IN-PERSON

Southern California CISO Executive Summit

June 4, 2019 | Hilton Los Angeles Universal City

June 4, 2019
Hilton Los Angeles Universal City

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Bently Au

AEG Worldwide
VP, CISO

Nikolay Chernavsky

PennyMac Mortgage Investment Trust
SVP & CISO

Matt Crouse

Taco Bell
CISO

Lara Divi

Dine Brands Global
VP, CISO

Arthur Lessard

Universal Music Group
SVP & CISO

Dan Meacham

Legendary
Vice President, Security & Operations

Nick Reva

Snap Inc.
Security Engineering Lead

Marty Simmons

Kite Pharma
Director, IT Security & Compliance

Billy Spears

loanDepot
SVP, CISO

Terrence Weekes

Jack in the Box, Inc.
CISO

Agenda

June 4, 2019

mid-afternoon morning afternoon

11:40am - 12:50pm Keynote

Phishing Defense — The Art of Human Intuitive Repulsion

Aaron Higbee

CTO & Co-Founder

Cofense, formerly PhishMe

As intuitive human beings we often somehow sense when things aren’t quite right. When a newborn is “too quiet,” a sixth-sense can be more reliable than a baby monitor. What applies to life also applies to cybersecurity. Machine learning and artificial intelligence can weed out some of the threats, but they won't catch everything. Find out why trusting your gut – knowing when to say something when you see something – is a key part of any organization's phishing defense. In this session:

Discover security trends, threat-actor tactics and defense strategies across the global financial sector
Learn the types of phishing attacks seen in the financial sector
See how attackers evolve their tactics to avoid perimeter controls

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Diversity and Cybersecurity – Building a More Effective Team

Quincey Collins

Chief Security Officer

Sheppard Mullin Richter & Hampton

Lara Divi

VP, CISO

Dine Brands Global

Tommy Ng

IT Security, Risk and Compliance Manager

Dole Packaged Foods

Jerry Sto. Tomas

CISO

Apria Healthcare

In a world where attracting, hiring and retaining talent is the most significant challenge that security professionals face – we must leave no stone unturned when it comes to staffing our critical information security positions. Don’t miss this opportunity to take diversity and cybersecurity down to its core in an honest, constructive manner. Learn more about:

The benefits of diversity and inclusion in your organization
Talent retention strategies and techniques
Your identity and brand as a company
How to build the next generation of security professionals

1:20pm - 2:10pm Breakout Session

Farewell to the Old Guard – Introducing the Modern Security Architecture

Jason Clark

Chief Strategy Officer

Netskope

Sean Cordero

Head of Cloud Strategy

Netskope

Until now, the information security industry has failed to deliver business empowering security solutions, which enable organizations to quickly and securely transform digitally. Security today is too complicated and draws from a 20-year-old playbook. It needs to be re-written and based on approaches that protect and empower the business. In this session, we will:

Share how many of the Fortune 100 are redefining their cloud, network and data security programs
Discuss the steps and architectures that are the key to transformation
Reimagine your approach to enterprise security, building a new blueprint that can be used for years to come

1:20pm - 2:10pm Interactive Session

Wear the Black Hat in a Cybersecurity Escape Room

Jennifer Fusco

Cyber Security Analyst

Boston Scientific

As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

Hack a Facebook account using information left behind on employees’ desks
Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts
Learn a new way to gamify insider threat training

*Please note: This interactive session is limited to 10 attendees.

1:20pm - 2:10pm Executive Boardroom

Dissecting Recent Breaches and Ensuring Cyber Resiliency

Michael Miora

SVP & Global CISO

Korn Ferry

Kris Virtue

Head, Global Information Security and Risk Management

Qualcomm

Anand Kotti

SAP Security Expert

Onapsis

In April 2019, the Department of Homeland Security issued an alert citing "New Exploits for Unsecure SAP Systems" after new exploits, termed "10KBLAZE" were publicly released. While protecting endpoint access, phishing and network monitoring is important, nothing else matters if your core business applications are not a primary strategic component. In this session, we will explore:

Why and how ERP applications are actively under attack
How cloud, mobile and digital transformations are expanding the attack surface
Steps you can take to ensure cyber resiliency and mitigate risk

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com.

1:20pm - 2:10pm Executive Boardroom

Modernizing Your SOC

Anthony Chogyoji

CISO

County of Riverside

Dan Meacham

Vice President, Security & Operations

Legendary

Nitin Agale

SVP, Products & Marketing

Securonix

When it comes to taking your data from you, cyber criminals never rest. If they can’t get in one way, they will try another. A sound Security Operations Center - staffed by the right people and with the right tools - should be a key part of your cyber defense strategy. In this session you will discover how to:

Effectively develop your team
Automate to reduce workloads and drive efficiency
Equip SOC teams to operate within BYOD and Cloud
Create strong KPIs and KRIs to measure success

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

The Next Century of Cybersecurity

Ben Hammersley

Author & Futurist

Ben Hammersley

Today’s breakneck pace of technological disruption is only matched by the flood of sensitive data flowing to the digital realm, and information security leaders are a lighthouse in the storm. What’s next for the CISO, and what’s next for the threat landscape they face? Will new technologies completely rewrite what it means to be a CISO? Join Futurist Ben Hammersley as he shares his meditation on the future of cybersecurity:

What should the CISO be preparing for to brace for unprecedented change?
What technologies are on the horizon that will revolutionize data protection?
What’s next for the bad guys?

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Corporate Transitions — Navigating Disruptive Cyber Waters

Richard Greenberg

Information Security Officer

Los Angeles County Department of Public Health

Bruce Phillips

SVP, Chief Information Security Officer

Williston Financial Group

Shyama Rose

CISO

Avant

Marty Simmons

Director, IT Security & Compliance

Kite Pharma

One thing we know for sure, change is constant in our professional worlds. From M&A and company splits to reorgs and business identity changes – how can you keep your organization secure during these shifts? How do you keep disruption to a minimum? In this session, you will:

Learn how to create an effective digital growth strategy that supports business goals
Identify the implications and impacts of change and risk
Discover how to address vulnerabilities

9:00am - 9:50am Breakout Session

Mission Impossible — So Many Risks, So Little Time

Ladi Adefala

Senior Security Strategist

Fortinet, Inc.

Emerging risks can be unpredictable and disruptive. Fifth Generation (5G) mobile communications, extended reality, smart speakers, drones all offer incredible benefits but they also come with unexpected risks. These are truly the unpredictable unknowns. Anticipating these blind spots can appear impossible in light of the accelerated pace of technology innovations. In this session, you’ll:

Learn about emerging risks
Identify impact and implications of these risks
Discover strategies to address them

9:00am - 9:50am Executive Boardroom

Patterns and Anti-Patterns for Practical Applications of AI

Bently Au

VP, CISO

AEG Worldwide

Nick Reva

Security Engineering Lead

Snap Inc.

Doug Lhotka

Executive Cybersecurity Architect

IBM

Deep Learning. Machine Learning. Artificial Intelligence. These trends can deliver immense dividends, but they also invite new risks. How can CISOs prepare to reap the rewards while also thwarting potential attackers? Join this session to learn how to:

See beyond the hype and understand the benefits of AI
Use AI to create both long- and short-term business benefits
Prevent potential attackers from exploiting the vulnerabilities of new technologies

9:00am - 9:50am Executive Boardroom

Modern Approaches to Protecting Your Third-Party Ecosystem

Steve Schwartz

Director, IT Security

Lionsgate

Mark Van Holsbeck

IT Risk & Security CISO

Avery Dennison

Fred Kneip

CEO

CyberGRX

It's no secret that hackers are opportunistic. They are constantly looking for the weakest link and are quick to capitalize on one as soon as it's spotted. This boardroom will discuss:

Third-party cyber risk best practices
New strategies for third-party cyber risk management (TPCRM) and how they work
How to scale your third-party risk management (TPRM) program to evolve with your ecosystem

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

From Zero to 100 — Yamaha’s Race to Cyber Strength

Glenn Coles

GM & CIO

Yamaha Motor Corporation, U.S.A.

Douglas Gaboya III

Senior Manager and CISO

Yamaha Motor Corporation, U.S.A.

Yamaha Motor Corporation, U.S.A. was admittedly late to the game when it came to cybersecurity, but the creation of a captive finance company with lots of PII required the organization to step on the gas. Discover how the enterprise’s CIO and CISO quickly and efficiently:

Put together a program of people, processes and technology
Leveraged vendors and tools to jump straight into to the latest and greatest cloud-type solutions
Built a SOC, which has no on-premise staff but provides 24-7 coverage, on a shoestring budget

10:20am - 11:10am Breakout Session

Real World Strategies for a Proactive SOC

Jeff Costlow

Deputy CISO

ExtraHop

Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data. In this session, you will learn:

Current attack practices, including abuse of legitimate traffic and encryption
How hunters hide from attackers to avoid counter IR maneuvers
Ways to make analysts faster and more effective at validating and responding to threats
Options for empowering cross-training and on-the-job training to increase analysts' skills
Clarity on how gaining visibility into cloud and encrypted traffic

10:20am - 11:10am Interactive Session

Wear the Black Hat in a Cybersecurity Escape Room

Jennifer Fusco

Cyber Security Analyst

Boston Scientific

Hack a Facebook account using information left behind on employees’ desks
Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts
Learn a new way to gamify insider threat training

*Please note: This interactive session is limited to 10 attendees.

10:20am - 11:10am Executive Boardroom

Managing the Convergence of Global Data Regulations

Lara Divi

VP, CISO

Dine Brands Global

Terrence Weekes

CISO

Jack in the Box, Inc.

Matt Little

Chief Product Officer

PKWARE, Inc.

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organizations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements? In this session, discuss:

The current landscape of data privacy regulation around the world
Best practices for managing risk associated with data protection frameworks
Standards and metrics for measuring data protection risk
Data classification strategies to aid compliance, regardless of regulation

10:20am - 11:10am Executive Boardroom

Translate Complex Cybersecurity Issues into Simple Business Context

Steve Tran

CISO

MGM Studios

Alan Deeter

Director, Enterprise Sales West

BitSight Technologies

It is much easier now to determine what’s important, dangerous and real in your third party ecosystem. Yet, as hacks continue to threaten data and business continuity, the old school of thought around securing the enterprise is no longer relevant. This boardroom will explore:

Layering traditional tools and new strategies to define goals and deploy resources
Communicate to the board through a holistic risk lens
Developing clear business cases connecting business profitability to risk reduction

11:10am - 11:40am Networking Break

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Information Technology Governance Through a Comprehensive Governance Library

Ralph Johnson

Chief Information Security Officer

County of Los Angeles

When it comes to aligning IT strategy to the business plan, what gets measured gets done. However, there are so many moving pieces that are critical to ensuring that IT is effectively and efficiently helping organizations reach their goals, it is easy to get overwhelmed. Join Ralph Johnson as he shows you:

The importance of implementing a formal IT governance framework
How IT governance help you achieve executive buy-in
Key components for a comprehensive governance library

2:30pm - 3:20pm Breakout Session

Cloud Care — Tracking Assets at Your Network Edge

Marshall Kuypers

Director of Cyber Risk

Expanse

The proliferation of cloud technologies has created new classes of risk for organizations. It’s easier than ever for employees to circumvent security processes. Furthermore, the distributed nature of cloud makes it difficult for IT teams to detect exposures. In this session:

Discover common cloud risks, their causes, and why they’re risky
Learn strategies to identify rogue IT devices
Find out ways to stop rogue IT devices from proliferating in the first place

2:30pm - 3:20pm Interactive Session

Wear the Black Hat in a Cybersecurity Escape Room

Jennifer Fusco

Cyber Security Analyst

Boston Scientific

Hack a Facebook account using information left behind on employees’ desks
Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts
Learn a new way to gamify insider threat training

*Please note: This interactive session is limited to 10 attendees.

2:30pm - 3:20pm Executive Boardroom

Evolution of an Integrated Cybersecurity Office — A CIO-CISO Perspective

Matt Crouse

CISO

Taco Bell

Arthur Lessard

SVP & CISO

Universal Music Group

Ellen Sundra

VP, Americas, Systems Engineering

ForeScout Technologies, Inc.

The hyper-growth of IoT across the enterprise is forcing leaders to reassess how they secure their networks. Recent Forrester research has unveiled some hidden technical and organizational challenges IT professionals should be aware of when managing their overall security framework. In this interactive session:

Discuss effective strategies for devising information risk and value metrics
Learn and share what organizations can do to better defend IoT-enabled systems from cyberattacks
Find out how to mature the SOC into an Integrated Cybersecurity Fusion Center

2:30pm - 3:20pm Executive Boardroom

Maintaining Efficiency in the Secure Enterprise

Webb Deneys

CISO

Stearns Lending

Christopher Hymes

Head of Information Security and Data Protection Officer

Riot Games, Inc.

Sean Frazier

Advisory CISO - Federal

Duo Security

What tactics and technologies are effective in securing the enterprise without putting up barriers to business operations? During this interactive roundtable discussion, security leaders share strategies that maximize security while minimizing business bottlenecks. In this session, you will:

Define shared pain points where security controls are slowing business processes
Share ideas and best practices for reducing friction from security controls
Address ways to gain buy-in across the business when bottlenecks are unavoidable

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com.

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

Future Forward – Keeping Ahead of the Privacy Wave

Kimberly Ebright

VP & Chief Privacy Officer

loanDepot

Aaron Mendelsohn

Director & Chief Data Privacy Officer

Ingram Micro

Zoe Philippides

Chief Privacy Officer

Amgen

Todd Friedman

CISO

ResMed

As the topic of privacy moves to center stage with the implementation of new data protection laws and regulations such as GDPR and the California Consumer Privacy Act, CISOs find themselves struggling to maintain compliance in addition to keeping their organizations secure. Are you ready for the next wave of changes? Join this dynamic panel as they discuss:

How privacy regulation continues to change our approaches to business
How you can effectively communicate the importance of security during privacy policy shifts
Tools and resources that can help you deal with privacy transitions

4:20pm - 5:00pm Closing Reception & Prize Drawing