IN-PERSON

Boston CISO Executive Summit

November 20, 2019 | Westin Copley Place, Boston

November 20, 2019
Westin Copley Place, Boston

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Kevin Brown

Boston Scientific
CISO

Larry Jarvis

Iron Mountain
CISO

Lorna Koppel

Tufts University
Director of Information Security/CISO

Taylor Lehmann

athenahealth
CISO

Holly Ridgeway

Citizens Bank
Chief Security Officer

Marnie Wilking

Wayfair
Global Head of Security and IT Risk Management

Agenda

November 20, 2019

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:00am Opening Comments

Opening Comments

8:00am - 8:30am Keynote

Leadership Lessons From a Sled Dog Team

Blair Braverman

Leadership Speaker

Author & Thought Leader

A long-distance dogsledder is wholly responsible for her dog team's morale, attitude, and motivation in high-pressure situations. Learn how a musher earns and keeps the trust of her dog team — and how those leadership lessons can be just as effective for a human team.

Join this session to learn:

How a musher leads her team from behind
How to work through communication barriers
Go-to steps for solving problems and tackling challenges along the way

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

The CFO — CISO Partnership

Jay Carter

Dir., Information Security

MEMIC

Dan McGarvey

SVP & CFO

MEMIC

Building strong relationships is an integral part of being an effective leader, so how can CFOs and CISOs embrace their unique partnership? Finance and security leaders face challenges that put them in a position to collaborate and magnify their impact.

This session will answer the community’s questions and give you the chance to discuss:

How CFOs prioritize cybersecurity investments
What a CISO can do to better communicate with the CFO
CFO board communication best practices applicable to CISOs

9:00am - 9:50am Breakout Session

Doing Everything Right and Still Getting Hacked

Aamir Lakhani

Global Security Strategist

Fortinet

Why do organizations still get breached when they are performing pen tests, auditing networks, following compliance, and implementing the latest security technologies that take advantage of anomalous behavior models, artificial intelligence, and machine learning?

This talk will examine:

Real-world breach examples
How cybersecurity failed to keep attackers away
What could have been done to keep attackers out

9:00am - 9:50am Executive Boardroom

Protecting Your VIPs, and Your VAPs (Very Attacked People) Too

David Escalante

Dir., Computer Policy & Sec.

Boston College

Daniel Gortze

Director of IT Security & Infrastructure

Cumberland Farms

Lucia Milica

Resident CISO

Proofpoint

For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Ryan Kalember of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

Join to learn:

Why nearly all threat actors have shifted away from technical exploits to compromise their targets
How organizations can leverage threat data to understand which people and departments are highly targeted
How to design effective protection for highly attacked, highly vulnerable, and highly privileged users

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

9:00am - 9:50am Executive Boardroom

Next-Generation Cloud Security

Rajesh Goyal

VP, Digital Security

Fidelity

Parag Pathak

Team Lead, Product Marketing

IBM

As organizations increasingly turn to cloud-based services, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud.

In this boardroom we’ll discuss:

Nuances for hybrid on- and off-premise systems
Ways to incorporate security into your cloud strategy
Automation, orchestration, and next-generation cloud security

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

A Problems and Solutions Workshop

Holly Ridgeway

Chief Security Officer

Citizens Bank

Got a problem you need solved? Got a solution you can provide? This session encourages interaction between attendees to share problems and solutions to pressing needs – from small to big. Leave this session knowing you received or offered a viable solution or resource.

10:20am - 11:10am Breakout Session

Leading Your Board to the Next Frontier — Organizational Analytics

Mike Maziarz

Chief Marketing Officer

SecurityScorecard

Mark Teehan

Chief Information Security Officer

Harvard Pilgrim Health Care

Today, boards have a fiduciary duty to know about the cybersecurity risks of their organizations. We’ve all seen how a cybersecurity breach can have harsh consequences not just for the company, but for the CISO. In this session, learn how to take charge of your organization’s cybersecurity health and shine as a CISO with leading-edge analytics.

In this session, you’ll explore how to:

Create a trusted dialogue with your board by providing transparency into cybersecurity posture of your entire risk ecosystem
Educate, influence, and get buy-in for cybersecurity investments with predictive insights
Use organizational analytics to develop crystal-clear reporting to enable the board to make informed decisions about budget, people, and tools
Turn your organization’s cybersecurity posture into a differentiator

10:20am - 11:10am Executive Boardroom

Modern Approaches to Protecting Your Third-Party Ecosystem

Brian Palazini

Chief Information Security Officer

Analog Devices

Scott Schneider

Chief Revenue Officer

CyberGRX

It's no secret that hackers are opportunistic. They are constantly looking for the weakest link and are quick to capitalize on one as soon as it's spotted.

This boardroom will discuss:

Third-party cyber risk best practices
New strategies for third-party cyber risk management (TPCRM) and how they work
How to scale your third-party cyber risk management (TPCRM) program to evolve with your ecosystem

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

10:20am - 11:10am Executive Boardroom

Maximizing the Rewards of Information Governance

Joe Burgoyne

Sr. Director, Cyber Security

GE Healthcare

Tim Jacobs

Director, Information Security Governance and Emerging Technologies

Blue Cross Blue Shield of Massachusetts

Jeremiah Sahlberg

Director of Information Security

Tevora

A growing concern for privacy protection and the proliferation of both internal and external risks has led CISOs to a critical information governance crossroads. An effective information governance strategy can stop-up potential access points and shield the company from legal and compliance risks but can also be perceived as a barrier to maximizing the value of a company’s data.

Join this boardroom session to discuss:

A proactive approach to the policies, methodologies and controls
How to find a balance between business and security
Identifying an appropriate governance direction

11:10am - 11:40am Networking Break

11:40am - 12:20pm Lunch & Comments

12:20pm - 12:50pm Keynote

Culture — The Difference Between Success and Failure

Corey E. Thomas

Chairman and CEO

Rapid7

Why do some companies filled with smart people fail and others succeed? Culture can make all the difference. It can accentuate the collective and drive innovation or it can be a distraction. In order to achieve long-term success, there must be a level of cohesiveness and alignment between a company’s culture, its employees, and goals.

In this keynote presentation, Corey Thomas, Chairman and CEO of Rapid7, shares:

His quest for culture alignment
How he promotes a culture of disciplined risk-taking
Creating a culture of continuous learning and diversity of mindset

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

For a Sound Cyber Framework, Break Down Silos

Bruce Forman

CISO

UMassMemorial Medical Center

A successful security strategy doesn’t develop in silos. It’s created within a sound cybersecurity framework that works across verticals to address the spectrum of cybersecurity needs.

In this session, you’ll learn how to:

Create a cybersecurity-centric governance model
Develop a cross-vertical committee that breaks silos
Leverage your committee to influence your security approach

1:20pm - 2:10pm Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Eric Blatte

President & Co-Founder

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

1:20pm - 2:10pm Executive Boardroom

Best Practices For Integrating Security With DevOps

Michael McNeil

Global Product Security & Services Officer

Philips Healthcare

Cindy Blake

Global Sr. Security Evangelist

GitLab

Rapid iterations of DevOps, along with a host of new tools, can make an application security program seem like a square peg in a round hole as enterprises try to push Sec into the middle of DevOps. At the same time, modern applications rely on a more dynamic environment that can introduce new security challenges, particularly as they scale.

In this roundtable, we will explore:

Best practices for making security and compliance ubiquitous, to reduce risk and cost
Security challenges of a changing software development lifecycle and of next-gen software
Automating and monitoring secure development practices

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager, Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

1:20pm - 2:10pm Executive Boardroom

Security Orchestration Automation — Hours to Minutes

Lorna Koppel

Director of Information Security/CISO

Tufts University

Michael Woodson

CISO

Massachusetts Bay Transportation Authority

In a hyper-connected world, incident response at machine speed and enterprise-scale are now required for effective security operations. What steps have organizations taken to become more effective at protecting the business and ultimately enable business objectives?

In this boardroom, you will discuss:

Orchestration of your security operations
Challenges of automation
Considerations for success

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Pen Test Your Board Pitch 2.0 — An Interactive Exercise

Mark Nardone

Associate VP and CISO

Northeastern University

Marnie Wilking

Global Head of Security and IT Risk Management

Wayfair

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

Create and deliver a board pitch
Receive real-time feedback on your pitch
Learn best practices and strategies for communicating with your board

2:30pm - 3:20pm Executive Boardroom

Translate Complex Cybersecurity Issues Into Simple Business Context

Bobbi Bookstaver

Manager Information Security

Shawmut Design and Construction

Jon Fredrickson

Information Security & Privacy Officer

Blue Cross Blue Shield of Rhode Island

Chris Poulin

Principal Consulting Engineer

BitSight

It is much easier now to determine what’s important, dangerous and real in your third party ecosystem. Yet, as hacks continue to threaten data and business continuity, the old school of thought around securing the enterprise is no longer relevant.

This boardroom will explore:

Layering traditional tools and new strategies to define goals and deploy resources
Communicate to the board through a holistic risk lens
Developing clear business cases connecting business profitability to risk reduction

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager Rebecca Buchanan at +1-971-717-6645 or rebecca.buchanan@evanta.com.

2:30pm - 3:20pm Executive Boardroom

Non-Employees — Sponsor But Never Trust

Eric Jacobsen

Executive Director of Information Security

Boston University

Steven Keller

AVP, Chief Information Security Officer

MAPFRE Insurance

Mark Teehan

Chief Information Security Officer

Harvard Pilgrim Health Care

David Pignolet

President and CEO

SecZetta

Organizations face a growing challenge interacting with partners and suppliers outside of the organization. With the dispersed nature of working with non-employees, no single department is responsible for defining and managing a centralized process.

In this boardroom, you’ll discuss:

The security consequences of not addressing an outdated business process
How to manage business process and data effectively to deliver actionable decisions
The benefits of an identity and business-process first approach to managing non-employees

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:20pm Keynote

What’s Your Mission? Identifying Purpose in the C-Suite

Mark Maybury

Chief Technology Officer

Stanley Black & Decker

It’s easy to think that “protecting against the bad guys” is a CISO's core mission in the c-suite. But what if something bigger served as a CISO's purpose? And what really ties the c-suite together to not only protect the business, but to drive innovation within the business?

In this session, you’ll hear a CTO’s perspective on how to: