IN-PERSON

San Francisco CISO Executive Summit

May 9, 2023 | Parc 55

May 9, 2023
Parc 55

Governing Body Agenda Location Partners Contact

Co-Chairs

Yassir Abousselham

UiPath
SVP, CISO

Selim Aissi

Blackhawk Network
Global CISO

Sujeet Bambawale

7-Eleven
VP, CISO

Krishnan Chellakarai

Gilead Sciences
CISO, Head of Information Security & Data Privacy

Cassie Crossley

Schneider Electric
VP, Supply Chain Security

Devin Ertel

Menlo Security
Chief Information Security Officer

Al Ghous

Snapdocs
CISO

Jeff Trudeau

Chime
VP, CIO & CSO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your San Francisco CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

May 8, 2023

6:00pm - 8:30pm Governing Body Welcome Reception

Governing Body Welcome Reception

Join the San Francisco CISO Governing Body and their invited guests for an evening of peer networking, food and drinks, plus the opportunity to give back to the local community!

Our community partner this season is R.O.C.K – Real Options for City Kids, which is the largest provider of academic and social support for at-risk youth in San Francisco's Visitacion Valley. As part of the evening's festivities, you'll have the opportunity to put together simple circuit kits and messages of encouragement to promote curiosity and early interest in STEM fields among elementary school students in and around Visitacion Valley.

Location: Parc 55 (55 Cyril Magnin St.) | Same venue as the Executive Summit

Dietary restrictions: If you plan to attend the welcome reception but have dietary restrictions that we should be aware of, please ensure to fill out the "dietary restrictions" section of your profile in the My Evanta app, or email the San Francisco CISO Sr. Program Manager, Samantha Flaherty, at samantha.flaherty@evanta.com.

About R.O.C.K.: Since 1994, R.O.C.K. has served the needs of children in the community by providing structured programs that foster personal development within a safe, loving and supportive environment. With the help of their programs, children who might not otherwise have a reasonable chance to succeed are granted a level playing field. In addition to active learning and development programs, their team provides an in-school and after-school presence at public schools in Visitacion Valley. You can learn more at https://rocksf.org/.

May 9, 2023 - morning

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

Authentic Leadership in Times of Change

Mike Robbins

Author, Thought Leader & Executive Coach

Change is inevitable. The one constant in the midst of all the change, stress, and uncertainty we face at work and in life is us. Leaders with a strong sense of emotional intelligence (EQ), a willingness to be courageous and vulnerable, and the capacity to inspire others in a genuine way, have a distinct advantage in keeping their teams engaged and motivated in any circumstances.

In this program, author and thought leader Mike Robbins will share practical tips for:

Learning to be transparent in a way that’s both liberating and inspiring
Connecting at a deeper level with your teams and building real trust
Dealing effectively with change and uncertainty — and thriving in the process

9:15am - 9:40am Networking Break

9:40am - 10:25am Breakout Session

Peer Perspectives on Simplifying DevSecOps

Akil Muralidharan

Senior Director of Product Management

Fastly

The threat landscape is continuing to expand and diversify as organizations move to a multi-cloud environment. CISOs need to ensure that their DevSecOps capabilities are incorporated within their overall business strategy to guarantee that their cloud applications and code can remain secure.

Join this interactive session to discuss:

Understanding there is no one-size-fits-all model for DevSecOps
Best practices for integrating DevSecOps into your cloud security strategy
Exploring the intersection between development, security and DevSecOps

9:40am - 10:25am Breakout Session

Building the Complete Next-Gen CISO Package

Ajay Wadhwa

CISO

State of California - State Compensation Insurance Fund

Jeremiah Kung

CISO

AppLovin

While the traditional path to CISO was through the ranks of IT, it's certainly not the only way to get there. So how do the different backgrounds a CISO might have – technical, legal, business, etc. – influence their ability to effectively lead security teams, and what core competencies will tomorrow's CISOs need to master?

Join this interactive session to discuss and discover:

Which skills/experiences are truly critical to be successful as a CISO
What areas today's security leaders are seeking to deepen their skills
How to identify and mentor those who possess the right techno-business skillset to become future security leaders

9:40am - 10:25am Executive Boardroom

Navigating the Cyber Risks of Cloud — Evaluating Options

Mahesh Ayyala

CISO

Hidden Road Inc

Anurana Saluja

Vice President - Global Head of Information Security, Privacy & Business Continuity

Sutherland

Mani Keerthi

Americas Field CISO Associate Director

SentinelOne

The use of cloud technology has become a popular choice for businesses, providing them with numerous advantages but also introducing new threats. Cyber security risks can cause financial and reputational damage if left unmanaged, which is why it is essential to understand all the ways to protect the enterprise.

In this boardroom we will discuss:

How cyber insurance policies differ
New insights to cloud-based attacks and the impacts
Defenses to financial and reputational damage

9:40am - 10:25am Executive Boardroom

Efficient TPRM – The Secret Sauce to Business Growth

Cassie Crossley

VP, Supply Chain Security

Schneider Electric

David Tugwell

Senior Director, Information Security/CISO

Agilent Technologies

Gary Phipps

VP, Strategy and Business Transformation

CyberGRX

Security leaders often seek opportunities to counter the outdated notion that security programs are merely a cost center. Effective third party risk management (TPRM) enables business growth while providing much-needed security, whether you are responding to due diligence requests or providing security approval for new vendors

Join this session to discuss:

Implementing security domains and safeguards that accelerate business outcomes
Increasing visibility of your new and current vendors to drive efficiency and identify risks
Assessing and communicating third-party risk within your broader security strategy

10:25am - 11:00am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

May 9, 2023 - mid-afternoon

11:00am - 11:45am Breakout Session

Wade in Deep, Stay in Your Swim Lane, or Muddy the Waters?

Jeff Klaben

VP of IT, Ouster

Adjunct Professor, Santa Clara University

Kannan Perumal

VP, CISO

Applied Materials

When a CISO recently posted on LinkedIn advising other CISOs to limit their commentary to cybersecurity topics, a storm of polarized responses followed. Let’s transcend the hollow banter of social media by having a real conversation about when and how CISOs should handle topics beyond the traditional infosec realm.

Join this interactive session to discuss handling challenging leadership scenarios like:

How do we ensure that our non-expert opinions enhance discussion and group knowledge?
If we disagree with a decision leadership makes outside of security, what strategies can we use to broach the topic?
How do we differentiate between the perception of an unwarranted attack or a respectful counterpoint to our own decisions?

11:00am - 11:45am Executive Boardroom

Security Strategies for a Robust Threat Management Program

Mark Van Divner

CISO

First Republic Bank

Jeff Crume

Distinguished Engineer, CTO IBM Security - Americas

IBM

Despite a dynamic threat landscape and constantly changing malicious TTPs, CISOs must prepare their organizations to thrive in growing complexity. From widely distributed infrastructures to high volumes of tools with different levels of control and responsibility, it can be difficult to maintain true visibility across environments. How can shifting from reactive to proactive threat management be incorporated into your security strategy to help achieve this?

Join this session to discuss:

Identifying blind spots due to information fragmentation
Understanding your full attack surface and the challenges of lowering risks
Reducing the noise and stress being fed into threat management systems and pressure on teams

11:00am - 11:45am Executive Boardroom

Ahead of The Cloud — Flexible Solutions for A Moving Target

Andrew Schofield

Head of Information Security

Forge Global

Jason Mical

Field Chief Technology Officer - Americas

Rapid7

Sometimes, cloud can seem like a "one size fits none" type of hurdle. One thing is certain, however — as the cloud landscape continues to evolve, so too should a CISO's security strategies.

Join this boardroom to:

Gather practical takeaways and cloud solutions from your peers
Explore solutions to current and future cloud security issues
Gain feedback on your organization's cloud priorities

11:45am - 12:30pm Lunch Service

11:50am - 12:20pm Networking

Rising Together — Empowered Women, Empower Women

Leda Muller

Chief Information Security and Privacy Officer

Stanford University

This will be an intimate, informal space for women in cybersecurity leadership roles and their allies to freely discuss best practices, key challenges, and mission-critical priorities. Come prepared to share ideas and forge new connections that can help empower each other to make an impact in your organizations and the wider Bay Area community.

This session is aimed at, but not limited to, women who are leading the cybersecurity function at their organizations (CISO or equivalent) and those reporting directly to the CISO/equivalent. Priority access will be reserved to these groups.

12:30pm - 1:05pm Keynote

Unleash the Full Power of Secure Digital Transformation with Zero Trust

Jay Chaudhry

CEO, Chairman & Founder

Zscaler

Michael Montoya

Senior Vice President & Chief Information Security Officer

Equinix

Presented by Zscaler

Learn how zero trust architecture secures users, workloads, and IoT/OT devices by addressing critical security shortcomings of legacy network architecture. This session covers key steps in a phased zero trust transformation journey as well as advice for winning the support of organizational leadership.

Join this session and learn to:

Recognize issues inherent to routable networks
Identify key phases of zero trust transformation
Demystify zero trust architecture for business leaders

1:05pm - 1:30pm Break

May 9, 2023 - afternoon

1:30pm - 2:15pm Breakout Session

Positioning Security as an Innovation Enabler

Al Ghous

CISO

Snapdocs

Pronay Mukherjee

Business Information Security Officer - Americas

Levi Strauss & Co.

Jenee Byrd

Senior Director Information Security - Head of Cybersecurity

Ultragenyx

Innovation is the lifeblood of business. Security's role is protecting the enterprise. Nothing about those statements is contradictory, and yet security teams often have a reputation as a roadblock for new ideas. How can security leaders change this narrative and establish their team as key partners in driving and facilitating innovation?

Join this session to hear from a panel about:

Adopting a "culture of yes" mindset within the security organization
Leveraging risk to position security as a driver of business value
Collaborating cross-functionally to champion innovation across the enterprise

1:30pm - 2:15pm Executive Boardroom

A New Vision for Identity Security

Deepali Bhoite

CISO

Anaplan

Michele Buschman

Chief Information Officer

American Pacific Mortgage

Barak Feldman

SVP, PAM and Identity Security

CYBERARK

The number of human and machine identities seeking access to data and critical business systems has grown exponentially, in turn increasing the threat landscape and challenging traditional IAM paradigms. How do security leaders keep a pulse on tools and capabilities to assess their organization’s cybersecurity posture?

Join this boardroom to discuss:

Managing and securing all identities
Mitigating risks in multi-cloud and hybrid environments
Addressing user fatigue and balancing usability with security

1:30pm - 2:15pm Executive Boardroom

Building Trust in Security Operations

Jonas Kriks

CIO

ATEL Capital Group

Robb Reck

Chief Trust and Security Officer

Red Canary

Trust is at the center of what we do in cybersecurity. Trust in your team, trust in your tools, and the business’ trust in you. However, security teams face challenges everyday that erode that trust: analysts get burned out and disengage, tools deliver more noise than outcomes, and your security program is more likely to slow down your business rather than help it run at full speed. In this session, we will discuss why this is the case and how to reverse this dynamic.

Join this executive boardroom to discuss:

How false positives can erode trust
Building engineering principles into your SecOps process
Why a flatter SOC is a better SOC

2:15pm - 2:50pm Networking Break

2:20pm - 2:45pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:50pm - 3:35pm Breakout Session

The Double-Edged Sword of Advanced AI — Balancing Benefits, Concerns

Tammy Hawkins

Director of Cybersecurity and Fraud Prevention

Intuit

Janet Ge

Head of Security

Grail

There's no denying the power and popularity of generative AI programs like ChatGPT. For good or for evil, its uses seem endless. Predicting exactly how this advanced AI will impact the future of cyber security is impossible. But through collaboration with your C-level peers, you might be able to prepare.

Join this interactive session to:

Share your thoughts on enterprise use cases for generative AI
Gauge the impact this tech advancement is having across industries
Unpack concerns around developing policies, loss of IP, etc.

2:50pm - 3:35pm Executive Boardroom

Making Every Security Investment Count

Ajay Chandramouly

Director, Cloud Data Platform Governance and Security

Oracle

Today’s business leaders find themselves squaring up against a two-headed monster: more attack surfaces and threats to cover than ever before and macroeconomic challenges loom. Cybersecurity isn’t something that orgs can afford to “cut down on,” so increasingly, leaders are asked to achieve even greater outcomes with the same or fewer resources — from budgets to tech to headcount. As security continues to evolve as a business-critical function, how can CISOs evaluate spend without compromising on risk?

Join this session to discuss:

Ways organizations are improving ROI on existing security investments
How leaders can translate risk into business outcomes for leadership and boards, enabled by security investment
How to overcome challenges security leaders face as they work to scale, grow, and innovate without sacrificing security

3:35pm - 4:00pm Break

4:00pm - 4:35pm Keynote

Enabling Hypergrowth Securely – Enterprise Use Cases for Generative AI

Prabhath Karanth

Global Head of Security & Trust

Navan

Kelly Soderlund

Senior Director of Global Corporate Communications

Navan

Chris Cholette

VP of Engineering and SRE

Navan

There's no denying that technology with the ability to be creative is a game changer for businesses. As with any new tool, the obvious question for CISOs is always, "Is it worth the risk?" One company that said yes is Navan (formerly TripActions), which integrated ChatGPT into its online travel and expense platform earlier this year.

In this session, leaders from Navan's security, engineering and communications teams will discuss:

Working together to leverage ChatGPT for internal and customer-facing projects
Balancing security and business needs when developing policies and controls
Assessing the impact of ChatGPT on their teams and the business

4:35pm - 5:00pm Closing Reception & Prize Drawing

We look forward to seeing you at an upcoming in-person gathering

Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location

Venue & Accommodation

Parc 55

MORE INFORMATION

A block of rooms has been reserved at the Parc 55 at a reduced conference rate. Reservations should be made online or by calling 1-800-445-8667. Please mention ESF to ensure the appropriate room rate.

Deadline to book using the discounted room rate of $279 USD (plus tax) is April 17, 2023.

RESERVE ROOM