Chicago CISO Executive Summit

May 14, 2019 | Hyatt Regency McCormick Place

May 14, 2019
Hyatt Regency McCormick Place

Collaborate with your peers

Get together with your peers to tackle top business challenges through peer-driven content and discussions at the Chicago CISO Executive Summit.

Join your peers to discuss the most critical issues impacting CISOs today:

Strategies for a risk-aligned, resilient organization

Developing and investing in the security workforce of tomorrow

Creating business value and supporting agile business operations

Chicago CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Waqas Akkawi

SIRVA, Inc.
VP, CISO

Jim Cameli

Walgreens Boots Alliance
Global CISO

Nicole Ford

Baxter International Inc.
Global CISO

Larry Lidz

CNA
SVP & Global Chief Information Security Officer

JJ Markee

Kraft Heinz Company
CISO

John Reed

True Value Company
IT Security Program Manager

Paolo Vallotti

Mondelez International
Global CISO

Agenda


May 14, 2019 - morning

7:00am - 7:45am  Registration & Breakfast

7:45am - 8:30am  Keynote

The New Reality — Make Change Your Competitive Advantage

Karl Schoemer headshot

Karl Schoemer

Author, "Change Is Your Competitive Advantage"

Like a school of fish, an adaptive organization must move rapidly and in unison toward new opportunities. From navigating the uncertainty of today’s tight talent markets to responding to evolving employee expectations, leaders and employees alike must embrace the power of change to make it a part of their individual and organizational competitive advantage.

Karl Schoemer will draw on his 20 years’ experience studying change to share:

  • Insights on how leadership behaviors facilitate change
  • Strategies to help change contribute to culture
  • Tactics for creating change-adaptive individuals

8:30am - 9:00am  Networking Break

9:00am - 9:50am  Breakout Session

From Security Management to Risk Management

Amy Bogac headshot

Amy Bogac

Director, Information Security and Risk Management

CF Industries

How do security executives get buy-in from the rest of the business? For Amy Bogac, it starts with building security strategy around what the board is already focused on. Bogac shares her success in partnering with enterprise risk management to build strong support for security across the organization.

Join to learn:

  • The importance of partnerships with privacy, HR, and ERM
  • What the board truly wants to hear
  • How to mature security roles into that of a risk professional    


9:00am - 9:50am  Breakout Session

Behavioral Analytics and the Evolution of Cyber Risk Ratings

Jasson Casey headshot

Jasson Casey

CTO

SecurityScorecard

Cyber risk ratings have steadily evolved over the last six years, shifting from scoring approaches using off the shelf vulnerability scanners to frameworks built with machine learning. Jasson Casey shares the evolution of developing scores – including initial ideas, setbacks and breakthroughs.

In this session, learn:

  • The composition of a cyber security risk rating
  • How an enterprise IT team’s behavior manifests itself to the outside world
  • How behavior translates to cyber security risk for the business

9:00am - 9:50am  Executive Boardroom

Keeping Ahead of Information Governance

JJ Markee headshot

JJ Markee

CISO

Kraft Heinz Company

John Reed headshot

John Reed

IT Security Program Manager

True Value Company

Martin Sugden headshot

Martin Sugden

CEO

Boldon James

Information governance can seem like trying to boil the ocean. Developing the right strategy and approach is key in finding the best channels by which to assess risk. In this boardroom, uncover answers to your pressing questions, including:

  • How to gain visibility into high risk areas?
  • What controls should be in place to protect the company’s information assets adequately (and how are you defining adequately)?
  • What policies do you have in place, and how should you enforce and measure those policies?

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Tim Bigley at 971.717.6612 or tim.bigley@evanta.com. 

9:00am - 9:50am  Executive Boardroom

Managing the Convergence of Global Data Regulations

Victor Hsiang headshot

Victor Hsiang

Information Security Manager

GATX Corporation

Elizabeth Ogunti headshot

Elizabeth Ogunti

Senior Manager IT Security and Compliance

JBT Corporation

Matt Little headshot

Matt Little

Chief Product Officer

PKWARE, Inc.

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organizations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

  • The current landscape of data privacy regulation around the world
  • Best practices for managing risk associated with data protection frameworks
  • Standards and metrics for measuring data protection risk
  • Data classification strategies to aid compliance, regardless of regulation

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Tim Bigley at 971.717.6612 or tim.bigley@evanta.com. 

9:50am - 10:20am  Networking Break

10:20am - 11:10am  Breakout Session

An Approach to DevSecOps Implementation

Ricardo Lafosse headshot

Ricardo Lafosse

CISO

Morningstar, Inc.

 How can security leaders move away from a waterfall approach to development and help make security frictionless in the organization? Ricardo Lafosse, CISO at Morningstar, shares the year long, multi-faceted initiatives implemented to help align Morningstar with agile methodology.

Join this session to learn:

  • The importance of adjusting to meet business demand
  • How to get started, with potential surprises and pitfalls
  • The techniques and framework to successfully shift to agile

10:20am - 11:10am  Breakout Session

SD-WAN – The Solution to Network Visibility

Michael Konopka headshot

Michael Konopka

Director, Cyber Security & Network Svs.

Eby-Brown

Bill Morgan headshot

Bill Morgan

Director, Systems Engineering

Fortinet, Inc.

New SD-WAN technologies are reducing risk while simultaneously increasing security for enterprises by simplifying their security architecture through automation and integration. Michael Konopka joins Bill Morgan to share his experiences in partnering with Fortinet to deploy innovative solutions.

Join this session to learn:

  • Case studies of network visibility implementation
  • How organizations can gain visibility and application control while reducing WAN infrastructure cost with SD-WAN

10:20am - 11:10am  Executive Boardroom

Connecting Security, Risk, and IT to Enable a Best-in-Class Program

Mike Zachman headshot

Mike Zachman

CSO

Zebra Technologies

Michael Siegrist headshot

Michael Siegrist

Product Line Specialist, GRC and Integrated Risk Management

ServiceNow

The breaches of the past few years continue to show us that organizations are overwhelmed and struggling with patching software vulnerabilities.  But what if you were able to properly pinpoint the vulnerabilities that represent the most risk and align these risks with overall enterprise risk? 

Join this conversation to discuss:

  • How security, risk, and IT staff can best work together to locate vulnerabilities and remediate cyber risk
  • Best practices for strengthening governance, risk, and compliance programs
  • Effective methods to aid collaboration amongst stakeholders

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Tim Bigley at 971.717.6612 or tim.bigley@evanta.com. 

10:20am - 11:10am  Executive Boardroom

Translate Complex Cybersecurity Issues into Simple Business Context

Matthew Memming headshot

Matthew Memming

CISO

Navistar, Inc.

Bill Podborny headshot

Bill Podborny

CISO

Alliant Credit Union

Evan Tegethoff headshot

Evan Tegethoff

Director, Engineering and Consulting

BitSight Technologies

It is much easier now to determine what’s important, dangerous and real in your third party ecosystem. Yet, as hacks continue to threaten data and business continuity, the old school of thought around securing the enterprise is no longer relevant.

This boardroom will explore:

  • Layering traditional tools and new strategies to define goals and deploy resources
  • Communicate to the board through a holistic risk lens
  • Developing clear business cases connecting business profitability to risk reduction

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Tim Bigley at 971.717.6612 or tim.bigley@evanta.com. 

10:20am - 11:10am  Executive Boardroom

Facing the Challenges of Connected Devices

Erik Hart headshot

Erik Hart

CISO

Cushman & Wakefield

Naeem Motiwala headshot

Naeem Motiwala

VP & CISO

Gallagher

Todd Kelly headshot

Todd Kelly

Chief Security Officer

Cradlepoint

Connected devices provide valuable new functionality and revenue opportunities. They can also become a security nightmare, as many were not designed with security in mind. Cybersecurity leaders must have the right strategy in place to address potential vulnerabilities in the growing Internet of Things.

Join this roundtable to discuss:

  • Best practices in managing IoT ecosystems
  • Challenges securing IoT devices
  • Case studies of successful segmentation

11:10am - 11:40am  Networking Break

May 14, 2019 - mid-afternoon

11:40am - 12:50pm  Keynote

Harnessing the Power of Contradictions

Corey E. Thomas headshot

Corey E. Thomas

President and CEO

Rapid7

As the world we live in continues to evolve and change, so do the requirements of what people look for in their leaders. Exceptional leadership comes from those who can get a group of people with diverse mindsets through difficult, ambiguous circumstances.

In this session, Corey Thomas, CEO of Rapid7, will share:

  • His leadership philosophy and how it informs his innovation strategy
  • How to leverage the power of contradictions and differences in a time of constant change and ambiguity
  • How contradictions drive creativity, higher standards, and consistent growth in organizations

12:50pm - 1:20pm  Networking Break

1:20pm - 2:10pm  Breakout Session

A Roadmap to Automating Access

Michael Boucher headshot

Michael Boucher

CISO, Americas

Jones Lang LaSalle

How do you balance business agility and business security in your IAM strategy? Michael Boucher shares his process in developing an automated identity and access management program.

In this session, discuss:

  • The full lifecycle of a user’s identity
  • Meeting compliance and regulatory challenges
  • The benefits of shifting to automation

1:20pm - 2:10pm  Breakout Session

Network Data — Powering the Modern SOC

John Matthews headshot

John Matthews

CIO

ExtraHop

Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data. 

In this session, you will learn: 

  • Current attack practices, including abuse of legitimate traffic and encryption 
  • How hunters hide from attackers to avoid counter IR maneuvers 
  • Ways to make analysts faster and more effective at validating and responding to threats 
  • Options for empowering cross-training and on-the-job training to increase analysts' skills 
  • Clarity on how gaining visibility into cloud and encrypted traffic

1:20pm - 2:10pm  Executive Boardroom

Eliminating Vulnerability Overload with Predictive Prioritization

Shane Hibbard headshot

Shane Hibbard

Director of Information Security

Invenergy

Steven McLean headshot

Steven McLean

Senior Manager, Information Security

Ortho Clinical Diagnostics

Kevin Flynn headshot

Kevin Flynn

Senior Product Manager

Tenable

When it comes to reducing cyber risk, overcoming vulnerability overload is critical. Find out how predictive prioritization will improve your vulnerability management efforts so you can focus on what matters most to your business. During this peer-discussion you will explore:


  •  How to use threat intelligence to move the most dangerous vulnerabilities up your priority list
  •  The resources required to effectively assess your environment and prioritize your efforts in a predictive manner
  •  Practices that will help you take appropriate actions to make your organization more secure
  •  How to make your staff more efficient by drastically reducing the number of high priority vulnerabilities they need to remediate

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Tim Bigley at 971.717.6612 or tim.bigley@evanta.com. 

1:20pm - 2:10pm  Executive Boardroom

Modernizing Your SOC

Robyn Clark headshot

Robyn Clark

CISO

Illinois Tool Works Inc.

Justin Metallo headshot

Justin Metallo

CISO

Beam Suntory

Chris Sears headshot

Chris Sears

Senior Solutions Architect

Securonix

When it comes to taking your data from you, cyber criminals never rest. If they can’t get in one way, they will try another. A sound Security Operations Center - staffed by the right people and with the right tools - should be a key part of your cyber defense strategy.

In this session you will discover how to:

  • Effectively develop your team
  • Automate to reduce workloads and drive efficiency
  • Equip SOC teams to operate within BYOD and Cloud
  • Create strong KPIs and KRIs to measure success 


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Tim Bigley at 971.717.6612 or tim.bigley@evanta.com. 

May 14, 2019 - afternoon

2:10pm - 2:30pm  Networking Break

2:30pm - 3:20pm  Breakout Session

Benchmark This Breach! An Interactive Experience

Diane Brown headshot

Diane Brown

Director, IT Risk Management

Ulta Beauty

One of the best ways to check your assumptions in business is to know where you stand among your peers and allow them to challenge your assumptions. But even if you have a speed-dial full of trusted associates, this type of information sharing can be piecemeal and infrequent. This interactive session is your chance to: 

  • Baseline your security program and explore context around recent data breaches
  • Compare incident response practices with a cross-section of your peers
  • Walk away with actionable insights


2:30pm - 3:20pm  Breakout Session

The Hidden Attack Surface of APIs

Anthony Lauro headshot

Anthony Lauro

Director, Security Technology and Strategy

Akamai

The rapid adoption of mobile devices has led to 25% of all web transactions being API calls. Attackers not only target public facing APIs, but enterprise organizations due to how organizations manage automation and orchestration of their cloud environments. The sheer volume of transactions overwhelm security devices, leaving attack or abuse detection to be done after the fact.

In this session, we’ll discuss:

  • The current, and failing, architectural designs for addressing security for API transactions
  • Attacker techniques for identifying and targeting environments
  • Common tools that can be used to identify your own attack surface and deploy the appropriate defenses

2:30pm - 3:20pm  Executive Boardroom

Dissecting Recent Breaches & Ensuring Cyber Resiliency

Todd Camm headshot

Todd Camm

Director IT Security

Navigant

Carl Erickson headshot

Carl Erickson

CISO

Johnson Controls, Inc.

Sergio Abraham headshot

Sergio Abraham

Security Innovation Lead

Onapsis

In July 2018, the Department of Homeland Security issued an alert citing "Malicious Cyber Activity Targeting ERP Applications." While protecting endpoint access, phishing, and network monitoring is important, nothing else matters if your core business applications are not a primary strategic component.

In this session, we will explore: 

  • Why and how cybercriminals, hacktivists and nation states are actively attacking ERP applications 
  • How cloud, mobile and digital transformations are expanding the attack surface 
  • Steps you can take to ensure cyber resiliency and mitigate risk

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Tim Bigley at 971.717.6612 or tim.bigley@evanta.com. 

2:30pm - 3:20pm  Executive Boardroom

The Continual Shifting of Threats

John Kellerhals headshot

John Kellerhals

Information Security Manager

Wheels, Inc.

Wade Lance headshot

Wade Lance

Principal Solutions Architect

Illusive Networks

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

  • The current threat landscape
  • How to best discover and thwart nation-state attacks
  • What security executives can do to build resiliency

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Tim Bigley at 971.717.6612 or tim.bigley@evanta.com. 

3:20pm - 3:40pm  Networking Break

3:40pm - 4:20pm  Keynote

Inspiring the Next Generation of Security Leaders

Christine Vanderpool headshot

Christine Vanderpool

VP, Chief Information Security Officer

Florida Crystals Corporation

Building a strong talent pipeline is about more than attracting candidates - CISOs need to provide continuous training, development and career path guidance to their teams to maintain a competitive security organization. Christine Vanderpool, VP and CISO of Florida Crystals Corporation, shares her methods to inspire and provide guidance to security teams and other IT teams alike.

In this session, discover:

  • How to provide guidance on building an effective career development plan
  •  Four easy ways to think about career development (ownership, developing a mission statement, defining personal brand truths and creating the map)
  •  How to help build a career path for your team

4:20pm - 5:00pm  Closing Reception & Prize Drawing

Location


Venue & Accommodation

Hyatt Regency McCormick Place

Your Community Partners


National Thought Leaders
Keynote Sponsor
Global Thought Leader

Chicago CISO Program Manager


For inquiries related to this event, please reach out to your dedicated program contact.

Tim Bigley

Program Manager

971-717-6612

tim.bigley@evanta.com