IN-PERSON

New York CISO Executive Summit

June 25, 2019 | Pier Sixty at Chelsea Piers

June 25, 2019
Pier Sixty at Chelsea Piers

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Jeff Brown

AIG
CISO, Life & Retirement

Zouhair Guelzim

L'Oreal
VP & CISO

Raymond Lipps

Celgene Corporation
Executive Director & CISO, Global Information Security

Tod Mitchinson

New York Life Insurance
VP & CISO

Michael Palmer

National Football League
Chief Information Security Officer

Deborah Snyder

State of New York
CISO

Mark Viola

Henry Schein, Inc.
VP, Global CISO

Kylie Watson

Sumitomo Mitsui Banking Corporation
CISO

Teresa Zielinski

GE Power
SVP CISO and Product Security

Agenda

June 25, 2019

mid-afternoon morning afternoon

11:30am - 12:00pm Networking Break

12:00pm - 1:10pm Keynote

Securing Your Personal Brand

Matt Comyns

Thought Leader

Teresa Zielinski

SVP CISO and Product Security

GE Power

CISOs already have their plates full safeguarding their organizations from the latest threats, but it’s not simply enough to be a talented security leader. In a role that is evolving as quickly as the threat landscape, CISOs must be their own advocates within the c-suite.

In this session, you’ll explore how to:

Elevate your security career through personal branding
Negotiate for the salary you deserve
Create a defined career path

1:10pm - 1:40pm Networking Break

7:40am - 8:15am Registration & Breakfast

8:15am - 9:00am Keynote

Develop an Eye for ROI

Jeff Brown

CISO, Life & Retirement

AIG

James O'Shea

Head of Cybersecurity Strategy

Prudential plc

In this interactive session, CISOs from organizations across the size spectrum will split into small groups to share their most creative solutions for stretching their resources as far as possible. Join this session to collaborate on your peers and share your high-impact initiatives for:

Retaining, attracting and developing security talent
Effective incident response
Impactful security awareness training
Unique, creative security strategies

9:00am - 9:30am Networking Break

9:30am - 10:20am Breakout Session

Pairing Proactive and Reactive Security Strategies

Mark Ramsey

CISO

ASSA ABLOY

Reactive and proactive security methods do not have to be mutually exclusive — CISOs must know how to both prevent and respond to threats. A comprehensive defense includes a pairing of both reactive security strategies and proactive measures.

In this session, you’ll explore:

Why it’s important to prioritize a proactive and reactive defense
Effective tools for uncovering, identifying and responding to potential threats
The right mix of proactive measures and reactive resources

9:30am - 10:20am Breakout Session

Farewell to the Old Guard — Introducing the Modern Security Architecture

Jason Clark

Chief Strategy Officer

Netskope

Every security team needs to digitally transform to empower the business’ digital transformation journey. Most strategies are pulled from a 20-year-old playbook, which needs to be re-written based on approaches that protect and empower the business.

In this session, you’ll learn:

How CISOs are redefining their cloud, network and data security programs
The steps and architectures that are the key to transformation
Proven approaches to enterprise security, including a new blueprint that can be used for years to come

9:30am - 10:20am Executive Boardroom

The Continual Shifting of Threats

Tod Mitchinson

VP & CISO

New York Life Insurance

Lauren Dana Rosenblatt

ED, Deputy CISO

Estée Lauder Companies

Chad Gasaway

Director, Solutions Architecture

Illusive Networks

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

The current threat landscape
How to best discover and thwart nation-state attacks
What security executives can do to build resiliency

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Logan Gore, at 971-717-6602 or logan.gore@evanta.com

9:30am - 10:20am Executive Boardroom

Translate Complex Cybersecurity Issues into Simple Business Context

Chirag Arora

CISO

Crum & Forster

Tomas Maldonado

VP & CISO

International Flavors & Fragrances

Evan Tegethoff

Director, Engineering and Consulting

BitSight Technologies

It is much easier now to determine what’s important, dangerous and real in your third party ecosystem. Yet, as hacks continue to threaten data and business continuity, the old school of thought around securing the enterprise is no longer relevant.

This boardroom will explore:

Layering traditional tools and new strategies to define goals and deploy resources
Communicate to the board through a holistic risk lens
Developing clear business cases connecting business profitability to risk reduction

9:30am - 10:20am Executive Boardroom

Harnessing the Power of Behavioral Analytics

Jeff Brown

CISO, Life & Retirement

AIG

Brendan Conway

Vice President, Chief Information Security Officer

Tiffany & Co.

Sudhir Udipi

Senior Director, Systems Architecture, CISSP, GCNA, GCFA

Securonix

Behavioral analytics may help IT predict and understand consumer trends, but they can help CISOs understand potential threats—and catch them before they wreak major havoc. So how do you harness analytics to capture the best data?

Join this session to discuss:

Using behavior analytics as a framework for detection and response to advanced threats
Identifying potential insider threats
Taking a risk based approach to prioritize threats that need immediate action

10:20am - 10:40am Networking Break

10:40am - 11:30am Breakout Session

Bolster Your Incident Response Plan

Kevin Kiley

Vice President

OneTrust

Sometimes the bad guys win, and incidents happen. But that doesn’t have to mean the demise of an entire organization – or a CISO’s job. The strongest security programs include sound response plans that keep damage at a minimum.

