IN-PERSON

San Francisco CISO Community
Executive Summit

November 8, 2023 | Parc 55

November 8, 2023
Parc 55

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Yassir Abousselham

UiPath
SVP, CISO

Selim Aissi

CISO and Corporate Board Director

Sujeet Bambawale

7-Eleven
VP, CISO

Krishnan Chellakarai

Gilead Sciences
CISO, Head of Information Security & Data Privacy

Cassie Crossley

Schneider Electric
VP, Supply Chain Security

Devin Ertel

Menlo Security
Chief Information Security Officer

Al Ghous

Snapdocs
CISO

Leda Muller

Stanford University, Residential and Dining Enterprises
Chief Information Security and Privacy Officer

Kannan Perumal

Applied Materials
Vice President, Chief Information Security Officer

Jeff Trudeau

Chime
VP, CIO & CSO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your San Francisco CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

November 8, 2023

morning afternoon evening

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

Leading Like a Game Master

Dr. Timm Woods

Professional Game Master

Tabletop exercises, wargaming sessions, etc. — whatever you call them, security leaders are no strangers to using interactive role-playing to practice incident response scenarios with stakeholders. But there's so much more to learn from the wide world of tabletop roleplaying games (TTRPGs).

Dr. Timm Woods, an expert on the role of TTRPGs in business and educational contexts, joins us to share practical insights learned from hundreds of hours as a professional Game Master, including:

Fostering a team environment that authentically encourages innovation, trial and even error
Using the power of storytelling to make intangible concepts feel as real as life and death
Working with (not against) the fast-paced and unpredictable nature of security (and games) to embrace a more improvisational leadership style

9:15am - 9:40am Networking Break

9:40am - 10:25am Breakout Session

Unpacking the Impacts & Implications of the SEC Cyber Disclosure Rules

Lauri Floresca

SVP & Partner

Woodruff Sawyer

Gary Hayslip

CISO

SoftBank Corporation

With its new cyber rules, the SEC made clear that it expects more transparency from senior executives and board directors of public companies around cyber risk. Other things – like a definitive determination on what is “material” and potential increased personal liability for CISOs – remain a little less clear, however.

Join this session to participate in an open discussion about:

Board-level oversight of cybersecurity
C-Suite liability and information security risk
Relevant cases, proposed policies and procedures

9:40am - 10:25am Executive Boardroom

Modernizing your Security SecOps Program in the Cloud

Will Lowe

COO

Panther

Jitendra Joshi

Founder

Cyylocity

Pathik Patel

Head of Cloud Security

Informatica

In today’s rapidly evolving security landscape, security programs must possess three indispensable capabilities to be truly effective: speed, scale, and flexibility. But to get to that ideal state, CISOs must overcome a bevy of obstacles, like legacy tools that are continuously breaking and homegrown systems that are challenging to maintain.

In this session we will discuss:

Building a scalable infrastructure by exploring tools, processes and skills
Challenges with current SecOps frameworks and ideas for more modern approaches
Solutions for high volume cloud log sources while keeping budget in check

9:40am - 10:25am Executive Boardroom

Strategic Pitfalls in Third-Party Risk Management

Dave Holden

Regional Sales Director

RiskRecon - A MasterCard Company

Kailas Pimple

Global Information Security Manager

Bio-Rad Laboratories

Managing cyber risk across an enterprise IT infrastructure has never been harder. Remote workers, advancing attack methods, and an ever-expanding vendor network are challenging every firm, as total visibility into threats has become nearly impossible. As digital business strategy matures, more organizations are becoming dependent on the cyber posture and protection of third parties. Third-party risks present a unique challenge because you are depending on vendors and partners to operate securely to keep your data and information safe. How are you mitigating the associated risks and demonstrating this to the business to ensure effective security programs?

Join our session to hear about:

Common failings across TPRM programs that led to breach events
How executives can provide strategic direction for third-party risk teams
Key practices being implemented by leading vendor risk firms to maintain strong supply chain risk management

9:40am - 10:25am Executive Boardroom

Empowered Women, Empowering Women — Getting the "Chief" Title (And Beyond)

Deepali Bhoite

CISO

Anaplan

Michele Buschman

Chief Information Officer

American Pacific Mortgage

While the number of women in technology roles is growing, there's one area where the gender disparity is still very noticeable — right at the very top. Women in working IT, security and risk management still face more barriers to career advancement than their male counterparts, particularly when it comes to getting to the "Chief" title and level of authority.

In this session, women in the Bay Area technology community who've reached the "chief" level (and beyond) in their organizations will share some key moments in their career journeys, then we'll transition to more open discussion. Come prepared to share your perspective and forge new connections!

Access will be reserved for, but not limited to, women who are leading the IT, security and/or risk functions at their organizations (CISO, etc. or equivalent) and women reporting directly to these heads of function. Male allies and others are welcome as space allows.

10:25am - 11:00am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:00am - 11:45am Breakout Session

Prevention Focus — Limiting How Security Leaders Utilize 3rd Party Frameworks

Tony Giandomenico

Global VP FortiGuard Security Consulting Services

Fortinet

Many organizations today still purely focus on hardening systems and networks against an intrusion, aka “Prevention Focus.” This approach can result in a lack of focus on how an organization’s security solutions, people and procedures would support responding to a security incident if it were to occur. Would you be surprised to know that many victim organizations had the capabilities to detect these intrusions, but they weren’t enabled?

Join this session to discuss:

Assessing third-party frameworks
Articulating an organization’s ability to employ counter measures
Identifying threat actors within their current organizational environment

11:00am - 11:45am Breakout Session

FBI Cybersecurity Update – What's Now, New & Next in the Threat Landscape?

Elvis Chan

Asst. Special Agent in Charge, FBI San Francisco, Cyber Branch

Federal Bureau of Investigation

Sujeet Bambawale

VP, CISO

7-Eleven

Today's varied threat landscape features both foreign and domestic security concerns that could stop or delay business. With so many avenues for malicious actors, how should CISOs be prioritizing their resources to improve resiliency?

Join this open discussion with a cybersecurity expert from the FBI's San Francisco field office to discover and discuss:

The latest cyber threats both already here and on the horizon
Strategies for addressing the emerging threat landscape
Best practices of working with law enforcement before, during and after a breach

11:00am - 11:45am Executive Boardroom

Unifying the Analyst Experience to Improve Threat Detection and Response

John Velisaris

Director of Threat Management Services

IBM Security

Kannan Perumal

Vice President, Chief Information Security Officer

Applied Materials

James O'Brien

Deputy Chief Information Security Officer

First Republic Bank

Given today’s dynamic threat landscape, involving constantly changing malicious TTPs, CISOs must have a proactive threat management strategy to handle complex attacks. However, with widely distributed infrastructures and the number of tools with different levels of control and responsibility, maintaining true visibility is difficult. Staffing shortages and the high volume of alerts that come in from fragmented tools adds to this challenge. The solution? Unifying the analyst experience to connect existing tools and workflows across your hybrid cloud environment.

Join this session to discuss:

Detecting and responding to advanced attacks like ransomware
Unifying the analyst experience with AI and machine learning - starting with understanding your attack surface and through EDR/XDR, SIEM, SOAR
Identifying blind spots in your cloud security strategy due to information fragmentation

11:00am - 11:45am Executive Boardroom

Break the Attack Chain — The Importance of Integrated Threat Protection

Ryan Kalember

EVP, Cybersecurity Strategy

Proofpoint

Sekhar Nagasundaram

Staff VP, Technology, Cybersecurity Threat Management

Elevance Health

Mario Duarte

VP of Security

Snowflake

Organizations worldwide are being faced with multistage attacks such as BEC, ransomware, and supply chain, that happen with the same basic steps in the same sequence. It’s been a decade since defenders began referring to this as the attack chain, but the attacks continue to successful with the same tactics, from phishing to Active Directory abuse to data exfiltration. So how do we finally turn the tables on adversaries, and take away what they depend across the attack chain?

Join this interactive roundtable as CISOs discuss:

Understanding the evolving nature of initial compromises
The art and science of preventing small compromises from becoming big incidents
Reducing your team's workload by using the attack chain to prioritize controls

11:45am - 12:30pm Lunch Service

12:30pm - 1:05pm Keynote

Modern Workforce, Modern Security Strategy

MK Palmore

Director, Office of the CISO

Google Chrome Enterprise

In the age of remote and hybrid work, employees now spend the majority of their time in the browser or in virtual meetings. The workforce is more mobile and distributed than ever before. At the same time, we are seeing an increase in cyber attacks and a higher average cost of data breaches. We must think more about protecting users right where they interface with web threats, the browser, without disrupting productivity.

Join this Keynote to hear about:

The browser's role in a business's security strategy
Zero trust architecture
Managing resources for cybersecurity in a time of economic uncertainty

1:05pm - 1:30pm Break

1:30pm - 2:15pm Breakout Session

Overcoming Third-Party Risks & BYOD Challenges with the Enterprise Browser

Steve Tchejeyan

President

Island

Bill Dougherty

Chief Information Security Officer

Omada Health

Third-party contractors are becoming increasingly important to organisations due to the rise of the gig economy and the need for specialised project work. However, hiring these contractors can lead to additional Third-Party Risks, costs, and complexities. When using contractors CISOs may choose to allow them to bring-your-own-device (BYOD), but this comes with its own set of security challenges. One solution could be to adopt cutting-edge enterprise browser technologies to overcome this and ensure secure Third-Party Access.

Join this session for an interactive, open discussion on the community's viewpoint on the relationship between Third-Party Risk, Third-Party Access and BYOD:

Your chance to brainstorm with your fellow CISOs an approach to Third-Party Risk, access and BYOD
Applying technologies like the enterprise browser to secure your company’s assets and limit the potential risks of Third-Party Access
Streamline and secure third-party contractor access and BYOD strategies

1:30pm - 2:15pm Breakout Session

Leading Locally, Influencing Globally — Giving Back as a CISO

Krishnan Chellakarai

CISO, Head of Information Security & Data Privacy

Gilead Sciences

Leda Muller

Chief Information Security and Privacy Officer

Stanford University, Residential and Dining Enterprises

The mix of technological and business expertise it takes to be a successful cybersecurity executive makes CISOs some of the most savvy leaders around. (Not that we're biased.) And while leading enterprise-wide security can be rewarding in itself, many CISOs in our community are going further to move the industry forward.

In this session, two of your local CISO peers will host an open discussion about:

What inspired them to create positive change in the industry (and beyond)
How they’re leveraging their positions as security leaders to make an impact
How others in the community can follow their lead

1:30pm - 2:15pm Executive Boardroom

Shifting Compliance from Seasonal Chaos to Continuous Control

Matt Hillary

VP, Security & Chief Information Security Officer (CISO)

Drata

Jonas Kriks

CIO

ATEL Capital Group

With the regulatory landscape only getting more complex, maintaining compliance through annual or semi-annual audits is like driving a car through the rearview mirror. Continuous control monitoring IS ONE BIG STEP that offers a scalable path forward to truly putting compliance on autopilot, but requires a cultural change with buy-in from every stakeholder.

Join this interactive roundtable as CISOs discuss how they are:

Creating a cloud infrastructure that meets security and compliance requirements
Building compliance into development
Increasing ROI by automating redundancies and manual processes

2:15pm - 2:50pm Networking Break

2:20pm - 2:45pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:50pm - 3:35pm Breakout Session

Buzzers Over Buzzwords — The Game Show

Shadaab Kanwal

MD - Digital, Data, and Analytics

Charles Schwab

Sandeep Sharma

Principal Security Architect

Blue Shield of California

Cassie Crossley

VP, Supply Chain Security

Schneider Electric

What will the security industry look like in 2025 — and beyond? Put your future forecasting skills to the test and share where your team stands by playing "Buzzers Over Buzzwords," a game show-style session powered by the top predictions prepared by Gartner's cybersecurity experts.

"Come on down" to:

Compete in a data-driven quiz game with your peers
Discover more about projected opportunities and challenges
Share how you're preparing to lead your team through changing market conditions

2:50pm - 3:35pm Executive Boardroom

Clearing Data Security Hurdles in the Cloud

Chris Kirschke

Cloud Portfolio Information Security Officer

Albertsons Companies

Robert Beckerdite

Director of Information Security

VIR

Jeff Klaben

VP of IT, Ouster

Adjunct Professor, Santa Clara University

As the cloud environment grows in complexity, so do concerns about data governance. How can CISOs continue to ensure the enterprise’s most valuable assets are protected in the cloud?

Join this session to discuss:

Maintaining a strong security posture as the cloud evolves
Leveraging the right tools and teams to secure data
Communicating the assumed risk of storing sensitive data in the cloud

2:50pm - 3:35pm Executive Boardroom

Generative AI – Should CISOs be Guardians or Gatekeepers?

Mick Leach

Field CISO

Abnormal Security

Drew Ganther

Technology Evangelist

Grip Security

Al Ghous

CISO

Snapdocs

Brad Jones

CISO, VP of Information Security

Seagate Technology

From content generation to data analysis, generative AI is transforming the way people work and drastically improving productivity. However, the benefits do not come without risks, and the technology has the potential to do more harm than good when placed in the wrong hands. So what do security leaders need to know about the risks of generative AI, and how do they mitigate them?

Join this session for an insightful discussion on the latest cybersecurity challenges associated with generative AI, including:

How the threat landscape is changing as a result of generative AI
How businesses can ensure the privacy and security of sensitive data used in generative AI applications and govern them appropriately
What tools and capabilities are necessary to protect organizations from malicious uses of generative AI

3:35pm - 4:00pm Break

4:00pm - 4:45pm Keynote

Board Perspectives — Is the Story of Security Resonating?

Ash Ahuja

VP, Global Role Lead & Executive Partner, Security & Risk Management

Gartner

Selim Aissi

CISO and Corporate Board Director

CISOs spend a considerable amount of time and energy quantifying and qualifying security posture in an effort to engage and align board members with on the organization's cybersecurity strategy. But how effective are those efforts in communicating the full story of cyber risk?

This fireside chat-style session brings board member and CISO perspectives together on one stage to discuss:

How are board members perceiving/understanding the security threat landscape?
What do board members really want to hear from CISOs?
What can CISOs do to improve communication and engagement with the board?

4:45pm - 5:00pm Closing Reception & Prize Drawing

5:00pm - 7:30pm Private Reception

Governing Body Reception

Members of the San Francisco CISO Governing Body host this dinner to celebrate a successful day of networking and peer insights at their semi-annual CISO Executive Summit.