Strength and Collaboration Encourages Us to Protect as One

2020 has been a hard year for retail and hospitality, but it has also shown me the strength and resolve of our collaborative community.

We were able to celebrate the benefits of being in a strong, interactive community at our recent RH-ISAC Cyber Intelligence Summit earlier this month. And, although we moved the Summit online this year, our community rose to the challenge of the new way to make virtual events as interactive as in-person ones. Many participated in wine tastings, champagne toasts at our Member Meeting, and a lot of networking!

During the event, we had seven keynote speakers and more than 30 breakout sessions. We had different tracks tailored to all levels of our member organizations – from CISO to analyst. We received great feedback on how the event felt like we were all in-person, sharing lessons learned, some best practices, but most importantly talking about key issues our industries face.

Check out some highlights below from a few of our sessions and speakers from this year.

Day 1: October 6

The RH-ISAC Summit kicked off with a great keynote from Theresa Payton, former White House CIO and 2019 Woman Cybersecurity Leader of the Year. During her keynote, “Triple Threat: Three Predictions for where Cybercrime is Headed in 2021 and Beyond,” Theresa guided attendees through “reimagining,” which alters an original process or idea in such a major way that it becomes a supercharged remake. She went on to discuss the next 18 months, and how what happens in the process of reopening the global economy could be the fastest reimagination of our economy in recent history. Theresa’s session ended with a list of ideas for attendees to reimagine plans and her top 3 predictions for where cybercrime is headed in 2021. The session ended with a live Q&A with Theresa and Suzie Squier, president of RH-ISAC, discussing the session, and responding to questions from attendees.

One of the top sessions of the first day was about security awareness and training. Now more than ever, it is important to equip a workforce or even a society with cybersecurity awareness skills. During the session, “Security Awareness & Training: A Simple Conversation,” Matt Dunlop, VIP and CISO at Under Armour, and Tony Vitello, CISO at URBN, shared their approaches to security awareness training. They touched on broader perspectives on the criticality of cyber education in today’s technology-driven world. They educated the audience about the structure of each business, and how security awareness can remain amorphous among competing priorities rather than being considered an essential risk mitigation function.

The pandemic moved up the timeline for many companies’ plans to move to the cloud from years to getting it completed in just a few months. RH-ISAC member CISOs Colin Anderson, global CISO at Levi Strauss, Diane Brown, senior director of IT risk management and CISO at ULTA Beauty, and Dave Estlick, vice president and CISO at Chipotle Mexican Grill, came together for a panel discussion on cloud security and cloud migration. The panel, “Maturity, Methodology, & Mindset: CISO Perspectives on Cloud Security,” moderated by Andrew Winkelmann, cloud security lead at Accenture, discussed where the panelists are on their cloud security journey and the challenges they have and are currently facing. The panel also covered new tools they implemented during COVID-19 and how they’ve addressed the lack of skillsets and resources available. 

Elliott Franklin, vice president of IT security and governance at Loews Hotels, was the last featured session on day two before the closing keynote. His session, “Digital Transformation: The Human Element,” focused on how true digital transformation and human connection requires leaders to take a step back and profoundly rethink how their people, processes, and technology translate to business success. He discussed the negative impacts of COVID-19 and the lasting effects of a remote workforce. Elliott covered how we need to re-focus on self-care to prevent burnout among employees, especially during the pandemic. A primary focus of this session was on how changing priorities and habits can encourage a healthier life and more productive work environment. Leaders should embrace culture changes, create an understanding work environment, and encourage more personal interactions among staff to promote human connections.

Closing out the first day, Jodie Kautt, vice president of cybersecurity at Target, Brennan O’Brien, director of information security, risk, & compliance at Columbia Sportswear, and Chris Zell, vice president and head of information security at The Wendy’s Company, discussed how cybersecurity leaders are driving change within their organizations by modifying their recruiting methodologies to attract more diverse talent. This panel, ”Driving Change to Create a More Diverse Workforce,” moderated by Lynn Dohm, executive director at Women in CyberSecurity, also touched on how to empower employees by fostering a culture that values bringing different perspectives together. They shared that they retain their people by understanding what motivates them on an individual level and championing their development. They also addressed that a lack of diversity within the cyber workforce is not a new problem, but now many leaders are being more intentional about how marginalized voices are promoted, heard, and seen.

Day 2: October 7

There has never been a busier time to be an information security practitioner, and playbooks and manuals are simply not enough to be successful. During the opening keynote on the second day, “Tribal Knowledge: Sharing is Caring,” Marcus Carey shared insights from his book, “Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World,” and practical stories from his career in intelligence on the critical importance of sharing within this industry. Organizations like RH-ISAC promote invaluable information sharing. He emphasized that there is no such thing as oversharing within security, and that leaders should foster a culture of sharing. A key takeaway from his session is that hackers share information too, and to stay ahead of attacks organizations need to also share information with each other.

A cybersecurity team’s ability to automate processes and orchestrate workflows can mean the difference between business as usual and a data breach. The panel session, “Orchestration & Automation: Approaches from the Front Lines,” with Jaime Buzzeo, senior manager of threat intelligence and cyber security investigations at Marriott International, Nathan King, manager of security operations at Tailored Brands, Jason Painter, manager of enterprise security at Williams-Sonoma, and moderated by Bradley Logan, director of security engineering and integrations at RH-ISAC, discussed how organizations can improve upon their orchestration and automation. The panel covered several tools and integrations to use, if building or buying makes more sense, and how to roadmap and make time for these efforts. They also touched on challenges faced, decisions made with their organizations, and future plans.

In the innovation spotlight session, Kelsey Helms, lead cyber threat intelligence analyst at Target, and Nate Icart, lead engineer of threat intel detection engineering at Target, introduced a new approach developed by Target’s Cyber Intelligence Team that eases cross-team collaboration. During the session, “Riding the WAVE to Better Collaboration and Security,” they introduced the Workflow for Adversary Verification & Evaluation (WAVE) Matrix, a multi-disciplinary threat model that organizes tactics, techniques, and procedures in a new way to simplify communication and improve understanding across security functions. Target has used WAVE to dramatically increase the amount of intelligence developed into custom detection. Attendees learned about the start of the WAVE Matrix, how Target increased its active ransomware coverage by 700%, and how to implement this process in an organization to create massive cross-team security wins.

US Army Lieutenant General Karen Gibson closed out the second day of the Summit discussing the tremendous value information sharing, collective analysis, and relationships play in defending our Nation. Having stood up the U.S. Cyber Command’s Joint Force Headquarters and the Army’s premier offensive cyber organization, Karen shared her first-hand knowledge on how critical threat intel operations are to national security, within both the public and private entities. Attendees left her session, “Mission Critical: Lessons Learned from a Seasoned Army Vet,” understanding the critical role ISACs play in keeping us all safe.

Day 3: October 8

In the opening keynote on the last day, MITRE’s Chief Cyber Intel Strategist Christina Fowler briefed cyber warriors on the new MITRE Shield active defense knowledgebase. This discussion focused on how teams of all sizes/capabilities can effectively leverage the MITRE ATT&CK framework defining attacker behaviors and the newly published MITRE Shield active defense techniques. The session, “Up Your Game With ATT&CK and SHIELD,” also discussed MITRE ATT&CK implementation best practices and interactions around ATT&CK and Shield implementation and alignment during a Q&A with Alexandru Garneata, IT analyst, cyber threat detection & response at Walgreens Boots Alliance, and Taylor Transue, senior threat intel analyst at RH-ISAC. As cyber-attacks become more complex and organizations embrace the era of “digital transformation,” it is as critical as ever to ensure your team is skilled up and ahead of the latest trends and technologies. The panel on “Developing an Always-Learning Culture in the Era of Digital Transformation” covered topics like the cybersecurity skills gap, workforce development initiatives, and fostering a supportive training culture. Ralph Sita, president and co-founder at Cybrary, an RH-ISAC member and director of security operations, and Kristen Dalton, director of research and education at RH-ISAC discussed how to you foster an “always learning” culture and empower your workforce to develop their skills with limited budgets and time. One of the last breakout sessions of the RH-ISAC Summit highlighted an active working group at RH-ISAC, the MISP Working Group in the session, “MISP Implementation Planning Meeting.” The panel of working group members introduced attendees to MISP and discussed experiences, successes, and best practices for deploying MISP. They also talked about building an RH-ISAC hosted community instance of MISP, what it means for members, and how members will be able to take advantage of it.
As our leaderboard showed, we had a lot of active participants throughout the three days.

A big shout out and congratulations to our leaderboard winners: The 1st place leaderboard winner Matt Riese of Best Buy won a complimentary stay to the Lansdowne Resort & Spa during the 2021 RH-ISAC Summit. The 2nd place leaderboard winner Logan Johnson of Discount Tire won the Anker Portable battery charger! The 3rd place leaderboard winner Adam Ruiz of JCPenney won a $25 Uber Eats gift card.

Congratulations to Sean Hughes-Durkin of McDonalds for winning a luxury vacation package from Shape Security! Enjoy your escape to the tropical Key West!

Congratulations to our prize winners! Each winner will have a choice of an Apple TV 4k, Bose SoundLink Wireless Headphones, or Apple AirPods Pro from our RH-ISAC Summit sponsors: Attivo, CyberInt, Cequence, Cybrary, Flashpoint, HackerOne, IntSights, Polarity, ReliaQuest, ReversingLabs, RiskIQ, SpyCloud, Zscaler. Raffle winners include: Jill Allison of WiCyS Minnesota; Josh Atencio of CVS Health; Chris Alexander of Synchrony; Mike Boyle of Best Buy; Lynn Chamberlain of Ascena Retail Group; Nestor Cuevos of Publix Super Markets; Frank Dwyer of URBN; Nick Leicht of ULTA Beauty; Michael Marsilio of Paradies Lagardere; Chris McFarland of Abercrombie & Fitch; Adam Ruiz of JCPenny; Mike Rumain of Hudson’s Bay Company.

Congratulations to the winners of a signed copy of either Theresa Payton’s book on election hijacking, “Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth,” or Marcus Carey’s recent book in the Tribe of Hackers series, “Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World.” Winners include: Jill Allison of WiCyS Minnesota; Vanessa Aranda of Gap; Lynn Chamberlain of Ascena Retail Group; Albert Chen of Expedia Group; Malinda Edmonds of Boyd Gaming; John Pontrelli of Discount Tire; Todd Riley of Goodyear Tire & Rubber Company; Dave Spooner of Staples; Ashley Tanner of PepsiCo; Chris Trudel of PetSmart.

As we continue to wind-down from the conference and reflect on what we have learned we encourage you to continue to share your knowledge, experiences and best practices.

Make sure you put next year’s 2021 RH-ISAC Cyber Intelligence Summit on your calendar and join us at the Lansdowne Resort & Spa in the foothills of the Blueridge Mountains in Leesburg, Virginia on September 28-29 2021. We look forward to growing our RH-ISAC community over this next year and work together to protect as one.

More Recent Blog Posts