IN-PERSON

Dallas CISO Executive Summit

May 17, 2022 | Marriott Allen Hotel and Convention Center

May 17, 2022
Marriott Allen Hotel and Convention Center

Collaborate with your peers

Get together with Dallas's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Supporting business agility with risk-based programs

Evaluating, communicating and responding to evolving threats

Building a culture of security to enable smart, secure decision-making

Dallas CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Sara Andrews

Experian
Global CISO

Mustapha Kebbeh

The Brink's Co
Global CISO

Mike Priest

Globe Life
CISO

Shamoun Siddiqui

Neiman Marcus
VP, CISO

Gary Toretti

CBRE
SVP, Chief Information Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Dallas CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


May 16, 2022

6:00pm - 8:30pm  Governing Body Welcome Reception

Governing Body Private Dinner

Governing Body members host this dinner for attendees to launch the event with an evening of peer networking.

11:30am - 12:30pm  Lunch Service

12:35pm - 1:05pm  Keynote

Third-Party Cyber Risk — Zero-Day Findings and Mitigation

Jim Rosenthal headshot

Jim Rosenthal

CEO

BlueVoyant

Managing distributed risk is today’s defining cybersecurity challenge. Mitigation of zero-day vulnerabilities is critical as adversaries exploit supply chain entities. This session explores how to identify all third parties impacted by zero-day vulnerabilities and guide their mitigation efforts. Your vendor, supplier, and partner ecosystem is now your enterprise attack surface.

Join this session to learn:

  • How to manage distributed risk associated with hundreds and even thousands of vendors, suppliers, and partners
  • Approaches to identify, prioritize, and mitigate active threats and critical/zero-day vulnerabilities
  • Strategies to reduce supply chain/external ecosystem risk associated with zero-day

1:05pm - 1:20pm  Break

1:20pm - 2:05pm  Breakout Session

Law & Order - Cybersecurity Edition

Shawn Tuma headshot

Shawn Tuma

Cybersecurity & Data Privacy Partner

Spencer Fane LLP

Cybersecurity is a team sport that requires resilient relationships across the C-suite. Does your executive team collaborate effectively or could they use some coaching? Shawn Tuma, partner at Spencer Fane, has invaluable experience in guiding organizations through breaches, expertise in cyber insurance and unique insights into how leaders view cybersecurity.

 Join Tuma as he discusses:

  •  The role of legal in the cyber risk management process
  • Essential knowledge and common pitfalls of cyber insurance
  • The best way for CISOs to collaborate with legal and across the C-suite

1:20pm - 2:05pm  Executive Boardroom

The Indispensable Human Element of Cybersecurity

Michael Leland headshot

Michael Leland

Chief Cybersecurity Evangelist

SentinelOne

Mike Tiddy headshot

Mike Tiddy

CISO

BNSF Railway

Scott Moser headshot

Scott Moser

Chief Information Security Officer

Sabre Corporation

Eric Puleo headshot

Eric Puleo

Director IT Information Security

Commercial Metals

Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important tools of defense, leaders must balance the overwhelming speed and accuracy advantage of AI with the need for measured and intuitive interactions with a real-world human element.

Join this session to discuss:

  • What these trends mean for the hands-on practitioner
  • When the velocity of innovation outpaces the capabilities of human intellect
  • The role of automation in the effective practice of securing our digital world

1:20pm - 2:05pm  Executive Boardroom

Software Supply Chain Management Hygiene

Aaron Munoz headshot

Aaron Munoz

Chief Information Security Officer

Texas Christian University

Paul Meharg headshot

Paul Meharg

Solutions Architect Director

Sonatype

Software hygiene practices are like handwashing prior to surgery; at one point laughable, now an essential and integral step prior to every procedure. Why are organizations still not putting enough focus on adopting essential software hygiene practices for supply chain management, even though they know they should?

Join this roundtable session to discuss:

  • Encouraging developers to adopt a set of security and governance daily routines
  • Overcoming the knowledge sharing gap between Security, Developer, and IT Operations
  • Positioning software hygiene as a practice that generates not simply risk value, but revenue value 

7:30am - 8:15am  Registration & Breakfast

8:30am - 9:00am  Keynote

Stress and the CISO — Practical Strategies to Mitigate Burnout

Sheila Hamilton headshot

Sheila Hamilton

Mental Health Thought Leader and Author of "All the Things We Never Knew"

Guest Speaker

Today’s CISOs face daunting challenges. It is a balance between fighting off increasingly sophisticated attacks, managing scarce resources, and working with stakeholders that often don't understand the inevitability of a breach. Since there continues to be a knowledge gap about the criticality of the CISO’s role, it is no surprise that they’re experiencing stress and burnout at unprecedented rates. How can CISOs make their careers sustainable and maintain a sense of well-being?

Join this keynote to explore:

  • How to recognize the signs and symptoms of toxic stress and burnout
  • How to remain engaged, energized, and focused during turbulent times
  • Methods to reduce stress at work and how to not let the stress overlap into personal lives

9:00am - 9:30am  Networking Break

9:30am - 10:15am  Breakout Session

What If The Browser Was Designed For The Enterprise?

Mike Fey headshot

Mike Fey

CEO and Co-Founder

Island.Io

The application enterprises use the most is the browser. In fact, it has become our primary work environment, but the browser we most often use was built for consumers. So, we have surrounded it with an endless, complex and expensive stack that overwhelms your security teams and interrupts end users. But what if the browser was designed for the enterprise? What could that do for security, productivity and work itself?

Join this session to discover how an enterprise browser can:

  • Protect critical SaaS and internal web applications
  • Streamline and secure third-party contractor access and BYOD strategies
  • Give you last-mile control to protect users’ activity with critical applications and underlying data

9:30am - 10:15am  Breakout Session

Life After Breach

Shamoun Siddiqui headshot

Shamoun Siddiqui

VP, CISO

Neiman Marcus

There are two types of organizations — those that have been breached and those that will be. Data breaches may be inevitable and do not correlate with the maturity of cyber security programs. Financial services and defense organizations that spent hundreds of millions of dollars on building the most mature security programs still get breached. So what happens after a breach? Is there still life after a data breach?

Join Shamoun Siddiqui, VP, CISO, Neiman Marcus as he discusses: 

  • Leading and navigating your company through a data breach and what to do to prepare for it
  • Communicating risk to the Board and building their confidence in your security program
  • Challenges and best practices in managing major security events

9:30am - 10:15am  Executive Boardroom

Deter Breaches and Build Resilience Within the Cloud

Mark Bowling headshot

Mark Bowling

Vice President, Security Response Services

ExtraHop

Dewakar Garg headshot

Dewakar Garg

Sr. Director of Information Security & Compliance

Mavenir

Asif Effendi headshot

Asif Effendi

Security Leader

Baker Hughes

While cloud providers will protect the security of the cloud itself, CISOs are often responsible for securing their infrastructure within the cloud. Attackers are aware of the visibility gaps in multi-cloud and hybrid environments. After they slip past perimeter defenses, they will work their way toward carrying out a costly breach or extortion, undetected until it’s too late.

Join this session to discuss:

  • Key ways to reduce cyber risk and dwell time while building resilience
  • The advanced attack techniques that bad actors rely on and how to spot them
  • Strategies to increase the speed of detection and mitigation within cloud environments

9:30am - 10:15am  Executive Boardroom

The Ongoing Fight to Secure Business Email

Mike Britton headshot

Mike Britton

CISO

Abnormal Security

Paul Reyes headshot

Paul Reyes

CISO, VP of Cyber Security, Risk, & Compliance

Vistra Corp

Mike Priest headshot

Mike Priest

CISO

Globe Life

Despite their efforts, from phishing simulations to security awareness campaigns, CISOs from organizations big and small keep falling short when it comes to stopping Business Email Compromise (BEC) attacks. But, if everyone has an email security program, why are the losses associated with BEC still climbing?

Join this session to discuss:

  • What is working, or not working, with existing processes and technology?
  • How do we solve the “human factor” in the equation?
  • Best practices for preventing loss related to a BEC attack?

10:15am - 10:45am  Networking Break

10:20am - 10:45am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

10:45am - 11:30am  Breakout Session

Taming the Beast: Identities and Access-Based Threats in your Cloud Infrastructure

Toby Buschini headshot

Toby Buschini

Vice President of Worldwide Sales

Ermetic

Anand Singh headshot

Anand Singh

SVP, CISO

Alkami

Dan Luera headshot

Dan Luera

Hosting Architect

Tyler Technologies

Marlo Bell headshot

Marlo Bell

Azure Platform / Security Principle Architect

ExxonMobil

Cloud identities and entitlements are no longer something you can ignore. With the explosion in the numbers of human and service identities across cloud environments such as AWS, Azure, and Google Cloud, uncontrolled access permissions are one of your largest attack surfaces and determine your blast radius in case of a breach. Excessive entitlements - defined intentionally or unwittingly - can lead to accidental or malicious use, exposure of sensitive data, and more.

Join this panel session to discuss: 

  • Why identities are the new security beast to tame in cloud infrastructure environments
  • Why monitoring and restricting permissions must be core to every security program
  • Fresh views on using automation to remediate risk

10:45am - 11:30am  Breakout Session

The Foolproof Way to Solving The Great Resignation

Patrick Benoit headshot

Patrick Benoit

VP, Global Cyber GRC / BISO

CBRE

The truth is, there's not one. The phenomenon that is the Great Resignation, and the worries that surround it - talent and skills shortages, hiring and retention dilemmas, etc. - all have left CISOs scratching their heads looking for a solution. In this interactive session, you'll join CISOs that might be thinking similarly (or differently) about the daily scenarios you face when navigating through the Great Resignation.

Join this interactive session in small groups to debate and collaborate on team building scenarios including: 

  • Keeping the right people – thinking beyond just retention 

  • Mentoring a multigenerational workforce – creating operational excellence

  • Exploring employee potential – diversifying skill sets


10:45am - 11:30am  Executive Boardroom

Modernizing Advanced Threats Through Automation

Andrew Bryan headshot

Andrew Bryan

Head of Field Engineering, Hunters.ai

Hunters.ai

Robert Pace headshot

Robert Pace

VP, CISO

Invitation Homes LP

Sonya Wickel headshot

Sonya Wickel

CISO & Sr. Director, Compliance

Triumph Group

Between skills shortages and the escalating sophistication of threats, security teams are looking beyond SIEM to overcome data volume, complexity, and false positives. CISOs need new approaches to data ingestion and retention, and automation of threat detection/response for increased SOC efficiencies.

Join this session to discuss: 

  • How SOCs are leveraging automation to improve their threat detection and incident response practices
  • How to cover the entire attack surface at a predictable, manageable cost for better security outcomes
  • Ways to incorporate MITRE-ATT&CK and MITRE-D3FEND framework into threat detection and response

10:45am - 11:30am  Executive Boardroom

Securing Sprawl – Mitigating Risk

Matt Tesauro headshot

Matt Tesauro

Distinguished Engineer

Noname Security

Jeff Kirby headshot

Jeff Kirby

CISO

Interstate Batteries

Parrish Gunnels headshot

Parrish Gunnels

SVP, IT Risk Management Director/CISO

Sunflower Bank

As business and technology teams drive cloud adoption and implement modern application architectures, the security vulnerabilities of the sprawling IT stack multiply as visibility dwindles. Now is the time to explore new applications and API security strategies to proactively reduce risk, secure the environment, and capitalize on cloud-native capabilities to meet these challenges.

Join this boardroom to discuss:

  • Establishing effective vulnerability management and application security programs
  • Moving from a reactive to a proactive security posture
  • API governance and security challenges and opportunities

10:45am - 11:30am  Executive Boardroom

Zero Trust – Hype or Hope?

KC Condit headshot

KC Condit

CISO

G6 Hospitality

Matt Cass headshot

Matt Cass

Partner

IBM Security

Ashok Kakani headshot

Ashok Kakani

Director of Security

Voya Financial

An organization's ability to achieve successful digital transformation is in large part enabled by the security team. Distributed, loosely connected infrastructure and tools, coupled with the demand for almost any-to-any connectivity, complicates the mission. Regularly defined as being delivered by a single "silver bullet" point solution, the term zero trust is now often held in poor regard. It is however, a highly effective conceptual framework, and perhaps even a cultural shift, that many organizations have been working with for several years.

Join this interactive boardroom to discuss:

  • The broader definition of what a zero trust framework is
  • The foundational control required to build a zero trust program
  • Strategies for improving the user experience and proving value to get organization-wide acceptance

11:30am - 11:40am  Break

2:05pm - 2:35pm  Networking Break

2:10pm - 2:35pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:35pm - 3:20pm  Breakout Session

Disrupting the Lateral Movement Equation

Jonathan Nativ headshot

Jonathan Nativ

Director of Strategic Alliances

Silverfort

Evan Anderson headshot

Evan Anderson

Director, Offensive Security

Guest Speaker

Traditional authentication methods are considered broken and despite investments, the exploitation of credentials and basic MFA implementations remains a blind spot for today’s security stacks. It is no longer a case of if an identity-based attack will hit your company, but when.

Join this interactive session to:

  • Get a live view into both the attacker and the defender's perspective of identity threats
  • Understand how organizations are leveraging tools to identify blind spots in their security landscape
  • Understand how enforcing MFA on all access interfaces increases the efforts of skilled attackers


2:35pm - 3:20pm  Executive Boardroom

The Art of Communicating Risk to the Business

John Burger headshot

John Burger

CISO and Vice President of Infrastructure

ReliaQuest

Everett Bates headshot

Everett Bates

Head of Enterprise Architecture and IT Strategy

Love's Travel Stops

Michael Simmons headshot

Michael Simmons

VP & CISO

Dick's Sporting Goods

To quantify how they are reducing risk for the business and where to strategically invest, security leaders need effective, actionable metrics. These measures are essential to communicating effectively with the Board and other executive stakeholders.

Join this roundtable discussion to gain insight into how your peers are:

  • Making informed investment decisions
  • Communicating risk to the business at large
  • Using data to tell a story to non-technical audiences


2:35pm - 3:20pm  Executive Boardroom

Data Privacy Can Improve Your Data Intelligence

Marty Ray headshot

Marty Ray

CISO

Fossil

Joel Kutner headshot

Joel Kutner

Senior Director, Global Field Architecture

Protegrity

Patrick Benoit headshot

Patrick Benoit

VP, Global Cyber GRC / BISO

CBRE

You can’t benefit from data that is locked away due to privacy concerns. By finding and protecting the privacy of sensitive and regulated data you can more effectively analyze, benefit from, and monetize your enterprise data. Security professionals have the opportunity to champion advanced techniques to provide insights into marketing, sales, and operations by democratizing data without compromising privacy.

In this session, you will discuss:

  • Strategies for attaining a comprehensive data asset inventory
  • Challenges and approaches for distributing data where it is needed without compromising privacy
  • Methods of protecting privacy in repositories and analytical systems

2:35pm - 3:20pm  Executive Boardroom

A Fresh Look at API Security

Shreyans Mehta headshot

Shreyans Mehta

Co-Founder and Chief Technology Officer

Cequence Security

Mustapha Kebbeh headshot

Mustapha Kebbeh

Global CISO

The Brink's Co

David Bell headshot

David Bell

Managing Director, Information Security & Technology Risk Management & Chief Information Security Officer

American Airlines

APIs fuel digital transformation and are core to every SaaS, web and mobile application. As API use attacks are becoming more frequent and complex, how can CISOs ensure protection for sensitive data, applications, and customers?

Join this interactive discussion to learn: 

  • How to gain visibility to understand exposure and risk
  • Ways to answer the “so what” for API security, including OWASP API Top 10 impacts
  • How security and development teams can find balance

3:20pm - 3:35pm  Networking Break

3:35pm - 4:10pm  Keynote

The Importance of Diversity in Security

Boulton Fernando headshot

Boulton Fernando

CISO

Toyota Financial Services

For many years, creating a diverse, equitable, and inclusive workplace has been a goal for many companies. In the cybersecurity space, where attracting, hiring and retaining talent is one of the most significant challenges that security leaders face, this has become a top priority. Are you ready to transform words into powerful actions?  Join Boulton Fernando as he shares experiences and insights that are truly making a difference in his organization. 

 In this keynote session you will explore:

  • Clear steps to drive awareness, foster a sense of belonging, and create lasting change
  • How to develop opportunities that make a positive impact
  • Strategies for building the next generation of security professionals

4:10pm - 4:40pm  Closing Reception & Prize Drawing

May 16, 2022

We look forward to seeing you at an upcoming in-person gathering


Location


MORE INFORMATION

A block of rooms has been reserved at the Marriott Allen Hotel and Convention Center at a reduced conference rate. Reservations should be made online or by calling 469-675-0800. Please mention Dallas Executive Summit to ensure the appropriate room rate.

Deadline to book using the discounted room rate of $154 USD (plus tax) is April 29, 2022.

Your Community Partners


Global Thought Leader
CISO Thought Leaders
Key Partners
Program Partners

Community Program Manager


For inquiries related to this community, please reach out to your dedicated contact.

Lawrence Figueroa

Senior Program Manager

971-222-2374

lawrence.figueroa@evanta.com