SEPTEMBER 12 — 13, 2018

Join Exabeam users at Spotlight18, Exabeam's inaugural user conference.
At Spotlight18 you will hear from Exabeam customers firsthand, learn new skills at Exabeam Technical Workshops, find out about Exabeam product features, and network with fellow security practitioners.

Some of your peers who will be attending Spotlight come from Discover, Fifth Third Bank, Levi Strauss & Co, Paychex, TD Ameritrade, United Airlines, and Unum. Come join them.

Need to justify your trip? Let us help you convince your manager. Download a customizable justification letter.

Cutoff for the discount hotel rate is 8/13. Book now!

7:30 AM — 8:30 AM
Breakfast and Registration
8:45 AM — 9:00 PM

Tim Matthews, CMO

Opening remarks and a brief welcome to conference attendees.

9:00 AM — 9:30 AM
The Exabeam Journey

Nir Polak, Co-founder and CEO

As companies grow, it’s important to remain faithful to their founding vision. This session recounts the Exabeam journey, the customers who helped us along the way, and where the company is going. Join this session to learn about Exabeam’s plans for internal investment in product development and customer support; technical innovation to push our product capabilities forward; and the growth of the Exabeam community.

9:30 AM — 10:15 AM
Transforming Security Operations with Modern Security Analytics

Don Sheehan, Director of Cyber Defense Solutions, Grant Thornton

This keynote session will discuss how fundamental changes in the security technologies stack are driving a shift from “traditional SOCs” to Cyber Defense Centers. By enabling unlimited data collection through cost-effective data lakes and augmenting static correlation with behavioral analysis, modern Cyber Defense Center can create actionable intelligence and increase analyst’s productivity. These capabilities bring security teams significantly closer to integrating broader organizational areas such as fraud detection, identity analytics, and compliance reporting.

10:15 AM — 10:35 AM

Networking in Expo Hall.

10:35 PM — 11:15 AM
Exabeam: From Pilot to Production

Andy Skrei, VP of Worldwide Sales Engineering, Exabeam and Marc Atkinson, Manager of Cyber Intelligence, Paychex

This session will explore the journey from POC to what it has been like being a customer for 2 years. Operationalizing the solution and fitting it into existing process is a key to gaining the full value from Exabeam. We will discuss:

- Where Paychex started and where they are today
- Where Exabeam fits into Paychex investigation workflow
- How to build an internal solution roadmap
- Delivering value to company executives
- Real world examples of Exabeam’s high value anomaly detections and session timelines

11:15 AM — 11:45 AM
Hunting that Kill-chain

Luke Voigt, Senior Security Engineer, Exabeam and John Nowotny, Senior Security Engineer, Anadarko Petroleum

“Absence of Evidence is not Evidence of Absence” - Advanced cyber-attacks continue to plaque organizations, from government agencies to commercial enterprises. This session will explore how organizations can detect advanced attacks by looking at them more holistically. While discovering IoCs (Indicators of Compromise) is necessary, organizations need to focus more on TTP (Tactics, Techniques and Procedures) as attackers carry out the entire attack, rather than simply stringing together the artifacts and IoCs. The discussion will also focus on how organizations can use existing tools like Symantec Endpoint Protection and Exabeam to detect and stop threats that may not be known. The talk will be followed by a demonstration of an advanced ‘pass the hash’ attack that bypasses most security tools and how crafting detection techniques based on TTP, rather than IoC can detect these stealthy advanced attacks.

11:45 AM — 12:30 PM
Panel: Building a Modern SOC

Steve Moore, Chief Security Strategist, leads panel with Shawn McGuill, ISO, Allergan, Andrew Wild, CISO, QTS Datacenters, and Ray Johnston, CISO, Inspire Brands

Join this session to learn tips and tricks for building a modern SOC from several seasoned security leaders. The discussion will include topics such as how assess your SOCs current state; how to start or improve SOC operations; what success looks like and how to measure it; and more. Regardless of the maturity of your current security operations program, this session will provide you useful guidance on how create, build, or improve your SOC.

12:30 PM — 1:30 PM
1:30 PM — 2:30 PM
Custom Use Cases and How to Build Them

Nevo Laron, Sr. Director of Global Customer Success, Exabeam

Developing custom use cases can greatly increase the usability of any analytics deployment by focusing on the unique threats or business pain points of a specific environment. This session will delve into several real-world, custom use cases implemented by Exabeam customers spread across different industries. Nevo will explore these use cases to illustrate the flexibility and extensibility of the Advanced Analytics platform. Join this session to gain inspiration on how you can adapt Exabeam to meet the specific business and threat detection needs of your organization.

