RH-ISAC BLOG

Together We Are Stronger

Author: Suzie Squier, President, RH-ISAC

The RH-ISAC community grows every year and the 2019 Retail Cyber Intelligence Summit in Denver was a testament to our growing community and a success because of it! We had nearly 300 attendees talking cybersecurity, sharing best practices and planning how to protect as one over the next year.

Check out some highlights from a few of our sessions and speakers from this year and be sure to stay tuned for 2020 speaker and session announcements!

The Summit started with a sector-wide tabletop exercise, sponsored by Castle, for the RH-ISAC Securing Retail Alliance (SRA) special interest group. The SRA group includes security-focused member companies building the maturity of their program. During the exercise, 45 RH-ISAC members were able to test responses and resources in preparation for an incident. CISOs with years of experience helped to moderate their table’s responses. This successful tabletop gave our members better insight into their networks and incident response.

John Carlin during his keynote speech.

Day one started off strong with opening remarks and keynote from John Carlin, former assistant attorney general and recently featured on “60 Minutes.” Not only did John walk us through real cases of nation-state actors from China, North Korea and Russia who’ve leveraged cybercrime to exploit vulnerabilities and penetrate barriers, but he also brought this back to the importance of sharing what you’re seeing. He also talked about the new state of risk in the age of IoT, and the importance of collaboration among industries and teams to combat ever-increasing global cyber threats.

Throughout day one we had great speakers from security leaders across the retail and hospitality sectors. Building upon a session from last year, Kyle Davis of Target moderated a panel of three diverse programs in ‘Building a Threat Intel Program 2.0.’ In this panel discussion, Ashley Tanner, senior manager of cyber threat intelligence at PepsiCo, Alex Belgard, team leader, network & security at Crutchfield Corporation, and Kaleb Beasley,  security operations manager at Dollar Tree, Inc. discussed the various aspects of building a threat intel program and sharing best practices so teams could mature and develop their programs. 

We closed the first day with a keynote CISO panel on cybersecurity leadership insights with, Andy Caspersen, CISO of Gap; Jim Cameli, CISO at Walgreens Boots Alliance; and Cory Mazzola, co-chairman of the Gaming & Hospitality Cybersecurity Alliance. This keynote panel discussed thoughtful strategic approaches to leadership in the ever-evolving world of cybersecurity.

Diane Brown opened up our second day.

Diane Brown, senior director of IT risk management and CISO, at Ulta Beauty, opened our second day with inspiring opening remarks and keynote. She recounted her journey of building her program at Ulta, shared stories of both triumphs and struggles working with her team and set the tone for our second day to be as successful as the first.

Shortly after the opening keynote, Vanessa Aranda, threat intelligence analyst at Gap, Nick Leich, IT risk management engineer at Ulta, RT Hatfield, senior systems engineer of The Home Depot and Muktar Kelati, director of intelligence operations at RH-ISAC, held a fantastic panel discussion where they covered examples of actual threats that the Deep Dark Web Working Group have collaborated on. This highly attended panel highlighted the value of intelligence gained through partnership.

The Deep Dark Web panel was followed by another panel with Josh Knopp, vice president, information security officer at Enterprise Holdings, Inc, Sailaja Kotra-Turner, senior director, IT security & risk management, Brinker International, Benjamin Vaughn, vice president & CISO, Hyatt and Upen Sachdev, principal, Deloitte cyber advisory team addressed unique challenges to brand protection. The panel brought incredible information to the summit about consumer trust and the nuanced models used in brand protection from a variety of perspectives .

On our last day, Derek Thomas, senior information security analyst of Target, drew in quite the crowd. With his cleverly titled session, “Tracking Threat Actors Like a VCR,” attendees were able to reminisce over an old-school skill to help tackle modern cyber security challenges, Derek was able to share tools and techniques to track adversaries’ infrastructure, malware and behavior and assist in detection and emulation.

As we continue to wind-down from the conference and reflect on what we have learned we encourage you to continue to share your knowledge, experiences and best practices. Make sure you put next year’s conference on your calendar and join us at the Lansdowne Resort & Spa in the foothills of the Blueridge Mountains in Leesburg, Virginia on September 15-16, 2020. We look forward to growing our RH-ISAC community over this next year and work together to protect as one.