliance and risk management, companies must start with an intimate understanding of business processes, and must be familiar with how and why high-risk business processes gather, use and store data. With this understanding organizations can make risk-based determinations about governance investments and risk management. Learn how Cisco using RSA Archer was able to work with their clients to deliver real business value by materially lowering the cost of compliance.
Dave Vander Meer, CyberSecurity Architect, Cisco Systems and Aaron Boylan, CyberSecurity Architect, Cisco Systems Beyond the Checkbox: Modernizing Compliance Programs
Cool Story, Bro! How Our Development Process Strives To Improve Efficiencies
In this session, you will learn how the RSA Archer development process has evolved. The session will be delivered from the perspective of a team that played multiple roles in the development cycle, working with specialized core teams to allow faster turnaround for RSA Archer development and focus on user experience, creating efficiencies between processes. The session will include an example of the tools and techniques utilized to help business partners produce actionable user acceptance criteria for faster development with minimal defects or errors.
Samit Patel, Senior Manager Corporate Risk Business Analyst, Discover Financial Services and Emily Burke, Senior Business Analysis, Discover Financial Services Managing Operational Risk for Impact
Enrich your Authentication Decisions with Threat-Aware Authentication
Are you letting users login without knowing the risks associated with their account activity and user behavior? If so, you’re likely missing indicators of compromise that could help you neutralize an attack in progress. Come see how RSA SecurID® Access and RSA NetWitness® Platform correlate identity analytics to reveal hidden anomalies and outliers, and automatically thwart identity-based attacks.
Michael Dalton, Senior Identity Engineer, RSA and Corey Dukai, Senior Manager, Product Management, RSA Transformation Cyber Threat Detection & Response
How-to: Industry and NIST Collaboration: Cybersecurity Maturity, Risk Reduction, and Architecture
Against the backdrop of our increasing dependency on digital solutions, this session will consider different risk management approaches with special attention to the widely adopted NIST framework and approaches to using commercial cybersecurity to achieve important standards.. With practical applications in mind, our presenters will share how RSA leverages the power of NIST’s federally funded National Cybersecurity Center of Excellence (NCCoE) operated by MITRE in its efforts to protect assets from myriad cyber threats, while at the same time reducing deployment risk and lowering costs
Doug Howard, VP Global Services and IT Innovation, RSA, Steve Bergman, General Manager, RSA, and  Dr. Theresa Suloway, Dept Head of the National Cybersecurity Federally Funded Research Center, The MITRE Corporation  RSAU
RSA Archer Ask the Admin Panel
The ever-popular panel session where YOU get to set the agenda returns for another year. The experienced panelists and fellow users of RSA Archer are waiting to answer any and every question you can throw at them. Be sure to get to the room early as this session fills up fast!
Toby Maack, System Liaison 3, First Interstate Bank, Darcey Mooney, Archer Administration & Development, Technology Services and Compliance, ATT and Lisa Semeraro, GRC Program Manager, Dell EMC Technical Tracks
   
11:00am – 11:45am

Closing Keynotes:

Closing Remarks - Rohit Ghai, President, RSA; 
Digitally Transforming the Customer Experience - Doug Howard, Vice President, RSA Global Services, RSA 
Welcome to Digiville: Navigating Risk in the Digital World - Steve Schlarman, Director, Product Marketing and DRM Strategist, RSA 
RSA Charge Awards - Ted Kamoniek, SVP Global Sales, RSA

12:30pm – 3:00pm  Working Group: User Experience (limit 50 attendees) - Closed. Please send an email to rsa.events@rsa.com to be on the waitlist. 
12:30pm – 3:00pm  Working Group: Third Party Risk (limit 50 attendees) - Closed. Please send an email to rsa.events@rsa.com to be on the waitlist. 
12:30pm – 3:00pm  Working Group: Regulatory & Corporate Compliance (limit 50 attendees) - Closed. Please send an email to rsa.events@rsa.com to be on the waitlist. 
12:30pm – 3:00pm  Working Group: SysAdmin (limit 50 attendees) - Closed. Please send an email to rsa.events@rsa.com to be on the waitlist. 
12:30pm – 3:00pm  Working Group: SaaS/Cloud (limit 50 attendees) - Closed. Please send an email to rsa.events@rsa.com to be on the waitlist. 
12:30pm – 3:00pm  Working Group: ITSRM (limit 50 attendees) - Closed. Please send an email to rsa.events@rsa.com to be on the waitlist. 


Questions? Don't hesitate to reach out.

For general questions about the event, contact rsa.events@rsa.com or Stacy Sakellariou @ 571-277-1055.