In this session, you'll explore:

At what point an incident becomes a full-blown breach
The communication structure and plan during a breach

10:40am - 11:30am Breakout Session

Leading Your Board to the Next Cybersecurity Frontier — Organizational Analytics

Aleksandr Yampolskiy

CEO

SecurityScorecard

Today, boards have a fiduciary duty to know about the cybersecurity risks of their organizations. A cybersecurity breach can have harsh consequences not just for the company, but for the CISO. In this session, CISOs learn how to take charge of their organization’s cybersecurity health and shine as a CISO with leading-edge analytics.

In this session, you’ll explore how to:

Create a trusted dialogue with your board by providing transparency into cybersecurity posture of your entire risk ecosystem
Educate, influence and get buy-in for cybersecurity investments with predictive insights
Use organizational analytics to develop crystal-clear reporting to enable the business
Turn your organization’s cybersecurity posture into a differentiator

10:40am - 11:30am Executive Boardroom

To Ensure Cyber Resiliency, Protect Your Business Applications

Michael Palmer

Chief Information Security Officer

National Football League

Kylie Watson

CISO

Sumitomo Mitsui Banking Corporation

Edward Amoroso

CEO

TAG Cyber LLC

In April 2019, the Department of Homeland Security issued an alert citing "New Exploits for Unsecure SAP Systems" after new exploits, termed "10KBLAZE" were publicly released. While protecting endpoint access, phishing and network monitoring is important, nothing else matters if your core business applications are not a primary strategic component. In this session, we will explore:

Why and how ERP applications are actively under attack
How cloud, mobile and digital transformations are expanding the attack surface
Steps you can take to ensure cyber resiliency and mitigate risk

10:40am - 11:30am Executive Boardroom

Managing the Convergence of GDPR

Dr. David Loewy

Chief Information Security Officer

SUNY Downstate Medical Center

Rishi Tripathi

CISO

National Basketball Association

Miller Newton

President and CEO

PKWARE, Inc.

GDPR caused organizations to scramble to meet data protection regulations and reassess their risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

Best practices for managing risk associated with data protection frameworks
Standards and metrics for measuring data protection risk
Tools to meet compliance reporting requirements

10:40am - 11:30am Executive Boardroom

Orchestrating Defense With the Power of ‘Cognitive Security’

Mark Ramsey

CISO

ASSA ABLOY

Deborah Snyder

CISO

State of New York

Michael Melore

Cybersecurity Advisor, IBM Global Markets - Cognitive Solutions Unit Industry Platforms

IBM

With limited resources, skills and budgets, security and risk management leaders are looking for automated tools to replace a myriad of manual processes and to stay ahead of the threat landscape curve. Join this peer discussion covering the latest in automation and orchestration, including:

The latest opportunities for automation and orchestration in security
Benefits from orchestration in both security posture and staff engagement
How to evaluate what processes should stay manual – or not – at your organization

1:40pm - 2:30pm Breakout Session

Pen Test Your Board Pitch — An Interactive Exercise

Adam Fletcher

CISO

Blackstone

Peter Logothetis

Recently Retired SVP & Group CIO

Allstate Insurance Company

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

Create and deliver a board pitch.
Receive real-time feedback on your pitch.
Learn best practices and strategies for communicating with your board.

1:40pm - 2:30pm Breakout Session

Trust Rebuilt – Fortifying Resiliency in the Age of the Breach

Kurt Van Etten

Senior VP, Security Strategy

RedSeal

At a time when securityprofessionals fuel business enablement and enhance bottom-line value, CISOshave never had a more vital business role. But in order to get the board buy-inthey need for their programs, they need to be trusted. In the age of thebreach, this is easier said than done.

In this session, you’lllearn how to:

Give senior leaders visibility into your network andprocess
Build the board’s confidence in your security program
Present appropriate executive level staff and board metrics

1:40pm - 2:30pm Executive Boardroom

Protecting Your VIPs and Your VAPs (Very Attacked People)

Medha Bhalodkar

CISO

Columbia University

Michael Cena

Sr. Director, Cyber Security

A&E Television Networks

Lucia Milica

Resident CISO

Proofpoint

For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Ryan Kalember of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

Join to learn:

Why nearly all threat actors have shifted away from technical exploits to compromise their targets
How organizations can leverage threat data to understand which people and departments are highly targeted
How to design effective protection for highly attacked, highly vulnerable, and highly privileged users

1:40pm - 2:30pm Executive Boardroom

Balancing Risk Exposure, User Productivity and Data Protection

Ibrahima Mbaye

VP and Global CISO

CGS

Maria Barton

Head of Technology

Chimera Investment Corporation

Bharath Vasudevan

Senior Director, User and Data Protection Solutions

Forcepoint

What will it take to move the data protection needle with organizations who are fatigued with data loss protection? How do CISOs address the challenge of protecting data while still enabling the business and digital transformation?

In this session, you’ll discuss:

Best practices for data classification and tagging
Tips for getting ahead of regulatory requirements
Ways to protect data without inhibiting the business

1:40pm - 2:30pm Executive Boardroom

Modern Approaches to Protecting Your Third-Party Ecosystem

Zouhair Guelzim

VP & CISO

L'Oreal

James O'Shea

Head of Cybersecurity Strategy

Prudential plc

Scott Schneider

Chief Revenue Officer

CyberGRX

It's no secret that hackers are opportunistic. They are constantly looking for the weakest link and are quick to capitalize on one as soon as it's spotted. This boardroom will discuss:

Third-party cyber risk approaches
How to combat evolving and constant threats
Defending your continuously expanding attack surface

2:30pm - 2:50pm Networking Break

2:50pm - 3:40pm Breakout Session

Planning for the Future – The Next-Gen CISO

Kirsten Davies

SVP & CISO

Estée Lauder Companies

It’s no secret that we need more cybersecurity professionals to keep our organizations safe and secure. What’s even more challenging? Finding the next generation of cybersecurity leadership. Join Kirsten Davies as she shares her strategies for developing effective and successful teams for the future. In this session you will:

Discover how you can tap into energy and ideas that millennials bring to the table
Learn how to uncover hidden talent in your company
Find out how to create a powerful pipeline that can deal with the expanding threat landscape

2:50pm - 3:40pm Breakout Session

To Reduce Your Attack Surface, Bridge Your IT-Ops Security Divide

Matt Kraning

Co-Founder and CTO

Expanse

A complete understanding of the assets that comprise your IT environment is the foundation for effective cybersecurity. After all, the assets that pose the highest risk are the ones that you don’t know about. But how do you stay on top of your assets when digital transformation is driving decentralization?

In this session, you’ll learn:

Why security and IT should work together to prioritize digital assets
How new technologies can help you identify and automatically track your Internet-facing inventory
Ways to significantly reduce your attack surface

2:50pm - 3:40pm Executive Boardroom

Evolving Your Security Program

Stephen Savard

Director of Information Technologies

ICC Industries

Parthiv Shah

Chief Information Security Officer, SVP

Signature Bank

Ray Zadjmool

CEO & Founder

Tevora

A comprehensive information security program can significantly limit an organization’s exposure to risk. To address security concerns and needs, CISOs must continually assess their program and make improvements.

In this session, you’ll discuss:

How to adjust your security program to align with the risk tolerance of your business
Strategy adjustments that have worked and those that have not
Ways to measure the cybersecurity health of your organization as it relates to the business bottom line

2:50pm - 3:40pm Executive Boardroom

Digital – Where Security, Privacy and Revenue Converge

John Prokap

CISO

HarperCollins

Robert Steron

CISO

Kodak Alaris

Chris Olson

CEO and Co-Founder

The Media Trust

As data breaches become increasingly prevalent, security and its effect on brand equity have become board-level discussions. More and more, organizations continue to move revenue-generating and customer communication activities to the digital space, yet they are often left in the dark about the true status of their digital assets when it comes to third-party exploits, personal data collection and poorly-performing code — issues that directly impact revenue.

In this session, you’ll explore how to:

Manage the hidden risks in websites and mobile apps
Avoid brand-damaging incidents like Magecart and CartThief
Identify gaps in current appsec/devops tool sets
Develop and communicate policies for your digital supply chain
Operationalize compliance across digital assets

2:50pm - 3:40pm Executive Boardroom

Using Threat Intelligence to Fight the Good Fight

Jeff Brown

CISO, Life & Retirement

AIG

Ibrahima Mbaye

VP and Global CISO

CGS

Ross Dyer

Northeast Technology Director

Trend Micro Incorporated

Nation states, well-oiled criminal hacking groups and AI-enabled attackers – malicious cyber actors are better equipped than ever before, and CISOs face the growing challenge of keeping their organizations secure. Join your peers to discuss ways to use threat intelligence to identify and understand attacks before they happen.

In this session, you’ll discuss:

New trends in threat intelligence and new technologies
How to use threat intelligence in a meaningful way
Ways to reduce stale information

3:40pm - 4:00pm Networking Break

4:00pm - 5:00pm Keynote

Talk the Talk – Communicate to Get Results

Sara Andrews

SVP, Global CISO

PepsiCo

Effective communication isn’t just important when approaching the board – it’s important when approaching senior leaders and even employees. PepsiCo knows that communication is the tool that can drive a strong culture, attract world-class security talent and put ideas into motion.

In this keynote, you’ll learn how to:

Communicate your message at different levels of leadership
Foster a security-accountable culture
Create a narrative that drives your communication strategy

5:00pm - 5:40pm Closing Reception & Prize Drawing

June 25, 2019

mid-afternoon morning afternoon

Location

Venue

Pier Sixty at Chelsea Piers

MORE INFORMATION

Accommodation

The Maritime Hotel

A block of rooms has been reserved at the The Maritime Hotel at a reduced conference rate. Reservations should be made online or by calling 212-242-4300. Please mention Evanta, a Gartner Company to ensure the appropriate room rate.

Deadline to book using the discounted room rate of $305 (plus tax) is June 1, 2019.

RESERVE ROOM