CISO Summit | November 12-14, 2017 | Fairmont Scottsdale Princess - Scottsdale, AZ, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Sunday, November 12, 2017 - CISO Summit

3:00 pm - 4:30 pm

Registration & Greeting

 

4:30 pm - 6:00 pm

Exclusive CXO Think Tank

Security @ The Speed of Business

There is an urgent need to innovate on the part of the business. The reality of today's business mandates a more agile and innovative approach to security. The old guard of draconian security focused on technology, compliance, and boundaries of protection is no longer effective and has prevented security from having a seat at the business table. All this, when a shift in the threat landscape, and a real impact to the bottom line have negatively affected most organizations. This presentation will deep dive into practical, attainable and effective methods to shift the mentality and allow security organizations to function at the speed of business. Such important topics include the use of practical lightweight risk management, the need for a dynamic workforce, and material shift in focus from technology to business alignment.

Presented by:

Juan Gomez-Sanchez, Chief Security Officer, Lennar Corp. View details

 
 

Margarita Santiago, Senior Director, Risk and Compliance, Lennar Corp. View details

 
 
 

6:00 pm - 7:00 pm

Networking Cocktail Reception

 

7:00 pm - 8:30 pm

Private VIP Dinner

 

8:30 pm - 10:00 pm

After Dinner Networking

 

Monday, November 13, 2017 - CISO Summit

8:00 am - 12:00 pm

Golf Tournament

Private Meetings

 

12:30 pm - 1:30 pm

Registration and Networking Luncheon

 

1:35 pm - 1:45 pm

Welcome Address and Opening Remarks

 

1:50 pm - 2:20 pm

Keynote Presentation

Hacking to Prevent Data breaches: The Art of Exploitation

The role of cybersecurity executives is more complex than it was years ago. One must be able to think outside of the box of the potential damage and loss of revenue an attack may cause. Data breaches have grown at an exponential rate. A good way to prevent data breaches is to learn from hackers. Understanding the methodology of an attack influences a better cybersecurity posture for tomorrow.

Presented by:

Chanel Suggs, Founder & CEO, Wyvern Security LLC

 
 

2:25 pm - 2:55 pm

Keynote Presentation

Security's Place in Enterprise Risk Management

While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.

Takeaways:

  • Just because information security is an aspect of enterprise risk doesn't mean that the CISO needs to take a back seat position
  • Enterprise risk is defined by the business but needs to be quantified by an expert; CISOs bring risk quantification expertise to the table
  • The end goal is not about fiefdoms and ownership, it is about improving enterprise value and success; maintaining focus is essential
 

3:00 pm - 3:25 pm

Executive Exchange

 

Thought Leadership

Is Security Obscuring the Benefit of the Cloud?

Cloud delivered computing services, whether Software, Platform, or Infrastructure as a Service offer the potential of significant business advantages such as reduced cost and increased flexibility. These advantages however come with very real risks, chief among them security concerns and the risk of data and compliance breaches " how do you secure what you can't see, touch, and control? Join the conversation as we explore both the security and compliance issues inherent in Cloud deployments, look at the hidden issues that first time Cloud adopters may simply not be aware of, and discuss through solutions that can be used to address these challenges and allow enterprises to fully and firmly embrace the Cloud.

Takeaways:

  • Be exposed to the true security and compliance cloud threat landscape
  • Learn how successful cloud adopters have mitigated these risks
  • Discover how to build cloud protection capabilities keyed to your needs

Sponsored by:

Prevoty, Inc. View details

 
 
 

3:30 pm - 3:55 pm

Executive Exchange

 

Executive Boardroom

Do You Know How to Optimize Your Security Budget?

For organizations to protect their critical assets they need to develop an intelligence-led approach to prevention, detection and response. Often, however, what is not clear is how organizations should allocate their spending across these fundamental capabilities. Join us in a conversation about how finite budgets, an ever increasing number of security tools/services, and an ever evolving threat landscape can easily become a conversation about risk to drive budget decisions. What risk is your business willing or able to accept? What assets generate value in your business that you can't risk? 

Takeaways: 
  • Discuss how: to strike a balance between prevention, detection and response measures. 
  • Learn why: it's critical to understand which assets generate value. 
  • Discover ways: to reduce costs but increase capabilities.

Sponsored by:

BAE Systems Applied Intelligence View details

 
 
 

4:00 pm - 4:10 pm

Afternoon Networking Coffee Break

 

4:15 pm - 4:40 pm

Executive Exchange

 

Think Tank

Building Dynamic Security Teams

There's no other way to say it than bluntly; Information Security is a white-hot field within Information Technology as a whole " over the last dozen years it has gone from after-thought, to scapegoat, to critical enterprise success factor. As a result, the need for capable and qualified Information Security specialists, whether front-line Analysts, mid-level Managers, or top level CISOs is at an all time high, but personnel and skills availability is sinking to an all-time (at least in terms of supply and demand ratio) low. There simply isn't enough expertise in existence to go around, or enough education occurring to create it. In this environment, senior Information Security leaders have to get creative in their pursuit of the people, performance, and passion necessary to address this capability shortfall.

