IN-PERSON

San Francisco CISO Executive Summit

June 25, 2024 | Grand Hyatt at SFO

June 25, 2024
Grand Hyatt at SFO

APPLY TO PARTICIPATE

ALREADY A MEMBER? SIGN IN TO REGISTER

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Yassir Abousselham

UiPath
SVP, CISO

Selim Aissi

HealthEquity
EVP and CSO

Sujeet Bambawale

7-Eleven
VP, CISO

Krishnan Chellakarai

Gilead Sciences
CISO, Head of Information Security & Data Privacy

Cassie Crossley

Schneider Electric North America
VP, Supply Chain Security

Devin Ertel

Menlo Security
Chief Information Security Officer

Al Ghous

Snapdocs
CISO

Leda Muller

Stanford University, Residential and Dining Enterprises
Chief Information Security and Privacy Officer

Kannan Perumal

Applied Materials
Vice President, Chief Information Security Officer

Jeff Trudeau

Chime
VP, CIO & CSO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your San Francisco CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

June 25, 2024

morning afternoon evening

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

Time 2.0 — Applying Design Thinking to the Human Experience of Time

John Coyle

CEO and Founder of "Speaking Design Thinking"

Guest Speaker

Time, as we experience it, is not linear, yet why do we pretend that it is? How do we measure the true value of our time? In this mind-bending session, John K. Coyle will apply creative deconstruction to what we think we know about time, and you will learn how to slow, stop and reverse the perceived acceleration of time most adults feel and experience the endless summers of youth again.

Grab a seat and learn how to:

Understand the forces that govern experiential time
Discover actions you can take to manipulate your perception of time
Design your life to create intense and memorable experiences that expand time

9:15am - 9:40am Networking Break

9:40am - 10:25am Breakout Session

Turning Security Data in Action

Mani Keerthi Nagothu

Americas Field CISO Associate Director

SentinelOne

Security teams have an incredible amount of data but struggle to manage and generate value from this vast data repository. With the right approach to managing security data, CISOs will extract actionable insights that improve their security posture.

Join this session to learn:

Benefits of security data lakes and best practices for implementation
Effective data management strategies that enable and amplify AI use and improve productivity
Leveraging data lakes to strengthen your cyber resilience and security posture

9:40am - 10:25am Breakout Session

Fraternize and Maximize — Sharing Knowledge, Power, and Victory Over Common Risks

Kannan Perumal

Vice President, Chief Information Security Officer

Applied Materials

When it’s harder to attack anyone, it’s harder to attack everyone. It might feel like a brain teaser but, simply put, intra-industry CISO collaboration and collective intelligence partnerships don’t just benefit your business’s lagging competitors. Yes, sharing information with your fellow industry CISOs could give them a leg up on the next big risk but, in a world of exponential connectedness, squashing risk early is never selfless.

Join Kannan Perumal as he discusses:

The unique benefits of consorting with CISOs in your own industry
Why some industries are more apt to support these competitor collabs
The paradoxical support of a business’s ambition and opposition

9:40am - 10:25am Executive Boardroom

Communicating Effectively, Utilizing Outcome Driven Tactics

Tim Crothers

Director, Office of the CISO

Google Cloud Security

As security leaders gain more face time with the board and key stakeholders, communicating in a way that is understood and out of the weeds is getting more necessary. To keep communication effective as CISOs, implementing some of the process improvement tactics to your own style is helpful. Join this boardroom to get insight into:

Developing unique KPIs for your security team and yourself
Setting clear goals that allow your team to exceed them
Outcome driven security and how to implement it into your communication style

9:40am - 10:25am Executive Boardroom

Yesterday’s Shadow IT and Today’s Shadow AI

Drew Ganther

Technology Evangelist, VP of Sales

Grip Security

Karthik Swarnam

Chief Security & Trust Officer

Armorcode

Shadow AI introduced a new layer of risk in a time when security leaders are already grappling with the formidable challenges of managing hidden technical debt and uncovering shadow IT. Today’s digital landscape requires a new approach to risk and governance – one that identifies the shadows already existing in your organization and stops future shadows emerging as you harness the power of emerging technologies.

