IN-PERSON

Houston CISO Executive Summit

December 10, 2018 | Hyatt Regency Houston

December 10, 2018
Hyatt Regency Houston

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Mike Coogan

Waste Management
Director, Info. Security & CISO

Angelique Grado

MRC Global
CISO

Paul Huttenhoff

CenterPoint Energy, Inc.
CISO

Steve Neiers

Chevron Corporation
GM, Info. Risk Strategy & Mgmt. (CISO)

Derek Rude

Weatherford International
Director, IT Security

Curtis Simpson

Sysco
Sr. Director, Global Security/CISO

Genady Vishnevetsky

Stewart Information Services Corporation
CISO

Agenda

December 10, 2018

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:00am Opening Comments

Welcome to the 2018 Houston CISO Executive Summit!

7:45am - 8:30am Keynote

A Decade of InfoSec - What Have We Learned?

Dan Chisum

Mgr., IT Security, Strategy & Planning

ConocoPhillips

Keith Herndon

CISO

BHGE

Mike Coogan

Director, Info. Security & CISO

Waste Management

On this 10th edition of the Houston CISO Executive Summit, Dan Chisum, a founding Governing Body co-chair, moderates a retrospective panel examining the priorities of Houston security leaders nearly a decade ago. Add your voice as panelists discuss the twists and turns of information security leadership over the past decade, as well as expectations of what comes next.

This panel discussion will cover:

Insights from the very first Houston CISO Leadership Perspective Survey
The evolution of the security executive role
A projection of what to expect in the next 10 years

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

What’s Behind the ‘C’ in CISO? A CEO’s Perspective

Faisal Naseem

CEO

Sooner Inc.

According to CEO of Sooner Pipe, Faisal Naseem, “Any time you put a ‘C’ in front of a designation, that person needs to be a well-rounded individual.” Join Naseem as he reveals the essential attributes a CEO looks for in an effective security leader and offers a template for evolving your own influence as an executive.

In this session, learn:

What your CEO wants to know about information security and risk
The importance of, and methodology for developing, strong business acumen
Effective communication strategies for gaining buy-in across the organization

9:00am - 9:50am Breakout Session

Unified Security Strategy for the Hybrid Cloud

Angelique Grado

CISO

MRC Global

Many security leaders face the challenge of securing a blend of on-premises and cloud services, and achieving a seamless strategy addressing both is no easy task. Angelique Grado shares her framework for securing hybrid services at MRC Global, addressing noteworthy issues such as:

Governance for data and users in hybrid systems
Orchestration between cloud and on-prem services
Benefits and pitfalls of hybrid infrastructure

9:00am - 9:50am Executive Boardroom

A Deep Dive Into Cybersecurity’s Big Trends

Brad Hollingsworth

Director of Cyber Security

Mattress Firm

Curtis Simpson

Sr. Director, Global Security/CISO

Sysco

TK Keanini

Distinguished Engineer & Product Line CTO for Analytics

Cisco Systems, Inc.

Following an opening keynote tracing some of the past decade’s biggest InfoSec trends, this intimate roundtable discussion allows security leaders to refine their plans in preparation for the next ten years. Learn how your peers are securing the future in a conversation that reveals long-ranging best practices, anchoring in areas such as:

How will the responsibilities of the CISO change in the next 5-10 years?
Staffing: what trends will continue and what trends will emerge in the next 5-10 years that impact your staffing strategy?
What are the 2-3 most transformational trends that significantly impact your long term strategy.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Big-Picturing the Board Pitch

Brad Hollingsworth

Director of Cyber Security

Mattress Firm

In order to keep the board approvals coming, security leaders must articulate how every incremental step advances the goal of reducing risk for the organization. Join Brad Hollingsworth to learn his roadmap for building a compelling board narrative that leverages existing operational data for the security function, including:

How to effectively use existing data from penetration testing and other projects
Visualization and prioritization that makes sense for the board
A FUD-free metrics methodology

10:20am - 11:10am Breakout Session

Achieving Better Business Results by Embedding Leadership Culture

Jeffrey Gill

Chief Talent Officer

Sasol North America Inc.

Jeff Gill explains the 5-year journey from defining culture to embedding a leadership model that drives the right behaviors.

10:20am - 11:10am Executive Boardroom

Strengthening Your Security Operations Center

Mario Chiock

Fellow

Schlumberger

Kent Knudsen

Supervisor, Information Security

Plains All American Pipeline

When it comes to taking your data from you, cyber criminals never rest. If they can’t get in one way, they will try another. Therefore, when managing incidents for your enterprise, it is critical to ensure that threats and attacks are properly identified, analyzed, communicated, defended, investigated and reported.

During this boardroom discussion on cyber operations, discover:

How to develop effective principles and procedures for security operations centers.
The best way to identify events and incidents in the environment.
How to create effective communication and reporting strategies for the entire organization.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

11:10am - 11:40am Networking Break

11:40am - 12:50pm Keynote

InfoSec Insights: Gerhard Eschelbeck, Google

Gerhard Eschelbeck

VP Security Engineering (CISO)

Google Inc.

Steve Neiers

GM, Info. Risk Strategy & Mgmt. (CISO)

Chevron Corporation

Sitting at the fulcrum of business opportunity and risk, cybersecurity leaders play a pivotal role in the modern enterprise that only stands to grow in importance in this era of digital disruption. As a preeminent InfoSec luminary who heads internal and customer information security for Google, Gerhard Eschelbeck joins the Houston CISO community to discuss some of the key trends driving this all-important executive role. Join Eschelbeck for a wide-ranging, on-stage interview as he shares:·

A window into cybersecurity at Google
Insights on cyber risks of emerging technology
Reflections on the evolving role of the cybersecurity leader

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

‘Selling’ Security Awareness Using a Marketer’s Mindset

Stuart Wagner

Director, IT Sec. & Compliance

Enterprise Products Partners L.P.

How does the information security leader get their users to take best practices seriously? For Stuart Wagner, it has helped to take a bit of a marketer’s mindset to “sell” security awareness across the organization. Follow Wagner’s success story and explore the key elements of effective security awareness training in the modern era, including:

Applying marketing principals to a security awareness training plan
How much communication is too much? How much is too little?
Nuances for training and communication with executives

1:20pm - 2:10pm Interactive Session

Workshop — High-Impact Security Strategies

Paul Huttenhoff

CISO

CenterPoint Energy, Inc.

Security leaders from programs of all shapes and sizes are united in a constant hunt for high-impact strategies to effectively leverage their resources and keep their organizations secure. This series of roundtable discussions will drive toward the most creative ideas from a spectrum of organizations, providing attendees a litany of relevant strategies covering the broad areas of:

People
Process
Technology

1:20pm - 2:10pm Executive Boardroom

Board Communication -- Translating Insight Into Action

Marc Crudgington

CISO; SVP Information Security

Woodforest National Bank

Paul Dial

CISO

Hess Corporation

Unlike the CISO role of just a few years ago – where many could still focus heavily on the bits and bytes – today’s security leader is also expected to be a business leader. Therefore, it is imperative that CISOs become fluent in the languages of risk, finance and strategy if they want to effectively convey their message and get what they need to protect the organization.

Join your peers to find out:

How to educate your board on cybersecurity so they become champions for security in your company.
What the board really wants to hear from CISOs.
Which metrics will help you craft a compelling story that inspires action.

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Building Strategic Partners by Changing Vendor Relationships

Ken Piddington

CIO

SGR Energy

With today’s ever-evolving and changing vendor market, why not make your vendor a key contributor to the organization? The transactional vendor relationship has limited benefits and can leave your bottom line suffering. It’s time to change your approach to vendor management.

Based on his own “Strategic Partner Program,” Ken Piddington:

Explains his philosophy on vendor management
Teaches how to revitalize a vendor relationship to reflect what you are truly looking for: a strategic partner
Guides you through the stages of relationship-building with vendors to elevate their quality so they help, not hinder, your bottom line

2:30pm - 3:20pm Executive Boardroom

The People Problem — Security Awareness Training

Bobby Joseph

Chief Information Security Officer & Director, SAP Infrastructure

Bristow Group Inc.

Genady Vishnevetsky

CISO

Stewart Information Services Corporation

Even as security tools become increasingly advanced, the biggest vulnerability in a company continues to be its people. With attacks on the rise, executives must make employee training even more sophisticated.

In this boardroom, you’ll:
Discuss different educational approaches with your peers
Determine how to evaluate the level of training needed
Identify key training components and methods of measuring their efficacy

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

2:30pm - 3:20pm Executive Boardroom

Refining the Security of OT Environments

Neel Adhikari

Global Security Program Management

Solvay North America, LLC

Steve Neiers

GM, Info. Risk Strategy & Mgmt. (CISO)

Chevron Corporation

While the stakes are massive, improving digital security for industrial environments remains a vexing problem for many organizations. Roll up your sleeves with your fellow security leaders and discuss the latest ideas to tackle several key areas in operational technology security such as:

Convergence of IT and OT environments
Best practices in OT incident response
Perspectives on the latest threat landscape for OT

To reserve your seat, please contact:

Pierre Ngung at 503-808-9818 or pierre.ngung@evanta.com

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

The Next Century of Cybersecurity

Ben Hammersley

Author & Futurist

Today’s breakneck pace of technological disruption is only matched by the flood of sensitive data flowing to the digital realm, and information security leaders are a lighthouse in the storm. What’s next for the CISO, and what’s next for the threat landscape they face? Will new technologies completely rewrite what it means to be a CISO? Capping an agenda that began with a look to the past, Futurist Ben Hammersley shares his meditation on the future of cybersecurity: