IN-PERSON

Chicago CISO Executive Summit

May 9, 2023 | Convene at 233 South Wacker Drive

May 9, 2023
Convene at 233 South Wacker Drive

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Waqas Akkawi

SIRVA Worldwide
VP, CISO

Erik Hart

Cushman & Wakefield
CISO

Ricardo Lafosse

The Kraft Heinz Company
Chief Information Security Officer

JJ Markee

Danaher
Global Chief Information Security Officer

Bill Podborny

Constellation Brands
CISO

Paolo Vallotti

Tate & Lyle
CISO & VP of Operations

Mike Zachman

Zebra Technologies
VP & Chief Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Chicago CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

May 8, 2023

afternoon

May 9, 2023

mid-afternoon morning afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

On-Target Networking — Governing Body Reception and Darts

Let's get this summit started right! Join the Chicago CISO Governing Body at Flight Club Chicago, home of "social darts". Half video game challenge and half pub classic, it's the perfect backdrop for a night of dinner, drinks and networking.

11:00am - 11:45am Breakout Session

Managing OT to Fully Secure the Business

Bill Podborny

CISO

Constellation Brands

For most organizations, the number of connected, essential devices is growing by the second. In response, the CISO's jurisdiction is changing just as rapidly. Now, in the case of any security issue, the rest of the C-suite may be looking to you for answers.

Join this session and start understanding:

Your new or growing operational technology responsibilities
What you can do to smoothly plot and control your OT workload
How you can best juggle IT and OT security simultaneously

11:00am - 11:45am Breakout Session

Making Security a Core Company Value

Sam Curry

VP, CISO

Zscaler

Don’t make the mistake of separating cyber risk from business risk. Cyber risk is often viewed as something for IT departments to worry about, while business risk is a shared concern. Of course, any company that has suffered a serious breach knows cyberattacks can be as devastating as lawsuits, legislative non-compliance, and fraud. This session offers board members, executives, and technology leaders ideas for cultivating a strong security mindset throughout their organization.

Join this session to learn:

How to include everyone in conversations on cybersecurity by framing issues in terms of business risk
Ways to protect your organization from the ground up by integrating security into the CI/CD pipeline and using automation
How to identify, understand, and prepare for encountering social engineering and AI-enabled attacks

11:00am - 11:45am Executive Boardroom

Security Strategies for a Robust Threat Management Program

Joseph Daw

Principal Security Architect, Americas

IBM

Thomas Forkenbrock

CISO

Central States Funds

Nitin Raina

CISO

ThoughtWorks

Despite a dynamic threat landscape and constantly changing malicious TTPs, CISOs must prepare their organizations to thrive in growing complexity. From widely distributed infrastructures to high volumes of tools with different levels of control and responsibility, it can be difficult to maintain true visibility across environments. How can shifting from reactive to proactive threat management be incorporated into your security strategy to help achieve this?

Join this session to discuss:

Identifying blind spots due to information fragmentation
Understanding your full attack surface and the challenges of lowering risks
Reducing the noise and stress being fed into threat management systems and pressure on teams

11:00am - 11:45am Executive Boardroom

Managing Risk from Critical Vulnerabilities

Julian Waits

SVP Business Development and Strategic Alliances

Rapid7

Diane Brown

VP, IT Risk Management

Ulta Beauty

Sarah Buerger

BISO

The Kraft Heinz Company

In today’s threat landscape, security teams are frequently forced into reactive positions, lowering security program efficacy and sustainability. Strong foundational security program components, including vulnerability and asset management processes, are essential to building resilience in a persistently elevated threat climate.

Join this interactive boardroom to discuss:

Defining what your emergency procedures and “playbooks” look like.
How you prioritize CVEs, VPNs and firewalls
Combatting the challenge of zero-day exploitation

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:

NAME at PHONE or EMAIL

11:45am - 12:30pm Lunch Service

12:30pm - 1:05pm Keynote

Achieving Transformational Security Improvements with the Enterprise Browser

Mike Fey

CEO and Co-Founder

Island.Io

One of the most widely deployed applications in the Enterprise has also become one of the most strategic – yet it was an application that was never built or designed for the Enterprise? The browser has changed the way we work in the modern era, however it is unapologetically based on consumer needs and preferences. What if the browser was designed for the enterprise? What could that do for security, productivity and work itself? Join us to see how this technology is transforming the way companies do business.

In this session, we will share details on:

Innovative features and possibilities for critical application protection
Creating an employee experience centered on productivity and flexibility
Reimagining how IT leaders can enable users while creating unique business value

1:05pm - 1:30pm Break

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

You Speak, They Swarm — The Future of Reaching Your Audience

Arthur Zards

Thought Leader, Author ("Nothing Changes Until You Do")

Guest Speaker

Speakers want action, not just applause. But busy executives don’t have time to learn complex communication models or esoteric storytelling processes — they need a simple, effective speaking framework that can help them not only connect with any audience, but also elicit real change. Enter the "Swarm Effect."

Join this session with Arthur Zards — a thought leader, TEDster and provocateur — to:

Hone your skills in executive influence
Adopt a more authentic and engaging approach to speaking
Take your next presentation from “understandable” to “compelling"

9:15am - 9:40am Networking Break

Rising Together — Empowered Women, Empower Women

This will be an intimate, informal space for women in cybersecurity leadership roles and their allies to freely discuss best practices, key challenges and mission-critical priorities. Come prepared to share ideas and forge new connections that can help empower each other to make an impact in your organizations and the Chicagoland area.

This session is aimed at, but not limited to, women who are leading the cybersecurity function at their organizations (CISO or equivalent) and those reporting directly to the CISO/equivalent. Priority access will be reserved to these groups.

9:40am - 10:25am Breakout Session

Buzzers over Buzzwords

Victor Hsiang

Information Security Director

GATX

What's your community's top priority? What do your C-Level peers consider the largest hurdle in when it comes to accomplishing their goals? In this fun, highly-interactive, game-show-style session, we'll put your knowledge to the test.

Come on down to:

Compete in a data-driven, community-specific quiz game
Learn more about the struggles and opportunities reported by members of your governing body
Share and expand on these reported goals and challenges

9:40am - 10:25am Breakout Session

Security Scale and Stability are Mutually Exclusive Without Standardization

Shailesh Rao

SVP, Chief Revenue Officer Cortex

Palo Alto Networks

For over a decade, security leaders and architects utilized a disparate best of breed point solution framework to solve their security challenges. This resulted in bloated security architectures, overlap in capabilities and significant security architecture and integration failures. These failures impacted organization’s ability to scale to meet business demands and reduced stability of the security architecture as environments and data volumes grew. The use of AI driven detections, automation, endpoint security, attack surface management and realtime threat intelligence application were the moonshot achievements for security solutions like SIEM, but were never achieved.

Join this session to discuss:

Scaling to meet business demands and stabilizing your security architecture
Reimagining organizational security operations programs based on standardization
Achieving the impossible with security information and event management

9:40am - 10:25am Executive Boardroom

A New Vision for Identity Security

David Adamczyk

VP, North America

CYBERARK

Boris Voltchenko

CISO & VP IT Infrastructure

Reynolds Consumer Products

Todd Covert

National General CISO

Allstate

The number of human and machine identities seeking access to data and critical business systems has grown exponentially, in turn increasing the threat landscape and challenging traditional IAM paradigms. How do security leaders keep a pulse on tools and capabilities to assess their organization’s cybersecurity posture?

Join this boardroom to discuss:

Managing and securing all identities
Mitigating risks in multi-cloud and hybrid environments
Balancing high expectations and avoiding burnout

9:40am - 10:25am Executive Boardroom

Protecting Your Data is a Top Priority

Anand Ramanathan

Chief Product Officer

Skyhigh Security

Darin Hurd

CISO

Guaranteed Rate

Mike Zachman

VP & Chief Security Officer

Zebra Technologies

Data is perhaps the most important enterprise asset there is. As companies ramp up their modern hybrid workforce, keeping sensitive data from leaking into the wrong hands has become a top priority for their IT and Risk teams. The modern workplace requires an entirely new approach to security by focusing on data.

Join this session to discuss:

How to manage data protection in the era of increased data analytics
Best practices for preventing malicious insiders and well-intentioned accidents
The continuum between "give me access to everything" and "least privileged" access models

To reserve your seat, please contact:

Chanelle Lawrence | chanelle.lawrence@evanta.com

10:20am - 11:00am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

1:30pm - 2:15pm Breakout Session

Debunking Misinformation and Demystifying Cyber Risk Quantification

Tomasz Chowanski

SVP, Chief Information Security Officer

Kemper Corporation

With the majority of cyber security professionals conditioned to believe cyber risk quantification is unrealistic, very few have possessed what data science can achieve.

Join this session to:

Expose the false assumptions surrounding quantification
Discuss ways of accelerating your risk quantification process
Begin arming your executive team with risk decision power

1:30pm - 2:15pm Breakout Session

Optimizing the Workforce for Cyber Crisis Resilience

Daniel Potter

Director of Operational Resilience

Immersive Labs

Justin Metallo

CISO

Volkswagen Financial Services

As we continue to evolve our corporate defenses, even the best crisis response plans struggle to account for the human element. The performance of your technology might be a known quantity, but what about your human capabilities? This session will test organization-wide decision-making skills using a realistic cyber crisis.

Join this session to:

Understand the business impact of technical choices, stakeholder management actions, and more
See real-time data on the effects of decisions on crisis management and response
Strengthen your organization's resilience at both the executive and technical levels

1:30pm - 2:15pm Executive Boardroom

Viewing Endpoint Management Through a Security Lens

Jeff Sherman

Associate Vice President, Sales - North America

HCL BigFix

Shashank Kapoor

CISO

Truckstop.com

Joe Suareo

CISO

Restaurant Brands International

Many cybersecurity incidents result from well-known vulnerabilities that went unpatched. Delays in remediation can lead to a cascade effect of higher security risks, breaches and attacks. What strategies and tools are CISOs using to identify, prioritize and remediate security vulnerabilities across every computing device?

Join this boardroom to discuss:

Significantly compressing the time between discovery and remediation
Better leveraging threat intel to more aggressively reduce vectors of attack
Efficiently managing the ever-expanding number and types of devices needing protection

1:30pm - 2:15pm Executive Boardroom

Cloud Native Security – Shifting from Adversarial to Collaborative

Keith Mokris

VP, Product Marketing

Orca Security

Wendy Betts

Director — Cybersecurity Strategy

United Airlines

Daniel Mayer

CISO

Morningstar

As we move into a cloud native, devops-driven world where agility is key, some of the best security teams are finding it’s time to shed the reputation of being “The Department of No” to break down barriers and embrace change.

Join this boardroom to learn:

How to implement practical approaches for reducing friction and increasing collaboration
What areas you can implore the power of “yes” without worry of exposure
How to keep your commitment to governance, risk, and compliance

To reserve your seat, please contact:

Chanelle Lawrence | chanelle.lawrence@evanta.com

2:15pm - 2:50pm Networking Break

2:20pm - 2:45pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:50pm - 3:35pm Breakout Session

Brainstorming a Response to Advanced AI

Fred Kwong

VP, CISO

DeVry University

Koushik Subramanian

CISO

Kraken

There's no denying the power and popularity of ChatGPT. For good or for evil, its uses seem endless. Predicting exactly how this advanced AI will impact the future of cyber security might seem impossible but, through collaboration with your C-level peers, you might be able to prepare.

Join this interactive session to:

Share your thoughts on the future of AI
Gauge the impact this tech advancement is having across industries
Plan and prepare for the (previously) unexpected

2:50pm - 3:35pm Executive Boardroom

A Fresh Look at API Security

Shreyans Mehta

Co-Founder and Chief Technology Officer

Cequence Security

Chris Lugo

VP, CISO

Blue Cross Blue Shield Association

John Janachowski

Vice President, IT Security and CISO

AAR

APIs fuel digital transformation and are core to every SaaS, web and mobile application. As API use attacks are becoming more frequent and complex, how can CISOs ensure protection for sensitive data, applications, and customers?

Join this boardroom to discuss:

How to gain visibility to understand exposure and risk
Ways to answer the “so what” for API security, including OWASP API Top 10 impacts
How security and development teams can find balance

To reserve your seat, please contact:

Chanelle Lawrence | chanelle.lawrence@evanta.com

2:50pm - 3:35pm Executive Boardroom

Shifting AppSec to Enable Business Growth

Peter Chestna

CISO of North America

Checkmarx

Michael Myint

CISO

Waltz Health

Paul Groisman

Sr. Director of Cyber Security

Fubo TV

As a CISO, you think in terms of risk and mitigation. Senior management and the board often do not. Digital transformation presents an opportunity to reframe the importance of security and the role of the modern CISO. You have the ability to impact the speed and costs at which applications are developed, whether they meet regulatory requirements like DORA, and whether or not your organization’s sales teams can convey the quality of your apps in customer engagements.

Join this executive boardroom to discuss and learn more about:

The role application security plays in understanding and managing risk
How to balance operational efficiency and risk management while keeping costs in check
How to promote a security-focused mindset to senior management and the board

To reserve your seat, please contact:

Chanelle Lawrence | chanelle.lawrence@evanta.com

3:35pm - 4:00pm Break

4:00pm - 4:35pm Keynote

Who Knew It Could BISO Simple

Joe Andrews

Business Information Security Officer - Director

Allstate

Frank Yanan

SVP / Business Information Security Officer

Bank of America Limited

Todd Covert

National General CISO

Allstate

Alan Cohen

Director Business Information Security Officer

Allstate

When it comes to success, people tend to offer silver bullets or single keys. However, long-term success is achieved through multiple conversations and continued relationships – not least of which are those involving your BISO.

Join this closing keynote to hear how BISOs are working to: