IN-PERSON

New York CISO Executive Summit

June 26, 2024 | Pier Sixty

June 26, 2024
Pier Sixty

APPLY TO PARTICIPATE

Collaborate with your peers

Get together with New York's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Charting the CISO role's trajectory amid increasing regulatory scrutiny and organizational shifts

Strengthening cybersecurity's influence as a key facilitator of enterprise risk decisions

Securing the adoption and implementation of AI across the business

New York CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Brian Lozada

Amazon
CISO, Prime Video and Studios

Tomas Maldonado

National Football League
Chief Information Security Officer

Tod Mitchinson

New York Life
VP, Chief Information Security Officer

Michael Palmer

Hearst
Chief Information Security Officer

Kylie Watson

Sumitomo Mitsui Banking Corporation
CISO

Teresa Zielinski

General Electric
Chief Information and Product Security Officer

Reshma Budhwani

New York Life
VP, Chief Technology Security Officer

Lauren Dana Rosenblatt

International Flavors & Fragrances
VP, Chief Information Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your New York CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


Keynote Session

You Speak, They Swarm — The Power of Story in Reaching Your Audience

"Those who tell the stories rule society." (Plato) But busy executives don’t have time to learn complex communication models or esoteric storytelling processes — you need a simple, effective framework that can help you not only connect with any audience, but also elicit real change. Enter the Swarm Effect.

Join this session with Arthur Zards — an expert on storytelling, TEDster and provocateur — to:

  • Hone your skills in executive influence
  • Adopt a more authentic and engaging approach to speaking
  • Take your next presentation from “understandable” to “compelling”


Executive Boardroom Sessions

Securing the Everywhere World — Building Cyber Resilience through a “Connectivity Cloud”

When users are everywhere and digital operations span cloud, SaaS, and on-premises environments, achieving cyber resilience becomes paramount. The challenge lies in navigating this complexity and maintaining visibility and control to ensure continuous operation despite cyber threats.

Join this interactive roundtable to discuss:

  • Optimizing costs and improving security across diverse cloud environments
  • Adopting Zero Trust philosophies to protect users, data, and applications
  • Innovating with AI while addressing global regulatory and data privacy requirements

Achieving AppSec Maturity

A comprehensive AppSec program is vital to a successful business. But building cross-functional support and trust between developers and application security teams is a difficult task. How can CISOs take control of their AppSec programs and comprehensively secure against vulnerabilities – no matter the stage of development?

Join this session to discuss: 

  • Mapping out crucial AppSec gaps
  • Analyzing what is needed to quickly remediate
  • Ensuring a positive developer experience

Threat Intelligence and Third-Party Risk – Doubling Down on Critical Vulnerabilities

The complete entanglement of cyber risk with business risk is becoming increasingly more visible. CISOs now have an opportunity to better pinpoint third parties that present a threat to the organization. Yet the increasing complexities of third party, and even fourth party, risk management, prompted by a wide range of evolving threats, demands heightened attention. How can CISOs ensure they have a clear overview of the threat landscape and vulnerabilities across ecosystems and supply chains?

Join this session to discuss:

  • Identification of vulnerabilities across your vendor landscape to prioritize response efforts
  • Best practices for mitigating a new wave of sophisticated attacks to keep assets safe
  • The role threat intelligence plays in risk management strategies to safeguard your digital ecosystem

Endpoint, Cloud and the Board — Identifying Risk that Matters

Prioritizing and eliminating the cyber risks that matter most is the ultimate goal of security leaders. But how do you validate that your efforts are hitting the mark? It all comes down to well-crafted measurements: metrics that are reliable and easily understood by all stakeholders across the business.

In this session, we will discuss:

  • Cybersecurity risk assessment essentials and which risks truly carry weight
  • Concrete approaches to determine effectiveness of security capabilities
  • Creating simple "metric cards" to communicate across stakeholders

From Z to A - Extending Zero Trust to APIs

As more and more organizations adopt a Zero Trust architecture (ZTA), many initiatives overlook the increased prevalence of API-based access to sensitive application functionality and data. As CISOs move forward in their ZTA journey, how can they extend these principles to their API strategy to ensure security from the network layer to the application layer?

Join this session to discuss:

  • Breaking the kill chain by stopping infection vectors and protecting against lateral movement
  • Shielding sensitive data and limiting how APIs interact with data
  • Increasing real-time visibility across the business to mitigate threats

Security-Enabled Innovation for Business Outcomes

Security not only protects an organization’s valuable assets but serves as a catalyst for innovation, fostering trust, and enabling new business models. Simultaneously, cloud technology offers flexibility, scalability, and cost-effectiveness, shaping how businesses operate, grow, and innovate. However, navigating these areas effectively requires an understanding of the benefits, challenges, and the trends that are driving their evolution if they're going to drive real business outcomes.

Join this session to discuss:

  • Research-backed viewpoints on the relationship between security and innovation
  • Establishing an aligned vision and culture that recognizes the strategic significance of security
  • Navigating cloud security options to unite practitioners and leadership for better results

Prioritizing Vulnerabilities Like an Attacker

It’s an all-too-familiar scenario: Thousands of vulnerabilities are identified across your hybrid ecosystem. How do you identify and prioritize remediation for the vulnerabilities most likely to exploit your cloud and on-prem environments?

Join this session to discuss:

  • Prioritizing actively exploited vulnerabilities
  • Measuring the value of a vulnerability to an attacker
  • Communicating risk posture cross-functionally

Network and Security Teams — A New Era of Collaboration

The explosion of data, and continued adoption of hybrid work, multi-cloud, and SaaS have eroded away the classic silos that once existed between Security and Networking teams. As data remains at the epicenter of innovation, CISO and Infrastructure leaders are working more closely together than ever to allow for fast, secure access to IT.  Technologies like Secure Access Service Edge (SASE) have skyrocketed in popularity, creating a future where the fates of both teams are more intertwined than we know.

How can CISOs foster trust and collaboration between these two dynamic groups - with a mind towards enabling the business?

Join this session to discuss:

  • How the changing dynamic is forcing CISOs to have to think differently
  • Company initiatives where CISOs should take lead, and those where Networking should take lead
  • Emerging technologies that serve as a win-win for both teams and success stories of security and networking winning together

Yesterday’s Shadow IT and Today’s Shadow AI

Shadow AI introduced a new layer of risk in a time when security leaders are already grappling with the formidable challenges of managing hidden technical debt and uncovering shadow IT. Today’s digital landscape requires a new approach to risk and governance – one that identifies the shadows already existing in your organization and stops future shadows emerging as you harness the power of emerging technologies.

Join this session to discuss:

  • Uncovering existing hidden technical debts and shadow IT that inhibit agility, innovation and security
  • Establishing centralized risk frameworks and governance that are enforceable and scalable
  • Involving the C-suite and end users in establishing and understanding protections to deter rogue IT and AI


Breakout Sessions

After SolarWinds: Litigation and Regulatory Risks for CISOs

The SEC historically has not top of mind for CISOs – but no longer. While past SEC leadership messaged that they would not “second guess good faith disclosure decisions," the criminal sentence imposed on Uber’s former CISO, the SolarWinds case, and the cyber disclosure rules last year all underscore the new heightened risk environment for CISOs trying to protect their companies – and themselves.

In this discussion, our expert panel will provide an inside perspective on the increased regulatory scrutiny on cybersecurity breaches and the role of the CISO, including:

  • How the government thinks about cyber cases against companies and individuals
  • How CISOs should think about navigating an enhanced role in the disclosure process
  • Key indemnification and insurance considerations

CCM — The Visibility You Crave, The Remediation You Need

Many organizations lack the capability to continuously monitor and measure the effectiveness of their security controls. Continuous control monitoring (CCM) automates the monitoring of cybersecurity controls’ effectiveness and relevant information gathering in near real time.

Join this session to explore how CISOs can:

  • Improve their organization’s security posture and their own productivity
  • Gain visibility on asset management, endpoint protection, secure configuration and vulnerability management
  • Act as a business enabler, ensuring audit readiness and proactive risk management

Cloud-Native, Cloud-First, Cloud-Curious – Comparing Notes on Cloud Security

The path to cloud security is complex and dictated by a whole host of variables unique to each organization. Even though we've been talking about securing the cloud for many years now, achieving maturity here still feels like a moving target. Cloud-first, cloud-native, multi-cloud, hybrid cloud -- whatever the organization's strategy is, the CISO holds the responsibility for driving a culture that continues to put security at the center of cloud transformation.

Join this discussion to hear a range of perspectives from your CISO peers on cloud security topics, including:

  • Enhancing security and cost-effectiveness across diverse cloud environments
  • Implementing – and then elevating – cloud security initiatives across a global footprint
  • Solving for the continued shortage of high-level cloud security skills

Unlocking Full Cloud Potential – Security Enhancements for Today’s Enterprise

While the vast majority of infrastructure has been upgraded and modernized to secure the shift to the cloud, enterprise IT teams are still missing an equally seamless access method to safely deliver those now cloud-native apps and data. While traditional browsers have become the de facto access point for the majority of business critical applications, they lack the deep inspection capabilities and hyper-granular security controls enterprises need. This results in security teams surrounding their browsers with layers of tech to meet those needs.

Join this breakout session to discover:

  • Why traditional cloud security methods undermine your modernization efforts and end-user experience
  • Embracing technological momentum to adapt to a "more-with-less" security landscape
  • How enterprise CISOs are using this solution to bolster cloud security

De-mystifying AI for Threat Detection and Response

 Let’s face it: Not all AI is created equal. But when used properly, data science and AI can turn the tables on cyberattacks in favor of defenders. Unveil how AI can transform the SOC from manual and mundane tasks and empower analysts to stay ahead of the evolving landscape.

Join Hitesh Sheth, Chief Executive Officer at Vectra AI, to discover:

  • Navigating the merits of AI methodologies
  • Understanding how integrated signals reduce alert noise and surfaces real threats
  • Empowering humans to move at the speed of hybrid and multi-cloud attackers


Be the CISO Changemaker who Locked Down Lateral Movement

You’ve likely seen the recent zero trust guidance from the NSA – they advise segmentation to stop lateral movement but also position micro-segmentation as exclusive to mature, "advanced” organizations. This is due to its historical complexity, extensive implementations, and cost. The NSA is wrong on this point however: micro-segmentation is now accessible to organizations of any size and maturity level and can be deployed easily and effectively without breaking anything. 

Chris Turek, CIO of Evercore, joins Benny Lakunishok, CEO and Co-Founder of Zero Networks, to share his experience deploying micro-segmentation to halt lateral movement and effectively defend against ransomware, and have an open conversation about implementing an actionable segmentation strategy, including:  

  • The key steps to achieve automated segmentation (full IT + OT) in just 30 days  
  • How you can restrict traffic to essential assets without breaking anything
  • The latest in just-in-time MFA that can be applied to anything – and blocks ransomware in its tracks


Networking Session

Rising Together — Empowered Women, Empower Women

Join us for an informal networking break exclusively for women in cybersecurity leadership and their allies to connect and build relationships with like-minded leaders in the greater New York area who are making an impact in their organizations and communities. Come prepared to share ideas, inspire and be inspired, and forge new connections that can help empower each other to achieve your goals and broaden your perspectives.

This session is aimed at, but not limited to, women leading the cybersecurity function at their organizations (CISO/equivalent, and those reporting directly to the CISO/equivalent). Priority access will be given to these participants, and allies are welcome as space permits.


We look forward to seeing you at an upcoming in-person gathering


Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location


Venue & Accommodation

Pier Sixty
MORE INFORMATION

Your Community Partners


Global Thought Leader
CISO Thought Leaders
Key Partners
Program Partners

Community Program Manager


For inquiries related to this community, please reach out to your dedicated contact.

Lynn Morrow

Senior Community Program Manager

503-805-5624

lynn.morrow@evanta.com