San Francisco CISO Executive Summit

May 15, 2019, The Westin St. Francis San Francisco on Union Square

May 15, 2019
The Westin St. Francis San Francisco on Union Square

Collaborate with your peers

Get together with your peers to tackle top business challenges through peer-driven content and discussions at the San Francisco CISO Executive Summit.

Join your peers to discuss the most critical issues impacting CISOs today:

Strategies for a risk-aligned, resilient organization

Developing and investing in the security workforce of tomorrow

Creating business value and supporting agile business operations

San Francisco CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Yassir Abousselham headshot

Yassir Abousselham

Okta, Inc.
SVP, Chief Security Officer

Krishnan Chellakarai headshot

Krishnan Chellakarai

Gilead Sciences, Inc.
CISO

Joel Fulton headshot

Joel Fulton

Splunk
CISO

Al Ghous headshot

Al Ghous

General Electric Company
Sr. Director, Cyber Security

Peter Liebert headshot

Peter Liebert

State of California
CISO

Steve Martino headshot

Steve Martino

Cisco Systems, Inc.
SVP, CISO

Jeff Trudeau headshot

Jeff Trudeau

Credit Karma
CSO

Agenda


May 15, 2019 - morning

7:00am - 8:30am  Registration & Breakfast

8:30am - 9:00am  Keynote

The Art of Noticing

Rob Walker headshot

Rob Walker

Author, "The Art of Noticing"

In his talk, “The Art of Noticing,” Rob Walker argues that noticing what others have taken for granted is the cornerstone of creativity. Drawing on themes and sharing tips and suggestions from his book, he shares examples from his research of creative projects that began by noticing something that everyone else overlooked or ignored.

9:00am - 9:40am  Networking Break

9:40am - 10:30am  Breakout Session

Prioritize the Crown Jewels

Cassie Crossley headshot

Cassie Crossley

Director, Product & Systems Cybersecurity

Schneider Electric

When Schneider Electric examined their 4000 internal applications, they realized they couldn’t boil the ocean. Highlighting their key systems that would create significant liability if there was a breach, they narrowed down the most critical 19 “Crown Jewels”. Cassie Crossley shares her process in making key applications breach resistant and breach ready by pinpointing where to direct resources.

In this session, learn to:

  • Focus and prioritize objectives of your security program
  • Set ownership by identifying main security experts
  • Teach the basics of security to the organization

9:40am - 10:30am  Breakout Session

Offense and Defense – Playing Both Sides

Tony Giandomenico headshot

Tony Giandomenico

Senior Security Strategist

Fortinet, Inc.

Many organizations continue to be successfully attacked despite continued investments in the latest technologies. To successfully defend cyber assets, organizations need to both understand their adversary’s tradecraft and ensure their security posture is properly designed continually resist their tactics, techniques and procedures.

This session includes:

  • How to effectively leverage the freely available Mitre Knowledgebase
  • How to achieve better situational awareness
  • Solutions to more accurately plan and prioritize security improvements

9:40am - 10:30am  Breakout Session

Wear the Black Hat in a Cybersecurity Escape Room

Jack Davidson headshot

Jack Davidson

Program Manager

Boston Scientific

As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

  • Hack a Facebook account using information left behind on employees’ desks.

  • Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.

  • Learn a new way to gamify insider threat training.

9:40am - 10:30am  Executive Boardroom

Effective Risk and Metrics Communication to the Board

Christophe Jacquet headshot

Christophe Jacquet

VP & CISO

Hitachi Vantara

Lucia Milica headshot

Lucia Milica

Resident CISO

Proofpoint

Ray Zadjmool headshot

Ray Zadjmool

CEO & Founder

Tevora

As boards make cybersecurity a central focus of their discussions, CISOs must be able to provide visibility into the organization’s risk posture and clearly articulate their security program into business terms. The role of the CISO has evolved beyond operational functions of monitoring to that of a business enabler – how can security leaders best respond to the challenge of effectively communicating to the board?  

Join this roundtable to discuss:

  • How to quantify and share metrics with the business
  • The importance of translating security into the language of the business
  • How to ask for and obtain a larger security budget

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

9:40am - 10:30am  Executive Boardroom

Eliminating Vulnerability Overload with Predictive Prioritization

Yassir Abousselham headshot

Yassir Abousselham

SVP, Chief Security Officer

Okta, Inc.

