IN-PERSON

San Francisco CISO Executive Summit

November 8, 2023 | Parc 55

November 8, 2023
Parc 55

REGISTER NOW

Collaborate with your peers

Get together with San Francisco's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Quantifying the business's cyber-risk appetite and leveraging it to frame security investments

Improving the agility of security operating models to keep pace with organizational priorities

Enhancing product security to better protect against and take advantage of advanced AI capabilities

San Francisco CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Yassir Abousselham

UiPath
SVP, CISO

Selim Aissi


Global CISO, Board Member

Sujeet Bambawale

7-Eleven
VP, CISO

Krishnan Chellakarai

Gilead Sciences
CISO, Head of Information Security & Data Privacy

Cassie Crossley

Schneider Electric
VP, Supply Chain Security

Devin Ertel

Menlo Security
Chief Information Security Officer

Al Ghous

Snapdocs
CISO

Leda Muller

Stanford University
Chief Information Security and Privacy Officer

Kannan Perumal

Applied Materials
Vice President, Chief Information Security Officer

Jeff Trudeau

Chime
VP, CIO & CSO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your San Francisco CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


November 8, 2023

7:45am - 8:30am  Registration & Breakfast

8:30am - 9:15am  Keynote

Leading Like a Game Master

Dr. Timm Woods headshot

Dr. Timm Woods

Professional Game Master

Tabletop exercises, wargaming sessions, etc. — whatever you call them, security leaders are no strangers to using interactive role-playing to practice incident response scenarios with stakeholders. But there's so much more to learn from the wide world of tabletop roleplaying games (TTRPGs).

Dr. Timm Woods, an expert on the role of TTRPGs in business and educational contexts, joins us to share practical insights learned from hundreds of hours as a professional Game Master, including:

  • Fostering a team environment that authentically encourages innovation, trial and even error
  • Using the power of storytelling to make intangible concepts feel as real as life and death
  • Working with (not against) the fast-paced and unpredictable nature of security (and games) to embrace a more improvisational leadership style

9:15am - 9:40am  Networking Break

9:40am - 10:25am  Breakout Session

Empowered Women, Empowering Women — Getting the "Chief" Title (And Beyond)

Deepali Bhoite headshot

Deepali Bhoite

CISO

Anaplan

Michele Buschman headshot

Michele Buschman

Chief Information Officer

American Pacific Mortgage

While the number of women in technology roles is growing, there's one area where the gender disparity is still very noticeable — right at the very top. Women in working IT, security and risk management still face more barriers to career advancement than their male counterparts, particularly when it comes to getting to the "Chief" title and level of authority.

In this session, women in the Bay Area technology community who've reached the "chief" level (and beyond) in their organizations will share some key moments in their career journeys, then we'll transition to more open discussion and networking. Come prepared to share your perspective and forge new connections!

Access will be reserved for, but not limited to, women who are leading the IT, security and/or risk functions at their organizations (CISO, etc. or equivalent) and women reporting directly to these heads of function. Male allies and others are welcome as space allows.

9:40am - 10:25am  Breakout Session

Unpacking the Impacts & Implications of the SEC Cyber Disclosure Rules

Lauri Floresca headshot

Lauri Floresca

SVP & Partner

Woodruff Sawyer

With its new cyber rules, the SEC made clear that it expects more transparency from senior executives and board directors of public companies around cyber risk. Other things – like a definitive determination on what is “material” and potential increased personal liability for CISOs – remain a little less clear, however.

Join this open discussion with Lauri Floresca – SVP & Partner at Woodruff Sawyer and an expert in both D&O and cyber liability insurance – to discuss:

  • Board-level oversight of cybersecurity
  • C-Suite liability and information security risk
  • Relevant cases, proposed policies and procedures

9:40am - 10:25am  Executive Boardroom

Modernizing your Security SecOps Program in the Cloud

Will Lowe headshot

Will Lowe

COO

Panther

In today’s rapidly evolving security landscape, security programs must possess three indispensable capabilities to be truly effective: speed, scale, and flexibility. But to get to that ideal state, CISOs must overcome a bevy of obstacles, like legacy tools that are continuously breaking and homegrown systems that are challenging to maintain.

In this session we will discuss:

  • Building a scalable infrastructure by exploring tools, processes and skills
  • Challenges with current SecOps frameworks and ideas for more modern approaches
  • Solutions for high volume cloud log sources while keeping budget in check

9:40am - 10:25am  Executive Boardroom

Strategic Pitfalls in Third-Party Risk Management

Dave Holden headshot

Dave Holden

Regional Sales Director

RiskRecon - A MasterCard Company

Managing cyber risk across an enterprise IT infrastructure has never been harder. Remote workers, advancing attack methods, and an ever-expanding vendor network are challenging every firm, as total visibility into threats has become nearly impossible. As digital business strategy matures, more organizations are becoming dependent on the cyber posture and protection of third parties. Third-party risks present a unique challenge because you are depending on vendors and partners to operate securely to keep your data and information safe. How are you mitigating the associated risks and demonstrating this to the business to ensure effective security programs?

Join our session to hear about:

  • Common failings across TPRM programs that led to breach events
  • How executives can provide strategic direction for third-party risk teams
  • Key practices being implemented by leading vendor risk firms to maintain strong supply chain risk management

10:25am - 11:00am  Networking Break

10:30am - 10:55am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:00am - 11:45am  Breakout Session

FBI Cybersecurity Update – What's Now, New & Next in the Threat Landscape?

Elvis Chan headshot

Elvis Chan

Asst. Special Agent in Charge, FBI San Francisco, Cyber Branch

Federal Bureau of Investigation

Sujeet Bambawale headshot

Sujeet Bambawale

VP, CISO

7-Eleven

Today's varied threat landscape features both foreign and domestic security concerns that could stop or delay business. With so many avenues for malicious actors, how should CISOs be prioritizing their resources to improve resiliency?

Join this open discussion with a cybersecurity expert from the FBI's San Francisco field office to discover and discuss:

  • The latest cyber threats both already here and on the horizon
  • Strategies for addressing the emerging threat landscape
  • Best practices of working with law enforcement before, during and after a breach

11:00am - 11:45am  Executive Boardroom

Break the Attack Chain — The Importance of Integrated Threat Protection

Ryan Kalember headshot

Ryan Kalember

EVP, Cybersecurity Strategy

Proofpoint

Organizations worldwide are being faced with multistage attacks such as BEC, ransomware, and supply chain, that happen with the same basic steps in the same sequence. It’s been a decade since defenders began referring to this as the attack chain, but the attacks continue to successful with the same tactics, from phishing to Active Directory abuse to data exfiltration. So how do we finally turn the tables on adversaries, and take away what they depend across the attack chain?

Join this interactive roundtable as CISOs discuss:

  • Understanding the evolving nature of initial compromises
  • The art and science of preventing small compromises from becoming big incidents
  • Reducing your team's workload by using the attack chain to prioritize controls

11:00am - 11:45am  Executive Boardroom

Unifying the Analyst Experience to Improve Threat Detection and Response

John Velisaris headshot

John Velisaris

Director of Threat Management Services

IBM Security

Given today’s dynamic threat landscape, involving constantly changing malicious TTPs, CISOs must have a proactive threat management strategy to handle complex attacks. However, with widely distributed infrastructures and the number of tools with different levels of control and responsibility, maintaining true visibility is difficult. Staffing shortages and the high volume of alerts that come in from fragmented tools adds to this challenge. The solution? Unifying the analyst experience to connect existing tools and workflows across your hybrid cloud environment.

Join this session to discuss:

  • Detecting and responding to advanced attacks like ransomware
  • Unifying the analyst experience with AI and machine learning - starting with understanding your attack surface and through EDR/XDR, SIEM, SOAR
  • Identifying blind spots in your cloud security strategy due to information fragmentation

11:45am - 12:30pm  Lunch Service

12:30pm - 1:05pm  Keynote

Modern Workforce, Modern Security Strategy

In the age of remote and hybrid work, employees now spend the majority of their time in the browser or in virtual meetings. The workforce is more mobile and distributed than ever before. At the same time, we are seeing an increase in cyber attacks and a higher average cost of data breaches. We must think more about protecting users right where they interface with web threats, the browser, without disrupting productivity. 

Join this Keynote to hear about:

  • The browser's role in a business's security strategy
  • Zero trust architecture
  • Managing resources for cybersecurity in a time of economic uncertainty

1:05pm - 1:30pm  Break

1:30pm - 2:15pm  Breakout Session

Featured Breakout Session hosted by Island

Steve Tchejeyan headshot

Steve Tchejeyan

President

Island

Details coming soon.

1:30pm - 2:15pm  Executive Boardroom

Shifting Compliance from Seasonal Chaos to Continuous Control

Matt Hillary headshot

Matt Hillary

VP, Security & Chief Information Security Officer (CISO)

Drata

With the regulatory landscape only getting more complex, maintaining compliance through annual or semi-annual audits is like driving a car through the rearview mirror. Continuous control monitoring IS ONE BIG STEP that offers a scalable path forward to truly putting compliance on autopilot, but requires a cultural change with buy-in from every stakeholder.

Join this interactive roundtable as CISOs discuss how they are:

  • Creating a cloud infrastructure that meets security and compliance requirements
  • Building compliance into development
  • Increasing ROI by automating redundancies and manual processes

2:15pm - 2:50pm  Networking Break

2:20pm - 2:45pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:50pm - 3:35pm  Breakout Session

CISO Says — The Game Show

Shadaab Kanwal headshot

Shadaab Kanwal

MD - Digital, Data, and Analytics

Charles Schwab

What will the security industry look like in 2025 — and beyond? Put your future forecasting skills to the test and share where your team stands by playing "CISO Says," a game show-style session powered by the top predictions prepared by Gartner's cybersecurity experts.

"Come on down" to:

  • Compete in a data-driven quiz game with your peers
  • Discover more about projected opportunities and challenges
  • Share how you're preparing to lead your team through changing market conditions

2:50pm - 3:35pm  Executive Boardroom

Putting Culture at the Center of Cybersecurity

At a time when new threats emerge daily, cybersecurity leaders understand they must be one thing above all others: enablers of business. And what's the foundation of business enablement? Culture

Join this session to hear how your peers are successfully leveling up the security culture at their organizations and share insights about:

  • Separating awareness and training from conversations about culture
  • Leveraging culture to drive business impact through cybersecurity
  • Tailoring approaches to security culture for different levels/groups

2:50pm - 3:35pm  Executive Boardroom

Clearing Data Security Hurdles in the Cloud

As the cloud environment grows in complexity, so do concerns about data governance. How can CISOs continue to ensure the enterprise’s most valuable assets are protected in the cloud?

Join this session to discuss:

  • Maintaining a strong security posture as the cloud evolves
  • Leveraging the right tools and teams to secure data
  • Communicating the assumed risk of storing sensitive data in the cloud

3:35pm - 4:00pm  Break

4:00pm - 4:45pm  Keynote

Board Perspectives — Is the Story of Security Resonating?

Ash Ahuja headshot

Ash Ahuja

VP, Global Role Lead & Executive Partner, Security & Risk Management

Gartner

Selim Aissi headshot

Selim Aissi

Global CISO, Board Member

CISOs spend a considerable amount of time and energy quantifying and qualifying security posture in an effort to engage and align board members with on the organization's cybersecurity strategy. But how effective are those efforts in communicating the full story of cyber risk?

This session brings board member and CISO perspectives together on one stage to discuss:

  • How are board members perceiving/understanding the security threat landscape?
  • What do board members really want to hear from CISOs?
  • What can CISOs do to improve communication and engagement with the board?

4:45pm - 5:00pm  Closing Reception & Prize Drawing

5:00pm - 7:30pm  Private Reception

Governing Body Reception

Members of the San Francisco CISO Governing Body host this dinner to celebrate a successful day of networking and peer insights at their semi-annual CISO Executive Summit.

November 8, 2023

REGISTER

We look forward to seeing you at an upcoming in-person gathering


Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location


Venue & Accommodation

Parc 55

A block of rooms has been reserved at the Parc 55 at a reduced conference rate. Reservations should be made online or by calling (415) 392 8000.

Deadline to book using the discounted room rate of $279 USD (plus tax) is October 16, 2023.

Your Community Partners


Global Thought Leaders
CISO Thought Leader
Key Partners
Program Partners

Community Program Manager


For inquiries related to this community, please reach out to your dedicated contact.

Samantha Flaherty

Senior Community Program Manager

208-871-6409

samantha.flaherty@evanta.com