1:30 PM — 2:30 PM
Using Machine Learning Without Being a Data Scientist

Anu Yamunan, VP of Product Management

This non-technical session is designed to teach security and business professionals how machine learning can be used to improve SOC operations and analyst productivity. This session will explore how data science is typically used in security products, as well as explore alternative uses for machine learning that may provide more extensive threat detection and productivity gains. You’ll leave this session with a firm understanding of data science as well as concrete examples of how using machine learning in subtle ways—outside of threat detection—may be the key to unlocking a truly productive security management process.

2:30 PM — 3:30 PM
Making the SOC More Efficient with Advanced Analytics.

Paul Braxton, Director Cybersecurity Operations, NYSE

Recent advances in best practices, tool technology, and workflow automation are prompting evolution in SOCs. This session will analyze the states of 1.0 and 2.0 SOCs to identify opportunities for greater efficiency and productivity. Join this session gain insights from Paul Braxton, Director of Cybersecurity Operations at NYSE, on how implementing advanced analytics can streamline your SOC.

2:30 PM — 3:30 PM
Integrating Analytics, Case Management, and SOAR

Daniel Bardenstein, Group Product Manager and Ray Ranga, Principal Product Manager

This session will dive into the brand-new integration of Exabeam’s IR and Analytics capabilities, allowing users to seamlessly pivot between Exabeam sessions, case management, and automation/orchestration capabilities. Moving past the days of ‘chair-swivel’ Security Operations and point solutions, Exabeam users will be able to automate workflows across the entire platform, track cases and alerts, and provide full visibility on SOC operational health and efficiency. We will explore how the initial integration features will save users time and provide a better user experience by reducing time switching across different systems and performing redundant tasks, as well as share the roadmap for further integration points.

3:30 PM — 4:00 PM

Networking in Expo Hall.

4:00 PM — 5:00 PM
How to Create a Custom Playbook

Daniel Bardenstien, Group Product Manager

This session will explore the productivity gains available to security analysts and incident responders using Incident Responder playbooks for the purpose of automation. It will review the anatomy of a playbook, the process of creating a custom playbook to tackle mission critical projects—like threat investigation, containment, and mitigation—and how perform use triggers to perform varying degrees of workflow automation. Practitioners will leave this session with an improved ability streamline their SOC processes using Exabeam.

4:00 PM — 5:00 PM
Exabeam Product Strategy and Roadmap

Sylvain Gil, Co-founder and VP of Products

In this session Sylvain will cover the market dynamics breeding innovation in the SIEM market, the most requested features from our customer base, as well as his vision for the future of SIEM. Topics to be covered include the Exabeam Security Intelligence Platform product strategy and how that strategy will manifest itself across our products in the short, medium, and long-term roadmaps.

8:00 PM — 10:00 PM
Spotlight Party

North Boulevard Pool, Cosmopolitan

Thursday, September 13th
7:30 AM — 8:30 AM
8:45 AM — 9:00 AM

Ralph Pisani, EVP of Worldwide Sales

A brief welcome to conference attendees to kick off day two.

9:00 AM — 9:45 AM
Building an Insider Threat Program

Linda Walsh, Managing Director Advisory Cyber, Deloitte, Peter Hodge, Senior Manager, Cyber Risk Services, Deloitte & Touche LLP, and Naj Adib, Senior Cybersecurity Advisor, Deloitte.

Deloitte believes that successful UEBA projects are built within the framework of an overarching risk program approach. In this Keynote, Linda Walsh, a Managing Director at Deloitte with 21 years prior experience in cyber security at the FBI; Peter Hodge, Senior Manager, Cyber Risk Services, Deloitte & Touche LLP; and Naj Adib a Senior Manager at Deloitte with over 14 years of cyber risk and security consulting—will provide a perspective on how industry leaders are building Insider Threat Programs based on the 3 pillars of People, Process and Technology. Deloitte will discuss best practices, share relevant examples and leave you with a greater understanding of how a modern UEBA can fit into your risk management strategies.

9:45 AM — 10:30 AM
Customer Round Table; How to Get the Most out of Exabeam

Ralph Pisani, EVP of Worldwide Sales, Exabeam leads a round table discussion with Scott Dungan, VP of Insider Threat Manager, Information Security, Fifth Third Bank, Tom Tully, Director of Cybersecurity, Cleveland Clinic, and Luke Voigt, Senior Security Engineer, Exabeam (and previously Anadarko Petroleum).

This session promises lively discussion from several long time Exabeam customers that will discuss tip and tricks, interesting use cases, and how to operationalize Exabeam to maximize its benefit to your security organization.

10:30 AM — 10:45 AM

Networking in Expo Hall.

10:45 AM — 11:15 AM
UEBA and Identity Use Case Panel

Ted Plumis, VP of Channel, leads a panel with Stephen Lee of Okta, Joe Gottlieb of SailPoint, and Kevin Urbanowicz, Senior Manager, Deloitte.

This session will discuss the synergies that exist between the UEBA and Identity spaces and how joint customers are able achieve complete visibility into user activity. Topics may include an overview of the use case, how to implement and operationalize this use case, and how it delivers value to today’s ever-busy security groups.

11:15 AM — 11:45 AM
Operationalizing Exabeam

Don McCoy, Cyber Security Manager at Delta Air lines

After installing Exabeam, you may be asking yourself “What now?”. Operationalizing Exabeam is about making the tool work for you, your environment, and your unique processes. Don’t stress yourself over specific log types and data sources. Instead, it’s important to identify how you want to use the tool, this is more crucial than the actual configuration. In this session, Don McCoy of Delta Airlines will discuss use case development and implementation; two keys to successfully operationalizing Exabeam.

11:45 AM — 12:30 PM
Using Exabeam for Proactive Security

Mike Polise and Matt McHugh, Allergan

While dwell times at most organizations or measured in days, weeks, or months; some SOCs managed to drive this number down in to hours or minutes. This session explores improve response times even further by taking a proactive stance. You’ll learn how security teams can use UEBA to look for indicators of compromise and potential issues before they happen, as well as how to operationalize this technique to give your SOC an edge on insider threat detection.

12:30 PM — 12:45 AM
Closing Remarks

Nir Polak, Co-founder and CEO

All good things must come to an end. This session will conclude SpotLight 18 and leave attendees with some parting words.

12:45 PM — 1:45 PM

Early bird

Early bird



Naj Adib

Senior Cybersecurity Advisor, Deloitte

Marc Atkinson

Manager of Cyber Intelligence, Paychex

Alex Attumalil

Director, Global Security Operations, Under Armour

Daniel Bardenstein

Group Product Manager, Exabeam

Paul Braxton

Director Cybersecurity Operations, NYSE

Scott Dungan

VP of Insider Threat Manager, Information Security, Fifth Third Bank

Sylvain Gil

Co-founder and VP of Products, Exabeam

Joe Gottlieb


Ray Johnston

CISO Inspire Brands

Stephen Lee

Sr. Director, Partner Solutions, Okta

Don McCoy


Shawn McGuill

ISO, Allergan

Matt McHugh


Domingo Mihovilovic

Co-founder and CTO, Exabeam

Stephen Moore

Chief Security Strategist, Exabeam

John Nowotny

Senior Security Engineer, Anadarko Petroleum

Ralph Pisani

EVP of Worldwide Sales, Exabeam

Nir Polak

Co-founder and CEO, Exabeam

Mike Polise


Ray Ranga

Principal Product Manager, Exabeam

Don Sheehan

Director of Cyber Defense Solutions, Grant Thornton

Andy Skrei

VP of Worldwide Sales Engineering,

Tom Tully

Director of Cybersecurity, Cleveland Clinic

Luke Voigt

Senior Security Engineer, Exabeam

Linda Walsh

Managing Director, Advisory Cyber, Deloitte

Andrew Wild

CISO, QTS Datacenters

Mike Wyatt

National Managing Principal - Identity Solutions Offering Leader, Deloitte

Anu Yamunan

VP of Product Management, Exabeam

Kevin Urbanowicz

Senior Manager, Deloitte



A portion of the proceeds will be donated to the Women in Cybersecurity Scholarship Fund.

We have secured a room block at The Cosmopolitan starting at $199 per night + taxes and daily resort fees.

Rooms and prevailing rates at The Cosmopolitan are for peak conference nights and available on a first-come, first-served basis. Additional nights may be reserved but are subject to a higher.

You will be able to book your hotel upon completion of your registration.

The Cosmopolitan of Las Vegas

3708 Las Vegas Blvd South Las Vegas, NV 89109 USA



City Room, 2 Queen Beds
09/08/2018 - 09/17/2018
Terrace Studio, 1 King Bed
09/08/2018 - 09/17/2018
Terrace Studio, 2 Queen Beds
09/08/2018 - 09/17/2018
Terrace One Bedroom, 1 King Bed
09/08/2018 - 09/17/2018

Interested in speaking, sponsoring or attending this event? Email or fill out the form below and we'll be in touch.