Al Ghous headshot

Al Ghous

Sr. Director, Cyber Security

General Electric Company

Glen Pendley headshot

Glen Pendley

SVP, Engineering

Tenable

When it comes to reducing cyber risk, overcoming vulnerability overload is critical. Find out how predictive prioritization will improve your vulnerability management efforts so you can focus on what matters most to your business. During this peer-discussion you will explore:

  • How to use threat intelligence to move the most dangerous vulnerabilities up your priority list
  • The resources required to effectively assess your environment and prioritize your efforts in a predictive manner
  • Practices that will help you take appropriate actions to make your organization more secure
  • How to make your staff more efficient by drastically reducing the number of high priority vulnerabilities they need to remediate

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

10:30am - 11:10am  Networking Break

May 15, 2019 - mid-afternoon

11:10am - 12:00pm  Breakout Session

Trim the Fat – Evaluating Your Cybersecurity Tool Portfolio

Adam Glick headshot

Adam Glick

VP, Enterprise Cyber Risk

Brown Brothers Harriman & Co.

Adam Glick felt his organization’s suite of cybersecurity tools was becoming oversized and cumbersome – and sought to analyze what was truly bringing value. Through evaluation, Glick was able to cut the amount of products being used by 18%. Glick shares his process in conducting a portfolio analysis, and how security leaders can not become distracted by the next shiny object.

In this session, learn:

  • How to reduce redundancy or combine tools that are disparate in nature
  • Proactive measures to set up a portfolio for sustained success
  • How to evaluate whether tools are meaningful

11:10am - 12:00pm  Breakout Session

Minnows, Meet Sharks

Al Ghous headshot

Al Ghous

Sr. Director, Cyber Security

General Electric Company

Marzena Fuller headshot

Marzena Fuller

CSO

SignalFX

Peter Liebert headshot

Peter Liebert

CISO

State of California

Sankara Shunmugasundaram headshot

Sankara Shunmugasundaram

Senior Director, Security and Compliance

AppDirect

Get the chance to explore new technologies with the shared expertise of a team of CISOs. Emerging providers will have the opportunity to pitch their new and innovative solutions to the most pressing cybersecurity challenges before a panel of influential global enterprise CISOs for coaching and feedback. Audience participants will have the opportunity to chime in alongside the panel of sharks with an interactive feature.

11:10am - 12:00pm  Breakout Session

Wear the Black Hat in a Cybersecurity Escape Room

Jack Davidson headshot

Jack Davidson

Program Manager

Boston Scientific

As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

  • Hack a Facebook account using information left behind on employees’ desks.

  • Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.

  • Learn a new way to gamify insider threat training.

11:10am - 12:00pm  Executive Boardroom

Managing the Convergence of Global Data Regulations

Krishnan Chellakarai headshot

Krishnan Chellakarai

CISO

Gilead Sciences, Inc.

Friedrich Wetschnig headshot

Friedrich Wetschnig

CISO

Flex

Matt Little headshot

Matt Little

Chief Product Officer

PKWARE, Inc.

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organizations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

  • The current landscape of data privacy regulation around the world
  • Best practices for managing risk associated with data protection frameworks
  • Standards and metrics for measuring data protection risk
  • Data classification strategies to aid compliance, regardless of regulation

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

11:10am - 12:00pm  Executive Boardroom

Maintaining Agility in the Secure Enterprise

Gene Chen headshot

Gene Chen

CISO

Synaptics

Nadean Shavor headshot

Nadean Shavor

Chief Security Officer

State of California Franchise Tax Board

Wendy Nather headshot

Wendy Nather

Head of Advisory CISOs

Duo Security

What tactics and technologies are effective in securing the enterprise without putting up barriers to business operations? In this interactive roundtable discussion, security leaders share strategies that maximize security while minimizing business bottlenecks.

In this session, security leaders will:

  • Define shared pain points where security controls are slowing business processes
  • Share ideas and best practices for reducing friction from security controls
  • Address ways to gain buy-in across the business when bottlenecks are unavoidable

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

12:00pm - 12:30pm  Networking Break

12:30pm - 1:30pm  Keynote

The Predictions Panel – A Look at Future Threats

Forrest Carr headshot

Forrest Carr

ISO, Digital Banking

East West Bank

George Do headshot

George Do

CISO

Equinix, Inc.

Jeff Klaben headshot

Jeff Klaben

Executive Director, Trusted Technologies

SRI International

Jeff Trudeau headshot

Jeff Trudeau

CSO

Credit Karma

To truly safeguard an organization, CISOs mustn’t merely focus on existing threats, but future ones, too. They have to ask themselves – what types of attacks should I be prepared for?

In this interactive session, prepare to:

  • Listen to a panel of CISOs predict the biggest threats of 2020
  • Share your own threat predictions for 2020
  • Discuss how to predict threats and – more importantly – how to prepare for them


1:30pm - 2:00pm  Networking Break

May 15, 2019 - afternoon

2:00pm - 2:50pm  Breakout Session

Fixing the Workforce Gap

Peter Liebert headshot

Peter Liebert

CISO

State of California

Attracting, developing and retaining enough quality talent seems to be an irremediable problem for the security industry. The State of California has worked to ameliorate this by creating a new pipeline of IT talent and advance the existing workforce to prepare for leadership roles. Peter Liebert, CISO for the State of California, shares how they’ve approached the IT talent shortage.

Join this session to learn:

  • How to attract talent in a competitive marketplace
  • Methods to broaden the scope of the talent pipeline
  • Retention strategies by creating career paths for existing employees


2:00pm - 2:50pm  Breakout Session

Protecting Your VIPs, and Your VAPs (Very Attacked People) Too

Lucia Milica headshot

Lucia Milica

Resident CISO

Proofpoint

 For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Lucia Milica of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

 Join to learn: 

  • Why nearly all threat actors have shifted away from technical exploits to compromise their targets
  • How organizations can leverage threat data to understand which people and departments are highly targeted
  • How to design effective protection for highly attacked, highly vulnerable, and highly privileged users 

2:00pm - 2:50pm  Breakout Session

Wear the Black Hat in a Cybersecurity Escape Room

Jack Davidson headshot

Jack Davidson

Program Manager

Boston Scientific


As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

  • Hack a Facebook account using information left behind on employees’ desks.

  • Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.

  • Learn a new way to gamify insider threat training.



2:00pm - 2:50pm  Executive Boardroom

Intelligent SecOps Automation - Creating a Common Security Framework

Adam Glick headshot

Adam Glick

VP, Enterprise Cyber Risk

Brown Brothers Harriman & Co.

Amir Jabri headshot

Amir Jabri

Information Security Manager

Accuray

John Carty headshot

John Carty

Area Director

SaltStack

Gartner’s Susan Moore refers to automation as “The Next Frontier for IT”.  This is as true for security automation as it is for infrastructure and networks.  One of the hottest new topics in security automation is SOAR—Security Orchestration, Automation, and Response.

In this roundtable, we’ll discuss:

  •     Practical SOAR – opportunities and challenges
  •     SIEM or SOAR?
  •     Bridging the communications gap: discussing automation with SecOps, NetOps, and SecOps
  •     Managing the big three limitations: money, time, and staff expertise

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

2:00pm - 2:50pm  Executive Boardroom

The Continual Shifting of Threats

Marzena Fuller headshot

Marzena Fuller

CSO

SignalFX

Ofer Israeli headshot

Ofer Israeli

CEO

Illusive Networks

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

  • The current threat landscape
  • How to best discover and thwart nation-state attacks
  • What security executives can do to build resiliency

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

2:50pm - 3:10pm  Networking Break

3:10pm - 3:40pm  Keynote

CISO/Security Vendor Relationship Podcast - Live Recording

David Spark headshot

David Spark

Co-Host

CISO Series

Mike Johnson headshot

Mike Johnson

Co-Host

CISO Series

We're proud to host David Spark and Mike Johnson as they record their breakthrough podcast that has turned a spotlight on one of the most important areas of InfoSec: relations between buyers and sellers of cybersecurity products. Join us as Spark challenges his co-host Johnson and guest to comment on hot cybersecurity issues, listener questions, and play risk-based security games like "What's Worse?!"

3:40pm - 4:00pm  Closing Reception & Prize Drawing

Your Community Partners


National Thought Leaders
Presenting Sponsor
National Sponsors

San Francisco CISO Program Manager


For inquiries related to this event, please reach out to your dedicated program manager.

Greg Winterrowd

971-717-6628

greg.winterrowd@evanta.com