San Francisco CISO Executive Summit

December 3, 2018 | InterContinental San Francisco

December 3, 2018
InterContinental San Francisco

Collaborate with your peers

Get together with your peers to tackle top business challenges through peer-driven content and discussions at the San Francisco CISO Executive Summit.

Join your peers to discuss the most critical issues impacting CISOs today:

Strategies for a risk-aligned, resilient organization

Developing and investing in the security workforce of tomorrow

Creating business value and supporting agile business operations

San Francisco CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Colin Anderson

Levi Strauss & Co.
Global CISO

Eddie Borrero

Robert Half Technology
CISO

Krishnan Chellakarai

Gilead Sciences, Inc.
CISO

George DeCesare

Kaiser Permanente
SVP, Chief Technology Risk Officer

Peter Liebert

State of California
Commander, Cyber Operations

Steve Martino

Cisco
Senior VP & Chief Information Security Officer

Agenda


December 3, 2018 - morning

7:00am - 7:45am  Registration & Breakfast

7:45am - 8:30am  Keynote

Designing Your Life

Dave Evans headshot

Dave Evans

Product Design Program at Stanford, Co-Author of 'Designing Your Life'

The question “What do I want to be when I grow up?” is one that never truly goes away. Whether you are a college grad entering the workforce, a forty year-old shifting careers, or a sixty-eight year-old trying to define an encore career, the search for a fulfilling life never stops. In this keynote, Dave Evans teaches audiences how to look at career and life planning through the lens of design. Participants are given the tools to build their way forward and to develop various life scenarios just like a designer tests multiple prototypes. This approach fosters creativity and adaptability and allows audiences to accept that there is never just one right path.

8:30am - 9:10am  Networking Break

9:10am - 10:00am  Breakout Session

A Plan for Automating Incident Response

Eric Etherington headshot

Eric Etherington

CISO

Dolby Laboratories

How do you grow incident response capabilities without adding headcount? Eric Etherington, CISO of Dolby Laboratories, shares his process for developing an automated incident response program. Etherington discusses how to get comfortable with automation and make the response process more efficient. With a lean operation, Dolby is able to review all alerts – low and high – and not suffer from the common problem of prioritizing only high alerts due to staffing limitations. Etherington shares use cases for common pain points that become manageable with automation.

9:10am - 10:00am  Breakout Session

Securing the Cloud Revolution

Tim Prendergast headshot

Tim Prendergast

Chief Cloud Officer

Palo Alto Networks

The rapid evolution of cloud-delivered infrastructure, services, and technologies have been steadily transforming business, allowing for greater flexibility and advanced customization of the IT environment. As organizations look to the cloud, they must also manage the new risks and responsibilities in modern shared-infrastructure architectures.

 

In this session, examine:

  •    The benefits, risks and challenges of scaling cloud applications
  •    How the risk-minded organization evaluates the security posture of their IaaS, PaaS, and SaaS workloads and data
  •    How enterprise organizations should evaluate API-based security offerings
  •    Why automation is the one great equalizer for their security team’s growing resource challenge(s)

9:10am - 10:00am  Executive Boardroom

The Practical Application of ‘Cognitive Cybersecurity’

Yassir Abousselham headshot

Yassir Abousselham

SVP, Chief Security Officer

Okta, Inc.

Amir Jabri headshot

Amir Jabri

Information Security Manager

Accuray

Sean McHugh headshot

Sean McHugh

Cybersecurity Executive Advisor

IBM

The sheer volume of threat intelligence and suspicious activity alerts facing security teams is daunting, yet finding that needle in the haystack can make the difference between stopping an attacker or becoming victim to the next breach. “Cognitive cybersecurity” – machine learning and the automation of human tasks and processes – can transform the security program by free staff to focus on stopping the real threats.

In this interactive discussion, explore with fellow CISOs:

  • Areas of opportunity to free up resources with automation
  • Common threats every organization faces that can be alleviated with ML
  • Methods to get business buy-in for the next wave of technology

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

9:10am - 10:00am  Executive Boardroom

Evaluating Your Information Security Program

Al Ghous headshot

Al Ghous

Sr. Director, Cyber Security

General Electric Company

David Tugwell headshot

David Tugwell

Director, Information Security

Agilent Technologies, Inc.

Ray Zadjmool headshot

Ray Zadjmool

CEO & Founder

Tevora

A comprehensive information security program can significantly limit an organization’s exposure to risk. To address security concerns and needs, CISOs must continually assess their program and make improvements.

Join peers to discuss:

  • Possible gaps and risks in your information security program
  • Quantifying information risk into dollar terms
  • Establishing KPIs to measure progress

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

10:00am - 10:40am  Networking Break

10:40am - 11:30am  Breakout Session

Pen Test Your Board Pitch — An Interactive Exercise

Thomas August headshot

Thomas August

CISO

John Muir Health

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat. In this interactive session, you will work in a group to:

  • Create and deliver a board pitch
  • Receive real-time feedback on your pitch
  • Learn best practices and strategies for communicating with your board

10:40am - 11:30am  Breakout Session

Knowing Your Unknown Unknowns

Tim Junio headshot

Tim Junio

CEO & Co-Founder

Expanse, Formerly Qadium

It only takes one weak link to expose your entire network. The explosion of Internet-connected devices, and decentralization of IT procurement and management, has created problems for every large organization in the world.

In this session, discover:

  • Commonly overlooked vulnerabilities for organizations
  • Cutting edge technologies and methods for network visibility
  • Solutions such as Internet-scale intelligence and remote traffic capture

10:40am - 11:30am  Executive Boardroom

Secure Transformation – Avoiding Risk in ERP Applications

Friedrich Wetschnig headshot

Friedrich Wetschnig

CISO

Flex

Anand Kotti headshot

Anand Kotti

SAP Security Expert

Onapsis, Inc.

Digital transformation is not just a buzzword, but an outline of business and operational plans to integrate and prioritize the latest digital technologies. Unfortunately, security is often second priority or not even in the scope of the transformation project.

Join this session to discuss how to:

  • Make security an enabler instead of a roadblock.
  • Develop a plan to secure critical ERP applications
  • Ensure your organization’s ERP applications are compliant

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

10:40am - 11:30am  Executive Boardroom

Comprehensive Security for Connected Devices

Colin Anderson headshot

Colin Anderson

Global CISO

Levi Strauss & Co.

Nadean Shavor headshot

Nadean Shavor

Chief Security Officer

State of California Franchise Tax Board

Bhanu Prakash headshot

Bhanu Prakash

Director, Systems Engineering

Fortinet, Inc.

The number and types of network-connected wireless devices and mobile applications continue to grow exponentially. How can CISOs mitigate the risk coming from new vulnerabilities and an increased attack surface?

In this roundtable, join peers to discuss:

  • Challenges and best practices in managing connected devices
  • How to reduce complexity across network and device management
  • The balance between ease of use and robust security across devices

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

10:40am - 11:30am  Executive Boardroom

DevSecOps – The Agile Approach to Security

Joel Fulton headshot

Joel Fulton

CISO

Splunk

Kannan Perumal headshot

Kannan Perumal

Chief Information Security Officer

Applied Materials

Cindy Blake headshot

Cindy Blake

Global Sr. Security Evangelist

GitLab

Security from the start and better collaboration are the keys to effectively reducing risks posed to an organization. With DevSecOps methods and principles, security automation can help organizations mitigate risk without impacting their Agile/DevOps velocity.

In this session, learn:

  • How DevSecOps changes the security workflow
  • The benefits of a DevSecOps approach
  • Best practices and lessons learned to implement DevSecOps in your organization

December 3, 2018 - mid-afternoon

11:30am - 12:00pm  Networking Break

12:00pm - 1:10pm  Keynote

Minnows, Meet Sharks

Joel Fulton headshot

Joel Fulton

CISO

Splunk

Al Ghous headshot

Al Ghous

Sr. Director, Cyber Security

General Electric Company

Mike Johnson headshot

Mike Johnson

CISO

Lyft

Friedrich Wetschnig headshot

Friedrich Wetschnig

CISO

Flex

Get the chance to explore new technologies with the shared expertise of a team of CISOs. Emerging providers will have the opportunity to pitch their new and innovative solutions to the most pressing cybersecurity challenges before a panel of influential global enterprise CISOs for coaching and feedback. Audience participants will have the opportunity to chime in alongside the panel of sharks with an interactive feature.

1:10pm - 1:40pm  Networking Break

December 3, 2018 - afternoon

1:40pm - 2:30pm  Breakout Session

Build Analytics That Count

Richard Seiersen headshot

Richard Seiersen

CISO, Author and Advisor

Can you prove that your security capabilities are improving while the business scales? Scale means exposing more value, to more people, through more channels faster. Richard Seiersen, CISO and Author, focuses on the philosophy and methods of measurement that will help your team answer these questions. Executive intuition, inspiration and next steps to build analytics that count is the goal. 

1:40pm - 2:30pm  Executive Boardroom

Achieving Next-Level Security Through Automation

Krishnan Chellakarai headshot

Krishnan Chellakarai

CISO

Gilead Sciences, Inc.

Sankara Shunmugasundaram headshot

Sankara Shunmugasundaram

Principal Security and Compliance Officer

AppDirect

Myke Lyons headshot

Myke Lyons

Director & Global Head, Security Transformation

ServiceNow

Security teams face a significant challenge in tackling the routine tasks necessary to monitor threats to their organization. What would it mean to free up these staff resources to focus on more strategic challenges?

Join your peers to discuss the role of automation in cybersecurity, including:

  • How does your organization view automation in the context of talent shortages?
  • What are the types of tasks in your security program are you automating, considering automating, or never automating?
  • How do you measure current and future efficiency as you deploy automation?

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

1:40pm - 2:30pm  Executive Boardroom

Blockchain – Secure by Design?

Glen Carson headshot

Glen Carson

CISO

California Natural Resources Agency

Jeff Klaben headshot

Jeff Klaben

Executive Director, Trusted Technologies

SRI International

Jose Diaz headshot

Jose Diaz

Director, Payment Strategy

Thales

Blockchain technology offers substantial promise as a tool for authentication and information exchange. With this new technology, though, comes questions about how to ensure blockchain is properly secured. This session explores how CISOs can keep security top of mind while organizations examine use cases for blockchain.

In this roundtable, discuss:

  • Practical use cases for blockchain
  • The benefits blockchain technology provides to security
  • The future landscape for this emerging technology

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

1:40pm - 2:30pm  Executive Boardroom

Measuring Risk in a Post GDPR World

Cassie Crossley headshot

Cassie Crossley

Security Governance Program Leader

Schneider Electric

Christophe Jacquet headshot

Christophe Jacquet

VP & CISO

Hitachi Vantara

Chris Babel headshot

Chris Babel

CEO

TrustArc

The GDPR significantly changed how companies assess and manage risk through a combination of new / complex compliance reporting requirements and exposure to significant financial penalties. The GDPR, and forthcoming California Consumer Privacy Act (CCPA) are increasing the level of interaction CISOs need to have with legal / privacy counterparts to ensure data protection risks are properly identified, effective management tools are implemented, and objective measures are in place to track progress.

Join fellow security leaders to discuss: 

  • Standards and metrics for measuring data protection risk
  • Best practices for managing risk associated with GDPR, California Consumer Privacy Act, and other global data protection frameworks
  • Tools to manage data protection risk and meet compliance reporting requirements

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

2:30pm - 2:50pm  Networking Break

2:50pm - 3:30pm  Keynote

The Future CISO

Yassir Abousselham headshot

Yassir Abousselham

SVP, Chief Security Officer

Okta, Inc.

Colin Anderson headshot

Colin Anderson

Global CISO

Levi Strauss & Co.

James August headshot

James August

CISO

University of the Pacific

George Do headshot

George Do

CISO

Equinix

The role of the CISO has changed dramatically over the past decade from an IT-focused role to more business oriented. What will the role look like a decade from now? What are the qualities that are key for the next-generation security leader? This panel, featuring a variety of unique backgrounds and perspectives, takes a look at what the future holds.

3:30pm - 4:00pm  Closing Reception & Prize Drawing

Location


Venue & Accommodation

InterContinental San Francisco

Your Community Partners


National Thought Leader
Presenting Sponsors
National Sponsors

San Francisco CISO Program Managers


For inquiries related to this event, please reach out to your dedicated program contacts.

Greg Winterrowd

Senior Program Manager

971-717-6628

greg.winterrowd@evanta.com

Danielle Levine

Conference Associate

971-222-2387

danielle.levine@evanta.com