IN-PERSON

Chicago CISO Community
Executive Summit

December 1, 2021 | Chicago Marriott Downtown Magnificent Mile

December 1, 2021
Chicago Marriott Downtown Magnificent Mile

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Waqas Akkawi

SIRVA Worldwide
VP, CISO

Sarah Buerger

Coyote Logistics
Director, IT Security

Jim Cameli

Walgreens Boots Alliance
VP & Global Chief Information Security Officer

Erik Hart

Cushman & Wakefield
CISO

Ricardo Lafosse

Kraft Heinz
CISO

JJ Markee

Baxter
Chief Information Security Officer

Paolo Vallotti

Tate & Lyle
CISO & VP of Operations

Mike Zachman

Zebra
VP & CSO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Chicago CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

December 1, 2021

mid-afternoon morning afternoon

11:25am - 12:40pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:45am - 1:15pm Lunch Service

12:40pm - 1:00pm Break

1:00pm - 1:35pm Keynote

The Business Value of a SASE, Zero-Trust Journey

Shamla Naidoo

CISO, Head of Cloud Strategy & Innovation

Netskope

With people working remotely and most user traffic destined for SaaS and cloud, network security requires transformation. It’s no longer efficient or cost-effective to route traffic through the corporate network to apply security controls. Adopting a Secure Access Service Edge (SASE) Architecture while focusing on Zero-Trust principles ensures that your employees can be productive and secure working from anywhere.

In this session, we will discuss:

The economics and business case for a SASE journey
Best practices for implementing Zero Trust within a SASE architecture
The importance of granular Cloud and SaaS visibility in a SASE architecture

1:35pm - 1:50pm Break

7:30am - 8:15am Registration & Breakfast

8:15am - 9:00am Keynote

Leading the Transformed Enterprise

Jesse Magenheimer

Vice President & CISO

State Farm

Ashley Pettit

Senior Vice President & CIO

State Farm

IT and security partnerships are built on trust and thrive when leaders invest in each other throughout the organization. IT leaders must set an example, demonstrating a commitment to security, positioning it at the core of IT and enterprise roadmaps.

Join this keynote as State Farm shares their story on how to:

Strengthen the IT-Security partnership to fuel innovation and accelerate new technology deployments
Ensure security is represented as a holistic element of the organization
Collaborate in different business sectors while moving business initiatives forward

9:00am - 9:15am Break

9:15am - 10:00am Breakout Session

Managing and Securing Cloud-Native Workloads

Tsvi Korren

Field CTO

Aqua Security

Nitin Raina

VP - Cyber & Information Security

ThoughtWorks

In a recent report, Gartner® defined a new category of security practices and states that “Optimal security of cloud-native applications requires an integrated approach that starts in development and extends to runtime protection.”

Cloud Native Application Protection Platforms (CNAPP) consolidate several previously-siloed capabilities like CSPM, DevSecOps and Workload Protection to secure and protect containers, functions and Kubernetes.

Join to learn:

The definition and components of CNAPP
The security implications of cloud native workloads
Executing the approach at scale using automation

9:15am - 10:00am Breakout Session

It All Comes Down to This — People, Processes, and Tech

Erik Hart

CISO

Cushman & Wakefield

Presented with monstrous problems, we often look for silver-bullet solutions — knowing all the while quick fixes are rarely long-lasting. Perhaps the key to achieving real, holistic success looks less like a single-tool stopgap and more like this well-balanced, three-part approach.

CISOs can expect:

Discussions on a new, practical problem solving ethos
Challenges to the traditional “one size fits all” approach to fixing hot topic security issues
To collaborate with others in practical, cogent and interactive simulations

9:15am - 10:00am Executive Boardroom

Strengthening Your IAM Strategy

Shane Hibbard

Director of Information Security

Invenergy

Paul Munsen

Director, Global Identity & Access Management

McDonald's

Moving beyond outdated tech and into a world of efficient, seamless access isn’t impossible. Fine-tuning IAM strategies is an important goal of CISOs across the country.

