IN-PERSON

San Francisco CISO Executive Summit

December 9, 2019 | Hilton San Francisco Union Square

December 9, 2019
Hilton San Francisco Union Square

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Yassir Abousselham

Okta, Inc.
SVP, Chief Security Officer

Krishnan Chellakarai

Gilead Sciences
CISO

Joel Fulton

Splunk
CISO

Al Ghous

ServiceMax
CSO and Head of Security

Steve Martino

Cisco Systems, Inc.
SVP, CISO

Jeff Trudeau

Credit Karma
CSO

Agenda

December 9, 2019

morning mid-afternoon afternoon

7:30am - 8:15am Registration & Breakfast

8:15am - 8:30am Opening Comments

8:30am - 9:00am Keynote

A True Partner to the Business

Christine Vanderpool

Vice President & Chief Information Security Officer

Florida Crystals

To maximize their influence and impact on business objectives, CISOs must sharpen their leadership and communication skills, particularly when it comes to addressing needs and expectations at the highest levels of the organization. Now more than ever, CISOs can produce tangible value for their organizations – how should information security professionals best communicate risks to the executive team and board of directors in a manner that is understandable and actionable?

In this session, learn to:

Form and sustain boardroom relationships
Prepare a strategic conversation with the board and speak their language
Position security as an enabler of the business

9:00am - 9:20am Networking Break

9:20am - 10:10am Breakout Session

Ensuring Security in Supply Chain and Vendor Relationships

Mark Weatherford

Global Information Security Strategist

Booking Holdings

Simply identifying your supply chain is one problem; employing adequate security programs throughout the supply chain is a level of risk that most companies haven’t fully embraced. Mark Weatherford, Global Information Security Strategist, shares his methodology in ensuring that security is embedded in third party relationship management.

Join this session to learn:

Best practices for managing third-party partners
How to assess security maturity for supply chains
Insights on changing vendor partnerships for a more secure organization

9:20am - 10:10am Breakout Session

Having Organizational and Financial Support and Still Getting Hacked

Jonathan Nguyen-Duy

Vice Pesident, Global Field CISO Team

Fortinet, Inc.

Why do organizations still get breached when they are performing pen tests, auditing networks, following compliance, and implementing the latest security technologies that take advantage of anomalous behavior models, artificial intelligence, and machine learning?

This talk will examine:

Insights on breach prevention and mitigation
How cybersecurity failed to keep attackers away
Continuous Adaptive Risk and Trust Assessment

9:20am - 10:10am Executive Boardroom

Next-Generation Cloud Security

Tom August

CISO

John Muir Health

Gene Chen

CISO

Synaptics

Andrew Lemke

Cyber Resilience Executive Advisor

IBM

As organizations increasingly turn to cloud-based services, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud.

In this boardroom we’ll discuss:

Automation, orchestration, AI and machine learning strategies
Nuances for hybrid on- and off-premise systems
Ways to incorporate security into your cloud strategy

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Greg Winterrowd at +1-971-717-6628 or Greg.Winterrowd@evanta.com.

9:20am - 10:10am Executive Boardroom

Innovation Offense — Uniting DevSecOps

Sujeet Bambawale

CISO

7-Eleven

Michael Wilson

SVP & CSO

Molina Healthcare

Michelle Dufty

VP, Product

Sonatype

This is NOT your typical security conversation. We won’t be talking about how to play better "perimeter defense" at the end of your digital supply chain. Instead, we will be talking about how to play better “innovation offense” at the beginning of your digital supply chain.

Join us to discuss:

How to continuously identify and remediate open source risk, without slowing down innovation
Ways to integrate security guardrails directly within your DevOps pipeline
The importance of uniting developers, security, and operations on the same team

10:10am - 10:30am Networking Break

10:30am - 11:20am Breakout Session

Improving Influence and Longevity in Security

Daniel Chiang

VP of Security

Stitch Fix

Lorna Koppel

Director of Information Security/CISO

Tufts University

Jeff Trudeau

CSO

Credit Karma

Dr. Christian Dameff

UC San Diego

The statistics are alarming about those who work in security - high rates of substance abuse, short tenure at jobs, and unhealthy levels of stress. How can CISOs make their careers sustainable and maintain a sense of well-being? Dr. Christian Dameff, a hacker and emergency medicine physician, helps lead this panel of CISOs to discuss ways to cope and thrive.

In this session, learn:

How to assess your mental health
Methods to reduce stress in careers
How other security leaders deal with burnout

10:30am - 11:20am Breakout Session

From Zero Trust to Zero Touch with Intelligent Security

Bob Scuderi

Head of Solutions Engineering NALA

BlackBerry

Organizations are challenged to strike a balance between security teams who want a Zero Trust approach and employees who desire seamless Zero Touch access. Bridging that gap is Artificial Intelligence and a Zero Trust Architecture.

This session dives into:

Why the view of endpoints impacts how they’re secured and managed
How adaptive security and artificial intelligence can protect all endpoints
The ultimate goal of increasing security while acknowledging other factors

10:30am - 11:20am Executive Boardroom

Secure the Core — Protect the Applications that Run Your Business

Colin Anderson

Global CISO

Levi Strauss & Co.

Leda Muller

CISO/Assistant Director of Support Services

Stanford University

Andreas Gloege

VP, North America Sales Engineering

Onapsis

In May 2019, the Department of Homeland Security issued an alert citing "New Exploits for Unsecure SAP Systems" after new exploits, termed "10KBLAZE" were publicly released. While protecting endpoint access, phishing, and network monitoring is important, nothing else matters if your core business applications are not a primary strategic component.
In this session, we will explore:

Why and how ERP applications are actively under attack
How cloud, mobile and digital transformations are expanding the attack surface
Steps you can take to ensure cyber resiliency and mitigate risk

10:30am - 11:20am Executive Boardroom

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Krishnan Chellakarai

CISO

Gilead Sciences

Mark Van Divner

CISO

First Republic

Kelly White

CEO

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Greg Winterrord at +1-971-717-6628 or Greg.Winterrowd@evanta.com.

11:20am - 11:45am Networking Break

11:45am - 12:30pm Lunch & Comments

Lunch & Interactive Discussion

In this networking lunch you have the opportunity to hold relevant conversations with peers facing similar challenges and opportunities in a specific industry. The below questions are a guideline for you to start your topical table conversations.

Security operations

What is the maturity of your security operations program?
What is your process for building an operational playbook?
What KPIs or KRIs do you use to measure success?

Communication and awareness

How do you approach security with a holistic lens?
What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?

Access and Identity Management

What strategies and tools are you using to improve visibility into your systems?
How are you integrating the user experience with security?
How are you measuring the success of your access management program?

Governance and privacy

How are you responding to/preparing for regulatory changes?
How do you balance compliance with business requirements?
What standards and metrics are you using to measure risk?

Talent and developing leaders

What are some tangible strategies for creating and developing new talent resources?
What best practices exist for retaining talent, once secured?
How are you developing your future leaders? What succession plan strategies do you have in place?

12:30pm - 1:00pm Keynote

Thinking Like a Cybercriminal

Etay Maor

Chief Security Officer

IntSights

We read about hacks and breaches on a daily basis, but what do we actually know about these cybercrime groups and how they conduct these attacks? Etay Maor explores best practices on how to best protect organizations from these bad actors, and gives an understanding of how they operate to allow a forward defense. Demonstrations include phishing, WiFi and USB-based attacks, social engineering, open source intelligence and more.

In this session, Etay Maor will:

Dive into basic hacking techniques
Demonstrate what types of tools hackers are using today
Examine the scope of these attacks

1:00pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Where is Your True North?

Nils Puhlmann

Chief Trust and Security Officer

Twilio

Mark Weatherford

Global Information Security Strategist

Booking Holdings

In today’s market, qualified security professionals are in short supply while security requirements are increasingly complex and demanding. How does one filter out distractions and remain focused on core organizational goals while mentoring upcoming new (and often overwhelmed) talent?

Join this fireside chat to discuss:

How to increase your “field of vision” while staying focused on the right things
What values and principles to never leave behind
How to coach new talent and help them navigate this complex profession

1:20pm - 2:10pm Breakout Session

The Next Great Security Challenge — Securing SD-WAN

Adam Winn

Product Management Leader, Cisco Cloud Security

Cisco Umbrella

The market consideration and adoption of software-defined WAN (SD-WAN) represents the largest networking transformation in recent history. Organizations are turning to SD-WAN to improve connectivity, reduce costs, and simplify management at their branch office locations. But what about security?

In this session you will hear how to:

Embrace change — the pros and cons
Address weaknesses for branch offices and roaming users
Keep security top of mind for business leaders

1:20pm - 2:10pm Executive Boardroom

Controlling Insider Threats Through Data Loss Protection

BG Badriprasad

Chief Security Architect

Ross Stores

Al Ghous

CSO and Head of Security

ServiceMax

Jadee Hanson

CISO and VP of Information Systems

Code42

What will it take to move the data protection needle forward? How do CISOs stop insider threats before brand damage is done?

In this session, you’ll discuss:

Best practices to continuously monitor file activity to detect risk
How to quickly investigate and respond to insider threats
Ways to transform your data loss protection strategy

1:20pm - 2:10pm Executive Boardroom

Accelerate Innovation Using Cloud Without The Loss of Control

Mahesh Ayyala

SVP Engineering & Technology

Bank of The West

Chris Jacquet

VP & CISO

Hitachi Vantara

Chris DeRamus

Co-Founder and CTO

DivvyCloud

The move from self-service access to cloud services is a core ingredient for digitally savvy business units, allowing to experiment quickly and inexpensively. This leads to innovation translating to greater customer value, competitiveness, and profitability. However, enabling this paradigm shift requires the CISO to transform their organization.

In this executive boardroom, you’ll discuss how to:

Pivot the approach from "command and control" to a "trust but verify"
Amplify security to enable innovation and decrease friction
Maximize resources including people, the process, and tooling

2:10pm - 2:30pm Networking Break

2:30pm - 2:40pm Closing Comments

2:40pm - 3:25pm Keynote

CISO/Security Vendor Relationship Podcast — Live Recording

David Spark

Co-Host

CISO Series

Mike Johnson

Co-Host

CISO Series

Jimmy Sanders

Information Security

Netflix

Are you ready for the live podcast that has turned a spotlight on one of the most important areas of InfoSec – relations between buyers and sellers of cybersecurity products? Join us as our hosts and special guests comment on hot cybersecurity issues, listener questions, and play risk-based security games like "What's Worse?!"

3:25pm - 4:00pm Closing Reception & Prize Drawing