New York CISO Executive Summit

Compete in games of chance and skill at the New York CISO community's first Governing Body Welcome Reception of 2023!

There are many paths leading to zero trust, but careful planning in the initial stages is key to ensuring a smooth journey. Successful digital transformation relies upon cultivating organizational buy-in as well as understanding the best ways to apply zero trust in your environment. Starting off on the right foot can save your business considerable hardship down the road.

Join the session to learn:

• How to win support from peers and the board by framing zero trust in terms of business risk, not security
• Where to first introduce zero trust into your organization; access control, third party management, attack surface reduction, app-level segmentation, etc.
• Identifying and prioritizing risks to avoid scope creep and costly mistakes

Timely and secure information sharing serves to bridge the gap between vulnerability and security. This effort is facilitated through cyber supply chain risk management. CISOs must establish a live view into their organization’s overall security posture inclusive of their external perimeter, while placing focus on OT assets.

Join this session to learn:

• How to understand the risk posed by OT environments
• What considerations need to be made for OT that are different than IT environments
• What’s being done to identify at risk OT products

Despite a dynamic threat landscape and constantly changing malicious TTPs, CISOs must prepare their organizations to thrive in growing complexity. From widely distributed infrastructures to high volumes of tools with different levels of control and responsibility, it can be difficult to maintain true visibility across environments. How can shifting from reactive to proactive threat management be incorporated into your security strategy to help achieve this?

Join this session to discuss:

• Identifying blind spots due to information fragmentation
• Understanding your full attack surface and the challenges of lowering risks
• Reducing the noise and stress being fed into threat management systems and pressure on teams

Preparing for a cyber crisis is imperative and can determine whether it becomes a major catastrophe or a manageable incident. Whether you have experience navigating a crisis or are preparing for the inevitable attack to come, come together with your peers to leverage the wisdom in the room to tackle complex challenges and get ahead of the attackers.

Join this session to discuss:

• Evaluating common options, dilemmas, and pitfalls in crisis planning
• Understanding the impact of technical and stakeholder management decisions on the business
• Identifying key gaps and vulnerabilities often overlooked by security teams

Adversaries are increasingly fast and stealthy, don’t respect time zones or holidays, and often execute damaging intrusions in hours.  Every second matters when under attack and the first steps taken in the wake of a threat can determine success or downtime and disruption. How are you ensuring you have the tools and processes to protect your endpoints and the organization from today’s threats?

Join this interactive discussion for strategies to:

• Deploy the right endpoint security tools and extended capabilities to stop an adversary with speed
• Identify resources to appropriately implement, operate and maintain an effective security program
• Secure critical applications even in a state of compromise

Security leaders often seek opportunities to counter the outdated notion that security programs are merely a cost center. Effective third party risk management (TPRM) enables business growth while providing much-needed security, whether you are responding to due diligence requests or providing security approval for new vendors.

Join this session to discuss:

• Implementing security domains and safeguards that accelerate business outcomes
• Increasing visibility of your new and current vendors to drive efficiency and identify risks
• Assessing and communicating third-party risk within your broader security strategy

With an average of 75 security products utilized by organizations, the need for consolidation is evident. Having multiple security products translate to higher costs, operational complexity, and intraorganizational friction. CISOs today must strive to maximize value with ubiquitous and powerful security that is centralized and simple to use.

Anand Oswal, SVP, GM of Products and Network Security at Palo Alto Networks, will share valuable insights and best practices for enabling cyber-transformation. The discussion will cover key strategies, including:

• Streamlining your security portfolio through a unified SASE (Secure Access Service Edge) approach from a single vendor
• Embracing a threat-informed approach to security that ensures your defenses align with evolving threats 
• Enhancing efficiencies, reducing complexity, and addressing critical vulnerabilities

Register now and secure your spot to learn from an industry expert and gain valuable knowledge to elevate your organization's security posture.

As we continue to evolve our corporate defenses, even the best crisis response plans struggle to account for the human element. The performance of your technology might be a known quantity, but what about your human capabilities? This session will test organization-wide decision-making skills using a realistic cyber crisis.

Join this session to:

• Understand the business impact of technical choices, stakeholder management actions, and more
• See real-time data on the effects of decisions on crisis management and response
• Strengthen your organization's resilience at both the executive and technical levels

We've been hearing about — and living through the reality of — the security talent and skills dilemma for a decade now. It is time for a reset in how security leaders solve for the talent dearth at their organizations. How can CISOs collaborate better as a community to bypass the skills shortage, become changemakers and create a talent pipeline that works for them?

Join this session to discuss:

• Rethinking the requirements for a role to expand the applicant pool

• Building partnerships with cybersecurity education and training providers 

• Reevaluating team and company culture to identify what makes your organization more appealing to top performers

Third party risk comes in a few different forms, each with their own set of concerns and solutions. There are risks to third party/open source code libraries, like the infamous Log4j; risks to third party tools, like the one that led to the 2020 SolarWinds breach; and risks to networks as a result of granting access to third parties, like vendors and contractors. All of these present unique challenges and must be addressed with unique approaches.

