IN-PERSON

Chicago CISO Executive Summit

November 28, 2018 | Marriott Chicago Magnificent Mile

November 28, 2018
Marriott Chicago Magnificent Mile

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Waqas Akkawi

SIRVA Worldwide
VP, CISO

Jim Cameli

Walgreens Boots Alliance
Global CISO

Nicole Ford

Carrier
VP and Chief Information Security Officer

Emily Heath

United Airlines
VP & CISO

JJ Markee

Kraft Heinz Company
CISO

John Reed

True Value Company
IT Security Program Manager

Steve Weber

OptumRx
Sr. Director, Information Security and IT Compliance

Agenda

November 28, 2018

mid-afternoon morning afternoon

11:40am - 12:50pm Keynote

How to Survive a Breach

Ruben Chacon

VP and CISO

Constellation Brands, Inc.

When disaster hits, what are the key priorities for a CISO? Are you able to actually make all of your preparedness a reality? Ruben Chacon outlines his experience as the security lead at Mondelez International when it was impacted by NotPetya malware in June 2017, and offers tips on how to best manage the aftermath.

In this keynote, Ruben Chacon shares:

Crisis management before and after the breach
Who is in charge?
Key priorities while responding and recovering
How to ensure communication flows with the business

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

CISO Therapy – Tackling the People Side of Security Together

JJ Markee

CISO

Kraft Heinz Company

Kevin Novak

CISO & IT Risk Officer

Northern Trust Corporation

Richard Rushing

CISO

Motorola Mobility, Inc.

Arlan McMillan

CSO

Kirkland and Ellis

It’s no secret that the role of the CISO is enormous and complex. Underlying all the emerging technology, evolving processes, and threat intelligence lies perhaps the most complicated aspect of security leadership – people. Whether it’s privacy, awareness training, global regulatory bodies, integration after M&A activity, or change management, the human element of security is a constant variable. In this interactive peer-to-peer session, CISOs will share their challenges, stresses, and even triumphs on connecting with and leading the people behind the secure enterprise.

1:20pm - 2:10pm Breakout Session

A Deep Dive Into the DNA of Modern IoT Attack Botnets

Ron Winward

Security Evangelist

Radware

The majority of modern IoT-based attack botnets have uniquely common DNA, but they all use part of Mirai code as their framework. While device exploitation techniques remain innovative, the attack vectors themselves are typically reused, making it possible for CISOs to outsmart these botnets.

Join this session to learn about:

The different attack vectors in IoT botnets
How attack vectors replicate
What changes have been implemented in new IoT attack botnets

1:20pm - 2:10pm Executive Boardroom

Measuring Risk in a Post GDPR World

Shelby Cannon

AVP IT Risk & Compliance

CNA Insurance

Timothy Simmons

Global Regional Information Security Officer & IT Security Programs Leader

Baxter Corporation

Mike Zachman

CSO

Zebra Technologies Corporation

Dave Deasy

SVP

TrustArc

The GDPR significantly changed how companies assess and manage risk through a combination of new / complex compliance reporting requirements and exposure to significant financial penalties. The GDPR, and forthcoming California Consumer Privacy Act (CCPA) are increasing the level of interaction CISOs need to have with legal / privacy counterparts to ensure data protection risks are properly identified, effective management tools are implemented, and objective measures are in place to track progress.

Join fellow security leaders to discuss:

Standards and metrics for measuring data protection risk
Best practices for managing risk associated with GDPR, California Consumer Privacy Act, and other global data protection frameworks
Tools to manage data protection risk and meet compliance reporting requirements

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Tim Bigley at 971-717-6612 or tim.bigley@evanta.com.

1:20pm - 2:10pm Networking Break

Peer-to-Peer Networking

In keeping with our promise to provide the best networking opportunities in your region, we are offering one-on-one meetings at this summit, through our Peer-to-Peer Networking feature. Powered by AI, this feature takes the work out of networking. It unlocks the potential of professionals who are looking to make meaningful connections at this summit, giving you a higher return on your time. Click here to schedule time with key contacts and decision-makers, connect with the right people, schedule meetings and work toward achieving your business goals faster, all through the swipe of a button.

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Executive Presence for Lasting Leadership

Chris Ulrich

Body Language Expert & Political Consultant

Author & Thought Leader

Any given gesture - a nod, a point of the finger - unconsciously communicates powerful ideas and feelings that have tangible consequences. Top executives are generally proficient in their ability to interact with others, but the stakes are raised during high-level negotiations, reporting to the board, inspiring and empowering senior managers or dealing with tricky internal matters.

Join body language expert Chris Ulrich as he shares:

Why every movement and action is magnified in high-level situations
Tools and techniques to build rapport quickly
How executives can communicate more effectively

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Communicating Security and Investment Strategy to the Board

Aman Raheja

Global CISO

BMO Harris Bank

Striking a balance between digital innovation and providing assurance requires an approach that is far beyond reactionary or looking at the next cool thing. Using scare tactics to secure funding for security initiatives has become something of a cliché. Raheja has developed a vision for security and risk management that brings objectivity to the conversation. Raheja presents his framework - a multi-pronged approach for framing the security strategy from the perspective of business value, industry benchmarking, compliance, and threat management. Raheja’s communication and methodological approach positions security to make the organization more productive, agile and a business driver.

9:00am - 9:50am Breakout Session

Third-Party Risk Management – Working Together, Keeping Secure

Jasson Casey

CTO

SecurityScorecard

Today's CISOs require smarter, more cost-efficient solutions in order to effectively deal with growing security challenges. As each company’s protection profile matures, however, so do their expectations for the vendors hired to protect the integrity and security of shared information. Is your organization prepared to handle the additional threat exposure points that come from expanding business networks?

In this session, discover:

Best practices for managing third party partners
Strategies to strengthen your vendor relationships
Methods for creating a foundation of trust that promotes safe habits

9:00am - 9:50am Executive Boardroom

The Practical Application of ‘Cognitive Cybersecurity’

Michael Boucher

CISO, Americas

JLL

John Kellerhals

Information Security Manager

Wheels, Inc.

Adam Lyons

Business Unit Executive, Security Intelligence

IBM

The sheer volume of threat intelligence and suspicious activity alerts facing security teams is daunting, yet finding that needle in the haystack can make the difference between stopping an attacker or becoming victim to the next breach. “Cognitive cybersecurity” – machine learning and the automation of human tasks and processes – can transform the security program by free staff to focus on stopping the real threats.

In this interactive discussion, explore with fellow CISOs:

Areas of opportunity to free up resources with automation
Common threats every organization faces that can be alleviated with ML
Methods to get business buy-in for the next wave of technology

To reserve your seat, please contact: Tim Bigley at 971-717-6612 or tim.bigley@evanta.com.

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

An Engineering Approach to the Talent Challenge

Marie Fang

Assistant Vice President & HR Business Partner for IT

CNA Insurance

Larry Lidz

SVP & Global CISO

CNA Insurance

All security leaders face the challenges of a tight talent marketplace – but few have taken the steps to develop a formal talent strategy to attract and retain security talent. Larry Lidz and Marie Fang share how they’ve created a disciplined approach at CNA Insurance to attracting security candidates.

In this session, learn:

Methods to benchmark your organization’s competitiveness
How to best partner with HR
Strategies to find talent in underutilized markets

10:20am - 11:10am Breakout Session

Delivering Trust and Confidence Through Resilience

Ray Rothrock

Chairman and Chief Executive Officer

RedSeal

Protection, detection, disaster recovery and business continuity strategies are crucial when it comes to managing cyberattacks. But are they truly effective? Clearly they have not been able to stop, nor reduce the astounding losses associated with these incidents.

Ray Rothrock, CEO of RedSeal, shares:

How to maintain confidence in the face of ongoing attacks
Which approaches are most effective
How to evolve your strategies to be more resilient

10:20am - 11:10am Executive Boardroom

Risk Management – The Holistic View

Erik Hart

CISO

Cushman & Wakefield, Inc.

Jody Schwartz

Director - IT Security & Compliance

Marsh

Joe Raschke

Field CTO, Identity Solutions

Saviynt

Effective CISOs are challenged to not only successfully develop high-level risk valuation and management strategies, but also communicate business opportunities that encompasses the company’s products, services, and greater competitive landscape. How do you mitigate risk while simultaneously driving productivity and revenue?

During this peer-driven discussion, learn how to:

Focus on strategies for creating flexible controls that protect the organization
Define risk in connection with identity and access management
Provide clear business cases that connect business profitability to risk reduction

To reserve your seat, please contact: Tim Bigley at 971-717-6612 or tim.bigley@evanta.com.

10:20am - 11:20am Peer-to-Peer Meetings

Peer-to-Peer Networking

Click here to schedule time with key contacts and decision-makers, connect with the right people, schedule meetings and work toward achieving your business goals faster, all through the swipe of a button. In keeping with our promise to provide the best networking opportunities in your region, we are offering one-on-one meetings at this summit, through our Peer-to-Peer Networking feature. Powered by AI, this feature takes the work out of networking. It unlocks the potential of professionals who are looking to make meaningful connections at this summit, giving you a higher return on your time.

11:10am - 11:40am Networking Break

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Security Toolbox – The Future Is Now

Steve Hundley

Director of Governance, Risk, and Security

TTX Company

How can CISOs better understand emerging technologies and proactively apply them to improve their security program? Steve Hundley leads this interactive workshop to explore concepts such as AI, ML and blockchain and use cases for security practitioners.

In this session, discuss:

Practical applications for emerging technologies
How other CISOs are implementing new tech
The future technology landscape for CISOs

2:30pm - 3:20pm Executive Boardroom

CISO as a Human Translator — Translating Security Risk into Business/Board Speak

Shane Hibbard

Director of Information Security

Invenergy

Steve Weber

Sr. Director, Information Security and IT Compliance

OptumRx

Dov Yoran

Sr. Director, Security Business Group

Cisco Systems, Inc.

The role of the CISO has fast evolved beyond its traditional operational functions of monitoring, repelling and responding to cyber threats to that of one who can enable the business. More specifically, enable the business to take secure risks. As a growing number of boards are making the topic of cybersecurity a central part of their discussions, the need for CISOs to provide them with visibility into and to clearly articulate how risk is being managed in well-defined business terms (board speak) has become fundamental. Join this roundtable discussion to share ideas and strategies on how to effectively communicate risk and other key related factors with your board.

To reserve your seat, please contact: Tim Bigley at 971-717-6612 or tim.bigley@evanta.com.

2:30pm - 3:20pm Executive Boardroom

The People Problem — Security Awareness Training

Amy Bogac

Director, Information Security and Risk Management

CF Industries

John Reed

IT Security Program Manager

True Value Company

Even as security tools become increasingly advanced, the biggest vulnerability in a company continues to be its people. With attacks on the rise, executives must make employee training even more sophisticated.

In this boardroom, you’ll:

Discuss different educational approaches with your peers
Determine how to evaluate the level of training needed
Identify key training components and methods of measuring their efficacy

To reserve your seat, please contact: Tim Bigley at 971-717-6612 or tim.bigley@evanta.com.

3:20pm - 3:40pm Networking Break

Peer-To-Peer Networking

3:40pm - 4:20pm Keynote

Culture - The Difference Between Success and Failure

Corey E. Thomas

President and CEO

Rapid7

Why do some companies filled with smart people fail and others succeed? Culture can make all the difference. It can accentuate the collective and drive innovation or it can be a distraction. In order to achieve long-term success, there must be a level of cohesiveness and alignment between a company’s culture, its employees, and goals. Corey Thomas, President and CEO of Rapid7, shares his quest for that alignment and how he promotes a culture of disciplined risk-taking, continuous learning, and diversity of mindset.

4:20pm - 5:00pm Closing Reception & Prize Drawing