IN-PERSON

Chicago CISO Executive Summit

May 14, 2024 | Convene at 233 South Wacker

May 14, 2024
Convene at 233 South Wacker

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Waqas Akkawi

SIRVA Worldwide
VP, CISO

Michelle Ayala

The AZEK Company
CISO

Erik Hart

Cushman & Wakefield
CISO

Ricardo Lafosse

The Kraft Heinz Company
Chief Information Security Officer

JJ Markee

Danaher
Global Chief Information Security Officer

Bill Podborny

Constellation Brands
CISO

Paolo Vallotti

Tate & Lyle
CISO & VP of Operations

Angela Williams

UL Solutions
Global Chief Information Security Officer

Mike Zachman

Zebra Technologies
VP & Chief Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Chicago CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

May 13, 2024

evening

May 14, 2024

morning afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

Touching Base — Governing Body Welcome Reception at Guaranteed Rate Field

Join the Chicago CISO Governing Body for a night of networking as the Chicago White Sox face the Washington Nationals. Enjoy dinner, drinks and the view from adjoining suites at Guaranteed Rate Field. First pitch at 6:40 PM CT!

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

The Upside of Failure — Making Shift Happen

Tiana Sanchez

Best-Selling Author, Founder & CEO of TSI

Guest Speaker

In a world that often celebrates success but shies away from failure, it can be intimidating to confront the stigma surrounding setbacks. How can leaders flip the narrative to embrace failure, both big and small, as a powerful force for positive change and unprecedented success?

Join Tiana Sanchez, Best-Selling Author, Founder & CEO to:

Deconstruct a failure event and leverage the experience for newfound growth and self-examination
Embrace the liberating concept of pivoting, shifting perspectives, eliminating distorted thinking patterns, and increasing strategic thinking
Describe four common fears that stall business and explore four corresponding questions that positively shift business outcomes forward

9:15am - 9:40am Networking Break

9:40am - 10:25am Breakout Session

A New Era of Liability for CISOs

Darin Hurd

EVP & CISO

Guaranteed Rate

Elizabeth Neumann

Senior Vice President, Managing Claims Counsel

CAC Specialty

Jerome Tomas

Partner

Baker McKenzie

CISOs are accustomed to answering for the business when security programs fall victim to attack. However, recent personal legal scrutiny of CISOs has set a precedent, stirred up concern and left security leaders questioning their protection.

Join this panel discussion to uncover:

Resources to prepare for increased scrutiny and potential liability
Best practices to proactively protect personal assets and reputation
Keys to communicate of the state of security practices to stakeholders

9:40am - 10:25am Breakout Session

Unlocking Full Cloud Potential — Security Enhancements for Today's Enterprise

Scott Montgomery

VP, Strategic Accounts

Island

While the vast majority of infrastructure has been upgraded and modernized to secure the shift to the cloud, enterprise IT teams are still missing an equally seamless access method to safely deliver those now cloud-native apps and data. While traditional browsers have become the de facto access point for the majority of business critical applications, they lack the deep inspection capabilities and hyper-granular security controls enterprises need. This results in security teams surrounding their browsers with layers of tech to meet those needs.

Join this breakout session to discover:

Why traditional cloud security methods undermine your modernization efforts and end-user experience
Embracing technological momentum to adapt to a "more-with-less" security landscape
How enterprise CISOs are using this solution to bolster cloud security

9:40am - 10:25am Executive Boardroom

Network and Security Teams — A New Era of Collaboration

Ebenezer Arumai

Chief Information Security Director

Oldcastle BuildingEnvelope

Amir Niaz

VP, CISO

Culligan

John Spiegel

Field CTO, Network Transformation

Hewlett Packard Enterprise

The explosion of data, and continued adoption of hybrid work, multi-cloud, and SaaS have eroded away the classic silos that once existed between Security and Networking teams. As data remains at the epicenter of innovation, CISO and Infrastructure leaders are working more closely together than ever to allow for fast, secure access to IT. Technologies like Secure Access Service Edge (SASE) have skyrocketed in popularity, creating a future where the fates of both teams are more intertwined than we know.

How can CISOs foster trust and collaboration between these two dynamic groups - with a mind towards enabling the business?

Join this session to discuss:

How the changing dynamic is forcing CISOs to have to think differently
Company initiatives where CISOs should take lead, and those where Networking should take lead
Emerging technologies that serve as a win-win for both teams and success stories of security and networking winning together

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Chanelle Lawrence at chanelle.lawrence@evanta.com

9:40am - 10:25am Executive Boardroom

From Z to A — Extending Zero Trust to APIs

Sean Flynn

Director, Security Technology and Strategy

Akamai Technologies

Paul Groisman

Sr. Director of Cyber Security

Fubo

Bill Podborny

CISO

Constellation Brands

As more and more organizations adopt a Zero Trust architecture (ZTA), many initiatives overlook the increased prevalence of API-based access to sensitive application functionality and data. As CISOs move forward in their ZTA journey, how can they extend these principles to their API strategy to ensure security from the network layer to the application layer?

Join this session to discuss:

Breaking the kill chain by stopping infection vectors and protecting against lateral movement
Shielding sensitive data and limiting how APIs interact with data
Increasing real-time visibility across the business to mitigate threats

To reserve your seat, please contact:

Chanelle Lawrence at chanelle.lawrence@evanta.com

10:25am - 11:05am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:05am - 11:50am Breakout Session

People-Driven Security Meets Identity

Alex Green

CISO

Delta Dental Plans Association

Threat actors aren't just hacking in — they’re logging in. How do we balance an identity-based perimeter and the user experience?

Join Alex Green, CISO of Delta Dental, to hear first-hand examples of:

Weaving identity and zero trust into a security and business strategy
Reducing user friction while maintaining a strong security posture
Communicating the value, opportunity and impact of identity

11:05am - 11:50am Breakout Session

Endpoint, Cloud and the Board — Identifying Risk that Matters

Richard Seiersen

Chief Risk Technology Officer

Qualys

Todd Covert

National General CISO

Allstate

Prioritizing and eliminating the cyber risks that matter most is the ultimate goal of security leaders. But how do you validate that your efforts are hitting the mark? It all comes down to well-crafted measurements: metrics that are reliable and easily understood by all stakeholders across the business.

In this session, we will discuss:

Cybersecurity risk assessment essentials and which risks truly carry weight
Concrete approaches to determine effectiveness of security capabilities
Creating simple "metric cards" to communicate across stakeholders

11:05am - 11:50am Executive Boardroom

Securing the Everywhere World — Building Cyber Resilience through a “Connectivity Cloud”

John Engates

Field CTO

Cloudflare

Shane Hibbard

Director of Information Security

Invenergy

Shashank Kapoor

CISO

Truckstop.com

When users are everywhere and digital operations span cloud, SaaS, and on-premises environments, achieving cyber resilience becomes paramount. The challenge lies in navigating this complexity and maintaining visibility and control to ensure continuous operation despite cyber threats.

Join this interactive roundtable to discuss:

Optimizing costs and improving security across diverse cloud environments
Adopting Zero Trust philosophies to protect users, data, and applications
Innovating with AI while addressing global regulatory and data privacy requirements

To reserve your seat, please contact:

Chanelle Lawrence at chanelle.lawrence@evanta.com

11:05am - 11:50am Executive Boardroom

Threat Intelligence and Third-Party Risk — Doubling Down on Critical Vulnerabilities

Mark Nafe

Director, Solutions Consulting

RiskRecon - A MasterCard Company

Jeff Deakins

CISO

The Marmon Group

Ron Versetto

Executive Director of Information Security

Chicago Public Schools

The complete entanglement of cyber risk with business risk is becoming increasingly more visible. CISOs now have an opportunity to better pinpoint third parties that present a threat to the organization. Yet the increasing complexities of third party, and even fourth party, risk management, prompted by a wide range of evolving threats, demands heightened attention. How can CISOs ensure they have a clear overview of the threat landscape and vulnerabilities across ecosystems and supply chains?

Join this session to discuss:

Identification of vulnerabilities across your vendor landscape to prioritize response efforts
Best practices for mitigating a new wave of sophisticated attacks to keep assets safe
The role threat intelligence plays in risk management strategies to safeguard your digital ecosystem

To reserve your seat, please contact:

Chanelle Lawrence at chanelle.lawrence@evanta.com

11:05am - 11:50am Executive Boardroom

Maximizing Moments with the Board

Steve Wenc

Group Vice President - Executive Services

Gartner

Chris Lugo

VP, CISO

Blue Cross Blue Shield Association

As boards increasingly recognize cybersecurity as a business risk, not just a technology concern, it's up to CISOs to leverage their influence, engage effectively with the board, and deliver presentations that resonate with their board members.

Join this boardroom session to discuss:

Understanding and adapting to board responsibilities and priorities
Preparing to engage the board effectively before, during, and after meetings
Outlining the value of security and crafting a narrative around business-relevant security metrics

Seating priority during this executive boardroom is given to Gartner clients. To inquire on reserving a seat, please contact Chanelle Lawrence at chanelle.lawrence@evanta.com.

11:50am - 12:35pm Lunch Service

11:55am - 12:25pm Networking

Empowered Women, Empower Women — Sponsorship & Career Pathing

Shefali Mookencherry

Chief Information Security Officer and Privacy Officer

University of Illinois at Chicago

Join this dedicated networking session for women in cybersecurity leadership roles and their allies to freely discuss best practices, key challenges and mission-critical priorities surrounding sponsorship and career pathing. Come prepared to share ideas and forge new connections that can help empower each other to make an impact in your organizations and the Chicagoland area.

This session is aimed at, but not limited to, women who are leading the cybersecurity function at their organizations (CISO or equivalent) and those reporting directly to the CISO/equivalent. Priority access will be reserved to these groups.

12:35pm - 1:10pm Keynote

Optimizing for Agility — Network and Security Convergence

Steve Riley

VP & Field CTO

Netskope

Integrating a complex ecosystem across all security areas can optimize defenses without simplifying adversaries’ challenges. This approach balances robust security with efficiency, crucial for navigating generative AI and tech advancements. Achieving this requires strategic selection and consolidation of platforms to enhance agility, reduce risk, and maintain cost-effectiveness.

In this session, you’ll learn:

The composition of an effective security architecture
Value you can derive from a converged networking and security platform
Common consolidation mistakes people make and how to avoid them

1:10pm - 1:35pm Break

1:35pm - 2:20pm Breakout Session

Security Hot Topics — Pulse Check Your Priority

Mike Zachman

VP & Chief Security Officer

Zebra Technologies

Brent Deterding

CISO

Afni

Security continues to find its way into the boardroom and even into headlines. As the spotlight grows, so does the pressure CISOs face to foster constructive conversations around the value, opportunity and impact of key priorities.

Join this interactive session to:

Engage with like-minded CISO peers on shared priorities
Validate strategies and uncover new ways of thinking
Share key lessons learned and proven best practices

Table topics include: Leading through M&A, Communicating with the Board, Generative AI Governance, CISO Role Evolution, Life After CISO / Board Membership, Collaborating Across the C-Suite, OT Security & Quantum Computing / Next-Gen Technology

1:35pm - 2:20pm Breakout Session

Modern Workforce, Modern Security Strategy

Panos Mavrommatis

Sr. Director of Engineering

Google

In the age of remote and hybrid work, employees now spend the majority of their time in the browser or in virtual meetings. The workforce is more mobile and distributed than ever before. At the same time, we are seeing an increase in cyber attacks and a higher average cost of data breaches. We must think more about protecting users right where they interface with web threats, the browser, without disrupting productivity.

Join this session to hear about:

The browser's role in a business's security strategy
Zero trust architecture
Managing resources for cybersecurity in a time of economic uncertainty

1:35pm - 2:20pm Executive Boardroom

Prioritizing Vulnerabilities Like an Attacker

Julian Waits

SVP Corporate Development and Strategic Alliances

Rapid7

Mahmood Khan

SVP & Global CSO

CNA

Sean Ventura

Head of Information Security and Compliance

KinderCare

It's an all-too-familiar scenario: Thousands of vulnerabilities are identified across your hybrid ecosystem. How do you identify and prioritize remediation for the vulnerabilities most likely to exploit your cloud and on-prem environments?

Join this session to discuss:

Prioritizing actively exploited vulnerabilities
Measuring the value of a vulnerability to an attacker
Communicating risk posture cross-functionally

To reserve your seat, please contact:

Chanelle Lawrence at chanelle.lawrence@evanta.com

1:35pm - 2:20pm Executive Boardroom

Navigating the New AppSec Terrain — A CISO’s Guide

Sean Casey

Senior Director Solutions Engineering

Checkmarx

Art Chaisiriwatanasai

CISO

Paylocity

We know that a comprehensive AppSec program is critical for a successful business. With cloud-based applications expanding and AI-generated code offering both opportunities and risks, CISOs must navigate a drastically changed threat landscape. So, how can CISOs effectively manage their AppSec initiatives to ensure comprehensive security across the SDLC, despite the expanding complexities?

In this session, we’ll discuss the value of:

Streamlining developer workflows with integrated security tools to boost developer experience
Consolidating tools to simplify operations and tackle tool sprawl
Utilizing AI to enhance security and increase productivity across teams

To reserve your seat, please contact:

Chanelle Lawrence at chanelle.lawrence@evanta.com

2:20pm - 3:00pm Networking Break

2:25pm - 2:50pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

3:00pm - 3:45pm Breakout Session

Becoming a Business-Savvy CISO

Olesya Afanasyeva

CFO

EVRAZ North America

Nitin Raina

Global CISO

Thoughtworks

Many organizations continue to grapple with the relationship between security and value creation. A modern CISO must seamlessly communicate the value the security function brings to the business to secure a seat at the table.

Join this CFO-CISO fireside chat hear keys to success on:

Demonstrating the value of security
Communicating the business implications of security
Translating security goals to business goals

3:00pm - 3:45pm Breakout Session

De-Mystifying AI for Threat Detection and Response

John Mancini, Ph.D.

Principal Product Manager – Identity and Integrated Signal

Vectra

Let’s face it: Not all AI is created equal. But when used properly, data science and AI can turn the tables on cyberattacks in favor of defenders. Unveil how AI can transform the SOC from manual and mundane tasks and empower analysts to stay ahead of the evolving landscape.

Join John Mancini, Ph.D, Principal Product Manager – Identity and Integrated Signal at Vectra AI, to discover:

Navigating the merits of AI methodologies
Understanding how integrated signals reduce alert noise and surfaces real threats
Empowering humans to move at the speed of hybrid and multi-cloud attackers

3:00pm - 3:45pm Executive Boardroom

SEC Cyber Disclosures — Discussing the Latest Trends

Jacob Olcott

Vice President, Government Affairs

BitSight

Diane Brown

VP, IT Risk Management

Ulta Beauty

Ricardo Lafosse

Chief Information Security Officer

The Kraft Heinz Company

Joe Mendel

CISO

Kellanova

Public companies have started including cybersecurity risk and incident disclosures in their 10Ks and 8Ks. What are they disclosing? How are CISOs adjusting their cybersecurity programs moving forward?
Join this boardroom to discuss:

How technology leaders can effectively tell their company’s cybersecurity story
Real-world examples of effective cybersecurity disclosures under the new requirements
Championing regulations as an opportunity to cement your role as a business leader

To reserve your seat, please contact:

Chanelle Lawrence at chanelle.lawrence@evanta.com

3:00pm - 3:45pm Executive Boardroom

Yesterday’s Shadow IT and Today’s Shadow AI

Lior Yaari

CEO and Co-Founder

Grip Security

John Dolce

Director & Chief Information Security Officer

American Medical Association

Elizabeth Ogunti

CISO

JBT Corporation

Karthik Swarnam

Chief Security & Trust Officer

Armorcode

Shadow AI introduced a new layer of risk in a time when security leaders are already grappling with the formidable challenges of managing hidden technical debt and uncovering shadow IT. Today’s digital landscape requires a new approach to risk and governance – one that identifies the shadows already existing in your organization and stops future shadows emerging as you harness the power of emerging technologies.

Join this session to discuss:

Uncovering existing hidden technical debts and shadow IT that inhibit agility, innovation and security
Establishing centralized risk frameworks and governance that are enforceable and scalable
Involving the C-suite and end users in establishing and understanding protections to deter rogue IT and AI

To reserve your seat, please contact: Chanelle Lawrence at chanelle.lawrence@evanta.com

3:45pm - 4:10pm Break

4:10pm - 4:45pm Keynote

More Inclusion, More Innovation

Robyn Clark

CISO

ITW

Sara Schmidt

CISO

US Foods

Angela Williams

Global Chief Information Security Officer

UL Solutions

Inclusion is no longer just a buzzword or 'check the box' initiative. It is a critical pillar to build a resilient and well-rounded security team. CISOs play an important role in promoting diversity of people, experiences and backgrounds among their teams to not only meet business expectations, but truly innovate.

Join this candid panel conversation to explore:

Building a cohesive team with diverse skillsets and experiences
Leveraging unique competencies and strengths to drive efficiency and innovation
Fostering an environment of inclusion through meaningful coaching and sponsorship

4:45pm - 5:00pm Closing Comments and Prize Drawing