Global CISO Community
Executive Summit

Join your fellow community members in ringing in Evanta's 2024 Global CISO Executive Summit. Reconnect with faraway peers over wood-fired pizza, poke bowls, and other provided dinner options. While you're at it, make sure to stop by the gelato station or mai tai bar before joining in a game of bocce ball. 

"Resort casual" attire is encouraged. 

Ready for a new professional headshot or LinkedIn profile picture? We've got you covered. Let our professional portrait photographer guide you through striking whatever pose best represents your unique, executive brand. All you have to do is join us outside the keynote space and look sharp (as if you weren't planning to already). They'll be taking pictures from 8am-4:30pm. 

Join this dedicated networking session for women in cybersecurity leadership and their allies to connect and build relationships with like-minded leaders around the globe who are making an impact in their organizations and communities. Come prepared to share ideas, inspire and be inspired, and forge new connections that can help empower each other to achieve your goals and broaden your perspectives.

This session is aimed at, but not limited to, women who are leading the cybersecurity function at their organizations (CISO or equivalent) and those reporting directly to the CISO/equivalent. Priority access will be reserved to these groups.

Today's businesses stand on the brink of a generation-defining change with the widespread adoption of AI. While it offers promise for productivity and proactive defense, cybercriminals are also using it to automate their attacks, hunt for targets, and exploit vulnerabilities. Global organizations must adopt a zero trust approach augmented by defensive AI capabilities to stay a step ahead of attackers.

Join this session to learn:

• How threat actors are using AI for attack surface discovery, to craft pretexts for advanced social engineering campaigns, and to exfiltrate sensitive data
• How organizations can achieve better visibility and more holistic risk management by “fighting AI with AI”
• Why zero trust architecture is critical in an era of rapid change and increasingly sophisticated threat actors

While the vast majority of infrastructure has been upgraded and modernized to secure the shift to the cloud, enterprise IT teams are still missing an equally seamless access method to safely deliver those now cloud-native apps and data. While traditional browsers have become the de facto access point for the majority of business critical applications, they lack the deep inspection capabilities and hyper-granular security controls global organizations need. This results in security teams surrounding their browsers with layers of tech to meet those needs.

Join this breakout session to discover:

• Why traditional cloud security methods undermine your global modernization efforts and end-user experience
• Embracing technological momentum to adapt to a "more-with-less" security landscape
• How Global CISOs are using this solution to bolster cloud security

As a response to recent rulings, a feeling of satisfaction just covering your bases is understandable. But "compliance" and "security" are two different things. Only by deliberately working toward greater resilience can CISOs achieve both.

Join Tim Callahan, SVP, Global CISO, Aflac to:

• Discuss the dangers of prioritizing compliance over security
• Walk, step-by-step, through a proven route to resilience
• Access new paths to defensibility and personal insulation

In today's interconnected business landscape, the risks associated with third-party relationships extend far beyond immediate partners. Organizations must recognize the potential threats that exist throughout their entire supply chain, even up to the 8th party. CISOs play a critical role in understanding and effectively managing this complex web of connectedness to mitigate enterprise risk.

Join this session to discuss:

• Gaining holistic view of risk across the whole supply chain
• Developing effective third-party risk management strategies
• Implementing best practices for managing and monitoring business partners

Prioritizing and eliminating the cyber risks that matter most is the ultimate goal of global security leaders. But how do you validate that your efforts are hitting the mark? It all comes down to well-crafted measurements:  metrics that global CISOs can rely on and are easily understood by all stakeholders across the business.

In this session, we will discuss:

• Cybersecurity risk assessment essentials and which risks truly carry weight
• Concrete approaches to determine effectiveness of security capabilities
• Creating simple "metric cards" to communicate across stakeholders

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

 Be among the first to see what’s new and next in the security solutions landscape. Three early-stage providers will get the chance to showcase their innovative solutions to the most pressing cybersecurity challenges.

Spotlight Presenters from: 

• BlueFlag Security
• Harmonic Security
• Aembit

 All organizations seek opportunities for growth and efficiency as they modernize. Digital transformation, cloud adoption, and the shift toward remote work have fundamentally changed the requirements for security and network architectures. Complex security challenges include the sophistication of cyber threats, the potential for sensitive data exposure through Generative AI, vulnerabilities within trusted SaaS applications, and the pervasive issue of data sprawl and how it challenges privacy and compliance.

The common denominator in these challenges is that traditional defenses are slow and increasingly inadequate. It simply isn’t enough to improve or add onto existing security and network tools; the entire approach to securing and optimizing infrastructure also needs to modernize.

Join Sanjay Beri, CEO & Co-Founder, Netskope as he guides you through:

• How to strategically select and consolidate technology tools to enhance agility, reduce risk, and maintain cost-effectiveness
• What an effective security architecture looks like from an executive governance point-of-view
• How to calculate the business value you can derive from a converged networking and security platform

You’ve heard it all before: the DBIR tells you people are your biggest risk, phishing simulations tell you your users fall for social engineering, and simple security measures you deploy are sometimes met with howls of protest. But what if it didn’t have to be that way?

Join this session for a fresh perspective on:

• Moving security alerts from the SOC to where users work
• Protecting end users perception of security controls
• Transforming security teams’ interactions with end users

Today's mandated notification protocols and shifting regulatory landscapes, along with the looming specter of professional liability, compel CISOs to solidify their alliances with legal advisors. Together, this partnership can create robust materiality assessment frameworks, elevate risk management strategies, and refine communication tactics. The goal is clear - precision in compliance.

This session brings together the insights of an experienced SEC lawyer and a seasoned CISO to:

• Decode the ramifications of the SEC's regulatory updates for CISOs
• Offer actionable strategies for navigating the SEC's requirements and broader legal challenges
• Review reporting practices using a good, better, best approach

Awareness, knowledge, education and training are not enough to change users' security behaviors in a sustainable way. That's because these core principles of traditional security awareness and training (SA&T) are focused on compliance. This makes sense in terms of ticking obligatory boxes, but it doesn’t actually tackle the issue at hand: cyber risk is fundamentally a human concern.

Join this session to discuss:

• Unpacking pain points and limitations of traditional security awareness training (SA&T)
• Quantifying cyber risk in more human terms of likelihood and impact
• Translating risk metrics into actionable insights for business stakeholders

AI is transforming software development at massive speed and scale. It is crucial to recognize the unique challenges and opportunities this combination presents. By integrating AI with application security, CISOs can significantly enhance their organizations' Application Security programs to match the speed and scale of code generation platforms. Gen-AI adoption also helps significantly with legacy tech debt.

Gather with your C-level peers to discuss:

• The impact of gen-AI on software development life cycle (SDLC) and overall organizational ecosystem
• The challenges to overcome chronic technical debt
• Actionable steps to the adoption of gen-AI to fuel the growth and achieve business objectives

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Effectively communicating cybersecurity risks to the board is a critical challenge for CISOs. Clear and effective communication is essential for aligning with business objectives and fostering informed decision-making. Understanding how to measure and strategically present these risks is crucial for gaining board engagement and support.

Join this breakout session to discover:

• Methods to engage board members and foster meaningful discussions on risk
• Case Studies and real-world examples of successful risk communication
• Best Practices and insights into creating risk reports that drive informed decision-making

 When Marc Varner, CISO at Lowe’s, built-out an IAM program, he wanted to do things differently. With a team of internal developers, Lowe’s set out to build a customized, scalable and secure in-house program that supported enhanced user profiles and made strategic and financial sense with changes that could be deployed on a dime.

Join this session to learn the importance of:

• Identifying the strategic, financial and risk implications of building a ground-up program
• Understanding when it’s better to build vs. buy
• Recognizing the aspects of IAM an in-house program does not fix

Accurately measuring and communicating risk is no longer optional — it's crucial. CISOs today must manage an evolving threat landscape and shift company culture to prioritize risk mitigation. Making risk a top priority for the organization will require you to optimize metrics, enact strategic risk mitigation and foster effective communication.

Join this boardroom to hear strategies on how to:

• Develop precise frameworks and KPIs to drive actionable insights and decision-making.
• Align mitigation techniques with business goals to minimize exposure and reduce CISO liability.
• Master transparent and impactful communication to secure stakeholder buy-in and shift company culture.

Existing identity security tools mainly focus on human identities. However, NHIs (such as service accounts) often pose a greater risk and are harder to manage. They outnumber human identities, have high privileges, can't use MFA, and are challenging to find across the infrastructure.

Join this interactive roundtable to discuss:

• Challenges in finding NHI accounts, credentials and owners
• Existing tool successes and gaps
• Envisioning the ideal management of NHIs

You've spent a good majority of your career in information security, climbing your way to the top - to the CISO role. You finally made it. But... what's next? What are your career options and how should you prepare for exploring them?

Join this panel of current and former CISOs to learn about:

• How to set yourself up for success when preparing for the transition after a CISO Role
• Knowing what your career options are
• The skills and experience you'll need to bolster your board position marketability

Ready for a new professional headshot or LinkedIn profile picture? We've got you covered. Let our professional portrait photographer guide you through striking whatever pose best represents your unique, executive brand. All you have to do is join us outside the keynote space and look sharp (as if you weren't planning to already). They'll be taking pictures from 7:30am-1:45pm. 

AI is the fastest adopted technology in history — changing how we work, write code and communicate. But hackers — by definition innovators and early adopters — have deployed AI to accelerate and scale attacks. AI can also turbocharge cyber defense with new levels of automation and flexibility.

In this session, learn:

• The AI threat landscape and building an appropriate defense
• How to secure the adoption of GenAI for employees and developers
• How new innovations in AI can help security teams improve risk management, operational efficiency and reduce costs

The potential of Generative AI to transform employee productivity is more than just hype. But we can’t ignore the new attack surface which is created when LLMs are given access to proprietary corporate data and equipped with the ability to make decisions and take actions. Organizations will be inadvertently introducing novel attack vectors that enable surprising new attack techniques.

In this presentation, Vectra AI Founder & CEO Hitesh Sheth will discuss:

• Balancing the utility of LLMs and the security of your organization
• The impact of GenAI in the age of hybrid attacks
• How to mitigate risk and exposure in the adoption of GenAI technologies

Partnership is possible. And, when that partnership is at its best, it can make life a lot easier for information and security executives alike. To pull it off, CIOs and CISOs will need transparency and a jointly-held goal to both avoid risk and meet business goals. 

Demonstrating their collaborative relationship, Luis Suarez and Marcos Marrero will discuss:

• Strengthening the IT-Security partnership to fuel innovation and accelerate new technology deployments
• How security became ingrained throughout the entire enterprise
• Making the relationship work regardless of the reporting structure

In today's sprawling enterprises, SaaS applications form the backbone of critical operations, yet their interconnected nature exposes your organization to complex cyber threats. It's essential for Global CISOs to understand how to protect these digital assets from breaches that can compromise sensitive data and disrupt business. 

Join this session to explore:

• How modern SaaS breaches occur and what are the key vulnerabilities
• Responsibilities various stakeholders hold in maintaining SaaS security
• How zero trust principles can be effectively applied to secure SaaS environments

The cybersecurity skills shortage continues to pose significant risks for organizations worldwide, as highlighted in Fortinet's 2024 Global Cybersecurity Skills Gap Report. How are CISOs addressing the critical challenges posed by the skills gap with the increasing liability for breaches?

Join this boardroom to explore:

• How the cybersecurity skills shortage is leading to more breaches and the severe repercussions
• How a platform and automation approach can help reduce operational overhead
• Why training & recruitment from diverse talent pools can support your organization's security posture

Be among the first to see what’s new and next in the security solutions landscape. Three early-stage providers will get the chance to showcase their innovative solutions to the most pressing cybersecurity challenges.

You'll hear from: 

• Auguria
• BforeAI
• BreachRx

 CISOs are under immense pressure to protect the enterprise from increasingly sophisticated threats. The stakes are high, and the challenges are numerous. However, the risks posed to the CISO as an individual, are often overlooked.

This fireside chat will delve into:

• Understanding the factors that heighten liability and persevering through personal risk
• Being held accountable for security outcomes where you lack the necessary authority, relationship, or resources
• The risks of controlled messaging and the need for clear, autonomous communication

Strong identity and access management (IAM) practices and zero trust architectures are highly effective security measures, but they often focus on prevention rather than security monitoring. Security monitoring should be a critical component of these initiatives, as emphasized by ITDR discussions and NIST 800-207 guidance. How CISOs ensure that security monitoring is effectively integrated?

Join this session to discuss:

• Understanding essential monitoring requirements
• Designing an effective security monitoring architecture that supports IAM and Zero Trust principles
• Lessons learned and overcoming the challenges of integration

 The identity fabric has become non-human. The sprawl of ungoverned privileged service accounts, keys and secrets has opened a new threat vector that is increasingly exploited. What are you doing about it?

Join us in this session to discuss:

• The role of non-human identities in recent breaches
• The challenges of securing non-human identities
• Planning for the future of identity programs to meet both human and non-human requirements

The challenges to protect sensitive data and meet increasingly stringent privacy laws and regulations is a daunting endeavor. The dramatic increase in the use of LLMs and Generative AI has only complicated matters more. Data discovery and classification are not enough, and organizations need an overall sense of data governance as they navigate this complex environment.

Join this session to learn how:

• Data lineage will play a key role in data governance strategies
• CISOs can establish a secure, modern governance framework
• To protect high quality data throughout its lifecycle while reducing risks

Cybersecurity measures are adept at detecting and responding to incidents across various layers, but the application layer often remains vulnerable. Many organizations have a massive vulnerability backlog that demands timely and effective defense.

Join this boardroom to explore:

• Understanding the scale of the backlog and strategies to prevent exploitation 
• The intricacies of application and API protection within the security operations ecosystem
• Benefits of having a comprehensive blueprint that reveals attack surfaces, defenses, dangers, and connections

With the sensitivity of privileged accounts, unpatched vulnerabilities and an extensive remote workforce, robust and automated identity security is essential to securing your most critical systems and data. Implementing this is a journey, not a quick fix.

Join this interactive boardroom to:

• Discuss the difference between strong identity solutions and simple password management

• Address different approaches to solving Privilege Access Management

• Gain executive buy in from legal, HR and IT on effective solutions

Members of the Evanta Global CISO and CIO communities are invited to convene, network, and enjoy food and drinks ahead of Evanta's Gala Keynote. 

Semi-formal attire is encouraged. 

Few people have impacted the modern world as significantly as Steve Wozniak. As Co-Founder of Apple Computer, Woz remains one of tech's most fabled figures. A witness and contributor to countless industry advancements, he's an unmatched source of insight and experience.

Members of Evanta's Global CIO & CISO communities receive access to:

• Woz, live and unrecorded from the Global keynote stage
• Rare stories, thoughts and opinions on tech's past, present and future
• Inspiring accounts of successful, innovation-led businesses