IN-PERSON

Boston CISO Executive Summit

May 10, 2022 | The Westin Copley Place

May 10, 2022
The Westin Copley Place

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Kevin Brown

SAIC
SVP, CISO

Javed Ikbal

Bright Horizons
VP/CISO

Larry Jarvis

Iron Mountain Inc
SVP, Chief Information Security Officer

Lorna Koppel

Tufts University
Director of Information Security/CISO

Holly Ridgeway

Citizens Financial Group
Chief Security Officer

Ravi Thatavarthy

Rite Aid
Vice President & Chief Information Security Officer

Marnie Wilking

Wayfair
Global Head of Security and IT Risk Management

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Boston CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

May 9, 2022

afternoon

May 10, 2022

morning mid-afternoon afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

Governing Body Private Dinner

Marnie Wilking

Global Head of Security and IT Risk Management

Wayfair

Governing Body members host this dinner for attendees to launch the event with an evening of peer networking.

7:30am - 8:15am Registration & Breakfast

8:15am - 9:00am Keynote

Strengths 2.0 — Applying Design Thinking to Your Strengths and Weaknesses

John K. Coyle

CEO and Founder of "Speaking Design Thinking"

John K. Coyle is the founder and CEO of "Art of Really Living" and one of the world's leading experts in innovation and design thinking. Through the metaphor of sport, learn how individuals and teams can use innovation approaches to identify and leverage their unique strengths (and design around weaknesses). Become empowered to solve old problems in new ways and achieve breakthrough results. Understand how to apply the “Design Thinking” process to business and personal challenges.

This will empower you to:

Achieve breakthrough performance by focusing on what you do best
Decide what to delegate, quit or outsource, and plan to maximize team resources
Create higher engagement and more effective collaboration with customers and colleagues

9:00am - 9:30am Networking Break

9:30am - 10:15am Breakout Session

Combating Stress and Burnout Starts with You

Ravi Thatavarthy

Vice President & Chief Information Security Officer

Rite Aid

A CISO’s world is complex, challenging and at times exhausting. Between managing vulnerabilities, implementing new solutions, and navigating governance and company-wide risk assessments, it’s no wonder CISOs see the highest numbers of stress and burnout across the C-Suite. Taking care of yourself and modelling healthy behavior to your staff is key in supporting your team, retaining great talent, and building a more resilient organization.

Join this session to discuss:

How to model the work/life balance you want to see on your team
Ways to build your employee wellbeing strategy
Why trust and openness with your team is key to their mental health

9:30am - 10:15am Breakout Session

Disrupting the Lateral Movement Equation

Jonathan Nativ

Director of Strategic Alliances

Silverfort

Evan Anderson

Director, Offensive Security

Guest Speaker

Traditional authentication methods are considered broken and despite investments, the exploitation of credentials and basic MFA implementations remain a blind spot for today’s security stacks. It is no longer a case of if an identity-based attack will hit your company, but when.

Join this interactive session to:

Get a live view into both the attacker and the defender perspective of identity threats
Understand how organizations are leveraging tools to identify blind spots in their security landscape
Understand how enforcing MFA on all access interfaces increases efforts of skilled attackers

9:30am - 10:15am Executive Boardroom

Preparing for the Next Attack

Stephen Stierer

Director of Solutions Engineering

Cloudflare

Kevin Burns

CISO

Draper

Eric Jacobsen

Executive Director of Information Security

Boston University

As API traffic surges, third-party networks rapidly expand, and the digital business accelerates, the threat of suffering a breach or disruption looms large on the horizon. CISOs managing an ever-expanding attack surface must fortify the foundations of their infrastructure, applications, and teams so that when the next big vulnerability is uncovered…you’re ready to respond.

Join this peer conversation to discuss:

Replacing static access controls and legacy security perimeters that delay incident response
Identifying and mitigating the risks of third-party networks and software supply chains
Trends in data privacy regulations and data protection measures

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact Spencer Bisgaard at spencer.bisgaard@evanta.com

9:30am - 10:15am Executive Boardroom

The Art of Communicating Risk to the Business

Jeff Music

Vice President, CISO, Office of the CISO

ReliaQuest

Bobbi Bookstaver

Director of Information Security

Shawmut Design and Construction

Richard Walzer

Chief Information Security Officer

Clean Harbors

To quantify how they are reducing risk for the business and where to strategically invest, security leaders need effective, actionable metrics. These measures are essential to communicating effectively with the Board and other executive stakeholders.

Join this roundtable discussion to gain insight into how your peers are:

Making informed investment decisions
Communicating risk to the business at large
Using data to tell a story to non-technical audiences

To reserve your seat, please contact: Spencer.Bisgaard@evanta.com

10:15am - 10:45am Networking Break

10:20am - 10:45am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

10:45am - 11:30am Breakout Session

Developing a Relationship with your Board

Robert Sullivan

CISO, VP Technology Shared Services

Agero

Bernie Gracy

Chief Digital Officer

Agero

Blending the science of technology with the art of leadership is a challenge facing many CISO’s today. Security leaders have an important job of managing cyber risk in an organization — but educating the board can be challenging. Boards are faced with many challenges, including economy, supply chain, and geo-political conflicts. Putting cyber risk into context is critical as the volume of threats to organizations are rising. For a CISO to thrive, a good relationship with your board is imperative so that you can describe and manage risk as an organization.

Join this session to learn:

How to keep the Boards attention by speaking their language and understanding their concerns
How to cast your net to get vital information from the board
The Do's and Don’ts- what can elevate board relations or erode them

10:45am - 11:30am Breakout Session

Third-Party Cyber Risk — Zero-Day Findings and Mitigation

Mark Risoldi

VP Strategic Development

BlueVoyant

Esmond Kane

CISO

Steward Health Care System

Managing distributed risk is today’s defining cybersecurity challenge. Mitigation of zero-day vulnerabilities is critical as adversaries exploit supply chain entities. This session explores how to identify all third parties impacted by zero-day vulnerabilities and guide their mitigation efforts. Your vendor, supplier, and partner ecosystem is now your enterprise attack surface. Hear directly from the CISO of Steward Healthcare, Esmond Kane, on how they have addressed this problem.

Join this fireside chat to learn:

How to manage distributed risk associated with hundreds and even thousands of vendors, suppliers, and partners
Approaches to identify, prioritize, and mitigate active threats and critical/zero-day vulnerabilities
Strategies to reduce supply chain/external ecosystem risk associated with zero-day

10:45am - 11:30am Executive Boardroom

Zero Trust – Hype or Hope?

Mike Spisak

Distinguished Engineer, Master Inventor, Zero Trust Technology Leader

IBM

Mark Malley

IT Security Officer

Boehringer Ingelheim

Raj Sharma

Vice President- Head of Information Security

Northern Bank

An organization's ability to achieve successful digital transformation is in large part enabled by the security team. Distributed, loosely connected infrastructure and tools, coupled with the demand for almost any-to-any connectivity, complicates the mission. Regularly defined as being delivered by a single "silver bullet" point solution, the term zero trust is now often held in poor regard. It is however, a highly effective conceptual framework, and perhaps even a cultural shift, that many organizations have been working with for several years.

Join this interactive boardroom to discuss:

The broader definition of what a zero trust framework is
The foundational control required to build a zero trust program
Strategies for improving the user experience and proving value to get organization-wide acceptance

To reserve your seat, please contact: Spencer.Bisgaard@evanta.com

10:45am - 11:30am Executive Boardroom

Future Challenges: Security, Transformation, Hybrid and More

Jason Garbis

Chief Product Officer

Appgate

Lorna Koppel

Director of Information Security/CISO

Tufts University

Enterprises are forced to adopt wildly different workforce logistical solutions while providing protection against ever-emerging threats. With greater reliance on the Cloud in 2022 and beyond, it’s time to improve efficiencies while still mitigating risks and protect ALL environments. Not just cloud transformation, but hybrid, multi-cloud, and on-prem.

Join this roundtable discussion to learn about:

Improving processes and efficiencies
Extending protections to all workloads
Analyzing tools, strategies, and technologies available

To reserve your seat, please contact: Spencer.Bisgaard@evanta.com

11:30am - 11:40am Break

11:30am - 12:30pm Lunch Service

12:30pm - 1:05pm Keynote

Three Keys To Zero Trust — Isolation, People, and Productivity

Stephen Pieraldi

HP Distinguished Technologist, Enterprise Security and Faculty Professor, U.C. Berkley

Hewlett Packard Enterprise

How can CISOs adapt and enable business agility without compromising security? In the wake of widespread cloud adoption and ubiquitous remote workers, traditional network and security systems have failed to keep pace. Patch management and user productivity are two critical gaps CISOs must solve, but with such complexity, solutions can be challenging to find.