Join this session to discuss:

Uncovering existing hidden technical debts and shadow IT that inhibit agility, innovation and security
Establishing centralized risk frameworks and governance that are enforceable and scalable
Involving the C-suite and end users in establishing and understanding protections to deter rogue IT and AI

10:25am - 11:05am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:05am - 11:50am Breakout Session

Endpoint, Cloud and the Board — Identifying Risk that Matters

Corey Smith

Vice President of Solution Architects

Qualys

Prioritizing and eliminating the cyber risks that matter most is the ultimate goal of security leaders. But how do you validate that your efforts are hitting the mark? It all comes down to well-crafted measurements: metrics that are reliable and easily understood by all stakeholders across the business.

In this session, we will discuss:

Cybersecurity risk assessment essentials and which risks truly carry weight
Concrete approaches to determine effectiveness of security capabilities
Creating simple "metric cards" to communicate across stakeholders

11:05am - 11:50am Executive Boardroom

Securing the Everywhere World — Building Cyber Resilience through a “Connectivity Cloud”

Stephanie Cohen

Chief Strategy Officer

Cloudflare

Bob Vail

CISO/DPO

Citrine Informatics

When users are everywhere and digital operations span cloud, SaaS, and on-premises environments, achieving cyber resilience becomes paramount. The challenge lies in navigating this complexity and maintaining visibility and control to ensure continuous operation despite cyber threats.

Join this interactive roundtable to discuss:

Optimizing costs and improving security across diverse cloud environments
Adopting Zero Trust philosophies to protect users, data, and applications
Innovating with AI while addressing global regulatory and data privacy requirements

11:05am - 11:50am Executive Boardroom

Doubling Down on Critical Third-Party Risk Vulnerabilities

Kelly White

Co-Founder & CEO

RiskRecon - A MasterCard Company

Ed Machado

ISO & Chief Privacy Officer/ Sr Manager, Information Security

Star One Credit Union

James O'Brien

Deputy Chief Information Security Officer

First Republic Bank

The complete entanglement of cyber risk with business risk is becoming increasingly more visible. CISOs now have an opportunity to better pinpoint third parties that present a threat to the organization. Yet the increasing complexities of third party, and even fourth party, risk management, prompted by a wide range of evolving threats, demands heightened attention. How can CISOs ensure they have a clear understanding of their vulnerabilities across ecosystems and supply chains?

Join this session to discuss:

Identification of vulnerabilities across your vendor landscape to prioritize response efforts
Third-party risk management strategies to safeguard your digital ecosystem
Overcoming resource challenges to prioritize extended supply chain risk

11:50am - 12:20pm Networking & Meal Service

Rising Together — Gender-Inclusive Networking Lunch

Female, non-binary, and allied cyber leaders are invited to eat lunch and connect in our reserved networking space. Hosted by a member of the San Francisco CISO community, those in attendance can freely discuss best practices, key challenges and mission-critical priorities before heading over to the midday keynote.

11:50am - 12:35pm Lunch Service

12:35pm - 1:10pm Keynote

AI/ML and Zero Trust — Driving Business Success

Jay Chaudhry

CEO, Chairman & Founder

Zscaler

As cyber threats become more sophisticated and pervasive, enterprises need to adopt an agile approach to network and security that promotes innovation and mitigates risk. AI/ML and zero trust are the key enablers of this transformation, offering visibility, control, and automation across users, workloads, IoT/OT devices, and business partners.

In this session, you will learn:

How AI will be used to fight AI and how generative AI will contribute to increased numbers of ransomware attacks
How the growth of zero trust segmentation will happen in parallel with the rise of firewall-free enterprises, and Zero Trust SD-WAN will begin to replace traditional SD-WAN
How AI/ML add defensive and analytics capabilities that drive IT and business success

1:10pm - 1:35pm Break

1:35pm - 2:20pm Breakout Session

Powerful Partnerships - Lessons On Linking Security and Privacy

Leslie Stevens

Global Privacy Officer, Associate Vice President Privacy and Compliance

Agilent Technologies

David Tugwell

Senior Director, Information Security/CISO

Agilent Technologies

Data protection, confident compliance, enhanced stakeholder trust, and effective risk mitigation - all are possible when security and privacy executives are working in harmony.

Listen as CPO Leslie Stevens and CISO David Tugwell, both of Agilent Technologies, break down how they:

Divide and conquer the often blended security-privacy workload
Adjust and redevelop their partnership as the scope of their roles demands
Regularly watch the benefits of their teamwork accumulate

1:35pm - 2:20pm Executive Boardroom

The Business of Security — Bridging the Gap Between Cyber Initiatives and Business Impact

Chris Hencinski

Senior Solutions Architect

Expel

Tammy Hawkins

VP of Cybersecurity and Fraud Prevention

Intuit

Economic trends have tightened purse strings everywhere, leaving CISOs and security leaders to demonstrate ROI and defend their budgets. But ROI is notoriously tough to quantify when the primary return for security investment is reduction in risk. As a result, bridging the gap between security investments and actual business impact can be easier said than done, particularly if your cybersecurity spend doesn’t clearly map to organizational goals.

Join this session to discuss:

Identifying the right metrics for quantifying security ROI and business impact
Positioning security as a business enabler, rather than a cost center
Aligning security investments to organizational goals

1:35pm - 2:20pm Executive Boardroom

From Z to A - Extending Zero Trust to APIs

Sean Flynn

Director, Security Technology and Strategy

Akamai Technologies

As more and more organizations adopt a Zero Trust architecture (ZTA), many initiatives overlook the increased prevalence of API-based access to sensitive application functionality and data. As CISOs move forward in their ZTA journey, how can they extend these principles to their API strategy to ensure security from the network layer to the application layer?

Join this session to discuss:

Breaking the kill chain by stopping infection vectors and protecting against lateral movement
Shielding sensitive data and limiting how APIs interact with data
Increasing real-time visibility across the business to mitigate threats

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CxOs).

To reserve your seat, please contact Samantha Flaherty at samantha.flaherty@evanta.com

2:20pm - 3:00pm Networking Break

2:25pm - 2:50pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

3:00pm - 3:45pm Breakout Session

Governing Generative AI in your Organization

Mandy Andress

CISO

Elastic

Generative AI is being utilized by companies and employees alike–sometimes without permission. The normalization of this emerging technology has expanded the attack surface and left many security leaders feeling anxious and uncertain. Is generative AI worth the risk, and how should it be governed in an organization?

Join Elastic’s CISO, Mandy Andress, to explore:

What to expect from the threat landscape as generative AI becomes increasingly normalized
What adopting generative AI does to your attack surface, and if you should even allow it
How to implement governance rules that your organization will follow

3:00pm - 3:45pm Breakout Session

Developing and Upholding Your Supply Chain Standards

Sekhar Nagasundaram

Global Head of Cyber Defense and Threat Management and SVP Technology - Cybersecurity

Elevance Health

Vendor selection, pre-partner due diligence and trusted implementation are merely the beginning of a healthy third-party management culture. With those pieces in place, the real work (like battling for constant visibility and enforcing your requirements) begins. You’ll need to prepare.

Gather and discuss how CISOs have successfully:

Vetted new and prospective third-parties
Monitored their network of existing third-parties
Upleveled and asserted their security requirements and expectations

3:00pm - 3:45pm Executive Boardroom

What Grade Would You Give Your IGA Deployment?

Rich Dandliker

Chief Strategist

Veza

Krishnan Chellakarai

CISO, Head of Information Security & Data Privacy

Gilead Sciences

Identity Governance and Administration (IGA) has been a cornerstone of compliance programs for decades. Despite this history, the reality of IGA rarely matches the customers’ initial expectations and the needs of the business. Increasingly, customers are demanding that IGA tools not only “check the box” for auditors, but also drive forward Least Privilege to secure their organization in today’s landscape of cyber threats.

Join this interactive roundtable session to discuss:

Explore current practices, tools, and effectiveness of IGA programs
Evaluate the extent to which IGA goes beyond compliance to bolster security posture
Identify the critical gaps that may limit the effectiveness of an IGA program.

3:00pm - 3:45pm Executive Boardroom

Navigating the Expanding Challenges of the CISO Role

Paul Davis

CISO, Americas

JFrog

CISOs are now tasked with managing an expanded set of security teams. Now, often managing Development, Application Security and Data Science, the CISO still needs to empower their Security Operations teams to embrace new IT disciplines.

Join your C-level peers for a private conversation on:

Managing new security disciplines
Quickly and securely maturing your software supply chain
Doing it all with consideration to formalized development and delivery pipelines

To reserve your seat, please contact:

Sam Flaherty | sam.flaherty@evanta.com

3:45pm - 4:10pm Break

5:00pm - 7:30pm Networking