IN-PERSON

Dallas CISO Executive Summit

May 30, 2018 | Dallas/Addison Marriott Quorum by the Galleria

May 30, 2018
Dallas/Addison Marriott Quorum by the Galleria

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Sara Andrews

PepsiCo
SVP, Global CISO

Scott Bonneau

Dr Pepper Snapple Group
VP IT Security & Corporate Functions

Parrish Gunnels

Kibo Commerce
CISO

Ajay Gupta

Pizza Hut
Global CISO

Corey Jackson

HollyFrontier Corporation
VP & Global CISO

Jairo Orea

Kimberly Clark Corporation
CISO

Duaine Styles

Torchmark Family of Companies
CISO

Agenda

May 30, 2018

mid-afternoon morning afternoon

11:40am - 12:50pm Keynote

Containing Risk — A CFO Speaks on the Power of C-suite Collaboration

Chuck Lankford

Sr Director, Information Security

The Container Store

Jodi Taylor

CFO

The Container Store

Data breaches and cyberattacks can jeopardize any business of any size. But with costs and incidents on the rise, it’s hard for just one person to keep the sky from falling. Collaboration across the C-suite, especially between the CISO and CFO, is essential in establishing effective security programs. It also helps when it comes to board-level reviews and understanding incident impact from a holistic perspective. Jodi Taylor shares an inside look at her relationship with her CISO and discusses how they’ve worked together to evaluate The Container Store’s risk profile. Learn how the right partnership can lead to better executive understanding of security value.

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Tailoring Your Team – Strategic Rightsizing

Jon Murphy

Global Chief Information Security Officer & Vice President

Ocwen Financial Corporation

Today’s CISOs have a tall order. They must prevent attacks, defend vulnerabilities and evolve security to keep pace with new technology – all on a tight budget. It’s a popular request to do more with less. One way to achieve this? Tailor your team.

In this session, Jon Murphy shares insight on how he helped one organization reduce its headcount by 35 percent to make the business smarter and faster. Through smart rightsizing, Murphy was able refocus IT and redefine job descriptions to drive strategic improvements. For Murphy, it’s all about having the right people in the right seats.

1:20pm - 2:10pm Executive Boardroom

How Can We Measure, Monitor, and Manage Cyber Risk for Organizations?

Mustapha Kebbeh

Director, Global Information Security

The Brink's Company

Duaine Styles

CISO

Torchmark Family of Companies

John Whetstone

Senior Research Architect

NSS Labs

Historically, enterprises have relied largely on the intuition and talent of their technical teams to manage cybersecurity risk. But with the annual cost of cybercrime for the global economy anticipated to reach $500 billion, board members’ expectations of enterprise security teams are changing. Technical teams must now learn to speak the language of business. What KPIs are your team using to measure the effectiveness of your cybersecurity strategy, and how are you obtaining this data? Join this conversation with your peers to discuss how enterprises can begin to eliminate the obscurity that is associated with cybersecurity.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Overcoming Circumstance — Lessons From an Athlete

Inky Johnson

Former NCAA Football Player and Author of “Inky: An Amazing Story of Faith and Perspective”

Ten football games. That’s all that separated Inky Johnson from the NFL. He was a projected top-30 draft pick — a dream he’d had since age 7. But all that changed during his second game. A routine tackle went wrong, and his right arm became paralyzed. He’d never play football again. Still, he knew his life wasn’t over. Harnessing the same discipline and positive attitude he had in training, Johnson motivated himself and excelled despite his circumstance. Join this session to hear his story and leave with lessons that can be applied on and off the field.

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

A Tri-Pronged Approach to Cybersecurity

Scott Bonneau

VP IT Security & Corporate Functions

Dr Pepper Snapple Group

As an emerging security leader, one of the greatest challenges is creating a formal, cross-organizational cybersecurity program that truly engages the business. In this session, Scott Bonneau will lead attendees through the tri-pronged approach he has successfully used at Dr Pepper Snapple Group. Scott’s session will explore the methodologies and milestones for each phase in the process, including the key components of a detailed cyber risk assessment and what makes a successful risk mitigation plan. Scott will review frameworks for navigating the constantly evolving cybersecurity technology and vendor landscape and decision criteria for choosing the best partners.

