IN-PERSON

Dallas CISO Executive Summit

November 5, 2019 | Hyatt Regency Dallas

November 5, 2019
Hyatt Regency Dallas

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Sara Andrews

PepsiCo
SVP, Global CISO

Sonja Hammond

Essilor of America
CISO & Privacy Officer

Jairo Orea

Kimberly-Clark
CISO

Shamoun Siddiqui

Neiman Marcus Group
CISO

Duaine Styles

Globe Life
SVP & Chief Security Officer

Gary Toretti

CBRE, Inc.
SVP, Chief Information Security Officer

Agenda

November 5, 2019

mid-afternoon morning afternoon

11:20am - 11:45am Networking Break

11:45am - 12:30pm Lunch & Comments

Lunch & Interactive Discussion

In this networking lunch you have the opportunity to hold relevant conversations with peers facing similar challenges and opportunities in a specific industry. The below questions are a guideline for you to start your topical table conversations.

Security operations
- What is the maturity of your security operations program?
- What is your process for building an operational playbook?
- What KPIs or KRIs do you use to measure success?
Communication and awareness
- How do you approach security with a holistic lens?
- What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
- How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?
Access and Identity Management
- What strategies and tools are you using to improve visibility into your systems?
- How are you integrating the user experience with security?
- How are you measuring the success of your access management program?
Governance and privacy
- How are you responding to/preparing for regulatory changes?
- How do you balance compliance with business requirements?
- What standards and metrics are you using to measure risk?
Talent and developing leaders
- What are some tangible strategies for creating and developing new talent resources?
- What best practices exist for retaining talent, once secured?
- How are you developing your future leaders? What succession plan strategies do you have in place?

12:30pm - 1:00pm Keynote

Creating Secure Environments Through Healthy Boundaries

Lakshmi Hanspal

Global Chief Security Officer

Box

If your company’s information initiatives are requiring you to reevaluate the boundaries for trust and security, you are not alone. Information is the lifeblood of businesses, but in a multi-cloud environment, keeping it secure is complex.

In this keynote, join Lakshmi Hanspal, Global Chief Information Security Officer at Box, and learn how to:

Rethink your organizations boundaries for trust and security
Partner with business stakeholders to address trends and challenges we face in the cloud era
Effectively leveraging machine learning to keep up the speed of business

1:00pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Prepare for a Major Cyber Attack

Royce Holden

AVP - Technology Security and Compliance (CISO)

DFW International Airport

Most CISOs feel comfortable managing the minor security incidents with standardized processes, but what about major incidents that shake the very foundation of your organization like the NotPETYA attack? Such crises can be career changing.

Join this workshop to:

Learn the basic building blocks of effective cybersecurity crisis response
Share challenges and best practices in managing major security events
Benchmark against your peers and identify lessons learned

1:20pm - 2:10pm Breakout Session

Vendor Risk Management — A Conversation

KC Condit

CISO

G6 Hospitality

In today’s world, digital transformation efforts are driving companies to increasingly rely on outside service providers. As new privacy laws target these relationships, the expectations for the vendors hired to protect the integrity of shared information are higher than ever.

In this session, uncover answers to your pressing questions, including:

What strategies are most effective when assessing vendor risk?
How do you ensure vendors are complying with evolving privacy regulations?
How do you convey vendor risks to senior leadership and to your board?

1:20pm - 2:10pm Executive Boardroom

Identifying the Way Forward in IAM

James Eppolito

Director of Security and Risk

Dean Foods

Adam Maslow

Senior Director of Information Security

Raising Cane's

How are your peers balancing business agility and business security in their identity and access management strategy? Benchmark your framework and vet future plans against peers in this session, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

Methodologies that satisfy users while maintaining adequate access controls
Communication techniques to streamline acceptance of IAM across the business
Road maps for deciding what technology is the best fit

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Lawrence Figueroa, Program Manager, at 971-222-2374 or Lawrence.Figueroa@evanta.com.

7:30am - 8:15am Registration & Breakfast

8:15am - 8:30am Opening Comments

8:30am - 9:00am Keynote

Closing the Security Gap — Automation, AI & IoT

Dr. Larry Ponemon

Chairman and Founder

Ponemon Institute

Following a global survey of almost 4,000 IT professionals across the Americas, Europe and Asia, Dr. Larry Ponemon chairman and founder of the Ponemon Institute and pioneer in information security and privacy research, shines light on some of the most pressing issues for security executives:

Why are CISOs struggling to identify, detect, contain, and resolve data breaches and other security incidents?
What are security gaps making it easier for attackers to penetrate your perimeter defense systems?
Why are security gaps so hard to close?
What technologies and processes can help you keep a step ahead of bad actors?

9:00am - 9:20am Networking Break

9:20am - 10:10am Breakout Session

Doing Everything Right and Still Getting Hacked

Aamir Lakhani

Global Security Strategist

Fortinet

Why do organizations still get breached when they are performing pen tests, auditing networks, following compliance, and implementing the latest security technologies that take advantage of anomalous behavior models, artificial intelligence, and machine learning?

This talk will examine:

Real-world breach examples
How cybersecurity failed to keep attackers away
What could have been done to keep attackers out

9:20am - 10:10am Breakout Session

Effective Communication at Any Level

Sujeet Bambawale

CISO

7-Eleven

For CISOs, effective communication needs to extend to every level and every employee of the business. How can CISOs communicate risk and the importance of cybersecurity across the entire organization?

In this session, you will learn strategies to:

Communicate risk in terms of audience, brand, and dollar impact
Cater cybersecurity to the entire organization
Create a transparent risk framework

9:20am - 10:10am Executive Boardroom

Protecting Your VIPs, and Your VAPs (Very Attacked People) Too

Sonja Hammond

CISO & Privacy Officer

Essilor of America

Cameron McElhinny

CISO

Textron

Lucia Milica

Resident CISO

Proofpoint

For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Lucia Milica of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

Join to learn:

Why nearly all threat actors have shifted away from technical exploits to compromise their targets
How organizations can leverage threat data to understand which people and departments are highly targeted
How to design effective protection for highly attacked, highly vulnerable, and highly privileged users

9:20am - 10:10am Executive Boardroom

Cyber-Risk Reporting for the Board

Michael Britton

CISO

Alliance Data

Eric Fisch

EVP, Information Security Officer

Texas Capital Bank

Mike Priest

CISO

Globe Life

Gaurav Banga

Founder & CEO

Balbix

Only 9% of cybersecurity professionals say that their communications with C-staff and board members are effective (Ponemon Institute 2019). Today, most C-suite and boardroom discussions on cybersecurity are based on gut feelings and incomplete data. In this boardroom, you will explore:

Effectively presenting risk to the Board and C-Suite
How to calculate risk and report on the business criticality of vulnerabilities
What a mature and cyber-resilient security posture looks like

10:10am - 10:30am Networking Break

10:30am - 11:20am Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Neal Roylance

Director of Security Research

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

10:30am - 11:20am Breakout Session

Taking Your Organizational Redesign to New Heights

David Bell

CISO & Managing Director - Information Security & Technology Risk Management

American Airlines

An organizational redesign can provide the facelift necessary to breathe new life into stale processes and connect siloed teams. But how do you manage such a big shift in tech teams?

In this session, you’ll learn:

How to manage team culture during a large-scale shift
Lessons for structuring an organizational redesign
What organizational changes created the best impact

10:30am - 11:20am Executive Boardroom

Next-Generation Cloud Security

Jeff Schilling

CISO

Epsilon

Aaron Munoz

Chief Information Security Officer

Texas Christian University

Amy Claire Smith

Executive Cloud Security Architect

IBM

As organizations increasingly turn to cloud-based services, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud.

In this boardroom we’ll discuss:

Automation, orchestration, AI and machine learning strategies
Nuances for hybrid on- and off-premise systems
Ways to incorporate security into your cloud strategy

10:30am - 11:20am Executive Boardroom

Becoming a Proactive, Threat Hunting SOC

Kevin Charest

DSVP & CISO

Health Care Service Corporation

Ajay Gupta

Chief of Cybersecurity

Humana

Scott Moser

Chief Information Security Officer

Sabre

Partha Panda

CEO

Cysiv

Enterprises need to excel at quickly sifting through a massive amount of telemetry to accurately detect, hunt for and investigate threats that are targeting them. But making the shift from a compliance-based SOC, without the right tools, skills and resources, can be daunting.

During this boardroom, you will discuss:

The importance of becoming more effective and proactive in these tasks
How data science and automation are reshaping traditional SOC models
New approaches to augmenting an existing SOC or establishing a virtual SOC

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Failure as a Journey to Success

Billy Spears

EVP, CISO

loanDepot

It's not easy to be a cybersecurity professional. The pressure to be right each and every time is immense. After all, cyber criminals only need to be right once to gain access to your systems, compromising your data and assets. No one likes to fail – especially when it comes to keeping organizations secure. But experiencing failure can be positive – leading to increased knowledge, enhanced skills and stronger defenses. Join Billy Spears on his inspirational journey to success, where he will share:

How you can effectively raise security awareness in your organization
Strategies that can shift security priorities so the right issues receive the attention that they need
How to bring the CISO role closer to the business to better align security with company objectives

2:30pm - 3:20pm Executive Boardroom

Solving the Compliance Conundrum

Alex Nehlebaeff

Corporate Information Security Manager

Harley-Davidson Financial Services Inc.

CISOs are not only working to thwart potential cyber attacks — they're walking a regulation tightrope, carefully balancing the ever-developing data privacy legislation. Whether considering GDPR, CCPA or the many other developing privacy laws, CISOs are struggling to meet often conflicting regulations.

Join this round table to learn:

How to interpret the implications of regulatory requirements
Practical tips and lessons to manage privacy risk
Where data privacy laws conflict — and how to manage it

2:30pm - 3:20pm Executive Boardroom

The People Problem — Security Awareness Training

George Finney

Chief Security Officer

Southern Methodist University

Scot Miller

VP, CISO

Mr. Cooper

Even as security tools become increasingly advanced, the biggest vulnerability in a company continues to be its people. How do you integrate an awareness education into your corporate culture?

In this boardroom, you will:

Discuss different educational approaches with your peers
Determine how to evaluate the level of training needed
Identify key training components and methods of measuring their efficacy

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:20pm Keynote

Executive Presence for Lasting Leadership

Chris Ulrich

Body Language Expert & Political Consultant

Author & Thought Leader

Any given gesture — a nod, a point of the finger — unconsciously communicates powerful ideas and feelings that have tangible consequences. Top executives are generally proficient in their ability to interact with others, but the stakes are raised during high-level negotiations, reporting to the board, inspiring and empowering senior managers or dealing with tricky internal matters.

Join body language expert Chris Ulrich as he shares: