IN-PERSON

Minneapolis CISO Executive Summit

May 21, 2019 | Minneapolis Marriott City Center

May 21, 2019
Minneapolis Marriott City Center

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Douglas DeGrote

Allianz Life Insurance Company of North America
CISO

Paul Hershberger

The Mosaic Company
Director IT, Security Risk & Compliance

Patrick Joyce

Medtronic plc
VP, Global IT & CSO

Michael Kearn

U.S. Bank
VP, Security Risk & Technology Consulting

Tris Lingen

3M Company
Sr. Global Information Governance, Risk & Compliance Manager

Jim O'Conner

Cargill, Inc.
CISO

Kathy Orner

CWT
VP & Chief Risk Officer

Agenda

May 21, 2019

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Security Data – GPS for Application Teams

Jodie Kautt

VP, Cybersecurity

Target

Jennifer Czaplewski

Director, Product Security

Target

Over the past few years, Target has shifted the role of its security team from enforcer to teacher. Along the way, Target asked itself, “Is it possible to give thousands of engineers a single metric for security?” Target’s cyber security team has developed a Product Intelligence model that has transformed how the company manages application security.

Hear from Target’s senior cyber security leaders about:

Lessons learned and how any company can adopt the Product Intelligence model
How the Product Intelligence score for applications allows engineers to integrate security into their development process
How Product Intelligence scoring provides real-time visibility to application security

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Mindful Leadership

Sarah Engstrom

CISO

CHS Inc.

Beth Singer

Data Protection Manager

CHS

The benefits of mindful leadership read like a fantasy wish list – better self-awareness, wider emotional intelligence, reduced stress, increased clarity and productivity at work. Building upon leadership principles from thought leaders, and sharing their own experiences, Sarah Engstrom and Beth Singer present a compelling case for mindful leadership.

Join this session to learn how to:

Practice mindfulness and shape your teams
Connect your leadership and values
Reframe how you show up every day

9:00am - 9:50am Breakout Session

Mission Impossible – So Many Risks, So Little Time

Ladi Adefala

Senior Security Strategist

Fortinet, Inc.

Emerging risks can be unpredictable and disruptive. Fifth generation 5G mobile communications, extended reality, smart speakers, and drones all offer incredible benefits, but they also come with unexpected risks. These are truly the unpredictable unknowns. Anticipating these blind spots can appear impossible in light of the accelerated pace of technology innovations.

In this session, you will:

Learn about emerging risks
Identify Impact and Implications of these risks
Discover strategies to address them

9:00am - 9:50am Executive Boardroom

The Zero Trust Approach

Michael Kearn

VP, Security Risk & Technology Consulting

U.S. Bank

Michael Musto

Senior Global Information Security Leader

James Plouffe

Strategic Technologist

MobileIron

Mobile devices and cloud services have dissolved the enterprise IT perimeter. Business data flows freely across a wide information fabric spanning a variety of devices, apps, networks, and cloud services. As traditional network perimeters become obsolete, organizations must address these modern security challenges with a zero trust - “always verify, never trust” approach.

In this boardroom, you’ll discuss:

Redefining security strategies to address a perimeter-less environment
Enforcing corporate security without compromising user experience
Using mobile-centric technology to drive business innovation

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact Christopher Brown at 971.222.2378 or christopher.brown@gartner.com.

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Show Me The Metrics

Douglas DeGrote

CISO

Allianz Life Insurance Company of North America

How do you take disparate data points and metrics and turn it into a story to tell the business? Doug DeGrote shares his methodology on combining the end to end spectrum of what’s important to the organization, and what technology can tell security leaders, to create a scientific assessment of risk.

Join this session to learn:

How to align technology data points to business risk
How to make security details make sense to the business
What to watch, weigh and measure

10:20am - 11:10am Breakout Session

The Artificial Reality of Cyber Defense

Ron Winward

Security Evangelist

Radware

Security threats are growing faster than security teams and budgets cannot keep up. Hackers are leveraging automation in their attacks, increasing the number of targets and the probability of victimizing organizations even in the smallest of windows of opportunity. As a defender, you get a handful of opportunities to detect and block breaches – and finding the proverbial needle in the haystack has become nearly impossible without automation.

This session explores:

How to best leverage automation in detection and mitigation
Where automation fits into a modern security strategy
How to come out on top in the war against cyberthreats

10:20am - 11:10am Executive Boardroom

Facing the Challenges of Connected Devices

Judy Hatchett

VP, Information Security & CISO

Fairview Health Services

Becky MacDonald

CISO

Essentia Health

Jonathan Langer

CEO

Medigate

Connected devices provide valuable new functionality and revenue opportunities. They can also become a security nightmare, as many were not designed with security in mind. Cybersecurity leaders must have the right strategy in place to address potential vulnerabilities in the growing Internet of Things.

Join this roundtable to discuss:

Best practices in managing IoT ecosystems
Challenges impacting medical devices in particular
Case studies of successful segmentation

11:10am - 11:40am Networking Break

11:40am - 12:50pm Keynote

From CISO to CRO - Lessons Learned

Patrick Joyce

VP, Global IT & CSO

Medtronic plc

Kathy Orner

VP & Chief Risk Officer

CWT

Judy Hatchett

VP, Information Security & CISO

Fairview Health Services

Risk is much broader than security – and in her transition from CISO to CRO at Carlson Wagonlit Travel, Kathy Orner has a newly created role as security/risk champion. Orner shares her perspective on the importance of risk to the entire organization, and insights for security executives to think about risk more broadly.

In this session, discover:

The skills security executives need to broaden themselves
Why it’s important to “live in the grey”
How to articulate security and risk to the business

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Believe in the Illusion of the Possible

William Scandrett

VP, Chief Information Security Officer

Allina Health System

How can CISOs shift from firefighters to evangelists? From Bill Scandrett’s perspective, his principle duty as a security executive is to move barriers for his team. Scandrett shares his strategy to empower teams and create a shared vision - delivering continuous improvement without an increase in overhead.

In this session, discover:

How to create high performing, self managing teams
How to shift focus from technical outcomes to business objectives
Methods to inspire and motivate your organization

1:20pm - 2:10pm Executive Boardroom

Modernizing Your SOC

Noah Korba

Director, Cybersecurity

General Mills, Inc.

Debra Parker

Director, Security Services, Information Technology

City of Minneapolis

Chris Sears

Senior Solutions Architect

Securonix

When it comes to taking your data from you, cyber criminals never rest. If they can’t get in one way, they will try another. A sound Security Operations Center - staffed by the right people and with the right tools - should be a key part of your cyber defense strategy.

In this session you will discover how to:

Effectively develop your team
Automate to reduce workloads and drive efficiency
Equip SOC teams to operate within BYOD and Cloud
Create strong KPIs and KRIs to measure success

1:20pm - 2:10pm Executive Boardroom

Identifying the Way Forward in IAM

Paul Hershberger

Director IT, Security Risk & Compliance

The Mosaic Company

Patrick Joyce

VP, Global IT & CSO

Medtronic plc

How are your peers balancing business agility and business security in their identity and access management strategy? Join this roundtable discussion to benchmark your framework and vet future plans, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

Methodologies that satisfy users while maintaining adequate access controls
Communication techniques to streamline acceptance of IAM across the business
Roadmaps for deciding what technology is the best fit

2:10pm - 2:30pm Networking Break

2:30pm - 3:00pm Keynote

Protecting Your VIPs, and Your VAPs (Very Attacked People) Too

Ryan Kalember

EVP, Cybersecurity Strategy

Proofpoint

For years, we’ve seen attackers target organizations via their people. Now with fewer reliable exploits and more cloud adoption, we’re also seeing a shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor. Ryan Kalember of Proofpoint outlines strategies for gaining visibility and mitigating risk in a people-centric threat landscape.

Join to learn:

Why nearly all threat actors have shifted away from technical exploits to compromise their targets
How organizations can leverage threat data to understand which people and departments are highly targeted
How to design effective protection for highly attacked, highly vulnerable, and highly privileged users

3:00pm - 3:20pm Networking Break

3:20pm - 4:00pm Keynote

Eye for ROI — A CISO Gameshow

Miles Edmundson

Business Information Security Officer

Equiniti

Betty Elliott

Partner & CISO

Mercer

Rob Hanson

Head of Enterprise Security and Privacy

National Marrow Donor Program

William Scandrett

VP, Chief Information Security Officer

Allina Health System

Don’t touch that dial! In this interactive session, CISOs from organizations across the size spectrum will go head-to-head in a challenge to find the most creative solutions for stretching their resources as far as possible. Join this gameshow-inspired session and vote on who has the best eye for ROI in key areas such as: