IN-PERSON

Southern California CISO Executive Summit

December 11, 2019 | Sheraton Grand Los Angeles

December 11, 2019
Sheraton Grand Los Angeles

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Bently Au

AEG Worldwide
VP, CISO

Nikolay Chernavsky

PennyMac Financial Services
SVP & CISO

Matt Crouse

Taco Bell Corporation
CISO

Lara Divi

Dine Brands Global
VP, CISO

Arthur Lessard

Universal Music Group
SVP & CISO

Dan Meacham

Legendary Entertainment
Vice President, Security & Operations

Nick Reva

Snap Inc.
Security Engineering Lead

Marty Simmons

Kite Pharma
Director, IT Security & Compliance

Billy Spears

loanDepot
EVP, CISO

Terrence Weekes

Jack in the Box
CISO

Agenda

December 11, 2019

mid-afternoon morning afternoon

11:20am - 11:45am Networking Break

11:45am - 12:30pm Lunch & Comments

Lunch & Interactive Discussion

In this networking lunch you have the opportunity to have relevant and topical conversations with your peers. The below questions are a guideline for you to start your table conversations.

Security operations

What is the maturity of your security operations program?
What is your process for building an operational playbook?
What KPIs or KRIs do you use to measure success?

Communication and awareness

How do you approach security with a holistic lens?
What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?

Access and Identity Management

What strategies and tools are you using to improve visibility into your systems?
How are you integrating the user experience with security?
How are you measuring the success of your access management program?

Governance and privacy

How are you responding to/preparing for regulatory changes?
How do you balance compliance with business requirements?
What standards and metrics are you using to measure risk?

Talent and developing leaders

What are some tangible strategies for creating and developing new talent resources?
What best practices exist for retaining talent, once secured?
How are you developing your future leaders? What succession plan strategies do you have in place?

12:30pm - 1:00pm Keynote

Detection Ex Machina — How the Rise of Machine Learning Is Transforming the SOC

Diana Kelley

Cybersecurity Field CTO

Microsoft Corporation

The world is changing rapidly. Disruptive technologies are continuing to proliferate and along with that is the convergence of work and home lives. This is stressing current cybersecurity operations where traditional technologies and out-moded tools, techniques and procedures are stretching defender capabilities and even enabling attackers.

In this session you will explore:

How leveraging the law of data gravity and machine learning can transform modern SOCs
How you can increase the speed of detection and response times

1:00pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

JPL Cybersecurity — Protecting Near Earth and Deep Space Missions

Wes Gavins

CISO

NASA Jet Propulsion Laboratory

Session details coming soon.

1:20pm - 2:10pm Breakout Session

Farewell to Network Security As We Know It

James Christiansen

VP, Cloud Security Transformation

Netskope

Digital transformation, cloud-first, and mobile-first security strategies are impacting every company across the globe, causing next-gen security teams to rethink their entire legacy security stack. In the process, we have lost control of data protection and visibility. How can we manage the risk of what we cannot control or see?

In this session you will learn:

How to transform your network security strategy and integrate true zero trust
How next-gen security strategies address; firewalls (NGFW), secure web gateways (SWGs), and secure access (VPNs)
Why top cloud security use cases are driving the need for high-speed edge networks with security that follows the user not the device

1:20pm - 2:10pm Executive Boardroom

Keys to Steadfast Security Awareness

Eddie Galang

Chief Information Security Officer

Port of Long Beach

Kevin Wilson

CISO

Guess

Information security leaders know their greatest organizational tools for a secure environment are their own employees. With adequate training, education and practice, internal advocates for security can counteract myriad external threats. But between budgetary constraints, antiquated training models and lack of interdepartmental alignment, the challenges of implementing and maintaining a vital security awareness program can be overwhelming.

In this boardroom session, you will explore:

The traits of a successful security awareness program
Innovative training procedures and maintaining compliance
How to heighten employee engagement and demonstrate the value of the program to the organization at large

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com.

1:20pm - 2:10pm Executive Boardroom

Transforming Application Security

Jeff Blair

CISO

Creative Artists Agency

A.J. Soria

Director of Information Security

Age of Learning

Rob Cuddy

Global Application Security Evangelist

HCL Technologies

Digital transformation has created an array of business opportunities — and challenges. For organizations that are embracing cloud, applications and virtualized environments, maximum visibility and control are key to mitigating risk. When traditional ways of managing, securing and supporting apps and data no longer meet business needs, how can CISOs stay ahead of the digital innovation curve?

In this session you will explore how:

To integrate AI and machine learning into your security strategies
You can effectively identify potential threats and weaknesses
To "future proof" your organization with innovative plans and solutions

7:30am - 8:15am Registration & Breakfast

8:15am - 8:30am Opening Comments

8:30am - 9:00am Keynote

Planning for the Future — The Next-Gen CISO

Kirsten Davies

SVP & CISO

Estée Lauder Companies

It’s no secret that we need more cybersecurity professionals to keep our organizations safe and secure. What’s even more challenging? Finding the next generation of cybersecurity leadership. Join Kirsten Davies as she shares her strategies for developing effective and successful teams for the future.

In this session you will:

Discover how you can tap into energy and ideas that millennials bring to the table
Learn how to uncover hidden talent in your company
Find out how to create a powerful pipeline that can deal with the expanding threat landscape

9:00am - 9:20am Networking Break

9:20am - 10:10am Breakout Session

Cybersecurity — The Need for Change

Lara Divi

VP, CISO

Dine Brands Global

Session details coming soon.

9:20am - 10:10am Breakout Session

The Evolution of Cybersecurity Risk Ratings

Paul Gagliardi

CISO

SecurityScorecard

Cyber risk ratings have steadily evolved over the last six years, shifting from scoring approaches using off the shelf vulnerability scanners to frameworks built with machine learning. Paul Gagliardi shares the evolution of developing scores – including initial ideas, setbacks and breakthroughs.

In this session, learn:

The composition of a cyber security risk rating
How an enterprise IT team’s behavior manifests itself to the outside world
How behavior translates to cyber security risk for the business

9:20am - 10:10am Executive Boardroom

Keeping Ahead of Information Governance

Michael Mongold

Director, Information Security

Deckers Brands

John Underwood

Director, Information Security

Big 5 Sporting Goods

Martin Sugden

CEO

Boldon James

Information governance can seem like trying to boil the ocean. Developing the right strategy and approach is key in finding the best channels to assess risk.

In this boardroom, you will explore:

How to gain visibility into high risk areas
What controls should be in place to protect your company’s information assets
Recommended policies and how should you measure and enforce them

9:20am - 10:10am Executive Boardroom

Cyber Resiliency — Evolving Your Cyber Ecosystem

Michael Miora

SVP & CISO

Korn Ferry

Jennifer West

Chief Information Security & Privacy Officer

ESRI

Bruce Potter

CISO

Expel

Managing and mitigating risk is a complex undertaking that spans phishing to networking monitoring. Faced with increasingly complex and sophisticated threats, CISOs must be strategic about improving their resilience and tracking improvements.

Join this boardroom to discuss:

Emerging security models based in transparency
Understanding security risks when it comes to cloud
Managing the business’s risk appetite
Building a resilience plan

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com.

10:10am - 10:30am Networking Break

10:30am - 11:20am Breakout Session

Cybersecurity Innovation — Building Today What We Need for Tomorrow

Kevin Kealy

CISO

Scientific Games

David Tyburski

CISO

Wynn Resorts

More than ever before, CISOs are challenged to drive value to their organizations by running highly efficient and effective security programs. However, as businesses continue to transform faster and faster, we can no longer just think about today's security issues. Our focus needs to be on the future.

In this session you will explore:

How to harness the power of cybersecurity innovation
The importance of IAM and how innovation is changing how we deal with access
Strategies that will prepare you for what is coming next

10:30am - 11:20am Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Jonathan Niednagel

SVP of Global Services

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

10:30am - 11:20am Executive Boardroom

Controlling Insider Threats

Adrian Giboi

CISO

Solenis

Ralph Johnson

Chief Information Security Officer

County of Los Angeles

Jadee Hanson

CISO

Code42

What will it take to move the data protection needle forward? How do CISOs stop insider threats before brand damage is done?

In this session, you’ll discuss:

Best practices to continuously monitor file activity to detect risk
How to quickly investigate and respond to insider threats
Ways to transform your data loss protection strategy

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com.

10:30am - 11:20am Executive Boardroom

Leveraging the Optimal Combination of Human and Artificial Intelligence

Emilio Escobar

Head of Information Security

Hulu

Billy Spears

EVP, CISO

loanDepot

Jay Kaplan

CEO

Synack

It’s not easy to keep in front of the cybercrime wave. Rapid development cycles are increasing the velocity of new code releases - and the potential for new exploitable vulnerabilities in your environment. Continuous delivery requires continuous security testing. Help is needed – but where do you turn when talent is scarce and resources are stretched thin?

During this peer-driven session you will explore:

New security strategies that are driven by humans and augmented by artificial intelligence
How crowdsourced cybersecurity can fill gaps in your program and give you the control to strengthen your security posture
How you can detect vulnerabilities in your platform on a continuous basis before the criminals do

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com.

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Pen Test Your Board Pitch — An Interactive Exercise

William Britton

VP IT & CIO

California Polytechnic State University

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

Create and deliver a board pitch
Receive real-time feedback on your pitch
Learn best practices and strategies for communicating with your board

2:30pm - 3:20pm Executive Boardroom

Cloud Security – The Road Ahead

Nikolay Chernavsky

SVP & CISO

PennyMac Financial Services

Webb Deneys

SVP, Information Technology

Cardinal Financial Company

Whether you are just moving into the cloud, researching more options within the public cloud, or building your own private cloud, most leaders agree that this is the future of infrastructure as a service. But can CISOs have it all – both increased productivity and cost benefits within a secure cloud?

In this boardroom, you will explore:

Current and future cloud security issues
Top threats to the cloud
Strategies to guide your organization's priorities for the coming year

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com.

2:30pm - 3:20pm Executive Boardroom

Evaluating and Communicating Risk

Bently Au

VP, CISO

AEG Worldwide

Arthur Lessard

SVP & CISO

Universal Music Group

In the fast-paced world of advanced information security, shifting priorities and disruptive technologies are part of everyday life. As technology increasingly enables business opportunities and operations, an organization’s approach to risk management must be equally comprehensive, strategic and proactive. Risk must be systematically evaluated and managed for every project, and risk management must be culturally embraced across all functions.

In this boardroom you will explore:

Insights for developing overarching processes
Changing enterprise perceptions toward risk, providing effective risk-based solutions to mounting challenges
Building a culture where risk-aware decision-making adds value to the business

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com.

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:40pm Keynote

CISO/Security Vendor Relationship Podcast — Live Recording

Gary Hayslip

VP, Director of Information Security (CISO)

SoftBank Corporation

Mike Johnson

Co-Host

CISO/Security Vendor Relationship Series

David Spark

Co-Host

CISO/Security Vendor Relationship Series

Are you ready for the live podcast that has turned a spotlight on one of the most important areas of InfoSec – relations between buyers and sellers of cybersecurity products? Join us as our hosts and special guests comment on hot cybersecurity issues, listener questions, and play risk-based security games like "What's Worse?!"

4:40pm - 5:20pm Closing Reception & Prize Drawing