IN-PERSON

New York CISO Community
Executive Summit

December 4, 2024 | Pier Sixty

December 4, 2024
Pier Sixty

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Reshma Budhwani

New York Life
VP, Chief Technology Security Officer

Steve Grossman

National Basketball Association
CISO

Tomas Maldonado

National Football League
Chief Information Security Officer

Tod Mitchinson

New York Life
VP, CISO

Michael Palmer

Hearst
Chief Information Security Officer

Lauren Dana Rosenblatt

Public Service Enterprise Group Inc
VP, Chief Information Security Officer

Kylie Watson

Sumitomo Mitsui Banking Corporation
CISO

Teresa Zielinski

GE Vernova
VP, Global CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your New York CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

December 3, 2024

evening

December 4, 2024

morning afternoon

6:00pm - 8:30pm Governing Body Reception

Welcome Reception — CISO Executive Summit

Location: Current 59 (59 Chelsea Piers, New York, NY 10011)

Governing Body members of the New York CISO community host this welcome reception to kick off the Executive Summit with an informal evening of peer networking, food and drinks.

You'll also have the opportunity to take a break from screens and stress, and instead get a little creative with your peers with some literal team-BUILDING with Lego!

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

Never Lead Alone — Transforming Leadership into Teamship

Keith Ferrazzi

#1 New York Times Bestselling Author; Global Thought Leader in the Relational and Collaborative Sciences

Join Keith Ferrazzi, renowned team coach and bestselling author, as he unveils the groundbreaking concepts from his latest book, "Never Lead Alone: 10 Shifts from Leadership to Teamship." In this dynamic keynote, Ferrazzi challenges traditional notions of leadership and introduces a revolutionary approach to team dynamics in today's volatile business landscape.

Drawing from two decades of proprietary research Ferrazzi will share:

The role of the Leader in fostering Teamship
10 critical shifts your teams must make to achieve breakthrough performance
Strategies and practical tools you can implement now for navigating modern challenges like hybrid work, and AI integration

Discover how to transform into a co-elevating team that drives bolder innovation, breaks down silos, and delivers exceptional results. Whether you're a C-suite executive or a team member looking to contribute more effectively, this keynote will provide you with actionable insights to revolutionize your approach to collaboration and team performance.

Keith isn't just an author -- he's someone who knows and works with CISOs and security leaders regularly. Check out some of his articles for Forbes specifically addressing how CISOs can action on some of the key principles of his work:

9:15am - 9:40am Networking Break

9:40am - 10:25am Breakout Session

Scaling Matterhorn – How Uber is Transforming Issues Management with GenAI

Hardik Mehta

Head of Cyber Risk Management

Uber

Imagine a world where security engineers weren't inundated with thousands of issues/bugs across dozens of categories every day. Hardik Mehta, Head of Cyber Risk Management at Uber, and his team no longer have to just imagine that world -- they've made it their reality with Project Matterhorn — a Generative AI-powered program that is taking the number of issues from 200k+ across 21 types to just 20k across only 2 types.

In this session, Hardik will share how Project Matterhorn is leveraging GenAI to:

Identify & resolve Uber’s critical security issues across Product and Infra
Integrate with Uber’s engineering plans and govern Uber’s issues posture
Reduce Uber’s operational toil around issues, exceptions and acceptances

9:40am - 10:25am Breakout Session

Taking the Reins — Unifying Risk Management in Complex Digital Environments

Richard Seiersen

Chief Risk Technology Officer

Qualys

Cybersecurity is more than just technology; it’s about managing risks in a business context. Today’s interconnected landscape broadens the risk surface, encompassing cyber threats, operational disruptions, and financial losses across all enterprise levels. CISOs are challenged with fragmented security solutions and siloed strategies, which hinder effective risk management programs.

