San Francisco CISO Executive Summit

Adam Glick felt his organization’s suite of cybersecurity tools was becoming oversized and cumbersome – and sought to analyze what was truly bringing value. Through evaluation, Glick was able to cut the amount of products being used by 18%. Glick shares his process in conducting a portfolio analysis, and how security leaders can not become distracted by the next shiny object.

In this session, learn:

• How to reduce redundancy or combine tools that are disparate in nature
• Proactive measures to set up a portfolio for sustained success
• How to evaluate whether tools are meaningful

Get the chance to explore new technologies with the shared expertise of a team of CISOs. Emerging providers will have the opportunity to pitch their new and innovative solutions to the most pressing cybersecurity challenges before a panel of influential global enterprise CISOs for coaching and feedback. Audience participants will have the opportunity to chime in alongside the panel of sharks with an interactive feature.

As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

• Hack a Facebook account using information left behind on employees’ desks.

• Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.

• Learn a new way to gamify insider threat training.

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organizations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

• The current landscape of data privacy regulation around the world
• Best practices for managing risk associated with data protection frameworks
• Standards and metrics for measuring data protection risk
• Data classification strategies to aid compliance, regardless of regulation

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

What tactics and technologies are effective in securing the enterprise without putting up barriers to business operations? In this interactive roundtable discussion, security leaders share strategies that maximize security while minimizing business bottlenecks.

In this session, security leaders will:

• Define shared pain points where security controls are slowing business processes
• Share ideas and best practices for reducing friction from security controls
• Address ways to gain buy-in across the business when bottlenecks are unavoidable

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

To truly safeguard an organization, CISOs mustn’t merely focus on existing threats, but future ones, too. They have to ask themselves – what types of attacks should I be prepared for?

In this interactive session, prepare to:

• Listen to a panel of CISOs predict the biggest threats of 2020
• Share your own threat predictions for 2020
• Discuss how to predict threats and – more importantly – how to prepare for them

Attracting, developing and retaining enough quality talent seems to be an irremediable problem for the security industry. The State of California has worked to ameliorate this by creating a new pipeline of IT talent and advance the existing workforce to prepare for leadership roles. Peter Liebert, CISO for the State of California, shares how they’ve approached the IT talent shortage.

Join this session to learn:

• How to attract talent in a competitive marketplace
• Methods to broaden the scope of the talent pipeline
• Retention strategies by creating career paths for existing employees

 For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Lucia Milica of Proofpoint will outline strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

 Join to learn: 

• Why nearly all threat actors have shifted away from technical exploits to compromise their targets
• How organizations can leverage threat data to understand which people and departments are highly targeted
• How to design effective protection for highly attacked, highly vulnerable, and highly privileged users 

As a security executive, you know how many disparate pieces of information can together leave you vulnerable to hackers. Framed photos. Letters from family. Personal documents tucked away in a drawer. For 50 minutes, you’ll try on the black hat, assuming the role of a hacker trying to access an organization’s most sensitive data.

The catch—you only have 40 minutes to gather all the correct intel to gain access to the data, and you’re limited to the clues around the room.

In this session, be prepared to:

• Hack a Facebook account using information left behind on employees’ desks.

• Identify which sensitive documents commonly found on employees’ desks can be used to access important accounts.

• Learn a new way to gamify insider threat training.

Gartner’s Susan Moore refers to automation as “The Next Frontier for IT”.  This is as true for security automation as it is for infrastructure and networks.  One of the hottest new topics in security automation is SOAR—Security Orchestration, Automation, and Response.

In this roundtable, we’ll discuss:

•     Practical SOAR – opportunities and challenges
•     SIEM or SOAR?
•     Bridging the communications gap: discussing automation with SecOps, NetOps, and SecOps
•     Managing the big three limitations: money, time, and staff expertise

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

• The current threat landscape
• How to best discover and thwart nation-state attacks
• What security executives can do to build resiliency

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Greg Winterrowd at 917.717.6628 or greg.winterrowd@evanta.com.

We're proud to host David Spark and Mike Johnson as they record their breakthrough podcast that has turned a spotlight on one of the most important areas of InfoSec: relations between buyers and sellers of cybersecurity products. Join us as Spark challenges his co-host Johnson and guest to comment on hot cybersecurity issues, listener questions, and play risk-based security games like "What's Worse?!"