IN-PERSON

San Francisco CISO Executive Summit

November 8, 2023 | Parc 55

November 8, 2023
Parc 55

Collaborate with your peers

Get together with San Francisco's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Quantifying the business's cyber-risk appetite and leveraging it to frame security investments

Improving the agility of security operating models to keep pace with organizational priorities

Enhancing product security to better protect against and take advantage of advanced AI capabilities

San Francisco CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Yassir Abousselham

UiPath
SVP, CISO

Selim Aissi


CISO and Corporate Board Director

Sujeet Bambawale

7-Eleven
VP, CISO

Krishnan Chellakarai

Gilead Sciences
CISO, Head of Information Security & Data Privacy

Devin Ertel

Menlo Security
Chief Information Security Officer

Al Ghous

Snapdocs
CISO

Leda Muller

Stanford University, Residential and Dining Enterprises
Chief Information Security and Privacy Officer

Kannan Perumal

Applied Materials
Vice President, Chief Information Security Officer

Jeff Trudeau

Chime
VP, CIO & CSO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your San Francisco CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


November 8, 2023

7:45am - 8:30am  Registration & Breakfast

8:30am - 9:15am  Keynote

Leading Like a Game Master

Dr. Timm Woods headshot

Dr. Timm Woods

Professional Game Master

Tabletop exercises, wargaming sessions, etc. — whatever you call them, security leaders are no strangers to using interactive role-playing to practice incident response scenarios with stakeholders. But there's so much more to learn from the wide world of tabletop roleplaying games (TTRPGs).

Dr. Timm Woods, an expert on the role of TTRPGs in business and educational contexts, joins us to share practical insights learned from hundreds of hours as a professional Game Master, including:

  • Fostering a team environment that authentically encourages innovation, trial and even error
  • Using the power of storytelling to make intangible concepts feel as real as life and death
  • Working with (not against) the fast-paced and unpredictable nature of security (and games) to embrace a more improvisational leadership style

9:15am - 9:40am  Networking Break

9:40am - 10:25am  Breakout Session

Unpacking the Impacts & Implications of the SEC Cyber Disclosure Rules

Lauri Floresca headshot

Lauri Floresca

SVP & Partner

Woodruff Sawyer

Gary Hayslip headshot

Gary Hayslip

CISO

SoftBank Corporation

With its new cyber rules, the SEC made clear that it expects more transparency from senior executives and board directors of public companies around cyber risk. Other things – like a definitive determination on what is “material” and potential increased personal liability for CISOs – remain a little less clear, however.

Join this session to participate in an open discussion about:

  • Board-level oversight of cybersecurity
  • C-Suite liability and information security risk
  • Relevant cases, proposed policies and procedures

9:40am - 10:25am  Executive Boardroom

Modernizing your Security SecOps Program in the Cloud

Will Lowe headshot

Will Lowe

COO

Panther

Jitendra Joshi headshot

Jitendra Joshi

Founder

Cyylocity

Pathik Patel headshot

Pathik Patel

Head of Cloud Security

Informatica

In today’s rapidly evolving security landscape, security programs must possess three indispensable capabilities to be truly effective: speed, scale, and flexibility. But to get to that ideal state, CISOs must overcome a bevy of obstacles, like legacy tools that are continuously breaking and homegrown systems that are challenging to maintain.

In this session we will discuss:

  • Building a scalable infrastructure by exploring tools, processes and skills
  • Challenges with current SecOps frameworks and ideas for more modern approaches
  • Solutions for high volume cloud log sources while keeping budget in check

9:40am - 10:25am  Executive Boardroom

Strategic Pitfalls in Third-Party Risk Management

Dave Holden headshot

Dave Holden

Regional Sales Director

RiskRecon - A MasterCard Company

Kailas Pimple headshot

Kailas Pimple

Global Information Security Manager

Bio-Rad Laboratories

Managing cyber risk across an enterprise IT infrastructure has never been harder. Remote workers, advancing attack methods, and an ever-expanding vendor network are challenging every firm, as total visibility into threats has become nearly impossible. As digital business strategy matures, more organizations are becoming dependent on the cyber posture and protection of third parties. Third-party risks present a unique challenge because you are depending on vendors and partners to operate securely to keep your data and information safe. How are you mitigating the associated risks and demonstrating this to the business to ensure effective security programs?

Join our session to hear about:

  • Common failings across TPRM programs that led to breach events
  • How executives can provide strategic direction for third-party risk teams
  • Key practices being implemented by leading vendor risk firms to maintain strong supply chain risk management

9:40am - 10:25am  Executive Boardroom

Empowered Women, Empowering Women — Getting the "Chief" Title (And Beyond)

Deepali Bhoite headshot

Deepali Bhoite

CISO

Anaplan

Michele Buschman headshot

Michele Buschman

Chief Information Officer

American Pacific Mortgage

While the number of women in technology roles is growing, there's one area where the gender disparity is still very noticeable — right at the very top. Women in working IT, security and risk management still face more barriers to career advancement than their male counterparts, particularly when it comes to getting to the "Chief" title and level of authority.

In this session, women in the Bay Area technology community who've reached the "chief" level (and beyond) in their organizations will share some key moments in their career journeys, then we'll transition to more open discussion. Come prepared to share your perspective and forge new connections!

Access will be reserved for, but not limited to, women who are leading the IT, security and/or risk functions at their organizations (CISO, etc. or equivalent) and women reporting directly to these heads of function. Male allies and others are welcome as space allows.

10:25am - 11:00am  Networking Break

10:30am - 10:55am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:00am - 11:45am  Breakout Session

Prevention Focus — Limiting How Security Leaders Utilize 3rd Party Frameworks

Tony Giandomenico headshot

Tony Giandomenico

Global VP FortiGuard Security Consulting Services

Fortinet

Many organizations today still purely focus on hardening systems and networks against an intrusion, aka “Prevention Focus.” This approach can result in a lack of focus on how an organization’s security solutions, people and procedures would support responding to a security incident if it were to occur. Would you be surprised to know that many victim organizations had the capabilities to detect these intrusions, but they weren’t enabled?

Join this session to discuss:

  • Assessing third-party frameworks
  • Articulating an organization’s ability to employ counter measures
  • Identifying threat actors within their current organizational environment

11:00am - 11:45am  Breakout Session

FBI Cybersecurity Update – What's Now, New & Next in the Threat Landscape?

Elvis Chan headshot

Elvis Chan

Asst. Special Agent in Charge, FBI San Francisco, Cyber Branch

Federal Bureau of Investigation

Sujeet Bambawale headshot

Sujeet Bambawale

VP, CISO

7-Eleven

Today's varied threat landscape features both foreign and domestic security concerns that could stop or delay business. With so many avenues for malicious actors, how should CISOs be prioritizing their resources to improve resiliency?

Join this open discussion with a cybersecurity expert from the FBI's San Francisco field office to discover and discuss:

  • The latest cyber threats both already here and on the horizon
  • Strategies for addressing the emerging threat landscape
  • Best practices of working with law enforcement before, during and after a breach

11:00am - 11:45am  Executive Boardroom

Unifying the Analyst Experience to Improve Threat Detection and Response

John Velisaris headshot

John Velisaris

Director of Threat Management Services

IBM Security

Kannan Perumal headshot

Kannan Perumal

Vice President, Chief Information Security Officer

Applied Materials

James O'Brien headshot

James O'Brien

Deputy Chief Information Security Officer

First Republic Bank

Given today’s dynamic threat landscape, involving constantly changing malicious TTPs, CISOs must have a proactive threat management strategy to handle complex attacks. However, with widely distributed infrastructures and the number of tools with different levels of control and responsibility, maintaining true visibility is difficult. Staffing shortages and the high volume of alerts that come in from fragmented tools adds to this challenge. The solution? Unifying the analyst experience to connect existing tools and workflows across your hybrid cloud environment.

Join this session to discuss:

  • Detecting and responding to advanced attacks like ransomware
  • Unifying the analyst experience with AI and machine learning - starting with understanding your attack surface and through EDR/XDR, SIEM, SOAR
  • Identifying blind spots in your cloud security strategy due to information fragmentation

11:00am - 11:45am  Executive Boardroom

Break the Attack Chain — The Importance of Integrated Threat Protection

Ryan Kalember headshot

Ryan Kalember

EVP, Cybersecurity Strategy

Proofpoint

Sekhar Nagasundaram headshot

Sekhar Nagasundaram

Staff VP, Technology, Cybersecurity Threat Management

Elevance Health

Mario Duarte headshot

Mario Duarte

VP of Security

Snowflake

Organizations worldwide are being faced with multistage attacks such as BEC, ransomware, and supply chain, that happen with the same basic steps in the same sequence. It’s been a decade since defenders began referring to this as the attack chain, but the attacks continue to successful with the same tactics, from phishing to Active Directory abuse to data exfiltration. So how do we finally turn the tables on adversaries, and take away what they depend across the attack chain?

Join this interactive roundtable as CISOs discuss:

  • Understanding the evolving nature of initial compromises
  • The art and science of preventing small compromises from becoming big incidents
  • Reducing your team's workload by using the attack chain to prioritize controls

11:45am - 12:30pm  Lunch Service

12:30pm - 1:05pm  Keynote

Modern Workforce, Modern Security Strategy

MK Palmore headshot

MK Palmore

Director, Office of the CISO

Google Chrome Enterprise

In the age of remote and hybrid work, employees now spend the majority of their time in the browser or in virtual meetings. The workforce is more mobile and distributed than ever before. At the same time, we are seeing an increase in cyber attacks and a higher average cost of data breaches. We must think more about protecting users right where they interface with web threats, the browser, without disrupting productivity. 

Join this Keynote to hear about:

  • The browser's role in a business's security strategy
  • Zero trust architecture
  • Managing resources for cybersecurity in a time of economic uncertainty

1:05pm - 1:30pm  Break

1:30pm - 2:15pm  Breakout Session

Overcoming Third-Party Risks & BYOD Challenges with the Enterprise Browser

Steve Tchejeyan headshot

Steve Tchejeyan

President

Island

Bill Dougherty headshot

Bill Dougherty

Chief Information Security Officer

Omada Health

Third-party contractors are becoming increasingly important to organisations due to the rise of the gig economy and the need for specialised project work. However, hiring these contractors can lead to additional Third-Party Risks, costs, and complexities. When using contractors CISOs may choose to allow them to bring-your-own-device (BYOD), but this comes with its own set of security challenges. One solution could be to adopt cutting-edge enterprise browser technologies to overcome this and ensure secure Third-Party Access.

Join this session for an interactive, open discussion on the community's viewpoint on the relationship between Third-Party Risk, Third-Party Access and BYOD:

  • Your chance to brainstorm with your fellow CISOs an approach to Third-Party Risk, access and BYOD
  • Applying technologies like the enterprise browser to secure your company’s assets and limit the potential risks of Third-Party Access
  • Streamline and secure third-party contractor access and BYOD strategies

1:30pm - 2:15pm  Breakout Session

Leading Locally, Influencing Globally — Giving Back as a CISO

Krishnan Chellakarai headshot

Krishnan Chellakarai

CISO, Head of Information Security & Data Privacy

Gilead Sciences

Leda Muller headshot

Leda Muller

Chief Information Security and Privacy Officer

Stanford University, Residential and Dining Enterprises

The mix of technological and business expertise it takes to be a successful cybersecurity executive makes CISOs some of the most savvy leaders around. (Not that we're biased.) And while leading enterprise-wide security can be rewarding in itself, many CISOs in our community are going further to move the industry forward.

In this session, two of your local CISO peers will host an open discussion about:

  • What inspired them to create positive change in the industry (and beyond)
  • How they’re leveraging their positions as security leaders to make an impact
  • How others in the community can follow their lead

1:30pm - 2:15pm  Executive Boardroom

Shifting Compliance from Seasonal Chaos to Continuous Control

Matt Hillary headshot

Matt Hillary

VP, Security & Chief Information Security Officer (CISO)

Drata

Jonas Kriks headshot

Jonas Kriks

CIO

ATEL Capital Group

With the regulatory landscape only getting more complex, maintaining compliance through annual or semi-annual audits is like driving a car through the rearview mirror. Continuous control monitoring IS ONE BIG STEP that offers a scalable path forward to truly putting compliance on autopilot, but requires a cultural change with buy-in from every stakeholder.

Join this interactive roundtable as CISOs discuss how they are:

  • Creating a cloud infrastructure that meets security and compliance requirements
  • Building compliance into development
  • Increasing ROI by automating redundancies and manual processes

2:15pm - 2:50pm  Networking Break

2:20pm - 2:45pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:50pm - 3:35pm  Breakout Session

Buzzers Over Buzzwords — The Game Show

Shadaab Kanwal headshot

Shadaab Kanwal

MD - Digital, Data, and Analytics

Charles Schwab

Sandeep Sharma headshot

Sandeep Sharma

Principal Security Architect

Blue Shield of California

Cassie Crossley headshot

Cassie Crossley

VP, Supply Chain Security

Schneider Electric

What will the security industry look like in 2025 — and beyond? Put your future forecasting skills to the test and share where your team stands by playing "Buzzers Over Buzzwords," a game show-style session powered by the top predictions prepared by Gartner's cybersecurity experts.

"Come on down" to:

  • Compete in a data-driven quiz game with your peers
  • Discover more about projected opportunities and challenges
  • Share how you're preparing to lead your team through changing market conditions

2:50pm - 3:35pm  Executive Boardroom

Clearing Data Security Hurdles in the Cloud

Chris Kirschke headshot

Chris Kirschke

Cloud Portfolio Information Security Officer

Albertsons Companies

Robert Beckerdite headshot

Robert Beckerdite

Director of Information Security

VIR

Jeff Klaben headshot

Jeff Klaben

VP of IT, Ouster

Adjunct Professor, Santa Clara University

As the cloud environment grows in complexity, so do concerns about data governance. How can CISOs continue to ensure the enterprise’s most valuable assets are protected in the cloud?

Join this session to discuss:

  • Maintaining a strong security posture as the cloud evolves
  • Leveraging the right tools and teams to secure data
  • Communicating the assumed risk of storing sensitive data in the cloud

2:50pm - 3:35pm  Executive Boardroom

Generative AI – Should CISOs be Guardians or Gatekeepers?

Mick Leach headshot

Mick Leach

Field CISO

Abnormal Security

Drew Ganther headshot

Drew Ganther

Technology Evangelist

Grip Security

Al Ghous headshot

Al Ghous

CISO

Snapdocs

Brad Jones headshot

Brad Jones

CISO, VP of Information Security

Seagate Technology

From content generation to data analysis, generative AI is transforming the way people work and drastically improving productivity. However, the benefits do not come without risks, and the technology has the potential to do more harm than good when placed in the wrong hands. So what do security leaders need to know about the risks of generative AI, and how do they mitigate them?

Join this session for an insightful discussion on the latest cybersecurity challenges associated with generative AI, including:

  • How the threat landscape is changing as a result of generative AI
  • How businesses can ensure the privacy and security of sensitive data used in generative AI applications and govern them appropriately
  • What tools and capabilities are necessary to protect organizations from malicious uses of generative AI

3:35pm - 4:00pm  Break

4:00pm - 4:45pm  Keynote

Board Perspectives — Is the Story of Security Resonating?

Ash Ahuja headshot

Ash Ahuja

VP, Global Role Lead & Executive Partner, Security & Risk Management

Gartner

Selim Aissi headshot

Selim Aissi

CISO and Corporate Board Director

CISOs spend a considerable amount of time and energy quantifying and qualifying security posture in an effort to engage and align board members with on the organization's cybersecurity strategy. But how effective are those efforts in communicating the full story of cyber risk?

This fireside chat-style session brings board member and CISO perspectives together on one stage to discuss:

  • How are board members perceiving/understanding the security threat landscape?
  • What do board members really want to hear from CISOs?
  • What can CISOs do to improve communication and engagement with the board?

4:45pm - 5:00pm  Closing Reception & Prize Drawing

5:00pm - 7:30pm  Private Reception

Governing Body Reception

Members of the San Francisco CISO Governing Body host this dinner to celebrate a successful day of networking and peer insights at their semi-annual CISO Executive Summit.

November 8, 2023

We look forward to seeing you at an upcoming in-person gathering


Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location


Venue & Accommodation

Parc 55

A block of rooms has been reserved at the Parc 55 at a reduced conference rate. Reservations should be made online or by calling (415) 392 8000.

Deadline to book using the discounted room rate of $279 USD (plus tax) is October 16, 2023.

Your Community Partners


Global Thought Leaders
CISO Thought Leader
Key Partners
Program Partners

Community Program Manager


For inquiries related to this community, please reach out to your dedicated contact.

Samantha Flaherty

Senior Community Program Manager

208-871-6409

samantha.flaherty@evanta.com