IN-PERSON

Chicago CISO Community
Executive Summit

December 3, 2019 | Chicago Marriott Downtown Magnificent Mile

December 3, 2019
Chicago Marriott Downtown Magnificent Mile

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Waqas Akkawi

SIRVA, Inc.
VP, CISO

Jim Cameli

Walgreens Boots Alliance
Global VP & CISO

JJ Markee

Kraft Heinz Company
CISO

Arlan McMillan

Kirkland and Ellis
CSO

John Reed

True Value Company
IT Security Program Manager

Paolo Vallotti

Mondelez International
Global CISO

Agenda

December 2, 2019

afternoon

December 3, 2019

mid-afternoon morning afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

Governing Body Welcome Reception — Casino Night

The Governing Body of Chicago CISOs and invited guests are welcome to join us for a fun, casual, interactive spin on the Governing Body Welcome Reception. Casino Night at the Chicago Marriott Downtown Magnificent Mile will feature table games, prizes, food and drinks as we celebrate the start of another “By CISOs, for CISOs” executive gathering.

11:20am - 11:45am Networking Break

11:45am - 12:30pm Lunch & Comments

Lunch & Interactive Discussion

In this networking lunch you have the opportunity to have relevant and topical conversations with your peers. The below questions are a guideline for you to start your table conversations.

Security operations

What is the maturity of your security operations program?
What is your process for building an operational playbook?
What KPIs or KRIs do you use to measure success?

Communication and awareness

How do you approach security with a holistic lens?
What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?

Access and Identity Management

What strategies and tools are you using to improve visibility into your systems?
How are you integrating the user experience with security?
How are you measuring the success of your access management program?

Governance and privacy

How are you responding to/preparing for regulatory changes?
How do you balance compliance with business requirements?
What standards and metrics are you using to measure risk?

Talent and developing leaders

What are some tangible strategies for creating and developing new talent resources?
What best practices exist for retaining talent, once secured?
How are you developing your future leaders? What succession plan strategies do you have in place?

12:30pm - 1:00pm Keynote

Farewell to the Old Guard – Introducing the Modern Security Architecture

Jason Clark

Chief Strategy Officer

Netskope

Until now, the information security industry has failed to deliver business empowering security solutions, which enable organizations to quickly and securely transform digitally. Security today is too complicated and draws from a 20-year-old playbook. It needs to be re-written and based on approaches that protect and empower the business. In this session, we will:

Share how many of the Fortune 100 are redefining their cloud, network and data security programs
Discuss the steps and architectures that are the key to transformation
Reimagine your approach to enterprise security, building a new blueprint that can be used for years to come

1:00pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Security Culture > Security Awareness

Scott Barnes

Director, Enterprise Cyber Security

Fortune Brands

No matter the size of your organization, managing security awareness is no easy feat. Scott Barnes recognized that if they were going to see a difference in employee engagement and results, things needed to be done differently.

Join Scott in this featured session to discuss:

Creative ways to introduce security awareness to your organization
How evangelizing at home best practices for employees increases their investment in security
Why using multiple strategies to engage employees produces better results

1:20pm - 2:10pm Breakout Session

Interactive Session — Problems and Solutions Workshop

Justin Metallo

CISO

Volkswagen Financial Services

John Reed

IT Security Program Manager

True Value Company

Nathan Zimmerman

Sr. Information Security Officer

YMCA of the USA

Got a problem you need solved? Got a solution you can provide? This session encourages interaction between attendees to share problems and solutions to pressing needs – from small to big. Leave this session knowing you received or offered a viable solution or resource.

1:20pm - 2:10pm Executive Boardroom

Preparing the Next-Gen Workforce

Michael Konopka

Sr. Manager, Cybersecurity

Horizon Therapeutics

Prasanna Ramakrishnan

Global Head – Information Security Risk

Signify

Max Vetter

Chief Cyber Officer

Immersive Labs

Talent needs are like security threats—plentiful, complex and ever-evolving. CISOs know that skills learned in the classroom doesn’t match the pace of cybersecurity, but what are strategies for developing effective and successful teams for the future?

