IN-PERSON

Minneapolis CISO Executive Summit

December 10, 2019 | Hilton Minneapolis

December 10, 2019
Hilton Minneapolis

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Douglas DeGrote

Allianz Life Insurance Company of North America
CISO

Patrick Joyce

Medtronic plc
VP, Global IT & CSO

Michael Kearn

U.S. Bank
VP, Managing Business Information Security Officer Security Risk & Technology Consulting

Tris Lingen

3M
Chief Information Security Officer

Jim O'Conner

Cargill, Inc.
CISO

Kathy Orner

CWT
Chief Risk Officer

Agenda

December 10, 2019

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:00am Opening Comments

8:00am - 8:30am Keynote

Criminal Perspectives – Past, Present and Future of Cybercrime

Brett Johnson

Former US Most Wanted Cybercriminal and Original Internet Godfather

If you want to know about crime, ask a cybercriminal. Join "The Original Internet Godfather" Brett Johnson for a one-of-a-kind presentation on security and leadership in the new threat landscape. Considered one of the best social engineers in the world, he will share how he learned to live on the right side of the law.

In this keynote, Brett will dive into:

The current state of crime and common flags, from synthetic fraud to account takeovers
The power of organized networks – for good or harm – and ways to disrupt criminals
What’s next, and what you can do to protect yourself and your business

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Creating a Strong Line of Defense Through Awareness

Jeff Weeks

SVP and CISO

First National of Nebraska, Inc.

Awareness is the number one tool in our information security arsenal to combat information security threats. One user, one click, and millions of dollars of technical defenses can be defeated. First National Bank has an aggressive security training and awareness campaign, engaging employees through multiple avenues year-round. Jeff Weeks shares his strategies on protecting employees at home and work through elevated security consciousness.

In this session, learn:

The value of branding information security
The personal touch you can bring to security awareness
How to transform security into an enabler for business units

9:00am - 9:50am Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Peter Kobs

EVP

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

9:00am - 9:50am Executive Boardroom

Next-Generation Cloud Security

Steven Scarbrough

Enterprise Security Architect

Daktronics

Tony Taylor

CISO

Land O'Lakes

Steve Quane

Chief Product Officer

Trend Micro Incorporated

As organizations increasingly turn to cloud-based services to enable the next phase of digital transformation, security leaders face the challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud, including:

Automation via APIs, orchestration, AI and Machine Learning strategies
Ways to incorporate the Cloud into a fully articulated security strategy
Configuring Cloud environments to meet regulation and compliance requirements

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager Joey Freedman at joey.freedman@evanta.com or 971-978-5009.

9:50am - 10:20am Networking Break

10:20am - 11:10am Interactive Session

Measuring Up — An Interactive Benchmarking Discussion

Aimee Martin

Sr. Manager, IT Security & Governance, Risk and Compliance (GRC)

Vista Outdoor

One of the best ways to push yourself is to know where you stand among your peers and allow them to challenge your assumptions. But even if you have a speed-dial full of trusted associates, this type of information sharing can be piecemeal and infrequent.

In this interactive session, you will:

Benchmark your processes around the community’s most pressing priorities
Compare your priorities with a cross-section of your peers

10:20am - 11:10am Breakout Session

Defense in Diversification — Think Differently About Data

Tom Stitt

Senior Director, Product Marketing - Security

ExtraHop

The rush to innovate has resulted in more sophisticated threat defenses, but it has also created a complex web of tools that must be managed by an already overworked and understaffed security team. Heterogeneity of defense systems is itself a defense, so modern security teams need to approach consolidation differently.

In this session, attendees will learn how:

Data-first approaches to security architectures illuminates natural consolidation points
Cross-collaboration within the IT organization improves security posture and reduce tool sprawl
Leveraging other parts of the organization improves security posture through smarter processes and practices

10:20am - 11:10am Executive Boardroom

Modern Approaches to Protecting Your Third-Party Ecosystem

Judy Hatchett

VP, Information Security & CISO

Fairview Health Services

Jerry Clayton

VP Sales & Customer Enablement

CyberGRX

It's no secret that hackers are opportunistic. They are constantly looking for the weakest link and are quick to capitalize on one as soon as it's spotted.

This boardroom will discuss:

Third-party cyber risk best practices
New strategies for third-party cyber risk management (TPCRM) and how they work
How to scale your third-party cyber risk management (TPCRM) program to evolve with your ecosystem

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Joey Freedman at 971-978-5009 or joey.freedman@evanta.com.

11:10am - 11:40am Networking Break

11:40am - 12:20pm Lunch & Comments

12:20pm - 12:50pm Keynote

Farewell to the Old Guard – Introducing the Modern Security Architecture

Jason Clark

CSO

Netskope

Until now, the information security industry has failed to deliver business empowering security solutions, which enable organizations to quickly and securely transform digitally. Security today is too complicated and draws from a 20-year-old playbook. It needs to be re-written and based on approaches that protect and empower the business. In this session, we will:

Share how many of the Fortune 100 are redefining their cloud, network and data security programs
Discuss the steps and architectures that are the key to transformation
Reimagine your approach to enterprise security, building a new blueprint that can be used for years to come

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Synthetic Fraud and Cybercrime - An Interactive Workshop

Brett Johnson

Former US Most Wanted Cybercriminal and Original Internet Godfather

Brett Johnson follows his opening keynote with a conversation on the organization of cybercrime, how to stop it, and the problems of synthetic identity fraud. This session is designed to be a solutions-oriented group effort to deep dive into the issues of organized cybercrime and synthetic fraud.

In this session, learn:

The criminal side of synthetic fraud and what worries fraudsters about these crimes
How cybercrime is organized, and why it’s so successful and hard to stop
The overall mindset of online criminals
Which tools work and which don't against cybercriminals

1:20pm - 2:10pm Breakout Session

Bridging the Gap on Cybersecurity Talent

Tammylynne Jonas

Global CIO

Self Esteem Brands

Britt Lindley

VP & CISO

Thrivent Financial

Harshal Mehta

VP, CISO

CWT

Mark Ritchie

President

Global Minnesota

With 0% unemployment in cybersecurity, recruiting, hiring and retaining talent provides a consistent challenge. Join this panel of peers for a discussion on challenges that come with building and retaining a successful team. In this session, the panel will discuss:

How to use a wide range of security positions to attract talent
Strategies to make security an attractive career opportunity
How to retain top talent once they're hired on

1:20pm - 2:10pm Executive Boardroom

Cyber Resiliency — Evolving Your Cyber Ecosystem

Betty Elliott

Partner & CISO

Mercer

Jeff Johnson

Director, IT Security

Digi-Key Electronics

Mase Issa

Director, Service Delivery

Expel

Managing and mitigating risk is a complex undertaking that spans phishing to networking monitoring. Faced with increasingly complex and sophisticated threats, CISOs must be strategic about improving their resilience and tracking improvements.

Join this boardroom to discuss:

Best practices for identifying, investigating and responding to threats
Different models for running your security operations capabilities
The importance of measuring improvements in your program

1:20pm - 2:10pm Executive Boardroom

Communicating Risk – Translating Insight Into Action

Linda Goettler

CISO

City of Saint Paul

Greg Matthias

EVP, CISO

TCF Bank

Unlike the CISO role of just a few years ago – where many could still focus heavily on the bits and bytes – today’s security leader is also expected to be a business leader. Uncover strategies with your peers to help you become fluent in the languages of risk, finance and strategy, and to effectively convey your message, including:

How to educate your board on cybersecurity so they become champions for security in your company
What the board really wants to hear from CISOs
Which metrics will help you craft a compelling story that inspires action

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Trust and Transformation — Employing a Cybersecurity Framework

Mandy Huth

VP, Cybersecurity

Kohler Co.

As organizations continue to evolve, cybersecurity is oftentimes viewed as a barrier to innovation. Join Mandy Huth as she shares how she implemented the framework for a consistent cybersecurity program and changed the way Kohler perceives security.

In this session, you’ll learn how to:

Effectively use a cybersecurity framework to execute your strategy
Improve business engagement with risk assessments
Add consistency to measuring controls

2:30pm - 3:20pm Executive Boardroom

Thinking Beyond the Password

Darren Hibbard

Information Security Manager

Winnebago Industries

Aimee Martin

Sr. Manager, IT Security & Governance, Risk and Compliance (GRC)

Vista Outdoor

The end user experience needs to be on the forefront for any organization. Whether internal or external, both seamless and secure access is necessary in today's technology landscape. What challenges do we as CISOs face as information and accounts are accessed through multiple IPs?

Come together with your peers to discuss:
How do we merge both a seamless and secure point of access?
What are future technologies that can adapt and evolve with business and customer needs?
How secure is too secure?

2:30pm - 3:20pm Executive Boardroom

Regulation & Privacy – Beyond GPDR

Jonathan May

Senior Security Lead

Mortenson

Michael Musto

Deputy Chief Security Officer

Since its enforcement date, GDPR has changed the way CISOs think about privacy risk management. In addition, it became a catalyst for new data protection laws and regulations. Compare and contrast best practices for your industry, business and regulatory environment in this session, including:

How to interpret the implications of regulatory requirements
Practical tips and lessons to manage privacy risk
How privacy risk management fits into your organization’s overall security ecosystem

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:20pm Keynote

Less Is More – Effective Reporting to the Board

Jesse Horowitz

EVP, Head of Enterprise Information Security Risk Management Oversight

Wells Fargo Bank

A growing number of boards are making the topic of cybersecurity a key part of their discussions. It has become fundamental for CISOs to provide them with visibility and clearly articulate how risk is being managed in well-defined business terms. Jesse Horowitz from Wells Fargo Bank shares his strategy for effectively communicating metrics and risk to the board.

In this session, learn to: