IN-PERSON

Atlanta CISO Executive Summit

December 9, 2019 | Renaissance Waverly Atlanta

December 9, 2019
Renaissance Waverly Atlanta

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Tim Callahan

Aflac
Global Chief Security Officer

Joe DiBiase

Interface
Director, Global IS

John Dickson

Republic National Distributing Company
VP, IT Infrastructure & Cybersecurity

Lynda Fleury

Unum
VP & CISO

David Levine

Ricoh USA, Inc.
VP, Information Security & CISO

Dan Webber

UST Global
Chief Information Security Officer

Deborah Wheeler

Delta Air Lines
CISO

Agenda

December 9, 2019

morning mid-afternoon afternoon

7:30am - 8:30am Registration & Breakfast

8:15am - 8:30am Opening Comments

8:30am - 9:00am Keynote

Harness Your Super Powers to Tackle the Digital Future

Ben Hammersley

Author & Futurist

Ben Hammersley

If you or your organization is afraid of what’s next and feel that there are forces at work that drain your market share, Ben Hammersley is here to help. A futurist, he explains the inherent disconnect between business leaders and the world we live in today. He reveals the extreme interconnectedness between seemingly disparate entities, and how technology is at work in everything you do, whether you realize it or not. Discover how technology can give you super powers and how you can use those special abilities to your advantage to not just survive, but conquer, this age of digital transformation.

9:00am - 9:20am Networking Break

9:20am - 10:10am Breakout Session

AI — Marketing Hype vs. Reality

Keith Rayle

Strategist

Fortinet

Join Keith Rayle from Fortinet for a brief history and workings of artificial intelligence (AI), to include current and future phases of AI deployment for solving problems. This discussion will examine the use of AI in security tools implementations.

Join this session to learn:

Strategies for deploying AI-based solutions
Cybercriminal uses of AI and what to expect from future attacks
Management potential using AI-based architectures

9:20am - 10:10am Breakout Session

For the Thrill of the Game

Scott Stanton

Information Security Leader, Global Products Division

Owens & Minor

Have you ever wondered if other CISOs respond to incidents the same way you would? Jump inside the mind of some of your peers as they work through an incident response game.

Join Scott Stanton, Information Security Leader, Global Products Division at Owens & Minor, as he facilitates:

Playing out the incident response scenario with a panel of security leaders
Gaining insight to how other CISOs would react to an event
What would you have done differently?

9:20am - 10:10am Executive Boardroom

Connecting Security, Risk, and IT to Enable a Best-in-Class Program

Mark Gelhardt

SVP, Technology Governance

U.S. Bank

Jason Maddox

Director of IT and CISO

Roark Capital Group

Brandon Reese

Regional Director, Solution Consulting

ServiceNow

The breaches of the past few years continue to show us that organizations are overwhelmed and struggling with patching software vulnerabilities. But what if the you were able to properly pinpoint the vulnerabilities that represent the most risk and align these risks with overall enterprise risk? Join this conversation to discuss:

How security, risk, and IT staff can best work together to locate vulnerabilities and remediate cyber risk
Best practices for strengthening governance, risk, and compliance programs
Effective methods for communicating cyber risk to the BOD

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager Zack Hellmann zack.hellmann@evanta.com.

10:10am - 10:30am Networking Break

10:30am - 11:20am Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Eric Blatte

President & Co-Founder

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

10:30am - 11:20am Breakout Session

IoT Education — Not Just the CISOs Responsibility

John Diaz

Head of Information Security

ThyssenKrupp

Deborah Wheeler

CISO

Delta Air Lines

With most consumers not knowing what IoT consists of, it is no wonder there are so many vulnerable access points. Is ignorance bliss when it comes to IoT usage? What role should the security community play when informing consumers about potential risks?

Connect with fellow CISOs to discuss:

How to detect devices on your network
Who’s responsibility is it to educate the consumer
Ways to manage the increased use of IoT devices

10:30am - 11:20am Executive Boardroom

New Approaches to Pushing the SOC Boundaries

Martin Fisher

Manager, IT Security

Northside Hospital

Tim Mullen

VP, Information Security

Change Healthcare

Joe Partlow

CTO/CISO

ReliaQuest

As the cyber landscape continues to change, we must also adjust our strategies and ideas of what a SOC consists of. Come together with your CISO peers in this boardrooms session to compare and contrast ways to build more efficient defenses.

In this session you’ll discuss:

How you empower your team to act quickly with the right information
Threat hunting techniques to discover information previously hidden
Making the most of the system you have in place

11:20am - 11:45am Networking Break

11:45am - 12:30pm Lunch & Comments

Lunch & Interactive Discussion

In this networking lunch you have the opportunity to hold relevant conversations with peers facing similar challenges and opportunities in a specific industry. The below questions are a guideline for you to start your topical table conversations.

Security operations

What is the maturity of your security operations program?
What is your process for building an operational playbook?
What KPIs or KRIs do you use to measure success?

Communication and awareness

How do you approach security with a holistic lens?
What are some of the challenges that you face when communicating with the C-suite and/or your business teams?
How do you evaluate, communicate and demonstrate the ROI of a proposed initiative or tool?

Access and Identity Management

What strategies and tools are you using to improve visibility into your systems?
How are you integrating the user experience with security?
How are you measuring the success of your access management program?

Governance and privacy

How are you responding to/preparing for regulatory changes?
How do you balance compliance with business requirements?
What standards and metrics are you using to measure risk?

Talent and developing leaders

What are some tangible strategies for creating and developing new talent resources?
What best practices exist for retaining talent, once secured?
How are you developing your future leaders? What succession plan strategies do you have in place?

12:30pm - 1:00pm Keynote

Creating Secure Environments Through Healthy Boundaries

Lakshmi Hanspal

Global Chief Security Officer

Box

If your company’s information initiatives are requiring you to reevaluate the boundaries for trust and security, you are not alone. Information is the lifeblood of businesses, but in a multi-cloud environment, keeping it secure is complex.

In this keynote, join Lakshmi Hanspal, Global Chief Information Security Officer at Box, and learn how to:

Rethink your organizations boundaries for trust and security
Partner with business stakeholders to address trends and challenges we face in the cloud era
Effectively leveraging machine learning to keep up the speed of business

1:00pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Using Data-Driven Cyber Risk Metrics to Manage Business Relationships

Chris Poulin

Principal Consulting Engineer

BitSight

Gartner estimates that, "By 2022 cybersecurity ratings will become as important as credit ratings when assessing the risk of business relationships." Data-driven security ratings offer an opportunity to translate objective cybersecurity metrics into business risk language that executive decision makers understand.

In this session you will learn:

How to position data to impact business decisions
Ways to get ahead of your cybersecurity ratings
Techniques on ways to communicate with the executives and the board

1:20pm - 2:10pm Breakout Session

The CISO Role — A Continuous Conversation

Kim Keever

SVP & CISO

Cox Communications

David Levine

VP, Information Security & CISO

Ricoh USA, Inc.

As the CISO role continues to evolve year-over-year, hear from your peers to see what their reporting structure looks like. Is your current alignment the right alignment or is it time for a change? Hear from CISOs as they highlight how they took charge of their career and made a change.

In this Q&A discussion, you’ll uncover:

How to feel empowered to speak up
Security as a culture that is emulated by the leadership team
Change management when redirecting your structure

1:20pm - 2:10pm Executive Boardroom

Innovation Offense — Uniting DevSecOps

Wes Knight

CISO

Georgia Department of Revenue

Kevin Morrison

Vice President of IT & CISO

Rollins

Matt Howard

SVP & Chief Marketing Officer

Sonatype

This is NOT your typical security conversation. We won’t be talking about how to play better "perimeter defense" at the end of your digital supply chain. Instead, we will be talking about how to play better “innovation offense” at the beginning of your digital supply chain.

Join us to discuss:

How to continuously identify and remediate open source risk, without slowing down innovation
Ways to integrate security guardrails directly within your DevOps pipeline
The importance of uniting developers, security, and operations on the same team

1:20pm - 2:10pm Executive Boardroom

Identifying the Way Forward in IAM

Kevin Gowen

CISO

Synovus

Roosevelt Reynolds

Director of Cyber Security

Kindred Healthcare

How are your peers balancing business agility and business security in their identity and access management strategy? Join this roundtable discussion to benchmark your framework and vet future plans, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

Methodologies that satisfy users while maintaining adequate access controls
Communication techniques to streamline acceptance of IAM across the business
Roadmaps for deciding what technology is the best fit

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Assessing Historical Incident Analysis with Next-Gen Security Analytics

Bob Varnadoe

CISO

NCR

Trevor Welsh

Security Strategist

Google

What happens when you’re able to rewind the clock and analyze what happened? Join this session to hear insights from Bob Varnadoe, CISO at NCR, on what his organization has done and their approaches to solving security analytics, log data and the challenges they were facing.

Hear best practices on:

Security and big data analytics
What could happen with a petabyte of security data
How analytics work the way they do

2:30pm - 3:20pm Breakout Session

The Interactive Boardroom

Dan Webber

Chief Information Security Officer

UST Global

Step inside and expect to participate as Dan Webber, VP, Technology at UST Global, leads you in an interactive session. All too often, CISOs think – you’ve been breached. In this room, you may be the CEO, the CFO, the CISO or anywhere in between. Come in open minded and ready to put yourself in someone else’s shoes.

In this collaborative session you will:

Work through an action plan of how to react strategically
Consider opinions and ideas you may not have thoughts of before
Discover differing views of how to react to the same event

2:30pm - 3:20pm Executive Boardroom

Preparing for the Post-Perimeter Digital Age

David Levine

VP, Information Security & CISO

Ricoh USA, Inc.

Troy Phelps

BISO

The Home Depot

Aaron Cockerill

Chief Strategy Officer

Lookout

As the number of mobile devices continues to grow, how can we help our employees understand security protocols to keep both company information and personal information safe?

Join your peers to discuss:

Bring-your-own-device (BYOD) considerations
Mobile phishing campaigns vs. spear-phishing attacks
How to scale your defenses to protect your ever-changing perimeter

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:20pm Keynote

Cyber Governance and Regulation in the Enterprise

Phil Agcaoili

Senior VP, Product & Security Innovation

Elavon

Tim Callahan

Global Chief Security Officer

Aflac

Patrick Gaul

Executive Director

National Technology Security Coalition

Bob Varnadoe

CISO

NCR

Cybersecurity regulation is a divisive topic. While some welcome regulations, others reject interference from the government. In order to mitigate the divide, many CISOs are working alongside the federal government to provide insight into the complex nature of information security.

In this panel, you will hear: