IN-PERSON

Detroit CISO Executive Summit

June 5, 2019 | MGM Grand Detroit

June 5, 2019
MGM Grand Detroit

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Martin Bally

American Axle & Manufacturing
CISO

Derek Benz

Ford Motor Company
CISO

Brent Cieszynski

Blue Cross Blue Shield of Michigan
VP & CISO

Earl Duby

Lear Corporation
Chief Information Security Officer

Russ Gordon

BorgWarner
CISO

Mauricio Guerra

Dow
CISO & Director, Global Information Security

Fred Killeen

General Motors
CISO

Tabice Ward

DTE Energy
Director & CISO

Erik Wille

Penske Automotive
Head of Information Security

Agenda

June 5, 2019

mid-afternoon morning afternoon

11:40am - 12:50pm Keynote

Putting the ‘Sec’ in DevSecOps

Daren Fairfield

CISO

Whirlpool Corporation

Kevin McLaughlin

Global Security Officer & Deputy CISO

Stryker

Andre Weimerskirch

VP Cyber Security

Lear Corporation

Today, Infosec, product security and DevOps often work in silos with different and sometimes competing objectives. DevOps and product security teams focus on agility and highly customized solutions, while InfoSec teams focus on long-term enterprise-wide solutions. How do we break down those silos to create an environment of “responsible enablement” – where product and enterprise security teams collaborate and utilize synergies, and where security is seen as a complement, not a limitation, to product innovation? This cross-industry panel explores best practices for answering that question, ways to overcome common challenges, and their views on DevOps, product security and the future of enterprise security.

In this keynote, you’ll learn how to:

Build security into the product development process, whatever the product
Establish relationships between enterprise security, product security and product development
Accommodate variations in security posture across product lines

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Continuing the Conversation – Putting the "Sec" in DevSecOps

Daren Fairfield

CISO

Whirlpool Corporation

Kevin McLaughlin

Global Security Officer & Deputy CISO

Stryker

Andre Weimerskirch

VP Cyber Security

Lear Corporation

In the lunch keynote you learned how DevOps, product security, and InfoSec teams can breakdown barriers and work together to create an environment of “responsible enablement.” Don’t miss this opportunity to join the panelists for a deeper dive on:

Security and the product development process
Strategies to promote security within the business
Variations in security posture across product lines

1:20pm - 2:10pm Breakout Session

Cyber Risk Management – A Holistic Framework

Daniel Ayala

Chief Information Security & Privacy Officer

ProQuest

Chris DeRusha

CISO

State of Michigan

As organizations increasingly rely on digital processes, the need for a formalized cyber risk management program has become especially important. In this session, Chris DeRusha is interviewed about the risk management program he recently implemented across the state of Michigan.

Join this conversation and explore how to:

Implement a standard framework to assess risk
Manage third party risk
Create a culture of risk awareness

1:20pm - 2:10pm Executive Boardroom

IoT – Securing the Modern Gold Rush

Travis Bray

Director, Global Information Security

Magna Powertrain Inc.

Russ Gordon

CISO

BorgWarner

The number of connected devices is expected to reach 20.4 billion by 2020; thrilling for the consumer and often daunting for the CISO. Security teams are increasingly concerned by risks associated with this modern gold rush but struggle to address it quickly.

In this boardroom, you will learn:

How to securely facilitate IoT development
Effective communication tactics for increased visibility
To identify potential areas of risk regarding IoT

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Kenzie Howard at Kenzie.Howard@evanta.com or 971-978-5041.

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Failure as a Journey to Success

Billy Spears

SVP, CISO

loanDepot

It's not easy to be a cybersecurity professional. The pressure to be right each and every time is immense. After all, cyber criminals only need to be right once to gain access to your systems, compromising your data and assets. No one likes to fail – especially when it comes to keeping organizations secure. But experiencing failure can be positive – leading to increased knowledge, enhanced skills and stronger defenses. Join Billy Spears on his inspirational journey to success, where he will share:

How you can effectively raise security awareness in your organization
Strategies that can shift security priorities so the right issues receive the attention that they need
How to bring the CISO role closer to the business to better align security with company objectives

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Award-Winning Security Awareness

Earl Duby

Chief Information Security Officer

Lear Corporation

Brian Roberts

Global Communications & Information Security Awareness Lead

Lear Corporation

Earl Duby has a mantra – “protecting people, defending data” and he needed a new way to get all business teams to embrace that mantra and invest in protecting the organization. What emerged is a security awareness initiative that engages and educates employees across multiple levels and channels.

Learn from Lear’s award-winning program, including:

Strategies for creating security ambassadors
Innovative training and communication methods to get the message across
How to measure program engagement

9:00am - 9:50am Breakout Session

Securing Across the Lines of IT and OT

Dan Rozinski

Manufacturing & Engineering Technology Fellow

Dow Inc.

The blurred boundaries between IT and OT demand a more integrated, collaborative cybersecurity strategy. Join Dan Rozinski as he shares his journey managing security across these borders at Dow.

In this session, he will explore:

The convergence of IT and OT
Ways to develop a programmatic approach to cybersecurity
Communication and organizational strategies to drive a cyber safe culture

9:00am - 9:50am Executive Boardroom

Maintaining Efficiency in the Secure Enterprise

Bob Bacigal

AVP, Information Security

Amerisure Insurance

Kevin Gates

Deputy CISO

Ally

Wolf Goerlich

Advisory CISO

Duo Security

What tactics and technologies are effective in securing the enterprise without putting up barriers to business operations? In this interactive roundtable discussion, security leaders share strategies that maximize security while minimizing business bottlenecks.

In this session, security leaders will:

Define shared pain points where security controls are slowing business processes
Share ideas and best practices for reducing friction from security controls
Address ways to gain buy-in across the business when bottlenecks are unavoidable

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Cybersecurity Governance in an Era of Convergence

Rick Peters

Director, Operational Technology Global Enablement

Fortinet, Inc.

With the advancement of technology used to support industrial control systems (ICS) organizations are facing an expanding threat landscape. However, convergence is blurring the lines between IT and OT creating opportunities to improve the visibility, control, and situational awareness necessary for cybersecurity governance.

During this session, you’ll discuss:

Trends driving physical and digital convergence
Ways to evaluate your cybersecurity risk
Strategies to balance regulatory and compliance standards

10:20am - 11:10am Breakout Session

Pen Test Your Board Pitch – An Interactive Exercise

Pamela Hensley

Director, Information Security

AAA Life Insurance

Pitching to the board is a skill that must be mastered. CISOs are tasked to communicate business value and synthesize complex information in a way that makes sense. Pamela Hensley leads this interactive session where you will identify the holes in your board pitch – and improve it for the next time you’re in the hot seat.

In this collaborative session, you will work in a group to:

Create and deliver a board pitch
Receive real-time feedback on your pitch
Learn best practices and strategies for communicating with your board

10:20am - 11:10am Executive Boardroom

Strengthening Your Security Operations Center

Cathy Luders

IT Director, Security & Compliance

Wolverine Worldwide

Ethan Steiger

Vice President and Chief Information Security Officer

Domino's Pizza

As cyberattacks continue to worsen security operation centers need to stay ahead of these evolving threats. When managing incidents for your enterprise, it is critical to ensure that treats are properly identified, analyzed, investigated and reported.

During this boardroom, you will:

Develop effective implementation procedures for your SOC
Learn to best identify and evaluate incidents in the environment
Create communication and reporting strategies

11:10am - 11:40am Networking Break

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

The CISO Journey – Setting Yourself Up for Success

John Bingham

CISO

Fiat Chrysler Automobiles

Karla Thomas

Director IT, Global Security & Audit

Tower International

The journey of a CISO is a lot like the cyber threats they protect against – unique and often unpredictable. How can CISOs set themselves up for success as the role continues to evolve?

In this session, John Bingham shares:

Stories from his journey as a CISO
Lessons learned that can help guide security leaders
Perspectives on how to navigate today’s security environment

2:30pm - 3:20pm Executive Boardroom

Balancing the Cost of Compliance

Jeff Bell

CISO

Caretech Solutions

Robert Keefer

Corporate Security Officer

Tweddle Group

Whether it’s the EU’s GDPR requirements or California’s new data privacy laws, being compliant can be costly, time consuming and, at times, confusing. But does it have to be? In this roundtable discussion, get candid answers from your peers for how they’re staying ahead in a changing landscape, including:

Building a pathway to regulatory compliance
Understanding future compliance regulations
Balancing compliance overhead

2:30pm - 3:20pm Executive Boardroom

IAM – Solving the Identity Crisis

Arun DeSouza

Chief Information Security & Privacy Officer

Nexteer

Homyar Naterwala

Sr. Manager - Cyber Security

GE Capital

Chris Hamm

Manager, Sales Engineering

Micro Focus

Effective identity access management can be a convoluted process in today’s digital age. Cloud and mobile workforces necessitate new ways of thinking about how users access your company’s most important data. In this interactive roundtable you will discuss:

Establishing a roadmap and resources for success
Expanding and operationalizing user controls
Determining the correct admin access

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

The Future of Data Privacy

Christopher Murphy

Lead Counsel, Global Cybersecurity and Privacy & Chief Privacy Officer

General Motors

As CISOs, we are all grappling with the ever-changing privacy landscape. Join Chris Murphy as he shares his insights into the nuances of privacy regulation, what’s next, and how it will impact the role of information security.

In this session, you will cover:

The regulatory horizon
Better and best practices to address regulatory uncertainty
Ways to partner with your business to develop data practices and priorities to keep operations efficient while minimizing risk

4:20pm - 5:00pm Closing Reception & Prize Drawing