IN-PERSON

Philadelphia CISO Executive Summit

November 5, 2019 | Hilton Philadelphia at Penn's Landing

November 5, 2019
Hilton Philadelphia at Penn's Landing

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Todd Bearman

TE Connectivity
CISO

Mark Eggleston

Health Partners Plans
VP, CISO & CPO

Dawn-Marie Hutchinson

GlaxoSmithKline
CISO, Pharmaceuticals and R&D

Anahi Santiago

Christiana Care Health System
CISO

Dave Snyder

Independence Blue Cross
Chief Information Security Leader

Alden Sutherland

AmerisourceBergen
CISO

Jay Weinstein

L3 Harris
CISO

Reginald Williams

The Chemours Company
Chief Information Security Officer

Agenda

November 5, 2019

mid-afternoon morning afternoon

11:40am - 12:20pm Lunch & Comments

12:20pm - 1:10pm Keynote

CISO/Security Vendor Relationship Podcast — A Live Recording

David Spark

Co-Host

CISO/Security Vendor Relationship Series

Mark Eggleston

VP, CISO & CPO

Health Partners Plans

We're proud to host David Spark and guest co-host, Mark Eggleston, as they record the breakthrough podcast that has turned a spotlight on one of the most important areas of InfoSec: relations between buyers and sellers of cybersecurity products. Join us as Spark challenges his guest co-host Eggleston and guests to comment on hot cybersecurity issues, listener questions, and play risk-based security games like "What's Worse?!"

1:10pm - 1:40pm Networking Break

7:00am - 7:45am Registration & Breakfast

7:45am - 8:00am Opening Comments

8:00am - 8:30am Keynote

Get Future Forward — Master the Basics

Noopur Davis

EVP, Chief Product & Information Security Officer

Comcast

Every business is transforming. In an effort to “move the needle” in the right direction, collaboration across all levels of business is essential. Before taking your next strategic move, Noopur Davis has a message for security leaders: focus on the fundamentals first. Davis shares her strategy for creating and maintaining a sound security program – from infrastructure to culture – so that the next generation initiatives are on a solid foundation.

Hear Noopur’s perspective on:

Evaluating and ensuring your security program can keep pace with organization transformation and global threats
Focusing on privacy, staffing and culture – the core pillars of future success
What to fine tune before implementing AI & ML

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Strategies to Justify the Cyber Spend

Todd Bearman

CISO

TE Connectivity

Mark Eggleston

VP, CISO & CPO

Health Partners Plans

So how do you secure much needed investments in security before they are thrust upon you after the big breach –(which is not a good thing)? Come together in this interactive session to benchmark your strategy and get answers to your pressing questions including:

Who do you ask for money – your boss, senior/executive leadership, or the board?
How do you present a business case if there is no ROI (there typically is not)?
What role do frameworks and maturity models play in establishing risk appetite and a need for investment?
How do you prevent alienating yourself by surprising executive leadership at a board meeting?

9:00am - 9:50am Breakout Session

Behavioral Analytics and the Evolution of Cyber Risk Ratings

Sam Kassoumeh

COO & Co-Founder

SecurityScorecard

Cyber risk ratings have steadily evolved over the last six years, shifting from scoring approaches using off the shelf vulnerability scanners to frameworks built with machine learning. (Name of speaker) shares the evolution of developing scores – including initial ideas, setbacks and breakthroughs.

In this session, learn:

The composition of a cyber security risk rating
How an enterprise IT team’s behavior manifests itself to the outside world
How behavior translates to cyber security risk for the business

9:00am - 9:50am Executive Boardroom

Cyber Resiliency — Evolving Your Cyber Ecosystem

Matt Cerny

Sr Manager, Security Operations

Integra LifeSciences

Nancy Hunter

CISO

Federal Reserve Bank of Philadelphia

Jon Hencinski

Director, Global Security Operations

Expel

Managing and mitigating risk is a complex undertaking that spans phishing to networking monitoring. Faced with increasingly complex and sophisticated threats, CISOs must be strategic about improving their resilience and tracking improvements.
Join this boardroom to discuss:

Emerging security models based in transparency
Understanding security risks when it comes to cloud
Managing the business’s risk appetite
Building a resilience plan

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Program Manager Brandon Bean brandon.bean@evanta.com.

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Cyber Security Policy Development

Jay Weinstein

CISO

L3 Harris

Many industries have a regulatory and compliance entity they must comply with, but what if it goes one step further? What happens when cybersecurity becomes audit-able, measurable, and scored? This may not be too far off.

Join the conversation to discuss:

The auditing process and possibility of public familiarity
How the defense industry is leading (or taking) the charge head-on
Being scored and ranked as an organization based on your security program

10:20am - 11:10am Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

John Chisum

Senior Security Advisor

RiskRecon

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

10:20am - 11:10am Executive Boardroom

The Next Great Security Challenge — Securing SD-WAN

Michael DiLoreto

Director, Business Information Security Officer

Realogy

Donna Ross

Senior VP & Chief Information Security Officer

Radian Group Inc.

Dave Gormley

Manager, Cloud Security

Cisco Umbrella

The market consideration and adoption of software-defined WAN (SD-WAN) represents the largest networking transformation in recent history. Organizations are turning to SD-WAN to improve connectivity, reduce costs, and simplify management at their branch office locations. But what about security?

In this boardroom, you will discuss:

Embracing change — the pros and cons
Addressing weaknesses within brand offices and roaming users
Keeping security top of mind for business leaders

11:10am - 11:40am Networking Break

1:40pm - 2:30pm Breakout Session

The Art of Anti-Phishing

Mark Purcell

Exec Dir of Info Sec & Compliance

La Salle University

Seth Shestack

Deputy CISO

Temple University

Phishing is an ongoing problem. With spoofed accounts and false positives, CISOs are constantly pivoting their strategies. How do we come up with a defense strategy to reduce phishing as a threat? Join two University CISOs who deal with one of the widest generational gaps an industry can face.

Come together to explore:

Anti-spoofing and email fraud
Self-phishing tactics
Creative ways to train your executives, employees and customers through MFA and other means

1:40pm - 2:30pm Breakout Session

Five Principles for Holistic Cloud Security

Matthew Chiodi

CSO

Palo Alto Networks

Whether it’s the rapid pace of cloud provider innovation, the fluid shared responsibility model or the constantly evolving compliance mandates, cloud security seems challenging for many organizations. While threat research has shown the majority of cloud security incidents are the result of misconfigurations, it doesn’t have to be this way IF you have a distinct strategy for the cloud.

Learn the five patterns of excellence to adopt cloud including:

What to focus on first (hint, it’s not your tools!)
Understanding how your dev and business teams use cloud
Why your security team needs to transform skillsets

1:40pm - 2:30pm Executive Boardroom

Board Communication — Translating Insight Into Action

Cathy Beech

Business Information Security Officer

Comcast

Anahi Santiago

CISO

Christiana Care Health System

Unlike the CISO role of just a few years ago – where many could still focus heavily on the bits and bytes – today’s security leader is also expected to be a business leader. Uncover strategies with your peers to help you become fluent in the languages of risk, finance and strategy, and to effectively convey your message, including:

How to educate your board on cybersecurity so they become champions for security in your company
What the board really wants to hear from CISOs
Which metrics will help you craft a compelling story that inspires action

2:30pm - 2:50pm Networking Break

2:50pm - 3:00pm Closing Comments

3:00pm - 3:30pm Keynote

Lending a Hand – Leadership Opportunities for the CISO

Alden Sutherland

CISO

AmerisourceBergen

CISOs often get caught up in the day-to-day activities of ensuring their organization is secure. Despite the ever-changing threat landscape, how many CISOs are taking time to consider their own professional development and leadership plan? Join Alden Sutherland, VP & CISO at AmerisourceBergen as he shares his perspective on: