IN-PERSON

New York CISO Community
Executive Summit

November 12, 2019 | New York Hilton Midtown

November 12, 2019
New York Hilton Midtown

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Jeff Brown

AIG
CISO, Life & Retirement

Zouhair Guelzim

L'Oreal
VP & CISO

Raymond Lipps

Celgene Corporation
Executive Director & CISO, Global Information Security

Tod Mitchinson

New York Life Insurance
VP & CISO

Michael Palmer

Hearst Corporation
Chief Information Security Officer

Deborah Snyder

New York State
CISO

Kylie Watson

Sumitomo Mitsui Banking Corporation
CISO

Teresa Zielinski

GE Power
Senior VP, Chief Information Security Officer & Product Security

Agenda

November 12, 2019

mid-afternoon morning afternoon

11:20am - 11:45am Networking Break

11:45am - 12:30pm Lunch & Comments

Lunch & Interactive Discussion

Security operations
- What is the maturity of your security operations program?
- What is your process for building an operational playbook?
- What KPIs or KRIs do you use to measure success?
Communication and awareness
- How do you approach security with a holistic lens?
- What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
- How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?
Access and Identity Management
- What strategies and tools are you using to improve visibility into your systems?
- How are you integrating the user experience with security?
- How are you measuring the success of your access management program?
Governance and privacy
- How are you responding to/preparing for regulatory changes?
- How do you balance compliance with business requirements?
- What standards and metrics are you using to measure risk?
Talent and developing leaders
- What are some tangible strategies for creating and developing new talent resources?
- What best practices exist for retaining talent, once secured?
- How are you developing your future leaders? What succession plan strategies do you have in place?

12:30pm - 1:00pm Keynote

Accelerating Security to the Speed of Business

David Roth

Vice President, US Northeast

Trend Micro Incorporated

Today’s business world is agile-driven, and various technology advancements have emerged to enable this agility including clouds, DevOps, containers and serverless architectures. In this environment, security leaders must rethink security success across a technology landscape teeming with automation and constant change. Join us for this session to understand strategies designed to meet today’s security objectives -- and at the speed the business requires.

Roth will cover:

How to incorporate a new engagement model
What it means to write code to automate security, infrastructure = code
Leveling up your team, what does it mean?

1:00pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Privacy and Security – A Crucial Collaboration

Orrie Dinstein

Global Chief Privacy Officer

Marsh & McLennan Companies, Inc.

Meredith Grauer

Chief Privacy Officer

Nielsen

Jon Westlund

Privacy Counsel

Pfizer

Tomas Maldonado

VP & CISO

International Flavors & Fragrances

As the topic of privacy moves to center stage with the implementation of new data protection laws and regulations such as GDPR and the California Consumer Privacy Act, CISOs find themselves struggling to maintain compliance in addition to keeping their organizations secure. Are you ready for the next wave of changes? Join this dynamic panel as they discuss:

How privacy regulation continues to change our approaches to business
How you can effectively communicate the importance of security during privacy policy shifts
Tools and resources that can help you deal with privacy transitions

1:20pm - 2:10pm Breakout Session

Artificial Intelligence vs. Malware

Douglas Santos

Cybersecurity Strategist

Fortinet, Inc.

Due to the wide range of readily available resources for creating malicious payloads, such as coders for hire and SaaS, malware is an exponentially growing issue. Douglas Santos will dive into the functioning and operational game changers of both AI and malware.

Join this session to uncover:

The history and workings of AI
Deep machine learning neural networks
The future of these systems in fighting cybercrime

1:20pm - 2:10pm Executive Boardroom

Preparing the Next-Gen Workforce

Mark Connelly

CISO

Boston Consulting Group

Max Vetter

Chief Cyber Officer

Immersive Labs

Talent needs are like security threats—plentiful, complex and ever-evolving. CISOs know that skills learned in the classroom doesn’t match the pace of cybersecurity, but what are strategies for developing effective and successful teams for the future?

Join this interactive session to learn how to:

Enable your workforce to continuously evolve cyber skills
Map your organization’s cyber skills directly to your security strategy
Reskill talent to evolve with the security landscape

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact: Brad Campbell at 971-9785-070 or brad.campbell@evanta.com

1:20pm - 2:10pm Executive Boardroom

Military Principles – Protecting and Defending the Cyber Domain

Tariq Habib

CISO

Metropolitan Transportation Authority

James O'Shea

Head of Cybersecurity Strategy

Prudential

John Burger

CISO and Vice President of IT Infrastructure

ReliaQuest

Now more than ever, business leaders and cyber security professionals are looking to the military as a source of insight for protecting and defending the cyber domain. Many warfighting principles remain relevant to this new “manmade” domain, but there are pitfalls and nuances – and security technology alone is not the answer.

In this session you’ll discuss:

What principles can be applied and how best to implement them
How to balance the difference in tool proliferation and complexity
Where to focus your team on simplifying across the organization

7:30am - 8:00am Registration & Breakfast

7:45am - 8:00am Opening Comments

8:00am - 9:00am Keynote

On the Edge – The Art of High-Impact Leadership

Alison Levine

Author & Thought Leader, "On the Edge"

Alison Levine

Imagine yourself on the highest mountain in the world. You have to deal with the physiological effects of extreme altitude--along with bone-chilling temperatures, battering winds, and a climbing team that's counting on all of its members to make smart decisions. There's simply no room for poor judgment-- one mistake or misstep can result in an "unrecoverable error." In any situation where lives on are the line or the stakes are exceptionally high--there's no better training ground for leaders than settings where people are pushed beyond their perceived limits.

Drawing on her experience as team captain of the first American Women's Everest Expedition, Alison Levine makes a compelling case that the leadership principles that apply in the world of extreme adventure also apply to today's rigorously competitive business environments.

9:00am - 9:20am Networking Break

9:20am - 10:10am Interactive Session

Prepare for a Major Cyber Attack – A Tabletop Exercise

Michael Cena

Vice President, Head of Cyber Security

A+E Networks

Teresa Zielinski

Senior VP, Chief Information Security Officer & Product Security

GE Power

Most CISOs feel comfortable managing the minor security incidents with standardized processes, but what about major incidents that shake the very foundations of your organization? Such crises can be career-changing.

Join this workshop to:

Learn the basic building blocks of effective cybersecurity crisis response
Share challenges and best practices in managing major security events
Benchmark against your peers and identify lessons learned

Attendees must register for this session. Seating is limited to 50 people and priority is given to CISOs.

9:20am - 10:10am Breakout Session

Managing Customer Identity in the Era of CCPA

Marc Varner

VP & Global CISO

YUM! Brands

Patrick Sullivan

CTO, Advanced Technology Group (Security)

Akamai Technologies, Inc.

As we inch closer to the end of 2019 and into 2020, privacy is top of mind for individuals and businesses alike. Approximately a year and a half after the EU adopted GDPR, California is introducing the California Consumer Privacy Act (CCPA) which will impact how companies do business in California. Join Marc Varner, Corporate VP and Global CISO, Yum! Brands, Inc. and Patrick Sullivan, Senior Director, Security Technology & Strategy at Akamai for a lively discussion where they’ll uncover the challenges and opportunities with managing customer identity in this era of evolving privacy regulations.

9:20am - 10:10am Executive Boardroom

The Next Great Security Challenge — Securing SD-WAN

Chirag Arora

Chief Information Security Officer

Crum & Forster

John Whiting

Global Chief Security Officer

DDB Worldwide

Nada MacKinney

Product Marketing Manager, Cisco Cloud Security

Cisco Umbrella

The market consideration and adoption of software-defined WAN (SD-WAN) represents the largest networking transformation in recent history. Organizations are turning to SD-WAN to improve connectivity, reduce costs, and simplify management at their branch office locations. But what about security?

In this boardroom, you will discuss:

Embracing change — the pros and cons
Addressing weaknesses within brand offices and roaming users
Keeping security top of mind for business leaders

9:20am - 10:10am Executive Boardroom

Vulnerability Management - Prioritizing Zero-Day Threats

Mark Ramsey

CISO, ASSA ABLOY–Americas

ASSA ABLOY

Tomas Maldonado

VP & CISO

International Flavors & Fragrances

Alexei Pivkine

Technical Director

Snyk

Identifying, classifying and mitigating vulnerabilities continues to be a cornerstone of CISOs overarching risk management strategy. But how are you prioritizing and mitigating zero-day vulnerabilities?

Join your peers in this engaging roundtable discussion to learn how to:

Ensure your open-source components and containers live in an active inventory
Decrease your time to remediate vulnerabilities by leveraging new approaches, tools and people
Empower developers to adopt a security mindset and integrate them into the entire process

10:10am - 10:30am Networking Break

10:30am - 11:20am Breakout Session

Security in the Regulatory Age – How (and When) to Involve Legal

Kim Peretti

Cyber and Data Security Lawyer

Alston & Bird

Eric Staffin

Managing Director, Chief Information Security Officer

IHS Markit

As the number of compliance regulations increases, so does the complexity of a CISO’s role. The risks are higher for organizations if a compromise occurs. For that reason, CISOs not only have to structure their security strategy in new ways, but learn to effectively integrate legal into their cyber programs.

In this session, you’ll learn:

The soft skills necessary for working with your legal officer
The art of cybersecurity preparedness into today’s regulation-heavy world
The role legal should play during a data breach

10:30am - 11:20am Breakout Session

Defense in Diversification and the Proactive SOC

John Matthews

CIO

ExtraHop

The rush to innovate has resulted in more sophisticated threat defenses, but it has also created a complex web of tools that must be managed by an already overworked and understaffed security team. Heterogeneity of defense systems is itself a defense, so modern security teams need to approach consolidation differently.
In this session, attendees will learn how:

Data-first approaches to security architectures illuminates natural consolidation points
Cross-collaboration within the IT organization improves security posture and reduce tool sprawl
Leveraging other parts of the organization improves security posture through smarter processes and practices

10:30am - 11:20am Executive Boardroom

Cyber-Risk Management–New Approaches for Reducing Your Cyber-Exposure

Ken Brothers

VP & Director, Information Security Services

Federal Home Loan Bank Of New York

Bryan Chnowski

Senior Director - Information Security

Nuvance Health

Kevin Flynn

Senior Product Manager

Tenable

When it comes to reducing cyber risk, overcoming vulnerability overload is critical. Find out how predictive prioritization will improve your vulnerability management efforts so you can focus on what matters most to your business. During this peer-discussion you will explore:

How to use threat intelligence to move the most dangerous vulnerabilities up your priority list
The resources required to effectively assess your environment and prioritize your efforts in a predictive manner
Practices that will help you take appropriate actions to make your organization more secure
How to make your staff more efficient by drastically reducing the number of high priority vulnerabilities they need to remediate

10:30am - 11:20am Executive Boardroom

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Patrick Park

Director, information Security & CISO

Milbank

Daniel Gorecki

CISO

Aramark

Eric Blatte

President & Co-Founder

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

How CDOs and CISOs Can Drive Business Forward

Adam Hirsch

SVP, Information Security

PVH Corp.

Santosh Kudva

VP, Data & Analytics

GE Power

CDOs and CISOs often have conflicting goals – one wants to glean insights from it, while the other wants to protect it. How can one enable a data-driven business while still safeguarding valuable information?

In this session, hear a CISO and CDO discuss:

How CISOs can effectively partner with their heads of data
What questions CISOs should be asking their CDOs
Ways to secure the business without hindering it
Understanding and communicating data and security needs

2:30pm - 3:20pm Breakout Session

How Low-Tech Hackers Hack Your APIs in 15 Min or Less

Himanshu Dwivedi

CEO

Data Theorem

It’s not easy to protect something you don’t know exists. Hidden APIs are no different. While CISOs know APIs are targets for attacks, they can’t protect what they don’t know is there. How can CISOs more quickly find existing, hidden APIs and protect them from potential attacks?

In this session, learn:

Why and how shadow APIs are targeted by attackers
How to quickly find and protect shadow APIs from threats
Why protecting APIs should be a priority for CISOs

2:30pm - 3:20pm Executive Boardroom

Identifying and Securing Unstructured Data

Jeff Brown

CISO, Life & Retirement

AIG

Greg Kyrytschenko

VP Deputy CISO - Head of Security Services

Guardian Life

Jeremiah Steptoe

Founder

CyberCentric

Organizations are challenged with how to implement security and privacy requirements across their growing inventory of unprotected unstructured data. Unstructured data in the form of sensitive documents including intellectual property and PII is the “wild west” of data security and privacy as it travels freely internal and external to the organization.

Join your peers in this engaging roundtable discussion to explore:

The key differences – and complexities - between structured & unstructured data
Challenges securing sensitive data in the cloud
How regulations such as GDPR is changing the data security landscape

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:20pm Keynote

The Predictions Panel – A Look at Future Threats

James O'Shea

Head of Cybersecurity Strategy

Prudential

Tomas Maldonado

VP & CISO

International Flavors & Fragrances

Mark Ramsey

CISO, ASSA ABLOY–Americas

ASSA ABLOY

To truly safeguard an organization, CISOs mustn’t merely focus on existing threats, but future ones, too. They must ask themselves – what's on the horizon?

At the precipice of a new decade, prepare to:

Hear a panel of CISOs predict the biggest threats of 2020
Share your own threat predictions for 2020
Discuss critical changes in the next 5 years and – more importantly – how to prepare for them

4:20pm - 5:00pm Closing Reception & Prize Drawing