Dallas CISO Executive Summit

November 5, 2019, Hyatt Regency Dallas

November 5, 2019
Hyatt Regency Dallas

Collaborate with your peers

Get together with your peers to tackle top business challenges through peer-driven content and discussions at the Dallas CISO Executive Summit.

Join your peers to discuss the most critical issues impacting CISOs today:

Strategies for a risk-aligned, resilient organization

Developing and investing in the security workforce of tomorrow

Creating business value and supporting agile business operations

Dallas CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Sara Andrews headshot

Sara Andrews

PepsiCo
SVP, Global CISO

Sonja Hammond headshot

Sonja Hammond

Essilor of America
CISO & Privacy Officer

Jairo Orea headshot

Jairo Orea

Kimberly-Clark
CISO

Shamoun Siddiqui headshot

Shamoun Siddiqui

Neiman Marcus Group
CISO

Duaine Styles headshot

Duaine Styles

Globe Life
SVP & Chief Security Officer

Gary Toretti headshot

Gary Toretti

CBRE, Inc.
SVP, Chief Information Security Officer

Agenda


November 5, 2019 - morning

7:30am - 8:15am  Registration & Breakfast

8:15am - 8:30am  Opening Comments

8:30am - 9:00am  Keynote

Closing the Security Gap — Automation, AI & IoT

Dr. Larry Ponemon headshot

Dr. Larry Ponemon

Chairman and Founder

Ponemon Institute

 Following a global survey of almost 4,000 IT professionals across the Americas, Europe and Asia, Dr. Larry Ponemon chairman and founder of the Ponemon Institute and pioneer in information security and privacy research, shines light on some of the most pressing issues for security executives:

  • Why are CISOs struggling to identify, detect, contain, and resolve data breaches and other security incidents?
  • What are security gaps making it easier for attackers to penetrate your perimeter defense systems?
  • Why are security gaps so hard to close?
  • What technologies and processes can help you keep a step ahead of bad actors?

9:00am - 9:20am  Networking Break

9:20am - 10:10am  Breakout Session

Doing Everything Right and Still Getting Hacked

Aamir Lakhani headshot

Aamir Lakhani

Global Security Strategist

Fortinet

Why do organizations still get breached when they are performing pen tests, auditing networks, following compliance, and implementing the latest security technologies that take advantage of anomalous behavior models, artificial intelligence, and machine learning?

This talk will examine:

  • Real-world breach examples
  • How cybersecurity failed to keep attackers away
  • What could have been done to keep attackers out

9:20am - 10:10am  Breakout Session

Effective Communication at Any Level

Sujeet Bambawale headshot

Sujeet Bambawale

CISO

7-Eleven

For CISOs, effective communication needs to extend to every level and every employee of the business. How can CISOs communicate risk and the importance of cybersecurity across the entire organization?

In this session, you will learn strategies to:

  • Communicate risk in terms of audience, brand, and dollar impact
  • Cater cybersecurity to the entire organization
  • Create a transparent risk framework

9:20am - 10:10am  Executive Boardroom

Protecting Your VIPs, and Your VAPs (Very Attacked People) Too

Sonja Hammond headshot

Sonja Hammond

CISO & Privacy Officer

Essilor of America

Cameron McElhinny headshot

Cameron McElhinny

CISO

Textron

Lucia Milica headshot

Lucia Milica

Resident CISO

Proofpoint

For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Lucia Milica of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

Join to learn:

  • Why nearly all threat actors have shifted away from technical exploits to compromise their targets
  • How organizations can leverage threat data to understand which people and departments are highly targeted
  • How to design effective protection for highly attacked, highly vulnerable, and highly privileged users

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Lawrence Figueroa, Program Manager, at 971-222-2374 or Lawrence.Figueroa@evanta.com

9:20am - 10:10am  Executive Boardroom

Cyber-Risk Reporting for the Board

Michael Britton headshot

Michael Britton

CISO

Alliance Data

Eric Fisch headshot

Eric Fisch

EVP, Information Security Officer

Texas Capital Bank

Mike Priest headshot

Mike Priest

CISO

Globe Life

Gaurav Banga headshot

Gaurav Banga

Founder & CEO

Balbix

Only 9% of cybersecurity professionals say that their communications with C-staff and board members are effective (Ponemon Institute 2019). Today, most C-suite and boardroom discussions on cybersecurity are based on gut feelings and incomplete data. In this boardroom, you will explore:

  • Effectively presenting risk to the Board and C-Suite
  • How to calculate risk and report on the business criticality of vulnerabilities
  • What a mature and cyber-resilient security posture looks like

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Lawrence Figueroa, Program Manager, at 971-222-2374 or Lawrence.Figueroa@evanta.com.

10:10am - 10:30am  Networking Break

10:30am - 11:20am  Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Neal Roylance headshot

Neal Roylance

Director of Security Research

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

  • Explore the true nature of the enterprise cyber risk surface
  • Discuss threats and regulations driving organizations to better manage their extended enterprise
  • Share insights on how to better manage third-party risk (hint: good data!)

10:30am - 11:20am  Breakout Session

Taking Your Organizational Redesign to New Heights

David Bell headshot

David Bell

CISO & Managing Director - Information Security & Technology Risk Management

American Airlines

An organizational redesign can provide the facelift necessary to breathe new life into stale processes and connect siloed teams. But how do you manage such a big shift in tech teams?

In this session, you’ll learn:

  • How to manage team culture during a large-scale shift
  • Lessons for structuring an organizational redesign
  • What organizational changes created the best impact

10:30am - 11:20am  Executive Boardroom

Next-Generation Cloud Security

Jeff Schilling headshot

Jeff Schilling

CISO

Epsilon

Aaron Munoz headshot

Aaron Munoz

Chief Information Security Officer

Texas Christian University

Amy Claire Smith headshot

Amy Claire Smith

Executive Cloud Security Architect

IBM

As organizations increasingly turn to cloud-based services, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud.

In this boardroom we’ll discuss:

  • Automation, orchestration, AI and machine learning strategies
  • Nuances for hybrid on- and off-premise systems
  • Ways to incorporate security into your cloud strategy

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Lawrence Figueroa, Program Manager, at 971-222-2374 or Lawrence.Figueroa@evanta.com.

10:30am - 11:20am  Executive Boardroom

Becoming a Proactive, Threat Hunting SOC

Kevin Charest headshot

Kevin Charest

DSVP & CISO

Health Care Service Corporation

Ajay Gupta headshot

Ajay Gupta

Chief of Cybersecurity

Humana

Scott Moser headshot

Scott Moser

Chief Information Security Officer

Sabre

Partha Panda headshot

Partha Panda

CEO

Cysiv

Enterprises need to excel at quickly sifting through a massive amount of telemetry to accurately detect, hunt for and investigate threats that are targeting them. But making the shift from a compliance-based SOC, without the right tools, skills and resources, can be daunting.

During this boardroom, you will discuss:

  • The importance of becoming more effective and proactive in these tasks
  • How data science and automation are reshaping traditional SOC models
  • New approaches to augmenting an existing SOC or establishing a virtual SOC

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Lawrence Figueroa, Program Manager, at 971-222-2374 or Lawrence.Figueroa@evanta.com.

November 5, 2019 - mid-afternoon

11:20am - 11:45am  Networking Break

12:30pm - 1:00pm  Keynote

Creating Secure Environments Through Healthy Boundaries

Lakshmi Hanspal headshot

Lakshmi Hanspal

Global Chief Security Officer

Box

If your company’s information initiatives are requiring you to reevaluate the boundaries for trust and security, you are not alone. Information is the lifeblood of businesses, but in a multi-cloud environment, keeping it secure is complex.

In this keynote, join Lakshmi Hanspal, Global Chief Information Security Officer at Box, and learn how to:

  • Rethink your organizations boundaries for trust and security
  • Partner with business stakeholders to address trends and challenges we face in the cloud era
  • Effectively leveraging machine learning to keep up the speed of business

1:00pm - 1:20pm  Networking Break

1:20pm - 2:10pm  Breakout Session

Prepare for a Major Cyber Attack

Royce Holden headshot

Royce Holden

AVP - Technology Security and Compliance (CISO)

DFW International Airport

Most CISOs feel comfortable managing the minor security incidents with standardized processes, but what about major incidents that shake the very foundation of your organization like the NotPETYA attack? Such crises can be career changing.

Join this workshop to:

  • Learn the basic building blocks of effective cybersecurity crisis response
  • Share challenges and best practices in managing major security events
  • Benchmark against your peers and identify lessons learned

1:20pm - 2:10pm  Breakout Session

Vendor Risk Management — A Conversation

KC Condit headshot

KC Condit

CISO

G6 Hospitality

In today’s world, digital transformation efforts are driving companies to increasingly rely on outside service providers. As new privacy laws target these relationships, the expectations for the vendors hired to protect the integrity of shared information are higher than ever.

In this session, uncover answers to your pressing questions, including:

  • What strategies are most effective when assessing vendor risk? 
  • How do you ensure vendors are complying with evolving privacy regulations?
  • How do you convey vendor risks to senior leadership and to your board?

1:20pm - 2:10pm  Executive Boardroom

Identifying the Way Forward in IAM

James Eppolito headshot

James Eppolito

Director of Security and Risk

Dean Foods

Adam Maslow headshot

Adam Maslow

Senior Director of Information Security

Raising Cane's

How are your peers balancing business agility and business security in their identity and access management strategy? Benchmark your framework and vet future plans against peers in this session, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

  • Methodologies that satisfy users while maintaining adequate access controls
  • Communication techniques to streamline acceptance of IAM across the business
  • Road maps for deciding what technology is the best fit

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Lawrence Figueroa, Program Manager, at 971-222-2374 or Lawrence.Figueroa@evanta.com.

11:45am - 12:30pm  Lunch & Comments

Lunch & Interactive Discussion

In this networking lunch you have the opportunity to hold relevant conversations with peers facing similar challenges and opportunities in a specific industry. The below questions are a guideline for you to start your topical table conversations.

  • Security operations
    • What is the maturity of your security operations program?
    • What is your process for building an operational playbook?
    • What KPIs or KRIs do you use to measure success?
  • Communication and awareness
    • How do you approach security with a holistic lens?
    • What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
    • How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?
  • Access and Identity Management
    • What strategies and tools are you using to improve visibility into your systems?
    • How are you integrating the user experience with security?
    • How are you measuring the success of your access management program?
  • Governance and privacy
    • How are you responding to/preparing for regulatory changes?
    • How do you balance compliance with business requirements?
    • What standards and metrics are you using to measure risk?
  • Talent and developing leaders
    • What are some tangible strategies for creating and developing new talent resources?
    • What best practices exist for retaining talent, once secured?
    • How are you developing your future leaders? What succession plan strategies do you have in place?

November 5, 2019 - afternoon

2:10pm - 2:30pm  Networking Break

2:30pm - 3:20pm  Breakout Session

Failure as a Journey to Success

Billy Spears headshot

Billy Spears

EVP, CISO

loanDepot

It's not easy to be a cybersecurity professional. The pressure to be right each and every time is immense. After all, cyber criminals only need to be right once to gain access to your systems, compromising your data and assets. No one likes to fail – especially when it comes to keeping organizations secure. But experiencing failure can be positive – leading to increased knowledge, enhanced skills and stronger defenses. Join Billy Spears on his inspirational journey to success, where he will share:

  • How you can effectively raise security awareness in your organization
  • Strategies that can shift security priorities so the right issues receive the attention that they need
  • How to bring the CISO role closer to the business to better align security with company objectives

2:30pm - 3:20pm  Executive Boardroom

Solving the Compliance Conundrum

Alex Nehlebaeff headshot

Alex Nehlebaeff

Corporate Information Security Manager

Harley-Davidson Financial Services Inc.

CISOs are not only working to thwart potential cyber attacks — they're walking a regulation tightrope, carefully balancing  the ever-developing data privacy legislation. Whether considering GDPR, CCPA or the many other developing privacy laws, CISOs are struggling to meet often conflicting regulations.

Join this round table to learn:

  • How to interpret the implications of regulatory requirements
  • Practical tips and lessons to manage privacy risk
  • Where data privacy laws conflict — and how to manage it

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Lawrence Figueroa, Program Manager, at 971-222-2374 or Lawrence.Figueroa@evanta.com.

2:30pm - 3:20pm  Executive Boardroom

The People Problem — Security Awareness Training

George Finney headshot

George Finney

Chief Security Officer

Southern Methodist University

Scot Miller headshot

Scot Miller

VP, CISO

Mr. Cooper

Even as security tools become increasingly advanced, the biggest vulnerability in a company continues to be its people. How do you integrate an awareness education into your corporate culture?

In this boardroom, you will:

  • Discuss different educational approaches with your peers
  • Determine how to evaluate the level of training needed
  • Identify key training components and methods of measuring their efficacy

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Lawrence Figueroa, Program Manager, at 971-222-2374 or Lawrence.Figueroa@evanta.com

3:20pm - 3:40pm  Networking Break

3:40pm - 3:50pm  Closing Comments

3:50pm - 4:20pm  Keynote

Executive Presence for Lasting Leadership

Chris Ulrich headshot

Chris Ulrich

Body Language Expert & Political Consultant

Author & Thought Leader

Any given gesture — a nod, a point of the finger — unconsciously communicates powerful ideas and feelings that have tangible consequences. Top executives are generally proficient in their ability to interact with others, but the stakes are raised during high-level negotiations, reporting to the board, inspiring and empowering senior managers or dealing with tricky internal matters.

Join body language expert Chris Ulrich as he shares:

  • Why every movement and action is magnified in high-level situations
  • Tools and techniques to build rapport quickly
  • How executives can communicate more effectively

4:20pm - 5:00pm  Closing Reception & Prize Drawing

Location


Venue & Accommodation

Hyatt Regency Dallas

Your Community Partners


National Thought Leaders
Keynote Sponsor
National Sponsors

Dallas CISO Program Manager


For inquiries related to this event, please reach out to your dedicated program manager.

Lawrence Figueroa

971-222-2374

lawrence.figueroa@evanta.com