IN-PERSON

Seattle CISO Executive Summit

December 12, 2018 | Grand Hyatt Seattle

December 12, 2018
Grand Hyatt Seattle

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Brian Abrahamson

Pacific Northwest National Laboratory
CIO

Anja Canfield-Budde

University of Washington
Associate Vice President, Information Management

Darren Challey

Amazon
CISO, Amazon Fulfillment & Operations

Dave Estlick

Starbucks Coffee Company
CISO

Paul Moulton

Costco Wholesale Corporation
EVP & CIO

Vanessa Pegueros

DocuSign
VP & CISO

Agenda

December 11, 2018

afternoon

December 12, 2018

mid-afternoon morning afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

The Mountain Decides Whether You Climb or Not

Ed Viesturs

Author & World-Class Mountaineer

Veteran world-class climber, bestselling author and former Washingtonian Ed Viesturs has a simple motto: climbing has to be a round trip. All of his planning and focus during his climbs maintains this ethic and he is not shy about turning back from a climb if conditions are too severe. His harrowing tales of his record-setting ascents have underpinnings of teamwork, goal-setting, perseverance and risk management – all applicable to the leader of any organization.

The Seattle CIO-CISO Executive Summit Governing Body members host this dinner to launch the event with an evening of peer networking and a presentation.

11:40am - 12:50pm Keynote

When Good Software Goes Bad

Ryan Kazanciyan

Chief Product Officer

Tanium

The rapid proliferation of connected devices and IT services in the enterprise have had an amplifying effect on the sheer volume of software that organizations depend upon and implicitly trust. With this trust comes risk that’s increasingly difficult to quantify and govern. While supplier risk management is a well-established discipline for businesses, managing and protecting software supply-chain is not – and the resulting gap provides a growing opportunity for intruders. Over the past three years, an increasing number of high-profile enterprise security incidents – both targeted and opportunistic – began with the breach of a trusted software provider.

This presentation examines:

The emergence of software supply chain compromises
The factors incentivizing attackers to adopt this approach
Practical approaches to risk mitigation and defense that enterprises can take in response

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Using AI and Machine Learning to Make an Impact

Brian Knollenberg

VP, Member Insights & Strategy

Boeing Employees' Credit Union

You read about it everywhere. It’s impossible to tune out: AI and machine learning are going to change everything. But as with most other emerging technologies and capabilities, what's real and what's hype? In this session you'll learn about the machine learning program BECU has had in production since February 2017, sending millions of outbound communications aligned to increase product engagement as well as monitor and enhance members’ financial health. We'll dig into the process for getting going, where the focus should be, what to watch out for, and how much of an impact it can have on your business and customers (members, in BECU’s case).

Plan to learn:

Why consolidating and enriching your first party data is so integral to this effort
Key considerations on internal capabilities to think about before you decide to integrate AI/ML into your marketing programs
How to consider partner solutions and what they potentially bring to the table
What kind of impact you can expect on your business and for your members/customers

1:20pm - 2:10pm Breakout Session

Generating Awareness to Keep the Enterprise Safe and Secure

Vanessa Pegueros

VP & CISO

DocuSign

Steve Person

CISO

Cambia Health Solutions

Dennis Tomlin

CISO

Multnomah County Oregon

Security breaches are in the news daily, yet how do you translate those headlines into action – or inaction – by employees who are an email click away from letting something very bad happen? Educating staff about the importance of data safety is a priority, but employees need to be able to access data and complete tasks without completely inhibiting their ability to do so.

Our panelists share:

Best practices and lessons learned for implementing security awareness initiatives and programs
Strategies to decrease security events through regularly scheduled awareness training and building a more phishing-aware employee base
Answers to your questions around security awareness in today’s climate of expense pressures and competing priorities for security spend

1:20pm - 2:10pm Executive Boardroom

Dealing With the Tsunami of Unmanaged and IoT Devices

Darren Challey

CISO, Amazon Fulfillment & Operations

Amazon

Alex Di Giacomo

CISO

Sound Transit

Dave Estlick

CISO

Starbucks Coffee Company

Steve Poeppe

Director, Solutions Architecture

Armis, Inc.

The explosive growth of “smart” devices – from printers to smart TVs to industrial devices and more – provides a new attack surface that can’t be managed or protected by legacy security tools. The risk is no longer theoretical, with the FBI and the DHS issuing multiple warnings. This interactive round table discusses:

How organizations are securing these new unmanaged and IoT devices – whether purchased as a part of the business or brought in by employees vendors
Methods for tracking all devices in your environment (on or off the corporate network)
Strategies for automatically disconnecting suspicious devices from any network

If you’d like to join this closed-door interactive discussion, please contact Sean Chalmers at sean.chalmers@evanta.com or 503-972-2166.

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Safely Landing the Merger of Two Airlines

Vikram Baskaran

Managing Director, Airline Operations Systems

Alaska Air Group, Inc.

Charu Jain

VP & CIO

Alaska Air Group, Inc.

Patrick O'Brien

Director, IT Services, Airline Operations Programs

Alaska Air Group, Inc.

With the acquisition of Virgin America, Alaska Airlines is now the fifth largest airline in the U.S. serving 115 destinations with nearly 1,200 daily flights in the United States, Mexico, Canada and Costa Rica and has the privilege of flying the most nonstop flights from the West Coast – that’s #MostWestCoast. As CIO of Alaska Airlines, Charu Jain and her team led the seamless integration of the two airlines’ IT systems. Drawing on knowledge from her career in the airline industry, Jain shares M&A best practices around:

How having a key set of principles while merging 450 Alaska systems and 250 Virgin America systems helped preserve the customer experience.
How to successfully execute such a big cross-functional initiative that touches everything in the company, while continually improving and innovating based on lessons learned and delivering value.
How bringing together the technologies across business units was key, but it was a people- and culture-first strategy that helped IT power the merger and create a new, better blended enterprise

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Pulling the Right Threads to Transform IT and Security

Eric W. Cowperthwaite

Director, Information Security

Esterline Technologies Corporation

Eric Cowperthwaite was brought in to update Esterline Technologies’ IT and security programs so the enterprise could keep pace with immense digital workplace transformation. “It’s one thing to say I want IT to look different in 18 months,” Cowperthwaite says. “It’s much different to do it.” In this session, Cowperthwaite:

Talks about the laser focus put on identifying change mandates, gaining program sponsors and champions, and translating it all into executable actions
Explains how he, a cross-functional team and the business overcame cultural and technology challenges to move the needle from idea to launch.

9:00am - 9:50am Breakout Session

Bridging the Talent Gap – A CHRO Perspective

Mindy Geisser

Chief People Services Officer

Savers

Nicole Grogan

Chief People Officer

Intellectual Ventures

Dan Spaulding

Chief People Officer

Zillow Group

The struggle to find and keep IT talent in the Pacific Northwest is real. From record unemployment to unending compensation pressure, the local market landscape has never been more nuanced and complicated. Three CHROs with unique perspectives on navigating these complexities share what they are doing to tackle current trends for their organizations.

Come ready to hear ideas, including:

Promoting an organization’s purpose
Getting creative with long-term incentives, pay and benefits
Offering flexible work schedules and attractive relocation opportunities, where applicable
Identify future needs and grow talent within where possible

9:00am - 9:50am Executive Boardroom

AI and Machine Learning — Potential Successes and Security Risks

Ben Berry

EVP of IT & CIO

Bonneville Power Administration

John Jacobs

VP of Systems Engineering

Fortinet, Inc.

Security vendors, InfoSec specialists and cybersecurity professionals claim to use artificial intelligence and machine learning to defend customers against the most advanced threats in cybersecurity. But if you ask how these technologies work, answers can be vague or completely lacking.

Come to this interactive session ready to:

Look at the mechanics of artificial intelligence and machine learning, exploring how different techniques are used to detect malware, malicious domains, phishing emails and other threats
Learn how these technologies can potentially fail, and how attackers bypass them to infiltrate poorly designed or implemented systems
Share best practices from the AI and ML space

If you’d like to join this closed-door interactive discussion, please contact Sean Chalmers at sean.chalmers@evanta.com or 503-972-2166.

9:00am - 9:50am Executive Boardroom

Taking an Adaptive Multi-Layer Approach to Security

Dennis Tomlin

CISO

Multnomah County Oregon

Ravi Waran

VP & CIO

Clearwater Paper

Justin Dolly

Chief Security Officer & COO

SecureAuth + Core Security

Every login attempt should be analyzed with multiple factors in mind to determine its legitimacy. But how do you thwart attacks in-process and prevent your organization from becoming the next breach headline? This interactive discussion explores solutions, such as adaptive and two-factor authentication, to reduce risk and keep inside and outside threats at bay. Come armed with security-related ideas and questions around device profiles, IP addresses, identity profiles, unauthorized locations, and anomalous keystrokes, mouse movements and user behavior, as well as actions that can be taken to raise red flags and catch wrongdoers.

If you’d like to join this closed-door interactive discussion, please contact Sean Chalmers at sean.chalmers@evanta.com or 503-972-2166.

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Managing, Securing and Taking Inventory of the IoT Landscape

Dave Estlick

CISO

Starbucks Coffee Company

Ben Smith

CISO

MultiCare Health System

Andy Tuck

Director of Information Security

Costco Wholesale Corporation

Andrew Whitaker

CISO

City of Seattle

Darren Challey

CISO, Amazon Fulfillment & Operations

Amazon

This esteemed panel of CISOs provide their perspectives on the Internet of Things and answer these questions:

How do you define IoT, and how does it differ from IIoT?
Are IoT and IIoT devices managed devices?
Should we care about the identity and ownership of all IoT devices, and are asset inventories of all devices necessary? If so, how do you inventory?
As security professionals, we worry about confidentiality, availability and integrity, but as we extend into industrial environments should we not all add “safety” to that list?

10:20am - 11:10am Breakout Session

Venturing Into a Bold New ERP World – A Government Success Story

Bob Leek

CIO

Multnomah County Oregon

Before transitioning to a new Enterprise Resource Planning platform, Multnomah County, Oregon changed and transformed their approach to the RFP process. They began by choosing a set of products and a system integrator that left open solution options for the long haul. The result — saving millions of dollars and 18 months of time. Bob Leek shares how a bimodal and experimental approach, and a “being bold requires being bold” attitude transformed an organization’s procurement processes.

10:20am - 11:10am Executive Boardroom

Cutting Through the Fog of Cloud Security

Nathaniel Callens

CISO

Alaska Air Group, Inc.

Matt Modarelli

CIO & Director, IT

Washington State Department of Transportation

Dr. Ratinder Ahuja

Founder & CEO

ShieldX

Fortifying the network perimeter to keep assumed external adversaries out is a tired, broken security architecture. There’s incompatibility between physical datacenter boundaries and virtual perimeters that come in various sizes and shapes and move at the speed of, well, clouds. Traditional security protocols won’t do and can’t keep up.

Join this interactive discussion to share ideas for:

Approaching security in the cloud era, including strategies, tactics and deployment best practices
Securing enterprise networks that fundamentally change over time
Weeding through all of the cloud security solutions to create levels of depth, flexibility and scalability that inspires confidence for keeping attackers at bay

If you’d like to join this closed-door interactive discussion, please contact Sean Chalmers at sean.chalmers@evanta.com or 503-972-2166.

10:20am - 11:10am Executive Boardroom

How to Own and Secure Your Most Valued Asset – Your Data

Anja Canfield-Budde

Associate Vice President, Information Management

University of Washington

Eric W. Cowperthwaite

Director, Information Security

Esterline Technologies Corporation

Charles "Chuck" Markarian

CISO

PACCAR

Dominic Sartorio

Senior VP

Protegrity

Data is a company’s greatest asset, and the asset most at risk today. Join this interactive session to discuss how CISOs can enable the business to leverage this asset safely, without security getting in the way.

This session explores:

Applying risk management approaches to strike the right balance between data utilization and protection
Keeping up with the organization’s rapid pace of technology adoption, including big data analytics and cloud data services, and leveraging recent innovations in data protection technologies
Keeping up with the ever-changing needs of the business, and best practices for defining and enforcing data protection policies that don’t get in the way of the business
Understanding the various regional and vertical regulatory domains related to data protection, such as GDPR, PCI and HIPAA

If you’d like to join this closed-door interactive discussion, please contact Sean Chalmers at sean.chalmers@evanta.com or 503-972-2166.

11:10am - 11:40am Networking Break

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Blockchain – Moving From Hype to Practicality

Heidi Pease

Cofounder

Los Angeles Blockchain Lab

In 2017, immense publicity around cryptocurrency, such as bitcoin, brought incredible attention to and curiosity of the underlying technology known as blockchain. But the overwhelming hype makes it difficult to navigate practical use cases, implementation costs, and realistic objectives. In this session, Heidi Pease:

Addresses blockchain fundamentals, real-life business application for enterprise solutions and innovation, and a state-of-the-industry overview with a focus on pragmatic implementation and best practices
Provides some perspectives on the blockchain ecosystem in Southern California – where some great innovations are occurring
Discusses the existing hurdles, and how regions can become blockchain innovation hubs

2:30pm - 3:20pm Breakout Session

The Digitization of the Industrial Ecosystem: Winning the Data Race

Al Opher

GM, U.S. Industrial Market

IBM

To prevent end-user disruption from happening to your business, you must go on the offensive and become the disruptor yourself. You have to win in today’s data-rich environment to become a future-forward enterprise. Join this session to learn how to:

Realize new consumer value through insights gained from real-time, in-context IoT
Redesign your organization to power your workforce with AI-infused core workflows
Create new markets by placing your organization at the center of an ecosystem through the blockchain

2:30pm - 3:20pm Executive Boardroom

Optimizing and Securing the Software Delivery Cycle

Eric Lippke

VP, Engineering Services, Disney Enterprise Technology

The Walt Disney Company

Cindy Blake

Global Sr. Security Evangelist

GitLab

DevOps has a simple goal: to create and deliver superior quality, secure software quicker and with more reliability. That agile component is key to allowing organizations to accelerate their pace of innovation. This interactive peer-to-peer discussion considers:

How to move from organizing work in sequential, step-by-step handoffs to working concurrently and increasing collaboration across the organization
How to increase visibility and efficiency, allowing for comprehensive governance and radically improving the speed of business
For companies already operating in an agile DevOps structure, what steps they can take to move to the next level?

If you’d like to join this closed-door interactive discussion, please contact Sean Chalmers at sean.chalmers@evanta.com or 503-972-2166.

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

Cambia's Digital Transformation – A Complete Overhaul

Laurent Rotival

SVP, Strategic Technology Solutions & CIO

Cambia Health Solutions

Laurent Rotival takes us along for Cambia Health Solutions' digital transformation ride. It all began with the strategy behind it, including partnering with the right internal business partners and external stakeholders, to net positive results.

He shares how transformation success came from IT:

Focusing on people, process and tools across the entire business
Partnering with the C-suite to gain consensus, creating a solid foundation for the project upfront
Adding 200 employees to the digital transformation space, while others rotated out of current positions or were taught new skills and given new tools to use

4:20pm - 5:00pm Closing Reception & Prize Drawing