9:00am - 9:50am Breakout Session

Automating Your Defense

Matt Little

Chief Product Officer

PKWARE, Inc.

As the speed, scope and volume of cyberattacks grows, organizations turn to security automation to fortify their defenses. Some threats are beyond human capabilities to perceive and accurately predict risk scenarios. By standardizing time-consuming processes and prioritizing the biggest threats, you can fine-tune your automation to evolve with the ever-changing threat landscape. What automated tools exist to prevent risks from becoming reality? Join fellow CISOs as they discuss the challenges of automating security and how to implement successful strategies.

9:00am - 9:50am Executive Boardroom

Evolving Your Security Operations Center

Ashok Jayaramulu

Director of Information Security

AIG

Sonya Wickel

Enterprise Security & Compliance Sr. Manager

Triumph Group, Inc.

Jimmy Astle

Senior Threat Researcher

Carbon Black

IT is constantly expanding, introducing new technology and, as a result, new vulnerabilities. To keep up, cyber security must advance at an equal pace. One way to do that is by maturing the security operations center. But this process can create more questions than answers. Executives wonder whether they’re solving the right problems and filling the appropriate security gaps. They wonder whether their SOC is effective and, if not, how to improve it. Rick McElroy explores the components of a mature SOC, sharing his insight on everything from knowing what governance to have in place to finding ways to measure your SOC’s effectiveness.

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

9:00am - 9:50am Executive Boardroom

Teamwork – A CISO’s Newest Defense Against Cyber Threats

William Birchett

Sr Manager IT Security/Local Agency Security Officer

City of Fort Worth

Alex Nehlebaeff

Corporate Information Security Manager

Harley-Davidson Financial Services Inc.

Ray Komar

VP of Technical Alliances

Tenable

Defending an organization from cyber threats needs to be a coordinated effort and requires a "team sport" mentality. This is especially important for IT Security and IT Ops, which play different but interwoven roles in this process. However, in working with customers, friction sometimes exists between the two groups, creating a less-than-optimal workflow for attaining information easily, solving issues cross functionally, reporting appropriately and acting in a collaborative way. How can organizations improve this situation using the old maxim of "people, process and technology"? Join your peers to discuss how organizations are addressing this challenge to create a more coordinated approach to security.

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Multifaceted Multi-factor—A CIO-CISO Perspective

Ravi Malick

SVP & CIO

Vistra Energy

Paul Reyes

CISO & VP, Infrastructure and Security Services

Vistra Energy

As passwords become an increasingly popular target for attackers, organizations are challenged to protect in new ways. But what happens when security gets in the way of business? Ravi Malick and Paul Reyes know well the challenges of driving organization-wide multi-factor authentication. In fact, they failed their first try. In this session, they share lessons learned from their first attempt at implementing multi-factor authentication. They explain the tools used for successful password protection, and the necessary steps for gaining business buy-in.

10:20am - 11:10am Breakout Session

Risk Management Through a Single Pane of Glass

James Baird

VP, IT Security & Compliance

American Cancer Society, Inc.

Jon Tidwell

IT Security Officer

Collin County

Eduardo Cabrera

Chief Cybersecurity Officer

Trend Micro Inc.

In today’s sophisticated threat landscape, advanced attacks leverage multiple threat vectors, crossing user endpoints, servers, networks, web and email. It is important to ensure that your organization’s leadership, staff and technologies provide ongoing cybersecurity oversight and performance measurement. However, over-proliferation of these tools can create a fragmented view of your data. How can risk management, risk governance and incident response be combined into a single pane of glass? This interactive discussion focuses on strategies for identifying and controlling risk, while consolidating your cybersecurity toolbox.

10:20am - 11:10am Executive Boardroom

A Look at the Future Threat Landscape

Robert Edamala

CISO

University of Texas at Arlington

Adam Maslow

Senior Director of Information Security

Raising Canes

Ken Liao

VP of Product Marketing

Malwarebytes

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Several major attacks in 2017 wreaked havoc of historic proportions on unsuspecting organizations. Some companies are still regrouping from the WannaCry ransomware attack. Cryptomining is the latest cybercrime to gain popularity. So what's next, and what should organizations expect to see in the next year? Join this discussion to learn the latest cyber threats and understand what to expect in 2018’s threat landscape.

