IN-PERSON

New York CISO Executive Summit

November 9, 2022 | The New Yorker

November 9, 2022
The New Yorker

Collaborate with your peers

Get together with New York's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Elevating the security practice and CISO role into strategic partners who manage cyber risk

Evolving traditional approaches and technologies in response to the expanding attack surface

Maturing IAM roadmaps and infrastructure to become more resilient against evolving demands

New York CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Michael Cena

A+E Networks
Vice President, Head of Cyber Security

Zouhair Guelzim

L'Oreal
VP & CISO

Brian Lozada

Amazon Prime Video & Studios
Chief Information Security Officer

Tomas Maldonado

National Football League
Chief Information Security Officer

Tod Mitchinson

New York Life
VP, Chief Information Security Officer

Michael Palmer

Hearst
Chief Information Security Officer

Teresa Zielinski

GE
Chief Information & Product Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your New York CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


November 8, 2022

November 9, 2022

6:00pm - 8:30pm  Governing Body Welcome Reception

Governing Body Welcome Reception

Governing Body members host this welcome reception for attendees to launch the event with an evening of peer networking.

11:20am - 12:05pm  Breakout Session

Identity, Context, and the Strategic Approach to Zero Trust

Brad Moldenhauer headshot

Brad Moldenhauer

CISO Americas

Zscaler

Identity is not the new perimeter, but rather identity is a nexus for context and context is the new perimeter. Zero trust principles woven throughout your IAM strategy in today’s work-from-anywhere environments can be the key to protecting the business across people, devices and applications. As context becomes more complex and the perimeter is ever-evolving, how do you build a defense structure capable of protecting users and the business?

In this session, you will explore:

  • The role of zero trust in identity and access management
  • How to implement IAM tools without negatively impacting the user experience or core business operations
  • How to engage other stakeholders and functions on their access needs to move beyond surface-level coordination

11:20am - 12:05pm  Executive Boardroom

Threat Management – Risk Reduction, Visibility, Detection and Response Across Dispersed Environments

Jeff Crume headshot

Jeff Crume

Distinguished Engineer, CTO Security, North America

IBM

Steve Grossman headshot

Steve Grossman

Chief Information Security Officer

National Basketball Association

Carlos Lyons headshot

Carlos Lyons

VP, Global Chief Information Security and Compliance Officer

CGS

Many organizations are challenged with implementing their security programs across widely distributed infrastructure, using an array of tools while often sharing responsibility and control with their service providers. So how can they best maintain visibility into those environments, detect malicious activity and orchestrate effective, business wide, responses? Or perhaps even eliminate much of the noise in that process by identifying and reducing their exposure and risk proactively?

Join this interactive boardroom to discuss:

  • Key industry advances in open interconnectivity of tools and data sources
  • How overall exposure and risk can be better managed
  • Improving the efficiency and effectiveness of threat management programs to allow security teams to focus on the what’s most important.

11:20am - 12:05pm  Executive Boardroom

Data Doesn’t Lose Itself

Michael Andreano headshot

Michael Andreano

Head of Cybersecurity

Hikma Pharmaceuticals

Ernie Rozado headshot

Ernie Rozado

Director, Head of Cybersecurity and Compliance

G-III

Lauren Dana Rosenblatt headshot

Lauren Dana Rosenblatt

VP, Chief Information Security Officer

International Flavors & Fragrances

John Checco headshot

John Checco

Resident CISO

Proofpoint

Your people are your most valuable asset, your greatest weakness, and your best defense. CISOs seeking to prevent data loss from malicious, negligent or compromised users can correlate content, behavior and threats for better insight and streamlined investigations.

Join this session to discuss:

  • Augmenting your data protection program with the right people and processes
  • Transforming your employees into effective data defenders
  • Managing insider threats and preventing data loss at the endpoint

11:20am - 12:05pm  Breakout Session

The Art of Communicating Cyber Risk to the Board

Damiano Tulipani headshot

Damiano Tulipani

Chief Information Security Officer

Provident Bank

Teresa Zielinski headshot

Teresa Zielinski

Chief Information & Product Security Officer

GE

Philip Beyer headshot

Philip Beyer

Head of Security

Etsy

JT Jacoby headshot

JT Jacoby

Chief Information Security Officer

International Rescue Committee

As the cyber security landscape has evolved, the role of the Board, and Board cyber updates, has becoming increasingly critical.  Some CISOs may feel a sense of disconnect with their board of directors and must learn to effectively communicate cybersecurity to them in a way that is not overly technical.

Join this session and hear from 3 CISOs at different stages of their career discuss:

  • The dynamics of what a good Board conversation should look like and include
  • Best practices for delivering your Board cyber updates often and with confidence
  • How to create trust with dialogue delivery and engage leadership with universal, non-security terms

11:20am - 12:05pm  Executive Boardroom

Build and Protect for Tomorrow

Sean Leach headshot

Sean Leach

Chief Product Architect

Fastly

Jeff Brown headshot

Jeff Brown

Chief Information Security Officer

State of Connecticut

The pandemic not only accelerated the pace of digital transformation— it heightened customer expectations as they now require personalized, intuitive, and immediate experiences in our increasingly digital world. However, this demand also creates a need for secure, performant, and resilient technology. That increase pushes businesses to expand their technological ecosystems and grow the way they think about interfacing with customers and employees. With this expansion and change, come inherent risks.

Join this session as your peers discuss:

  • Creating unique opportunities for business transformation
  • Balancing innovation, while managing and protecting new technologies
  • Implementing strategies for future-proofing a framework that allows for faster modernization

12:05pm - 12:35pm  Lunch Service

12:35pm - 1:10pm  Keynote

Using Machine Learning and Hyperscaled Cloud to Deliver Zero Trust

Kumar Ramachandran headshot

Kumar Ramachandran

Senior Vice President of Products and GTM

Palo Alto Networks

With cloud adoption accelerating and the emergence of permanent hybrid workforces, traditional network security constructs are pushed to their breaking point. As remote work has become the new normal, users, applications and data are now everywhere, challenging traditional notions of security and performance. CISOs need a new security architecture designed to protect our ever-expanding perimeters from ever-evolving threats without sacrificing performance.

Join this session to discuss:

  • Zero Trust principles that address the security and performance needs of today’s digital businesses
  • How modern security architectures should be optimized to deliver leading performance and resiliency
  • Why advanced ML/AI techniques deliver superior protections from today’s sophisticated threats


1:10pm - 1:25pm  Break

1:25pm - 2:10pm  Breakout Session

Passwordless Is Just the Start — Why CISOs Must Rethink the Customer Identity Experience

Raj Galagali headshot

Raj Galagali

Vice President, Global Solutions Engineering

Transmit Security

Threat actors constantly target customer passwords, which is why many CISOs view passwordless as a big leap in authentication security. Eliminating passwords is essential, but attackers are still able to takeover customer accounts or create their own fake accounts with more sophisticated methods. To close off all threat vectors and improve the customer experience, identity professionals must take a comprehensive CIAM approach to assess risk and trust throughout the lifecycle of the user journey, from first registration and passwordless authentication to account recovery.

This session explores:

  • The role of passwordless authentication in improving protection and customer experience
  • How attackers are invading accounts at other points in the identity lifecycle
  • Why companies must take a more comprehensive approach to account protection, inclusive of passwordless authentication
  • How to deliver security-first CIAM without compromising the user experience

1:25pm - 2:10pm  Breakout Session

Pen Test Your Board Pitch – An Interactive Exercise

Ariel Litvin headshot

Ariel Litvin

Chief Information Security Officer

First Quality

Mark Robinson headshot

Mark Robinson

Global Director of Information Security

Coty

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

  • Create and deliver a board pitch
  • Receive real-time feedback on your pitch
  • Learn best practices and strategies for communicating with your board


1:25pm - 2:10pm  Executive Boardroom

From Workloads to Identities — Unifying Cloud Management

Tony Chryseliou headshot

Tony Chryseliou

Global Information Security Executive

Sony Corporation of America

Michael Cena headshot

Michael Cena

Vice President, Head of Cyber Security

A+E Networks

When security and functionality fight, functionality always wins. The pace of innovation and growth in the cloud, combined with increasingly complex business and user needs, demands that security leaders adopt better tools and a new mindset — one that empowers their teams to manage risk at scale.

Join this session hosted by Sonrai Security to discuss: 

  • Why gaining visibility is a growing challenge in multi-cloud
  • How to help teams more effectively prioritize risks
  • How to align security solutions to achieve a more unified cloud strategy

1:25pm - 2:10pm  Executive Boardroom

The Ongoing Fight to Secure Business Email

Crane Hassold headshot

Crane Hassold

Director of Threat Intelligence

Abnormal Security

Tariq Habib headshot

Tariq Habib

Chief Information Security Officer

MTA

Bob Brown headshot

Bob Brown

CISO

Federal Home Loan Bank of New York

JT Jacoby headshot

JT Jacoby

Chief Information Security Officer

International Rescue Committee

Despite their efforts, from phishing simulations to security awareness campaigns, CISOs from organizations big and small keep falling short when it comes to stopping Business Email Compromise (BEC) attacks. But, if everyone has an email security program, why are the losses associated with BEC still climbing?

Join this session to discuss:

  • What is working or not working, with existing processes and technology?
  • How do we solve the "human factor" in the equation?
  • Best practices for preventing loss related to a BEC attack?

1:25pm - 2:10pm  Executive Boardroom

Software Supply Chain Management Hygiene

Maury Cupitt headshot

Maury Cupitt

VP of Solutions Engineering

Sonatype

Patrick Ford headshot

Patrick Ford

Chief Information Security Officer, Americas

Schneider Electric

George Moser headshot

George Moser

Chief Information Security Officer

S&P Global

Software hygiene practices are like handwashing prior to surgery; at one point laughable, now an essential and integral step prior to every procedure. Why are organizations still not putting enough focus on adopting essential software hygiene practices for supply chain management, even though they know they should?

Join this roundtable session to discuss:

  • Encouraging developers to adopt a set of security and governance daily routines
  • Overcoming the knowledge sharing gap between Security, Developer, and IT Operations
  • Positioning software hygiene as a practice that generates not simply risk value, but revenue value

7:45am - 8:45am  Registration & Breakfast

8:45am - 9:30am  Keynote

Facing Adversity with Boston Strong Resilience

Adrianne Haslet headshot

Adrianne Haslet

Boston Marathon Bombing Survivor

Guest Speaker

Adrianne Haslet is an exemplar of resilience, a world-renowned professional ballroom dancer at the peak of her career, she was spectating the Boston Marathon when terror struck. Adrianne lost her left leg on impact, along with all hope of dancing again. Yet she pulled from the strength of the city of Boston to not only dance but finish in fourth place at the Boston Marathon this year. Adrianne shares the life lessons she had to learn and relearn with unparalleled strength over adversity.

Join Adrianne Haslet as she shares her story in,

  • Finishing the race in every corporate and personal challenge
  • Learning to face challenges with a renewed mindset
  • Facing adversity with a renewed perspective

9:30am - 10:00am  Networking Break

10:00am - 10:45am  Breakout Session

Cybersecurity Strategy — Getting Ready for the Next Event

Mike Brown headshot

Mike Brown

Financial Services Field CISO

Fortinet

Your digital transformation journey must be efficient, effective and secure. Where does cybersecurity fit into your post pandemic IT and digital enablement? With the recent shift in IT priorities, CISOs should be a strategic thinker and an ally who promotes security readiness as you shape your company or organization’s success.

In this session, you will explore:

  • The components of an effective cybersecurity strategy that drive your program and reduce risk
  • Strategies that ensure the major building blocks of your IT transformation are secured
  • Ways to evolve your cybersecurity strategy to align with line of business goals

10:00am - 10:45am  Breakout Session

Extending the Goodwill of Your Cybersecurity Program

David Sheidlower headshot

David Sheidlower

Chief Information Security Officer

Turner Construction

Mike Lamberg headshot

Mike Lamberg

VP, CISO

ION

The CISO has always been the company expert in how to prevent social engineering attacks and how to keep the company’s information assets safe. Extending that expertise to benefit employees in their personal lives is just the next step in making sure that the workforce is safe on-line. Providing guidance around threats like elder fraud, cyber-bullying and other scams that impact our personal lives allows an opportunity for the CISO to provide incredible value to the workforce.

