IN-PERSON

San Francisco CISO Executive Summit

May 15, 2019 | The Westin St. Francis San Francisco on Union Square

May 15, 2019
The Westin St. Francis San Francisco on Union Square

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Yassir Abousselham

Okta, Inc.
SVP, Chief Security Officer

Krishnan Chellakarai

Gilead Sciences, Inc.
CISO

Joel Fulton

Splunk
CISO

Al Ghous

General Electric Company
Sr. Director, Cyber Security

Peter Liebert

State of California
CISO

Steve Martino

Cisco Systems, Inc.
SVP, CISO

Jeff Trudeau

Credit Karma
CSO

Agenda

May 15, 2019

mid-afternoon morning afternoon

11:10am - 12:00pm Breakout Session

Trim the Fat – Evaluating Your Cybersecurity Tool Portfolio

Adam Glick

VP, Enterprise Cyber Risk

Brown Brothers Harriman & Co.

Adam Glick felt his organization’s suite of cybersecurity tools was becoming oversized and cumbersome – and sought to analyze what was truly bringing value. Through evaluation, Glick was able to cut the amount of products being used by 18%. Glick shares his process in conducting a portfolio analysis, and how security leaders can not become distracted by the next shiny object.

In this session, learn:

How to reduce redundancy or combine tools that are disparate in nature
Proactive measures to set up a portfolio for sustained success
How to evaluate whether tools are meaningful

11:10am - 12:00pm Breakout Session

Minnows, Meet Sharks

Al Ghous

Sr. Director, Cyber Security

General Electric Company

Marzena Fuller

CSO

SignalFX

Peter Liebert

CISO

State of California

Sankara Shunmugasundaram

Senior Director, Security and Compliance

AppDirect

Get the chance to explore new technologies with the shared expertise of a team of CISOs. Emerging providers will have the opportunity to pitch their new and innovative solutions to the most pressing cybersecurity challenges before a panel of influential global enterprise CISOs for coaching and feedback. Audience participants will have the opportunity to chime in alongside the panel of sharks with an interactive feature.

11:10am - 12:00pm Breakout Session

Wear the Black Hat in a Cybersecurity Escape Room

Jack Davidson

Program Manager

Boston Scientific

As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

Hack a Facebook account using information left behind on employees’ desks.
Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.
Learn a new way to gamify insider threat training.

11:10am - 12:00pm Executive Boardroom

Managing the Convergence of Global Data Regulations

Krishnan Chellakarai

CISO

Gilead Sciences, Inc.

Friedrich Wetschnig

CISO

Flex

Matt Little

Chief Product Officer

PKWARE, Inc.

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organizations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

The current landscape of data privacy regulation around the world
Best practices for managing risk associated with data protection frameworks
Standards and metrics for measuring data protection risk
Data classification strategies to aid compliance, regardless of regulation

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

11:10am - 12:00pm Executive Boardroom

Maintaining Agility in the Secure Enterprise

Gene Chen

CISO

Synaptics

Nadean Shavor

Chief Security Officer

State of California Franchise Tax Board

Wendy Nather

Head of Advisory CISOs

Duo Security

What tactics and technologies are effective in securing the enterprise without putting up barriers to business operations? In this interactive roundtable discussion, security leaders share strategies that maximize security while minimizing business bottlenecks.

In this session, security leaders will:

Define shared pain points where security controls are slowing business processes
Share ideas and best practices for reducing friction from security controls
Address ways to gain buy-in across the business when bottlenecks are unavoidable

12:00pm - 12:30pm Networking Break

12:30pm - 1:30pm Keynote

The Predictions Panel – A Look at Future Threats

Forrest Carr

ISO, Digital Banking

East West Bank

George Do

CISO

Equinix, Inc.

Jeff Klaben

Executive Director, Trusted Technologies

SRI International

Jeff Trudeau

CSO

Credit Karma

To truly safeguard an organization, CISOs mustn’t merely focus on existing threats, but future ones, too. They have to ask themselves – what types of attacks should I be prepared for?

In this interactive session, prepare to:

Listen to a panel of CISOs predict the biggest threats of 2020
Share your own threat predictions for 2020
Discuss how to predict threats and – more importantly – how to prepare for them

1:30pm - 2:00pm Networking Break

7:00am - 8:30am Registration & Breakfast

8:30am - 9:00am Keynote

The Art of Noticing

Rob Walker

Author, "The Art of Noticing"

In his talk, “The Art of Noticing,” Rob Walker argues that noticing what others have taken for granted is the cornerstone of creativity. Drawing on themes and sharing tips and suggestions from his book, he shares examples from his research of creative projects that began by noticing something that everyone else overlooked or ignored.

9:00am - 9:40am Networking Break

9:40am - 10:30am Breakout Session

Prioritize the Crown Jewels

Cassie Crossley

Director, Product & Systems Cybersecurity

Schneider Electric

When Schneider Electric examined their 4000 internal applications, they realized they couldn’t boil the ocean. Highlighting their key systems that would create significant liability if there was a breach, they narrowed down the most critical 19 “Crown Jewels”. Cassie Crossley shares her process in making key applications breach resistant and breach ready by pinpointing where to direct resources.

In this session, learn to:

Focus and prioritize objectives of your security program
Set ownership by identifying main security experts
Teach the basics of security to the organization

9:40am - 10:30am Breakout Session

Offense and Defense – Playing Both Sides

Tony Giandomenico

Senior Security Strategist

Fortinet, Inc.

Many organizations continue to be successfully attacked despite continued investments in the latest technologies. To successfully defend cyber assets, organizations need to both understand their adversary’s tradecraft and ensure their security posture is properly designed continually resist their tactics, techniques and procedures.

This session includes:

How to effectively leverage the freely available Mitre Knowledgebase
How to achieve better situational awareness
Solutions to more accurately plan and prioritize security improvements

9:40am - 10:30am Breakout Session

Wear the Black Hat in a Cybersecurity Escape Room

Jack Davidson

Program Manager

Boston Scientific

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

Hack a Facebook account using information left behind on employees’ desks.
Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.
Learn a new way to gamify insider threat training.

9:40am - 10:30am Executive Boardroom

Effective Risk and Metrics Communication to the Board

Christophe Jacquet

VP & CISO

Hitachi Vantara

Lucia Milica

Resident CISO

Proofpoint

Ray Zadjmool

CEO & Founder

Tevora

As boards make cybersecurity a central focus of their discussions, CISOs must be able to provide visibility into the organization’s risk posture and clearly articulate their security program into business terms. The role of the CISO has evolved beyond operational functions of monitoring to that of a business enabler – how can security leaders best respond to the challenge of effectively communicating to the board?

Join this roundtable to discuss:

How to quantify and share metrics with the business
The importance of translating security into the language of the business
How to ask for and obtain a larger security budget

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

9:40am - 10:30am Executive Boardroom

Eliminating Vulnerability Overload with Predictive Prioritization

Yassir Abousselham

SVP, Chief Security Officer

Okta, Inc.

Al Ghous

Sr. Director, Cyber Security

General Electric Company

Glen Pendley

SVP, Engineering

Tenable

When it comes to reducing cyber risk, overcoming vulnerability overload is critical. Find out how predictive prioritization will improve your vulnerability management efforts so you can focus on what matters most to your business. During this peer-discussion you will explore:

How to use threat intelligence to move the most dangerous vulnerabilities up your priority list
The resources required to effectively assess your environment and prioritize your efforts in a predictive manner
Practices that will help you take appropriate actions to make your organization more secure
How to make your staff more efficient by drastically reducing the number of high priority vulnerabilities they need to remediate

10:30am - 11:10am Networking Break

2:00pm - 2:50pm Breakout Session

Fixing the Workforce Gap

Peter Liebert

CISO

State of California

Attracting, developing and retaining enough quality talent seems to be an irremediable problem for the security industry. The State of California has worked to ameliorate this by creating a new pipeline of IT talent and advance the existing workforce to prepare for leadership roles. Peter Liebert, CISO for the State of California, shares how they’ve approached the IT talent shortage.

Join this session to learn:

How to attract talent in a competitive marketplace
Methods to broaden the scope of the talent pipeline
Retention strategies by creating career paths for existing employees

2:00pm - 2:50pm Breakout Session

Protecting Your VIPs, and Your VAPs (Very Attacked People) Too

Lucia Milica

Resident CISO

Proofpoint

For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Lucia Milica of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

Join to learn:

Why nearly all threat actors have shifted away from technical exploits to compromise their targets
How organizations can leverage threat data to understand which people and departments are highly targeted
How to design effective protection for highly attacked, highly vulnerable, and highly privileged users

2:00pm - 2:50pm Breakout Session

Wear the Black Hat in a Cybersecurity Escape Room

Jack Davidson

Program Manager

Boston Scientific

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

Hack a Facebook account using information left behind on employees’ desks.
Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.
Learn a new way to gamify insider threat training.

2:00pm - 2:50pm Executive Boardroom

Intelligent SecOps Automation - Creating a Common Security Framework

Adam Glick

VP, Enterprise Cyber Risk

Brown Brothers Harriman & Co.

Amir Jabri

Information Security Manager

Accuray

John Carty

Area Director

SaltStack

Gartner’s Susan Moore refers to automation as “The Next Frontier for IT”. This is as true for security automation as it is for infrastructure and networks. One of the hottest new topics in security automation is SOAR—Security Orchestration, Automation, and Response.

In this roundtable, we’ll discuss:

Practical SOAR – opportunities and challenges
SIEM or SOAR?
Bridging the communications gap: discussing automation with SecOps, NetOps, and SecOps
Managing the big three limitations: money, time, and staff expertise

2:00pm - 2:50pm Executive Boardroom

The Continual Shifting of Threats

Marzena Fuller

CSO

SignalFX

Ofer Israeli

CEO

Illusive Networks

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

The current threat landscape
How to best discover and thwart nation-state attacks
What security executives can do to build resiliency

2:50pm - 3:10pm Networking Break

3:10pm - 3:40pm Keynote

CISO/Security Vendor Relationship Podcast - Live Recording

David Spark

Co-Host

CISO Series

Mike Johnson

Co-Host

CISO Series

We're proud to host David Spark and Mike Johnson as they record their breakthrough podcast that has turned a spotlight on one of the most important areas of InfoSec: relations between buyers and sellers of cybersecurity products. Join us as Spark challenges his co-host Johnson and guest to comment on hot cybersecurity issues, listener questions, and play risk-based security games like "What's Worse?!"

3:40pm - 4:00pm Closing Reception & Prize Drawing