New York CISO Executive Summit

"Those who tell the stories rule society." (Plato) But busy executives don’t have time to learn complex communication models or esoteric storytelling processes — you need a simple, effective framework that can help you not only connect with any audience, but also elicit real change. Enter the Swarm Effect.

Join this session with Arthur Zards — an expert on storytelling, TEDster and provocateur — to:

• Hone your skills in executive influence
• Adopt a more authentic and engaging approach to speaking
• Take your next presentation from “understandable” to “compelling”

When users are everywhere and digital operations span cloud, SaaS, and on-premises environments, achieving cyber resilience becomes paramount. The challenge lies in navigating this complexity and maintaining visibility and control to ensure continuous operation despite cyber threats.

Join this interactive roundtable to discuss:

• Optimizing costs and improving security across diverse cloud environments
• Adopting Zero Trust philosophies to protect users, data, and applications
• Innovating with AI while addressing global regulatory and data privacy requirements

We know that a comprehensive AppSec program is critical for a successful business. With cloud-based applications expanding and AI-generated code offering both opportunities and risks, CISOs must navigate a drastically changed threat landscape. So, how can CISOs effectively manage their AppSec initiatives to ensure comprehensive security across the SDLC, despite the expanding complexities?

In this session, we’ll discuss the value of:

• Streamlining developer workflows with integrated security tools to boost developer experience
• Consolidating tools to simplify operations and tackle tool sprawl
• Utilizing AI to enhance security and increase productivity across teams

The complete entanglement of cyber risk with business risk is becoming increasingly more visible. CISOs now have an opportunity to better pinpoint third parties that present a threat to the organization. Yet the increasing complexities of third party, and even fourth party, risk management, prompted by a wide range of evolving threats, demands heightened attention. How can CISOs ensure they have a clear overview of the threat landscape and vulnerabilities across ecosystems and supply chains?

Join this session to discuss:

• Identification of vulnerabilities across your vendor landscape to prioritize response efforts
• Best practices for mitigating a new wave of sophisticated attacks to keep assets safe
• The role threat intelligence plays in risk management strategies to safeguard your digital ecosystem

Prioritizing and eliminating the cyber risks that matter most is the ultimate goal of security leaders. But how do you validate that your efforts are hitting the mark? It all comes down to well-crafted measurements: metrics that are reliable and easily understood by all stakeholders across the business.

In this session, we will discuss:

• Cybersecurity risk assessment essentials and which risks truly carry weight
• Concrete approaches to determine effectiveness of security capabilities
• Creating simple "metric cards" to communicate across stakeholders

As more and more organizations adopt a Zero Trust architecture (ZTA), many initiatives overlook the increased prevalence of API-based access to sensitive application functionality and data. As CISOs move forward in their ZTA journey, how can they extend these principles to their API strategy to ensure security from the network layer to the application layer?

Join this session to discuss:

• Breaking the kill chain by stopping infection vectors and protecting against lateral movement
• Shielding sensitive data and limiting how APIs interact with data
• Increasing real-time visibility across the business to mitigate threats

Security not only protects an organization’s valuable assets but serves as a catalyst for innovation, fostering trust, and enabling new business models. Simultaneously, cloud technology offers flexibility, scalability, and cost-effectiveness, shaping how businesses operate, grow, and innovate. However, navigating these areas effectively requires an understanding of the benefits, challenges, and the trends that are driving their evolution if they're going to drive real business outcomes.

Join this session to discuss:

• Research-backed viewpoints on the relationship between security and innovation
• Establishing an aligned vision and culture that recognizes the strategic significance of security
• Navigating cloud security options to unite practitioners and leadership for better results

It’s an all-too-familiar scenario: Thousands of vulnerabilities are identified across your hybrid ecosystem. How do you identify and prioritize remediation for the vulnerabilities most likely to exploit your cloud and on-prem environments?

Join this session to discuss:

• Prioritizing actively exploited vulnerabilities
• Measuring the value of a vulnerability to an attacker
• Communicating risk posture cross-functionally

The explosion of data, and continued adoption of hybrid work, multi-cloud, and SaaS have eroded away the classic silos that once existed between Security and Networking teams. As data remains at the epicenter of innovation, CISO and Infrastructure leaders are working more closely together than ever to allow for fast, secure access to IT.  Technologies like Secure Access Service Edge (SASE) have skyrocketed in popularity, creating a future where the fates of both teams are more intertwined than we know.

How can CISOs foster trust and collaboration between these two dynamic groups - with a mind towards enabling the business?

Join this session to discuss:

• How the changing dynamic is forcing CISOs to have to think differently
• Company initiatives where CISOs should take lead, and those where Networking should take lead
• Emerging technologies that serve as a win-win for both teams and success stories of security and networking winning together

Shadow AI introduced a new layer of risk in a time when security leaders are already grappling with the formidable challenges of managing hidden technical debt and uncovering shadow IT. Today’s digital landscape requires a new approach to risk and governance – one that identifies the shadows already existing in your organization and stops future shadows emerging as you harness the power of emerging technologies.

Join this session to discuss:

• Uncovering existing hidden technical debts and shadow IT that inhibit agility, innovation and security
• Establishing centralized risk frameworks and governance that are enforceable and scalable
• Involving the C-suite and end users in establishing and understanding protections to deter rogue IT and AI

Many organizations lack the capability to continuously monitor and measure the effectiveness of their security controls. Continuous control monitoring (CCM) automates the monitoring of cybersecurity controls’ effectiveness and relevant information gathering in near real time.

Join this session to explore how CISOs can:

• Improve their organization’s security posture and their own productivity
• Gain visibility on asset management, endpoint protection, secure configuration and vulnerability management
• Act as a business enabler, ensuring audit readiness and proactive risk management

The SEC historically has not top of mind for CISOs – but no longer. While past SEC leadership messaged that they would not “second guess good faith disclosure decisions," the criminal sentence imposed on Uber’s former CISO, the SolarWinds case, and the cyber disclosure rules last year all underscore the new heightened risk environment for CISOs trying to protect their companies – and themselves.

In this discussion, our expert panel will provide an inside perspective on the increased regulatory scrutiny on cybersecurity breaches and the role of the CISO, including:

• How the government thinks about cyber cases against companies and individuals
• How CISOs should think about navigating an enhanced role in the disclosure process
• Key indemnification and insurance considerations

While the vast majority of infrastructure has been upgraded and modernized to secure the shift to the cloud, enterprise IT teams are still missing an equally seamless access method to safely deliver those now cloud-native apps and data. While traditional browsers have become the de facto access point for the majority of business critical applications, they lack the deep inspection capabilities and hyper-granular security controls enterprises need. This results in security teams surrounding their browsers with layers of tech to meet those needs.

Join this breakout session to discover:

• Why traditional cloud security methods undermine your modernization efforts and end-user experience
• Embracing technological momentum to adapt to a "more-with-less" security landscape
• How enterprise CISOs are using this solution to bolster cloud security

 Let’s face it: Not all AI is created equal. But when used properly, data science and AI can turn the tables on cyberattacks in favor of defenders. Unveil how AI can transform the SOC from manual and mundane tasks and empower analysts to stay ahead of the evolving landscape.

Join Hitesh Sheth, Chief Executive Officer at Vectra AI, to discover:

• Navigating the merits of AI methodologies
• Understanding how integrated signals reduce alert noise and surfaces real threats
• Empowering humans to move at the speed of hybrid and multi-cloud attackers

You’ve likely seen the recent zero trust guidance from the NSA – they advise segmentation to stop lateral movement but also position micro-segmentation as exclusive to mature, "advanced” organizations. This is due to its historical complexity, extensive implementations, and cost. The NSA is wrong on this point however: micro-segmentation is now accessible to organizations of any size and maturity level and can be deployed easily and effectively without breaking anything. 

Chris Turek, CIO of Evercore, joins Benny Lakunishok, CEO and Co-Founder of Zero Networks, to share his experience deploying micro-segmentation to halt lateral movement and effectively defend against ransomware, and have an open conversation about implementing an actionable segmentation strategy, including:  

• The key steps to achieve automated segmentation (full IT + OT) in just 30 days  
• How you can restrict traffic to essential assets without breaking anything
• The latest in just-in-time MFA that can be applied to anything – and blocks ransomware in its tracks

The path to cloud security is complex and dictated by a whole host of variables unique to each organization. Even though we've been talking about securing the cloud for many years now, achieving maturity here still feels like a moving target. Cloud-first, cloud-native, multi-cloud, hybrid cloud -- whatever the organization's strategy is, the CISO holds the responsibility for driving a culture that continues to put security at the center of cloud transformation.

Join this discussion to hear a range of perspectives from your CISO peers on cloud security topics, including:

• Enhancing security and cost-effectiveness across diverse cloud environments
• Implementing – and then elevating – cloud security initiatives across a global footprint
• Solving for the continued shortage of high-level cloud security skills