Boston CISO Executive Summit

November 20, 2019, Westin Copley Place, Boston

November 20, 2019
Westin Copley Place, Boston

Collaborate with your peers

Get together with your peers to tackle top business challenges through peer-driven content and discussions at the Boston CISO Executive Summit.

Join your peers to discuss the most critical issues impacting CISOs today:

Strategies for a risk-aligned, resilient organization

Developing and investing in the security workforce of tomorrow

Creating business value and supporting agile business operations

Boston CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Kevin Brown headshot

Kevin Brown

Boston Scientific
CISO

Larry Jarvis headshot

Larry Jarvis

Iron Mountain
CISO

Lorna Koppel headshot

Lorna Koppel

Tufts University
Director of Information Security/CISO

Taylor Lehmann headshot

Taylor Lehmann

athenahealth
CISO

Holly Ridgeway headshot

Holly Ridgeway

Citizens Bank
Chief Security Officer

Marnie Wilking headshot

Marnie Wilking

Wayfair
Global Head of Security and IT Risk Management

Agenda


November 20, 2019 - morning

7:00am - 7:45am  Registration & Breakfast

7:45am - 8:00am  Opening Comments

Opening Comments

Opening Comments

8:00am - 8:30am  Keynote

Leadership Lessons From a Sled Dog Team

Blair Braverman headshot

Blair Braverman

Leadership Speaker

Author & Thought Leader

A long-distance dogsledder is wholly responsible for her dog team's morale, attitude, and motivation in high-pressure situations. Learn how a musher earns and keeps the trust of her dog team — and how those leadership lessons can be just as effective for a human team.

Join this session to learn:

  • How a musher leads her team from behind
  • How to work through communication barriers
  • Go-to steps for solving problems and tackling challenges along the way

8:30am - 9:00am  Networking Break

9:00am - 9:50am  Breakout Session

The CFO — CISO Partnership

Jay Carter headshot

Jay Carter

Dir., Information Security

MEMIC

Dan McGarvey headshot

Dan McGarvey

SVP & CFO

MEMIC

Building strong relationships is an integral part of being an effective leader, so how can CFOs and CISOs embrace their unique partnership? Finance and security leaders face challenges that put them in a position to collaborate and magnify their impact.

This session will answer the community’s questions and give you the chance to discuss:

  • How CFOs prioritize cybersecurity investments
  • What a CISO can do to better communicate with the CFO
  • CFO board communication best practices applicable to CISOs

9:00am - 9:50am  Breakout Session

Doing Everything Right and Still Getting Hacked

Aamir Lakhani headshot

Aamir Lakhani

Global Security Strategist

Fortinet

Why do organizations still get breached when they are performing pen tests, auditing networks, following compliance, and implementing the latest security technologies that take advantage of anomalous behavior models, artificial intelligence, and machine learning?

This talk will examine:

  • Real-world breach examples
  • How cybersecurity failed to keep attackers away
  • What could have been done to keep attackers out

9:00am - 9:50am  Executive Boardroom

Protecting Your VIPs, and Your VAPs (Very Attacked People) Too

David Escalante headshot

David Escalante

Dir., Computer Policy & Sec.

Boston College

Daniel Gortze headshot

Daniel Gortze

Director of IT Security & Infrastructure

Cumberland Farms

Lucia Milica headshot

Lucia Milica

Resident CISO

Proofpoint

For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Ryan Kalember of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

Join to learn:

  • Why nearly all threat actors have shifted away from technical exploits to compromise their targets
  • How organizations can leverage threat data to understand which people and departments are highly targeted
  • How to design effective protection for highly attacked, highly vulnerable, and highly privileged users

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

9:00am - 9:50am  Executive Boardroom

Next-Generation Cloud Security

Rajesh Goyal headshot

Rajesh Goyal

VP, Digital Security

Fidelity

Parag Pathak headshot

Parag Pathak

Team Lead, Product Marketing

IBM

As organizations increasingly turn to cloud-based services, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud.

In this boardroom we’ll discuss:

  • Nuances for hybrid on- and off-premise systems
  • Ways to incorporate security into your cloud strategy
  • Automation, orchestration, and next-generation cloud security

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

9:50am - 10:20am  Networking Break

10:20am - 11:10am  Breakout Session

A Problems and Solutions Workshop

Holly Ridgeway headshot

Holly Ridgeway

Chief Security Officer

Citizens Bank

Got a problem you need solved? Got a solution you can provide? This session encourages interaction between attendees to share problems and solutions to pressing needs – from small to big. Leave this session knowing you received or offered a viable solution or resource.

10:20am - 11:10am  Breakout Session

Leading Your Board to the Next Frontier — Organizational Analytics

Mike Maziarz headshot

Mike Maziarz

Chief Marketing Officer

SecurityScorecard

Mark Teehan headshot

Mark Teehan

Chief Information Security Officer

Harvard Pilgrim Health Care

Today, boards have a fiduciary duty to know about the cybersecurity risks of their organizations. We’ve all seen how a cybersecurity breach can have harsh consequences not just for the company, but for the CISO. In this session, learn how to take charge of your organization’s cybersecurity health and shine as a CISO with leading-edge analytics. 

In this session, you’ll explore how to:

  • Create a trusted dialogue with your board by providing transparency into cybersecurity posture of your entire risk ecosystem
  • Educate, influence, and get buy-in for cybersecurity investments with predictive insights
  • Use organizational analytics to develop crystal-clear reporting to enable the board to make informed decisions about budget, people, and tools
  • Turn your organization’s cybersecurity posture into a differentiator

10:20am - 11:10am  Executive Boardroom

Modern Approaches to Protecting Your Third-Party Ecosystem

Brian Palazini headshot

Brian Palazini

Chief Information Security Officer

Analog Devices

Scott Schneider headshot

Scott Schneider

Chief Revenue Officer

CyberGRX

It's no secret that hackers are opportunistic. They are constantly looking for the weakest link and are quick to capitalize on one as soon as it's spotted. 

This boardroom will discuss:

  • Third-party cyber risk best practices
  • New strategies for third-party cyber risk management (TPCRM) and how they work
  • How to scale your third-party cyber risk management (TPCRM) program to evolve with your ecosystem

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

10:20am - 11:10am  Executive Boardroom

Maximizing the Rewards of Information Governance

Joe Burgoyne headshot

Joe Burgoyne

Sr. Director, Cyber Security

GE Healthcare

Tim Jacobs headshot

Tim Jacobs

Director, Information Security Governance and Emerging Technologies

Blue Cross Blue Shield of Massachusetts

Jeremiah Sahlberg headshot

Jeremiah Sahlberg

Director of Information Security

Tevora

A growing concern for privacy protection and the proliferation of both internal and external risks has led CISOs to a critical information governance crossroads. An effective information governance strategy can stop-up potential access points and shield the company from legal and compliance risks but can also be perceived as a barrier to maximizing the value of a company’s data.

Join this boardroom session to discuss:

  • A proactive approach to the policies, methodologies and controls
  • How to find a balance between business and security
  • Identifying an appropriate governance direction

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

11:10am - 11:40am  Networking Break

November 20, 2019 - mid-afternoon

11:40am - 12:20pm  Lunch & Comments

12:20pm - 12:50pm  Keynote

Culture — The Difference Between Success and Failure

Corey E. Thomas headshot

Corey E. Thomas

Chairman and CEO

Rapid7

Why do some companies filled with smart people fail and others succeed? Culture can make all the difference. It can accentuate the collective and drive innovation or it can be a distraction. In order to achieve long-term success, there must be a level of cohesiveness and alignment between a company’s culture, its employees, and goals. 

In this keynote presentation, Corey Thomas, Chairman and CEO of Rapid7, shares:

  • His quest for culture alignment
  • How he promotes a culture of disciplined risk-taking
  • Creating a culture of continuous learning and diversity of mindset

12:50pm - 1:20pm  Networking Break

1:20pm - 2:10pm  Breakout Session

For a Sound Cyber Framework, Break Down Silos

Bruce Forman headshot

Bruce Forman

CISO

UMassMemorial Medical Center

A successful security strategy doesn’t develop in silos. It’s created within a sound cybersecurity framework that works across verticals to address the spectrum of cybersecurity needs.

In this session, you’ll learn how to:

  • Create a cybersecurity-centric governance model
  • Develop a cross-vertical committee that breaks silos 
  • Leverage your committee to influence your security approach

1:20pm - 2:10pm  Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Eric Blatte headshot

Eric Blatte

President & Co-Founder

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

  • Explore the true nature of the enterprise cyber risk surface
  • Discuss threats and regulations driving organizations to better manage their extended enterprise
  • Share insights on how to better manage third-party risk (hint: good data!)

