Final Program as of May 5, 2020 (subject to change)

Event Schedule:

9:30 a.m.: Registration Opens
10 a.m. – 1:20 p.m.: General Sessions
1:20 p.m.: Networking Reception
1:30 – 3 p.m. CDSA/TPN Update

9:55 – 10:00 a.m.
Opening/Welcome Remarks
Guy Finley, President, Content Delivery & Security Association (CDSA) and MESA
John-Thomas Gaietto, CISSP, Executive Director, Cybersecurity Services, Richey May Technology

10:00 – 10:30 a.m.
KEYNOTE: Securing the Future of Media & Entertainment
As media & entertainment accelerates its digital transformation on the back of the global pandemic, how are companies and engineers planning to safeguard and secure the emerging systems, workflows and platforms being adopted and what are the new threats and vulnerabilities that increased interactivity and interconnectivity will produce? Governments, political and geopolitical situations now view “hacking’ as a tool for manipulating perceptions. Essentially, you can take any message and make it “real’ on the Internet, and this isn’t a typical intelligence-agency act or a coordinated effort with exorbitant cost. This is a completely new tool for the masses, where they hack not a machine but individual perceptions. Understanding what is real is now even more opaque and the hack exposes everyone to the threat risk. Our Keynote speaker looks at the impact of hacker culture on the reinvigoration of our global entertainment economy firmly planted in the cybersecurity space, as well as the subsequent challenges as the hacker community migrates their strategies of ‘fakes” and disinformation, and how that impacts the way we create and distribute content.
Ralph Echemendia, Cybersecurity Specialist known as “The Ethical Hacker”

10:30 – 11 a.m.
The Ides of March: From the Frontlines of WFH/Remote
In Mid-March the unthinkable happened and our industry reacted to NEED rather than want with regards to securing our content creation and distribution workflows in a remote access and Work from Home (WFH) world. Teams scrambled, vendors stepped up, technologies were adopted and in just two-weeks we saw an industry transformed. This panel discussion features content security and information security executives who were on the frontlines, in the early days, when the critical decisions made were mission critical.
Moderator: Guy Finley, President, Content Delivery & Security Association (CDSA) and MESA
James Hurrell, Head of Content Operations & Localization, BBC Studios
Alex Pickering, Content Security Director, BBC Studios
Ahmed Saleh, Head of Content Security, Amazon Studios
Damien Slowey, Head of Global Production Security, Amazon Studios

11 – 11:15 p.m.
Security Implication of ‘Work from Home’: The Year of Breaches
Overnight, businesses across the world activated their continuity plans. From Zoom zero-days to editing at home and in the cloud, the first half of 2020 has already been a storm of new security challenges. Our new normal involves a NFL virtual draft, social distancing, and integration of remote collaboration solutions. The way the industry protects people, process, and technology will need to adapt or 2020 will be known as ‘The Year of Breaches.’ Richey May Technology Solutions’ Cybersecurity Team will share stories of incidents they’ve seen in the wild during the pandemic and how security teams can plan a COVID-19 exit strategy.
Michael Wylie, CISSP, Director of Cybersecurity Services, Richey May Technology Solutions

11:15 – 11:45 a.m.
Setting the Standards and Systems for Remote Access and Back to Work
This session highlights both the individual work and the increased collaboration of industry associations, guilds and their members. As the impact of COVID-19 on the global production community settlers into the “new normal”, where we’ve seen an exponential increase in adoption of tools, technologies and workflows that exist in a more fluid, instant and “always on” infrastructure, these groups play a critical role in how we tackle these increasingly challenging production and distribution models, together with a foundation of infrastructure of risk mitigation, management and security that speaks across all of our constituents
Moderator: Guy Finley, President, Content Delivery & Security Association (CDSA)
Seth Hallen, President, Hollywood Professional Association
Mark Harrison, Managing Director, DPP
Barbara Lange, Executive Director, Society of Motion Picture & Television Engineers (SMPTE)

11:45 a.m. – 12 p.m.

12 – 12:10 p.m.
REDACTED FOR SECURITY AND PRIVACY PURPOSES is SHIFT’s invitation-only platform that is trusted by some of the biggest networks in the industry for sharing pre-release content with reviewers and members of the press. Under our content security initiative we have moved from a reactive position to a proactive position as it relates to user activity on our platform. This session discusses the “old way” vs the “new way” and what risk to content looks like from our perspective. We will also address how we’ll make our application smarter to prevent activity that we believe puts your content at risk.
JJ Landauer, Information Security Analyst, SHIFT and

12:10 – 12:20 p.m.
Security in the New Age of Remote
Not so long ago, it was unthinkable to work on blockbuster content from home. Now, it’s required. All of the same security needs persist but now are framed in a work-from-home or remote access scenario. This session addresses the fundamentals of locking down virtual workstations, asset storage, networks, and more while understanding the implications on future workflows in a post-COVID world.
Joel Sloss, Senior Program Manager, Microsoft Azure

12:20 – 12:50 p.m.
What is the “New Normal” for the Security Community?
Software evolution, production technology, cloud-based workflows, increased SaaS adoption and other potentially game-changing strategies have emerged as successful case studies in necessary transformation for our industry. As the world responds to the pandemic at a national, regional and global level, companies are working diligently to strategically plan the re-opening of M&E companies, on many levels. This session looks at the breadth of the impact and considers some of the options, timelines and relevant technology changes to ensure a successful roadmap and emerging path/plans to 100% recovery.
Moderator: Guy Finley, President, Content Delivery & Security Association (CDSA) and MESA
Richard Atkinson, General Manager & Senior Director, Global Non-Genuine Segment & Fraud Prevention, Adobe
Shira Harrison, Vice President of IT, Amblin Entertainment

12:50 – 1 p.m.
Data Doesn’t Lie – Media Industry Full of Credential Stuffing Attacks
This presentation examines credential stuffing attacks targeting media companies. Based on observations from billions of cyberattacks globally, the presentation includes data and analysis of attacks directed toward the media industry between 2018 and 2019, the countries those attacks originate from and where they’re directed, as well as how organizations can best combat and mitigate the attacks. The presentation also highlights year-over-year attack traffic trends, which last year showed that media services were among the most popular targets, and explain why the services are so attractive to so-called “bad actors.”
Patrick Sullivan, Chief Technology Officer, Security Strategy, Akamai

1 – 1:10 p.m.
Protecting the Creative Process from Insider Threats
Creative ideas are the hardest to protect. How can your organization support creativity and collaboration while also protecting the value in your ideas as they are shared across a diverse set of people in the creative and production process? This session discusses: the rise of insider threats in media; how to protect the creative process; and cover the common struggles insider threat programs face. Our presenter brings experience across security areas including: data protection, endpoint, identity, mobile and network experience from her diverse technology and product marketing background at AT&T, Microsoft, RSA, and Sophos.
Mary Roark, Vice President, Marketing, Cyberhaven

1:10 – 1:20 p.m.
Hey, You, Get off of my Cloud!
All credit to the Rolling Stones, this lyric has never been more pertinent to cloud security. Risk of downtime and data breach not only deny an organization’s ability to operate effectively, but will also impact on its reputation and brand. Not everyone can be expected to know all the nuances of cloud security and IT security teams can cannot oversee everything. The sheer pressure to deliver within tight deadlines means we need to extend the vision to a broader set of security measures to avoid exposing additional risk. With today’s agile computing environment, plus the current forced migration to cloud workflows through remote/work from home, the biggest threat is the speed of change and the risk of not being secure by design. The many combinations of risk ownership and accountability make the threat landscape much more complex, requiring continuous monitoring to avoid becoming the next cyber breach statistic. This session will take you through example case studies across public, private and hybrid cloud, highlighting what can be learned.
Dave Loveland, CISSP, OSCP, Cloud Security Architect, Convergent Risks
Mathew Gilliat-Smith, Executive Vice President, Convergent Risks

1:20 p.m.
Closing Remarks
Guy Finley, President, Content Delivery & Security Association (CDSA)

1:20 – 1:30 p.m.


1:30 – 1:35 p.m.
Opening Remarks
Alex Pickering, Chairman of the Board, CDSA

1:35 – 1:45 p.m.
The Evolution of Assessments across Media & Entertainment
At the 2018 NAB Show, CDSA and the Motion Picture Association (MPA), launched a global, industry-wide, content security initiative. The Trusted Partner Network (TPN) was introduced to elevate the security standards of the motion picture & television industry’s global production and distribution supply chain. While the first 18-months of assessments focused on global site security assessments, the next phase examines information security in the facility, across applications and in the cloud. Join us to learn about the new program drives collaboration across an unprecedented number of TPN constituents (content owners, vendors and assessors) as well as other key operational areas outside of feature length or episodic content creation. How can we work together to socialize the basic security needs for the broad range of businesses providing services to content creators? This informative, interactive presentation will provide an update on what’s in store for securing the next generation of core technologies for media & entertainment.
Guy Finley, President, CDSA and Chief Executive Officer, Trusted Partner Network (TPN)
Ben Stanbury, Chairman Emeritus, CDSA and Chief Technology Officer, Trusted Partner Network (TPN)

1:45 – 2 p.m.
The Global Approach to the ME-ISAC
CDSA’s Media & Entertainment Information Sharing & Analysis Center (ME-ISAC) is designed to complement the TPN by providing threat analysis, information and guidance for protecting your business, regardless of size or location, against emerging cybersecurity and digital threats. The Internet is a scary place. Yet we are shifting more and more services to the cloud, requiring Internet access even as part of production workflows. The only way we can operate such critical processes over such inhospitable terrain is by knowing what the threats are and avoiding them. The way we find out about these threats is via information sharing. The ISAC provides the platform and means for secure and timely collaboration about threats, risks, vulnerabilities, and incidents between trusted partners of the media and entertainment industry.
Christopher Taylor, Director, ME-ISAC

2 – 2:30 p.m.
Introduction: CDSA’s App & Cloud Framework
With the launch of the site security assessment program through TPN, CDSA’s Board of Directors immedaitely started work on the next phase of security assesments that included software applications and cloud environments. At least year’s NAB we announced our goal to release a common control framework that is scalable to the size, aapropriate to the community and conostituency of the TPN but also mapped directly to the control framework and standards already being utilized within our industry. Through the groundbreaking work of two elections of CDSA’s Technology Committee, this framework will be presented publicly along with the business situations and challenges that drove unprecedented collabortion across service providers and content owners.
Moderator: Ben Schofield, Project Manager, CDSA and Product Manager, TPN
Micah Littleton, Tri-Chair, CDSA Technology Committee
Todd Burke, Tri-Chair, CDSA Technology Committee
Mischa Roth, Tri-Chair, CDSA Technology Committee

2:30 – 2:40 p.m.
Why Information Security Isn’t Somebody Else’s Problem
Information Security is enabling innovation and no longer somebody else’s problem. With digital workflows, it is easy to assume that digital media looks just like IT security, “from an IT security professional’s perspective”. Technologies are emerging that support contiguous and bi-directional workflows as we move collaboration towards cloud. This session analyzes our dynamic work environment of constantly evolving workflows, where intellectual property is created throughout the entire arc and blurring the distinctions between phases, business units and 3rd party providers.
Marc Zorn, (former) Head of Production Security, HBO/WarnerMedia

2:40 – 3 p.m.
A Cultural Revolution: Content Security v. Information Security
Protecting content is an evolving challenge as the entire media ecosystem is quickly migrating to cloud infrastructure. Content security and information security have intersected for a number of years, mostly depending upon how much of your business/creative workflow or infrastructure is enterprise or cloud-based. Cloud implementation in content workflow sees these teams working to build the processes and skills necessary to maintain control of these content and distribution workflows. The complexity increases with the increasing availability of new tools and services that solve a practical or immediate business need for the business or creative user. As new applications become the “go-to” options, it is increasingly important for companies to deploy a workflow for onboarding and managing these services. This session discusses new approaches to this federated workflow.
Moderator: Christopher Taylor, Director, ME-ISAC
Ben Schofield, Project Manager, CDSA and Product Manager, TPN
Abdul Hakim, Program Delivery Manager, DPP
Marc Zorn, (former) Head of Production Security, HBO/WarnerMedia

3:15 p.m.
Closing Remarks
Guy Finley, President, Content Delivery & Security Association (CDSA)