Join this discussion to learn how others are taking a Zero Trust approach to:

Layered and diverse strategies that are critical in today’s market
The latest landscape for Zero Trust and identity governance best practices and challenges
Strategic considerations for securing remote work

1:05pm - 1:20pm Break

1:20pm - 2:05pm Breakout Session

Weaving Diversity, Equity and Inclusion into your Organizational DNA

Deb Briggs

Chief Security Officer

Netscout

Sonia Arista

SVP, Chief Information Security Officer

Signify Health

Deidre Diamond

Founder and CEO

CyberSN

Diversity, equity and inclusion should be top of mind for ALL leaders, but how are their teams implementing programs? Leaders today are looking for inspired pathways to create inclusive cultures, development opportunities, and collaborative opportunities not only to drive diversity initiatives but to create a smarter and more resilient company . As companies strive to drive DEI as a core organizational value, CISOs have an increasingly critical role to play, serving as strategic partners by creating equal opportunities which enable diverse employees to thrive and help their company grow.

Join this session as leaders discuss:

Keys to establishing successful and collaborative programs to address racial inequalities
Strategies for communicating and demonstrating commitment to your workforce
Methods for robust DE&I implementation

1:20pm - 2:05pm Breakout Session

Security Service Edge (SSE) — Security is a Team Sport

Shamla Naidoo

Head of Cloud Strategy & Innovation

Netskope

Michael Woodson

Director of Information Security and Privacy

Sonesta

Building trust and reliance across technology and security teams is key to defending the enterprise. As security stacks incorporate Security Service Edge (SSE) to sustain the SASE journey, the partnership between CIOs, CISOs, and their teams is more important than ever.

Join this session to learn about:

Best practices for IT and security collaboration
Communicating the importance of SSE to your CEO and Board
Improving internal stakeholder relationships to fuel business outcomes

1:20pm - 2:05pm Executive Boardroom

Architecting a More Adaptive and Integrated IAM Strategy

Iva Blazina Vukelja

Director of Product Management

Cisco Secure

Ken Asnes

Sr. Director, Information Security/CISO

Talbots

Robert Guay

Director of Emerging Security Technologies

Johnson & Johnson

IAM systems are the digital keys to your company’s castle. But the transition to remote, connect anywhere computing means there are thousands of keys created every day, each one exponentially increasing the risk of unauthorized access through any one of the systems your users access daily. So if identity is now the ultimate perimeter and that perimeter is constantly expanding and becoming more complex, how do you build a defense structure capable of protecting it?

During this peer-discussion you will explore:

The role of zero trust in access management
How to implement IAM tools without negatively impacting the user experience or core business operations
How to engage other stakeholders and functions on their access needs to move beyond surface-level coordination

To reserve your seat, please contact: Spencer.Bisgaard@evanta.com

1:20pm - 2:05pm Executive Boardroom

Software Supply Chain Management Hygiene

Bryan Whyte

Technical Presale Manager

Sonatype

Jim Kottas

Chief Information Security Officer, Chief Privacy Officer

Idemia North America

Shiva Rajagopalan

Sr. Director Dataops

GE Healthcare

Software hygiene practices are like handwashing prior to surgery; at one point laughable, now an essential and integral step prior to every procedure. Why are organizations still not putting enough focus on adopting essential software hygiene practices for supply chain management, even though they know they should?

Join this roundtable session to discuss:

Encouraging developers to adopt a set of security and governance daily routines
Overcoming the knowledge sharing gap between Security, Developer, and IT Operations
Positioning software hygiene as a practice that generates not simply risk value, but revenue value

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Spencer.Bisgaard@evanta.com

2:05pm - 2:35pm Networking Break

2:10pm - 2:35pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:35pm - 3:20pm Breakout Session

Cybersecurity Insurance - What Price Will You Pay?

Lorna Koppel

Director of Information Security/CISO

Tufts University

Javed Ikbal

VP/CISO

Bright Horizons

In the last year, cyber-attack sophistication blindsided some of the world’s biggest companies. The severity of financial loss was profound. Because of this, Cybersecurity insurance is continuously evolving. Part of your ransomware tool kit should include cybersecurity insurance. Many CISO’s think they know their cyber security policy, but do they really? Bad actors are upping the ante and so must you.

Join CISO’s Lorna Koppel and Javed Ikbal to discuss:

How to begin the process of pre-insurance and what to prepare for
What are the three things you must do after an attack
Should you self-insure, the upside and the catch

2:35pm - 3:20pm Breakout Session

Adapt and Persevere — Preparing for Next-Level Threats

Cristian Rodriguez

Director, Field Engineering, North America

CrowdStrike

The cyber threat landscape is unpredictable and features security concerns that must be shared across all levels of the organization. Understanding the significance of recent events gives visibility into the shifting dynamics of adversary tactics, which is critical for staying ahead of and ultimately defeating today’s threats. As security teams assess the evolving threat landscape, what changes are actually required, and what can be done about it?

Join this session as Cristian Rodriguez shares:

What security teams need to know - and do - in an increasingly ominous threat landscape
How to implement the right combination of security tools to stop an adversary with speed
Effective security strategies and practical recommendations to stay ahead of next-level threats

2:35pm - 3:20pm Executive Boardroom

Build and Protect for Tomorrow

Nick Rockwell

Senior Vice President of Engineering & Infrastructure

Fastly

David Escalante

Dir., Computer Policy & Sec.

Boston College

Michael Woodson

Director of Information Security and Privacy

Sonesta

The pandemic not only accelerated the pace of digital transformation— it heightened customer expectations as they now require personalized, intuitive, and immediate experiences in our increasingly digital world. However, this demand also creates a need for secure, performant, and resilient technology. That increase pushes businesses to expand their technological ecosystems and grow the way they think about interfacing with customers and employees. With this expansion and change, come inherent risks.

Join this session as your peers discuss:
•Creating unique opportunities for business transformation
•Balancing innovation, while managing and protecting new technologies
•Implementing strategies for future-proofing a framework that allows for faster modernization

To reserve your seat, please contact: Spencer.Bisgaard@evanta.com

2:35pm - 3:20pm Executive Boardroom

Minimize Security Risk While Fostering Innovation

Marc van Zadelfoff

CEO

Devo

Paul Deluca

Sr Director Security & Infrastructure

AspenTech

In cybersecurity, the goal is to minimize risk. However, adversaries are agile in their efforts to subvert security measures. Innovation is required to keep pace with the evolving threat landscape. What must CISOs do to run an efficient SOC while still mitigating risk and fostering innovation?

Join this session to discuss:

• What are the biggest risks in the current cybersecurity landscape

• How attacks have resulted in reactive or proactive changes

• Strategies to drive innovation while keeping your organization safe

To reserve your seat, please contact: Spencer.Bisgaard@evanta.com

3:20pm - 3:35pm Networking Break

3:35pm - 4:10pm Keynote

Log4j - Is It Really Over?

Anne Coulombe

Head of Data Protection / Data Security

Massachusetts Mutual Life Insurance Co

Log4J was a zero-day event and one of the largest security attacks we’ve seen in decades. Some organizations were severely affected and others, not so much, or so they thought. As a CISO, what is your plan for Log4j’s insidious nature? Is it coming back into your environment? The potential exists to wreak havoc for a long time if organizations do not address its threat potential and catastrophic implications. Unless companies pay attention to the long-tail, it will come back to bite you.

Join this discussion to explore:

Ways to communicate the risk and urgency with the board, leadership team and community
How to uncover and address the long-tail ramifications
Where it ties into vulnerably management and security hygiene

4:10pm - 4:40pm Closing Reception & Prize Drawing

May 9, 2022

afternoon

May 10, 2022

morning mid-afternoon afternoon

We look forward to seeing you at an upcoming in-person gathering

Location

Venue & Accommodation

The Westin Copley Place

MORE INFORMATION

A block of rooms has been reserved at the The Westin Copley Place at a reduced conference rate. Reservations should be made online or by calling 617-262-9600.

Deadline to book using the discounted room rate of $299 USD (plus tax) is April 18, 2022.

RESERVE ROOM