IN-PERSON

New York CISO Executive Summit

June 21, 2022 | Pier Sixty

June 21, 2022
Pier Sixty

Collaborate with your peers

Get together with New York's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Implementing the right security controls that protect the integrity of information in the cloud

Managing user identities, govern access to resources, enforce security & ensure compliance

Proactively identifying and reducing risks relating to the use of third parties

New York CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Michael Cena

A+E Networks
Vice President, Head of Cyber Security

Zouhair Guelzim

L'Oreal Americas
VP, Chief Information Security Officer

Brian Lozada

HBO Max
Chief Information Security Officer

Tomas Maldonado

National Football League
Chief Information Security Officer

Tod Mitchinson

New York Life
VP, Chief Information Security Officer

Michael Palmer

Hearst
Chief Information Security Officer

Eric Staffin

IHS Markit
Former Partner and Senior Vice President, Chief Information Security Officer

Kylie Watson

Sumitomo Mitsui Banking Corporation
CISO

Teresa Zielinski

GE
Chief Information & Product Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your New York CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


11:30am - 12:30pm  Lunch Service

12:30pm - 1:05pm  Keynote

The Art of Negotiation – Defeating Ransomware

Adam Finkelstein headshot

Adam Finkelstein

SVP, Global Cyber Services

Sygnia

David Warshavski headshot

David Warshavski

VP, Enterprise Security

Sygnia

Moty Cristal headshot

Moty Cristal

Professional Crisis Negotiator

Sygnia

Ransomware attacks continue to evolve and recent geopolitical tensions have given rise to a new wave of Ransomware splinter groups. Successfully handling a ransomware attack requires skillful orchestration between multiple elements, including strategic negotiations. 

Meet and hear directly from a professional negotiator, who has dealt with some of the most sophisticated threat groups in the world and has an intimate understanding of how they think and operate. 

Join this session hosted by Sygnia and discover:

  • A real-world case study of a heavyweight ransomware attack through the supply chain.
  • The importance of integrating strategic negotiation into your overall response effort. 
  • Key insights from helping hundreds of organizations defeat ransomware attacks through effective response and preparedness.

1:05pm - 1:20pm  Break

1:20pm - 2:05pm  Breakout Session

Know Your Third-Party Vendor Compliance

David Stoicescu headshot

David Stoicescu

CISO

Deepwatch

Organizations are held responsible for the actions of suppliers, vendors, and partners in addition to their own internal activities. Knowledge and understanding of supplier and third-party risk is of the utmost importance. CISOs must know their business well enough to understand where risks may materialize and employ processes to detect them, all while keeping the process simple and consistent.

Join this session to discuss:

  • Creating a practical, easy to maintain, third-party assessment process
  • Using risk profiles to make decisions on vendor selections
  • Building trust and awareness internally and doing due diligence before you acquire new tech

1:20pm - 2:05pm  Breakout Session

Insider Threats — Avoiding Data Privacy Pitfalls

Darren Bowie headshot

Darren Bowie

Global Chief Privacy Officer and Managing Director

MUFG Financial Services

Orrie Dinstein headshot

Orrie Dinstein

Global Chief Privacy Officer

MarshMcLennan

Securing sensitive data should occur in conjunction with your broader data privacy and protection program. CISOs must understand where sensitive data is stored, as well as when and how it’s being accessed. It is important for security leaders to integrate data security with data privacy requirements when building insider threat programs.

Join this session to discuss: 

  • When/how to involve the privacy team when planning an implementation
  • Privacy team as a partner to the information security team
  • Global considerations and privacy laws and regulations around the globe

1:20pm - 2:05pm  Executive Boardroom

Ahead of the Cloud — Flexible Solutions for a Moving Target

Jason Mical headshot

Jason Mical

Field Chief Technology Officer - Americas

Rapid7

Aaron Katz headshot

Aaron Katz

Chief Information Security Officer

Private Equity Firm

Helen Negre headshot

Helen Negre

Chief Information Security Officer, Americas

Siemens Mobility

Sometimes, cloud can seem like a "one size fits none" type of hurdle. One thing is certain, however — as the cloud landscape continues to evolve, so too should a CISO's security strategies.

Join this boardroom to:

  • Gather practical takeaways and cloud solutions from your peers
  • Explore solutions to current and future cloud security issues
  • Gain feedback on your organization's cloud priorities

1:20pm - 2:05pm  Executive Boardroom

The Art of Communicating Risk to the Business

Ariel Weintraub headshot

Ariel Weintraub

Chief Information Security Officer

Massachusetts Mutual Life Insurance Co

Jeff Music headshot

Jeff Music

Chief Information Security Officer

ReliaQuest

Leon Flaksin headshot

Leon Flaksin

Head of Information Risk Management,

BlackRock Inc

To quantify how they are reducing risk for the business and where to strategically invest, security leaders need effective, actionable metrics. These measures are essential to communicating effectively with the Board and other executive stakeholders.

Join this roundtable discussion to gain insight into how your peers are:

  • Making informed investment decisions
  • Communicating risk to the business at large
  • Using data to tell a story to non-technical audiences

1:20pm - 2:05pm  Executive Boardroom

Shift Left in Applications Security

Matt Tesauro headshot

Matt Tesauro

Distinguished Engineer

Noname Security

Tomas Maldonado headshot

Tomas Maldonado

Chief Information Security Officer

National Football League

John Whiting headshot

John Whiting

Global Chief Security Officer

DDB Worldwide

As business and technology teams drive cloud adoption and implement modern application architectures, the security vulnerabilities of the sprawling IT stack multiply as visibility dwindles. Now is the time to explore new applications and API security strategies to proactively reduce risk, secure the environment, and capitalize on cloud-native capabilities to meet these challenges.

Join this boardroom to discuss

  • Establishing effective vulnerability management and application security programs
  • Moving from a reactive to a proactive security posture
  • API governance and security challenges and opportunities

7:30am - 8:15am  Registration & Breakfast

8:15am - 9:00am  Keynote

Your Future Is Safe With Change

Ryan Berman headshot

Ryan Berman

Co-Founder of Courageous, Author of "Return On Courage"

Guest Speaker

The landscape of business today is cloudy as many of us find ourselves living in a static loop that’s causing a clarity epidemic of epic proportions. Our work forces remain handcuffed – starved for time and unable to do what needs to be done to advance our careers and corporations forward. What if we could flip the script from preservation mode to liberation mode? What if instead of being time-starved you could gain the necessary clarity to warp forward.

Join this session with author and courage expert Ryan Berman as he discusses:

  • Why we desperately need to be courageous
  • How each of us can learn to be more courageous
  • How we can unleash courage in our organizations now, while unveiling ‘the how”


9:00am - 9:30am  Networking Break

9:30am - 10:15am  Breakout Session

The State of the SOC – Ideas for Running an Effective Threat Detection and Response Programs

Rob Geurtsen headshot

Rob Geurtsen

Retired Deputy CISO, Nike

Guest Speaker

Patrick Vandenberg headshot

Patrick Vandenberg

Head of Product Marketing

Hunters

Between skills shortages and the escalating sophistication of threats, too often security teams are overwhelmed with increasing data volume, complexity, and false positives. CISOs need new approaches for managing technology, talent, and processes in the SOC to build a modern threat detection and response program.

In an open discussion with Rob Geurtsen, the former Deputy CISO at NIKE, we will discuss common SOC issues, including:

  • Hiring vs. Outsourcing vs. Hybrid approach for talent management - what is the right approach for organizations
  • How SOCs are leveraging technology and automation to improve their threat detection and incident response
  • What approaches should change in light of the remote work reality

9:30am - 10:15am  Breakout Session

Key Initiatives to Implement During a Cyber War

Jeff Brown headshot

Jeff Brown

Chief Information Security Officer

State of Connecticut

Tariq Habib headshot

Tariq Habib

Chief Information Security Officer

MTA

Ankur Ahuja headshot

Ankur Ahuja

VP, Global Chief Information Security Officer

Fareportal

Given the current geopolitical landscape and international affairs, organizations around the world are bracing for retaliatory cyberattacks causing them to assess supply chain risks and other critical infrastructures. With events changing by the minute, government and corporate executives around the world have focused on mounting a vigorous defense against nation-state cyberattacks.

Join this session to discuss: 

  • The importance of revisiting basics related to available utilities and controls
  • Retesting your incident response and cyber defense plan and focusing on high resiliency for supply chain planning
  • How to collaborate with the government to protect against nation-state attacks


9:30am - 10:15am  Executive Boardroom

Deter Breaches and Build Resilience Within the Cloud

Raja Mukerji headshot

Raja Mukerji

Co-Founder & Chief Customer Officer

ExtraHop

Arvin Bansal headshot

Arvin Bansal

Senior Director, Data Protection and Cloud Security

AmerisourceBergen

Andres Andreu headshot

Andres Andreu

Chief Information Security Officer

2U

While cloud providers will protect the security of the cloud itself, CISOs are often responsible for securing their infrastructure within the cloud. Attackers are aware of the visibility gaps in multi-cloud and hybrid environments. After they slip past perimeter defenses, they will work their way toward carrying out a costly breach or extortion, undetected until it’s too late.

Join this session to discuss:

  • Key ways to reduce cyber risk and dwell time while building resilience
  • The advanced attack techniques that bad actors rely on and how to spot them
  • Strategies to increase the speed of detection and mitigation within cloud environments

9:30am - 10:15am  Executive Boardroom

Zero Trust – Hype or Hope?

Steve Savard headshot

Steve Savard

Director of Information Technologies

ICC Industries Inc

Corey Hamilton headshot

Corey Hamilton

Partner, FSS, Global Security Services

IBM

An organization's ability to achieve successful digital transformation is in large part enabled by the security team. Distributed, loosely connected infrastructure and tools, coupled with the demand for almost any-to-any connectivity, complicates the mission. Regularly defined as being delivered by a single "silver bullet" point solution, the term zero trust is now often held in poor regard. It is however, a highly effective conceptual framework, and perhaps even a cultural shift, that many organizations have been working with for several years.

Join this interactive boardroom to discuss:

  • The broader definition of what a zero trust framework is
  • The foundational control required to build a zero trust program
  • Strategies for improving the user experience and proving value to get organization-wide acceptance

10:15am - 10:45am  Networking Break

10:20am - 10:45am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

10:45am - 11:30am  Breakout Session

Security is a Team Sport

Michael Cena headshot

Michael Cena

Vice President, Head of Cyber Security

A+E Networks

Court Graham headshot

Court Graham

Chief Information Security Officer

Sirius XM

Tod Mitchinson headshot

Tod Mitchinson

VP, Chief Information Security Officer

New York Life

Nathan Smolenski headshot

Nathan Smolenski

CISO, Head of Cloud Strategy

Netskope

Building trust and reliance across technology and security teams is key to defending the enterprise. As security stacks incorporate Security Service Edge (SSE) to sustain the SASE journey, the partnership between CIOs, CISOs, and their teams is more important than ever.

Join this session to learn about:

  • Best practices for IT and security collaboration
  • Communicating the importance of SSE to your CEO and Board
  • Improving internal stakeholder relationships to fuel business outcomes

10:45am - 11:30am  Breakout Session

Unleashing the Power of Data Science

Ariel Weintraub headshot

Ariel Weintraub

Chief Information Security Officer

Massachusetts Mutual Life Insurance Co

Cybersecurity is undergoing massive shifts in technology and operations, and data science is driving the change. Data science offers leverage, allowing organizations to be able to understand how to anticipate and respond to cybersecurity issues, threats, and attacks.

Join MassMutual's CISO, Ariel Weintraub, as she discusses:

  • The application of data science in the SOC
  • The data-fueled evolution of IAM
  • Current use cases and lessons learned

10:45am - 11:30am  Executive Boardroom

Beating Attackers At Their Own Game

Gustavo Diaz headshot

Gustavo Diaz

Chief Information Security Officer

Brown & Brown Insurance

Lauren Dana Rosenblatt headshot

Lauren Dana Rosenblatt

VP, Chief Information Security Officer

International Flavors & Fragrances

Joe Graham headshot

Joe Graham

Strategic Threat Advisor

CrowdStrike

Cybersecurity is no longer a nice to have, it’s a front line defense that protects organizations from targeted attacks and sophisticated threat actors. Security leaders must always be one step ahead and deliver effective cybersecurity through active prevention and defense. How can CISOs mitigate threats against the attack surface, whilst providing the business and technical outcomes to both stay secure and advance business objectives?

Join this boardroom to discuss:

  • Leveraging proprietary data, analytics and technology to prevent attacks
  • Implementing proactive defense for businesses of all sizes to mitigate today’s threats
  • Pressure-testing your incident response plan and playbooks

10:45am - 11:30am  Executive Boardroom

A Fresh Look at API Security

Tim Rohrbaugh headshot

Tim Rohrbaugh

Chief Information Security Officer

JetBlue Airways

Ameya Talwalkar headshot

Ameya Talwalkar

Co-Founder and Chief Executive Officer

Cequence Security

Reshma Budhwani headshot

Reshma Budhwani

VP, Chief Technology Security Officer

New York Life

Zouhair Guelzim headshot

Zouhair Guelzim

VP, Chief Information Security Officer

L'Oreal Americas

APIs fuel digital transformation and are core to every SaaS, web, and mobile application. As API use attacks are becoming more frequent and complex, how can CISOs ensure protection for sensitive data, applications, and customers?

Join this interactive discussion to learn: 

  • How to gain visibility to understand exposure and risk
  • Ways to answer the “so what” for API security, including OWASP API Top 10 impacts
  • How security and development teams can find balance

10:45am - 11:30am  Executive Boardroom

Effectively Managing Third-Party Risk with a Data-Centered Approach

Caitlin Gruenberg headshot

Caitlin Gruenberg

Director, Risk Solutions Engineer

CyberGRX

Shehzad Asim headshot

Shehzad Asim

AVP IT Security Risk Management

L'Oreal Americas

Ankur Ahuja headshot

Ankur Ahuja

VP, Global Chief Information Security Officer

Fareportal

Security assessment questionnaires are no longer the centerpiece of third-party risk management programs. As our third-party ecosystems become more diverse and dynamic, so too should our way of monitoring and collaborating with these critical business partners. Structured data, analytics, and automation have the potential to revolutionize traditional third-party risk management approaches.

Join this roundtable to discuss:

  • What data is most important to your organization
  • Where you can find your organization’s most powerful and precious data
  • How you can harness it to reduce your dependence on static, inefficient questionnaires

11:30am - 11:40am  Break

2:05pm - 2:35pm  Networking Break

2:10pm - 2:35pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:35pm - 3:20pm  Breakout Session

Third-Party Cyber Risk — Zero-Day Findings and Mitigation

Jim Rosenthal headshot

Jim Rosenthal

CEO

BlueVoyant

Managing distributed risk is today’s defining cybersecurity challenge. Mitigation of zero-day vulnerabilities is critical as adversaries exploit supply chain entities. This session explores how to identify all third parties impacted by zero-day vulnerabilities and guide their mitigation efforts. Your vendor, supplier, and partner ecosystem is now your enterprise attack surface.

Join this session to learn:

  • How to manage distributed risk associated with hundreds and even thousands of vendors, suppliers, and partners
  • Approaches to identify, prioritize, and mitigate active threats and critical/zero-day vulnerabilities
  • Strategies to reduce supply chain/external ecosystem risk associated with zero-day

2:35pm - 3:20pm  Breakout Session

The Foolproof Way to Solving The Great Resignation

Rishi Tripathi headshot

Rishi Tripathi

Chief Information Security Officer

The Mount Sinai Hospital

The truth is, there's not one. The phenomenon that is the Great Resignation, and the worries that surround it - talent and skills shortages, hiring and retention dilemmas, etc. - all have left CISOs scratching their heads looking for a solution. In this interactive session, you'll join CISOs that might be thinking similarly (or differently) about the daily scenarios you face when navigating through the Great Resignation.

Join this interactive session in small groups to debate and collaborate on team building scenarios including: 

  • Keeping the right people – thinking beyond just retention 

  • Mentoring a multigenerational workforce – creating operational excellence

  • Exploring employee potential – diversifying skill sets

2:35pm - 3:20pm  Executive Boardroom

How Autonomous Action Augments Human Teams

Nicole Eagan headshot

Nicole Eagan

Chief Strategy Officer, AI Officer

Darktrace

Brian Lozada headshot

Brian Lozada

Chief Information Security Officer

HBO Max

Tony Chryseliou headshot

Tony Chryseliou

Global Information Security Executive

Sony Corporation of America

The sheer scale and complexity of cyber-threats has meant the challenge of securing your business has gone beyond a human-scalable problem. Security teams are inundated with alerts, while simultaneously trying to monitor data and activity spread across disparate environments, and respond to attacks in real-time. To rise to this challenge, the next phase of security must be automated!

During this peer discussion you will explore:

  • Why mounting incidents across organizations are leading to alert fatigue
  • How to trust the efficacy of autonomous response capabilities to stop in-progress attacks
  • How automation can help to build cyber resilience and more effectively allocate resources

2:35pm - 3:20pm  Executive Boardroom

Risk and Resiliency – Assessing the Performance and Maturity of your Cybersecurity Program

Tod Mitchinson headshot

Tod Mitchinson

VP, Chief Information Security Officer

New York Life

Michael Palmer headshot

Michael Palmer

Chief Information Security Officer

Hearst

Doug Greene headshot

Doug Greene

VP, Chief Information Security Officer

Guardian Life Insurance

Jonathan Trull headshot

Jonathan Trull

CISO

Qualys

As attackers become increasingly sophisticated and the threat landscape continues to explode, understanding how to maintain resiliency is critical – and it all hinges on the ability to measure the effectiveness of your security program. Foundational to this is understanding the reliability of your processes, identifying security gaps, and addressing compliance issues – with the ultimate goal of communicating your organization's risk posture to the board.

Join this boardroom to learn about:

  • Approaching security program effectiveness from a risk perspective
  • Share successful strategies needed to maintain and measure resiliency
  • Gather feedback from your peers on the best methods for communicating your security program to the board

3:20pm - 3:35pm  Networking Break

3:35pm - 4:10pm  Keynote

Shields Up — Cybersecurity in a Changing Geopolitical World

Prashanth Mekala headshot

Prashanth Mekala

Deputy Enterprise CISO

American Family Insurance

Jim Dennehy headshot

Jim Dennehy

Special Agent in Charge, Counterintelligence and Cyber Division

Federal Bureau of Investigation

Joseph Lawlor headshot

Joseph Lawlor

Supervisory Special Agent, Global Operations and Targeting Unit

Federal Bureau of Investigation

Whether it’s criminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of increased cyberattacks. In today’s evolving risk environment, you can’t always predict where and when cybercriminals will strike, but you can control how your company faces changing threat vectors and how you will respond to any attacks.

Join this session to discuss:

  • Overview of the current geopolitical landscape
  • Insider threats from a cyber and foreign counterintelligence standpoint
  • How cyber criminals are capitalizing on remote workers and companies post-covid

4:10pm - 4:30pm  Closing Reception & Prize Drawing

4:30pm - 7:00pm  Executive Networking Reception

Executive Celebration Dinner

Governing Body members host this dinner for attendees after a day of networking and insights.

We look forward to seeing you at an upcoming in-person gathering


Location


Venue & Accommodation

Pier Sixty
MORE INFORMATION

Your Community Partners


Global Thought Leader
CISO Thought Leaders
Key Partners

Community Program Manager


For inquiries related to this community, please reach out to your dedicated contact.

Krista Robbins

Sr Program Manager

208-597-1550

krista.robbins@evanta.com