IN-PERSON

San Francisco CISO Executive Summit

June 25, 2024 | Grand Hyatt at SFO

June 25, 2024
Grand Hyatt at SFO

Collaborate with your peers

Get together with San Francisco's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Building risk-ready relationships outside security as a proactive mitigation practice

Overseeing a secure integration of AI and using it to develop business-enabling tools

Managing and protecting key data in a world of variable user access and protections

San Francisco CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Yassir Abousselham

UiPath
SVP, CISO

Selim Aissi

HealthEquity
EVP and CSO

Sujeet Bambawale

7-Eleven
VP, CISO

Krishnan Chellakarai

Gilead Sciences
CISO, Head of Information Security & Data Privacy

Devin Ertel

Menlo Security
Chief Information Security Officer

Al Ghous

Snapdocs
CISO

Leda Muller

Stanford University, Residential and Dining Enterprises
Chief Information Security and Privacy Officer

Kannan Perumal

Applied Materials
Vice President, Chief Information Security Officer

Jeff Trudeau

Chime
VP, CIO & CSO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your San Francisco CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


June 25, 2024

7:45am - 8:30am  Registration & Breakfast

8:30am - 9:15am  Keynote

Time 2.0 — Applying Design Thinking to the Human Experience of Time

John Coyle headshot

John Coyle

CEO and Founder of "Speaking Design Thinking"

Guest Speaker

Time, as we experience it, is not linear, yet why do we pretend that it is? How do we measure the true value of our time? In this mind-bending session, John K. Coyle will apply creative deconstruction to what we think we know about time, and you will learn how to slow, stop and reverse the perceived acceleration of time most adults feel and experience the endless summers of youth again.

Grab a seat and learn how to:

  • Understand the forces that govern experiential time
  • Discover actions you can take to manipulate your perception of time
  • Design your life to create intense and memorable experiences that expand time

9:15am - 9:40am  Networking Break

9:40am - 10:25am  Breakout Session

Turning Security Data in Action

Mani Keerthi Nagothu headshot

Mani Keerthi Nagothu

Americas Field CISO Associate Director

SentinelOne

Security teams have an incredible amount of data but struggle to manage and generate value from this vast data repository. With the right approach to managing security data, CISOs will extract actionable insights that improve their security posture.

Join this session to learn:

  • Benefits of security data lakes and best practices for implementation
  • Effective data management strategies that enable and amplify AI use and improve productivity
  • Leveraging data lakes to strengthen your cyber resilience and security posture

9:40am - 10:25am  Breakout Session

Fraternize and Maximize — Sharing Knowledge, Power, and Victory Over Common Risks

Kannan Perumal headshot

Kannan Perumal

Vice President, Chief Information Security Officer

Applied Materials

When it’s harder to attack anyone, it’s harder to attack everyone. It might feel like a brain teaser but, simply put, intra-industry CISO collaboration and collective intelligence partnerships don’t just benefit your business’s lagging competitors. Yes, sharing information with your fellow industry CISOs could give them a leg up on the next big risk but, in a world of exponential connectedness, squashing risk early is never selfless.

Join Kannan Perumal as he discusses:

  • The unique benefits of consorting with CISOs in your own industry
  • Why some industries are more apt to support these competitor collabs
  • The paradoxical support of a business’s ambition and opposition

9:40am - 10:25am  Executive Boardroom

Communicating Effectively, Utilizing Outcome Driven Tactics

Tim Crothers headshot

Tim Crothers

Director, Office of the CISO

Google Cloud Security

Andrew Schofield headshot

Andrew Schofield

SVP, Head of Information Security & IT Operations

Forge Global

Fernando Enrile headshot

Fernando Enrile

Head of Trust - Office of Cybersecurity

Marqeta

Anurana Saluja headshot

Anurana Saluja

Vice President - Global Head of Information Security, Privacy & Business Continuity

Sutherland

As security leaders gain more face time with the board and key stakeholders, communicating in a way that is understood and out of the weeds is getting more necessary. To keep communication effective as CISOs, implementing some of the process improvement tactics to your own style is helpful. Join this boardroom to get insight into:

  • Developing unique KPIs for your security team and yourself
  • Setting clear goals that allow your team to exceed them
  • Outcome driven security and how to implement it into your communication style

9:40am - 10:25am  Executive Boardroom

Yesterday’s Shadow IT and Today’s Shadow AI

Young-Sae Song headshot

Young-Sae Song

CMO

Grip Security

Mark Lambert headshot

Mark Lambert

Chief Product Officer

ArmorCode

Leda Muller headshot

Leda Muller

Chief Information Security and Privacy Officer

Stanford University, Residential and Dining Enterprises

Shadow AI introduced a new layer of risk in a time when security leaders are already grappling with the formidable challenges of managing hidden technical debt and uncovering shadow IT. Today’s digital landscape requires a new approach to risk and governance – one that identifies the shadows already existing in your organization and stops future shadows emerging as you harness the power of emerging technologies.

Join this session to discuss:

  • Uncovering existing hidden technical debts and shadow IT that inhibit agility, innovation and security
  • Establishing centralized risk frameworks and governance that are enforceable and scalable
  • Involving the C-suite and end users in establishing and understanding protections to deter rogue IT and AI

10:25am - 11:05am  Networking Break

10:30am - 10:55am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:05am - 11:50am  Breakout Session

Endpoint, Cloud and the Board — Identifying Risk that Matters

Richard Seiersen headshot

Richard Seiersen

Chief Risk Technology Officer

Qualys

Prioritizing and eliminating the cyber risks that matter most is the ultimate goal of security leaders. But how do you validate that your efforts are hitting the mark? It all comes down to well-crafted measurements: metrics that are reliable and easily understood by all stakeholders across the business.

In this session, we will discuss:

  • Cybersecurity risk assessment essentials and which risks truly carry weight
  • Concrete approaches to determine effectiveness of security capabilities
  • Creating simple "metric cards" to communicate across stakeholders

11:05am - 11:50am  Breakout Session

Security Hot Topics — Pulse Check Your Priority

Leda Muller headshot

Leda Muller

Chief Information Security and Privacy Officer

Stanford University, Residential and Dining Enterprises

Security continues to find its way into the boardroom and even into headlines. As the spotlight grows, so does the pressure CISOs face to foster constructive conversations around the value, opportunity and impact of key priorities.

Join this interactive session to:

  • Engage with like-minded CISO peers on shared priorities
  • Validate strategies and uncover new ways of thinking
  • Share key lessons learned and proven best practices

Table Themes Include: AI vs. Talent; Life After CISO/Board Membership; Leading Through M&A; Cloud Misconfigurations; OT Security; Quantum Computing / Next-Gen Technology 

11:05am - 11:50am  Executive Boardroom

Securing the Everywhere World — Building Cyber Resilience through a “Connectivity Cloud”

James Dolph headshot

James Dolph

CISO

Guidewire Software

Kevin Song headshot

Kevin Song

Interim Chief Information Security Officer and Sr. Director of Enterprise Security

WeWork

Ling Wu headshot

Ling Wu

Senior Director, Information Security GRC

Cloudflare

When users are everywhere and digital operations span cloud, SaaS, and on-premises environments, achieving cyber resilience becomes paramount. The challenge lies in navigating this complexity and maintaining visibility and control to ensure continuous operation despite cyber threats.

Join this interactive roundtable to discuss:

  • Optimizing costs and improving security across diverse cloud environments
  • Adopting Zero Trust philosophies to protect users, data and applications
  • Innovating with AI while addressing global regulatory and data privacy requirements

11:05am - 11:50am  Executive Boardroom

Doubling Down on Critical Third-Party Risk Vulnerabilities

Kelly White headshot

Kelly White

Co-Founder & CEO

RiskRecon - A MasterCard Company

Ed Machado headshot

Ed Machado

ISO & Chief Privacy Officer/ Sr Manager, Information Security

Star One Credit Union

James O'Brien headshot

James O'Brien

Deputy Chief Information Security Officer

First Republic Bank

The complete entanglement of cyber risk with business risk is becoming increasingly more visible. CISOs now have an opportunity to better pinpoint third parties that present a threat to the organization. Yet the increasing complexities of third party, and even fourth party, risk management, prompted by a wide range of evolving threats, demands heightened attention. How can CISOs ensure they have a clear understanding of their vulnerabilities across ecosystems and supply chains?

Join this session to discuss:

  • Identification of vulnerabilities across your vendor landscape to prioritize response efforts
  • Third-party risk management strategies to safeguard your digital ecosystem
  • Overcoming resource challenges to prioritize extended supply chain risk

11:50am - 12:20pm  Networking & Meal Service

Rising Together — Gender-Inclusive Networking Lunch

Leda Muller headshot

Leda Muller

Chief Information Security and Privacy Officer

Stanford University, Residential and Dining Enterprises

Female, non-binary, and allied cyber leaders are invited to eat lunch and connect in our reserved networking space. Hosted by a member of the San Francisco CISO community, those in attendance can freely discuss best practices, key challenges and mission-critical priorities before heading over to the midday keynote. 

11:50am - 12:35pm  Lunch Service

12:35pm - 1:10pm  Keynote

AI/ML and Zero Trust — Driving Business Success

Jay Chaudhry headshot

Jay Chaudhry

CEO, Chairman & Founder

Zscaler

Hari Jayaram headshot

Hari Jayaram

Corporate Vice President, Chief Information Officer

Applied Materials

As cyber threats become more sophisticated and pervasive, enterprises need to adopt an agile approach to network and security that promotes innovation and mitigates risk. AI/ML and zero trust are the key enablers of this transformation, offering visibility, control, and automation across users, workloads, IoT/OT devices, and business partners.

In this session, you will learn:

  • How AI will be used to fight AI and how generative AI will contribute to increased numbers of ransomware attacks
  • How the growth of zero trust segmentation will happen in parallel with the rise of firewall-free enterprises, and Zero Trust SD-WAN will begin to replace traditional SD-WAN
  • How AI/ML add defensive and analytics capabilities that drive IT and business success

1:10pm - 1:35pm  Networking Break

1:35pm - 2:20pm  Breakout Session

A New Paradigm for Managing Third-Party Risk

Shimon Modi headshot

Shimon Modi

VP, Product Management, Cyber

Dataminr

 In the past 12 months, 87% of F1000 businesses were affected by significant cyber incidents as a result of a third-party. And yet, most rely on ‘snapshot in time’ questionnaires. While necessary, snapshots are insufficient by themselves, and must be augmented with continuous monitoring in support of ongoing security operations. This requires a different approach, that includes external threat detection capabilities by using AI across Public Data.

Join this session to learn about:

  • The Public Data opportunity: collect, process, alert across multiple languages / modalities
  • Real-time external threat detection on a rapidly evolving threat landscape
  • The most advanced AI techniques for automating the collection, processing, delivery, and initial analysis of millions of public data sources

1:35pm - 2:20pm  Breakout Session

Developing and Upholding Your Supply Chain Standards

Sekhar Nagasundaram headshot

Sekhar Nagasundaram

Global Head of Cyber Defense and Threat Management and SVP Technology - Cybersecurity

Elevance Health

Hemanta Swain headshot

Hemanta Swain

Global Head of Security and Compliance (CISO)

Lucid Motors

Vendor selection, pre-partner due diligence and trusted implementation are merely the beginning of a healthy third-party management culture. With those pieces in place, the real work (like battling for constant visibility and enforcing your requirements) begins. You’ll need to prepare.  

Gather and discuss how CISOs have successfully:

  • Vetted new and prospective third-parties
  • Monitored their network of existing third-parties
  • Upleveled and asserted their security requirements and expectations

1:35pm - 2:20pm  Executive Boardroom

The Business of Security — Bridging the Gap Between Cyber Initiatives and Business Impact

Chris Hencinski headshot

Chris Hencinski

Senior Solutions Architect

Expel

Tammy Hawkins headshot

Tammy Hawkins

VP of Cybersecurity and Fraud Prevention

Intuit

Jonathan Kaplan headshot

Jonathan Kaplan

Director of Information Security | CISO (Acting)

San Francisco International Airport

Economic trends have tightened purse strings everywhere, leaving CISOs and security leaders to demonstrate ROI and defend their budgets. But ROI is notoriously tough to quantify when the primary return for security investment is reduction in risk. As a result, bridging the gap between security investments and actual business impact can be easier said than done, particularly if your cybersecurity spend doesn’t clearly map to organizational goals.

Join this session to discuss:

  • Identifying the right metrics for quantifying security ROI and business impact        
  • Positioning security as a business enabler, rather than a cost center
  • Aligning security investments to organizational goals

1:35pm - 2:20pm  Executive Boardroom

From Z to A - Extending Zero Trust to APIs

Sean Flynn headshot

Sean Flynn

Director, Security Technology and Strategy

Akamai Technologies

Ajay Wadhwa headshot

Ajay Wadhwa

CISO

State of California - State Compensation Insurance Fund

Tamal Biswas headshot

Tamal Biswas

VP, Head of Product for Cloud Platform and Infrastructure

Calix

As more and more organizations adopt a Zero Trust architecture (ZTA), many initiatives overlook the increased prevalence of API-based access to sensitive application functionality and data. As CISOs move forward in their ZTA journey, how can they extend these principles to their API strategy to ensure security from the network layer to the application layer?

