Dallas CISO Executive Summit

Today’s CISOs face daunting challenges. It is a balance between fighting off increasingly sophisticated attacks, managing scarce resources, and working with stakeholders that often don't understand the inevitability of a breach. Since there continues to be a knowledge gap about the criticality of the CISO’s role, it is no surprise that they’re experiencing stress and burnout at unprecedented rates. How can CISOs make their careers sustainable and maintain a sense of well-being?

Join this keynote to explore:

• How to recognize the signs and symptoms of toxic stress and burnout
• How to remain engaged, energized, and focused during turbulent times
• Methods to reduce stress at work and how to not let the stress overlap into personal lives

The application enterprises use the most is the browser. In fact, it has become our primary work environment, but the browser we most often use was built for consumers. So, we have surrounded it with an endless, complex and expensive stack that overwhelms your security teams and interrupts end users. But what if the browser was designed for the enterprise? What could that do for security, productivity and work itself?

Join this session to discover how an enterprise browser can:

• Protect critical SaaS and internal web applications
• Streamline and secure third-party contractor access and BYOD strategies
• Give you last-mile control to protect users’ activity with critical applications and underlying data

There are two types of organizations — those that have been breached and those that will be. Data breaches may be inevitable and do not correlate with the maturity of cyber security programs. Financial services and defense organizations that spent hundreds of millions of dollars on building the most mature security programs still get breached. So what happens after a breach? Is there still life after a data breach?

Join Shamoun Siddiqui, VP, CISO, Neiman Marcus as he discusses: 

• Leading and navigating your company through a data breach and what to do to prepare for it
• Communicating risk to the Board and building their confidence in your security program
• Challenges and best practices in managing major security events

While cloud providers will protect the security of the cloud itself, CISOs are often responsible for securing their infrastructure within the cloud. Attackers are aware of the visibility gaps in multi-cloud and hybrid environments. After they slip past perimeter defenses, they will work their way toward carrying out a costly breach or extortion, undetected until it’s too late.

Join this session to discuss:

• Key ways to reduce cyber risk and dwell time while building resilience
• The advanced attack techniques that bad actors rely on and how to spot them
• Strategies to increase the speed of detection and mitigation within cloud environments

Despite their efforts, from phishing simulations to security awareness campaigns, CISOs from organizations big and small keep falling short when it comes to stopping Business Email Compromise (BEC) attacks. But, if everyone has an email security program, why are the losses associated with BEC still climbing?

Join this session to discuss:

• What is working, or not working, with existing processes and technology?
• How do we solve the “human factor” in the equation?
• Best practices for preventing loss related to a BEC attack?

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Cloud identities and entitlements are no longer something you can ignore. With the explosion in the numbers of human and service identities across cloud environments such as AWS, Azure, and Google Cloud, uncontrolled access permissions are one of your largest attack surfaces and determine your blast radius in case of a breach. Excessive entitlements - defined intentionally or unwittingly - can lead to accidental or malicious use, exposure of sensitive data, and more.

Join this panel session to discuss: 

• Why identities are the new security beast to tame in cloud infrastructure environments
• Why monitoring and restricting permissions must be core to every security program
• Fresh views on using automation to remediate risk

The truth is, there's not one. The phenomenon that is the Great Resignation, and the worries that surround it - talent and skills shortages, hiring and retention dilemmas, etc. - all have left CISOs scratching their heads looking for a solution. In this interactive session, you'll join CISOs that might be thinking similarly (or differently) about the daily scenarios you face when navigating through the Great Resignation.

Join this interactive session in small groups to debate and collaborate on team building scenarios including: 

• Keeping the right people – thinking beyond just retention 

• Mentoring a multigenerational workforce – creating operational excellence

• Exploring employee potential – diversifying skill sets

Between skills shortages and the escalating sophistication of threats, security teams are looking beyond SIEM to overcome data volume, complexity, and false positives. CISOs need new approaches to data ingestion and retention, and automation of threat detection/response for increased SOC efficiencies.

Join this session to discuss: 

• How SOCs are leveraging automation to improve their threat detection and incident response practices
• How to cover the entire attack surface at a predictable, manageable cost for better security outcomes
• Ways to incorporate MITRE-ATT&CK and MITRE-D3FEND framework into threat detection and response

As business and technology teams drive cloud adoption and implement modern application architectures, the security vulnerabilities of the sprawling IT stack multiply as visibility dwindles. Now is the time to explore new applications and API security strategies to proactively reduce risk, secure the environment, and capitalize on cloud-native capabilities to meet these challenges.

Join this boardroom to discuss:

• Establishing effective vulnerability management and application security programs
• Moving from a reactive to a proactive security posture
• API governance and security challenges and opportunities

An organization's ability to achieve successful digital transformation is in large part enabled by the security team. Distributed, loosely connected infrastructure and tools, coupled with the demand for almost any-to-any connectivity, complicates the mission. Regularly defined as being delivered by a single "silver bullet" point solution, the term zero trust is now often held in poor regard. It is however, a highly effective conceptual framework, and perhaps even a cultural shift, that many organizations have been working with for several years.

Join this interactive boardroom to discuss:

• The broader definition of what a zero trust framework is
• The foundational control required to build a zero trust program
• Strategies for improving the user experience and proving value to get organization-wide acceptance