IN-PERSON

Houston CISO Executive Summit

December 9, 2019 | JW Marriott Houston by the Galleria

December 9, 2019
JW Marriott Houston by the Galleria

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Mike Coogan

Waste Management
Senior Director, Cybersecurity

Angelique Grado

MRC Global
CISO

Paul Huttenhoff

CenterPoint Energy, Inc.
CISO

Annessa McKenzie

Calpine Corporation
VP of IT & CSO

Steve Neiers

Chevron Corporation
GM, Info. Risk Strategy & Mgmt.

Derek Rude

Weatherford International
Director, IT Security

Genady Vishnevetsky

Stewart Information Services Corporation
CISO

Agenda

December 9, 2019

morning mid-afternoon afternoon

7:30am - 8:15am Registration & Breakfast

8:15am - 8:30am Opening Comments

8:30am - 9:00am Keynote

Don’t Risk It — Learn to be Ethically Vigilant

Rashmi Airan

Ethics Speaker

Author & Thought Leader

One oversight, one moment of turning your head the other way is all it takes to alter the course of your entire career. That’s the lesson Rashmi Airan learned after approving a few creative transactions during her time as a real estate lawyer. After serving time in prison for bank fraud, Rashmi speaks about the importance of being ethically vigilant.

Join Rashmi’s session to learn how to:

Create a culture of ethics and compliance
Identify slippery slopes that can lead down an unethical path
Be ethically vigilant in and out of the workplace

9:00am - 9:20am Networking Break

9:20am - 10:10am Breakout Session

Shaping the CISO Role in an Evolving Landscape

Renee Tarun

Vice President Information Security

Fortinet

As the cybersecurity landscape continues to shift, the human aspect of security has become more important than ever. CISOs need to be a business enabler, not just an expert in technology and processes.

In this session, you will examine:

Concerns CISOs face in the evolving threat landscape
How the CISO role is changing
Strategies to be seen as a strategic driver

9:20am - 10:10am Breakout Session

Cyber Risk Management — Removing Security as a Roadblock

Mary Rose Martinez

CISO and Senior Director, IT Architecture

Halliburton

As organizations increasingly leverage digital technology, the dichotomy between technology adoption and cybersecurity is exacerbated. While CISOs see increased cyber risk when looking at new technology, the business sees cybersecurity as a roadblock to innovation. Join Mary Rose Martinez as she shares how Halliburton’s cyber risk management framework balances these seemingly opposing viewpoints.

In this session, you will explore:

Risk acceptance as a business enabler
Advantages of active business engagement
How to drive behavioral change through reporting

9:20am - 10:10am Executive Boardroom

Modern Approaches to Protecting Your Third-Party Ecosystem

Angelique Grado

CISO

MRC Global

Craig Wood

Director of Infrastructure and Security

Tricon Energy

Dave Stapleton

CISO

CyberGRX

It's no secret that hackers are opportunistic. They are constantly looking for the weakest link and are quick to capitalize on one as soon as it's spotted. This boardroom will discuss:

Third-party cyber risk best practices
New strategies for third-party cyber risk management (TPCRM) and how they work
How to scale your third-party cyber risk management (TPCRM) program to evolve with your ecosystem

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Tyler Ward at Tyler.Ward@evanta.com or 971-230-3500.

9:20am - 10:10am Executive Boardroom

Regulation & Privacy — Beyond GPDR

Brad Hollingsworth

Director of Cyber Security

Mattress Firm

Christopher Kar

Information Security Advisor

Fort Bend Independent School District

Since its enforcement date, GDPR has changed the way CISOs think about privacy risk management. In addition, it became a catalyst for new data protection laws and regulation. Compare best practices for your industry, business and regulatory environment in this interactive discussion, including:

How to interpret the implications of regulatory requirements
Strategies to stay ahead of ever-changing privacy regulations
Methods to optimize your data privacy program

10:10am - 10:30am Networking Break

10:30am - 11:20am Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Neal Roylance

Director of Security Research

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

10:30am - 11:20am Breakout Session

Security Metrics — What’s Your Story?

Jeff Pounds

Information Security Officer

Baylor College of Medicine

Cynthia Soares

Director, IT Information Security

Baylor College of Medicine

Finding metrics that make sense to measure security program success — and make sense to non-technical people — is a challenge. Success can be rare. Join Cynthia Soares as she shares the security metrics program she developed and how it has transformed the way Baylor manages risk in the business.

In this session, explore:

Security metrics that are relevant to the executive team
How to put security risks in business terms
Strategies to leverage metrics to bolster the security budget

10:30am - 11:20am Executive Boardroom

The Next Great Security Challenge — Securing SD-WAN

Morgan Gothard

Sr Director - Identity, Compliance, IT Security

Energy Transfer Partners

Robert Shaffer

Director, Info. Sec.

University of Texas Medical Branch at Galveston

Ryan Poppa

Senior Manager of Product Management, Cloud Security

Cisco Umbrella

The market consideration and adoption of software-defined WAN (SD-WAN) represents the largest networking transformation in recent history. Organizations are turning to SD-WAN to improve connectivity, reduce costs, and simplify management at their branch office locations. But what about security?

In this boardroom, you will discuss:

Embracing change — the pros and cons
Addressing weaknesses within brand offices and roaming users
Keeping security top of mind for business leaders

11:20am - 11:45am Networking Break

11:45am - 12:30pm Lunch & Comments

Lunch & Interactive Discussion

In this networking lunch you have the opportunity to hold relevant conversations with peers facing similar challenges and opportunities in a specific industry. The below questions are a guideline for you to start your topical table conversations.

Security operations

What is the maturity of your security operations program?
What is your process for building an operational playbook?
What KPIs or KRIs do you use to measure success?

Communication and awareness

How do you approach security with a holistic lens?
What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?

Access and Identity Management

What strategies and tools are you using to improve visibility into your systems?
How are you integrating the user experience with security?
How are you measuring the success of your access management program?

Governance and privacy

How are you responding to/preparing for regulatory changes?
How do you balance compliance with business requirements?
What standards and metrics are you using to measure risk?

Talent and developing leaders

What are some tangible strategies for creating and developing new talent resources?
What best practices exist for retaining talent, once secured?
How are you developing your future leaders? What succession plan strategies do you have in place?

12:30pm - 1:00pm Keynote

Right-Sizing Risk — How to Talk to the Board About Cybersecurity

Jeff Costlow

Deputy CISO

ExtraHop

As enterprises grow increasingly reliant on technology for every aspect of operations, CISOs have found themselves in a completely new operations center: the boardroom. Headline-grabbing breaches can draw a lot of attention from business stakeholders and board members, but staying focused on the likely scenarios offers the best protection. In this session Costlow will share strategies for discussing security and technology priorities at the board level.

Put risk in perspective and focus on your plan for recovery
Understand the gaps in your program and come with a plan to fill them
Focus on business risk/reward by mapping core security priorities to business objectives
Create a roadmap to “Yes” by prioritizing business performance without sacrificing security

1:00pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

From Zero Trust to Zero Touch with Intelligent Security

Todd Berger

Senior Director Technical Solutions

BlackBerry

Organizations are challenged to strike a balance between security teams who want a Zero Trust approach and employees who desire seamless Zero Touch access. Bridging that gap is Artificial Intelligence and a Zero Trust Architecture.

This session dives into:

Why the view of endpoints impacts how they’re secured and managed
How adaptive security and artificial intelligence can protect all endpoints
The ultimate goal of increasing security while acknowledging other factors

1:20pm - 2:10pm Breakout Session

A Deep Dive into Blockchain and Cryptoeconomics

Linda Marcone

VP & CISO

Conn's HomePlus

We all struggle to fully understand the adoption of cryptocurrency. As some wait to see what others are doing, some leaders are taking action. Join Linda Marcone, VP & CISO, Conn's HomePlus and learn how cryptoeconomics can work for your business.

In this session, you will:

Dive into the scale and size of the crypto economy
Explore case-studies of bitcoin and blockchain
Discuss what is on the horizon for the crypto economy

1:20pm - 2:10pm Executive Boardroom

Upcoming Trends in Threat Intelligence

Mary Dickerson

AVP/AVC IT Security, CISO

University of Houston System

Stuart Wagner

Director, IT Sec. & Compliance

Enterprise Products

Staying up to date on the current threat intelligence landscape is imperative when it comes to protecting against a cyberattack. With new technologies gaining momentum, CISOs must understand new threats that have come up and how these technologies can be used in combative response.

In this boardroom, you will learn:

Trends in threat intelligence
How to use threat intelligence insights to combat threats
How to allocate resources to maximize risk protection

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Reviewing a Network Attack

Samuel Sutton

Computer Scientist

Federal Bureau of Investigation

Recent headlines confirm what CISOs already know — the question is not if, but when an organization will be breached. How can CISOs prepare for the inevitable? In this session, hear directly from the FBI on a real-world investigation into an intrusion of a large network.

Join the conversation and learn:

What the FBI was looking for in this investigation and what surprise was discovered
Specific techniques and tactics attackers are using
Some of the unanticipated results of this investigation
Legal concerns and ethical issues to be aware of

2:30pm - 3:20pm Executive Boardroom

Embedding Awareness Into the Culture

Sameer Koranne

Global Operational Technology Security Officer

Covestro

Scott Smith

Chief Information Security Officer

City of Bryan

You are only as strong as your weakest link. To ensure your organization has the strongest defense against cybercrime and protects customer data, information security needs to be part of every employee's life.

In this boardroom, you’ll:

Explore innovative ways to take your security awareness program to the next level
Discuss strategies for cultivating security awareness across the organization
Identify ways to measure success for security awareness

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:20pm Keynote

Refining the Security of OT Environments

Angela Haun

Executive Director

Oil & Natural Gas Information & Analysis Center (ONG-ISAC)

Al Lindseth

SVP, Risk Management & IT

Plains All American Pipeline

Kenny Mesker

PCN Cybersecurity Advisor

Chevron

Mike Coogan

Senior Director, Cybersecurity

Waste Management

While the stakes are high, improving digital security for industrial environments remains a challenging problem for many organizations. Join this panel of experts as they discuss the latest ideas to tackle several key areas in OT security such as: