Boston CISO Executive Summit

May 10, 2022 | The Westin Copley Place

May 10, 2022
The Westin Copley Place

REGISTER NOW

Collaborate with your peers

Get together with Boston's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Supporting business agility with risk-based programs

Evaluating, communicating and responding to evolving threats

Combating stress and burnout among CISOs and the security teams they lead

Boston CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Kevin Brown

SAIC
SVP, CISO

Javed Ikbal

Bright Horizons
VP/CISO

Larry Jarvis

Iron Mountain Inc
SVP, Chief Information Security Officer

Holly Ridgeway

Citizens Financial Group
Chief Security Officer

Ravi Thatavarthy

Rite Aid
Vice President & Chief Information Security Officer

Marnie Wilking

Wayfair
Global Head of Security and IT Risk Management

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Boston CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


May 9, 2022

6:00pm - 8:30pm  Governing Body Welcome Reception

Governing Body Private Dinner

Marnie Wilking headshot

Marnie Wilking

Global Head of Security and IT Risk Management

Wayfair

Governing Body members host this dinner for attendees to launch the event with an evening of peer networking.

May 10, 2022 - morning

7:30am - 8:15am  Registration & Breakfast

8:15am - 9:00am  Keynote

Strengths 2.0 — Applying Design Thinking to Your Strengths and Weaknesses

John K. Coyle headshot

John K. Coyle

CEO and Founder of "Speaking Design Thinking"

John K. Coyle is the founder and CEO of "Art of Really Living" and one of the world's leading experts in innovation and design thinking. Through the metaphor of sport, learn how individuals and teams can use innovation approaches to identify and leverage their unique strengths (and design around weaknesses). Become empowered to solve old problems in new ways and achieve breakthrough results. Understand how to apply the “Design Thinking” process to business and personal challenges. 

This will empower you to:

  • Achieve breakthrough performance by focusing on what you do best
  • Decide what to delegate, quit or outsource, and plan to maximize team resources
  • Create higher engagement and more effective collaboration with customers and colleagues

9:00am - 9:30am  Networking Break

9:30am - 10:15am  Breakout Session

Combating Stress and Burnout Starts with You

Ravi Thatavarthy headshot

Ravi Thatavarthy

Vice President & Chief Information Security Officer

Rite Aid

A CISO’s world is complex, challenging and at times exhausting. Between managing vulnerabilities, implementing new solutions, and navigating governance and company-wide risk assessments, it’s no wonder CISOs see the highest numbers of stress and burnout across the C-Suite. Taking care of yourself and modelling healthy behavior to your staff is key in supporting your team, retaining great talent, and building a more resilient organization.

Join this session to discuss:

  • How to model the work/life balance you want to see on your team
  • Ways to build your employee wellbeing strategy
  • Why trust and openness with your team is key to their mental health

9:30am - 10:15am  Breakout Session

Disrupting the Lateral Movement Equation

Jonathan Nativ headshot

Jonathan Nativ

Director of Strategic Alliances

Silverfort

Evan Anderson headshot

Evan Anderson

Director, Offensive Security

Guest Speaker

Traditional authentication methods are considered broken and despite investments, the exploitation of credentials and basic MFA implementations remain a blind spot for today’s security stacks. It is no longer a case of if an identity-based attack will hit your company, but when.

Join this interactive session to:

  • Get a live view into both the attacker and the defender perspective of identity threats
  • Understand how organizations are leveraging tools to identify blind spots in their security landscape
  • Understand how enforcing MFA on all access interfaces increases efforts of skilled attackers  


9:30am - 10:15am  Executive Boardroom

Preparing for the Next Attack

Stephen Stierer headshot

Stephen Stierer

Director of Solutions Engineering

Cloudflare

Kevin Burns headshot

Kevin Burns

CISO

Draper

Eric Jacobsen headshot

Eric Jacobsen

Executive Director of Information Security

Boston University

As API traffic surges, third-party networks rapidly expand, and the digital business accelerates, the threat of suffering a breach or disruption looms large on the horizon. CISOs managing an ever-expanding attack surface must fortify the foundations of their infrastructure, applications, and teams so that when the next big vulnerability is uncovered…you’re ready to respond.

Join this peer conversation to discuss:

  • Replacing static access controls and legacy security perimeters that delay incident response
  • Identifying and mitigating the risks of third-party networks and software supply chains
  • Trends in data privacy regulations and data protection measures

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact Spencer Bisgaard at spencer.bisgaard@evanta.com

9:30am - 10:15am  Executive Boardroom

The Art of Communicating Risk to the Business

Jeff Music headshot

Jeff Music

Vice President, CISO, Office of the CISO

ReliaQuest

Bobbi Bookstaver headshot

Bobbi Bookstaver

Director of Information Security

Shawmut Design and Construction

Richard Walzer headshot

Richard Walzer

Chief Information Security Officer

Clean Harbors

To quantify how they are reducing risk for the business and where to strategically invest, security leaders need effective, actionable metrics. These measures are essential to communicating effectively with the Board and other executive stakeholders.

Join this roundtable discussion to gain insight into how your peers are:

  • Making informed investment decisions
  • Communicating risk to the business at large
  • Using data to tell a story to non-technical audiences

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:   Spencer.Bisgaard@evanta.com

10:15am - 10:45am  Networking Break

10:20am - 10:45am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

10:45am - 11:30am  Breakout Session

Developing a Relationship with your Board

Robert Sullivan headshot

Robert Sullivan

CISO, VP Technology Shared Services

Agero

Bernie Gracy headshot

Bernie Gracy

Chief Digital Officer

Agero

Blending the science of technology with the art of leadership is a challenge facing many CISO’s today. Security leaders have an important job of managing cyber risk in an organization — but educating the board can be challenging. Boards are faced with many challenges, including economy, supply chain, and geo-political conflicts. Putting cyber risk into context is critical as the volume of threats to organizations are rising. For a CISO to thrive, a good relationship with your board is imperative so that you can describe and manage risk as an organization.

Join this session to learn:

  • How to keep the Boards attention by speaking their language and understanding their concerns
  • How to cast your net to get vital information from the board
  • The Do's and Don’ts- what can elevate board relations or erode them

10:45am - 11:30am  Breakout Session

Third-Party Cyber Risk — Zero-Day Findings and Mitigation

Mark Risoldi headshot

Mark Risoldi

VP Strategic Development

BlueVoyant

Esmond Kane headshot

Esmond Kane

CISO

Steward Health Care System

Managing distributed risk is today’s defining cybersecurity challenge. Mitigation of zero-day vulnerabilities is critical as adversaries exploit supply chain entities. This session explores how to identify all third parties impacted by zero-day vulnerabilities and guide their mitigation efforts. Your vendor, supplier, and partner ecosystem is now your enterprise attack surface. Hear directly from the CISO of Steward Healthcare, Esmond Kane, on how they have addressed this problem.

Join this fireside chat to learn:

  • How to manage distributed risk associated with hundreds and even thousands of vendors, suppliers, and partners
  • Approaches to identify, prioritize, and mitigate active threats and critical/zero-day vulnerabilities
  • Strategies to reduce supply chain/external ecosystem risk associated with zero-day

10:45am - 11:30am  Executive Boardroom

Zero Trust – Hype or Hope?

Mike Spisak headshot

Mike Spisak

Distinguished Engineer, Master Inventor, Zero Trust Technology Leader

IBM

Mark Malley headshot

Mark Malley

IT Security Officer

Boehringer Ingelheim

Raj Sharma headshot

Raj Sharma

Vice President- Head of Information Security

Northern Bank

An organization's ability to achieve successful digital transformation is in large part enabled by the security team. Distributed, loosely connected infrastructure and tools, coupled with the demand for almost any-to-any connectivity, complicates the mission. Regularly defined as being delivered by a single "silver bullet" point solution, the term zero trust is now often held in poor regard. It is however, a highly effective conceptual framework, and perhaps even a cultural shift, that many organizations have been working with for several years.

