IN-PERSON

New York CISO Executive Summit

December 4, 2024 | Pier Sixty

December 4, 2024
Pier Sixty

APPLY TO PARTICIPATE

Collaborate with your peers

Get together with New York's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Aligning cybersecurity and business objectives to provide tangible value

Managing and protecting key data in a world of variable user access and protections

Thoughtfully leveraging AI to develop needed, business-enabling tools and processes

New York CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Reshma Budhwani

New York Life
VP, Chief Technology Security Officer

Tomas Maldonado

National Football League
Chief Information Security Officer

Tod Mitchinson

New York Life
VP, Chief Information Security Officer

Michael Palmer

Hearst
Chief Information Security Officer

Lauren Dana Rosenblatt

Public Service Enterprise Group Inc
VP, Chief Information Security Officer

Kylie Watson

Sumitomo Mitsui Banking Corporation
CISO

Teresa Zielinski

GE Vernova
VP, Global CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your New York CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


December 3, 2024

December 4, 2024

6:00pm - 8:00pm  Governing Body Reception

Governing Body Welcome Reception

Governing Body members of the New York CISO community host this welcome reception for to kick off the Executive Summit with an evening of peer networking, food and drinks.

7:45am - 8:30am  Registration & Breakfast

8:30am - 9:15am  Keynote

Never Lead Alone — Transforming Leadership into Teamship

Keith Ferrazzi headshot

Keith Ferrazzi

#1 New York Times Bestselling Author; Global Thought Leader in the Relational and Collaborative Sciences

Join Keith Ferrazzi, renowned team coach and bestselling author, as he unveils the groundbreaking concepts from his latest book, "Never Lead Alone: 10 Shifts from Leadership to Teamship." In this dynamic keynote, Ferrazzi challenges traditional notions of leadership and introduces a revolutionary approach to team dynamics in today's volatile business landscape.

Drawing from two decades of proprietary research Ferrazzi will share:

  • The role of the Leader in fostering Teamship
  • 10 critical shifts your teams must make to achieve breakthrough performance
  • Strategies and practical tools you can implement now for navigating modern challenges like hybrid work, and AI integration

Discover how to transform into a co-elevating team that drives bolder innovation, breaks down silos, and delivers exceptional results. Whether you're a C-suite executive or a team member looking to contribute more effectively, this keynote will provide you with actionable insights to revolutionize your approach to collaboration and team performance.

Keith isn't just an author -- he's someone who knows and works with CISOs and security leaders regularly. Check out some of his articles for Forbes specifically addressing how CISOs can action on some of the key principles of his work:

9:15am - 9:40am  Networking Break

9:40am - 10:25am  Breakout Session

Scaling Matterhorn – How Uber is Transforming Issues Management with GenAI

Hardik Mehta headshot

Hardik Mehta

Head of Cyber Risk Management

Uber

Imagine a world where security engineers weren't inundated with thousands of issues/bugs across dozens of categories every day. Hardik Mehta, Head of Cyber Risk Management at Uber, and his team no longer have to just imagine that world -- they've made it their reality with Project Matterhorn — a Generative AI-powered program that is taking the number of issues from 200k+ across 21 types to just 20k across only 2 types.

In this session, Hardik will share how Project Matterhorn is leveraging GenAI to:

  • Identify & resolve Uber’s critical security issues across Product and Infra
  • Integrate with Uber’s engineering plans and govern Uber’s issues posture
  • Reduce Uber’s operational toil around issues, exceptions and acceptances

9:40am - 10:25am  Breakout Session

Taking the Reins — Unifying Risk Management in Complex Digital Environments

Richard Seiersen headshot

Richard Seiersen

Chief Risk Technology Officer

Qualys

Cybersecurity is more than just technology; it’s about managing risks in a business context. Today’s interconnected landscape broadens the risk surface, encompassing cyber threats, operational disruptions, and financial losses across all enterprise levels. CISOs are challenged with fragmented security solutions and siloed strategies, which hinder effective risk management programs. 

Join this session to discuss: 

  • Developing a Risk Operations Center (ROC) to strengthen your cybersecurity risk management program
  • Aggregating, scoring, and presenting risk to achieve unified visibility and action across entire attack surfaces
  • Aligning the business with risk-based prioritization

 

9:40am - 10:25am  Executive Boardroom

Shaping Security Leadership for the Quantum Era

Ray Harishankar headshot

Ray Harishankar

Fellow, Quantum Safe

IBM

Tim Somrah headshot

Tim Somrah

Vice President, Information Security

Major League Soccer

Bob Brown headshot

Bob Brown

CISO

Federal Home Loan Bank of New York

Rod Aday headshot

Rod Aday

CISO

Bank of China

Cryptography touches every corner of the digital world, and it is at risk of decryption from cybercriminals launching “harvest now, decrypt later” attacks. NIST announced three encryption algorithm standards in August 2024, which the U.S. government is pressed to adopt by 2035. Businesses must start evaluating their systems now, as a system-wide transition to quantum-safe protocols will be complex and time-consuming.