Join this interactive session to learn how to:

Enable your workforce to continuously evolve cyber skills
Map your organization’s cyber skills directly to your security strategy
Reskill talent to evolve with the security landscape

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager Tim Bigley at tim.bigley@evanta.com or 971-717-6612.

1:20pm - 2:10pm Executive Boardroom

The Next Great Security Challenge — Securing SD-WAN

Michael Boucher

CISO, Americas

Jones Lang LaSalle

Elizabeth Ogunti

Senior Manager IT Security and Compliance

JBT Corporation

Kate MacLean

Manager, Product Marketing, Cisco Cloud Security

Cisco Umbrella

The market consideration and adoption of software-defined WAN (SD-WAN) represents the largest networking transformation in recent history. Organizations are turning to SD-WAN to improve connectivity, reduce costs, and simplify management at their branch office locations. But what about security?

In this boardroom, you will discuss:

Embracing change — the pros and cons
Addressing weaknesses within brand offices and roaming users
Keeping security top of mind for business leaders

7:30am - 8:15am Registration & Breakfast

8:15am - 8:30am Opening Comments

8:30am - 9:00am Keynote

What's Trust Got to Do With It?

David Horsager

CEO and Best-Selling Author

Trust Edge

Trust is both a fundamental business issue and the biggest asset of a company. Without trust, companies lose reputations, relationships, and revenue. With trust, organizations enjoy greater creativity, productivity, and results. Through extensive research and experience, David Horsager learned what it takes to gain— and keep — the “Trust Edge.”

Join this session as Horsager outlines:

The keys to building morale, sales, and customer loyalty
His Eight-Pillar Framework for building trust in an organization
Creating successful leaders and organizations centered on the tenants of trust

9:00am - 9:20am Networking Break

9:20am - 10:10am Breakout Session

Communicating Risk — Translating Insight Into Action

Arlan McMillan

CSO

Kirkland and Ellis

Security leaders today need to tell a story of risk assessment that is transparent, defendable and speaks the language of the business. Arlan McMillan, CSO of Kirkland & Ellis has spent over a decade honing these skills and learned firsthand what works, and what doesn’t. Take a deep dive with him on:

Board level reporting techniques to drive your organization’s security program
Tools to assess your current state and define your target state of security
Frameworks for risk assessment that you can implement in your business

9:20am - 10:10am Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Peter Kobs

EVP Sales

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

9:20am - 10:10am Executive Boardroom

Next-Generation Cloud Security

Victor Hsiang

Information Security Manager

GATX Corporation

Jerry Pittman

CISO

DRiV (formerly Tenneco, Inc)

Anatoly Bodner

Associate Partner, X-Force Cloud Security Services

IBM

As organizations increasingly turn to cloud-based services, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud.

In this boardroom we’ll discuss:

Automation, orchestration, AI and machine learning strategies
Nuances for hybrid on- and off-premise systems
Ways to incorporate security into your cloud strategy

10:10am - 10:30am Networking Break

10:30am - 11:20am Breakout Session

A Full Spectrum Conversation of Cloud Migration

Scott Ramsbottom

EVP & CIO

Anixter

John Sander

VP & CISO

Anixter

Organizations are faced with a lot of questions when it comes to the journey of migrating to the cloud. How does your organization's security need to transform and how do you securely integrate legacy technologies? Scott Ramsbottom, EVP & CIO and John Sander, VP & CISO at Anixter will give guidance on the full spectrum of cloud conversation.

Join Scott Ramsbottom to learn:

Where to start when building a roadmap in migrating legacy technology to the cloud
The security implications of cloud migration
The necessity of technology transformation

10:30am - 11:20am Breakout Session

The Devices You Don’t Manage Will Manage You

Brian Trzupek

SVP of Product, Emerging Markets

DigiCert

The number of connected devices is expected to reach 20.4 billion by 2020; thrilling for the consumer but it also creates new areas of risk in the workplace. Join this session to explore:

IT Device management challenges
The dark secrets of device manufacturers
OT device management

10:30am - 11:20am Executive Boardroom

Phishing – More Than a Simple Click

Shane Hibbard

Director of Information Security

Invenergy

Brett Whitaker

Information Security Officer, CRA Officer, State Farm Bank

State Farm Insurance

Tonia Dudley

Security Solution Advisor

Cofense, formerly PhishMe

Holistic defense requires more than just training and phishing campaigns – it needs to be comprehensive and incorporate real-world threats to engage your users. The best awareness initiatives should evolve with the threats. In this boardroom, you’ll discuss:

What metrics are and should be used to measure security awareness
The balance of frequency and method of phishing campaigns
How do you prepare and defend your organization in an ever-evolving threat landscape

10:30am - 11:20am Executive Boardroom

Innovation Offense — Uniting DevSecOps

Bill Podborny

CISO

Alliant

Frank Yanan

SVP / Business Information Security Officer

Bank of America

Matt Howard

SVP & Chief Marketing Officer

Sonatype, Inc.

This is NOT your typical security conversation. We won’t be talking about how to play better "perimeter defense" at the end of your digital supply chain. Instead, we will be talking about how to play better “innovation offense” at the beginning of your digital supply chain. Join us to discuss:

How to continuously identify and remediate open source risk, without slowing down innovation
Ways to integrate security guardrails directly within your DevOps pipeline
The importance of uniting developers, security, and operations on the same team

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

How to Hit a Moving Target — An Interactive CISO Skills Discussion

Victor Hsiang

Information Security Manager

GATX Corporation

Ricardo Lafosse

CISO

Morningstar

Ralston Simmons

CISO

William Blair & Co.

How should CISOs stay on top of emerging threats and trends? What can CISOs do to stay ahead of the threat curve? Ralston Simmons will lead an interactive discussion on what CISOs can do to further their skill sets and elevate their stature in an organization.

In this session, discuss:

Methods for a long term strategy plan in a quickly changing field
How CISOs can position themselves in the organization and establish trust
Evaluating self-improvement strategies and maintaining relevancy

2:30pm - 3:20pm Executive Boardroom

Data Exposure — Leaks Are Inevitable, Damage is Optional

Amy Bogac

Director, Information Security and Risk Management

Arlan McMillan

CSO

Kirkland and Ellis

Todd Carroll

CISO & VP of Cyber Operations

CybelAngel

In the advent of the Internet of Things, the most critical data leaks often stem from exposed connected devices, typically by way of organizations’ employees and third parties. Knowing that data leaks are inevitable, how do you identify and mitigate risk?

In this session, you will discuss:

Who should be responsible for data outside of the firewall and proactive security measures
In the event of a data leak, who manages the reputation, remediation and legal repercussions
Broader ramifications of privacy legislation

2:30pm - 3:20pm Executive Boardroom

Identifying the Way Forward in IAM

Diane Brown

Sr. Director, IT Risk Management

Ulta Beauty

Paolo Vallotti

Global CISO

Mondelez International

How are your peers balancing business agility and business security in their identity and access management strategy? Benchmark your framework and vet future plans against peers in this session, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

Methodologies that satisfy users while maintaining adequate access controls
Communication techniques to streamline acceptance of IAM across the business
Roadmaps for deciding what technology is the best fit

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:40pm Keynote

127 Hours — Between a Rock and a Hard Place

Aron Ralston

Fearless Adventurer & Subject of the Film, 127 Hours

Keppler Speakers

"There is no force more powerful than the will to live," explains Aron Ralston, who faced an unimaginable challenge in a life-or-death decision to free himself from two boulders in a remote Utah canyon. An ordinary man who was pushed to the extreme, he demonstrates the human capacity for the extraordinary, proving anyone can survive the most grueling circumstances. A talented storyteller, Ralston recounts the life-changing ordeal that became a New York Times bestseller and a feature film. He sheds new light on the meaning of sacrifice, what is truly important and harnessing the power of inner strength to overcome life’s adversities.

4:40pm - 5:20pm Closing Reception & Prize Drawing