Takeaways:

  • Learn how to build grass-roots programs that cultivate a farm full of potential security experts through internal and collaborative programs
  • Find out how to leverage key organizational traits to generate buzz and interest where none existed before
  • Understand the relevance of certs vs. experience and how to evaluate and validate the value of candidates

Presented by:

Jim Kastle, Chief Information Security Officer, Conagra Foods

 
 

4:45 pm - 5:10 pm

Executive Exchange

 

Thought Leadership

Big Data is all about the Cloud

Of the four disruptive technologies, Cloud and Big Data are the two most top of mind for CIOs, the former because it has the potential to enhance agility and productivity while enabling efficiencies and reducing costs and the latter because it derives insights that drive competitive advantage and increases revenues. As the two continue to grow in relevance and importance to enterprise IT, and indeed to the enterprise as whole, it is only natural that they begin to intersect with the cloud becoming the optimal platform for the delivery of Big Data capabilities, either in-house through the use of IaaS/PaaS or out-of-house through SaaS or Analytics as a Service. IT departments and the CIOs that lead them then need to look to their Big Data and Cloud strategies and determine how best to align them to leverage the advantages where the whole is greater than the sum of the parts.

Takeaways:

  • Cloud computing is a fundamental enabler of big data and advanced analytics capabilities
  • IT can, and must, become a leader in enterprise analytical capabilities by becoming a broker of cloud services
  • Cloud can benefit big data and analytics in a variety of ways with a variety of different delivery models each scaled to individual needs

Sponsored by:

RSA View details

 
 
 

5:15 pm - 6:15 pm

Executive Visions

Facilitating Technology-Enabled Business Transformation

The role of the modern IT Executive is more complex than it has ever been before, not just because the technology landscape has become more complex, but also because increasingly IT execs have had to become a business-focused executive, not just a technologist. Long have we talked about the CIO and CISO getting a seat at the table but modern businesses are now demanding that their technology impresario join them and leverage his deep and rich technical acumen to allow the organization as a whole to better position itself for market-place success. To be successful, CxOs need to invest in themselves, in their personnel, and in the right technologies to allow them to position the IT department to proactively address business needs as an innovator and driver, rather than order-taker and enabler.

Takeaways:

  • IT leadership can no longer be simply technology focused, but must instead take their visibility into business process and become business focused
  • A broader business-focus does not preclude maintaining technology excellence however and indeed may demand more of it than ever before
  • Success for CxOs will be measured not in how they can enable enterprise decisions, but in how they can drive growth
 

6:15 pm - 6:30 pm

Cocktail Reception

 

6:30 pm - 8:00 pm

Networking Dinner

 

8:00 pm - 10:00 pm

After Dinner Networking

 

Tuesday, November 14, 2017 - CISO Summit

7:00 am - 8:00 am

Networking Breakfast

 

8:10 am - 8:40 am

Keynote Presentation

IT Integration in a Distributed IT World

It's no secret - the integration of disparate systems, disparate applications, and disparate data stores has long been one of the biggest challenges faced by the IT department. Simply put, getting everything to talk to everything is no easy task. The rapid adoption of cloud delivered services has compounded this problem almost exponentially - if it was hard to integrate when you controlled the whole stack it has become nearly impossible when you control very little of it. To be efficient and effective IT departments need to adopt a new model of system, application, and data integration. Endless webs of one-off point-to-point integrations simply won't cut it anymore and a purposeful, structured approach is required.

Takeaways:

  • Learn how to build a holistic strategy to integrate systems, applications, and data
  • Understand how to leverage SOA and ESB to streamline app to app communications
  • Discover the power and impact of holistic Master Data Management and other data integration processes

Presented by:

Brian Lawhorn, Chief Information Security Officer, Kroger Co.

 
 

8:45 am - 9:15 am

Keynote Presentation

Addressing Privacy on a Global Scale

Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.

Takeaways:

  • Privacy is one of the most challenging issues for any business and CISO to address
  • The difference in regulations between and among European countries (both those in and out of the EU itself) and North American ones means traversing a fraught landscape
  • A strong approach to privacy that addresses global differences is essential to being a stable and viable global business
 

9:20 am - 9:45 am

Executive Exchange

 

Thought Leadership

SECURE THE BREACH: In 3 Steps


Sponsored by:

Gemalto View details

 
 
 

9:50 am - 10:15 am

Executive Exchange

 

Thought Leadership


Sponsored by:

IBM View details

 
 
 

10:20 am - 10:30 am

Morning Networking Coffee Break

 

10:35 am - 11:00 am

Executive Exchange

 

Executive Boardroom

Just (Don't) Do It!

There's no shortage of voices telling you what to do each day: Eat your vegetables. Look both ways before you cross the street. Patch all your vulnerabilities NOW! Wouldn't it be nice to hear a voice saying that you can actually take something off your plate? As your organization embraces the digital transformation you'll see that there a number of things that you could stop doing today; in this presentation we'll talk about what you can stop, why it isn't needed, and how your security workflow and cyber operations consequently will be far more efficient and effective.

Sponsored by:

Tenable Network Security View details

 
 
 

11:05 am - 11:30 am

Executive Exchange

 

Think Tank

Security and Compliance; Chicken and Egg or Chalk and Cheese?

Since regulatory (and industry) compliance became a notable thing in the early-mid 2000's it has been intimately linked with information security and often times has been the lever (or hammer) by which enterprises made necessary investments in security. But being compliant and being secure aren't the same thing, and in too many cases enterprises that were perfectly compliant have been perfectly breached. A new focus is needed; one that respects that while security and compliance are not the same thing, they are working towards the same goal (a reduction in overall enterprise risk exposure) and sees that compliance flows from security.

Takeaways:

  • While a secure company is likely a compliant company, the same cannot be said of the reverse situation
  • Just because compliance has loosened the purse strings doesn't mean it takes a pre-eminent position on security investments
  • Reducing enterprise risk is the goal of both practices but without appropriate focus on both is a goal that will never be achieved

Presented by:

Mark Van Holsbeck, CISO (Director of IT and IS), Avery Dennison View details

 
 
 

11:35 am - 12:00 pm

Executive Exchange

 

Executive Boardroom

Exposing the Enemy Within: How DNS Data Holds the Key to Cyber Defense

Did you know you can leverage DNS data to protect your network from cyberattacks?  

Here are two frightening stats from a recent expert security survey:  
More than 91% of attacks use DNS in some way 
Nearly 70% of organizations don't monitor recursive DNS servers 

DNS is the most pervasive network protocol, making it the perfect gateway for malicious activity and the spread of malware throughout an organization. To now, enterprise security teams have typically ignored internal network traffic and completely overlooked DNS activity in their defense strategies. Instead, they double-down on perimeter risk mitigation measures like firewalls and secure web gateways. This is a mistake. 

Security expert, Scott Penney of BlueCat, will discuss findings from a new cyber security whitepaper that demonstrate how leveraging the intelligence already available in your DNS activity data, allows security professionals to: 

Know who's on the network DNS data provides instant visibility into all activity from all devices on the network 
Know what's happening on the network Monitor and assess activity of specific individuals and/or devices Trace activity to its source  
Trace the origin (?patient zero?) of an attack using DNS data
Block known threats Act on DNS intel with tools that create, maintain, and implement a functional domain blacklist to prevent attacks and stop the spread of current breaches  

Join BlueCat's Scott Penney for the most valuable 25-minutes you'll spend at this event. Learn how DNS can defend your estate from the most sophisticated â?" and most common â?" attacks. 

Takeaways: 
  • Internal network activity poses the biggest security threat to your enterprise 
  • DNS holds a goldmine of data on lateral movement within your networks 
  • DNS data can be used to identify, monitor and set network policies to protect your business from malicious cyber activity

Sponsored by:

BlueCat Networks View details

 
 
 

12:05 pm - 12:30 pm

Executive Exchange

 

Think Tank

What is The future of Information Security?

Information Security professionals have traditionally viewed themselves to be the judge and jury; the sole decision-makers of what will be accepted from a risk perspective. As a result, there is usually a disconnect in organizations between the information security team and the units responsible for driving the business that powers the organization. The actions of Information Security organizations results in business partners perceiving IS to be part of an ivory tower, accountable to no-one but themselves and uninformed regarding business needs; unapproachable and unresponsive. 

Takeaways:

  • Transform organizations that are business focused and towards customer satisfaction  
  • Having full visibility to the initiatives that shape our organizations 
  • Manage our risks to levels that the business accepts with foresight and knowledge

Presented by:

Robert Hofstatter, Vice President, Global Information Security Operation Services, Scotiabank View details

 
 
 

12:35 pm - 1:20 pm

Networking Luncheon

 

1:25 pm - 1:50 pm

Executive Exchange

 

Think Tank

The Next Generation Security Operations Center

We are in a war, how do we defend against adversaries who always seem to be one or more steps ahead of us? Why do we need to focus less on prevention technologies and more on the detect and respond capabilities? What do our teams look like and what skills are needed in the next generation SOC?

Paul will take us through his vision of the next generation SOC and the skills needed to get us there.

Presented by:

Paul Black, VP Cyber Security Operations, McKesson View details

 
 
 

1:55 pm - 2:20 pm

Executive Exchange

 

Fireside Chat

Shadow IT - To Embrace or Eliminate?

Best practice in most enterprises, at least as far as the CIO and CISO goes, is to squash Shadow IT wherever it is encountered. Shadow IT, the argument goes, leads to a world of data and integration problems for the IT department, and significant amounts of unknown and unquantifiable risk for the information security group. A small but vocal minority however is beginning to advocate for Shadow IT as a catalyst of innovation, citing the increases in productivity and creativity by allowing enterprise staff to find their own out of the box solutions to organizational problems. CISOs can allow their organizations to have their cake (Shadow IT) and eat it too (still be secure) by following a few simple steps that allow them to build in security regardless of user activity.

Takeaways:

  • Shadow IT is not malicious activity; it is simply the Line of Business user community looking to be efficient and effective
  • A well-developed security program can take Shadow IT into account and incorporate protection mechanisms that allow end user flexibility
  • Embracing Shadow IT does not mean no holds barred and end users need to understand the limit of the boundaries and the reason for their existence
 

2:25 pm - 2:50 pm

Executive Exchange

 

Executive Boardroom

TBD


Sponsored by:

Darktrace View details

 
 
 

2:55 pm - 3:20 pm

Executive Exchange

 

Think Tank

Artificial Intelligence and the Rise of Advanced Machine Learning

Often times the terms "Artificial Intelligence" and "Advanced Machine Learning" are thought of interchangeably and while there is a relationship between AI and AML, to say they are the same thing is an oversimplification and misclassification. Rather the one begets the other with AI being the basic principle upon which AML is developed. As AI begins to mature and migrate away from purely advanced mathematical operations into decision making paradigms, AML steps forward as the predictive ability of machines to process vast quantities of data for the purposes of making decisions in ways that first mimic, but ultimately surpass (in terms of speed at the very least) those of humans. As data and analytics becomes foundational to the way every business operates, AI and AML will become foundational capabilities. 

Takeaways:

  • While initial focus of AML decision making will be focused on binary decision making (i.e. Yes/No) ongoing advancements will move things to the next level
  • AI and AML are foundationally based on data and analytics -if these capabilities are not strong for you yet, investment is required
  • The possibilities with AML are potentially boundless, with autonomous cars the most publicly visible at this point, from which every industry can benefit

Presented by:

Hussein Mereby, Executive Information Security Director (CISO), Veritiv View details

 
 
 

3:25 pm - 3:35 pm

Afternoon Networking Coffee Break

 

3:40 pm - 4:05 pm

Executive Exchange

 

Innovation Showcase

An exclusive opportunity to be exposed to the hottest new solutions providers in a quick-hit format designed to whet the appetite and spark immediate interest.
 

4:10 pm - 4:35 pm

Executive Exchange

 

Think Tank

GDPR is Coming - Is your Cyber Security Program prepared?

The EU's General Data Protection Regulation goes into effect in May 2017 and tightens privacy protections for EU residents by outlining new provisions and compliance requirements for -personal data-. The new regulation may have serious implications to an organization's Cyber Security program. This Think Tank will discuss general themes the CISO should consider as they prepare their organization to obtain GDPR compliance. 

Takeaways: 

  • Understand key components of GDPR and how they may impact your organization's Cyber Security program 
  • Highlight core Cyber Security practices that should be established and implemented to prepare for GDPR compliance  
  • Discuss ongoing efforts that may be needed to maintain compliance

Presented by:

John Whiting, CSO, DDB Worldwide (An Omnicom Co.)

 
 

4:40 pm - 5:20 pm

Executive Visions

Cloud Robotics and Automation - Is It a New Paradigm to Digital Transformation
Robots and automation systems are no longer limited by onboard resources in computation, memory, or software. "Cloud Robotics and Automation" is where robots and automation systems share data and code and perform computation via networks building on emerging research in cloud computing. Teleoperation and cloud technologies will cause mass consumerization of robotics over the next five years. Between 2017 and 2022, Cloud Robotics will facilitate a major shift of manufacturing into cloud infrastructure The combined Cloud Robotics market will reach $18.2 billion by 2022 . 


 Takeaways: 

  • We will have a look at how this innovative area will be affecting organizations in the near future. 
  • How the emergence of RaaS can help organizations integrate robots and embedded devices into the cloud. 
  • Contrasting the potential advantages and negatives ( related to security, privacy, and quality of service for instance). 
  •  Look at the new class of obviously intelligent apps such as VPAs you would need
 

5:20 pm - 5:30 pm

Thank You Address and Closing Remarks

 

5:30 pm - 6:30 pm

Cocktail Reception

 

6:30 pm - 8:00 pm

Networking Dinner

 

8:00 pm - 10:00 pm

After Dinner Networking