Join this session to discuss:

  • The current threat landscape from cryptographically relevant quantum computing
  • Understanding the NIST encryption standards and how to implement to your organizations
  • Evaluating and updating security strategy to ensure future security

9:40am - 10:25am  Executive Boardroom

Governing Generative AI in your Organization

Anthony Scarfe headshot

Anthony Scarfe

Deputy CISO

Elastic

Almon Tse headshot

Almon Tse

Chief Information Security Officer

Saks Group

JR Riding headshot

JR Riding

CISO

Multiplan

Steve Savard headshot

Steve Savard

Director of Information Technologies

ICC Industries Inc

Generative AI is being utilized by companies and employees alike–sometimes without permission. The normalization of this emerging technology has expanded the attack surface and left many security leaders feeling anxious and uncertain. Is generative AI worth the risk, and how should it be governed in an organization?

Join this interactive roundtable to explore:

  • What to expect from the threat landscape as generative AI becomes increasingly normalized
  • What adopting generative AI does to your attack surface, and if you should even allow it
  • How to implement governance rules that your organization will follow

9:40am - 10:25am  Executive Boardroom

Preemptive Cybersecurity — Building Toward a Future of Cyber Deterrence

Luigi Lenguito headshot

Luigi Lenguito

CEO

BforeAI

Pronay Mukherjee headshot

Pronay Mukherjee

Global Business Information Security Officer

Levi Strauss & Co.

Dan Marra headshot

Dan Marra

Director, Information Security

Ropes & Gray

Puneet Bhatnagar headshot

Puneet Bhatnagar

Senior Vice President, Head of IAM - BXTI Cybersecurity

Blackstone Group

Cybersecurity has always been a never-ending race, with threat actors often setting the pace. So how do we actually get ahead of such sophisticated adversaries? By changing the paradigm of security from detection and response to prediction and preemption.

Join this interactive roundtable to explore:

  • Defining and moving toward a preemptive cybersecurity model
  • Countering more sophisticated attacks conducted by AI and other advanced capabilities
  • Observing, quantifying and communicating the ROI of cyber deterrence


Discussion Questions:

  • Who is already having conversations or already implementing preemptive cybersecurity programs? What is your definition of cyber deterrence?
  • Where do we start with cyber deterrence? What are the programs you’re looking at?
  • How are you budgeting for these kinds of programs? What is the level of sophistication we need to have to make these effective?
  • How can you empower your employees to be proactive in addressing and preventing cyberattacks?
  • How do you show ROI of cyber deterrence? What are the KPIs or metrics can we use to show this?

10:25am - 11:05am  Networking Break

10:30am - 10:55am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:05am - 11:50am  Breakout Session

Intersecting Horizons -- Security & Privacy

Catherine Tomasi headshot

Catherine Tomasi

Director, Chief Privacy Officer

Con Edison

Security and privacy are intersecting, yet distinct, disciplines that ultimately share a lot of the same goals. But true collaboration between these critical functions isn't just about policies and protocols -- it's about leveraging both perspectives to think more holistically about safeguarding data and establishing trust.

Join this session for a candid, fireside chat-style session between two local security and privacy leaders about how they approach collaborating with their respective privacy/security counterpart within their organization, each sharing how they:

  • Navigate areas of shared interest and responsibility between privacy and security
  • Address the constantly evolving landscape of data protection regulation
  • Work cross-functionally to promote the responsible and innovative use of data across the enterprise

11:05am - 11:50am  Breakout Session

Modern Workforce, Modern Security Strategy

In the age of remote and hybrid work, employees now spend the majority of their time in the browser or in virtual meetings. The workforce is more mobile and distributed than ever before. At the same time, we are seeing an increase in cyber attacks and a higher average cost of data breaches. We must think more about protecting users right where they interface with web threats, the browser, without disrupting productivity.

Join this conversation with your peers to discuss:

  • The browser's role in a business's security strategy
  • Zero trust architecture
  • Managing resources for cybersecurity in a time of economic uncertainty

11:05am - 11:50am  Executive Boardroom

Rethinking the Relationship Between Cybersecurity Teams and the People They Protect

Pat Joyce headshot

Pat Joyce

Global Resident CISO

Proofpoint

Christina Morillo headshot

Christina Morillo

Head of Information Security

New York Giants

Davin Darnt headshot

Davin Darnt

CISO Americas

Louis Vuitton

Matt Cerny headshot

Matt Cerny

Director, Cyber Security

Integra Life Sciences

You’ve heard it all before: the DBIR tells you people are your biggest risk, phishing simulations tell you your users fall for social engineering, and simple security measures you deploy are sometimes met with howls of protest. But what if it didn’t have to be that way?

Join this session for a fresh perspective on:

  • Moving security alerts from the SOC to where users work
  • Protecting end users perception of security controls
  • Transforming security teams’ interactions with end users

11:05am - 11:50am  Executive Boardroom

Connecting the Dots of Global Data Governance and Compliance

Mauro Failli headshot

Mauro Failli

Director, Technical Advisor & Operations, Executive Engagement Programs

Twilio

Alexandria San Miguel headshot

Alexandria San Miguel

Head of Information Security

Chanel

Jason Rothhaupt headshot

Jason Rothhaupt

Deputy CISO

Broadridge

Matt Mudry headshot

Matt Mudry

Chief Information Security Officer

HomeServe USA

In today's complex regulatory environment, CISOs must navigate various categories of global trust, such as demographic and ethnographic factors, which influence compliance and governance decisions. Establishing and maintaining trust requires not only defining a clear position but also providing consistent evidence to support compliance claims. How can leaders connect the dots of governance across different countries and organizations effectively to enhance compliance and operational efficiency?

Join this boardroom to discuss:

  • Navigating the convergence of consumer, government, and market forces that shape global flows of data
  • Aligning governance and compliance strategies to build and maintain trust
  • Leveraging new technologies responsibly across geographies without sacrificing customer trust and loyalty

11:05am - 11:50am  Executive Boardroom

Risk to the Nth-Party Degree

Peter Ling headshot

Peter Ling

VP, Global Cybersecurity Partnerships & Cyber Resilience Programs

RiskRecon - A MasterCard Company

Steven Wallstedt headshot

Steven Wallstedt

Chief Information Security Officer

Industrial and Commercial Bank of China

Pat Ford headshot

Pat Ford

Chief Information Security Officer, Americas

Schneider Electric North America

Matthew Saeed headshot

Matthew Saeed

CISO

Warby Parker

Third party relationships are closest and may prove to be the most tangible risks to your business, yet the whole supply chain of your business partners still pose a substantial threat. Most organizations’ vendor relationships extend to the 8th party. CISOs need to understand this web of connectedness in order to better manage and communicate enterprise risk.

Join this session to discuss:

  • Gaining visibility into risk across the whole supply chain
  • Strategies for effective risk management and monitoring business partners
  • Overcoming resource challenges to prioritize third-party and extended supply chain risk

11:50am - 12:35pm  Lunch Service

12:35pm - 1:10pm  Keynote

How Zero Trust and AI Enable Innovation That Outpaces Adversaries

Kavitha Mariappan headshot

Kavitha Mariappan

EVP, Customer Experience and Transformation

Zscaler

The modern CISO must navigate the complex balance between technological advancement and the need to simplify and secure IT environments. This requires overhauling legacy architectures to be VPN and firewall-free, responding to shifting threats with AI-enabled defenses, overcoming financial constraints, and accommodating cloud-first businesses with distributed workforces. Leaders must lay a secure foundation using zero trust principles – for users, devices, and workloads – and harness the power of AI to consistently stay one step ahead of the attackers.

Join this session to learn:

  • AI’s role in enabling both organizations and their adversaries, with an emphasis on staying a step ahead of cybercriminals
  • Navigating the evolution of the CISO roles in light of greater expectations and oversight from senior business leaders
  • Securing organizations’ resources – from end users to branches and factories – reliably and cost-effectively with zero trust

1:10pm - 1:35pm  Break

1:35pm - 2:20pm  Breakout Session

Ask Me Anything – HR Office Hours

Aisha Thomas-Petit headshot

Aisha Thomas-Petit

Senior Vice President and CHRO

Horizon Blue Cross Blue Shield of New Jersey

Cheryl Bucci headshot

Cheryl Bucci

SVP, Operations & People

American Society for the Prevention of Cruelty to Animals

Don’t you wish you could pop into your CHRO's head, instantly understanding their approach to important topics and decisions? Now’s your chance to pursue that candid context, pose questions and hear an insider HR perspective.