Join this session to discuss:

  • Breaking the kill chain by stopping infection vectors and protecting against lateral movement
  • Shielding sensitive data and limiting how APIs interact with data
  • Increasing real-time visibility across the business to mitigate threats

2:20pm - 3:00pm  Networking Break

2:25pm - 2:50pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

3:00pm - 3:45pm  Breakout Session

Governing Generative AI in your Organization

Mandy Andress headshot

Mandy Andress

CISO

Elastic

 Generative AI is being utilized by companies and employees alike–sometimes without permission. The normalization of this emerging technology has expanded the attack surface and left many security leaders feeling anxious and uncertain. Is generative AI worth the risk, and how should it be governed in an organization?

Join Elastic’s CISO, Mandy Andress, to explore:

  • What to expect from the threat landscape as generative AI becomes increasingly normalized
  • What adopting generative AI does to your attack surface, and if you should even allow it
  • How to implement governance rules that your organization will follow


3:00pm - 3:45pm  Executive Boardroom

What Grade Would You Give Your IGA Deployment?

Rich Dandliker headshot

Rich Dandliker

Chief Strategist

Veza

Krishnan Chellakarai headshot

Krishnan Chellakarai

CISO, Head of Information Security & Data Privacy

Gilead Sciences

Prakash Kalaiah headshot

Prakash Kalaiah

Head of Security

Enphase Energy

Identity Governance and Administration (IGA) has been a cornerstone of compliance programs for decades. Despite this history, the reality of IGA rarely matches the customers’ initial expectations and the needs of the business. Increasingly, customers are demanding that IGA tools not only “check the box” for auditors, but also drive forward Least Privilege to secure their organization in today’s landscape of cyber threats.

Join this interactive roundtable session to discuss:

  • Explore current practices, tools, and effectiveness of IGA programs
  • Evaluate the extent to which IGA goes beyond compliance to bolster security posture
  • Identify the critical gaps that may limit the effectiveness of an IGA program

3:00pm - 3:45pm  Executive Boardroom

Navigating the Expanding Challenges of the CISO Role

Paul Davis headshot

Paul Davis

CISO, Americas

JFrog

Bryan Green headshot

Bryan Green

CISO

Andreessen Horowitz

Orus Dearman headshot

Orus Dearman

VP - Cyber Security

iRhythm Technologies

CISOs are now tasked with managing an expanded set of security teams. Now, often managing Development, Application Security and Data Science, the CISO still needs to empower their Security Operations teams to embrace new IT disciplines. 

Join your C-level peers for a private conversation on:

  • Managing new security disciplines 
  • Quickly and securely maturing your software supply chain 
  • Doing it all with consideration to formalized development and delivery pipelines

3:00pm - 3:45pm  Executive Boardroom

Identity Security - Your Key to Mitigating Breaches

Sandeep Kumbhat headshot

Sandeep Kumbhat

Field CTO

Okta

Sangram Dash headshot

Sangram Dash

Chief Information Security Officer

Sisense

Jonathan Chan headshot

Jonathan Chan

Head of Global IT & Security

EpiSource

Attackers are not breaking in – they are logging in. Exploiting weak passwords, phishing credentials, navigating privileged access, and session hijacking is a threat actor's easiest way to infiltrate your organization, often leading to compromising your resources and applications.

Join this session and learn how, when done right, identity can be:

  • Your organization’s first line of defense
  • The backbone of your security strategy
  • The leverage you need in putting a stop to breaches

3:45pm - 4:10pm  Networking Break

4:10pm - 4:45pm  Keynote

Powerful Partnerships - Lessons On Linking Security and Privacy

Leslie Stevens headshot

Leslie Stevens

Global Privacy Officer, Associate Vice President Privacy and Compliance

Agilent Technologies

David Tugwell headshot

David Tugwell

AVP/CISO

Agilent Technologies

Mukund Sarma headshot

Mukund Sarma

Senior Director

Chime

Data protection, confident compliance, enhanced stakeholder trust, and effective risk mitigation - all are possible when security and privacy executives are working in harmony. 

Listen as CPO Leslie Stevens and CISO David Tugwell, both of Agilent Technologies, break down how they: 

  • Divide and conquer the often blended security-privacy workload 
  • Adjust and redevelop their partnership as the scope of their roles demands 
  • Regularly watch the benefits of their teamwork accumulate

4:45pm - 7:00pm  Networking

Governing Body Reception

Governing Body members host this dinner for attendees to close out the event with an evening of peer networking.

June 25, 2024

We look forward to seeing you at an upcoming in-person gathering


Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location


Venue & Accommodation

Grand Hyatt at SFO
MORE INFORMATION

Your Community Partners


Global Thought Leader
CISO Thought Leaders
Key Partners
Program Partners

Community Program Manager


For inquiries related to this community, please reach out to your dedicated contact.

Samantha Flaherty

Senior Community Program Manager

208-871-6409

samantha.flaherty@evanta.com