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

10:20am - 11:10am Executive Boardroom

GDPR – Are You as Prepared as You Think?

Bill Daley

US Head, Information Security & Risk Management

Novartis AG

Shamoun Siddiqui

VP, CISO

Neiman Marcus Group

Cliff Huntington

Global Strategy – Governance, Risk and Compliance

ServiceNow

The General Data Protection Regulation is among the strictest and widest-reaching data privacy frameworks to date. The list of regulations – and the hefty fines attached to violating them – have had organizations scrambling to update strategies, implement policies and even add new positions to their payroll. Since learning of the impending regulations, which officially take effect May 25, organizations have hired data protection officers, improved data encryption and created new customer data policies, among other things. But are these efforts enough? Has your organization taken the necessary steps to comply with GDPR? Join your peers in this roundtable discussion to share strategies and best practices for optimizing your GDPR program

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

11:10am - 11:40am Networking Break

1:20pm - 3:20pm Breakout Session

Breached! A Wargame Simulation

Stephen Carr

Vice President

Booz Allen Hamilton

Howard Foard

Lead Associate

Booz Allen Hamilton

Session only open to non-sponsor attendees.

How prepared is your organization for a major cyberattack? Immerse yourself in this two-part breach simulation through Booz Allen’s interactive BREACHED! Wargame and experience a major cyberattack without risking a thing. Explore the pitfalls and power plays of a major cyberattack scenario, with none of the danger. Working with facilitators, you’ll manage a fictional company and coordinate your team’s response efforts. Learn firsthand what makes for an effective cyber risk management approach, what assumptions should drive response plans and how to prioritize threats and risks. This is part one of a two-part workshop.

The Booz Allen Hamilton war games simulation is a two-hour session that will run from 1:20pm to 3:20pm. The first hour features a breach simulation, followed by an hour-long roundtable discussion.

To reserve your seat, please contact:

Lawrence Figueroa at 971-222-2374 or Lawrence.Figueroa@evanta.com

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Delivering Trust And Confidence Through Resilience

Mike Lloyd

CTO

RedSeal

How can we maintain confidence in the face of on-going cyberattacks? Unfortunately, an arsenal of traditional technologies has not protected organizations. And as attacks become more frequent, confidence wavers. Will CISOs ever find an adequate defense? Today’s evolving threat landscape calls for an equally evolved strategy. Organizations must find ways to remove the bullseye and promptly detect potential attacks, which means having enough situational awareness to respond quickly to contain and reverse damage. During this session, discover the steps you can take in your journey to resilience to keep damage to a minimum.

2:30pm - 3:20pm Executive Boardroom

Embedding Awareness Into the Culture

George Finney

Chief Security Officer

SMU Cox School of Business

Eric Fisch

EVP, Information Security Officer

Texas Capital Bancshares, Inc.

For most organizations, the majority of risk profile factors are due to a lack of user knowledge, and the changing workforce only exacerbates this problem. Oftentimes, it comes down to an education issue and approaching end-user risk from the standpoint that employees are not intentionally malicious. To mitigate risk, organizations must educate employees. They can do this by deploying company-wide trainings or embedding education in new hire training. The purpose: to integrate security education into corporate culture. Join your peers for a discussion on strategically weaving security training into your corporate culture, sharing what’s worked and what hasn’t.

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

CIO-CISO Collaboration – True Peers and Partners

Julia Davis

SVP & CIO

Aflac

The most productive CIO-CISO partnerships are built on trust and flourish when the relationship is embraced throughout the organization. In this session, Aflac’s CIO Julia Davis will share how she continues to drive toward the optimal CIO-CISO partnership. Learn about the steps Davis took to hire a global security officer who also would be a true peer. Listen in as she discusses how she worked with her security officer to weave together two interdependent roles to achieve the ultimate goal of a strong CIO-CISO partnership and how it benefited Aflac.

4:20pm - 5:00pm Closing Reception & Prize Drawing