In this session, we’ll cover:

1. The risks that pose the greatest potential negative impact to your organization
2. Which approaches are the most optimal for your team
3. Why adopting an "assume breach" stance can help

Data Loss Prevention software is often the default answer for preventing data loss, but as company data lives increasingly in the cloud, a robust approach to data management is critical. Security leaders should consider a risk-based approach when determining how to reduce data loss through their data protection strategy.

Join this session to learn:

• Best practices to continuously monitor file activity to detect risk
• How to quickly investigate and respond to insider threats
• Ways to transform your data loss protection strategy

Cyber threats don't take time off. Today’s CISOs are navigating budget, staffing and technologies challenges, while building out effective, efficient and proactive network security strategies. Dealing with advanced threats takes up valuable time and manpower, but a well-crafted threat hunting and threat intelligence program is a key tool of multi-layered defense models.

Join this session to discuss:

• Providing internal visibility as it relates to threat intel and ransomware attacks
• Protecting the modern enterprise from vulnerabilities introduced by the cloud and a distributed workforce
• Building a threat-hunting road map that can find the most evasive threats

Right now, there's an expectation for real-time posture management in the cloud. Meanwhile, custom application development is creating its own vulnerabilities. With an expanding attack surface and complexity, what are others doing to get a clear picture of their vulnerabilities according to risk? Rather than blindly swinging at that list of vulnerabilities and hoping it eventually goes away, consider starting with your largest hurdles. Of course, if minimizing your attack surface is the ultimate goal, identifying these riskier weak points is simply the beginning.

In this peer-led, private session, CISOs can discuss: 

• What can we do to mitigate all these vulnerabilities, configuration errors and security defects according to their business risk
• What are best practices for visualizing the risk using attack paths
• Which vulnerabilities pose the greatest risk in the context of your environment

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Despite the challenges posed by organizational and technological silos, the modern CISO is stepping up to the plate. Impactful digital transformation through intentional technology decisions can minimize organizational obstacles.
Join this fireside chat to discover:

• Embracing digital transformation to stay competitive and secure in today's business world
• Leveraging SASE to simplify your security architecture, level-up compliance monitoring and improve visibility
• Driving meaningful change with a holistic approach that considers not just security, but also organizational culture, processes, and people

Like all major technological advancements, generative AI has entered the mainstream; bringing with it inspiration, excitement, entertainment, and fear. And like all intelligent (or seemingly-intelligent) life, you'll need to take it to your leaders. How are they responding? Now's the time to develop your own stance on the impacts of this here-to-stay tool of the future. 

Join this session for: 

• An interactive, real-time, pulse check on the community's general notions toward AI
• Your chance to workshop and collaborate on a helpful approach to accepting or monitoring this tool
• A data-driven look at the realities of doing business in the era of generative AI

High-profile SaaS data breaches are on the rise, and organizations show no signs of slowing their adoption of enterprise SaaS applications. This trend means Security teams must now manage. SaaS solutions’ many types of internal and external users, large third party app ecosystems, and frequent vendor updates — making SaaS a unique security challenge. In this session, you’ll learn best practices for securing cloud and SaaS data, and for building a scalable SaaS security program within your organization.

Join this boardroom to discuss:

• The most common misconfigurations we see in SaaS ecosystems
• How to achieve visibility into data access levels throughout your SaaS environments
• The critical components of a comprehensive SaaS security program

Many conversations around trust include the ever-elusive 'zero-trust,' identity management and networking controls. Some even suggest we abdicate responsibility for trust to a third-party service. However, with so many systems capable of manufacturing credentials, shouldn’t trust be earned based on risk? Whether it’s human actors or rapidly evolving systems, CISOs need to properly assess their environmental conditions.

Join this discussion and consider:

• How to assess risk in a rapidly changing environment
• What are the optimal environmental conditions for trust
• Where does third party services fit in to having a secure framework

The pressing question in the current economy is how can organizations overcome shrinking budgets and dwindling headcount to stay ahead of cybercrime? CISOs must adjust their security strategy to meet resource constraints.

Join this session to discuss:

• Where to consolidate and where to invest for the best security outcomes
• Preemptive protection of digital assets to avoid security breaches
• Ways to scale security efforts and minimize risk without additional budget

Pretty frequently, the successes of a security program are chalked up to processes or tooling. Some would argue, however, the key to an exponential growth in resiliency is sitting right there on your back burner. All it takes is the right culture development practices and the will to inspire collaboration.

Led by Teresa Zielinski, Chief Information and Product Security Officer at General Electric, this keynote offers: 

• Real, practical steps for bolstering culture, team satisfaction and, ultimately, resiliency
• A glimpse into the risks of neglecting this increasingly important security factor
• Success stories and lessons learned by members of your New York CISO community