IN-PERSON

Detroit CISO Executive Summit

November 13, 2018 | The Cobo Center

November 13, 2018
The Cobo Center

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Rich Armour

General Motors Company
CISO

Martin Bally

Diebold | Nixdorf
VP & CSO

Derek Benz

Ford Motor Company
CISO

Brent Cieszynski

Blue Cross Blue Shield of Michigan
VP & CISO

Earl Duby

Lear Corporation
CISO

Russ Gordon

BorgWarner
CISO

Mauricio Guerra

DowDuPont
Director of Global Information Security

Tabice Ward

DTE Energy
Director & CISO

Erik Wille

Penske Automotive
Head of Information Security

Agenda

November 13, 2018

mid-afternoon morning afternoon

11:40am - 1:10pm Lunch & Comments

Lunch Discussion Tables

Join your peers at designated tables during lunch to discuss a subject that interests you. Seating is first-come, first-serve.

11:40am - 1:10pm Keynote

Closing the Security Gap — Automation, AI & IoT

Dr. Larry Ponemon

Chairman and Founder

Ponemon Institute

Following a global survey of almost 4,000 IT professionals across the Americas, Europe and Asia, Dr. Larry Ponemon chairman and founder of the Ponemon Institute and pioneer in information security and privacy research, shines light on some of the most pressing issues for security executives:

Why are CISOs struggling to identify, detect, contain, and resolve data breaches and other security incidents?
What are security gaps making it easier for attackers to penetrate your perimeter defense systems?
Why are security gaps so hard to close?
What technologies and processes can help you keep a step ahead of bad actors?

1:10pm - 1:40pm Networking Break

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Lear and Mcity’s Battles Against Vehicle Cyberthreats

Andre Weimerskirch

VP Cyber Security, Mcity Cybersecurity Group Chair

Lear Corporation

All automotive stakeholders face challenges to develop secure vehicles and components. The latest threat research from the University of Michigan’s Mcity project can support your own cybersecurity threat assessment program.

Andre Weimerskirch covers the latest from connected and automated vehicle cybersecurity from his experience at Lear and Mcity:

A review of the current cyberthreat landscape as it applies to connected and automated vehicles
Guidance from the recently developed Mcity Threat Identification Model and Lear’s risk assessment model
Overview of the big cybersecurity challenges and solution approaches

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Product Incident Response

Martin Bally

VP & CSO

Diebold | Nixdorf

In an era when almost every electronic device gathers and stores potentially sensitive information, organizations face the daunting task of securing their devices with the same vigor they would use to secure their internal networks. Join Martin Bally to learn how Diebold | Nixdorf is extending its security footprint to manage and monitor a swath of connected products worldwide, including:

Visualization techniques to evaluate a global threat landscape
Ways to integrate product security into an incident response framework
Techniques to gain buy-in across the organization for an expanded program

9:00am - 9:50am Breakout Session

AI and Machine Learning — Potential Successes and Security Risks

James Cabe

Principal Systems Engineer

Fortinet, Inc.

Security vendors, infosecurity specialists and cybersecurity professionals claim to use artificial intelligence and machine learning to defend customers against the most advanced threats in cybersecurity. But if you ask how these technologies work, answers can be vague or misleading.

In this session, you will learn how:

The mechanics of artificial intelligence and machine learning work, exploring how different techniques can be used to detect malware, malicious domains, phishing emails and other threats
Technologies can potentially fail
Attackers can use technologies to infiltrate poorly designed or implemented systems.

9:00am - 9:50am Executive Boardroom

CISO as a Human Translator — Translating Security Risk into Business/Board Speak

Shawn Campbell

CISO

Ciena Healthcare Inc

Geeta Kapoor

Director of Cybersecurity (CISO)

Federal-Mogul Powertrain, Inc.

Stewart Tan

Consulting Principal Director

Cisco Systems, Inc.

The role of the CISO has fast evolved beyond its traditional operational functions of monitoring, repelling and responding to cyber threats to that of one who can enable the business. More specifically, enable the business to take secure risks. As a growing number of boards are making the topic of cybersecurity a central part of their discussions, the need for CISOs to provide them with visibility into and to clearly articulate how risk is being managed in well-defined business terms (board speak) has become fundamental. Join this roundtable discussion to share ideas and strategies on how to effectively communicate risk and other key related factors with your board.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:

Nathan Schulz at 971-717-6675 or Nathan.schulz@evanta.com

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Engage, Enlist and Optimize Your Security Stakeholders

Christy Wheaton

CISO

Meritor

Security leaders are constantly looking for the next step forward toward a better security posture. Yet what does it take to effectively analyze and act on the most important and complex asset of all — people? Christy Wheaton shares her methodology to develop a concrete action plan for key security stakeholders, covering:

Engaging your security “team”— beyond your direct reports
How to measure and plot stakeholder engagement
Strategies to optimize engagement and improve overall security posture

10:20am - 11:10am Breakout Session

A Deep Dive into the DNA of Modern IoT Attack Botnets

Ron Winward

Security Evangelist

Radware

The majority of modern IoT-based attack botnets have uniquely common DNA; they use part of the Mirai code in their framework. While device exploitation techniques remain innovative, the attack vectors themselves are typically reused, making it possible for CISOs to outsmart these botnets.

Join this session to take a meaningful look at IoT attack botnets. You’ll learn about:

The different attack vectors in IoT botnets
How attack vectors replicate
What changes have been implemented in new IoT attack botnets

10:20am - 11:10am Executive Boardroom

Achieving Next-Level Security Through Automation

Piero DePaoli

Senior Director, Security Business Unit

ServiceNow

Rajiv Das

Chief Security Officer & Deputy Director

State of Michigan

Kevin McLaughlin

Global Security Officer & Deputy CISO

Stryker Corporation

Security teams face a significant challenge in tackling the routine tasks necessary to monitor threats to their organization. What would it mean to free up these staff resources to focus on more strategic challenges? Join your peers to discuss the role of automation in cybersecurity, including:

How does your organization view automation in the context of talent shortages?
What are the types of tasks in your security program are you automating, considering automating, or never automating?
How do you measure current and future efficiency as you deploy automation?

To reserve your seat, please contact:

Nathan Schulz at 971-717-6675 or Nathan.schulz@evanta.com

11:10am - 11:40am Networking Break

1:40pm - 2:30pm Breakout Session

Securing Digital Transformation

Tabice Ward

Director & CISO

DTE Energy

As the pace of technological disruption intensifies for the enterprise organization, so too are customer expectations that today’s fast-moving digital businesses are secure. Tabice Ward shares lessons on how security can enable digital transformation, covering:

The synergy and tensions between business agility and security
A framework to ensure information security is guiding business strategy
Evolving security’s reputation from the organization of “no” to the organization of “how”

1:40pm - 2:30pm Breakout Session

GDPR — Reconciling Enforcement Risk and Compliance Cost

Eric Mahler

Asst. General Counsel, Labor & Employment

Meritor

Information security leaders have a new risk to add to their register – the likelihood that European Union regulators will enforce on the tenets of the sweeping General Data Protection Regulation that became effective in May. Building from a success story in ongoing compliance at Meritor, Eric Mahler explores the intersection of real-world regulatory risk and the cost of compliance with GDPR and other emerging regulation, covering:

The emerging priorities of European privacy regulation enforcement
Meritor’s long-term roadmap for managing regulatory risk and compliance
An overview of other privacy legislation impacting information security

1:40pm - 2:30pm Executive Boardroom

There’s an App For That—And a Risk. Secure the Possibilities of a Mobile-Cloud World

Robert Keefer

Corporate Security Officer

Tweddle Group

Homyar Naterwala

Head of Cyber Security

GE Capital

James Plouffe

Strategic Technologist, CISSP

MobileIron

There’s an app for everything these days—from approving expenses in the grocery store line to looking up key customer information in the field. Employees are more productive than ever in today’s mobile-cloud world, which means data—and the risks of compromising it—is plentiful.

In this session, learn:

What risks are created through mobile-cloud technologies
Ways organizations are using mobile-cloud apps through the business
How to craft a security strategy that protects data no matter where it is

To reserve your seat, please contact:

Nathan Schulz at 971-717-6675 or Nathan.schulz@evanta.com

2:30pm - 2:50pm Networking Break

2:50pm - 3:40pm Breakout Session

Do You Speak Security?

Karla Thomas

Director IT, Global Security & Audit

Tower International

Effective communication can have a measurable impact on the success of a security executive’s program, yet not all parts of the organization react to the same voice. Drawing from a training background, Karla Thomas shares her strategies for building a cohesive security narrative that stretches from front-line employees to the board, including:

How to effectively link security priorities to business outcomes
Ways to define and execute distinct communication strategies for different audiences
Strategies to leverage other leaders as security evangelists

2:50pm - 3:40pm Executive Boardroom

Refining the Security of OT Environments

Earl Duby

CISO

Lear Corporation

Daren Fairfield

CISO

Whirlpool Corporation

While the stakes are massive, improving digital security for industrial environments remains a vexing problem for many organizations. Roll up your sleeves with your fellow security leaders and discuss the latest ideas to tackle several key areas in operational technology security such as:

Convergence of IT and OT environments
Best practices in OT incident response
Perspectives on the latest threat landscape for OT

To reserve your seat, please contact:

Nathan Schulz at 971-717-6675 or Nathan.schulz@evanta.com

2:50pm - 3:40pm Executive Boardroom

Identifying the Way Forward in IAM

John Carr

Director, Information Security

Quicken Loans

Erik Wille

Head of Information Security

Penske Automotive

How are your peers balancing business agility and business security in their identity and access management strategy? Join this roundtable discussion to benchmark your framework and vet future plans, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

Methodologies that satisfy users while maintaining adequate access controls
Communication techniques to streamline acceptance of IAM across the business
Roadmaps for deciding what technology is the best fit

To reserve your seat, please contact:

Nathan Schulz at 971-717-6675 or Nathan.schulz@evanta.com

3:40pm - 4:00pm Networking Break

4:10pm - 4:40pm Keynote

Eye for ROI — A CISO Gameshow

Russ Gordon

CISO

BorgWarner

Craig James-Heer

CISO

Gordon Food Service

Daniel Ayala

Director, Global Information Security

ProQuest

Maurice Stebila

CISO

HARMAN by Samsung

Don’t touch that dial! In this interactive session, CISOs from organizations across the spectrum will go head-to-head in a challenge to find the most creative solutions for stretching their resources as far as possible. Join this gameshow-inspired session and vote on who has the best eye for ROI in key areas such as: