IN-PERSON

Houston CISO Executive Summit

June 26, 2019 | The Post Oak Hotel at Uptown Houston

June 26, 2019
The Post Oak Hotel at Uptown Houston

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Mike Coogan

Waste Management
Senior Director, Cybersecurity

Angelique Grado

MRC Global
CISO

Paul Huttenhoff

CenterPoint Energy, Inc.
CISO

Steve Neiers

Chevron Corporation
GM, Info. Risk Strategy & Mgmt.

Derek Rude

Weatherford International
Director, IT Security

Genady Vishnevetsky

Stewart Information Services Corporation
CISO

Agenda

June 26, 2019

mid-afternoon morning afternoon

11:40am - 12:50pm Keynote

The CISO Journey – Finding Inspiration in Unexpected Places

Yuval Cohen

VP CISO

ServiceNow

Brenda Santos

Office of the CISO

ServiceNow

The CISO journey is a lot like the cyber threats they protect against – unique and often unpredictable. No one understand this better than Yuval Cohen. From founding and selling multiple organizations, to leading ServiceNow’s digital transformation journey before digital transformation became a buzzword, to being a remote CISO; Cohen’s experience has been anything but standard. In this engaging interview, Cohen talks shares his journey, specifically:

How he has found security strategy in unexpected places
Lessons learned along the way
Strategies on how to navigate today’s complex security environment

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

When Audits Disrupt the Norm – A Case Study

Mary Dickerson

AVP/AVC IT Security, CISO

University of Houston System

Jennifer Huenemeier

Director, Enterprise IT Security, Information Security Officer

University of Houston - Downtown

Eric Mims

Director, Enterprise IT Security, Information Security Officer

University of Houston - Victoria

Anthony Scaturro

Director, Enterprise IT Security, Information Security Officer

University of Houston - Clear Lake

Findings of an external audit 18 months ago caused the University of Houston System Executive Leadership to task their AVP/AVC IT Security & CISO, Mary Dickerson, with consolidating the information security programs of four separate campuses into a single operating model. In this session, Dickerson and her team explore how they:

Integrated disparate organizations into one information security program
Worked together to find success
Discovered the elements that were core to their information security strategy

1:20pm - 2:10pm Breakout Session

Pen Test Your Board Pitch – An Interactive Exercise

Marc Crudgington

CISO & SVP, Information Security

Woodforest National Bank

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

Create and deliver a board pitch
Receive real-time feedback on your pitch
Learn best practices and strategies for communicating with your board

1:20pm - 2:10pm Executive Boardroom

Harnessing the Power of Behavioral Analytics

Dr. Tim Proffitt

Managing Director, Information Security

Insperity, Inc.

Derek Rude

Director, IT Security

Weatherford International

Tanuj Gulati

CTO

Securonix

Behavioral analytics may help IT predict and understand consumer trends, but they can help CISOs understand potential threats—and catch them before they wreak major havoc. So how do you harness analytics to capture the best data?

Join this session to discuss:

Using behavior analytics as a framework for detection and response to advanced threats
Identifying potential insider threats
Taking a risk based approach to prioritize threats that need immediate action

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Linda Luty at Linda.Luty@evanta.com or 971-978-5021.

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

What’s Trust Got to Do With It?

David Horsager

CEO and Best-Selling Author

Trust Edge

Trust is both a fundamental business issue and the biggest asset of a company. Without trust, companies lose reputations, relationships, and revenue. With trust, organizations enjoy greater creativity, productivity, and results. Through extensive research and experience, David Horsager learned what it takes to gain — and keep — the “Trust Edge.”

Join this session as Horsager outlines:

The keys to building morale, sales, and customer loyalty
His Eight-Pillar Framework for building trust in an organization
Creating successful leaders and organizations centered on the tenants of trust

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Deploying Emerging Technology

Gretchen Myers

Security Technologies Team Lead

Chevron

Emerging technologies that enable business innovation and growth require fast, frequent change from the enterprise. How can you balance the implementation of these technologies with legacy ecosystems? Gretchen Myers from Chevron shares an innovative framework they’ve developed that reduces uncertainty during deployment.

In this session, you’ll learn how Chevron:

Uses a unique technology qualification process
Measures success when deploying emerging technology
Adapts to emerging threats

9:00am - 9:50am Breakout Session

Security – A Team Sport

Stephanie Franklin-Thomas

CISO

Motiva Enterprises

Annessa McKenzie

VP of IT & CSO

Calpine

René Smeraglia

JSC - Chief Information Security Officer

NASA Johnson Space Center

Information security is commonly viewed as a problem that security professionals alone need to solve. But CISOs can change that misconception. Hear a panel of peers share ways to connect security back to the organization’s mission, make security personal and break down barriers to collaboration.

Explore how to:

Foster a cohesive culture of security
Create a communication strategy that ties security to organizational success
Shape internal security champions across departments

9:00am - 9:50am Executive Boardroom

Dissecting Recent Breaches and Ensuring Cyber Resiliency

Mario Chiock

Fellow

Schlumberger

Christopher Kar

Information Security Advisor

Fort Bend Independent School District

Alex Horan

Director of Product Management

Onapsis

In April 2019, the Department of Homeland Security issued an alert citing "New Exploits for Unsecure SAP Systems" after new exploits, termed "10KBlaze" were publicly released. While protecting endpoint access, phishing, and network monitoring is important, nothing else matters if your core business applications are not a primary strategic component.

In this session, we will explore:

Why and how ERP applications are actively under attack
How cloud, mobile and digital transformations are expanding the attack surface
Steps you can take to ensure cyber resiliency and mitigate risk

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

The Evolution of Cybersecurity Risk Ratings

Jasson Casey

CTO

SecurityScorecard

Cyber risk ratings have steadily evolved over the last six years, shifting from scoring approaches using off the shelf vulnerability scanners to frameworks built with machine learning. Jasson Casey shares the evolution of developing scores – including initial ideas, setbacks and breakthroughs.

in this session, learn:

The composition of a cyber security risk rating
How an enterprise IT team’s behavior manifests itself to the outside world
How behavior translates to cyber security risk for the business

10:20am - 11:10am Breakout Session

Securing Across the Lines of IT and OT

Dan Rozinski

Manufacturing & Engineering Technology Fellow

Dow Inc.

The blurred boundaries between IT and OT demand a more integrated, collaborative cybersecurity strategy. Join Dan Rozinski as he shares his journey managing security across these borders at Dow.

In this session, he will explore:

The convergence of IT and OT
Ways to develop a programmatic approach to cybersecurity
Communication and organizational strategies to drive a cyber safe culture

10:20am - 11:10am Executive Boardroom

Cyber-Risk Management – New Approaches for Reducing Your Cyber-Exposure

Mick Kohler

Interim CISO

Sysco

Genady Vishnevetsky

CISO

Stewart Information Services Corporation

Kevin Flynn

Senior Product Manager

Tenable

When it comes to reducing cyber exposure, overcoming vulnerability overload is critical. Find out how to improve your vulnerability management efforts so you can close your cyber exposure gap and focus on what matters most to your business.

During this peer discussion, you will explore how to:

Translate raw vulnerability and threat intelligence data into business insights
Benchmark your organization’s cyber exposure to guide decision making
Use threat intelligence to move the most dangerous vulnerabilities up your priority list

11:10am - 11:40am Networking Break

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Creating the Next-Generation SOC

John Driggers

VP, Cybersecurity

Schlumberger

As cyberattacks continue to worsen security operation centers need to stay ahead of these evolving threats. No one understands that better than John Driggers, who is charged with building Schlumberger’s next-generation SOC.

In this session he will share:

A roadmap for maturing your SOC
Next-generation SOC and uncovering future benefits
How to overcome challenges

2:30pm - 3:20pm Executive Boardroom

IAM – Solving the Identity Crisis

Neel Adhikari

Global Security Program Management

Solvay North America, LLC

Kirk Hein

IT Security Ops, Supervisor

Aramco Services Company

Effective identity access management can be a convoluted process in today’s digital age. Cloud and mobile workforces necessitate new ways of thinking about how users access your company’s most important data. In this interactive roundtable you will discuss:

Establishing a roadmap and resources for success
Communication techniques to streamline acceptance of IAM across the business
Determining the correct admin access

2:30pm - 3:20pm Executive Boardroom

Keeping Ahead of Information Governance

Muni Chatarpal

Director of Security

Patterson UTI

Brad Hollingsworth

Director of Cyber Security

Mattress Firm

Information governance can seem like trying to boil the ocean. Developing the right strategy and approach is key in finding the best channels by which to assess risk. In this boardroom, uncover answers to your pressing questions, including:

How do you develop and enforce governance policies?
With whom should you partner to build and implement a formal governance program?
How to gain visibility into high risk areas?

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

How to Stop Losing Sleep Over Digital Transformation

Jennifer Hartsock

CIO

BHGE

In the mechanical world of the oilfield services industry, digital transformation has ironically become a major differentiator in staying on the cutting edge. BHGE has been drilling into the full potential of its data through digital capabilities such as machine learning, AI and predictive analytics. In this keynote Jennifer Hartsock shares BHGE’s digital journey, specifically how they are: