CISO New York Summit | February 26, 2019 | Convene - 117 W 46th Street - New York, NY, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Tuesday, February 26, 2019 - CISO New York Summit

8:00 am - 8:45 am

Registration & Networking Breakfast

 

8:45 am - 9:00 am

Welcome Address & Opening Remarks

Moderated by:

Vittorio Cretella, Former CIO, Mars View details

 
 
 

9:00 am - 9:30 am

Keynote Presentation

Bringing Down the Barriers

With the role of the CIO expanding, CIOs are being pushed to increase digital business by using IT in ways that deliver cost saving methods and increased levels of productivity, as well as new opportunities. However, many believe that current methods for these opportunities have reached their end. As a result, it is time to reconfigure these methods in new, unique ways.

Takeaways:

  1. Latest strategies or methods to increase digital business
  2. How to confront resiliency or resistance to new digital initiatives
  3. The different types of behavioral patterns or mindsets to confront

Presented by:

ViJay Viswanathan, Group CISO, Keurig Dr. Pepper

 
 

9:35 am - 10:00 am

Executive Exchange

 

Thought Leadership

Reduce Your Attack Surface, Marginalize the Breach

Reducing your attack surface decreases your exposure, limits an adversary's mobility and minimizes the potential success of a breach. Doing so requires knowledge of your high-value assets, how to identify vulnerabilities, how to prioritize patching, and how to ring-fence your digital "crown jewels." Learn how to efficiently reduce your attack surface and redress the balance in this never-ending battle.

Sponsored by:

Illumio, Inc. View details

 
 
 

10:05 am - 10:30 am

Executive Exchange

 

Think Tank

Enterprise Architecture: Secret weapon of CIOs in Managing Digital Transformation Risks - Intelligent Automation!

Today's tech savvy business managers want to know if their internal IT team understands business needs and customer experience expectations. Technology Solutions are expected to be platform-based with deep integration leveraging AI & ML as part of the design, not an afterthought. Immediately after rollout, business needs real-time data and efficiency increase with investment in technology. Join us to review role of Intelligent Automation in managing risks of Digital Transformation journey continued with AI & ML.

 

10:30 am - 10:40 am

Morning Networking Coffee Break

 

10:45 am - 11:10 am

Executive Exchange

 

Thought Leadership

Finding the Right Security Partner: The Difference Between MDR and MSSP

In todays world of increasing cyber threats, selecting the best security partner for your organization can be challenging. With innovative services such as Managed Detection and Response changing the way organizations respond to threats, it's important to understand the difference between traditional MSSPs and MDR providers. This presentation will focus on the realities of using MSSP technologies versus MDR and provide selection recommendation guidelines for CISOs. 

Takeaways: 

  1. Vendors can respond to incidents proactively or reactively 
  2. Not all MDR vendors are the same 
  3. Use a proof of concept to authenticate vendor claims 
  4. Validate the vendors regulatory experience

Sponsored by:

eSentire View details

 
 
 

11:15 am - 11:40 am

Executive Exchange

 

Think Tank

Standardizing security layers during project lifecycle

In order to meet security and regulatory requirements, it is important to build layers during the project lifecycle. In this think tank session, you will understand the challenges of a CISO in standardizing Security during the project life cycle in order to prevent any go live delays, mitigate risks and stay compliant while supporting business transformation and innovation initiatives.

Presented by:

Chirag Arora, CISO, Crum & Forster View details

 
 
 

11:45 am - 12:10 pm

Executive Exchange

 

Thought Leadership

Say Goodbye to Vulnerability Backlogs: Using RASP to Reclaim Control and Reduce Risk

Knowing is half the battle when it comes to protecting applications and their sensitive data. 

Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality - not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol. 

A real-time, embedded solution like Prevoty's runtime application self-protection (RASP) changes the game completely. Prevoty places an automated security mechanism at the front of the line - directly in the application's operating environment - to immediately lower risk and act as a compensating control at runtime. 

As such, Prevoty-enabled enterprises see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Prevoty RASP detects live production attacks and generates real-time security event longs and reports. Security teams can then correlate pre-production vulnerability scan results with Prevoty's runtime attack logs to go back, remediate based on actual risk - not just hypothetical threats. The result? Improved forensics.

Sponsored by:

Imperva View details

 
 

Jonathan Goldheim, Director of Sales, Northeast, Imperva View details

 
 
 

12:15 pm - 12:40 pm

Executive Exchange

 

Executive Boardroom

AI-based Autonomous Response: Are Humans Ready?

Global ransomware attacks like WannaCry already move too quickly for humans to keep up, and even more advanced attacks are on the horizon. Cyber security is quickly becoming an arms race รข?" machines fighting machines on the battleground of corporate networks. Algorithms against algorithms. 

Artificial intelligence-based cyber defense can not only detect threats as they emerge but also autonomously respond to attacks in real time. As the shortage of trained cyber analysts worsens, the future of security seems to be automatic. But are humans ready to accept the actions machines would take to neutralize threats? 

Darktrace recently ran tests across enterprises of all sizes in a variety of industries and has subsequently deployed AI-based autonomous response in over one hundred organizations. In this presentation explore lessons learned and hear about several use-cases in which autonomous response technology augmented human security teams.? 

In this session learn about: 

  • AI approaches and algorithms for detecting and responding to threats 
  • How human teams adopt (or resist) automated defenses 
  • The concepts of ?human confirmation' mode and ?active defense' 
  • Success stories across Smart Cities, genomics organizations, and industrial control systems

Sponsored by:

Darktrace View details

 
 
 

12:40 pm - 1:50 pm

Working Lunch & Panel

The Revitalizing Change in the Role of the CXO
A CXO's role, goals and objectives have drastically changed over the years as most CXOs supervise teams and units beyond their IT's security. Because of these changes in responsibilities, a CXO's success is measured in greater business metrics. As a result, the role of a CXO has become both more attractive and more demanding.

Takeaways:
  • What are the significant changes regarding the role of the CXO
  • How to keep up with the changing requirements
  • How to properly measure a CXO'S success

Moderated by:

Alizabeth Calder, SVP CIO, HomeEquity Bank View details

 
 

Panelists:

Lance Braunstein, CIO, E*Trade View details

 
 

Chirag Arora, CISO, Crum & Forster View details

 
 

Kenn Kern, CIO, District Attorney Office, New York

 

Jazz Tobaccowalla, CIO, Celgene View details

 
 

Allen Hsiao, Vice President & Chief Medical Informatics Officer, Yale New Haven Health View details

 
 
 

1:55 pm - 2:20 pm

Executive Exchange

 

Executive Boardroom

Scaling Multicloud and Hybrid Cloud Usage without Sacrificing Data Security and Compliance

Analysts claim that 50% of today's public cloud data and workloads will migrate to private clouds in the next two years. But, don't worry about the public cloud behemoths because their average CAGR continues above 20%. However, the result is that cloud data is spreading across multiclouds and increasingly migrating to private clouds that offers the Enterprise more control. This acceleration in lift and shift of workloads creates data security and compliance risks as well as management complexities. In this discussion, we'll share trends and best practices for enabling data portability without compromising security, compliance, and operational efficiencies. 

Take Aways:
  • Sharing trends seen by analysts and your peers on multicloud adoption and challenges 
  • Discussion of best practices for leveraging native cloud data security services effectively to maintain compliance and control 
  • Methodology for efficiently applying data security techniques that allow for secure lift and shift between public and private clouds

Presented by:

Charles Goldberg, Sr. Director of Product Marketing, Thales eSecurity, Inc. View details

 
 

Thales eSecurity, Inc. View details

 
 
 

2:25 pm - 2:50 pm

Executive Exchange

 

Think Tank

Managing Board and Leadership on cyber security initiatives, while they focus on meeting business objectives

Presented by:

Ankur Ahuja, Vice President Information Security & Global CISO, Fareportal View details

 
 
 

2:55 pm - 3:20 pm

Executive Exchange

 

Executive Boardroom

Why Identity is Critical for a Successful Cloud Migration

According to Gartner: 

  • A sound identity and access management (IAM) strategy is fundamental for successful application migrations to the cloud 
  • Directory integration continues to be a top concern for Gartner clients migrating legacy applications to IaaS. 

When migrating applications, DevOps teams may not properly account for IAM, leading to IAM challenges and misalignment with the organization's overall IAM architecture. This session will provide considerations, case studies, and recommendations for successful cloud migrations. 

Topics include: 

  • Choosing the optimal location for the cloud directory services based upon the latency, security and compliance requirements of each application. 
  • Avoiding a massive Active Directory consolidation project but still not migrating over all of the sins of the Active Directory past. 
  • Revising applications with longer life spans to take advantage of modern identity protocols. 
  • Virtualizing existing directories to create a rationalized master image of the users.

Sponsored by:

Radiant Logic View details

 
 
 

3:20 pm - 3:30 pm

Afternoon Networking Coffee Break

 

3:35 pm - 4:00 pm

Executive Exchange

 

Think Tank

Next Generation Application Development & Server-less Security

With the advent of serverless technology, it has become a cost effective option for the development community to turn on applications quickly. However, the technology brings in adequate security challenges and many organizations have not yet though through the solution choices. This presentation will do a deep dive into the serverless technology, security challenges and options available around us to handle the security concerns.

Takeaways:

  • Things we should be aware of serverless security challenges
  • Best  practices to address security concerns
  • Technical options to think through in serverless security space.

Presented by:

Parthasarathi Chakraborty, AVP- Global Head Of Security Architecture, Strategy & Innovation, Guardian Life Insurance View details

 
 
 

4:05 pm - 4:30 pm

Executive Exchange

 

Think Tank

Becoming More Decentralized

Today, increased centralization has put the power and trust into the hands of the few big players. This, of course, raises many security concerns. The risk of disruptions and undesirable outcomes increases as centralization opens the door to exclusive possession or control of commodities and services. As a result, technologies like Blockchain implemented to create decentralized alternatives as they move computing resources away from centralized servers. 

Takeaways:

  1. Evaluating the risks of centralization on availability, confidentiality and resiliency
  2. Exploring decentralized technologies like Blockchain and edge computing that offer visibility as well as enhanced security for your organization

Presented by:

Thien La, CISO, Wellmark Blue Cross Blue Shield View details

 
 
 

4:35 pm - 5:00 pm

Executive Exchange

 

Think Tank

Regulations Mean Change

More complex regulations, such as the General Data Protection Regulation (GDPR), have come into play due to the rise of data breaches forces. As data today is viewed as a such an asset, it is also a tremendous liability. Understanding that, organizations has to consider both while they implement technologies that will both innovative their business, but also be cost effective.

Takeaways:

  1. Understand the latest regulations, such as GDPR
  2. How to tell business stakeholders that data protection can be a key differentiator for your organization
  3. The steps needed to take to be regulatory compliant

Presented by:

Balusamy Arumugam, Chief Security Architect, Mars View details

 
 
 

5:00 pm - 5:15 pm

What's the Next Stop On the Transformation Journey?

Our Governing Board will summarize the learnings from the day and discuss the path forward for building an ongoing community of CISOs where common issues can be addressed and success stories can be shared.

Takeaways:

  1. Building an ongoing community with your peers can be an invaluable resource for tackling the digital transformation projects ahead of you
  2. Sharing stories of success (and failures) is not reserved to a one-day CISO Summit, but should be shared on a regular basis with your peers

Moderated by:

Vittorio Cretella, Former CIO, Mars View details

 
 
 

5:15 pm - 6:00 pm

Summit Happy Hour