IN-PERSON

Houston CISO Executive Summit

June 25, 2018 | Four Seasons Houston

June 25, 2018
Four Seasons Houston

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Catharina Budiharto

Chicago Bridge & Iron Company N.V.
Director, IT Security

Mike Coogan

Waste Management
Director, Info. Security & CISO

Nikk Gilbert

ConocoPhillips
Dir. of Global Information Protection & Assurance

Paul Huttenhoff

CenterPoint Energy, Inc.
CISO

Steve Neiers

Chevron Corporation
GM, Info. Risk Strategy & Mgmt.

Derek Rude

Weatherford International
Director, IT Security

Curtis Simpson

Sysco Corporation
Sr. Director, Global Security/CISO

Agenda

June 25, 2018

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Leading the Business, Sysco’s Security Goes Global

Curtis Simpson

Sr. Director, Global Security/CISO

Sysco Corporation

Can smart security strategy inspire global business strategy? To Curtis Simpson, it was simply good risk management when he revamped Sysco’s enterprise security operations to become the company’s first global business unit. Yet in streamlining the way he secures international operations large and small, Simpson’s success has also provided a model that is influencing Sysco’s worldwide growth strategy as a whole. Join Simpson as he articulates the evolution of his global security model, and how this approach is inspiring broader shifts in Sysco’s global approach.

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Automation, Prioritization and the Lean Mean SOC

Genady Vishnevetsky

CISO

Stewart Information Services Corporation

How do you fight a limitless enemy that never stops? Armed with finite resources in the battle against a tireless barrage of cyber threats, Genady Vishnevetsky combined automation, prioritization, threat intelligence and a hybrid of internal and external staff for a lean security operations center that is up to the task. Join Vishnevetsky as he explains his roadmap to high-value and effective incident response, from prioritizing key assets on his network to optimizing the operation that keeps those assets safe.

9:00am - 9:50am Breakout Session

Enable—and Secure—Data Access

Klara Jelinkova

VP & CIO

Rice University

Striking the right balance between data access and data privacy is a key challenge for every enterprise, and effective governance is the fulcrum between these two competing priorities. The specific challenges may vary between organizations and industries, but common themes abound in the overarching strategies that security leaders can employ to protect their organizations and enable business agility. Join Klara Jelinkova as she shares a roadmap to secure a unique operating environment at Rice University, and participate in a peer-driven discussion to discover cross-industry best practices for data access and governance.

9:00am - 9:50am Executive Boardroom

Securing the ‘There’s an App for That’ World

Brad Vanderford

Sr. Manager, Information Security

LivaNova

Alex Mosher

Global Vice President, Cloud Solutions

MobileIron

There’s an app for everything these days. And a cloud service behind the scenes. From approving expenses in the grocery store line to looking up key customer information in the field, employees are more productive than ever in today’s mobile-cloud world. Yet it also means there’s data everywhere – on devices, in transit and in the cloud. CISOs face the challenge of crafting a security strategy that protects this data no matter where the data is. This discussion will explore how organizations are using mobile-cloud apps throughout the business, risks created through mobile-cloud technologies and best practices for keeping related data secure.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

9:00am - 9:50am Executive Boardroom

When IoT Security Meets the Cloud

Cynthia Soares

Director, IT Information Security

Baylor College of Medicine

Brian Tillett

Security Advisor

Cisco Systems, Inc.

Cloud-based services offer a sight-unseen solution for organizations to manage all kinds of information, including mission-critical data from their growing fleets of connected devices. Yet getting that IoT data to the cloud still requires the support of a robust on-prem architecture, one that communicates smoothly and seamlessly between the enterprise’s devices and the cloud. Join your peers to discuss best practices in managing the secure flow of data between devices and databases, with special emphasis on IoT and the cloud.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Interactive Workshop With a Top-Notch Tabletop

Catharina Budiharto

Director, IT Security

Chicago Bridge & Iron Company N.V.

