San Francisco CISO Executive Summit

December 9, 2019, Hilton San Francisco Union Square

December 9, 2019
Hilton San Francisco Union Square

Collaborate with your peers

Get together with your peers to tackle top business challenges through peer-driven content and discussions at the San Francisco CISO Executive Summit.

Join your peers to discuss the most critical issues impacting CISOs today:

Strategies for a risk-aligned, resilient organization

Developing and investing in the security workforce of tomorrow

Creating business value and supporting agile business operations

San Francisco CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Yassir Abousselham headshot

Yassir Abousselham

Okta, Inc.
SVP, Chief Security Officer

Krishnan Chellakarai headshot

Krishnan Chellakarai

Gilead Sciences
CISO

Joel Fulton headshot

Joel Fulton

Splunk
CISO

Al Ghous headshot

Al Ghous

ServiceMax
CSO and Head of Security

Steve Martino headshot

Steve Martino

Cisco Systems, Inc.
SVP, CISO

Jeff Trudeau headshot

Jeff Trudeau

Credit Karma
CSO

Agenda


December 9, 2019 - morning

7:30am - 8:15amRegistration & Breakfast

8:15am - 8:30amOpening Comments

8:30am - 9:00amKeynote

A True Partner to the Business

Christine Vanderpool headshot

Christine Vanderpool

Vice President & Chief Information Security Officer

Florida Crystals

To maximize their influence and impact on business objectives, CISOs must sharpen their leadership and communication skills, particularly when it comes to addressing needs and expectations at the highest levels of the organization. Now more than ever, CISOs can produce tangible value for their organizations – how should information security professionals best communicate risks to the executive team and board of directors in a manner that is understandable and actionable?

In this session, learn to:

  • Form and sustain boardroom relationships
  • Prepare a strategic conversation with the board and speak their language
  • Position security as an enabler of the business

9:00am - 9:20amNetworking Break

9:20am - 10:10amBreakout Session

Ensuring Security in Supply Chain and Vendor Relationships

Mark Weatherford headshot

Mark Weatherford

Global Information Security Strategist

Booking Holdings

Simply identifying your supply chain is one problem; employing adequate security programs throughout the supply chain is a level of risk that most companies haven’t fully embraced. Mark Weatherford, Global Information Security Strategist, shares his methodology in ensuring that security is embedded in third party relationship management. 

Join this session to learn: 

  • Best practices for managing third-party partners
  • How to assess security maturity for supply chains 
  • Insights on changing vendor partnerships for a more secure organization

9:20am - 10:10amBreakout Session

Having Organizational and Financial Support and Still Getting Hacked

Jonathan Nguyen-Duy headshot

Jonathan Nguyen-Duy

Vice Pesident, Global Field CISO Team

Fortinet, Inc.

Why do organizations still get breached when they are performing pen tests, auditing networks, following compliance, and implementing the latest security technologies that take advantage of anomalous behavior models, artificial intelligence, and machine learning?

This talk will examine:

  • Insights on breach prevention and mitigation 
  • How cybersecurity failed to keep attackers away
  • Continuous Adaptive Risk and Trust Assessment

9:20am - 10:10amExecutive Boardroom

Next-Generation Cloud Security

Tom August headshot

Tom August

CISO

John Muir Health

Gene Chen headshot

Gene Chen

CISO

Synaptics

Andrew Lemke headshot

Andrew Lemke

Cyber Resilience Executive Advisor

IBM

As organizations increasingly turn to cloud-based services, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud.

In this boardroom we’ll discuss:

  • Automation, orchestration, AI and machine learning strategies
  • Nuances for hybrid on- and off-premise systems
  • Ways to incorporate security into your cloud strategy

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Greg Winterrowd at +1-971-717-6628 or Greg.Winterrowd@evanta.com.

9:20am - 10:10amExecutive Boardroom

Innovation Offense — Uniting DevSecOps

Sujeet Bambawale headshot

Sujeet Bambawale

CISO

7-Eleven

Michael Wilson headshot

Michael Wilson

SVP & CSO

Molina Healthcare

Michelle Dufty headshot

Michelle Dufty

VP, Product

Sonatype

This is NOT your typical security conversation. We won’t be talking about how to play better "perimeter defense" at the end of your digital supply chain. Instead, we will be talking about how to play better “innovation offense” at the beginning of your digital supply chain.

Join us to discuss:

  • How to continuously identify and remediate open source risk, without slowing down innovation
  • Ways to integrate security guardrails directly within your DevOps pipeline
  • The importance of uniting developers, security, and operations on the same team

10:10am - 10:30amNetworking Break

10:30am - 11:20amBreakout Session

Improving Influence and Longevity in Security

Daniel Chiang headshot

Daniel Chiang

VP of Security

Stitch Fix

Lorna Koppel headshot

Lorna Koppel

Director of Information Security/CISO

Tufts University

Jeff Trudeau headshot

Jeff Trudeau

CSO

Credit Karma

Dr. Christian Dameff headshot

Dr. Christian Dameff

MD

UC San Diego

The statistics are alarming about those who work in security - high rates of substance abuse, short tenure at jobs, and unhealthy levels of stress. How can CISOs make their careers sustainable and maintain a sense of well-being? Dr. Christian Dameff, a hacker and emergency medicine physician, helps lead this panel of CISOs to discuss ways to cope and thrive. 

In this session, learn: 

  • How to assess your mental health
  • Methods to reduce stress in careers
  • How other security leaders deal with burnout

10:30am - 11:20amBreakout Session

From Zero Trust to Zero Touch with Intelligent Security

Bob Scuderi headshot

Bob Scuderi

Head of Solutions Engineering NALA

BlackBerry

Organizations are challenged to strike a balance between security teams who want a Zero Trust approach and employees who desire seamless Zero Touch access. Bridging that gap is Artificial Intelligence and a Zero Trust Architecture.

This session dives into:

  • Why the view of endpoints impacts how they’re secured and managed
  • How adaptive security and artificial intelligence can protect all endpoints
  • The ultimate goal of increasing security while acknowledging other factors

10:30am - 11:20amExecutive Boardroom

Secure the Core — Protect the Applications that Run Your Business

Colin Anderson headshot

Colin Anderson

Global CISO

Levi Strauss & Co.

Leda Muller headshot

Leda Muller

CISO/Assistant Director of Support Services

Stanford University

Andreas Gloege headshot

Andreas Gloege

VP, North America Sales Engineering

Onapsis

In May 2019, the Department of Homeland Security issued an alert citing "New Exploits for Unsecure SAP Systems" after new exploits, termed "10KBLAZE" were publicly released. While protecting endpoint access, phishing, and network monitoring is important, nothing else matters if your core business applications are not a primary strategic component.
In this session, we will explore:

  • Why and how ERP applications are actively under attack
  • How cloud, mobile and digital transformations are expanding the attack surface
  • Steps you can take to ensure cyber resiliency and mitigate risk

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Greg Winterrowd at +1-971-717-6628 or Greg.Winterrowd@evanta.com.

10:30am - 11:20amExecutive Boardroom

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Krishnan Chellakarai headshot

Krishnan Chellakarai

CISO

Gilead Sciences

Mark Van Divner headshot

Mark Van Divner

CISO

First Republic

Kelly White headshot

Kelly White

CEO

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

  • Explore the true nature of the enterprise cyber risk surface
  • Discuss threats and regulations driving organizations to better manage their extended enterprise
  • Share insights on how to better manage third-party risk (hint: good data!)

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Greg Winterrord at +1-971-717-6628 or Greg.Winterrowd@evanta.com.

December 9, 2019 - mid-afternoon

11:20am - 11:45amNetworking Break

11:45am - 12:30pmLunch & Comments

Lunch & Interactive Discussion

In this networking lunch you have the opportunity to hold relevant conversations with peers facing similar challenges and opportunities in a specific industry. The below questions are a guideline for you to start your topical table conversations.


Security operations

  • What is the maturity of your security operations program?
  • What is your process for building an operational playbook?
  • What KPIs or KRIs do you use to measure success?

Communication and awareness

  • How do you approach security with a holistic lens?
  • What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
  • How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?

Access and Identity Management

  • What strategies and tools are you using to improve visibility into your systems?
  • How are you integrating the user experience with security?
  • How are you measuring the success of your access management program?

Governance and privacy

  • How are you responding to/preparing for regulatory changes?
  • How do you balance compliance with business requirements?
  • What standards and metrics are you using to measure risk?

Talent and developing leaders

  • What are some tangible strategies for creating and developing new talent resources?
  • What best practices exist for retaining talent, once secured?
  • How are you developing your future leaders? What succession plan strategies do you have in place?

12:30pm - 1:00pmKeynote

Thinking Like a Cybercriminal

Etay Maor headshot

Etay Maor

Chief Security Officer

IntSights

We read about hacks and breaches on a daily basis, but what do we actually know about these cybercrime groups and how they conduct these attacks? Etay Maor explores best practices on how to best protect organizations from these bad actors, and gives an understanding of how they operate to allow a forward defense. Demonstrations include phishing, WiFi and USB-based attacks, social engineering, open source intelligence and more.

In this session, Etay Maor will:

  • Dive into basic hacking techniques
  • Demonstrate what types of tools hackers are using today 
  • Examine the scope of these attacks

1:00pm - 1:20pmNetworking Break

1:20pm - 2:10pmBreakout Session

Where is Your True North?

Nils Puhlmann headshot

Nils Puhlmann

Chief Trust and Security Officer

Twilio

Mark Weatherford headshot

Mark Weatherford

Global Information Security Strategist

Booking Holdings

In today’s market, qualified security professionals are in short supply while security requirements are increasingly complex and demanding. How does one filter out distractions and remain focused on core organizational goals while mentoring upcoming new (and often overwhelmed) talent?

Join this fireside chat to discuss:

  • How to increase your “field of vision” while staying focused on the right things
  • What values and principles to never leave behind
  • How to coach new talent and help them navigate this complex profession

1:20pm - 2:10pmBreakout Session

The Next Great Security Challenge — Securing SD-WAN

Adam Winn headshot

Adam Winn

Product Management Leader, Cisco Cloud Security

Cisco Umbrella

The market consideration and adoption of software-defined WAN (SD-WAN) represents the largest networking transformation in recent history. Organizations are turning to SD-WAN to improve connectivity, reduce costs, and simplify management at their branch office locations. But what about security?

In this session you will hear how to:

  • Embrace change — the pros and cons
  • Address weaknesses for branch offices and roaming users
  • Keep security top of mind for business leaders

1:20pm - 2:10pmExecutive Boardroom

Controlling Insider Threats Through Data Loss Protection

BG Badriprasad headshot

BG Badriprasad

Chief Security Architect

Ross Stores

Al Ghous headshot

Al Ghous

CSO and Head of Security

ServiceMax

Jadee Hanson headshot

Jadee Hanson

CISO and VP of Information Systems

Code42

What will it take to move the data protection needle forward? How do CISOs stop insider threats before brand damage is done?

In this session, you’ll discuss:

  • Best practices to continuously monitor file activity to detect risk
  • How to quickly investigate and respond to insider threats
  • Ways to transform your data loss protection strategy

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Greg Winterrowd at +1-971-717-6628 or Greg.Winterrowd@evanta.com.

1:20pm - 2:10pmExecutive Boardroom

Accelerate Innovation Using Cloud Without The Loss of Control

Mahesh Ayyala headshot

Mahesh Ayyala

SVP Engineering & Technology

Bank of The West

Chris Jacquet headshot

Chris Jacquet

VP & CISO

Hitachi Vantara

Chris DeRamus headshot

Chris DeRamus

Co-Founder and CTO

DivvyCloud

The move from self-service access to cloud services is a core ingredient for digitally savvy business units, allowing to experiment quickly and inexpensively. This leads to innovation translating to greater customer value, competitiveness, and profitability. However, enabling this paradigm shift requires the CISO to transform their organization.

In this executive boardroom, you’ll discuss how to:

  • Pivot the approach from "command and control" to a "trust but verify"
  • Amplify security to enable innovation and decrease friction
  • Maximize resources including people, the process, and tooling

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Greg Winterrowd at +1-971-717-6628 or Greg.Winterrowd@evanta.com.

December 9, 2019 - afternoon

2:10pm - 2:30pmNetworking Break

2:30pm - 2:40pmClosing Comments

2:40pm - 3:25pmKeynote

CISO/Security Vendor Relationship Podcast — Live Recording

David Spark headshot

David Spark

Co-Host

CISO Series

Mike Johnson headshot

Mike Johnson

Co-Host

CISO Series

Jimmy Sanders headshot

Jimmy Sanders

Information Security

Netflix

Are you ready for the live podcast that has turned a spotlight on one of the most important areas of InfoSec – relations between buyers and sellers of cybersecurity products? Join us as our hosts and special guests comment on hot cybersecurity issues, listener questions, and play risk-based security games like "What's Worse?!"

3:25pm - 4:00pmClosing Reception & Prize Drawing

Location


Venue & Accommodation

Hilton San Francisco Union Square

Your Community Partners


Global Thought Leader
National Thought Leaders
Keynote Sponsor
National Sponsors
Local Sponsors

San Francisco CISO Program Manager


For inquiries related to this event, please reach out to your dedicated program manager.

Greg Winterrowd

971-717-6628

greg.winterrowd@evanta.com