(as of Nov. 21, 2019 – subject to change)


8 a.m.: Registration Opens
9 a.m.: General Sessions
11 a.m. – 1 p.m. – CPS Innovation and Technology Showcases
1 p.m.: Networking Luncheon
4 – 6 p.m.: WiTH Workshop
6 – 7 p.m.: Networking Reception/MESA Holiday Party


MORNING KEYNOTE: How to Achieve World Class Security (Hint: It Isn’t technology)
Our opening speaker explores the human dimension of security. No data system is perfect with human behavior presenting the biggest security risk. So if nothing is safe, how can your organization operate on the assumption you’ve already been hacked? I will cover dealing with insider threats make the human side of your organization more secure. In this entertaining talk, former Director of R&D at the NSA and Associate Director on National Intelligence emphasizes the challenges with organizational behavior and blind spots in human perception of threats and risks.
Eric Haseltine, PhD, Chairman of the Board, US Technology Leadership Council

AFTERNOON KEYNOTE: Business in The Age of Manipulation
Visual media – not just video but anything we see or hear – is increasingly vulnerable to fakery, forgery and manipulation via tools and technology that are becoming commonplace (or even free). And, with the sophistication of AI and deep learning, these deep fakes are increasingly difficult to easily detect. We are on the precipice of a global revolution in how we determine what is “real” and what is “fake” and on what (or whose) authority. Our Keynote will discuss our need to be proactive in addressing this emerging business (and personal) threat and utilize those same advanced technologies into tools for detection and authentication.
Anthony Sahakian, Chief Executive Officer, Quantum Integrity

CPS 2019 – Opening Remarks
Guy Finley, President, MESA and Executive Director, CDSA

Conference Welcome Remarks
Kai Pradel, Chief Executive Officer, SHIFT

Setting the Stage: CPS 2019 and CDSA 2020
This session provides perspective on the strategic importance of the roles CDSA and the Content Protection Summit play within the Media & Entertainment industry by looking at a year-in-the-life of our global business. What’s been keeping our CDSA Board members busy, what incidents and emerging trends/threats are they facing on a daily basis and what do the next 12 months looks like?
Moderator: Guy Finley, President, MESA and Executive Director, CDSA
Shira Harrison, Vice President, Information Technology, Amblin Entertainment
Jaclyn Knag, Executive Director, Content Security, Paramount
Alex Pickering, Global Content Security Director, BBC and Executive Committee Member, CDSA
Ben Stanbury, Chief Security Office, Amazon Studios and Chairman of the Board, CDSA

Anatomy of a Leak
Earlier this year a system compromise impacted a platform used by multiple content owner companies. Immediately, a group of executives assembled to monitor the situation and forensically determine the nature and implication(s) of the incident. Understanding who, how and where the infiltration originated can become a virtual “murder board” of IP addresses, user IDs and email addresses. This session dissects recent incidents to analyze how we can react as companies and how collaboration can identify and mitigate threats to other platforms.
Christian Kennel, Vice President, Media Operations and Digital Product, Warner Bros.
Alex Nauda, Chief Technology Officer, SHIFT &

Building Trust in Production Security
Producing content in a secure environment is a complex affair involving numerous entities, facilities, business units and cultures (and all of that before the first frame is shot!) Risk is then multiplied with the migration of these environments to applications and cloud as almost every system or workflow is a potential vulnerability. Collaboration and transparency are instrumental to improving your security posture and responding to threats that target these data and applications. A common approach is to diversify risk mitigation measures between internal, external and third-party security tools to adapt to the security demands of this modern workflow. Challenges with governance then arise because of due diligence required for vetting the security capabilities of these numerous systems and services before approving them for on-boarding. The panel discusses how to approach production security in the age of the cybersecurity and cloud.
Moderator: Mark Turner, Consultant, MovieLabs
Anthony Anderson, Senior Director, Film Security, Universal Pictures

October Content Protection Month
In October, CDSA introduced Content Protection Month to our industry as a companion to National Cybersecurity Month. The initiative was led by NBCUniversal who have grown their internal “Content Protection Day” into a whole week by holding events in Los Angeles, London, Philadelphia and Miami. This session looks at how your company can promote community with a heightened awareness and culture of content security by hosting these informational and educational events.
Bob Gold, President, Bob Gold & Associates

Secure Journey to the Cloud: Part 1
As Media and Entertainment organizations embrace the benefits of open, internet based communications and cloud services, they are entering the realm of malicious actors, where even the most advances security organizations are challenged to stay ahead. In this session we’ll introduce the concept of how “doing” security the traditional way, probably won’t “work”. A new approach is required and now is the time for M&E security teams as well as the rest of the organizations, to adapt. Join us to hear about some of the unique challenges added by cloud environments and how to integrate the solutions to those challenges into your security program.
Andrew Lemke, North America Cyber Resiliency Technical Solution Leader, IBM

State of the ME-ISAC
An update to members on the current state of the ME-ISAC regarding the services and information we provide to members. In operation for less than a year, but we have already come so very far. The Internet is a scary place. Yet we are shifting more and more services to the cloud, requiring Internet access even as part of production workflows. The only way we can operate such critical processes over such inhospitable terrain is by knowing what the threats are and avoiding them. The way we find out about these threats is via information sharing. The ISAC provides the platform and means for secure and timely collaboration about threats, risks, vulnerabilities, and incidents between members of the media and entertainment industry.
Christopher Taylor, Director, ME-ISAC

Government Resources to Protect Your Networks
Cyber crimes are on the rise and every year the number of companies that fall victim to ransomware, business email compromise, data breaches, and other cyber attacks increases sharply. These attacks cost companies billions of dollars in losses every year. There are things you can do to protect your networks and data. This panel of industry experts from DHS, the LA Cyber Lab, and the ME-ISAC will provide you with resources available from their respective agencies that will help you improve your security and better defend against common threats from the Internet. These resources (most of them provided completely at no cost to you) will help your companies identify problems that need solved, better understand the threats, and provide guidance on how to defend yourselves from those threats.
Moderator: Christopher Taylor, Director, ME-ISAC
Chris Covino, Cybersecurity Policy Director, City of Los Angeles
Patrick Gaul, Executive Director, National Technology Security Coalition (NTSC)
Deron McElroy, DHS Cybersecurity and Infrastructure Security Agency (CISA)

Forensic Watermarking as Key Pillar of Anti-Piracy Strategy
Recent updates in the CDN space have enabled scalable and cost-effective watermarking, revocation, and enforcement solutions. What are the Pros/Cons of client-side watermarking vs. server-side watermarking? This session will address the connection between watermarking and analysis of piracy sources and support of enforcement activities, describe the role of forensic watermark plays in an anti-piracy strategy, discuss considerations when protecting VOD (Movie and TV) and also Live (Sports and Events) content and help us understand the patterns on how commercial pirates’ source Live and VOD content.
Joe Daniel, Senior Solutions Architect, NAGRA

The Battle Against Global Piracy
Global piracy is continues to grow in both sophistication and ubiquity across device and ecosystem. Content owners struggle to decide which tools are efficient and sufficient for their immediate business need while implementing an effective content protection program for the next-generation of legitimate content distribution. With the emergence of new platforms, one path is to increase investment in forensic development of watermarking, fingerprinting and geo-filtering solutions to block VPNs, to start looking at how people pay these pirates, and increase reliance on biometrics and other authentication technologies. This session discusses three unique business cases, content, software and CPG, and where you should be investing based on your particular need(s), what to consider when deciding on a third-party solution and how best to implement.

The Evolution of Content and Information Security
Protecting content is an evolving challenge as the entire media ecosystem is quickly migrating to cloud infrastructure. Content security and information security have intersected for a number of years, mostly depending upon how much of your business/creative workflow or infrastructure is enterprise or cloud-based. Cloud implementation in content workflow sees these teams working to build the processes and skills necessary to maintain control of these content and distribution workflows. The complexity increases with the increasing availability of new tools and services that solve a practical or immediate business need for the business or creative user. As new applications become the “go-to” options, it is increasingly important for companies to deploy a workflow for onboarding and managing these services. This session discusses new approaches to this federated workflow.

CPS Innovation and Technology Showcases (Multi-Track Break-Out Sessions)
Industry experts from share innovative ideas, processes, or perspectives in an interactive and intimate way with the audience who are free to choose which topic/area they find most interesting. Sessions will address key areas on 3 separate tracks in 30-minute sessions.

Vetting Techniques for Internet Sharing Recipients
Last spring saw an uptick in social engineering attacks on pre-release content. Sharing content beyond your organization can be risky, but is unavoidable in many pre-release workflows. From dailies, to work in progress reviews in post, to press screeners leading up to release, content owners find themselves sharing to “random” emails on the internet, without sufficient tools to uncover social engineers and con artists who have connived their way into sharing distribution lists. However, even small teams can implement basic vetting techniques using readily available tools at minimal cost, by using a set of proven techniques and by sharing information with each other. Learn how to strengthen your content protection by giving all of your teams what they need to take on these important controls, in the form of practical vetting processes, a cheat sheet to refer to, and the backup they need from expertise you already have in house.
Alex Nauda, Chief Technology Officer, SHIFT &

Breaches Are Everywhere: Costly Mistakes of Being Unprepared
Organizations are spending millions to clean up breaches. Seemingly weekly another company gets hit by crippling ransomware, a phishing attack, or leaks customers’ personal information. Could these organizations have been better prepared? Would the damages have been so devastating if they were well equipped? Poor cybersecurity hygiene often leads to gaps in security controls and costly incident response expeditions. In this talk, industry experts share strategies to combat the rise of cybercrime and how to be better prepared for your next cyberattack. Have you built a sustainable cybersecurity program? Do you have a dynamic Information Security Plan? Do you have executive buy-in? Do you have Continuous Security Monitoring (CSM) and Network Security Monitoring (NSM) programs? Have you tested your Disaster Recovery Plan or Incident Response Plan? If not, this talk is for you. Don’t allow your organization to become the next victim of a breach.
Michael Wylie, MBA, CISSP, Director, Cybersecurity Services, Richey May Technology Solutions

TPN: By the Numbers
What are the top-level takeaways from performing (and reviewing) global assessments of facilities across the entertainment supply chain? How can we work together to socialize the basic This session looks at the volume of data being gathered during assessments being performed by the Trusted Partner Network to identify common remediation issues and areas of interest for our community.
Ben Stanbury, Chief Security Office, Amazon Studios and Chairman of the Board, CDSA

Secure Journey to the Cloud: Part 2 – Deeper Dive/Where to Start
Following on from the Introduction on the CPS mainstage, we understand that a complete security program is required to maintain confidentiality, integrity and availability of our critical data and the infrastructure that holds it. In this breakout session we will look a little deeper into where organizations should focus their resources first, to gain the biggest immediate reductions in risk.
Andrew Lemke, North America Cyber Resiliency Technical Solution Leader, IBM

Towards a Common Goal – Ensuring Security in Cloud Environments
If correctly configured and where relevant best practice standards are followed, cloud workflows create undisputed speed, cost and security benefits. If not done correctly, serious security pitfalls can occur, for example: unrestricted access, weak encryption, exposed keys and so on. So why is it so hard to get security right in the cloud? Each business is unique, there are differing methods of configuration plus many control frameworks to follow. It can be complex and confusing and this is where security vulnerabilities can exist.
Chris Johnson, President and Chief Executive Officer, Convergent Risks (Cloud Compliance)
Janice Pearson, Vice President, Global Content Protection, Convergent Risks (Methodology)
Mathew Gilliat-Smith, Advisor, Convergent Risks (Consultancy Engagement)

Advances in Direct to Consumer Watermarking to Combat Latest Pirate Attacks
In this day and age, ensuring end-to-end security from production to distribution to consumer devices is paramount. There is an ever-growing need for anti-collusion measures in any forensic watermarking environment: server-side, or client-side. What are some security techniques and ways to resist collusion? The first step is by taking an active approach with countermeasures with an Advanced Piracy Toolkit. D2C may need to emulate DCI watermarking by combining both video and audio watermarking measures. This session will discuss our main B2C watermarking products STB/OTT Server Side/Quickmark (which are in compliance with latest MovieLabs specifications) and how the latest releases for these products are able to combat attacks by professional pirates.
Ken Gerstein, Vice President, Sales, NAGRA

Click here to view the WiTH Workshop Program 

6 – 7:30 p.m.