Your CEO gets it. Your board gets it. From operations on up –everyone gets it. But how do you challenge the enterprise-wide assumption that“it will all work out” and make IT security incidents real and remembered?Implementing top-notch tabletop sessions can inspire a waterfall of security initiatives from the C-suite, creating alliances across the business and helping middle-management better communicate and act on an incident. In this interactive workshop, small groups will work through an incident and share their experience with the aim of taking the tabletop to the next level.

10:20am - 11:10am Executive Boardroom

What Your Board Needs to Know About Cybersecurity Risk

Steve Neiers

GM, Info. Risk Strategy & Mgmt.

Chevron Corporation

David Cronin

Head of Cyber Services

Leidos

Managing cybersecurity risk is best done with consistent methodology and the right set of metrics across multiple domains. Rather than a given technology approach, it’s more about defining a repeatable process and method that can assess cyber performance. Join this session to discuss what corporate leaders needs to know about cybersecurity and its necessary metrics and benchmarks. Learn which domains are key for any benchmark and the best ways to measure results against peers and the industry at large.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

10:20am - 11:10am Executive Boardroom

Adding Workflows, Automation and Orchestration for Better Incident Response

Angelique Grado

CISO

MRC Global

Paul Huttenhoff

CISO

CenterPoint Energy, Inc.

Genady Vishnevetsky

CISO

Stewart Information Services Corporation

Myke Lyons

Director & Global Head, Security Transformation

ServiceNow

Your team discovers a potential breach. Now what? For many organizations, it means smart people go into a room and try to figure out what to do. Manual processes for responding to security incidents simply can’t keep up with attackers. Building a security response runbook while layering automation and orchestration where appropriate is emerging as the winning strategy. But how do you get started? What do you prioritize? Join ServiceNow for a discussion on best practices around adding workflows, automation and orchestration to your security incident-response plan.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

10:20am - 11:10am Executive Boardroom

You Are Under Attack—Protecting the Modern IT Environment

Randy Calhoun

Risk, Security and Compliance Manager

Venator

Tom Kellermann

Chief Cybersecurity Officer

Carbon Black

As organizations embrace new IT environments such as mobile and cloud, priorities shift – often at the expense of increased risk to ever-changing networks where employees still expect “instant gratification” and access to data anywhere, anytime. With threats like malicious nation-state actors on the rise, securing this shifting virtual landscape is a crucial challenge. Join this peer dialogue to discuss how your peers are managing security in the evolving IT environment, from defining the shifting definition of “endpoint” to managing the behavior of users.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

11:10am - 11:40am Networking Break

11:40am - 12:50pm Keynote

Creating a Company of Owners of Security

Dr. Daren Martin

Culture Architect and Best-Selling Author of "A Company of Owners"

DarenMartin.com

In Dr. Daren Martin’s top-selling book, “A Company of Owners,” he provides a blueprint for business leaders to build a thriving culture and maximize employee engagement. For CISOs, embedding a culture of security across the business – and fostering a sense of security ownership – can truly elevate the program. In this session, Martin will teach you how to cultivate a company of “owners of security.” Be ready to create your BAM – Business Actionable Mantra!

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Securing the Higher-ed Partnership

Steve Neiers

GM, Info. Risk Strategy & Mgmt.

Chevron Corporation

Dr. Stan A. Napper

Dean, College of Engineering

Houston Baptist University

Scott vonFischer

CISO/Head of Technical Architecture

LyondellBasell Americas

Often described as having “negative unemployment,” the cybersecurity profession demands a steady pipeline of new talent. Many of today’s universities offer programs that produce fresh-faced cyber professionals armed with the latest technical talents, but the programs that really stand out, cyber leaders say, are the ones that align their curricula with the strategic needs of real-world business. This interactive panel will showcase partnerships between security leaders and higher-education institutions that seek to foster a pipeline of high-quality cyber hires. Join the conversation to share the skills you seek in your newest team members.