1:20pm - 2:10pm  Executive Boardroom

Best Practices For Integrating Security With DevOps

Michael McNeil headshot

Michael McNeil

Global Product Security & Services Officer

Philips Healthcare

Cindy Blake headshot

Cindy Blake

Global Sr. Security Evangelist

GitLab

Rapid iterations of DevOps, along with a host of new tools, can make an application security program seem like a square peg in a round hole as enterprises try to push Sec into the middle of DevOps. At the same time, modern applications rely on a more dynamic environment that can introduce new security challenges, particularly as they scale.

In this roundtable, we will explore:

  • Best practices for making security and compliance ubiquitous, to reduce risk and cost
  • Security challenges of a changing software development lifecycle and of next-gen software
  • Automating and monitoring secure development practices

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

1:20pm - 2:10pm  Executive Boardroom

Security Orchestration Automation — Hours to Minutes

Lorna Koppel headshot

Lorna Koppel

Director of Information Security/CISO

Tufts University

Michael Woodson headshot

Michael Woodson

CISO

Massachusetts Bay Transportation Authority

In a hyper-connected world, incident response at machine speed and enterprise-scale are now required for effective security operations. What steps have organizations taken to become more effective at protecting the business and ultimately enable business objectives?

In this boardroom, you will discuss:

  • Orchestration of your security operations
  • Challenges of automation
  • Considerations for success

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

November 20, 2019 - afternoon

2:10pm - 2:30pm  Networking Break

2:30pm - 3:20pm  Breakout Session

Pen Test Your Board Pitch 2.0 — An Interactive Exercise

Mark Nardone headshot

Mark Nardone

Associate VP and CISO

Northeastern University

Marnie Wilking headshot

Marnie Wilking

Global Head of Security and IT Risk Management

Wayfair

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

  • Create and deliver a board pitch
  • Receive real-time feedback on your pitch
  • Learn best practices and strategies for communicating with your board

2:30pm - 3:20pm  Executive Boardroom

Translate Complex Cybersecurity Issues Into Simple Business Context

Bobbi Bookstaver headshot

Bobbi Bookstaver

Manager Information Security

Shawmut Design and Construction

Jon Fredrickson headshot

Jon Fredrickson

Information Security & Privacy Officer

Blue Cross Blue Shield of Rhode Island

Chris Poulin headshot

Chris Poulin

Principal Consulting Engineer

BitSight

It is much easier now to determine what’s important, dangerous and real in your third party ecosystem. Yet, as hacks continue to threaten data and business continuity, the old school of thought around securing the enterprise is no longer relevant. 

This boardroom will explore:

  • Layering traditional tools and new strategies to define goals and deploy resources
  • Communicate to the board through a holistic risk lens
  • Developing clear business cases connecting business profitability to risk reduction

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

2:30pm - 3:20pm  Executive Boardroom

Non-Employees — Sponsor But Never Trust

Eric Jacobsen headshot

Eric Jacobsen

Executive Director of Information Security

Boston University

Steven Keller headshot

Steven Keller

AVP, Chief Information Security Officer

MAPFRE Insurance

Mark Teehan headshot

Mark Teehan

Chief Information Security Officer

Harvard Pilgrim Health Care

David Pignolet headshot

David Pignolet

President and CEO

SecZetta

Organizations face a growing challenge interacting with partners and suppliers outside of the organization. With the dispersed nature of working with non-employees, no single department is responsible for defining and managing a centralized process. 

In this boardroom, you’ll discuss:

  • The security consequences of not addressing an outdated business process
  • How to manage business process and data effectively to deliver actionable decisions
  • The benefits of an identity and business-process first approach to managing non-employees

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

3:20pm - 3:40pm  Networking Break

3:40pm - 3:50pm  Closing Comments

3:50pm - 4:20pm  Keynote

What’s Your Mission? Identifying Purpose in the C-Suite

Mark Maybury headshot

Mark Maybury

Chief Technology Officer

Stanley Black & Decker

It’s easy to think that “protecting against the bad guys” is a CISO's core mission in the c-suite. But what if something bigger served as a CISO's purpose? And what really ties the c-suite together to not only protect the business, but to drive innovation within the business?

In this session, you’ll hear a CTO’s perspective on how to:

  • Genuinely collaborate with your c-suite peers, specifically your CTO
  • Create a shared purpose that drives innovation
  • Intersect technology and innovation in a way that makes sense

4:20pm - 5:00pm  Closing Reception & Prize Drawing

Location


Venue & Accommodation

Westin Copley Place, Boston

Your Community Partners


National Thought Leaders
Keynote Sponsor
National Sponsors

Boston CISO Program Manager


For inquiries related to this event, please reach out to your dedicated program manager.

Rebecca Buchanan

971-717-6645

rebecca.buchanan@evanta.com