IN-PERSON

Dallas CISO Executive Summit

November 27, 2018 | Renaissance Dallas Hotel

November 27, 2018
Renaissance Dallas Hotel

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Sara Andrews

PepsiCo
SVP, Global CISO

Scott Bonneau

Keurig Dr Pepper
VP IT Integration & PMO

Jason Frugé

Fossil
Chief Information Security Officer

Parrish Gunnels

Fiserv, Inc.
Information Security Officer

Ajay Gupta

Pizza Hut, U.S.
Global CISO

Jairo Orea

Kimberly-Clark Corporation
CISO

Duaine Styles

Globe Life
CISO

Agenda

November 27, 2018

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Don’t Risk It. Learn to be Ethically Vigilant

Rashmi Airan

Ethics Speaker

Author & Thought Leader

One oversight, one moment of turning your head the other way is all it takes to alter the course of your entire career. That’s the lesson Rashmi Airan learned after approving a few creative transactions during her time as a real estate lawyer. After serving time in prison for bank fraud, Rashmi speaks about the importance of being ethically vigilant.

Join Rashmi’s session to learn how to:

Create a culture of ethics and compliance.
Identify slippery slopes that can lead down an unethical path.
Be ethically vigilant in and out of the workplace.

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Structuring Your Security Operations Center

Kevin Charest

DSVP & Chief Information Security Officer

Health Care Service Corporation

Building a SOC requires a series of tradeoffs and adjustments. Do you buy or build? How do you measure effectiveness? Where do you find the talent to run it?

Drawing on decades of experience, Kevin Charest shares how to:

Build an effective SOC
Measure and monitor the SOC’s success
Overcome constraints

9:00am - 9:50am Breakout Session

Translating Cyber Risk into Business Risk

Jeff Schilling

Chief Information Security Officer

Epsilon

How do you turn security conversations into revenue discussions? Where do you start and who are the stakeholders? After building a cybersecurity risk scorecard, Jeff Schilling says his organization was able to make better business decisions.

Join Jeff to learn how to:

Evaluate risk in categories
Create a composite risk score that’s measurable
Create a maturity model based on a cybersecurity framework

9:00am - 9:50am Executive Boardroom

Harnessing the Power of Behavioral Analytics

Jason Frugé

Chief Information Security Officer

Fossil

Alex Nehlebaeff

Corporate Information Security Manager

Harley-Davidson Financial Services Inc.

David Swift

Principal Architect - Security Analytics

Securonix

Behavioral analytics may help IT predict and understand consumer trends, but they can help CISOs understand potential threats—and catch them before they wreak major havoc. So how do you harness analytics to capture the best data?

Join this session to discuss:

Applying mobile behavioral analytics to capture detailed employee behavior information
Identifying potential insider threats
What to monitor within an organization

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

9:00am - 9:50am Executive Boardroom

Cloud Security for the Next Phase of Digital Transformation

Jessica Nemmers

Manager of Information Security

Commercial Metals

Sailaja Kotra-Turner

Director, IT Security and Risk Management

Brinker International, Inc.

Srini Gurrapu

Head Cloud Evangelist

McAfee

As organizations increasingly turn to cloud-based services to enable the next phase of digital transformation, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud, including:

How can you create an adaptive, customizable cloud strategy that can keep up with new technologies being deployed?
How are you evaluating the security posture of vendor partners (e.g. IaaS – AWS, Azure, GCP)?
What are the persistent threats and challenges in the cloud environment?

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Innovating Through Transition and Change

KC Condit

CISO

G6 Hospitality

Gary Toretti

SVP, Chief Information Security Officer

CBRE, Inc.

Paul Horn

CISO

HD Vest Financial Services

Change is everywhere – in your evolving security career, in the threat of a breach and in the career that looms after you hang up your CISO hat. These constant transitions from one phase to the next, whether personal or professional, provide a revolving door of opportunities to innovate, improve business outcomes or even just identify that next phase of your career.

Engage in an open dialogue with panelists on:

Ways to proactively prepare for the next step of your security career.
What to do when you feel your job is in jeopardy.
Ways to transition from CISO to independent business leader.

10:20am - 11:10am Breakout Session

Championing C-Level Communication

Ryan Bachman

SVP, Global Chief Information Security Officer

GM Financial

Jason Frugé

Chief Information Security Officer

Fossil

Duaine Styles

CISO

Globe Life

Unlike the CISO role of just a few years ago – where many could still focus heavily on the bits and bytes – today’s security leader is also expected to be a business leader. Therefore, it is imperative that CISOs become fluent in the languages of risk, finance and strategy if they want to effectively convey their message and get what they need to protect the organization.

Join your peers to find out:

How to educate your c-suite peers on cybersecurity so they become champions for security in your company
What the c-suite really wants to hear from CISOs
Which metrics will help you craft a compelling story that inspires action

10:20am - 11:10am Executive Boardroom

Evaluating the Risk and Reward of Using a Third Party

Sonja Hammond

Chief Information Security Officer

Essilor of America

Shamoun Siddiqui

CISO

Neiman Marcus Group

Zach Vinduska

Vice President, IT Infrastructure and Security

ClubCorp USA, Inc.

Scott Schneider

Chief Revenue Officer

CyberGRX

With constant pressure to become more efficient and more competitive, organizations are looking to vendors whose innovative products can give them an edge over the competition. However, those vendors bring with them not just innovation, but a world of risk.

Join your peers to discuss:

How to vet vendors to understand the potential risks
Best practices for managing third-party risks
Success and challenges of taking on new risk when using vendor services

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

10:20am - 11:10am Executive Boardroom

A Practical Guide to Artificial Intelligence

Gary Todd

Sr. Cyber Security & Compliance Mgr.

PNM Resources, Inc.

Anil Varghese

SVP/CISO

Exeter Finance Corp.

Doug Lhotka

Executive Cybersecurity Architect

IBM

Deep Learning. Machine Learning. Artificial Intelligence. These trends can deliver immense dividends, but they also invite new risks. How can CISOs prepare to reap the rewards while also thwarting potential attackers?

Join this session to learn how to:
• See beyond the hype and understand the benefits of AI
• Use AI to create both long- and short-term business benefits
• Prevent potential attackers from exploiting the vulnerabilities of new technologies

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

11:10am - 11:40am Networking Break

11:40am - 12:50pm Keynote

The CISO Experience – Lessons Learned and Successes Earned

Kerry Kilker

CISO/Board Advisory role

Cyber Watch Systems

Cecil Pineda

CISO

Cyber Watch Systems

The CISO journey is a lot like the cyber threats CISOs protect against – unique and often unpredictable. Every journey is different. Where some find success, others find lessons.

Join Kerry Kilker and Cecil Pineda as they share:

Candid stories from their unique journeys as CISOs
Lessons learned that can help guide security leaders
Their CISO and partner perspectives on how to navigate today’s security environment

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

The Privacy Partnership — Working with Your Head of Privacy

Tami Dokken

Global Data Privacy and Protection Officer

MoneyGram International, Inc.

Harvey Ewing

CISO

MoneyGram International, Inc.

The General Data Protection Regulation created some of the strictest and widest-reaching data privacy regulations to date, and new legislation in the U.S. is adding additional regulations to the mix. To stay ahead, organizations need more than new policies and procedures—they need a sound partnership between the CISO and the head of privacy.

In this panel, you’ll learn:

What heads of privacy want from their CISO.
Ways to communicate effectively with your head of privacy.
The dynamics of a sound CISO-CPO partnership.

1:20pm - 2:10pm Breakout Session

Pen Test Your Board Pitch — An Interactive Exercise

Brian Mork

CISO, Director Information Security

Celanese Corporation

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

Create and deliver a board pitch.
Receive real-time feedback on your pitch.
Learn best practices and strategies for communicating with your board.

1:20pm - 2:10pm Executive Boardroom

DevSecOps — The Agile Approach to Security

James Eppolito

Senior Manager of Security and Risk

Dean Foods Company

Parrish Gunnels

Information Security Officer

Fiserv, Inc.

Security from the start and better collaboration are the keys to effectively reducing risks posed to an organization. With DevSecOps methods and principles, security controls can help organizations react faster to attacks.

In this session, learn:

How DevSecOps changes the security team mindset
The benefits of a DevSecOps approach
How to implement DevSecOps in your organization

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

1:20pm - 2:10pm Executive Boardroom

For Sound Security, Really Know Your Assets

Adam Maslow

Senior Director of Information Security

Raising Cane's

Duaine Styles

CISO

Globe Life

Dennis Van Ham

Managing Director

KPMG

For CISOs to be empowered to make tough decisions, they must do more than simply manage their assets – they must fully understand them and their possible weaknesses. Especially in this day and age of the “extended enterprise” and the rise of IoT, full and continuous visibility of your assets helps CISOs make faster and better decisions to further prioritize security plans and spending.

Join your peers to discuss how to:

Identify and inventory assets on your network in real time
Understand how devices are secured and compliant (or not)
Use asset intelligence to support continuous protection of the IT infrastructure including cloud and IoT
Improve defenses against targeted breaches through automation and orchestration (SOAR)

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

To Connect With Your CEO, Think Like Your CEO

Roger Ochs

Board Member, Former CEO

HD Vest Financial Services

C-level relationships are difficult to maintain and even tougher to create from scratch, especially when it involves the CEO. It’s an art that requires time and finesse—and a whole lot of persistence.

In this session, Roger Ochs draws on his 30 years as a CEO to provide insight on:

Tapping into the mindset of the average CEO to understand what they want from their CISOs.
Strategies for creating effective, two-way communication with the CEO.
Ways to talk tech and security in a way that makes sense to the CEO.

2:30pm - 3:20pm Executive Boardroom

Tapping into the Millennial Mindset to Secure the Workplace

KC Condit

CISO

G6 Hospitality

Jeff Kirby

CISO

Interstate Batteries

Teaching security awareness to the millennial generation is a unique challenge. While they’re often more receptive to new technology than their older peers, they’re also more likely to share and connect online—creating yet another attack surface for potential threats. So how do you train this connected generation?

In this boardroom, you’ll:

Discuss ways to tailor security training for millennials
Determine how to evaluate the level of training needed
Identify key training components and methods of measuring training efficacy
Discuss the challenges of training the millennial generation

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

2:30pm - 3:20pm Executive Boardroom

GDPR – Have You Adequately Prepared?

Ajay Gupta

Global CISO

Pizza Hut, U.S.

Paul Reyes

CISO and VP of Infrastructure Services

Vistra Energy

GDPR is among the strictest data privacy frameworks to date. The list of regulations – and the hefty fines for violating them – have organizations scrambling to update strategies and policies. But have organizations really prepared?

Join this session to discuss:

Whether your organization has taken the necessary steps to comply with GDPR
Strategies for further optimizing your GDPR strategy
How to work strategically with your head of privacy

To reserve your seat, please contact:

Lawrence Figueroa at 1-971-222-2374 or lawrence.figueroa@evanta.com

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

Understanding the Business — Turning No Into Yes

David Tyburski

CISO

Wynn Resorts

Security people want to turn things off. The rest of the organization wants to turn things on. Can both sides win in this ongoing tug of war? Absolutely.

Join David Tyburski to learn how:

The general user community understands information security concepts and processes.
Security professionals need to shift their thinking to speak the language of the c-suite.
To produce a more effective information security program that keeps everyone safe.

4:20pm - 5:00pm Closing Reception & Prize Drawing