Join this session to discuss:

Developing a Risk Operations Center (ROC) to strengthen your cybersecurity risk management program
Aggregating, scoring, and presenting risk to achieve unified visibility and action across entire attack surfaces
Aligning the business with risk-based prioritization

9:40am - 10:25am Executive Boardroom

Shaping Security Leadership for the Quantum Era

Ray Harishankar

Fellow, Quantum Safe

IBM

Bob Brown

CISO

Federal Home Loan Bank of New York

Rod Aday

CISO

Bank of China

Tim Somrah

VP, Information Security

Major League Soccer

Cryptography touches every corner of the digital world, and it is at risk of decryption from cybercriminals launching “harvest now, decrypt later” attacks. NIST announced three encryption algorithm standards in August 2024, which the U.S. government is pressed to adopt by 2035. Businesses must start evaluating their systems now, as a system-wide transition to quantum-safe protocols will be complex and time-consuming.

Join this session to discuss:

The current threat landscape from cryptographically relevant quantum computing
Understanding the NIST encryption standards and how to implement to your organizations
Evaluating and updating security strategy to ensure future security

Want to attend this session but it's already full? Email Krista Robbins (Sr. Community Program Manager) at krista.robbins@evanta.com to inquire about joining the waitlist in case a seat opens up. (Seating priority for executive boardroom sessions is limited to C-level/head-of-function security executives and NY CISO Governing Body members.)

9:40am - 10:25am Executive Boardroom

Governing Generative AI in your Organization

Anthony Scarfe

Deputy CISO

Elastic

Almon Tse

CISO

Saks Group

JR Riding

CISO

Multiplan

Generative AI is being utilized by companies and employees alike–sometimes without permission. The normalization of this emerging technology has expanded the attack surface and left many security leaders feeling anxious and uncertain. Is generative AI worth the risk, and how should it be governed in an organization?

Join this interactive roundtable to explore:

What to expect from the threat landscape as generative AI becomes increasingly normalized
What adopting generative AI does to your attack surface, and if you should even allow it
How to implement governance rules that your organization will follow

9:40am - 10:25am Executive Boardroom

Preemptive Cybersecurity — Building Toward a Future of Cyber Deterrence

Luigi Lenguito

CEO

BforeAI

Pronay Mukherjee

Global Business Information Security Officer

Levi Strauss & Co.

Dan Marra

Director, Information Security

Ropes & Gray

Cybersecurity has always been a never-ending race, with threat actors often setting the pace. So how do we actually get ahead of such sophisticated adversaries? By changing the paradigm of security from detection and response to prediction and preemption.

Join this interactive roundtable to explore:

Defining and moving toward a preemptive cybersecurity model
Countering more sophisticated attacks conducted by AI and other advanced capabilities
Observing, quantifying and communicating the ROI of cyber deterrence

Recommended Gartner Resources:

CISO Edge: Use Cyber Deterrence to Stop Attacks Before They Start (available for all)
Emerging Tech: Top Use Cases in Preemptive Cyber Defense (available for Gartner customers)

10:25am - 11:05am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:05am - 11:50am Breakout Session

Intersecting Horizons — Security & Privacy

Catherine Tomasi

Director, Chief Privacy Officer

Con Edison

Kylie Watson

CISO

Sumitomo Mitsui Banking Corporation

Security and privacy are intersecting, yet distinct, disciplines that ultimately share a lot of the same goals. But true collaboration between these critical functions isn't just about policies and protocols -- it's about leveraging both perspectives to think more holistically about safeguarding data and establishing trust.

Join this session for a candid, fireside chat-style session with the CPO and CISO of Con Edison, who are here to share how they:

Navigate areas of shared interest and responsibility between privacy and security
Address the constantly evolving landscape of data protection regulation
Work cross-functionally to promote the responsible and innovative use of data across the enterprise

11:05am - 11:50am Breakout Session

Modern Workforce, Modern Security Strategy

Tony Chryseliou

Global Information Security Executive

Sony Corporation of America

In the age of remote and hybrid work, employees now spend the majority of their time in the browser or in virtual meetings. The workforce is more mobile and distributed than ever before. At the same time, we are seeing an increase in cyber attacks and a higher average cost of data breaches. We must think more about protecting users right where they interface with web threats, the browser, without disrupting productivity.

Join this session for an interactive conversation with your peers to discuss:

The browser's role in a business's security strategy
Zero trust architecture
Managing resources for cybersecurity in a time of economic uncertainty

11:05am - 11:50am Executive Boardroom

Risk to the Nth-Party Degree

Peter Ling

VP, Global Cybersecurity Partnerships & Cyber Resilience Programs

RiskRecon - A MasterCard Company

Matthew Saeed

CISO

Warby Parker

Steven Wallstedt

CISO

Industrial and Commercial Bank of China

Third party relationships are closest and may prove to be the most tangible risks to your business, yet the whole supply chain of your business partners still pose a substantial threat. Most organizations’ vendor relationships extend to the 8th party. CISOs need to understand this web of connectedness in order to better manage and communicate enterprise risk.

Join this session to discuss:

Gaining visibility into risk across the whole supply chain
Strategies for effective risk management and monitoring business partners
Overcoming resource challenges to prioritize third-party and extended supply chain risk

11:05am - 11:50am Executive Boardroom

Rethinking the Relationship Between Cybersecurity Teams and the People They Protect

Ron Poserina

VP, Americas Systems Engineering

Proofpoint

Christina Morillo

Head of Information Security

New York Giants

Matt Cerny

Director of Cyber Security

Integra Life Sciences

You’ve heard it all before: the DBIR tells you people are your biggest risk, phishing simulations tell you your users fall for social engineering, and simple security measures you deploy are sometimes met with howls of protest. But what if it didn’t have to be that way?

Join this session for a fresh perspective on:

Moving security alerts from the SOC to where users work
Protecting end users perception of security controls
Transforming security teams’ interactions with end users

11:05am - 11:50am Executive Boardroom

Connecting the Dots of Global Data Governance and Compliance

Mauro Failli

Director of Technical Advisor & Operations, Executive Engagement Programs

Twilio

Arun Abraham

CISO

Bose Corp

Matt Mudry

CISO

HomeServe USA

Jason Rothhaupt

Deputy CISO

Broadridge

In today's complex regulatory environment, CISOs must navigate various categories of global trust, such as demographic and ethnographic factors, which influence compliance and governance decisions. Establishing and maintaining trust requires not only defining a clear position but also providing consistent evidence to support compliance claims. How can leaders connect the dots of governance across different countries and organizations effectively to enhance compliance and operational efficiency?

Join this boardroom to discuss:

Navigating the convergence of consumer, government, and market forces that shape global flows of data
Aligning governance and compliance strategies to build and maintain trust
Leveraging new technologies responsibly across geographies without sacrificing customer trust and loyalty

11:50am - 12:35pm Lunch Service

12:35pm - 1:10pm Keynote

How Zero Trust and AI Enable Innovation That Outpaces Adversaries

Sam Curry

Global VP, CISO in Residence

Zscaler

Pronay Mukherjee

Global Business Information Security Officer

Levi Strauss & Co.

The modern CISO must navigate the complex balance between technological advancement and the need to simplify and secure IT environments. This requires overhauling legacy architectures to be VPN and firewall-free, responding to shifting threats with AI-enabled defenses, overcoming financial constraints, and accommodating cloud-first businesses with distributed workforces. Leaders must lay a secure foundation using zero trust principles – for users, devices, and workloads – and harness the power of AI to consistently stay one step ahead of the attackers.

Join this session to learn:

AI’s role in enabling both organizations and their adversaries, with an emphasis on staying a step ahead of cybercriminals
Navigating the evolution of the CISO roles in light of greater expectations and oversight from senior business leaders
Securing organizations’ resources – from end users to branches and factories – reliably and cost-effectively with zero trust

1:10pm - 1:35pm Break

1:35pm - 2:20pm Breakout Session

Best Practices for Trusting AI in Your Security Strategy

Kurt Roemer

Chief Security Strategist

Box

For security professionals, zero trust is a mantra built into the cornerstones of security strategies. So trusting AI to augment and improve all the protections we've spent our careers putting in place is no easy feat. But here’s the truth: AI needs time and data to grow and learn to support security teams. And we — as the real, live people managing these tools — need time and information to adjust to trusting AI.

Join this session to learn about:

Establishing trust in AI to combat external threats like data leaks from shadow AI usage
Managing internal threats through controlling permissions and implementing guardrails
Using AI to empower security teams by automating tasks, addressing talent gaps, and preventing burnout

1:35pm - 2:20pm Breakout Session

Bridging the Gaps Between Security & People from the CHRO Perspective

Cheryl Bucci

SVP, Operations & People

American Society for the Prevention of Cruelty to Animals

Dave Kutayiah

Managing Director & Head of HR

Clarion Partners

Glenn Dowling

VP, Talent Acquisition & Workforce Planning

Horizon Blue Cross Blue Shield of New Jersey

The CISO is far more than just a technical leader – you’re also a people leader. And while security leaders are very comfortable talking tech, we brought in a panel of experts on people – HR leaders – to share their thoughts and answer your questions on topics like:

Increasing focus on workforce development for tech teams
Finding and retaining the appropriate level of staffing and skillsets
Fostering stronger relationships between CISOs, CHROs other non-technical, C-suite leaders

1:35pm - 2:20pm Executive Boardroom

SecOps Transformation — Cybersecurity at Scale

Xavier Saavedra

Director of SOC Transformation Advisors

Palo Alto Networks

Mary Carp

Director of Security Operations

Avery Dennison

Craig Budinich

Director of Information Security Operations & Engineering

International Rescue Committee

Today’s security operations centers are facing a barrage of “more.” More attacks. More threat actors. More devices and data. More security tools. More regulations. More specialized focus areas. More silos. With the modern security landscape changing fast, the SOC must evolve to meet current threats, demands and pressures.

Join this session to discuss:

Balancing business demands and a stable security architecture at scale
Gaining clarity with AI-driven intelligence
Integrating incident responses for faster reaction

1:35pm - 2:20pm Executive Boardroom

How to Assess Security Maturity and Why It Matters

Greg Notch

CISO

Expel

Peter Rosario

CISO

USI

Reshma Budhwani

VP, Chief Technology Security Officer

New York Life

Ronen Halevy

VP, Information Security

Sony Corporation of America

Maturing your security posture requires knowing how to objectively assess your organization, use industry best practices and frameworks, and select the right tools to advance your business. This complex, time-intensive process often takes a backseat to defending yourself against ever-evolving threats. Getting started can be overwhelming, so finding time to assess and improve your security maturity is a tall task.

Join this session to discuss:

Benchmarking using common assessment frameworks and tools
Determining your security maturity level, and how to fill gaps you’ve identified
Analyzing the impact of data and AI on your security posture

1:35pm - 2:20pm Executive Boardroom

The Silent Spread of AI — And Why You’re Losing Control Over It

Lior Yaari

CEO and Co-Founder

Grip Security

Dan Shiebler

Head of Machine Learning

Abnormal Security

Carlos Lyons

SVP, CISO

CGS

Ernie Rozado

Director, Head of Cybersecurity and Compliance

G-III

AI risk is quietly creeping into every corner of your enterprise, and you don’t even realize it. As more employees adopt AI-powered tools, applications, and processes, it is becoming deeply embedded in your tech stack — but it’s not just your employees using AI. Attackers are also leveraging AI to enhance their own tactics and sharpen their attacks. The real question for CISOs is: Do you have visibility into the countless ways AI is spreading, and what’s the best way to use AI to protect against AI?

Join this session to discuss:

The hidden ways AI is entering your enterprise—from third-party tools to shadow AI projects—and why it’s slipping under the radar
How attackers are using AI to improve their attacks and making them harder to detect by both legacy security tools and humans themselves
Actionable steps for CISOs to gain visibility and control over AI use across the organization

2:20pm - 3:00pm Networking Break

2:25pm - 2:50pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

3:00pm - 3:45pm Breakout Session

CISO Role Evolution — How Are You Adapting?

Davin Darnt

CISO Americas

Louis Vuitton

Bob Brown

CISO

Federal Home Loan Bank of New York

Being a well-rounded CISO can’t be hacked. It takes consistent reflection and re-invention as the role evolves from a solely technology-focused position to a business-enabling one.

Join this interactive session to hear from your peers and share your own perspective on adapting to thrive in the next evolution(s) of the CISO role, including:

Embracing the evolving demands of the CISO role
Building trust and influence amongst C-Suite peers and key stakeholders
Demonstrating your value as a proven leader and business-enabler

3:00pm - 3:45pm Breakout Session

Harnessing AI/ML in SASE for Next-Generation Network Security

Kelly Ahuja

President & CEO

Versa Networks

Sean Kerrigan

VP, Technology Infrastructure

Bath & Body Works

This session introduces how AI/ML technologies are being integrated into SASE solutions for advanced threat detection, predictive analytics, and automated responses. Real-world case studies illuminate successful implementations, highlighting the challenges faced and the outcomes achieved. Explore the balance between AI-driven automation and the need for human decision-making and future trends. Join us on a journey into the evolving landscape of network security, hear and share best practices and strategies from your peers.

In this session you will learn:

How AI/ML technologies can simplify your infrastructure and improve security posture
Why AI is fundamental for real-time threat detection and automatic remediation at every edge
Explore proven business outcomes and common challenges in deploying AI/ML enhanced SASE

3:00pm - 3:45pm Executive Boardroom

Secure Every Identity — Human and Machine

Barak Feldman

SVP, PAM and Identity Security

CYBERARK

Mike Crumpler

VP, Information Security (CISO)

Kenco

Chris Holden

SVP, CISO

Crum & Forster

The path to stronger identity security strategies lies within an agile and connected digital system. CISOs are often challenged with keeping disparate identities up to date, but when leveraged correctly, easy-to-use technology can be a game changer.

Join this boardroom to discuss:

The essentials for building seamless and secure access
The challenges faced when protecting against malicious actors
How to automate the management of digital identities

3:00pm - 3:45pm Executive Boardroom

Is Secure Email Even Relevant Anymore?

Christian Peel

VP, Customer Engineering

Echoworx

Steve Grossman

CISO

National Basketball Association

Tod Mitchinson

VP, CISO

New York Life

David Sheidlower

CISO

Turner Construction

With messaging apps like WhatsApp boasting over 2 billion users globally, demand on secure email to keep pace grows every day. The competing pressures of convenience, compliance, security and innovation have many CISOs wondering – what’s next for secure business communication?

Join this session to discuss:

Determining if secure email is still relevant
Transitioning secure messaging to the cloud
Preparing for the future in the era of direct messaging

3:00pm - 3:45pm Executive Boardroom

Strengthening Operational Cloud Defenses with Regulations in Mind

Suresh Vasudevan

Board Director

Sysdig

Damiano Tulipani

SVP, CISO

Amalgamated Bank

Aditya Malhotra

SVP, Information Security

Capital Group

As organizations become increasingly interconnected through complex supply chains, cloud security has emerged as a critical concern that affects all businesses—even those not operating directly within cloud environments. The challenges are compounded by a dynamic regulatory landscape that demands proactive attention.

Join this interactive roundtable session to discuss:

Evolving challenges in cloud security and practical approaches to address them
Strengthening detection and response capabilities against threats targeting cloud environments
Developing an effective, timely cloud incident response plan aligned with regulatory expectations

3:45pm - 4:15pm Break

3:50pm - 4:15pm Networking

Rising Together — Women Leaders in Security/Technology Networking Session

Join us for an informal networking break for women in information security/technology leadership and their allies to connect and build relationships with like-minded leaders in the greater New York area who are making an impact in their organizations and communities. Come prepared to share ideas, inspire and be inspired, and forge new connections that can help empower each other to achieve your goals and broaden your perspectives.

This session is intended for women in the New York CISO community leading the information security/technology function(s) at their organizations (CISO/CIO/equivalent) and women reporting directly to the CISO/CIO/equivalent. Priority access will be reserved for these groups, with allies welcome as space permits.

4:15pm - 4:50pm Keynote

Success & Succession in Security — Planning for What's Next

Mike Lamberg

VP, CISO

ION

Paul Carpenito

CISO

ION

When you're ready to move on, what will your next step look like – and who will replace you?

Succession planning is critical for CISOs and enterprises to ensure continuity and resilience in security leadership roles. But it can also be a pretty complex process to identify a successor – whether internally or externally – and ensure that next person is set up for success.

In this fireside chat-style keynote session, Mike Lamberg and Paul Carpenito from ION join us to share:

What the CISO succession planning process was like from both the outgoing (Mike) and incoming (Paul) perspectives
What their recommendations would be for fellow CISOs as they consider their own success plans
What each of them is looking forward to in the next stage of their career journeys

4:50pm - 5:00pm Closing Comments and Prize Drawing