IN-PERSON

Southern California CISO Executive Summit

December 10, 2018 | Loews Hollywood Hotel

December 10, 2018
Loews Hollywood Hotel

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Bently Au

AEG Worldwide
VP, CISO

Nikolay Chernavsky

PennyMac Mortgage Investment Trust
SVP & CISO

Matt Crouse

Taco Bell Corporation
Director of Information Security

Arthur Lessard

Universal Music Group and Brands
SVP & CSO

Dan Meacham

Legendary Entertainment
VP, Security & Operations

Nick Reva

Snap Inc.
Security Engineering Lead

Bob Schlotfelt

Alorica
Senior Director Information Security, CISO

Marty Simmons

Kite Pharma
Director, IT Security & Compliance

Billy Spears

loanDepot
SVP, Chief Information Security Officer

Agenda

December 10, 2018

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

Failure as a Journey to Success

Billy Spears

SVP, Chief Information Security Officer

loanDepot

It's not easy to be a cybersecurity professional. The pressure to be right each and every time is incredible. After all, cyber criminals only need to be right once to gain access to your systems, compromising your data and assets. No one likes to fail – especially when it comes to keeping organizations secure. But experiencing failure can actually be positive – leading to increased knowledge, enhanced skills and stronger defenses. Join Billy Spears on his inspirational journey to success, where he will share:

How you can effectively raise security awareness in your organization
Strategies that can shift security priorities so the right issues receive the attention that they need
How to bring the CISO role closer to the business to better align security with company objectives

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Building – and Securing – a Smarter Los Angeles

Timothy Lee

CISO

City of Los Angeles

Ted Ross

CIO

City of Los Angeles

The City of Los Angeles was ranked the No. 1 Digital City in the U.S. for the last two years, and for good reason. Projects include: new digital forms of customer engagement – chatbots and virtual assistants, including “Chip” (City Hall Internet Personality), a personal digital assistant that answers citizens questions through the city’s website; technologies that optimize internal operations (computer vision for street cleanliness); and emerging tech that transforms public services (earthquake early warning and fire-spotting sensors). The city’s CIO and CISO share:

How the city has challenged developers to think differently about approaches to communication
Stats and data proving why this “smart city” is making an impact, and how it is applicable to enterprise businesses
What the city is doing to keep all of its digital efforts secure

9:00am - 9:50am Executive Boardroom

Risk Management – The Holistic View

Nikolay Chernavsky

SVP & CISO

PennyMac Mortgage Investment Trust

Bruce Phillips

SVP, Chief Information Security Officer

Williston Financial Group

James Mandelbaum

Global Field CTO

Saviynt

Effective CISOs are challenged to not only successfully develop high-level risk valuation and management strategies, but also communicate business opportunities that encompasses the company’s products, services, and greater competitive landscape. How do you mitigate risk while simultaneously driving productivity and revenue? During this peer-driven discussion, learn how to:

Focus on strategies for creating flexible controls that protect the organization
Define risk in connection with identity and access management
Provide clear business cases that connect business profitability to risk reduction.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:
Kody Paine at +1 971-222-2377 or Kody.Paine@evanta.com

9:00am - 9:50am Executive Boardroom

Upcoming Trends in Threat Intelligence

Bob Schlotfelt

Senior Director Information Security, CISO

Alorica

Kevin Wilson

CISO

Guess Inc.

Carlos Solari

VP, Cybersecurity Services

Comodo Security Solutions

Staying up to date on the current threat intelligence landscape is imperative when it comes to protecting against a cyberattack. With new technologies such as IoT and AI gaining momentum, CISOs must understand new threats that have come up, but also how these technologies can be used in combative response. In this boardroom, you will learn:

Current trends in threat intelligence around new technologies
Possible ways to use AI-informed threat intelligence insights to combat threats
Strategies on how best to allocate resources to maximize risk protection

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Looking Back to the Future and Beyond

William Britton

VP IT & CIO

Cal Poly San Luis Obispo

Jonathan Chow

SVP & CISO

Live Nation Entertainment

Arthur Lessard

SVP & CSO

Universal Music Group and Brands

Marty Simmons

Director, IT Security & Compliance

Kite Pharma

Nearly 10 years ago, a small group of CISOs came together to create a safe space for networking, education and collaboration. In honor of the 10th Southern California CISO Executive Summit, join William Britton, Jonathan Chow, Arthur Lessard and Marty Simmons for a special, interactive session. During this journey you will:

Take a look back at where the Southern California CISO community started
Share the challenges and successes that you are experiencing today
Explore the future of the community and the cybersecurity profession

10:20am - 11:10am Executive Boardroom

Emerging Technologies

Webb Deneys

CISO

Stearns Lending

Steve Tran

CISO

MGM Studios

From artificial intelligence to the Internet of Things, emerging technologies have the potential to be a disruptor in your organization. Are you embracing the changes? In this session your peers will share new approaches and security strategies when adopting new technology. Discover how:

You can introduce security earlier in the development process
To identify potential areas of risk regarding emerging technologies
You can effectively communicate with all areas of the business before, during and after the adoption process

10:20am - 11:10am Executive Boardroom

Creating a Culture of Security

Jerry Sto. Tomas

CISO

Apria Healthcare Group, Inc.

Mark Van Holsbeck

IT Risk & Security CISO

Avery Dennison

Join your peers to focus on best practices and new approaches for increasing security awareness and developing an effective security culture. Come away with solutions to various questions including:

What does it mean to have a “culture of security?”
How do you measure success for security awareness?
Do you incentivize awareness for employees reporting potential security incidents?

11:10am - 11:40am Networking Break

11:40am - 12:50pm Keynote

Preparing the Business Before the Breach

Ben Smith

Field Chief Technology Officer

RSA, a Dell Technologies business

We’ve all heard the saying “hindsight is 20/20 vision,” and that is often true for cybersecurity incidents as well. Blind spots which are obvious when looking back to how an incident played out are not merely technical shortcomings, but cultural and organizational failures as well. Join Ben Smith of RSA, a Dell Technologies business, for a review of:

How an inability to communicate internally within an organization contributes materially to the success of an adversary’s attack
The centrality of identity in nearly every breach
Best practices to consider as you build out your own incident response capability

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

How We Are Shaping the Evolution of Cybersecurity

Matt Crouse

Director of Information Security

Taco Bell Corporation

Marc Varner

VP & Global CISO

YUM! Brands, Inc.

The cybersecurity profession has come a long way since the appointment of the world’s first CISO in 1995. We now live in a culture largely powered by technology that makes life easier and more complicated at the same time. As the need for security and security leadership in the digital space increases, we find ourselves asking the question, “What is next for the industry and for the office of the CISO?” Join Matt Crouse and Marc Varner as they take a glimpse into the future, revealing:

How the role of the CISO is moving from a security focus to a risk focus
If there will be a spot for the CISO at the C-suite table in the future
How CISOs can evolve their contributions to the industry

1:20pm - 2:10pm Executive Boardroom

Keeping Ahead of the Data Privacy Wave

Michael Mongold

Director, Information Security

Deckers Brands

Doug Murray

Director - Information Security & GRC

ICU Medical, Inc.

George Viegas

CISO

Chapman University

Don't miss this peer-conversation on best practices and new approaches for data privacy and GDPR. Uncover answers to a variety of questions including:

What are your biggest challenges with data protection?
Should the CISO also be the Chief Information Risk Officer?
What should we be watching for regarding GDPR and other privacy regulations?

1:20pm - 2:10pm Executive Boardroom

Next-Generation Cloud Security

Bently Au

VP, CISO

AEG Worldwide

Alex Hall

Sr Manager, CISO

ICU Medical, Inc.

Do you speak cloud? As organizations increasingly turn to cloud-based services to enable the next phase of digital transformation, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud, including:

Automation, orchestration, AI and machine learning strategies
Nuances for hybrid on- and off-premise systems
Ways to incorporate the cloud into a fully articulated security strategy

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Transforming 'The Office of No' Into 'The Office of Yes'

Kevin Kealy

CISO

Ingram Micro

Business and security - we are all on the same team. However, while the C-suite usually wants to move full speed ahead with new ideas, processes and technology, security teams sometimes need to put on the brakes in order to ensure that everything is safe and secure. Is it possible to make both sides happy? In this session, Ingram Micro's Kevin Kealy will share:

How you can shift the company mindset about security
Strategies to encourage successful adoption of security policies and processes
How to inspire cooperation between the business and security

2:30pm - 3:20pm Executive Boardroom

DevSecOps – The Agile Approach to Security

Quincey Collins

Chief Security Officer

Sheppard Mullin Richter & Hampton LLP

Security from the start and better collaboration are the keys to effectively reducing risks posed to an organization. With DevSecOps methods and principles, security controls can help organizations react faster to attacks. In this session, learn:

How DevSecOps changes the security team mindset
The benefits of a DevSecOps approach
How to implement DevSecOps in your organization

2:30pm - 3:20pm Executive Boardroom

Effective Third-Party Security Management

Andrew Bereczky

CISO

Automobile Club of Southern California

Michael Miora

SVP & Global CISO

Korn Ferry

In today’s diversified IT world, CISOs are looking to vendors for smarter, more cost-efficient solutions. As each company’s security protection profile matures, however, so do their expectations for the vendors hired to protect the integrity and security of shared information. Connect with your peers to find:

How to effectively protect additional threat exposure points created by third-party partners
New approaches for managing third-party and supply chain partners
Tools and strategies that will help you make the best choices for your organization

3:20pm - 3:40pm Networking Break

3:40pm - 4:40pm Keynote

Walking Wounded – Inside the U.S. Cyberwar Machine

Dr. Michael VanPutte

Author and Chief Scientist

Forget everything you know about crime, war and espionage in cyberspace. Originally developed by the Department of Defense to improve our national security, cyberspace has become a battlefield we rely on but can’t defend. Furthermore, it is a risk to our military, political, economic, and personal security. Don’t miss this opportunity to get a sneak peek behind the scenes with Dr. Michael VanPutte, who will:

Give you an insider’s perspective on the secret history, technologies and strategies of cyberwar
Explain how our national policies have made us all less secure
Share the tools to get beyond the hype, mythologies and marketing so we can all understand what President Obama called, “The most serious threat to our national security.”

4:40pm - 5:20pm Closing Reception & Prize Drawing