The questions in this session will be decided by this CISO community and will touch on themes like:

  • Staffing infosec teams and addressing components of HR processes security leaders find challenging
  • Understanding how CISOs can better support their HR counterparts
  • More areas of opportunity for CHRO & CISO collaboration, such as insider threat initiatives

1:35pm - 2:20pm  Breakout Session

Best Practices for Trusting AI in Your Security Strategy

Julien Soriano headshot

Julien Soriano

Chief Information Security Officer

Box

For security professionals, zero trust is a mantra built into the cornerstones of security strategies. So trusting AI to augment and improve all the protections we've spent our careers putting in place is no easy feat. But here’s the truth: AI needs time and data to grow and learn to support security teams. And we — as the real, live people managing these tools — need time and information to adjust to trusting AI.

Join this session to learn about:

  • Establishing trust in AI to combat external threats like data leaks from shadow AI usage
  • Managing internal threats through controlling permissions and implementing guardrails
  • Using AI to empower security teams by automating tasks, addressing talent gaps, and preventing burnout

1:35pm - 2:20pm  Executive Boardroom

How to Assess Security Maturity and Why It Matters

Peter Rosario headshot

Peter Rosario

Chief Information Security Officer

USI

Reshma Budhwani headshot

Reshma Budhwani

VP, Chief Technology Security Officer

New York Life

Ronen Halevy headshot

Ronen Halevy

Vice President, Information Security

Sony Corporation of America

Maturing your security posture requires knowing how to objectively assess your organization, use industry best practices and frameworks, and select the right tools to advance your business. This complex, time-intensive process often takes a backseat to defending yourself against ever-evolving threats. Getting started can be overwhelming, so finding time to assess and improve your security maturity is a tall task.

Join this session to discuss:

  • Benchmarking SOC performance using common assessment frameworks and tools
  • Determining your security maturity level, and how to fill gaps you’ve identified
  • Analyzing the impact of data and AI on your security posture

1:35pm - 2:20pm  Executive Boardroom

SecOps Transformation — Cybersecurity at Scale

Xavier Saavedra headshot

Xavier Saavedra

Director, SOC Transformation Advisors

Palo Alto Networks

Mary Carp headshot

Mary Carp

Director of Security Operations

Avery Dennison

Craig Budinich headshot

Craig Budinich

Director, Information Security Operations & Engineering

International Rescue Committee

Today’s security operations centers are facing a barrage of “more.” More attacks. More threat actors. More devices and data. More security tools. More regulations. More specialized focus areas. More silos. With the modern security landscape changing fast, the SOC must evolve to meet current threats, demands and pressures.

Join this session to discuss:

  • Balancing business demands and a stable security architecture at scale
  • Gaining clarity with AI-driven intelligence
  • Integrating incident responses for faster reaction

1:35pm - 2:20pm  Executive Boardroom

The Silent Spread of AI — And Why You’re Losing Control Over It

Lior Yaari headshot

Lior Yaari

CEO and Co-Founder

Grip Security

Dan Shiebler headshot

Dan Shiebler

Head of Machine Learning

Abnormal Security

Carlos Lyons headshot

Carlos Lyons

SVP, CISO

CGS

Ernie Rozado headshot

Ernie Rozado

Director, Head of Cybersecurity and Compliance

G-III

AI risk is quietly creeping into every corner of your enterprise, and you don’t even realize it. As more employees adopt AI-powered tools, applications, and processes, it is becoming deeply embedded in your tech stack — but it’s not just your employees using AI. Attackers are also leveraging AI to enhance their own tactics and sharpen their attacks. The real question for CISOs is: Do you have visibility into the countless ways AI is spreading, and what’s the best way to use AI to protect against AI?

Join this session to discuss:

  • The hidden ways AI is entering your enterprise—from third-party tools to shadow AI projects—and why it’s slipping under the radar
  • How attackers are using AI to improve their attacks and making them harder to detect by both legacy security tools and humans themselves
  • Actionable steps for CISOs to gain visibility and control over AI use across the organization

2:20pm - 3:00pm  Networking Break

2:25pm - 2:50pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

3:00pm - 3:45pm  Breakout Session

Harnessing AI/ML in SASE for Next-Generation Network Security

Kelly Ahuja headshot

Kelly Ahuja

President & CEO

Versa Networks

This session introduces how AI/ML technologies are being integrated into SASE solutions for advanced threat detection, predictive analytics, and automated responses. Real-world case studies illuminate successful implementations, highlighting the challenges faced and the outcomes achieved. Explore the balance between AI-driven automation and the need for human decision-making and future trends. Join us on a journey into the evolving landscape of network security, hear and share best practices and strategies from your peers.

In this session you will learn:

  • How AI/ML technologies can simplify your infrastructure and improve security posture
  • Why AI is fundamental for real-time threat detection and automatic remediation at every edge
  • Explore proven business outcomes and common challenges in deploying AI/ML enhanced SASE

3:00pm - 3:45pm  Executive Boardroom

Strengthening Operational Cloud Defenses with Regulations in Mind

Aditya Malhotra headshot

Aditya Malhotra

Senior Vice President, Information Security

Capital Group

Damiano Tulipani headshot

Damiano Tulipani

SVP, Chief Information Security Officer

Provident Bank

As organizations become increasingly interconnected through complex supply chains, cloud security has emerged as a critical concern that affects all businesses—even those not operating directly within cloud environments. The challenges are compounded by a dynamic regulatory landscape that demands proactive attention.

Join this interactive roundtable session to discuss:

  • Evolving challenges in cloud security and practical approaches to address them
  • Strengthening detection and response capabilities against threats targeting cloud environments
  • Developing an effective, timely cloud incident response plan aligned with regulatory expectations

3:00pm - 3:45pm  Executive Boardroom

Secure Every Identity — Human and Machine

Barak Feldman headshot

Barak Feldman

SVP, PAM and Identity Security

CYBERARK

Mike Crumpler headshot

Mike Crumpler

Vice President, Information Security (CISO)

Kenco

Chris Holden headshot

Chris Holden

SVP, Chief Information Security Officer

Crum & Forster

The path to stronger identity security strategies lies within an agile and connected digital system. CISOs are often challenged with keeping disparate identities up to date, but when leveraged correctly, easy-to-use technology can be a game changer.

Join this boardroom to discuss:

  • The essentials for building seamless and secure access
  • The challenges faced when protecting against malicious actors
  • How to automate the management of digital identities

3:00pm - 3:45pm  Executive Boardroom

Is Secure Email Even Relevant Anymore?

Christian Peel headshot

Christian Peel

VP, Customer Engineering

Echoworx

Steve Grossman headshot

Steve Grossman

Chief Information Security Officer

National Basketball Association

Tod Mitchinson headshot

Tod Mitchinson

VP, Chief Information Security Officer

New York Life

David Sheidlower headshot

David Sheidlower

Chief Information Security Officer

Turner Construction

With messaging apps like WhatsApp boasting over 2 billion users globally, demand on secure email to keep pace grows every day. The competing pressures of convenience, compliance, security and innovation have many CISOs wondering – what’s next for secure business communication?

Join this session to discuss:  

  • Determining if secure email is still relevant
  • Transitioning secure messaging to the cloud
  • Preparing for the future in the era of direct messaging

3:45pm - 4:10pm  Break

3:50pm - 4:15pm  Networking

Rising Together — Women Leaders in Cybersecurity Networking Session

Join us for an informal networking break for women in cybersecurity leadership and their allies to connect and build relationships with like-minded leaders in the greater New York area who are making an impact in their organizations and communities. Come prepared to share ideas, inspire and be inspired, and forge new connections that can help empower each other to achieve your goals and broaden your perspectives.

This session is intended for women in the New York CISO community leading the cybersecurity function at their organizations (CISO/equivalent) and women reporting directly to the CISO/equivalent. Priority access will be reserved for these groups, with allies welcome as space permits.

4:15pm - 4:50pm  Keynote

Success & Succession in Security -- Planning for What's Next

Ahmed Pasha headshot

Ahmed Pasha

CISO

Nomura

Complex, high-pressure and stressful -- three words many security leaders use to describe their roles. In this environment, it's vital to question the sustainability of the role of the modern CISO. How do we make such a demanding role appealing to the next generation of security talent? Can you remain productive at this level of pressure for the next 5, 10, or even 20 years? When you're ready to move on, what will your next step look like -- and who will replace you?

Join this keynote for a frank conversation between security executives that will cover:

  • Advice for newer CISOs who are charting their paths to success
  • Mentoring and bringing up the next generation of security leaders
  • Planning for your own succession and for thinking about what's next

4:50pm - 5:00pm  Closing Comments and Prize Drawing

December 3, 2024

December 4, 2024

We look forward to seeing you at an upcoming in-person gathering


Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location


Venue & Accommodation

Pier Sixty
MORE INFORMATION

Your Community Partners


Global Thought Leaders
CIO Thought Leader
CISO Thought Leaders
Key Partners

Community Program Managers


For inquiries related to this community, please reach out to your dedicated contacts.

Lynn Morrow

Senior Community Program Manager

503-805-5624

lynn.morrow@evanta.com

Krista Robbins

Senior Community Program Manager

krista.robbins@evanta.com