IN-PERSON

Dallas CISO Executive Summit

June 24, 2019 | Renaissance Dallas

June 24, 2019
Renaissance Dallas

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Sara Andrews

PepsiCo
SVP, Global CISO

Jason Frugé

Fossil
Chief Information Security Officer

Parrish Gunnels

Fiserv
Director, Information Security Officer

Jairo Orea

Kimberly-Clark
CISO

Shamoun Siddiqui

Neiman Marcus Group
CISO

Duaine Styles

Globe Life
CSO

Agenda

June 24, 2019

mid-afternoon morning afternoon

11:20am - 11:45am Networking Break

11:45am - 1:00pm Keynote

Forward Focus – Is Your Role Changing?

Taren Rodabaugh

VP & CIO, Global Information Services

Harley-Davidson, Inc.

The notion that the role of the CIO is in constant evolution is nothing new, and this same idea applies to CISOs. But how much has really changed? And how can leaders prepare?

In this session, you’ll learn:

Whether new technology is really changing how technology leaders work
Ways to evolve your role to meet business needs
Create a compelling vision for your team

1:10pm - 2:00pm Breakout Session

Cyber Defense in the Age of Retail Digital Fraud

Shamoun Siddiqui

CISO

Neiman Marcus Group

Retail digital fraud is on the rise. As more and more companies adopt the EMV standard for credit cards, the fraud is shifting to online channels. From automated botnet based attacks to account takeovers, the fraudsters are becoming increasingly sophisticated in their attacks.

In this digital age of fraud, it’s worthwhile for organizations to harness AI/ML techniques and other cutting-edge counter defense measures to thwart the cyber criminals.

This session will focus on:

Fraud statistics and how blocking one channel of fraud has spurred the advances in other channels
Understanding the commonly used fraud tactics and techniques
Reviewing some of the common cyber defense techniques to combat this growing threat

1:10pm - 2:00pm Breakout Session

Cloud Care — Tracking Assets at Your Network Edge

Marshall Kuypers

Director of Cyber Risk

Expanse

The proliferation of cloud technologies has created new classes of risk for organizations. It’s easier than ever for employees to circumvent security processes, and the distributed nature of cloud makes it difficult for IT teams to detect exposures.

In this session, you'll learn:

Common cloud risks, their causes and the dangers they pose to your organization
Strategies to identify rogue IT devices
Ways to stop risks from proliferating in the first place

1:10pm - 2:00pm Executive Boardroom

Connecting Security, Risk and IT to Enable a Best-in-Class Program

Ajay Gupta

Chief of Cybersecurity

Humana Inc.

Jeff Kirby

CISO

Interstate Batteries

Michael Siegrist

Product Line Specialist, GRC and Integrated Risk Management

ServiceNow

The breaches of the past few years continue to show us that organizations are overwhelmed and struggling with patching software vulnerabilities. But what if you were able to properly pinpoint the vulnerabilities that represent the most risk and align these risks with overall enterprise risk?

Join this conversation to discuss:

How security, risk, and IT staff can best work together to locate vulnerabilities and remediate cyber risk
Best practices for strengthening governance, risk, and compliance programs
Effective methods for communicating cyber risk to the BOD

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Lawrence Figueroa at 971-222-2374 or lawrence.figueroa@evanta.com.

1:10pm - 2:00pm Executive Boardroom

Managing the Convergence of Global Data Regulations

KC Condit

CISO

G6 Hospitality

Alex Nehlebaeff

Corporate Information Security Manager

Harley-Davidson Financial Services Inc.

Matt Little

Chief Product Officer

PKWARE, Inc.

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organizations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

The current landscape of data privacy regulation around the world
Best practices for managing risk associated with data protection frameworks
Standards and metrics for measuring data protection risk
Data classification strategies to aid compliance, regardless of regulation

7:30am - 8:15am Registration & Breakfast

8:15am - 9:00am Keynote

Develop an Eye for ROI

Jason Frugé

Chief Information Security Officer

Fossil

Mustapha Kebbeh

Global CISO

The Brink's Company

In this interactive session, CISOs from organizations across the size spectrum will split into small groups to share their most creative solutions for stretching their resources as far as possible. Join this session to collaborate on your peers and share your high-impact initiatives for:

Retaining, attracting and developing security talent
Effective incident response
Impactful security awareness training
Unique, creative security strategies

9:10am - 10:00am Breakout Session

Leading in the C-Suite — Bolster Your Executive Presence

Andrew Albrecht

CISO

Michaels

Chuck Lankford

CISO

The Container Store

Mike Tiddy

CISO

BNSF Railway Company

Caught in the crosshairs of leadership and information security, CISOs often are expected to act not only as security professionals, but business leaders. How can CISOs effectively become bold c-suite leaders while also juggling their security demands?

Join this interactive session to explore:

How to tailor communication styles to senior leaders
Ways CISOs can gain the trust of their c-suite
How to prepare for stepping into the CISO role
The leadership capabilities necessary for being an effective CISO

9:10am - 10:00am Breakout Session

Think Differently About Data — Succeed at Threat Hunting & IR

Tom Roeh

Director of Sales Engineering

ExtraHop

Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data.

In this session, you will learn:

Current attack practices, including abuse of legitimate traffic and encryption
How hunters hide from attackers to avoid counter IR maneuvers
Ways to make analysts faster and more effective at validating and responding to threats
Options for empowering cross-training and on-the-job training to increase analysts' skills
Clarity on how gaining visibility into cloud and encrypted traffic

9:10am - 10:00am Executive Boardroom

Cyber-Risk Management — New Approaches for Reducing Your Cyber-Exposure

Mustapha Kebbeh

Global CISO

The Brink's Company

Robert Pace

Vice President, Information Security & Compliance

First American Payment Systems

Kevin Flynn

Senior Product Manager

Tenable

When it comes to reducing cyber risk, overcoming vulnerability overload is critical. Find out how predictive prioritization will improve your vulnerability management efforts so you can focus on what matters most to your business. During this peer-discussion you will explore:

How to use threat intelligence to move the most dangerous vulnerabilities up your priority list
The resources required to effectively assess your environment and prioritize your efforts in a predictive manner
Practices that will help you take appropriate actions to make your organization more secure
How to make your staff more efficient by drastically reducing the number of high priority vulnerabilities they need to remediate

9:10am - 10:00am Executive Boardroom

The Continual Shifting of Threats

David Bell

CISO & Managing Director - Information Security & Technology Risk Management

American Airlines

Gary Todd

Assoc. Director, Cyber Security

PNM Resources, Inc.

Chad Gasaway

Director, Solutions Architecture

Illusive Networks

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

The current threat landscape
How to best discover and thwart nation-state attacks
What security executives can do to build resiliency

10:00am - 10:30am Networking Break

10:30am - 11:20am Breakout Session

You’ve Been Compromised – Now What?

Sailaja Kotra-Turner

Senior Director, IT Security and Risk Management

Brinker International

Duaine Styles

CSO

Globe Life

When an incident happens, things unfold in a frenzy. The board wants to know what happened. There may be financial and legal implications and disclosures required. Your security team wants to know what to do. How do you keep your organization together when the inevitable happens?

In this session, two security leaders discuss:

Best practices for creating a well-rounded response plan that accounts for legal and regulatory requirements
How to collaborate with your entire leadership team, including marketing, public relations, HR and legal teams
Ways to support your CISO peers when they weather a breach

10:30am - 11:20am Breakout Session

Phishing Defense — The Art of Human Intuitive Repulsion

Andy Spencer

VP Sales Engineering

Cofense

As intuitive human beings we often somehow sense when things aren’t quite right. When a newborn is “too quiet,” a sixth-sense can be more reliable than a baby monitor. What applies to life also applies to cybersecurity. Machine learning and artificial intelligence can weed out some of the threats, but they won't catch everything. Find out why trusting your gut – knowing when to say something when you see something – is a key part of any organization's phishing defense. In this session:

Discover security trends, threat-actor tactics and defense strategies across the globe
Learn the types of actual phishing attacks
See how attackers evolve their tactics to avoid perimeter controls

10:30am - 11:20am Executive Boardroom

Modernizing Your SOC

George Finney

Chief Security Officer

SMU Cox School of Business

Gary Toretti

SVP, Chief Information Security Officer

CBRE

Tanuj Gulati

CTO

Securonix

When it comes to taking your data from you, cyber criminals never rest. If they can’t get in one way, they will try another. A sound Security Operations Center - staffed by the right people and with the right tools - should be a key part of your cyber defense strategy.

In this session you will discover how to:

Effectively develop your team
Automate to reduce workloads and drive efficiency
Equip SOC teams to operate within BYOD and Cloud
Create strong KPIs and KRIs to measure success

10:30am - 11:20am Executive Boardroom

Dissecting Recent Breaches and Ensuring Cyber Resiliency

Jason Frugé

Chief Information Security Officer

Fossil

Jessica Nemmers

Manager of Information Security

Commercial Metals

Alex Horan

Director of Product Management

Onapsis

In April 2019, the Department of Homeland Security issued an alert citing "New Exploits for Unsecure SAP Systems" after new exploits, termed "10KBlaze" were publicly released. While protecting endpoint access, phishing, and network monitoring is important, nothing else matters if your core business applications are not a primary strategic component. In this session, we will explore:

Why and how ERP applications are actively under attack
How cloud, mobile and digital transformations are expanding the attack surface
Steps you can take to ensure cyber resiliency and mitigate risk

2:00pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Gaining Organizational Acceptance of Access Management

Lauren Heyndrickx

Senior Director, CISO

JCPenney

Introducing a new access management controls to an organization is rife with technological challenges. But the real obstacle may be in the communication and cultural adoption.

In this session, you’ll explore:

Tactics for getting your organization to embrace access management
Best practices for fast, easy implementation
Ways to communicate your plan to the organization, including the leadership team

2:30pm - 3:20pm Executive Boardroom

Develop Metrics That Influence Business Decision Making

Royce Holden

AVP - Technology Security and Compliance (CISO)

DFW International Airport

Syam Maddimsetty

Director, Information Security and Compliance

Overhead Door Corporation

Security leaders are always trying to improve their metrics to better inform organizational decision making. However, aligning with the business is still a challenge for most.

In this session, you'll discuss:

What makes a metric actionable
How to create a relationship between security and business outcomes
Ways to communicate risk & security metrics to business decision makers

2:30pm - 3:20pm Executive Boardroom

The Zero Trust Approach

Bill Edevane

Director, Information Security

Texas Rangers

Sonya Wickel

Sr Manager Enterprise Security & Compliance

Triumph Group, Inc.

Sean Barrett

Regional Sales Director

MobileIron

Mobile devices and cloud services have dissolved the enterprise IT perimeter. Business data flows freely across a wide information fabric spanning a variety of devices, apps, networks, and cloud services. As traditional network perimeters become obsolete, organizations must address these modern security challenges with a zero trust approach.

In this session, you'll discuss:

The need for a new zero trust approach to information security
The industry’s first zero trust, mobile-centric framework
Advantages of deploying zero trust, mobile-centric security
Tips to get started today on your path to zero trust, mobile-centric security

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

Coffee Table Talk – How To Partner with Your CHRO and CIO

Gregory Ericson

SVP, CIO

Essilor of America

Sonja Hammond

CISO and Privacy Officer

Essilor of America

Deborah Shute Leemaster

Interim Sr. Vice President, Human Resources & General Services

Essilor of America

An organization’s security strategy is only as good as the team supporting it.That’s why collaboration in the c-suite is so vital to creating a robust security program.

Join this coffee table talk to learn: