CISO Digital Disruption Summit | July 17, 2019 | Convene (730 Third Avenue) - New York, NY, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Wednesday, July 17, 2019 - CISO Digital Disruption Summit

8:00 am - 8:45 am

Registration and Networking Breakfast

 

8:45 am - 8:55 am

Welcome Address and Opening Remarks

 

8:55 am - 9:25 am

Keynote Presentation

Security's Place in Enterprise Risk Management

While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.

Takeaways:

  1. Just because information security is an aspect of enterprise risk doesn't mean that the CISO needs to take a back seat position
  2. Enterprise risk is defined by the business but needs to be quantified by an expert; CISOs bring risk quantification expertise to the table
  3. The end goal is not about fiefdoms and ownership, it is about improving enterprise value and success; maintaining focus is essential

 

9:30 am - 10:00 am

Keynote Presentation

Case Studies in Digital Transformation: Learnings Along the Journey

We will explore key learnings from various industries and verticals on the good, the bad and the ugly of digital transformation. We will have an opportunity to not only be exposed to successful use cases, but also ask the hard questions behind those successes.

Takeaways:

  1. One of the best ways to learn is to hear the stories of success (and failure) from companies similar to yours.
  2. Asking questions of HOW the journey unfolded are just as important as the end result.

 

10:05 am - 10:30 am

Executive Exchange

 

Think Tank

Data Security: Cloud Computing, Mobility and Regulations

Sensitive data is being moved into the cloud and accessed by remote or mobile users over public or unsecured networks. As a result, the perimeters of security have to focus on particular control points like identity and data security. CISOs need to know where the sensitive data is, who has the ability to access it, and how well it is actually being protected. Data security priorities are also incredibly heightened by regulations and compliance, such as the launch of GDPR in May. 

Presented by:

Arvin Bansal, Director, Cyber governance, strategy and risk, AmerisourceBergen View details

 
 
 

10:30 am - 10:40 am

Morning Networking Coffee Break

 

10:45 am - 11:10 am

Executive Exchange

 

Share:

Executive Boardroom

Why AI is the Future of Email Security

Email is far and away the most common initial vector for cybersecurity breaches and this problem only continues to grow. In 2018 the FBI estimates over $12 billion was stolen through business email compromise. Attackers have become ever more sophisticated, shifting from broad campaigns to carefully crafted attacks that bypass traditional email security. This talk focuses on why these attacks are difficult to stop and how advances in AI, specifically in machine learning and natural language processing, can be used to prevent advanced email fraud. We will discuss real examples of attacks, analyze why traditional approaches fail, and illustrate how data science is the best approach to preventing business email compromise, advanced spear phishing, and email account compromise.

Sponsored by:

Abnormal Security View details

 
 

Presented by:

Jeshua Bratman, Head of Machine Learning, Abnormal Security View details

 
 
 

11:15 am - 11:40 am

Executive Exchange

 

Think Tank

Shifting Security LEFT

Migrating operational aspects of the Software Supply Chain to the left ensures that concerns are represented as design constraints before they represent too much burden, debt or complexity.  For security practitioners, shifting left is a complete nirvana because it represents the opportunity to see better security in products sooner.  Essentially, security becomes a design constraint.  The shift-left paradigm is also consistent with messaging that requires security to be built into software instead of being bolted on.  

Think Tank

Which "Friends" Do I Trust? Realities of 3rd Party Risk

It is not a matter of if, but a matter of when. Organizations, more and more, and are outsourcing business activities to 3rd-parties because of cost-savings, revenue opportunities, expertise, etc. Thus collaborating with our business partners early to select the right 3rd-party vendor(s) with the appropriate security posture is essential, especially for vendors hosting, processing and/or transmitting sensitive/regulatory information, or having access to our IT assets.

 

11:45 am - 12:10 pm

Executive Exchange

 

Executive Boardroom

Watching the Watchers: What Happens When Your Security Provider Compromises Your Network?

The 2017 M.E. Docs cyberattack that crippled hundreds of companies crafted blueprints for hijacking a vendor by targeting and attacking clients through trusted vendor partners. These events herald a new generation of supply chain-based attacks that pit vendor and client against each other as they struggle to navigate co-managed risk mitigation and the resulting consumer, regulatory and legal backlash. 

In 2018, eSentire detected and mitigated an exploit that targeted a key remote administration tool relied upon by a multitude of managed security service firms. This exploit was used to deliver a dangerous payload to their client base. In this talk, Mark Sangster will provide frameworks for assessing your vendors' cyber resilience and discuss building a trusted supply chain through co-managed cybersecurity programs, open communication and event notification, and proactive contractual obligations.

Learning Objectives:

  1. Understand how to navigate co-managed risk mitigation when working with a vendor.
  2. Build and utilize a framework to assess your vendors' cyber resilience.
  3. Understand the indicators of compromise and detection mechanisms needed to proactively detect and mitigate exploits that target vendors.
  4. Explore the real-time forensics data and disruption capabilities of Endpoint security through real-world attacks.

 

12:15 pm - 12:40 pm

Executive Exchange

 

Innovation Partner Showcase

A brief, but compelling review of three new innovative technologies supporting digital transformation.

 

12:40 pm - 1:40 pm

Networking Lunch

 

1:45 pm - 2:10 pm

Executive Exchange

 

Share:

Thought Leadership

Managing Risk in a Digital World

Digital transformation is not only changing how companies think about business. It is changing how we think about risk. We need to *act* on risk, not worry about it. We need to start and end with the basics. Join RSA as we review several key areas of digital risk management to target as you are challenged to be a key contributor in your organization's digital journey.

Sponsored by:

RSA View details

 
 

Presented by:

Ben Smith, Field Chief Technology Officer (Field CTO - US), RSA View details

 
 
 

2:15 pm - 2:40 pm

Executive Exchange

 

Think Tank

Designing a Digital Workplace: Balancing Security with Effectiveness

Employees are consumers of digital technologies such as IoT, AR and VR. The plethora of mobile devices has enabled them to work where they want and when they want which has raised the bar on employee expectations for tools and capabilities from their employers. In order for companies to retain the best and get the most out of their employees, it is vital to design and continually update the digital workplace. We will discuss the current trends as well as share case studies of successful digital workplace implementations including how to deal with the inherent security risks of expanded accessibility to company resources.

 

2:45 pm - 3:10 pm

Executive Exchange

 

Executive Boardroom

The Evolution of Cyber Crime - A New Approach to Risk is Critical

Evolution never stops. This is most evident in the world of cyber crime. Threats constantly mutate, technology progresses and the lines of responsibility blur. Protecting against new forms of attack requires experience of how criminals change their methods. Defenders must use intelligence on adversaries and understand the vulnerabilities of their organization to build a picture of the situation.

 

3:10 pm - 3:20 pm

Afternoon Networking Coffee Break

 

3:25 pm - 3:50 pm

Executive Exchange

 

Think Tank

AI and ML: Using Emerging Technologies to Reinforce Security Defense Efforts

Artificial Intelligence (AI) and Machine Learning (ML) both have the capability to greatly improve upon security decision making and incident pattern recognition. CISOs can improve upon being able to recognize exploits and weaknesses within their network by using the advancements of these technologies. With hackers using AI and ML to create malware, adopting these technologies to stay ahead of advanced threats has become a matter of high importance.

Think Tank

Patch Management and Endpoint Protection, Diminishing the Advanced Threats

In today's digitally connected world, there's a good chance your information has been exposed at some point. Last year, we saw major data breaches from companies across several industries as a result of ransomware attacks. Ransomware attacks and zero-day exploits have greatly stressed the importance of patch management, endpoint protection or Next-Gen Antivirus (NGAV) to all information security professionals. At a time when cybercriminals are constantly seeking weaknesses in firmware and applications, patching is increasingly crucial. Conclusively establishing your patch management process and having an endpoint protection product should be a high priority.

 

3:55 pm - 4:20 pm

Executive Exchange

 

Thought Leadership

The Connected Worker & the Enterprise of Things

The smartphone is the primary communication and computing device for many of today's consumers. This dependency on mobile devices will translate into a majority of enterprise computing outside of traditional PC computing. This will have the greatest impact with on campus (non-office-based) and off campus mobile workers who are becoming increasingly connected by rich real time communications powered by mobile applications running on wearable devices such as smart glasses. The rise of IoT in the enterprise, or the Enterprise of Things, will allow these workers to instantly connect with assets in the field to gain immediate understanding of the situation around them. 

This session will explore the impact that these connected workers and endpoints will have on your enterprise and its ability to drive growth. Attendees will also learn security concerns that come with these new tools and how to best address them.

 

4:25 pm - 5:25 pm

Executive Visions

The Revitalizing Change in the Role of the CISO

A CISO's role, goals and objectives have drastically changed over the years as most CIOs supervise teams and units beyond their IT department. Because of these changes in responsibilities, a CISO's success is measured in greater business metrics. As a result, the role of a CISO has become both more attractive and more demanding. 

Takeaways:  

  1. What are the significant changes regarding the role of the CISO? 
  2. How to keep up with the changing requirements 
  3. How to properly measure a CISO's success
 

5:30 pm - 6:30 pm

Summit Happy Hour