New York CISO Executive Summit

Governing Body members host this welcome reception for attendees to launch the event with an evening of peer networking.

Identity is not the new perimeter, but rather identity is a nexus for context and context is the new perimeter. Zero trust principles woven throughout your IAM strategy in today’s work-from-anywhere environments can be the key to protecting the business across people, devices and applications. As context becomes more complex and the perimeter is ever-evolving, how do you build a defense structure capable of protecting users and the business?

In this session, you will explore:

• The role of zero trust in identity and access management
• How to implement IAM tools without negatively impacting the user experience or core business operations
• How to engage other stakeholders and functions on their access needs to move beyond surface-level coordination

Many organizations are challenged with implementing their security programs across widely distributed infrastructure, using an array of tools while often sharing responsibility and control with their service providers. So how can they best maintain visibility into those environments, detect malicious activity and orchestrate effective, business wide, responses? Or perhaps even eliminate much of the noise in that process by identifying and reducing their exposure and risk proactively?

Join this interactive boardroom to discuss:

• Key industry advances in open interconnectivity of tools and data sources
• How overall exposure and risk can be better managed
• Improving the efficiency and effectiveness of threat management programs to allow security teams to focus on the what’s most important.

Your people are your most valuable asset, your greatest weakness, and your best defense. CISOs seeking to prevent data loss from malicious, negligent or compromised users can correlate content, behavior and threats for better insight and streamlined investigations.

Join this session to discuss:

• Augmenting your data protection program with the right people and processes
• Transforming your employees into effective data defenders
• Managing insider threats and preventing data loss at the endpoint

As the cyber security landscape has evolved, the role of the Board, and Board cyber updates, has becoming increasingly critical.  Some CISOs may feel a sense of disconnect with their board of directors and must learn to effectively communicate cybersecurity to them in a way that is not overly technical.

Join this session and hear from 3 CISOs at different stages of their career discuss:

• The dynamics of what a good Board conversation should look like and include
• Best practices for delivering your Board cyber updates often and with confidence
• How to create trust with dialogue delivery and engage leadership with universal, non-security terms

The pandemic not only accelerated the pace of digital transformation— it heightened customer expectations as they now require personalized, intuitive, and immediate experiences in our increasingly digital world. However, this demand also creates a need for secure, performant, and resilient technology. That increase pushes businesses to expand their technological ecosystems and grow the way they think about interfacing with customers and employees. With this expansion and change, come inherent risks.

Join this session as your peers discuss:

• Creating unique opportunities for business transformation
• Balancing innovation, while managing and protecting new technologies
• Implementing strategies for future-proofing a framework that allows for faster modernization

With cloud adoption accelerating and the emergence of permanent hybrid workforces, traditional network security constructs are pushed to their breaking point. As remote work has become the new normal, users, applications and data are now everywhere, challenging traditional notions of security and performance. CISOs need a new security architecture designed to protect our ever-expanding perimeters from ever-evolving threats without sacrificing performance.

Join this session to discuss:

• Zero Trust principles that address the security and performance needs of today’s digital businesses
• How modern security architectures should be optimized to deliver leading performance and resiliency
• Why advanced ML/AI techniques deliver superior protections from today’s sophisticated threats

Threat actors constantly target customer passwords, which is why many CISOs view passwordless as a big leap in authentication security. Eliminating passwords is essential, but attackers are still able to takeover customer accounts or create their own fake accounts with more sophisticated methods. To close off all threat vectors and improve the customer experience, identity professionals must take a comprehensive CIAM approach to assess risk and trust throughout the lifecycle of the user journey, from first registration and passwordless authentication to account recovery.

This session explores:

• The role of passwordless authentication in improving protection and customer experience
• How attackers are invading accounts at other points in the identity lifecycle
• Why companies must take a more comprehensive approach to account protection, inclusive of passwordless authentication
• How to deliver security-first CIAM without compromising the user experience

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

• Create and deliver a board pitch
• Receive real-time feedback on your pitch
• Learn best practices and strategies for communicating with your board

When security and functionality fight, functionality always wins. The pace of innovation and growth in the cloud, combined with increasingly complex business and user needs, demands that security leaders adopt better tools and a new mindset — one that empowers their teams to manage risk at scale.

Join this session hosted by Sonrai Security to discuss: 

• Why gaining visibility is a growing challenge in multi-cloud
• How to help teams more effectively prioritize risks
• How to align security solutions to achieve a more unified cloud strategy

Despite their efforts, from phishing simulations to security awareness campaigns, CISOs from organizations big and small keep falling short when it comes to stopping Business Email Compromise (BEC) attacks. But, if everyone has an email security program, why are the losses associated with BEC still climbing?

Join this session to discuss:

• What is working or not working, with existing processes and technology?
• How do we solve the "human factor" in the equation?
• Best practices for preventing loss related to a BEC attack?

Software hygiene practices are like handwashing prior to surgery; at one point laughable, now an essential and integral step prior to every procedure. Why are organizations still not putting enough focus on adopting essential software hygiene practices for supply chain management, even though they know they should?

Join this roundtable session to discuss:

• Encouraging developers to adopt a set of security and governance daily routines
• Overcoming the knowledge sharing gap between Security, Developer, and IT Operations
• Positioning software hygiene as a practice that generates not simply risk value, but revenue value

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

The CISO role has evolved over the years and is now recognized as a critical business function by most organizations. Cybersecurity Leaders each have their own story to tell and goals, skills, and expertise to share. In today’s increasingly digital world, a personal brand is no longer a nice-to-have; it’s expected.

Come together to learn from three cybersecurity leaders in the NY CISO Community to discuss:

• Strategies to build and maintain a personal brand
• Taking a personal inventory and identifying your strengths
• Elevate your security career through personal branding

There is little disagreement on the value and necessity of automation in security. Research recently showed that 90% of those surveyed are already automating select security processes—but 92% also report significant barriers to expanding those programs. The challenge is knowing what to start with and how to do it right. Figuring out what processes are ready for automation and what tools to incorporate can be overwhelming, let alone finding someone in the organization with the skillset to develop the automations.

Join us as we discuss:

• How to plan your automation strategy and build your roadmap
• Where to start if you know you need to automate, but aren't sure how to begin
• How to ensure your automations are optimized for industry best practices

Despite the millions of dollars extorted in ransomware attacks each year, leaders outside security still sometimes struggle to understand cyber risks beyond what fits into a morning news alerts, leaving security leaders struggling to explain complex topics to their non-technical peers. While most CISOs feel comfortable managing the minor security incidents with standardized processes, what about major incidents that shake the very foundation of your organization?

 Join this boardroom hosted by eSentire to discuss making critical decisions in the chaotic atmosphere of a cyberattack. You'll leave with insights and advice on:

• New challenges in regulatory compliance, ransom payments and legal liability
• Best practices for strategic communication across the organization
• Lessons learned and examples from attacks that didn't make the headlines

Security teams are overloaded with alerts and manual tasks that slow down the speed at which they can respond to threats. Detections can take weeks to deploy and tune, and even when they do work, the alerts can still be noisy and tedious to respond to. CISOs are struggling to hire and retain analysts and engineers and want them to work on the most impactful, risk reduction efforts within their own organization. How are CISOs prioritizing high-risk activity and using automation to protect their organizations in real-time without interrupting workforce productivity?

Join this boardroom to discuss:

• The current state of Security Operations and continuous adaptation of security policies and access
• Operational benefits and value driven by adaptive security capabilities with a risk focus
• How security automation has assisted you in developing your risk mitigation strategy

Cybersecurity incidents have been taking place for years and remained out of the public spotlight until late. Recent cyber incidents that affected large numbers of people have catapulted the issue into the national discourse and regulatory spotlight. We are now entering a new era in cybersecurity—one in which governments and regulatory agencies have more oversight of cybersecurity incidents.

Join this session to discuss: 

• How much of an influence are regulatory requirements on your company's cybersecurity program 
• The impact of the proposed regulatory changes 
• Navigating the greater involvement of executive leadership and board in your cyber program