IN-PERSON

Houston CISO Executive Summit

November 30, 2022 | C. Baldwin Curio Collection by Hilton

November 30, 2022
C. Baldwin Curio Collection by Hilton

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Mike Coogan

Waste Management
Senior Director, Cybersecurity

Annessa McKenzie

ConocoPhillips
Chief Information Security Officer

Derek Rude

Weatherford
Director, IT Security

Genady Vishnevetsky

Stewart Title Company
CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Houston CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

November 29, 2022

afternoon

November 30, 2022

morning mid-afternoon afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

Governing Body Welcome Reception

Join the Houston CISO Governing Body and their invited guests for a welcome reception at the C. Baldwin Hotel's hidden speakeasy-styled bar.

Escape to the Parlour Hidewawy to enjoy an evening of great conversation, dinner, and drinks — including a specialty cocktail menu — with Houston's premier network of C-level security leaders.

7:45am - 8:45am Registration & Breakfast

8:45am - 9:30am Keynote

Diversity in Thinking — Catalyst for Change

Mary N. Chaney, Esq., CISSP, CIPP/US

Chairwoman, CEO & President

Minorities in Cybersecurity

As organizations strive to drive DEI initiatives, CISOs have an opportunity to lead the way in creating employment and advancement opportunities for underrepresented groups within security. In this session, Mary N. Chaney, a former senior security executive and founder of the nonprofit Minorities in Cybersecurity (MiC), will discuss how CISOs can play a critical role in diversifying talent in the cybersecurity space.

Join this session to learn:

How having more diverse teams helps throughout the organization and brings fresh perspectives
Strategies for communicating and demonstrating commitment to your workforce
How having accountability partners can improve the success of your team

9:30am - 10:00am Networking Break

10:00am - 10:45am Breakout Session

Social Engineering Your Security Awareness Program

Craig Wood

Director of Infrastructure and Security

Tricon Energy

A strong security program is a function of culture. But how can InfoSec leaders drive a culture of security when social media has made publicizing every aspect of our lives feel like the norm?

Join this interactive session to connect and collaborate with peers on:

Building a security awareness program around business drivers and risks
Defining security's responsibility to educate users at work and home
Gaining buy-in from the board to champion security awareness

10:00am - 10:45am Executive Boardroom

The Supply Chain Attack Surface

Deron McElroy

Chief of Cybersecurity Services

Cybersecurity and Infrastructure Security Agency

Michael Leland

Chief Cybersecurity Evangelist

SentinelOne

Supply chain based attacks continue to be on the rise. Attackers always choose the easiest path. Today, it’s often done by first compromising one of the end targets suppliers and then abusing that trusted relationship that they have to target an organization. What are you most likely to open; an unknown email from an unknown sender with an attachment, or an invoice from your favorite supplier?

Join this boardroom hosted by SentinelOne to explore:

Strategies to implement with your TPRM program
Case studies for remediation processes
Opportunities for change that will have the biggest impact

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees, with seating priority given to CISOs. To reserve your seat, please contact: Caroline Timothy, Houston CISO Program Manager, at caroline.timothy@evanta.com.

10:00am - 10:45am Executive Boardroom

Leveraging Predictive AI to Harden Your Security Ecosystem

Stephanie Franklin-Thomas

SVP & CISO

ABM

Leticia Huerta

Vice President, Cyber Risk and Controls

JPMorgan Chase

Jeff Cornelius, Ph.D.

EVP, Cyber-Physical Security

Darktrace

In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must leverage predictive AI technologies to proactively prevent threats before they happen, and to recover if compromised.

Join this boardroom hosted by Darktrace to discuss:

How organizations are successfully using AI in threat detection and response
New applications and approaches for AI in cyber, including preventing and healing from attacks
Strategies for strengthening security posture by creating a virtuous AI feedback "loop"

10:45am - 11:20am Networking Break

10:50am - 11:15am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:20am - 12:05pm Breakout Session

What Are We Doing? ⁠— Cyber Insurance Successes & Struggles

Keith Turpin

CISO

The Friedkin Group Inc

Brad Hollingsworth

Sr. Director of Cyber Security

Mattress Firm

Most CISOs have mixed (at best) feelings about cyber insurance. Questionnaires are becoming more complicated. Premiums are rising. Policies are covering less. Don’t struggle alone. Now's your chance to hear from a panel of CISOs who will share their experiences and insights around cyber insurance.

Join this session to:

Hear different perspectives on the changing cyber insurance industry
Have open conversations about the challenges and benefits of investing in cyber insurance
Share and troubleshoot your own cyber insurance concerns with your peers

11:20am - 12:05pm Breakout Session

Managing Identity – No Access without Context

Gary Parker

Field CTO – Americas

Zscaler

Identity is not the new perimeter, but rather identity is a nexus for context and context is the new perimeter. Zero trust principles woven throughout your IAM strategy in today’s work-from-anywhere environments can be the key to protecting the business across people, devices and applications. As context becomes more complex and the perimeter is ever-evolving, how do you build a defense structure capable of protecting users and the business?

In this session, you will explore:

The role of zero trust in identity and access management
How to implement IAM tools without negatively impacting the user experience or core business operations
How to engage other stakeholders and functions on their access needs to move beyond surface-level coordination

11:20am - 12:05pm Executive Boardroom

Threat Management – Risk Reduction, Visibility, Detection and Response Across Dispersed Environments

Cynthia Soares

Director, IT Information Security

Baylor College of Medicine

Derek Rude

Director, IT Security

Weatherford

Glenn Dally

Executive Advisor & Architect

IBM

Many organizations are challenged with implementing their security programs across widely distributed infrastructure, using an array of tools while often sharing responsibility and control with their service providers. So how can they best maintain visibility into those environments, detect malicious activity and orchestrate effective, business wide, responses? Or perhaps even eliminate much of the noise in that process by identifying and reducing their exposure and risk proactively?

Join this boardroom hosted by IBM to discuss:

Key industry advances in open interconnectivity of tools and data sources
How overall exposure and risk can be better managed
Improving the efficiency and effectiveness of threat management programs to allow security teams to focus on the what’s most important

11:20am - 12:05pm Executive Boardroom

Data Doesn’t Lose Itself

Stephen Cicirelli

Chief Information Security Officer

American Bureau of Shipping

Deborah Watson

Resident CISO

Proofpoint

Your people are your most valuable asset, your greatest weakness, and your best defense. CISOs seeking to prevent data loss from malicious, negligent or compromised users can correlate content, behavior and threats for better insight and streamlined investigations.

Join this boardroom hosted by Proofpoint to discuss:

Augmenting your data protection program with the right people and processes
Transforming your employees into effective data defenders
Managing insider threats and preventing data loss at the endpoint

12:05pm - 12:35pm Lunch Service

12:35pm - 1:10pm Keynote

Elevating Security for a Hyper-Connected World

Curtis Simpson

Chief Information Security Officer

Armis

Digital assets are enabling new revenue and growth opportunities, and accelerating transformation across industries. For CISOs and CIOs that must ensure the security and continuity of business, however, they represent an ever-expanding attack surface at a time when the volume of attacks and the threat of ransomware is increasingly driving news cycles and board-level concern.

Attendees of this keynote hosted by Armis will leave with the insights needed to:

Identify unseen security risks by gaining complete visibility in a rapidly expanding attack surface
Get ahead of exposure by prioritizing high impact vulnerabilities and threats
Secure the assets, recover unnecessary CapEx and OpEx and free staff for priority initiatives

1:10pm - 1:25pm Break

1:25pm - 2:10pm Breakout Session

The CISO’s Role in Data Privacy Protection

John McLeod

CISO

National Oilwell Varco

Marc Scarborough

CISO

Rice University

Yunique Demann

Senior Director, Privacy Strategic Lead

NTT Data Services

Getting privacy right isn’t just an exercise in compliance. Increasingly, consumers expect that organizations are protecting their data while providing more control over its use. Without a robust data governance, security and privacy triad, today’s digital enterprise will find customers losing trust and pivoting to rivals. Is your privacy program creating the necessary foundation of trust your company depends on?

Join this session to hear from a panel of security leaders on:

How privacy plays into business strategy across industries in today’s economy
Different reporting structures, roles, and the C-suite responsibility in privacy
Practical tips and lessons to manage privacy risk

1:25pm - 2:10pm Executive Boardroom

Beating Attackers At Their Own Game

Ross Wells

Information Security Officer

Victoriano Casas III

Executive Strategist

CrowdStrike

Cybersecurity is no longer a nice to have, it’s a front line defense that protects organizations from targeted attacks and sophisticated threat actors. Security leaders must always be one step ahead and deliver effective cybersecurity through active prevention and defense. How can CISOs mitigate threats against the attack surface, whilst providing the business and technical outcomes to both stay secure and advance business objectives?

Join this boardroom hosted by CrowdStrike to discuss:

Leveraging proprietary data, analytics and technology to prevent attacks
Implementing proactive defense for businesses of all sizes to mitigate today’s threats
Pressure-testing your incident response plan and playbooks

1:25pm - 2:10pm Executive Boardroom

The Ongoing Fight to Secure Business Email

Christopher Kar

Information Security Advisor

Fort Bend Independent School District

Anthony Souza

Director of Cybersecurity (CISO)

CenterPoint Energy

Scott Deluke

Director of Enterprise Sales Engineering

Abnormal Security

Despite their efforts, from phishing simulations to security awareness campaigns, CISOs from organizations big and small keep falling short when it comes to stopping Business Email Compromise (BEC) attacks. But, if everyone has an email security program, why are the losses associated with BEC still climbing?

Join this boardroom hosted by Abnormal Security to discuss:

What is working or not working, with existing processes and technology?
How do we solve the "human factor" in the equation?
Best practices for preventing loss related to a BEC attack?

2:10pm - 2:45pm Networking Break

2:15pm - 2:40pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:45pm - 3:30pm Breakout Session

Advancing Tomorrow’s Cybersecurity Workforce Through Education

Dalia Sherif, PhD

Executive Dean: Baccalaureate Programs and Partnerships

Lone Star College System

Joy Wangdi

Cybersecurity Trust Officer

LyondellBasell

As the information security profession matures, so too does the demand for security talent. Imagine if you could build a partnership now to cultivate a security workforce with the right skillsets to meet the demands of the future — and the realities of today.

In this session, Joy Wangdi, Cybersecurity Trust Officer at LyondellBasell, is joined by Dr. Dalia Sherif, Executive Dean of Baccalaureate Programs & Partnerships at Lone Star College, to discuss:

The challenges both employers and educators face when addressing the security talent shortage
How Lone Star College is helping LyondellBasell build a more sustainable and diverse security talent pipeline
The need for collaboration between academic institutions and organizations on cybersecurity curricula

2:45pm - 3:30pm Executive Boardroom

When the Next Vulnerability is Exposed...Are You Ready?

Neel Adhikari

Global Security Program Management

Solvay North America, Inc.

Reid Wisa

Director, Information Security

Tailored Brands

John Engates

Field CTO

Cloudflare

As API traffic surges, third-party networks rapidly expand, and the digital business accelerates, the threat of suffering a breach or disruption looms large on the horizon. CISOs managing an ever-expanding attack surface must fortify the foundations of their infrastructure, applications, and teams so that when the next big vulnerability is uncovered…you’re ready to respond.

Join this boardroom hosted by Cloudflare to discuss:

Replacing static access controls and legacy security perimeters that delay incident response
Identifying and mitigating the risks of third-party networks and software supply chains
Trends in data privacy regulations and data protection measures

To reserve your seat, please contact: Caroline Timothy, Houston CISO Program Manager, at caroline.timothy@evanta.com.

2:45pm - 3:30pm Executive Boardroom

Manage Security Posture and Risk Across SaaS Environments

Harold Byun

Chief Product Officer

AppOmni

Thinh Nguyen

Global Technical Security Officer/ Chief Security Architect

Invesco

Mark Littlejohn

CISO

CVR Energy

As the adoption of enterprise SaaS grows, high-profile SaaS application data breaches are also on the rise. CISOs are ultimately responsible for the security of their organization’s data, including access by third-party applications, and must implement appropriate security settings and data governance for their environments. The challenge, the most widely used gateway architecture solutions don’t deliver visibility into the complex, unique characteristics of different SaaS applications.

Join this boardroom hosted by AppOmni to discuss:

How to gain immediate visibility into what data can be accessed by all types of users and integrations, including third-party applications
How to build the business case for a comprehensive SaaS security program, including funding sources
How to integrate security into the software development lifecycle to improve DevSecOps during the product development process

To reserve your seat, please contact: Caroline Timothy, Houston CISO Program Manager, at caroline.timothy@evanta.com.

3:30pm - 3:45pm Networking Break

3:45pm - 4:20pm Keynote

Zero Trust — Implementing a Strategy for Success

George Finney

Chief Security Officer

Southern Methodist University

For years, Zero Trust has been THE cyber strategy that everyone — from the boardroom to the marketing team — is talking about, but security leaders sometimes differ on what it really means.

In this session, George Finney, Chief Security Officer at Southern Methodist University and author of Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, will:

Break down misconceptions about what Zero Trust is, who it’s for, and why it's important
Share concrete steps for implementing Zero Trust
Outline a strategy for success in cybersecurity that appeals to the board

4:20pm - 4:50pm Closing Reception & Prize Drawing

November 29, 2022

afternoon

November 30, 2022

morning mid-afternoon afternoon

We look forward to seeing you at an upcoming in-person gathering

Location

Venue & Accommodation

C. Baldwin Curio Collection by Hilton

MORE INFORMATION

A block of rooms has been reserved at the C. Baldwin Curio Collection by Hilton at a reduced conference rate. Reservations should be made online or by calling 713-759-0202.

Deadline to book using the discounted room rate of $209 USD (plus tax) is November 7, 2022.

RESERVE ROOM