In this boardroom, you’ll discuss with your peers:

How to tailor an IAM strategy with limited resources
When to rely on legacy technology versus investing in new technology
What training is needed to strengthen your IAM program

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager, Tom Ward (tom.ward@evanta.com).

9:15am - 10:00am Executive Boardroom

Defend the Endpoint, Protect the Center

Jeff Trower

Principal Product Manager

CrowdStrike

Waqas Akkawi

VP, CISO

SIRVA Worldwide

Ken Townsend

VP, CISO

R1 RCM

The proliferation of devices over the last decade has radically increased how many endpoints companies are responsible for, and traditional endpoint protection is no longer up to the task. How can an organization maintain the fundamentals of endpoint security — and security in general — while embracing new technologies and strategies like machine learning and big data analytics?

Join fellow CISOs as they discuss:

Successes and challenges in keeping users secure at all times
Leveraging new technologies to quantify threats and assess impacts
Common pitfalls in securing large numbers of remote users

10:00am - 10:30am Networking Break

10:30am - 11:15am Breakout Session

Securing the New Way of Work — Zero Trust for the Resilient Enterprise

Brad Moldenhauer

CISO Americas

Zscaler

Erik Hart

CISO

Cushman & Wakefield

The process of digital transformation improves business agility and information flow, but dramatically expands the attack surface and exposes your business to new threats. Your employees are on the internet now more than they are on the corporate network, accessing applications and data from everywhere. Protecting your business and retaining the benefits of digital transformation requires migrating to a zero-trust security model delivered through the cloud, closer to where your users and business assets are now centered.

Join your peers for a session focused on:

Building your security ecosystem on a Zero Trust foundation
Developing new skills and embracing a new cultural mindset at all levels of the enterprise
Defining the right tools to empower your adoption of Zero Trust

10:30am - 11:15am Breakout Session

Assembling Your Elite Strike Force

Michael Boucher

CISO, Americas

JLL

Waiting for threats to pop up and hoping you’re ready to play defense can exhaust your resources and lead to frequent states of crisis. That’s why CISOs are enlisting their very best to take out security issues before they strike.

Get ready to learn:

Who you’ll need on your elite team of threat eliminators
Real-world, offensive threat detection methods
Step-by-step tips for building your squad of security scouts

10:30am - 11:15am Executive Boardroom

The Ongoing Fight to Secure Business Messaging

Mike Britton

CISO

Abnormal Security

Frank Yanan

SVP / Business Information Security Officer

Bank of America

Dannie Combs

SVP, CISO

DFIN Solutions

Despite their efforts, from phishing simulations to security awareness campaigns, CISOs from organizations big and small keep falling short when it comes to stopping Business Email Compromise (BEC) attacks. But, if everyone has an email security program, why are the losses associated with BEC still climbing?

Let's figure out:

What is working, or not working, with existing processes and technology?
How do we solve the “human factor” in the equation?
Best practices for preventing loss related to a BEC attack?

10:30am - 11:15am Executive Boardroom

Overcoming Hurdles and Executing a Security Automation Plan

Karthik Kannan

CEO and Founder

Anvilogic

Paolo Vallotti

CISO & VP of Operations

Tate & Lyle

Certain objectives that create a burden for already-busy team members can easily be shifted to automated processes to ensure the objectives are accomplished, managed, and maintained without human error or manual process of teams with higher priority focus. Of course, the security automation process comes with some unique challenges.

Let’s figure out:

Burdensome objectives that qualify for automation and identifying gaps where automation can have an immediate impact
How automation can enable teams to leverage existing investments to increase efficiency and efficacy
How to automate the detection, hunting, and triage lifecycle to increase coverage, reduce risk, and lower cost

11:15am - 11:25am Break

1:50pm - 2:35pm Breakout Session

Rising to the Occasion — The CISO's Growing Power and Responsibility

Bill Podborny

CISO

Constellation Brands

With threat levels and vulnerabilities becoming more advanced in today’s hybrid workplace, company leadership is depending on the CIOs and CISOs to take charge, anticipate attacks and limit risks. Building relationships and successfully wielding the power of your position is crucial in this new, shifting environment.

Today’s CIOs and CISOs should know:

How to speak to leadership in relatable, business-focused terms
How to best utilize the budget and manpower secured in board negotiations
What it takes to not only survive, but grow stronger, in an ever-challenging business climate

1:50pm - 2:35pm Executive Boardroom

FBI: Investigating the Evolving Threat Landscape

Victor Hsiang

Information Security Director

GATX

Joe Puissant

Enterprise IT Security, Supervisor

Bosch

Eric Shiffman

Supervisory Special Agent

Federal Bureau of Investigation

Right now, the FBI confirms, agents are pursuing more than 100 ransomware attacks across the country. Add to that other breaches popping up on the threat horizon. Listen as SSA Richard Murray explains the benefits of joining forces with the FBI and how you can help bring bad actors to justice.

You'll learn:

Which new or evolving threats have the eye of cyber investigators
When and how to properly report a cyber attack to the FBI
How you can best support the Bureau in its hunt for cyber criminals

1:50pm - 2:35pm Executive Boardroom

A Data-Driven Solution to Hidden Vulnerabilities

Jared Ablon

President, Co-Founder

HackEDU

Fred Kwong

CISO

Delta Dental

Richard Rushing

CISO

Motorola Mobility LLC

Software shortfalls might seem unavoidable, but a proactive solution isn't out of reach. Training your team to circumvent and rise above the same troublesome issues starts with utilizing expert-collected data on common in-system vulnerabilities.

Pull up a chair to:

Hear where and how often software developers leave systems exposed
Learn how you can bolster your team's defensive coding strategies
Begin your proactive vulnerability management campaign

2:35pm - 3:05pm Networking Break

3:05pm - 3:50pm Executive Boardroom

Taking a Strategic Approach to Third-Party Risk

Joe Suareo

CISO

Restaurant Brands International

Martin Hetzel

Senior Manager, Information Security

Beam Suntory

For many businesses, third-party vendors have become an important source of strategic advantage and business value. Yet outsourcing is not without its risks. As these external partnerships become increasingly complex, the need for a new strategic approach to vendor risk management is clear.

Join this session to discuss:

Ways to partner across the c-suite on third-party risk efforts
New approaches for managing third, fourth, and even fifth-party partners
Strategies that will help you make the best choices for your organization

3:05pm - 3:50pm Breakout Session

Retaining a Diverse and Free-Thinking Talent Pool

Sarah Buerger

Director, IT Security

Coyote Logistics

As a CISO, you know long and often challenging days come with the territory. But new recruits, reporting for duty with varied backgrounds and big, paradigm-challenging ideas, may see their ambitions fall at the hands of “the way we’ve always done things.” As a result, many find themselves in a state of “security burnout.”

Let’s discuss:

How to create an environment that attracts outside-the-box thinkers and problem solvers
The benefits of a diversified talent roster
How to talk to your team about (and hopefully prevent) “security burnout”

3:05pm - 3:50pm Executive Boardroom

Remaining Ransom — Aware and Readying Your Response

Shawn Taylor

Vice President, Threat Defense

ForeScout Technologies

Matthew Memming

CISO

Navistar

Michelle Ayala

Director IT Security

Green Thumb

Ransomware, the most intimidating threat on today’s security horizon, is an issue best approached from a “not if but when” perspective. It’s no longer enough to bolster your defenses. Today’s CISO should know what to do when one gets past the goalie.

We’ll discuss:

Defensive practices for those hoping to avoid a ransomware attack
Practical steps for those who find themselves in a ransomware situation
The pros and cons you’ll need to weigh when choosing whether to pay

3:50pm - 4:05pm Break

4:05pm - 4:40pm Keynote

Getting What You Ask For — Delivering After Acquisitions

Diane Brown

Director, IT Risk Management

Ulta Beauty

Small budgets are a common hurdle. But large budgets don’t come without their pain points. Imagine this: You went to the board, you asked for the world and, then, you got it. Now you have to make it count. But where do you start?

Let’s get CISOs talking about:

The difference between spending your budget and investing it in long term success
Real-life CISOs that acquired and made the most of larger-than-expected budgets
The first thing you should do with your budget, big or small

4:40pm - 5:10pm Closing Reception & Prize Drawing