Join this session to discuss:

  • The CISOs role in helping keep employees and their families safe
  • Best practices for CISOs to position themselves as the company’s cyber expert accessible to everyone
  • How being the cyber expert helps in securing the at-home working environment and recognizing that it cannot be controlled the way the office can be


10:00am - 10:45am  Executive Boardroom

Merging Zero Trust And SASE

Oren Falkowitz headshot

Oren Falkowitz

Field CSO, Formerly Co-Founder & CEO of Area 1 Security

Cloudflare

Philip Beyer headshot

Philip Beyer

Head of Security

Etsy

Bob Brown headshot

Bob Brown

CISO

Federal Home Loan Bank of New York

Organizations are feeling a shift in the world of networking and security as they rapidly adopt and embrace the cloud. Enterprises need efficiency, visibility and security without compromise. The secure access service edge, better known as SASE, and zero trust implementations can provide a more comprehensive security capability to truly support digital transformation.

In this session, you will discuss:

  • Problems SASE can address in the modern enterprise
  • Benefits of planning both SASE and zero trust implementations
  • How to best position your organization for this transition

10:00am - 10:45am  Executive Boardroom

The Indispensable Human Element of Cybersecurity

Michael Leland headshot

Michael Leland

Chief Cybersecurity Evangelist

SentinelOne

Rod Aday headshot

Rod Aday

Director, Information Risk Management

Verizon

Ian Rathie headshot

Ian Rathie

Managing Director, Chief Information Security Officer

Fitch Ratings

Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important tools of defense, leaders must balance the overwhelming speed and accuracy advantages of AI with the need for measured and intuitive interactions with a real-world human element.

Join this session to discuss:

  • What these trends mean for the hands-on practitioner
  • When the velocity of innovation outpaces the capabilities of human intellect
  • The role of automation in the effective practice of securing our digital world

10:00am - 10:45am  Executive Boardroom

The State of Threat Detection — Actionable Insights and Adversary Techniques

Robb Reck headshot

Robb Reck

Chief Trust and Security Officer

Red Canary

Peter Rosario headshot

Peter Rosario

Chief Information Security Officer

USI

Bob Blythe headshot

Bob Blythe

VP, Information Security and Technology Risk

World Wrestling Entertainment Inc

Ernie Rozado headshot

Ernie Rozado

Director, Head of Cybersecurity and Compliance

G-III

Staying ahead of the countless, persistent and often well-funded threat actors is a daunting task. A fast-moving security program can mean the difference between preventing a breach or becoming the next headline, but knowing where and how to prioritize efforts and resources can be just as challenging. What are CISOs doing to ensure their threat intelligence programs are on the right track for 2022 and beyond?

Join this peer roundtable to discuss:

  • The latest threat landscape, including emerging threats and the most prevalent techniques
  • Best practices for detecting, mitigating and simulating attacks
  • How to test and validate defenses against common adversary behaviors

10:45am - 11:20am  Networking Break

10:50am - 11:15am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:10pm - 2:45pm  Networking Break

2:15pm - 2:40pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:45pm - 3:30pm  Breakout Session

Power of Your Presence and Building Your Personal Brand

Reshma Budhwani headshot

Reshma Budhwani

VP, Chief Technology Security Officer

New York Life

Radhika Bajpai headshot

Radhika Bajpai

Senior Director, Global Head of Technology and Information Security Assurance

PayPal

Lauren Dana Rosenblatt headshot

Lauren Dana Rosenblatt

VP, Chief Information Security Officer

International Flavors & Fragrances

The CISO role has evolved over the years and is now recognized as a critical business function by most organizations. Cybersecurity Leaders each have their own story to tell and goals, skills, and expertise to share. In today’s increasingly digital world, a personal brand is no longer a nice-to-have; it’s expected.

Come together to learn from three cybersecurity leaders in the NY CISO Community to discuss:

  • Strategies to build and maintain a personal brand
  • Taking a personal inventory and identifying your strengths
  • Elevate your security career through personal branding


2:45pm - 3:30pm  Breakout Session

The Democratization of Security Automation - Go Beyond the SOC

Marco Garcia headshot

Marco Garcia

Field CTO at Torq

Torq

There is little disagreement on the value and necessity of automation in security. Research recently showed that 90% of those surveyed are already automating select security processes—but 92% also report significant barriers to expanding those programs. The challenge is knowing what to start with and how to do it right. Figuring out what processes are ready for automation and what tools to incorporate can be overwhelming, let alone finding someone in the organization with the skillset to develop the automations.

Join us as we discuss:

  • How to plan your automation strategy and build your roadmap
  • Where to start if you know you need to automate, but aren't sure how to begin
  • How to ensure your automations are optimized for industry best practices


2:45pm - 3:30pm  Executive Boardroom

Leading in Cyber-Crisis — Business as Usual vs. Business Disruption?

Rob McLeod headshot

Rob McLeod

Vice President, Threat Response Unit

eSentire

Chris Holden headshot

Chris Holden

Chief Information Security Officer

Crum & Forster

Kevin Li headshot

Kevin Li

Chief Information Security Officer

MUFG Americas

Rich Menta headshot

Rich Menta

Senior Security Leader

Bausch Health

Despite the millions of dollars extorted in ransomware attacks each year, leaders outside security still sometimes struggle to understand cyber risks beyond what fits into a morning news alerts, leaving security leaders struggling to explain complex topics to their non-technical peers. While most CISOs feel comfortable managing the minor security incidents with standardized processes, what about major incidents that shake the very foundation of your organization?

 Join this boardroom hosted by eSentire to discuss making critical decisions in the chaotic atmosphere of a cyberattack. You'll leave with insights and advice on:

  • New challenges in regulatory compliance, ransom payments and legal liability
  • Best practices for strategic communication across the organization
  • Lessons learned and examples from attacks that didn't make the headlines

2:45pm - 3:30pm  Executive Boardroom

Leveraging Automation to Keep Pace with Threat Detection and Response

Eoin Hinchy headshot

Eoin Hinchy

Co-founder & CEO

Tines

Almon Tse headshot

Almon Tse

Chief Information Security Officer

Saks Fifth Avenue

John Whiting headshot

John Whiting

Global Chief Security Officer

DDB Worldwide

Security teams are overloaded with alerts and manual tasks that slow down the speed at which they can respond to threats. Detections can take weeks to deploy and tune, and even when they do work, the alerts can still be noisy and tedious to respond to. CISOs are struggling to hire and retain analysts and engineers and want them to work on the most impactful, risk reduction efforts within their own organization. How are CISOs prioritizing high-risk activity and using automation to protect their organizations in real-time without interrupting workforce productivity?

Join this boardroom to discuss:

  • The current state of Security Operations and continuous adaptation of security policies and access
  • Operational benefits and value driven by adaptive security capabilities with a risk focus
  • How security automation has assisted you in developing your risk mitigation strategy

3:30pm - 3:45pm  Break

3:45pm - 4:20pm  Keynote

Regulatory Compliance as a Team Sport

Leon Flaksin headshot

Leon Flaksin

Head Of Technology Risk Management

BlackRock Inc

Vik Arora headshot

Vik Arora

CISO

Hospital For Special Surgery

Kylie Watson headshot

Kylie Watson

CISO

Sumitomo Mitsui Banking Corporation

Cybersecurity incidents have been taking place for years and remained out of the public spotlight until late. Recent cyber incidents that affected large numbers of people have catapulted the issue into the national discourse and regulatory spotlight. We are now entering a new era in cybersecurity—one in which governments and regulatory agencies have more oversight of cybersecurity incidents.

Join this session to discuss: 

  • How much of an influence are regulatory requirements on your company's cybersecurity program 
  • The impact of the proposed regulatory changes 
  • Navigating the greater involvement of executive leadership and board in your cyber program



4:20pm - 4:50pm  Closing Reception & Prize Drawing

November 8, 2022

November 9, 2022

We look forward to seeing you at an upcoming in-person gathering


Location


Venue & Accommodation

The New Yorker
MORE INFORMATION

A block of rooms has been reserved at the The New Yorker at a reduced conference rate. Reservations should be made online or by calling 212-971-0101.

Deadline to book using the discounted room rate of $269 USD (plus tax) is October 17, 2022.

Your Community Partners


Global Thought Leader
CISO Thought Leaders
Key Partners

Community Program Manager


For inquiries related to this community, please reach out to your dedicated contact.

Krista Robbins

Senior Program Manager

208-597-1550

krista.robbins@evanta.com