IN-PERSON

Southern California CISO Executive Summit

December 14, 2021 | Omni Los Angeles

December 14, 2021
Omni Los Angeles

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Matt Crouse

Taco Bell
CISO

Lara Divi

Dine Brands Global, Inc.
VP, CISO

Gary Hayslip

SoftBank Corporation
VP, Director of Information Security (CISO)

Arthur Lessard

Universal Music Group
SVP & CISO

Dan Meacham

Legendary
VP, Global Security and Corporate Operations, CISO

Billy Spears

Teradata
CISO

David Tyburski

Wynn Resorts
Chief Information Security Officer

Terrence Weekes

Jack in the Box
CISO

Steven Young

Advantage Solutions
VP Information Security & Compliance, CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Southern California CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

December 13, 2021

afternoon

December 14, 2021

mid-afternoon morning afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

Governing Body Welcome Reception

Exclusive to Governing Body members and select guests, this dinner is a can’t-miss opportunity to connect with your peers prior to tomorrow’s Executive Summit. Please join your colleagues for an evening of good food, wine, and lively networking.

11:25am - 12:40pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:45am - 1:30pm Lunch Service

12:40pm - 1:00pm Break

1:00pm - 1:35pm Keynote

Redesigning IAM — The Future of Cloud & Identity Governance

Ed Pascua

SVP, Global Partners & Alliances

SecurEnds

Jeff Blair

CISO

Creative Artists Agency

Christopher Hall

CISO

Pacific Life Insurance

What would it mean to think about your identity and access management strategy differently? With remote work, growing perimeters and evolving compliance requirements, security executives are looking to simplify their IAM strategies. Challenging the status-quo is necessary to innovate and better address identity risk and compliance across both on-prem and cloud environments.

Join this session to learn how others are:

Challenging the status-quo of traditional IAM strategy
Leveraging AI and ML to automate access and governance
Achieving a single pane of glass view across multi-cloud environments

1:35pm - 1:50pm Break

7:30am - 8:15am Registration & Breakfast

8:15am - 9:00am Keynote

The Evolving CISO Role

Arthur Lessard

SVP & CISO

Universal Music Group

Jonathan Chow

Senior VP, Chief Information Security Officer

Live Nation Entertainment

Lara Divi

VP, CISO

Dine Brands Global, Inc.

Todd Friedman

Chief Information Security Officer

ResMed

The professional journey of a CISO is a lot like the cyber threats they protect against – unique and often unpredictable. How can CISOs set themselves up for success as the role continues to change?

In this panel conversation CISOs will explore:

Lessons they have learned that can guide security leaders
Strategies to elevate yourself within the business
What is next after being a CISO

9:00am - 9:15am Break

9:15am - 10:00am Breakout Session

Taking a Risk Based Approach to Compliance

Kevin Kealy

Chief Information Security Officer

Scientific Games Corporation

David Demsey

Head of Information Security

Avanir Pharmaceuticals

Emily O'Carroll

Sr. Director, Global Information Security & IT Compliance

Callaway Golf Company

Data is the primary target in virtually every breach scenario – and protecting data gets harder every day. Mix overly provisioned access rights with a plethora or unknown risks, it is no wonder why data stores are so difficult to control and so susceptible to attack. How can CISOs approach a problem that is so big and complex?

Join this session and discuss:

Strategies to map and govern data
How to gain visibility into high risk areas
Ways to stay ahead of the compliance curve

9:15am - 10:00am Breakout Session

Ending the Network Security Nightmare

John Jacobs

Field CISO

Fortinet

“Just log into our dedicated console for all information you need.” This phrase sends a chill down the spine any security manager. As network and security become more entangled, the proliferation of tools and interfaces CISOs need to monitor has rapidly increased. Security starts with a clear plan, accurate inventory, proven identity, and meaningful reporting.

In this session explore:

How to increase the level of security function and scale
The importance of open-standards in your SOC
Strategies to gain visibility into the network

9:15am - 10:00am Executive Boardroom

What Matters Most for Your Security Operations

Justin Bajko

Co-Founder, VP, Strategy & Business Development

Expel

Ernie Liu

CISO

United Talent Agency

Terrence Weekes

CISO

Jack in the Box

Since cybercriminals never rest, a sound SOC - staffed by the right people using the right tools in the right way - should be a key part of your cyber defense strategy. Whether your security operations program is completely in-house, outsourced, or operating in a hybrid model you’ll want to measure its effectiveness. How do you think about measuring efficacy and how do these metrics feedback into your program to increase operational maturity over time?

In this session you will discuss:

Volume and trend metrics that speak to effectiveness; what does good look like?
How does automation come into play and how do you monitor what the robots are doing?
What impact does this have on hiring and ongoing job satisfaction?

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager.

9:15am - 10:00am Executive Boardroom

Merging Zero Trust and SASE

Susan Chiang

Deputy CISO

Cloudflare

Webb Deneys

SVP, Information Technology, CISO

Cardinal Financial Company

Organizations are feeling a shift in the world of networking and security as they rapidly adopt and embrace the cloud. Enterprises need efficiency, visibility and security without compromise. The secure access service edge, better known as SASE, and zero trust implementations can provide a more comprehensive security capability to truly support digital transformation.

In this session, you will discuss:

Problems SASE can address in the modern enterprise
Benefits of planning both SASE and zero trust implementations
How to best position your organization for this transition

10:00am - 10:30am Networking Break

10:30am - 11:15am Breakout Session

Innovative Security Awareness — Engaging Your Employees

Brett Cumming

Director Information Security Officer

Skechers

Jeremy Yates

GRC Manager

Skechers

As a CISO, your security awareness program has a big impact on how your organization views the information security team, so it is important to ensure you’re putting the right foot forward.

In this session you will explore:

How to lead with the carrot rather than the stick
Innovative communication methods to get the message across
Strategies to collaborate across the business

10:30am - 11:15am Executive Boardroom

The Art of Managing and Securing Workloads in the Cloud

Jon Anderson

Director of Systems Engineering

SentinelOne

Matt Crouse

CISO

Taco Bell

Eddie Galang

Chief Information Security Officer

Port of Long Beach

Although most organizations do an exceptional job of layering different technologies to secure their data, breaches continue to occur. So what's going wrong and how can you identify these blindspots? In many instances, the point of failure can be tracked to the user and their endpoint. In today’s changing landscape, CISOs must demand a tight hold on the endpoints.

In this session, you can learn about:

What are the major endpoint management capabilities you can implement
How you can combat the complex challenges of managing workloads in the new era
Ways you can continuously monitor endpoint metrics and manage system health

10:30am - 11:15am Executive Boardroom

Vulnerability Risk Management for The Modern Era

Jerry Gamblin

Director of Security Research

Kenna Security

Alex Hall

Director, Information Security (CISO)

International Vitamin Corporation

Ralph Johnson

Chief Information Security Officer

LA Times

Vulnerabilities can be found anywhere in an organization. Having a risk-based and prioritized approach to managing and mitigating those vulnerabilities is critical to maintain a strong security posture.

Join this session to discuss:

Which vulnerabilities are the riskiest
Strategies to identify vulnerabilities before they’re exploited
How to use ML to make informed decisions on risk

10:30am - 11:15am Executive Boardroom

Protect Your Data or Pay the Price

Kris Virtue

VP, Cybersecurity, Head of Global Information Security and Risk Management

Qualcomm

Chris Stoneley

CISO

Cathay Bank

Security leaders across the globe are asking themselves that question as ransomware grows increasingly prevalent and as attackers continue to raise their demands. It may seem difficult to prioritize building your recovery plan when you could spend that time on increasing defensive measures, but recovering from ransomware is not a process you want to wing.

Join this session to discuss:

Step-by-step guidance for navigating ransomware response protocols.
Key pitfalls most organizations make when attempting a ransomware recovery and how to avoid them.
How to build a foundation for developing a thorough, practical, and well-documented plan of action

11:15am - 11:25am Break

1:50pm - 2:35pm Breakout Session

Penetration Testing – Extracting Value

Quincey Collins

Chief Security Officer

Sheppard Mullin Richter & Hampton

John Rojas

VP, Head of IT (CIO/CISO)

Air Lease Corporation

As the attack surface continues to grow and the number of attacks increases, there still remains a gap when it comes to validating the effectiveness and accuracy of the enterprise’s cyber posture. Hackers are on 24/7, so how can CISOs validate and test their enterprise security controls?

Join this interactive conversation to:

Learn how often your peers are performing penetration tests
Discuss the scoping and ways to bring operational value from a penetration test
Get into the mindset associated with remediation

1:50pm - 2:35pm Executive Boardroom

People – Security’s Hardest Dilemma

Zack Schuler

CEO

Ninjio

Awwab Arif

SVP & CISO

East West Bank

Lara Divi

VP, CISO

Dine Brands Global, Inc.

Despite expanded awareness of security hygiene, well-intentioned users remain a major area of risk for every organization. The CISO must create a robust culture of security and instill discipline, responsibility and buy-in across a huge swath of users – no easy task.

Join this session to discuss:

The latest security awareness training strategies that are resonating with users
How to measure success and hold users accountable
Solutions that make compliance easier

1:50pm - 2:35pm Executive Boardroom

Using XDR to Keep Pace With Relentless Threats

Cyrus Tibbs

CISO

PennyMac

Rudy Ramirez

CISO

Pacific Premier Bank

Andrew Bryan

Head of Field Engineering, Hunters

Hunters

With today’s ever-evolving threat landscape, CISOs need capabilities in place to help detect and respond rapidly to threats that may breach their defenses. How can they effectively gain visibility into data across networks, clouds and endpoints while addressing the increasingly sophisticated threat landscape?

Join this boardroom with your peers and discuss:

How XDR provides a prioritized view of threats across the organization
Strategies to increase the effectiveness of a threat investigation
Technologies that help automate the identification of emerging threats
Approaches to support SecOps to handle the growing complexity of the attack surface

1:50pm - 2:35pm Executive Boardroom

Managing Third Party and Supply Chain Risk

Andrew Bereczky

CISO

Automobile Club of Southern California

Greg Nelson

Director, Compliance and Cybersecurity

Smart & Final Stores

Today’s increasingly complex and interconnected supply chain creates more opportunities than ever for malicious actors to cause damage to your business. Third-party data breaches are at an all-time high, and legacy approaches to third-party risk management can’t keep up.

Join this boardroom to explore:

Continuous assessment and monitoring of third parties and supply chain partners
How to create an accurate inventory of all vendors within your ecosystem
What to do when your third party gets breached

2:35pm - 3:05pm Networking Break

3:05pm - 3:40pm Keynote

Actionable Strategies to Develop and Retain Talent

Shoaib Qazi

Chief Information Security Officer

XPO Logistics

Building a strong talent pipeline is about more than attracting external candidates. CISOs need to provide continuous training, development, and career path guidance within their organization to maintain a competitive security team. Shoaib Qazi, CISO, XPO Logistics, shares how he was able to grow his security team from within.

In this session, discuss: