Boston CISO Executive Summit

November 6, 2018 | Ritz-Carlton Boston

November 6, 2018
Ritz-Carlton Boston

Collaborate with your peers

Get together with your peers to tackle top business challenges through peer-driven content and discussions at the Boston CISO Executive Summit.

Join your peers to discuss the most critical issues impacting CISOs today:

Strategies for a risk-aligned, resilient organization

Developing and investing in the security workforce of tomorrow

Creating business value and supporting agile business operations

Boston CISO Governing Body

The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.


Kevin Brown

Boston Scientific

Brian Haugli

Former CISO

Larry Jarvis

Iron Mountain

Taylor Lehmann

Tufts Medical Center
CISO, Wellforce

Michael McNeil

Philips Healthcare
Global Product Security & Services Officer

Holly Ridgeway

Citizens Bank
Chief Security Officer


November 6, 2018 - morning

7:00am - 7:45am  Registration & Breakfast

7:45am - 8:30am  Keynote

Innovating Through Transition and Change

Stephen R. Katz headshot

Stephen R. Katz

World's First CISO

Taylor Lehmann headshot

Taylor Lehmann

CISO, Wellforce

Tufts Medical Center

Change is everywhere – in your evolving security career, in the threat of a breach and in the career that looms after you hang up your CISO hat. These constant transitions from one phase to the next, whether personal or professional, provide a revolving door of opportunities to innovate, improve business outcomes or even just identify that next phase of your career.

In this session, Steve Katz shares his insight on:

  • Ways to proactively prepare for the next step of your security career.
  • What to do when you feel your job is in jeopardy.
  • His lessons learned from transitioning from CISO to business leader.

8:30am - 9:00am  Networking Break

9:00am - 9:50am  Breakout Session

Predict and Prepare for Tomorrow’s Security Needs

Christian Hamer headshot

Christian Hamer

University CISO

Harvard University

Katie Stebbins headshot

Katie Stebbins

VP, Economic Development

University of Massachusetts Boston

Mark Sutton headshot

Mark Sutton


Bain Capital

Talent needs are like security threats—plentiful, complex and ever evolving. This can make it tough to predict talent demands and know when (and how) to reskill existing talent.

Join this panel discussion to learn how to:

  • Identify and plan for future hiring needs.
  • Reskill talent to evolve with the security landscape.
  • Hire the right people.

9:00am - 9:50am  Breakout Session

Automating Your Data Defense

Matt Little headshot

Matt Little

Chief Product Officer


As the speed, scope and volume of cyberattacks grows, organizations are expected to mount a defense on top of a talent shortage and a skills gap. Survival requires the automation of data security processes.

In this session, discuss how to:

  • Identify the organization’s most critical data assets
  • Implement a successful automation strategy
  • Overcome the challenges of automating security

9:00am - 9:50am  Executive Boardroom

Secure the Possibilities of a Mobile-Cloud World

Esmond Kane headshot

Esmond Kane

Deputy CISO

Partners HealthCare

Lorna Koppel headshot

Lorna Koppel

Director of Information Security/CISO

Tufts University

James Plouffe headshot

James Plouffe

Strategic Technologist, CISSP


There’s an app for everything these days—from approving expenses in the grocery store line to looking up key customer information in the field. Employees are more productive than ever in today’s mobile-cloud world, which means data—and the risks of compromising it—is plentiful.

In this session, learn:

  • What risks are created through mobile-cloud technologies
  • Ways organizations are using mobile-cloud apps through the business
  • How to craft a security strategy that protects data no matter where it is.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: 

Rebecca Buchanan at 971-717-6645 or

9:00am - 9:50am  Executive Boardroom

Machine Identity – A Critical Security Concern

Phil Calvin headshot

Phil Calvin

SVP Technology Risk Management and Risk Data Analytics

Citizens Bank

Bill Roberts headshot

Bill Roberts


Hologic, Inc.

Jeff Hudson headshot

Jeff Hudson



Session details pending.

9:50am - 10:20am  Networking Break

10:20am - 11:10am  Breakout Session

How to Balance the Cost of Compliance

Brian Finch headshot

Brian Finch

Partner & Co-Chair, Cybersecurity & Global Security Practice Group

Pillsbury Winthrop Shaw Pittman LLP

Holly Ridgeway headshot

Holly Ridgeway

Chief Security Officer

Citizens Bank

CISOs throughout the country are feeling the effects of strict compliance regulations—whether they’re influenced by EU’s GDPR requirements or California’s new data privacy laws. After all, being compliant is costly, time consuming and, at times, confusing.

In this session, engage in a discussion about:

  • Understanding new compliance requirements
  • Future compliance regulations
  • Balance the mountain of compliance overhead.

10:20am - 11:10am  Breakout Session

AI and Machine Learning — Potential Successes and Security Risks

James Cabe headshot

James Cabe

Principal Systems Engineer

Fortinet, Inc.

Security vendors, infosecurity specialists and cybersecurity professionals claim to use artificial intelligence and machine learning to defend customers against the most advanced threats in cybersecurity. But if you ask how these technologies work, answers can be vague or misleading.

In this session, you will learn how:

  • The mechanics of artificial intelligence and machine learning work, exploring how different techniques can be used to detect malware, malicious domains, phishing emails and other threats.
  • How technologies can potentially fail
  • How attackers can use technologies to infiltrate poorly designed or implemented systems.

10:20am - 11:10am  Executive Boardroom

Evaluating Your Information Security Program

Joe Burgoyne headshot

Joe Burgoyne

Director, Product Sec. & Privacy

Philips Healthcare

Stephen Pyne headshot

Stephen Pyne

Director, Information Security

Eze Software Group

Ray Zadjmool headshot

Ray Zadjmool

CEO & Founder


A comprehensive information security program can significantly limit an organization’s exposure to risk. To address security concerns and needs, CISOs must continually assess their program and make improvements.

Join peers to discuss:

  • Possible gaps and risks in your information security program
  • Understanding current and desired levels of maturity
  • Establishing KPIs to measure progress.

10:20am - 11:10am  Executive Boardroom

DevSecOps – The Agile Approach to Security

Julie Fitton headshot

Julie Fitton

VP, Digital Product Security

Stanley Black & Decker

Lorna Koppel headshot

Lorna Koppel

Director of Information Security/CISO

Tufts University

Cindy Blake headshot

Cindy Blake

Global Sr. Security Evangelist


Security from the start and better collaboration are the keys to effectively reducing risks posed to an organization. With DevSecOps methods and principles, security controls can help organizations react faster to attacks.

In this session, learn:

  • How DevSecOps changes the security team mindset
  • The benefits of a DevSecOps approach
  • How to implement DevSecOps in your organization

11:10am - 11:40am  Networking Break

November 6, 2018 - mid-afternoon

11:40am - 12:50pm  Keynote

Securing Endpoints Using Analytics and a Proven Framework

Michael Howard headshot

Michael Howard

Worldwide Chief Security Advisor & Practice Manager

HP Inc. Print Security Solutions

As the number of connected devices continues to increase, so does the number of potential vulnerabilities. By 2020, there will be 2.8 billion connected devices, all of which could create security blind spots for organizations. How can security professionals expand their security measures to protect this ever-expanding attack surface?

In this session, Michael Howard draws on real-world examples to teach CISOs how to:

  • Understand and defend against the next wave of hackers.
  • Use data analytics and a proven framework to secure endpoint devices.
  • Identify existing gaps in endpoint security.

12:50pm - 1:20pm  Networking Break

1:20pm - 2:10pm  Breakout Session

Wear the Black Hat in a Cybersecurity Escape Room

Kevin Brown headshot

Kevin Brown


Boston Scientific

As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

  • Hack a Facebook account using information left behind on employees’ desks.
  • Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.
  • Learn a new way to gamify insider threat training.

1:20pm - 2:10pm  Breakout Session

How to Create Breakthrough Results During Times of Change

Val Wright headshot

Val Wright

Global Leadership & Innovation Expert, Author of Thoughtfully Ruthless

Thoughtfully Ruthless

Conventional wisdom says you should limit the speed and volume of change, when the opposite is actually true. The key is to know where you are in the Tornado of Change and lead your team to rapid rebuilding.

In this highly interactive session, Val Wright teaches how to:

  • Ensure your organization understands and believes your changes
  • Increase the speed to 100% productivity.
  • Be Thoughtfully Ruthless® with time, energy, and resources

1:20pm - 2:10pm  Executive Boardroom

Measuring Risk in a Post-GDPR World

Christina Frangos headshot

Christina Frangos

Director Privacy Counsel

Acushnet Company

Daniel Gortze headshot

Daniel Gortze

Sr. Manager of Information Security

Cumberland Farms

Chris Babel headshot

Chris Babel



The GDPR significantly changed how companies assess and manage risk through a combination of new / complex compliance reporting requirements and exposure to significant financial penalties. The GDPR, and forthcoming California Consumer Privacy Act (CCPA) are increasing the level of interaction CISOs need to have with legal / privacy counterparts to ensure data protection risks are properly identified, effective management tools are implemented, and objective measures are in place to track progress.

Join fellow security leaders to discuss: 

  • Standards and metrics for measuring data protection risk
  • Best practices for managing risk associated with GDPR, California Consumer Privacy Act, and other global data protection frameworks
  • Tools to manage data protection risk and meet compliance reporting requirements

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: 

Rebecca Buchanan at 971-717-6645 or

November 6, 2018 - afternoon

2:10pm - 2:30pm  Networking Break

2:30pm - 3:20pm  Breakout Session

A Security Strategy To Drive Customer Connection

Rajesh Goyal headshot

Rajesh Goyal

VP, Digital Security


Adam Glick headshot

Adam Glick

VP, Enterprise Cyber Risk

Brown Brothers Harriman & Co.

It’s no secret that today’s CISOs must be business drivers within their organizations. To do this, they have to connect with what’s important to the business – the customers. Their duty extends beyond keeping the business safe. They must prove their ability to keep customers safe, too.

Engage in a dialog with Rajesh Goyal on:

  • Connecting with the customer around your Security value proposition, as a Marketing leader would.
  • Using customer insights to inform your security strategy and roadmap.
  • Supporting a customer-obsessed organization as a security professional.

2:30pm - 3:20pm  Breakout Session

A Deep Dive into the DNA of Modern IoT Attack Botnets

Ron Winward headshot

Ron Winward

Security Evangelist


The majority of modern IoT-based attack botnets have uniquely common DNA; they use part of the Mirai code in their framework. While device exploitation techniques remain innovative, the attack vectors themselves are typically reused, making it possible for CISOs to outsmart these botnets.

Join this session to take a meaningful look at IoT attack botnets. You’ll learn about:

  • The different attack vectors in IoT botnets
  • How attack vectors replicate
  • What changes have been implemented in new IoT attack botnets

2:30pm - 3:20pm  Executive Boardroom

Secure Transformation – Avoiding Risk in ERP Applications

Eric Jacobsen headshot

Eric Jacobsen

Director of Information Security

Boston University

Mike Rodehorst headshot

Mike Rodehorst


Federal Reserve Bank of Boston

Lyndsey Gibbons-Neff headshot

Lyndsey Gibbons-Neff

Director of Professional Services

Onapsis, Inc.

Digital transformation is not just a buzzword, but an outline of business and operational plans to integrate and prioritize the latest digital technologies. Unfortunately, security is often second priority or not even in the scope of the transformation project.

Join this session to discuss how to:

  • Make security an enabler instead of a roadblock
  • Develop a plan to secure critical ERP applications
  • Ensure your organization’s ERP applications are compliant

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: 

Rebecca Buchanan at 971-717-6645 or

3:20pm - 3:40pm  Networking Break

3:40pm - 4:20pm  Keynote

Predict and Prepare for Tomorrow’s Threats

Wade Alt headshot

Wade Alt

Vice President

Booz Allen Hamilton

Michael Sechrist headshot

Michael Sechrist

Chief Technologist

Booz Allen Hamilton

Everyone wants to know what’s next in cybersecurity, but the future threat landscape is as difficult to predict as a cyber-attack. 

In this session, Wade Alt shares:

  • Key insights into future cyber trends
  • How to protect against the evolving security landscape
  • What threats to expect in 2019

4:20pm - 5:00pm  Closing Reception & Prize Drawing


Venue & Accommodation

Ritz-Carlton Boston

Your Community Partners

National Thought Leaders
Keynote Sponsors
Presenting Sponsor
National Sponsors

Boston CISO Program Manager

For inquiries related to this event, please reach out to your dedicated program contact.

Rebecca Buchanan

Program Manager