IN-PERSON

Boston CISO Executive Summit

November 6, 2018 | Ritz-Carlton Boston

November 6, 2018
Ritz-Carlton Boston

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Kevin Brown

Boston Scientific
CISO

Brian Haugli

Panduit
Former CISO

Larry Jarvis

Iron Mountain
CISO

Lorna Koppel

Tufts University
Director of Information Security/CISO

Taylor Lehmann

Tufts Medical Center
CISO, Wellforce

Michael McNeil

Philips Healthcare
Global Product Security & Services Officer

Holly Ridgeway

Citizens Bank
Chief Security Officer

Agenda

November 6, 2018

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Innovating Through Transition and Change

Stephen R. Katz

World's First CISO

Taylor Lehmann

CISO, Wellforce

Tufts Medical Center

Change is everywhere – in your evolving security career, in the threat of a breach and in the career that looms after you hang up your CISO hat. These constant transitions from one phase to the next, whether personal or professional, provide a revolving door of opportunities to innovate, improve business outcomes or even just identify that next phase of your career.

In this session, Steve Katz shares his insight on:

Ways to proactively prepare for the next step of your security career.
What to do when you feel your job is in jeopardy.
His lessons learned from transitioning from CISO to business leader.

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Predict and Prepare for Tomorrow’s Security Needs

Christian Hamer

University CISO

Harvard University

Katie Stebbins

VP, Economic Development

University of Massachusetts Boston

Mark Sutton

VP, CISO

Bain Capital

Talent needs are like security threats—plentiful, complex and ever evolving. This can make it tough to predict talent demands and know when (and how) to reskill existing talent.

Join this panel discussion to learn how to:

Identify and plan for future hiring needs.
Reskill talent to evolve with the security landscape.
Hire the right people.

9:00am - 9:50am Breakout Session

Automating Your Data Defense

Matt Little

Chief Product Officer

PKWARE, Inc.

As the speed, scope and volume of cyberattacks grows, organizations are expected to mount a defense on top of a talent shortage and a skills gap. Survival requires the automation of data security processes.

In this session, discuss how to:

Identify the organization’s most critical data assets
Implement a successful automation strategy
Overcome the challenges of automating security

9:00am - 9:50am Executive Boardroom

Secure the Possibilities of a Mobile-Cloud World

Esmond Kane

Deputy CISO

Partners HealthCare

Lorna Koppel

Director of Information Security/CISO

Tufts University

James Plouffe

Strategic Technologist, CISSP

MobileIron

There’s an app for everything these days—from approving expenses in the grocery store line to looking up key customer information in the field. Employees are more productive than ever in today’s mobile-cloud world, which means data—and the risks of compromising it—is plentiful.

In this session, learn:

What risks are created through mobile-cloud technologies
Ways organizations are using mobile-cloud apps through the business
How to craft a security strategy that protects data no matter where it is.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:

Rebecca Buchanan at 971-717-6645 or Rebecca.Buchanan@evanta.com.

9:00am - 9:50am Executive Boardroom

Machine Identity – A Critical Security Concern

Phil Calvin

SVP Technology Risk Management and Risk Data Analytics

Citizens Bank

Bill Roberts

VP, IS-CISO

Hologic, Inc.

Jeff Hudson

CEO

Venafi

Session details pending.

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

How to Balance the Cost of Compliance

Brian Finch

Partner & Co-Chair, Cybersecurity & Global Security Practice Group

Pillsbury Winthrop Shaw Pittman LLP

Holly Ridgeway

Chief Security Officer

Citizens Bank

CISOs throughout the country are feeling the effects of strict compliance regulations—whether they’re influenced by EU’s GDPR requirements or California’s new data privacy laws. After all, being compliant is costly, time consuming and, at times, confusing.

In this session, engage in a discussion about:

Understanding new compliance requirements
Future compliance regulations
Balance the mountain of compliance overhead.

10:20am - 11:10am Breakout Session

AI and Machine Learning — Potential Successes and Security Risks

James Cabe

Principal Systems Engineer

Fortinet, Inc.

Security vendors, infosecurity specialists and cybersecurity professionals claim to use artificial intelligence and machine learning to defend customers against the most advanced threats in cybersecurity. But if you ask how these technologies work, answers can be vague or misleading.

In this session, you will learn how:

The mechanics of artificial intelligence and machine learning work, exploring how different techniques can be used to detect malware, malicious domains, phishing emails and other threats.
How technologies can potentially fail
How attackers can use technologies to infiltrate poorly designed or implemented systems.

10:20am - 11:10am Executive Boardroom

Evaluating Your Information Security Program

Joe Burgoyne

Director, Product Sec. & Privacy

Philips Healthcare

Stephen Pyne

Director, Information Security

Eze Software Group

Ray Zadjmool

CEO & Founder

Tevora

A comprehensive information security program can significantly limit an organization’s exposure to risk. To address security concerns and needs, CISOs must continually assess their program and make improvements.

Join peers to discuss:

Possible gaps and risks in your information security program
Understanding current and desired levels of maturity
Establishing KPIs to measure progress.

10:20am - 11:10am Executive Boardroom

DevSecOps – The Agile Approach to Security

Julie Fitton

VP, Digital Product Security

Stanley Black & Decker

Lorna Koppel

Director of Information Security/CISO

Tufts University

Cindy Blake

Global Sr. Security Evangelist

GitLab

Security from the start and better collaboration are the keys to effectively reducing risks posed to an organization. With DevSecOps methods and principles, security controls can help organizations react faster to attacks.

In this session, learn:

How DevSecOps changes the security team mindset
The benefits of a DevSecOps approach
How to implement DevSecOps in your organization

11:10am - 11:40am Networking Break

11:40am - 12:50pm Keynote

Securing Endpoints Using Analytics and a Proven Framework

Michael Howard

Worldwide Chief Security Advisor & Practice Manager

HP Inc. Print Security Solutions

As the number of connected devices continues to increase, so does the number of potential vulnerabilities. By 2020, there will be 2.8 billion connected devices, all of which could create security blind spots for organizations. How can security professionals expand their security measures to protect this ever-expanding attack surface?

In this session, Michael Howard draws on real-world examples to teach CISOs how to:

Understand and defend against the next wave of hackers.
Use data analytics and a proven framework to secure endpoint devices.
Identify existing gaps in endpoint security.

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Wear the Black Hat in a Cybersecurity Escape Room

Kevin Brown

CISO

Boston Scientific

As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

Hack a Facebook account using information left behind on employees’ desks.
Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.
Learn a new way to gamify insider threat training.

1:20pm - 2:10pm Breakout Session

How to Create Breakthrough Results During Times of Change

Val Wright

Global Leadership & Innovation Expert, Author of Thoughtfully Ruthless

Thoughtfully Ruthless

Conventional wisdom says you should limit the speed and volume of change, when the opposite is actually true. The key is to know where you are in the Tornado of Change and lead your team to rapid rebuilding.

In this highly interactive session, Val Wright teaches how to:

Ensure your organization understands and believes your changes
Increase the speed to 100% productivity.
Be Thoughtfully Ruthless® with time, energy, and resources

1:20pm - 2:10pm Executive Boardroom

Measuring Risk in a Post-GDPR World

Christina Frangos

Director Privacy Counsel

Acushnet Company

Daniel Gortze

Sr. Manager of Information Security

Cumberland Farms

Chris Babel

CEO

TrustArc

The GDPR significantly changed how companies assess and manage risk through a combination of new / complex compliance reporting requirements and exposure to significant financial penalties. The GDPR, and forthcoming California Consumer Privacy Act (CCPA) are increasing the level of interaction CISOs need to have with legal / privacy counterparts to ensure data protection risks are properly identified, effective management tools are implemented, and objective measures are in place to track progress.

Join fellow security leaders to discuss:

Standards and metrics for measuring data protection risk
Best practices for managing risk associated with GDPR, California Consumer Privacy Act, and other global data protection frameworks
Tools to manage data protection risk and meet compliance reporting requirements

To reserve your seat, please contact:

Rebecca Buchanan at 971-717-6645 or Rebecca.Buchanan@evanta.com.

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

A Security Strategy To Drive Customer Connection

Rajesh Goyal

VP, Digital Security

Fidelity

Adam Glick

VP, Enterprise Cyber Risk

Brown Brothers Harriman & Co.

It’s no secret that today’s CISOs must be business drivers within their organizations. To do this, they have to connect with what’s important to the business – the customers. Their duty extends beyond keeping the business safe. They must prove their ability to keep customers safe, too.

Engage in a dialog with Rajesh Goyal on:

Connecting with the customer around your Security value proposition, as a Marketing leader would.
Using customer insights to inform your security strategy and roadmap.
Supporting a customer-obsessed organization as a security professional.

2:30pm - 3:20pm Breakout Session

A Deep Dive into the DNA of Modern IoT Attack Botnets

Ron Winward

Security Evangelist

Radware

The majority of modern IoT-based attack botnets have uniquely common DNA; they use part of the Mirai code in their framework. While device exploitation techniques remain innovative, the attack vectors themselves are typically reused, making it possible for CISOs to outsmart these botnets.

Join this session to take a meaningful look at IoT attack botnets. You’ll learn about:

The different attack vectors in IoT botnets
How attack vectors replicate
What changes have been implemented in new IoT attack botnets

2:30pm - 3:20pm Executive Boardroom

Secure Transformation – Avoiding Risk in ERP Applications

Eric Jacobsen

Director of Information Security

Boston University

Mike Rodehorst

AVP & ISO

Federal Reserve Bank of Boston

Lyndsey Gibbons-Neff

Director of Professional Services

Onapsis, Inc.

Digital transformation is not just a buzzword, but an outline of business and operational plans to integrate and prioritize the latest digital technologies. Unfortunately, security is often second priority or not even in the scope of the transformation project.

Join this session to discuss how to: