IN-PERSON

San Francisco CISO Executive Summit

December 3, 2018 | InterContinental San Francisco

December 3, 2018
InterContinental San Francisco

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Colin Anderson

Levi Strauss & Co.
Global CISO

Eddie Borrero

Robert Half Technology
CISO

Krishnan Chellakarai

Gilead Sciences, Inc.
CISO

George DeCesare

Kaiser Permanente
SVP, Chief Technology Risk Officer

Peter Liebert

State of California
Commander, Cyber Operations

Steve Martino

Cisco
Senior VP & Chief Information Security Officer

Agenda

December 3, 2018

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Designing Your Life

Dave Evans

Product Design Program at Stanford, Co-Author of 'Designing Your Life'

The question “What do I want to be when I grow up?” is one that never truly goes away. Whether you are a college grad entering the workforce, a forty year-old shifting careers, or a sixty-eight year-old trying to define an encore career, the search for a fulfilling life never stops. In this keynote, Dave Evans teaches audiences how to look at career and life planning through the lens of design. Participants are given the tools to build their way forward and to develop various life scenarios just like a designer tests multiple prototypes. This approach fosters creativity and adaptability and allows audiences to accept that there is never just one right path.

8:30am - 9:10am Networking Break

9:10am - 10:00am Breakout Session

A Plan for Automating Incident Response

Eric Etherington

CISO

Dolby Laboratories

How do you grow incident response capabilities without adding headcount? Eric Etherington, CISO of Dolby Laboratories, shares his process for developing an automated incident response program. Etherington discusses how to get comfortable with automation and make the response process more efficient. With a lean operation, Dolby is able to review all alerts – low and high – and not suffer from the common problem of prioritizing only high alerts due to staffing limitations. Etherington shares use cases for common pain points that become manageable with automation.

9:10am - 10:00am Breakout Session

Securing the Cloud Revolution

Tim Prendergast

Chief Cloud Officer

Palo Alto Networks

The rapid evolution of cloud-delivered infrastructure, services, and technologies have been steadily transforming business, allowing for greater flexibility and advanced customization of the IT environment. As organizations look to the cloud, they must also manage the new risks and responsibilities in modern shared-infrastructure architectures.

In this session, examine:

The benefits, risks and challenges of scaling cloud applications
How the risk-minded organization evaluates the security posture of their IaaS, PaaS, and SaaS workloads and data
How enterprise organizations should evaluate API-based security offerings
Why automation is the one great equalizer for their security team’s growing resource challenge(s)

9:10am - 10:00am Executive Boardroom

The Practical Application of ‘Cognitive Cybersecurity’

Yassir Abousselham

SVP, Chief Security Officer

Okta, Inc.

Amir Jabri

Information Security Manager

Accuray

Sean McHugh

Cybersecurity Executive Advisor

IBM

The sheer volume of threat intelligence and suspicious activity alerts facing security teams is daunting, yet finding that needle in the haystack can make the difference between stopping an attacker or becoming victim to the next breach. “Cognitive cybersecurity” – machine learning and the automation of human tasks and processes – can transform the security program by free staff to focus on stopping the real threats.

In this interactive discussion, explore with fellow CISOs:

Areas of opportunity to free up resources with automation
Common threats every organization faces that can be alleviated with ML
Methods to get business buy-in for the next wave of technology

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

9:10am - 10:00am Executive Boardroom

Evaluating Your Information Security Program

Al Ghous

Sr. Director, Cyber Security

General Electric Company

David Tugwell

Director, Information Security

Agilent Technologies, Inc.

Ray Zadjmool

CEO & Founder

Tevora

A comprehensive information security program can significantly limit an organization’s exposure to risk. To address security concerns and needs, CISOs must continually assess their program and make improvements.

Join peers to discuss:

Possible gaps and risks in your information security program
Quantifying information risk into dollar terms
Establishing KPIs to measure progress

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

10:00am - 10:40am Networking Break

10:40am - 11:30am Breakout Session

Pen Test Your Board Pitch — An Interactive Exercise

Thomas August

CISO

John Muir Health

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat. In this interactive session, you will work in a group to:

Create and deliver a board pitch
Receive real-time feedback on your pitch
Learn best practices and strategies for communicating with your board

10:40am - 11:30am Breakout Session

Knowing Your Unknown Unknowns

Tim Junio

CEO & Co-Founder

Expanse, Formerly Qadium

It only takes one weak link to expose your entire network. The explosion of Internet-connected devices, and decentralization of IT procurement and management, has created problems for every large organization in the world.

In this session, discover:

Commonly overlooked vulnerabilities for organizations
Cutting edge technologies and methods for network visibility
Solutions such as Internet-scale intelligence and remote traffic capture

10:40am - 11:30am Executive Boardroom

Secure Transformation – Avoiding Risk in ERP Applications

Friedrich Wetschnig

CISO

Flex

Anand Kotti

SAP Security Expert

Onapsis, Inc.

Digital transformation is not just a buzzword, but an outline of business and operational plans to integrate and prioritize the latest digital technologies. Unfortunately, security is often second priority or not even in the scope of the transformation project.

Join this session to discuss how to:

Make security an enabler instead of a roadblock.
Develop a plan to secure critical ERP applications
Ensure your organization’s ERP applications are compliant

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

10:40am - 11:30am Executive Boardroom

Comprehensive Security for Connected Devices

Colin Anderson

Global CISO

Levi Strauss & Co.

Nadean Shavor

Chief Security Officer

State of California Franchise Tax Board

Bhanu Prakash

Director, Systems Engineering

Fortinet, Inc.

The number and types of network-connected wireless devices and mobile applications continue to grow exponentially. How can CISOs mitigate the risk coming from new vulnerabilities and an increased attack surface?

In this roundtable, join peers to discuss:

Challenges and best practices in managing connected devices
How to reduce complexity across network and device management
The balance between ease of use and robust security across devices

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

10:40am - 11:30am Executive Boardroom

DevSecOps – The Agile Approach to Security

Joel Fulton

CISO

Splunk

Kannan Perumal

Chief Information Security Officer

Applied Materials

Cindy Blake

Global Sr. Security Evangelist

GitLab

Security from the start and better collaboration are the keys to effectively reducing risks posed to an organization. With DevSecOps methods and principles, security automation can help organizations mitigate risk without impacting their Agile/DevOps velocity.

In this session, learn:

How DevSecOps changes the security workflow
The benefits of a DevSecOps approach
Best practices and lessons learned to implement DevSecOps in your organization

11:30am - 12:00pm Networking Break

12:00pm - 1:10pm Keynote

Minnows, Meet Sharks

Joel Fulton

CISO

Splunk

Al Ghous

Sr. Director, Cyber Security

General Electric Company

Mike Johnson

CISO

Lyft

Friedrich Wetschnig

CISO

Flex

Get the chance to explore new technologies with the shared expertise of a team of CISOs. Emerging providers will have the opportunity to pitch their new and innovative solutions to the most pressing cybersecurity challenges before a panel of influential global enterprise CISOs for coaching and feedback. Audience participants will have the opportunity to chime in alongside the panel of sharks with an interactive feature.

1:10pm - 1:40pm Networking Break

1:40pm - 2:30pm Breakout Session

Build Analytics That Count

Richard Seiersen

CISO, Author and Advisor

Can you prove that your security capabilities are improving while the business scales? Scale means exposing more value, to more people, through more channels faster. Richard Seiersen, CISO and Author, focuses on the philosophy and methods of measurement that will help your team answer these questions. Executive intuition, inspiration and next steps to build analytics that count is the goal.

1:40pm - 2:30pm Executive Boardroom

Achieving Next-Level Security Through Automation

Krishnan Chellakarai

CISO

Gilead Sciences, Inc.

Sankara Shunmugasundaram

Principal Security and Compliance Officer

AppDirect

Myke Lyons

Director & Global Head, Security Transformation

ServiceNow

Security teams face a significant challenge in tackling the routine tasks necessary to monitor threats to their organization. What would it mean to free up these staff resources to focus on more strategic challenges?

Join your peers to discuss the role of automation in cybersecurity, including:

How does your organization view automation in the context of talent shortages?
What are the types of tasks in your security program are you automating, considering automating, or never automating?
How do you measure current and future efficiency as you deploy automation?

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

1:40pm - 2:30pm Executive Boardroom

Blockchain – Secure by Design?

Glen Carson

CISO

California Natural Resources Agency

Jeff Klaben

Executive Director, Trusted Technologies

SRI International

Jose Diaz

Director, Payment Strategy

Thales

Blockchain technology offers substantial promise as a tool for authentication and information exchange. With this new technology, though, comes questions about how to ensure blockchain is properly secured. This session explores how CISOs can keep security top of mind while organizations examine use cases for blockchain.

In this roundtable, discuss:

Practical use cases for blockchain
The benefits blockchain technology provides to security
The future landscape for this emerging technology

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

1:40pm - 2:30pm Executive Boardroom

Measuring Risk in a Post GDPR World

Cassie Crossley

Security Governance Program Leader

Schneider Electric

Christophe Jacquet

VP & CISO

Hitachi Vantara

Chris Babel

CEO

TrustArc

The GDPR significantly changed how companies assess and manage risk through a combination of new / complex compliance reporting requirements and exposure to significant financial penalties. The GDPR, and forthcoming California Consumer Privacy Act (CCPA) are increasing the level of interaction CISOs need to have with legal / privacy counterparts to ensure data protection risks are properly identified, effective management tools are implemented, and objective measures are in place to track progress.

Join fellow security leaders to discuss:

Standards and metrics for measuring data protection risk
Best practices for managing risk associated with GDPR, California Consumer Privacy Act, and other global data protection frameworks
Tools to manage data protection risk and meet compliance reporting requirements

To reserve your seat, please contact: Greg Winterrowd at 971-717-6628 or Greg.Winterrowd@evanta.com.

2:30pm - 2:50pm Networking Break

2:50pm - 3:30pm Keynote

The Future CISO

Yassir Abousselham

SVP, Chief Security Officer

Okta, Inc.

Colin Anderson

Global CISO

Levi Strauss & Co.

James August

CISO

University of the Pacific

George Do

CISO

Equinix

The role of the CISO has changed dramatically over the past decade from an IT-focused role to more business oriented. What will the role look like a decade from now? What are the qualities that are key for the next-generation security leader? This panel, featuring a variety of unique backgrounds and perspectives, takes a look at what the future holds.

3:30pm - 4:00pm Closing Reception & Prize Drawing