IN-PERSON

Boston CISO Executive Summit

May 7, 2019 | InterContinental Boston

May 7, 2019
InterContinental Boston

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Kevin Brown

Boston Scientific
CISO

Brian Haugli

Recognized Industry Expert

Larry Jarvis

Iron Mountain
CISO

Lorna Koppel

Tufts University
Director of Information Security/CISO

Taylor Lehmann

Tufts Medical Center
CISO, Wellforce

Michael McNeil

Philips Healthcare
Global Product Security & Services Officer

Holly Ridgeway

Citizens Bank
Chief Security Officer

Agenda

May 7, 2019

mid-afternoon morning afternoon

11:40am - 12:50pm Keynote

Building Tomorrow's Defense … Today

Jason Clark

CSO

Netskope

For the last 20 years, security leaders have reactively implemented security solutions that are little more than a layering of outdated products. The result? An inefficient and unnecessarily complex defense. Like the attackers that threaten their enterprises, security leaders must constantly rethink how they approach security in order to stay on top.

In this keynote, Jason Clark challenges CISOs to:

Rethink their approach to enterprise security.
Prepare to drive fast-paced change.
Build a new security blueprint that can be used for years to come.

1:20pm - 2:10pm Breakout Session

Pen Test Your Board Pitch — An Interactive Exercise

Tony Faria

CISO

FM Global

Brian Haugli

Recognized Industry Expert

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

Create and deliver a board pitch.
Receive real-time feedback on your pitch.
Learn best practices and strategies for communicating with your board.

1:20pm - 2:10pm Breakout Session

Delivering Trust and Confidence Through Resilience

Mike Lloyd

CTO

RedSeal

Protection, detection, disaster recovery and business continuity strategies are crucial when it comes to managing cyberattacks. But are they truly effective? Clearly they have not been able to stop, nor reduce the astounding losses associated with these incidents.

Ray Rothrock, CEO of RedSeal, shares:

How to maintain confidence in the face of ongoing attacks
Which approaches are most effective
How to evolve your strategies to be more resilient

1:20pm - 2:10pm Executive Boardroom

The Continual Shifting of Threats

Justin Armstrong

Security Architect

Meditech

Kevin DeLange

VP and CISO

IGT Global

Wade Lance

Principal Solutions Architect

Illusive Networks

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

The current threat landscape
How to best discover and thwart nation-state attacks
What security executives can do to build resiliency

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager.

1:20pm - 2:10pm Executive Boardroom

Halt Breaches at the Endpoint

Bobby Narasimham

CISO

AstraZeneca

Stephen Pyne

Director, Information Security

Eze Software Group

Grady Johnston

VP of Americas

Deep Instinct

Regardless of whether a breach results from employee negligence or an attacker, it only takes one click for bad guys to begin wreaking havoc. However, education, employee engagement and new technology can help avoid these disasters.

During this session, discuss ways to:

Bolster your endpoint security strategy using deep learning
Understand the differences between machine learning and deep learning
Identify your most vulnerable endpoints

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

What's Trust Got to Do With It?

David Horsager

CEO and Best-Selling Author, "The Trust Edge"

Trust is both a fundamental business issue and the biggest asset of a company. Without trust, companies lose reputations, relationships, and revenue. With trust, organizations enjoy greater creativity, productivity, and results. Through extensive research and experience, David Horsager learned what it takes to gain — and keep — the “Trust Edge.”

Join this session as Horsager outlines:

The keys to building morale, sales, and customer loyalty
His Eight-Pillar Framework for building trust in an organization
Creating successful leaders and organizations centered on the tenants of trust

9:00am - 9:50am Breakout Session

Securing Success – Principles of a Sound Cyber Program

Esmond Kane

Deputy CISO

Partners HealthCare

Running a strong security program requires a fail-fast mindset and the right people at the helm. The best programs are collaborative, agile and business focused – just like the people who run them.

In this session, you’ll explore:

Principles for designing a sound security program
A staffing strategy to hire the right people
Survival tactics when things go wrong

9:00am - 9:50am Breakout Session

Develop Metrics That Influence Business Decision Making

Srinath Sampath

Senior Director, Analyst

Gartner

Security and risk management leaders are always trying to improve their metrics to better inform organizational decision making. However, aligning with the business is still a challenge for most. Key risk indicators should provide actionable information to decision makers.

In this session, you'll learn how to:

Define what makes a metric actionable
Create a relationship between security and business outcomes
Present risk & security metrics to business decision makers

9:00am - 9:50am Executive Boardroom

Managing the Convergence of Global Data Regulations

Steven Keller

AVP, Chief Information Security Officer

MAPFRE

Joe Sturonas

CTO

PKWARE, Inc.

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organizations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

The current landscape of data privacy regulation around the world
Best practices for managing risk associated with data protection frameworks
Standards and metrics for measuring data protection risk
Data classification strategies to aid compliance, regardless of regulation

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Handing Over the Reins on Risk — To Your Business

Bill Hill

CISO

MITRE

Traditionally, CISOs have been responsible for assessing and managing organizational risk. They decide how much risk an enterprise can shoulder. But what if security leaders released that control and business units took ownership instead?

In this session, Bill Hill shares how to:

Improve risk management by involving the business in decision making
Challenge the traditional security mindset
Evolve your security program alongside the business

10:20am - 11:10am Breakout Session

How to Discover Cloud Shadow IT Infrastructure

Matt Kraning

Co-Founder and CTO

Expanse

The move to the cloud has led to great increases in agility and cost savings in information technology, but it's enabled employees to evade centrally-mandated security controls, unlike in on-premise environments.

In this session,you’ll explore:

Risks of shadow cloud infrastructure
Lessons from relevant cases studies
Techniques to identify rogue cloud assets and prevent them from being created

10:20am - 11:10am Executive Boardroom

The People Problem — Security Awareness Training

Bobbi Bookstaver

Manager Information Security

Shawmut Design and Construction

Joe Burgoyne

Sr. Director, Cyber Security

GE Healthcare Bio-Sciences

Even as security tools become increasingly advanced, the biggest vulnerability in a company continues to be its people. With attacks on the rise, executives must make employee training even more sophisticated.

In this boardroom, you’ll:

Discuss different educational approaches with your peers
Determine how to evaluate the level of training needed
Identify key training components and methods of measuring their efficacy

10:20am - 11:10am Executive Boardroom

Modernizing Your SOC

Alex Cunningham

CISO

Advisor360

Jon Fredrickson

ISO

Blue Cross and Blue Shield of Rhode Island

Sudhir Udipi

Director, Systems Engineering, CISSP, GCNA, GCFA

Securonix

When it comes to taking your data from you, cyber criminals never rest. If they can’t get in one way, they will try another. A sound Security Operations Center - staffed by the right people and with the right tools - should be a key part of your cyber defense strategy.

In this session you will discover how to:

Effectively develop your team
Automate to reduce workloads and drive efficiency
Equip SOC teams to operate within BYOD and Cloud
Create strong KPIs and KRIs to measure success

11:10am - 11:40am Networking Break

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Cybersecurity & Privacy for Digital Innovations at Scale

Ilya Kabanov

Global Director, Application Security & Compliance

Schneider Electric

Organizations seek to drive responsible innovations and earn the trust of customers and partners in the digitized world. With 160,000 employees across 100+ countries, Schneider Electric takes “digital” seriously and has embedded privacy and security into hundreds of digital offers and internal applications on a global scale.

Join this session to learn:

An actionable and scalable framework that delivers secure and compliant applications on a global scale
Practical lessons on how security and compliance can empower digital innovations
The importance of earning the trust of customers and employees in a digital era
Strategies to overcome barriers within your organization and among partners

2:30pm - 3:20pm Executive Boardroom

Identifying the Way Forward in IAM

Eric Jacobsen

Executive Director of Information Security

Boston University

Mark Nardone

Associate VP and CISO

Northeastern University

Robert Aragao

Chief Security Strategist, Security Risk & Governance

Micro Focus

How are your peers balancing business agility and business security in their identity and access management strategy? Join this roundtable discussion to discuss your framework and vet future plans, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

Methodologies that satisfy users while maintaining adequate access controls
Communication techniques to streamline acceptance of IAM across the business
Roadmaps for deciding what technology is the best fit

2:30pm - 3:20pm Executive Boardroom

Cyber-Risk Management: New Approaches for Reducing Your Cyber-Exposure

Jay Carter

Dir., Information Security

MEMIC

Mark Teehan

Chief Information Security Officer

Harvard Pilgrim Health Care

Jeff Wallat

Regional Manager

Tenable

When it comes to reducing cyber risk, overcoming vulnerability overload is critical. Find out how predictive prioritization will improve your vulnerability management efforts so you can focus on what matters most to your business. During this peer-discussion you will explore:

How to use threat intelligence to move the most dangerous vulnerabilities up your priority list
The resources required to effectively assess your environment and prioritize your efforts in a predictive manner
Practices that will help you take appropriate actions to make your organization more secure
How to make your staff more efficient by drastically reducing the number of high priority vulnerabilities they need to remediate

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

The Predictions Panel – A Look at Future Threats

Bobbi Bookstaver

Manager Information Security

Shawmut Design and Construction

Mark Connelly

CISO

Boston Consulting Group Inc.

Larry Zorio III

CISO

Smith & Nephew US

To truly safeguard an organization, CISOs mustn’t merely focus on existing threats, but future ones, too. They have to ask themselves – what types of attacks should I be prepared for?

In this interactive session, prepare to:

Listen to a panel of CISOs predict the biggest threats of 2020
Share your own threat predictions for 2020
Discuss how to predict threats and – more importantly – how to prepare for them
Put your predictions in a time capsule, which will be opened and discussed at a 2020 Boston CISO Summit

4:20pm - 5:00pm Closing Reception & Prize Drawing