1:20pm - 2:10pm Executive Boardroom

Unlocking the Power of Risk-Adaptive Protection

Brad Hollingsworth

Director of Cyber Security

Mattress Firm

Brian Uffelman

Senior Director, Network Security

Forcepoint

Macro IT trends around cloud adoption and BYOD are greatly expanding the threat landscape faced by security organizations who can’t keep hiring to cope with the increasing levels of exposure. Security organizations must evolve from a threat-centric reactive environment in order to offer more effective cyber-security. What if there was a solution which could adapt protection dynamically and apply monitoring and enforcement controls, offering protection based on the risk level of users and the value of data accessed? This could enable security organizations to better understand risky behavior and automate the enforcement of policies, dramatically reducing the quantity of alerts requiring investigation and providing more efficient cyber-security. Join in the discussion around the next generation of data protection.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

1:20pm - 2:10pm Executive Boardroom

Implementing Operational Metrics to Effectively Communicate Cyber Exposure

Mike Coogan

Director, Info. Security & CISO

Waste Management

Kirk Hein

IT Security Ops, Supervisor

Aramco Services Company

Jack Huffard

President, COO & Co-Founder

Tenable

Cyber exposure is all about coverage – ensuring that you’re measuring the right things to secure the business. Equally important, defining your operational metrics creates a strategic baseline for a business discussion between the CISO, the CIO and the business, translating raw security data into a common language for communicating your security program goals and needs. Join us as we discuss how building the right approach to operational metrics enables organizations to better understand and address their cyber exposure gap to best defend the modern attack surface.

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Cybersecurity and the Board

Mario Chiock

Fellow

Schlumberger Limited

Effective communication to the board of directors and officers (c-suite) is a critical challenge for the security leader. While serving as stewards of risk management, board members rarely possess the foundational knowledge necessary for a well-informed conversation around cybersecurity. As enforcement pressure ratchets up on mandatory breach notification rules, the importance of a cyber-savvy board has only grown. Join Mario Chiock to learn his approach to cultivating a board that understands the world of security, and hear an update on the top-of-mind concerns for today’s corporate directors.

2:30pm - 3:20pm Executive Boardroom

Keeping Control in the Cloud

Randy Calhoun

Risk, Security and Compliance Manager

Venator

Segun Yayi

Head of Cybersecurity

EP Energy Corporation

Zack Milem

Cloud Solution Architect

Trend Micro Inc.

When data and applications live in the cloud, how does the CISO feel confident they are still in control of it all? Be it forensics in the cloud, data loss prevention in the cloud or access management in the cloud, security leaders are challenged to manage cloud and hybrid environments with the same control as traditional in-house systems. Join this session to learn how your peers are resolving the latest security challenges they face in their cloud environments.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

2:30pm - 3:20pm Executive Boardroom

A Look at the Future Threat Landscape

Mike Coogan

Director, Info. Security & CISO

Waste Management

Ken Liao

Malwarebytes

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Several major attacks in 2017 wreaked havoc of historic proportions on unsuspecting organizations. Some companies are still regrouping from the WannaCry ransomware attack. Cryptomining is the latest cybercrime to gain popularity. So what's next, and what should organizations expect to see in the next year? Join this discussion to learn the latest cyber threats and understand what to expect in 2018’s threat landscape.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

Our Future — AI vs. AI

Stuart McClure

CEO

Cylance

Make no mistake — the machines are coming for your systems, and a new era of cyber war is on the doorstep. Wielding the weapon of artificial intelligence, the malicious cyber actor of tomorrow is faster, craftier and more effective than ever before. Security leaders must fight fire with fire to stay one step ahead of this coming surge, embracing the latest in security innovation with a foundation of machine learning. In this keynote, cyber visionary Stuart McClure explores the future AI vs. AI to reveal a key strategy — extend the footprint on the endpoint and past the endpoint.

4:20pm - 5:00pm Closing Reception & Prize Drawing