Join this interactive boardroom to discuss:

  • The broader definition of what a zero trust framework is
  • The foundational control required to build a zero trust program
  • Strategies for improving the user experience and proving value to get organization-wide acceptance

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Spencer.Bisgaard@evanta.com


10:45am - 11:30am  Executive Boardroom

Future Challenges: Security, Transformation, Hybrid and More

Jason Garbis headshot

Jason Garbis

Chief Product Officer

Appgate

Lorna Koppel headshot

Lorna Koppel

Director of Information Security/CISO

Tufts University

Enterprises are forced to adopt wildly different workforce logistical solutions while providing protection against ever-emerging threats. With greater reliance on the Cloud in 2022 and beyond, it’s time to improve efficiencies while still mitigating risks and protect ALL environments. Not just cloud transformation, but hybrid, multi-cloud, and on-prem.

Join this roundtable discussion to learn about:

  • Improving processes and efficiencies
  • Extending protections to all workloads
  • Analyzing tools, strategies, and technologies available


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:   Spencer.Bisgaard@evanta.com

11:30am - 11:40am  Break

May 10, 2022 - mid-afternoon

11:30am - 12:30pm  Lunch Service

12:30pm - 1:05pm  Keynote

Three Keys To Zero Trust — Isolation, People, and Productivity

Stephen Pieraldi headshot

Stephen Pieraldi

HP Distinguished Technologist, Enterprise Security and Faculty Professor, U.C. Berkley

Hewlett Packard Enterprise

How can CISOs adapt and enable business agility without compromising security? In the wake of widespread cloud adoption and ubiquitous remote workers, traditional network and security systems have failed to keep pace. Patch management and user productivity are two critical gaps CISOs must solve, but with such complexity, solutions can be challenging to find.  

Join this discussion to learn how others are taking a Zero Trust approach to:

  • Layered and diverse strategies that are critical in today’s market
  • The latest landscape for Zero Trust and identity governance best practices and challenges
  • Strategic considerations for securing remote work

1:05pm - 1:20pm  Break

1:20pm - 2:05pm  Breakout Session

Weaving Diversity, Equity and Inclusion into your Organizational DNA

Deb Briggs headshot

Deb Briggs

Chief Security Officer

Netscout

Sonia Arista headshot

Sonia Arista

SVP, Chief Information Security Officer

Signify Health

Deidre Diamond headshot

Deidre Diamond

Founder and CEO

CyberSN

Diversity, equity and inclusion should be top of mind for ALL leaders, but how are their teams implementing programs? Leaders today are looking for inspired pathways to create inclusive cultures, development opportunities, and collaborative opportunities not only to drive diversity initiatives but to create a smarter and more resilient company . As companies strive to drive DEI as a core organizational value, CISOs have an increasingly critical role to play, serving as strategic partners by creating equal opportunities which enable diverse employees to thrive and help their company grow. 

Join this session as leaders discuss:

  • Keys to establishing successful and collaborative programs to address racial inequalities
  • Strategies for communicating and demonstrating commitment to your workforce
  • Methods for robust DE&I implementation


1:20pm - 2:05pm  Breakout Session

Security Service Edge (SSE) — Security is a Team Sport

Shamla Naidoo headshot

Shamla Naidoo

Head of Cloud Strategy & Innovation

Netskope

Michael Woodson headshot

Michael Woodson

Director of Information Security and Privacy

Sonesta

Building trust and reliance across technology and security teams is key to defending the enterprise.  As security stacks incorporate Security Service Edge (SSE) to sustain the SASE journey, the partnership between CIOs, CISOs, and their teams is more important than ever.

Join this session to learn about:

  • Best practices for IT and security collaboration
  • Communicating the importance of SSE to your CEO and Board
  • Improving internal stakeholder relationships to fuel business outcomes

1:20pm - 2:05pm  Executive Boardroom

Architecting a More Adaptive and Integrated IAM Strategy

Iva Blazina Vukelja headshot

Iva Blazina Vukelja

Director of Product Management

Cisco Secure

Ken Asnes headshot

Ken Asnes

Sr. Director, Information Security/CISO

Talbots

Robert Guay headshot

Robert Guay

Director of Emerging Security Technologies

Johnson & Johnson

IAM systems are the digital keys to your company’s castle. But the transition to remote, connect anywhere computing means there are thousands of keys created every day, each one exponentially increasing the risk of unauthorized access through any one of the systems your users access daily. So if identity is now the ultimate perimeter and that perimeter is constantly expanding and becoming more complex, how do you build a defense structure capable of protecting it?

During this peer-discussion you will explore:

  • The role of zero trust in access management
  • How to implement IAM tools without negatively impacting the user experience or core business operations
  • How to engage other stakeholders and functions on their access needs to move beyond surface-level coordination

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:   Spencer.Bisgaard@evanta.com

1:20pm - 2:05pm  Executive Boardroom

Software Supply Chain Management Hygiene

Bryan Whyte headshot

Bryan Whyte

Technical Presale Manager

Sonatype

Jim Kottas headshot

Jim Kottas

Chief Information Security Officer, Chief Privacy Officer

Idemia North America

Shiva Rajagopalan headshot

Shiva Rajagopalan

Sr. Director Dataops

GE Healthcare

Software hygiene practices are like handwashing prior to surgery; at one point laughable, now an essential and integral step prior to every procedure. Why are organizations still not putting enough focus on adopting essential software hygiene practices for supply chain management, even though they know they should?

Join this roundtable session to discuss:

  • Encouraging developers to adopt a set of security and governance daily routines
  • Overcoming the knowledge sharing gap between Security, Developer, and IT Operations
  • Positioning software hygiene as a practice that generates not simply risk value, but revenue value 


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:   Spencer.Bisgaard@evanta.com


May 10, 2022 - afternoon

2:05pm - 2:35pm  Networking Break

2:10pm - 2:35pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:35pm - 3:20pm  Breakout Session

Cybersecurity Insurance - What Price Will You Pay?

Lorna Koppel headshot

Lorna Koppel

Director of Information Security/CISO

Tufts University

Javed Ikbal headshot

Javed Ikbal

VP/CISO

Bright Horizons

In the last year, cyber-attack sophistication blindsided some of the world’s biggest companies. The severity of financial loss was profound. Because of this, Cybersecurity insurance is continuously evolving. Part of your ransomware tool kit should include cybersecurity insurance. Many CISO’s think they know their cyber security policy, but do they really?  Bad actors are upping the ante and so must you.

Join CISO’s Lorna Koppel and Javed Ikbal to discuss:

  • How to begin the process of pre-insurance and what to prepare for
  • What are the three things you must do after an attack
  • Should you self-insure, the upside and the catch

2:35pm - 3:20pm  Breakout Session

Adapt and Persevere — Preparing for Next-Level Threats

Cristian Rodriguez headshot

Cristian Rodriguez

Director, Field Engineering, North America

CrowdStrike

The cyber threat landscape is unpredictable and features security concerns that must be shared across all levels of the organization. Understanding the significance of recent events gives visibility into the shifting dynamics of adversary tactics, which is critical for staying ahead of and ultimately defeating today’s threats. As security teams assess the evolving threat landscape, what changes are actually required, and what can be done about it?

Join this session as Cristian Rodriguez shares:

  • What security teams need to know - and do - in an increasingly ominous threat landscape
  • How to implement the right combination of security tools to stop an adversary with speed
  • Effective security strategies and practical recommendations to stay ahead of next-level threats

2:35pm - 3:20pm  Executive Boardroom

Build and Protect for Tomorrow

Nick Rockwell headshot

Nick Rockwell

Senior Vice President of Engineering & Infrastructure

Fastly

David Escalante headshot

David Escalante

Dir., Computer Policy & Sec.

Boston College

Michael Woodson headshot

Michael Woodson

Director of Information Security and Privacy

Sonesta

The pandemic not only accelerated the pace of digital transformation— it heightened customer expectations as they now require personalized, intuitive, and immediate experiences in our increasingly digital world. However, this demand also creates a need for secure, performant, and resilient technology. That increase pushes businesses to expand their technological ecosystems and grow the way they think about interfacing with customers and employees. With this expansion and change, come inherent risks.
 
Join this session as your peers discuss:
•Creating unique opportunities for business transformation
•Balancing innovation, while managing and protecting new technologies
•Implementing strategies for future-proofing a framework that allows for faster modernization

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:   Spencer.Bisgaard@evanta.com

2:35pm - 3:20pm  Executive Boardroom

Minimize Security Risk While Fostering Innovation

Marc van Zadelfoff headshot

Marc van Zadelfoff

CEO

Devo

Paul Deluca headshot

Paul Deluca

Sr Director Security & Infrastructure

AspenTech

In cybersecurity, the goal is to minimize risk. However, adversaries are agile in their efforts to subvert security measures. Innovation is required to keep pace with the evolving threat landscape. What must CISOs do to run an efficient SOC while still mitigating risk and fostering innovation?

Join this session to discuss:

•  What are the biggest risks in the current cybersecurity landscape

•   How attacks have resulted in reactive or proactive changes

•  Strategies to drive innovation while keeping your organization safe


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:   Spencer.Bisgaard@evanta.com

3:20pm - 3:35pm  Networking Break

3:35pm - 4:10pm  Keynote

Log4j - Is It Really Over?

Anne Coulombe headshot

Anne Coulombe

Head of Data Protection / Data Security

Massachusetts Mutual Life Insurance Co

Log4J was a zero-day event and one of the largest security attacks we’ve seen in decades. Some organizations were severely affected and others, not so much, or so they thought.  As a CISO, what is your plan for Log4j’s insidious nature? Is it coming back into your environment? The potential exists to wreak havoc for a long time if organizations do not address its threat potential and catastrophic implications. Unless companies pay attention to the long-tail, it will come back to bite you.

Join this discussion to explore:

  • Ways to communicate the risk and urgency with the board, leadership team and community
  • How to uncover and address the long-tail ramifications
  • Where it ties into vulnerably management and security hygiene

4:10pm - 4:40pm  Closing Reception & Prize Drawing

REGISTER

We look forward to seeing you at an upcoming in-person gathering


Evanta programs are uniquely positioned to succeed in the current landscape.

  • Our invitation-only gatherings are designed to be smaller in scale, providing a safe and comfortable environment.
  • All in-person programs are local and complimentary, with zero impact on your organization’s T&E.

We are committed to creating the safest possible environment for all participants, partners, and associates. As a part of our commitment we will continue to monitor and adhere to government, venue, and health agency guidelines. Information on vaccinations, face mask guidance, on-site safety measures, and more, can be found here: Health and Safety Resource Policy.

Location


Venue & Accommodation

The Westin Copley Place
MORE INFORMATION

A block of rooms has been reserved at the The Westin Copley Place at a reduced conference rate. Reservations should be made online or by calling 617-262-9600.

Deadline to book using the discounted room rate of $299 USD (plus tax) is April 18, 2022.

Your Community Partners


Global Thought Leader
CISO Thought Leader
Program Partners

Boston CISO Program Manager


For inquiries related to this event, please reach out to your dedicated program contact.

Spencer Bisgaard

Program Manager

971-230-3537

spencer.bisgaard@evanta.com