Programme @

ESRM americas


2 September 2021

Brought to you by Whitehall Media

Programme @ ESRM americas

Session One

building sustainability, expecting risk, preparing for disaster

  • CISO focus: protecting the enterprise
  • Sustainable business models: the age of Covid 19
  • Maintaining business continuity: surviving the storm
  • How to manage a crisis: disaster-recovery-as-a-service
  • Global disruption: mastering risk mitigation
  • SAM practitioners: Next-Gen asset management
  • Third-party risk: best-practice TPM management


Conference Chair's Opening Address

Dr Gilad Rosner, Founder, IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher


CISO focus: rethinking security and risk management

Dr Mona Lisa Pinkney
Senior Director, Cybersecurity Governance, Risk, Compliance, Engagement and Geos, Nike
view profile

Dr Mona Lisa Pinkney, Senior Director, Cybersecurity Governance, Risk, Compliance, Engagement and Geos, Nike* 

As we embark on a new decade, perhaps now is the time to reassess our approach to enterprise security. To do so we must review our current security structures, assess potential threats, and strengthen our relationship with the board.

By taking a fresh look at how we manage security, we can identify business-relevant objectives and develop flexible approaches that avoid current limitations. This then provides you with the time and space to focus on your talent strategy, adopt a renewed mindset and nurture a clear view of enterprise risk and emerging trends.


Sustainable business strategy: building back better

Ange Johnson de Wet
Head of Technology Change Risk, Lloyds Banking Group
view profile

Ange Johnson de Wet, Head of Technology Change Risk, Lloyds Banking Group 

A sustainable business strategy is one which encompasses the global economic climate, the industry-specific financial landscape, and the social and cultural factors which are relevant to your organisation.

By catering to each of these key elements, businesses are able to successfully grow in a stable and manageable way.

By improving the process by which you plan out your activities you will be better able to create long term value for the company, its shareholders, and customers.

We address:

  • Identifying the appropriate model for your business
  • Restructuring where required
  • Understanding the organisational challenges
  • Securing employee buy-in
  • Mapping out your intended outcomes
  • Marking against milestones
  • Measuring against expected and unexpected disruption



Sandy Silk
Director of Information Security Education and Consulting, Harvard University
view profile

Sandy Silk, Director, Information Security Education & Consulting, Harvard University

Prior to the pandemic, Digital Transformation was a strategic move to support revenue growth, and now it is a tactical necessity to maintain the status quo.

Your cybersecurity team must transform how they think about the risk to successfully support needed changes in how your organization uses technology and data. If they do not, your business will have to choose between missing key opportunities or circumventing security reviews entirely.

Make sure your security team provides the right level of service to your organization, as a trusted advisor helping the business achieve its needed outcomes.

  • Align IT and cybersecurity professionals with business objectives and risk tolerance
  • Standardize and automate repeatable processes
  • Analyse and shift or stop low-value work by your team


Questions to the Panel of Speakers


Networking Break

Session Two

  • dealing with a breach: war games
  • advanced analytics in architecture: adding layers
  • mapping your internal vulnerabilities: behavioural analytics
  • cloud security: building trust in the cloud
  • safeguarding digital business initiatives: ML&AI
  • digital trust and safety: consumer-business interactions


Intro To Session 2


Crisis management: disaster recovery as a service

With the right platform, you can maintain business continuity and minimise data loss while saving valuable budget and time. When a major disruption occurs, with disaster recovery as a service, you can activate failover in an instant and recover critical data to get your operations back online with the hour, reduce data loss with the automatic replication of virtual machine data, and achieve real cost versus usage benefit compared to traditional disaster recovery services.

We address:

  • Faster response times
  • Minimise IT hassle
  • Optimise site separation
  • Make it yours


Global disruption: mastering risk mitigation

Kirsten Davies, Senior VP and CISO, The Estee Lauder Companies*

In an age of ever-increasing complexity, in which the global quickly become the local, business leaders are having to pay greater attention to risks which threaten their fortunes and create the potential for catastrophic disruption. Prioritization of risk into manageable, accessible, and solvable issues is no easy task, with many organisations falling into the trap of creating silos rather than maintaining a business-wide approach.

We address:

  • Protecting sources of value creation
  • Realising game-changing moves for your organisation
  • Innovation through disruption
  • The role of emerging technologies
  • Business model transformation
  • Adapting to ecosystem changes
  • Organisational success through strategic decision making


Effective asset management: Next-Generation SAM

Businesses invest significantly in enterprise software. Despite this investment, many SAM practitioners still find themselves having to manage time-consuming, inaccurate, and unreliable manual processes which are hosted on spreadsheets or out of date SAM tools. This leaves the possibility of optimisation a distant dream due to the lack of visibility.

We address why existing SAM approaches do not work, the benefits of a single system of action, how to establish a SAM strategy and how to get started


Questions to the Panel of Speakers


Networking Break

Session Three


Intro To Session 3


Best practices to improve your TPM programme

Each third-party relationship brings with it a number of risks that need to be identified at the time. These risks are often multi-dimensional as they extend across suppliers, vendors, contractors, service providers, and other parties, and can have an impact on different levels of the organisation such as product lines, business units, and geographies.

We address:

  • Comprehensively identifying third-party risks
  • An analysis of the specific drivers that increase third-party risk.
  • Focus strongly on contracts that govern third-party relationships
  • Frame policies, and implement controls to mitigate third-party risks


Wargaming your response: dealing with a breach

S. Michelle Farr, Senior Director, GRC, I&S, ERM, BAE Systems*

It is the call every security team dreads-than an attacker has seriously compromised your organisation and gained widespread access to sensitive data. But how prepared are you for this eventual scenario?

This presentation looks at how you can develop a key playbook for responding to serious incidents and implement within your organisation.


Added layers to your architecture: advanced analytics

Being able to accurately identify and prioritise security threats and threats that affect the enterprise is vital. Equally important is the ability to respond at speed and scale no matter the size and scope of the challenge.

We address:

  • Visibility into data whether on site or in the cloud
  • Automate intelligence with AI threat and incident detection
  • Create an ecosystem of continuous improvement through detection of vulnerabilities and malware


Questions to the Panel of Speakers


Networking Lunch

Session Four


Seminar Sessions A - C


Networking Break

Session Five


Seminar Sessions D - F


Networking Break

Session Six


Intro To Session 6


Added layers to your architecture: advanced analytics

Being able to accurately identify and prioritise security threats and threats that affect the enterprise is vital. Equally important is the ability to respond at speed and scale no matter the size and scope of the challenge.

We address:

  • Visibility into data whether on site or in the cloud
  • Automate intelligence with AI threat and incident detection
  • Create an ecosystem of continuous improvement through detection of vulnerabilities and malware


Behavioural analytics: mapping your internal vulnerabilities

By successfully leveraging behaviour analytics, businesses can better map their internal vulnerabilities and act accordingly once a real entity risk has been identified.

We address, how you can identify users exhibiting risky behaviour, prevent bad actors from accessing critical assets and analyse communications-based data sources for potential code of conduct breaches.


Cloud security: putting your trust in the cloud

With the expansion of remote working now part of the new normal, the value of a reliable, secure, and dynamic cloud platform is more important than ever.

Added to this new trend is the growing abandonment of the historical approach to security which placed an emphasis on building walls in favour of the worker as your first line of defence in an increasingly virtualised setting.

We address:

  • Convergence as a key feature
  • Security-as-a-service
  • Flexible, hybrid deployment
  • Data on a global scale
  • Securing your users, no matter the time or place


Protecting digital business initiatives: ML&AI

As enterprise usage of AI and ML automation and augmentation continues to expand across a wide range of use cases, so too does the need to develop alongside it the in house expertise to address the key challenges which come with effective management of the technology.

We address, how you can protect AI-enabled digital business systems, successfully leverage AI with bespoke security products and defend against hostile attackers deploying the use of AI.


Digital trust and safety: consumer-brand interactions

Today’s business-consumer relationship is dynamic, varied, and multi-dimensional with a wide variety of established contact points, from twitter to the high street. Of paramount importance to the business is how secure each and every customer feels when engaging with the company, whatever the platform. Trust lost is also business lost and revenue not generated.

We address:

  • Moving away from discreet group management
  • Moving towards cross-functional trust
  • Safety teams overseeing all interactions
  • Ensuring a standard level of safety across each space
  • Supporting consumer-business interaction


Questions to the Panel of Speakers


Closing Remarks from the Conference Chair


Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

The Best Technology Against Fraud
Cybersecurity has always been a very serious concern not just for businesses but also for personal security. 2022 has seen a rapid increase in both businesses and people stepping up their security towards more secure channels and technological advancements – and it is set to get even more widespread throughout the year. The global pandemic...
Combatting Critical Infrastructure’s Security Flaws
The latest threat security research into operational technology and industrial systems has identified around 56 issues that cyber criminals could instigate cyberattacks against critical infrastructure. Unfixable The problem is not just in the number, but also in the fact that many of them are classed as unfixable. This is more due to insecure protocols and...
The Best Practices for Enterprise Security
As more and more internet users become increasingly aware of, frustrated and dissatisfied with how organizations are failing to secure their personal information, we take a look at what the best practices are for enterprise security within organizations should be at this point. What is Enterprise Security When we talk of enterprise security, we are...