Agenda

Building Leadership Connections

Hear from the best of the best: proven security leaders who understand today’s challenges and will help you chart a course for a more protected, aware and results-oriented future.

Monday. September 19

2:00 pm - 3:30 pm

Roundtable Discussions

Participate in thought-provoking, interactive discussions on today’s hot topics in a small group setting.

4:00 pm - 5:30 pm

Roundtable Discussions

Participate in thought-provoking, interactive discussions on today’s hot topics in a small group setting.

5:30 pm - 6:30 pm

CSO 50 Opening Reception

Meet your peers and celebrate the kick off of the CSO 50.
Tuesday, September 20

9:00 am - 9:10 am

Welcome & Opening Remarks

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

9:10 am - 9:40 am

In Conversation with CISA Director Jen Easterly

Within the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency has raised its profile and stepped up communication on topics from specific vulnerabilities to bigger-picture warnings and threats from nation-state actors. CISA Director Jen Easterly will join us to talk about the role of government in private-sector security, future threats, and more.

Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

9:40 am - 10:10 am

CSO Industry Partner Keynote with IBM

Hear from a technology leader about the future of cybersecurity and trust.

(session in development)

10:10 am - 10:35 am

Security & Supply Chain Challenges

It’s clear now that supply chain disruptions are more than a product of the pandemic. Finding ways to upgrade technology to digitize them is a key priority for tech leaders, but what is security’s role? Join us to hear from two CSO Hall of Fame inductees on security’s role in predicting, minimizing, and mitigating risk to the supply chain – and where we may be headed.

James Beeson, SVP, Global Chief Information Security Officer , Cigna
Gary Warzala, Executive Partner, Gartner

Moderated by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

10:35 am - 10:45 am

Break

Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.

10:45 am - 11:25 am

Industry Partner Breakout Session

Industry Partner Breakout Session

11:30 am - 11:55 am

Metrics That Matter: Dashboards, Scorecards and More

Panelists: Rahat Sethi, Tim Callahan
Moderator: Andy Ellis
Security initiatives generate countless metrics, so selecting the relevant information and presenting it in a useful and elegant way is a challenge. Learn how Adobe, Aflac and Zurich North America devised clear and actionable ways of communicating key security metrics. The results speak for themselves: elevating cyber risk visibility, measuring performance against goals, and closing the information gap between business leaders and security leaders.

Rahat Sethi, Director, Technology Governance, Risk and Compliance , Adobe
Tim Callahan, Senior VP/Chief Global Information Security Officer, Aflac
Andy Ellis, Advisory CISO, Orca Security

 

Post M&A Security Integration and Other Challenges

Panelists: Shawn Bowen
Moderator: Beth Kormanik
Following a merger or acquisition, how do you ensure that each organization continues to stay protected while moving toward full integration of security programs and teams? Two companies who recently went through that process will share their best security practices as they tackled consolidating data centers, application security, and protecting sensitive data.

Shawn Bowen, Vice President and Chief Information Security Officer, World Fuel Services
Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

11:55 pm - 1:30 pm

Lunch

1:30 pm - 1:55 pm

New Approaches to Risk Management

Panelists: Bob Bruns, Vidya Srinivasan
Moderator: Chris Ritchie

Identifying and managing security risks internally and with clients is a perennial challenge that requires a constant stream of new ideas. This session will explore Avanade’s new standardized, automated approach to managing risk as well as Genpact’s methodology of identifying risk throughout a lifecycle, a model that shifts risk from an InfoSec issue to the appropriate business unit. The result is that you’re not only speaking the language of business risk, but equipping the entire team to take action.

Bob Bruns, Chief Information Security Officer, Avanade
Vidya Srinivasan, Senior Vice President of Risk and Infrastructure, Genpact
Chris Ritchie, Vice President, North America, Foundry (formerly IDG Communications)

 

The Heavy Lifting of Zero Trust

Panelists: Stephanie Franklin-Thomas
Moderator: Beth Kormanik

Successful zero trust management of enterprise firewalls and other controls will have a ripple effect on the rest of the network. Learn best practices for implementing zero trust in an increasingly sophisticated threat environment, including partnering with business leaders and other security teams within an organization.

Stephanie Franklin-Thomas, Vice President & Chief Information Security Officer, ABM Industries
Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

 

2:00 pm - 2:25 pm

How to Think About Incident Response

When cyberattacks are a matter of if, not when, effective responses are crucial to mobilize resources to contain the attack and limit damage. But does one kind of incident response fit all? Hear from CSO Hall of Fame inductees on their current thinking on incident response, how to plan and evaluate strategies, how to engage employees instead of demoralize them, and what they have learned from responding to real-world attacks.

Mark Connelly, Chief Information Security Officer, Boston Consulting Group
Chandra McMahon, Senior Vice President & Chief Information Security Officer, CVS Health

Moderated by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

2:25 pm - 2:50 pm

Getting Digitally Ready: Leaning Into New Technologies

Creating strong cyber defenses and data protection is part of any security leader’s job. But so is building an offense. As CISO at Johnson & Johnson for more than 12 years, Marene Allison has drafted technology roadmaps that have helped the company pivot through unexpected challenges. Allison, a new CSO Hall of Fame inductee, will share her philosophy for keeping an eye on the future.

Marene Allison, Vice President and Chief Information Security Officer, Johnson & Johnson

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

2:55 pm - 3:20 pm

CSO Industry Partner Session

Join us to learn about new cybersecurity strategies for your organization.

(session in development)

CSO Industry Partner Session

Join us to learn about new cybersecurity strategies for your organization.

(session in development)

3:20 pm - 3:35 pm

Break

Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.

4:00 pm - 4:25 pm

Sharing the Responsibility for Software

In her more than 30-year career in information security, Deborah Wheeler has seen companies fined, sued, and shamed in the media when the software they use contains code that leads to a breach or breakdown. Yet the software companies that write the code are not formally penalized. Join us to learn why Wheeler believes there needs to be stronger regulations around holding software companies accountable for bad code.

Deborah Wheeler, Global Chief Information Security Officer, Delta Airlines

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

4:30 pm - 4:55 pm

Phish Fight: Strategies to Reduce Digital Harm

Panelists: Diego Souza, Julie Moog
Moderator: Andy Ellis

Protecting the enterprise is everyone’s job, and it’s maddening how something as simple as clicking a malicious link can cause so much harm. Phishing threats evolve, and employees – including executives – can become complacent. Find out how TIAA revitalized its phishing awareness to raise the bar on KPI thresholds, hold associates accountable for poor performance, and invigorated a stagnated program, as well as how Cummins created the CyberSMART initiative to teach employees how to recognize the signs of potential phishing emails, how to respond to an active attack, and the proper handling of information and company assets.

Diego Souza, Global Chief Information Security Officer, Cummins, Inc
Julie Moog, Managing Director of Cybersecurity, TIAA
Andy Ellis, Advisory CISO, Orca Security

IT Solutions for Consumer Education

Panelists: Max Graupner, Nick Percoco
Moderator: Beth Kormanik

A vital aspect of security is empowering the public on how to protect themselves against vulnerabilities. Using techniques such as passwordless technology, consumer education campaigns, and in-product privacy notifications, these companies all boosted security and privacy while improving the user experience.

Max Graupner, Senior Director of Security and Audit, RunBuggy
Nick Percoco, Chief Security Officer, Kraken
Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

5:00 pm - 5:25 pm

Lightning Insights

Join us for a variety of lightning insights from industry executives.
Wednesday, September 21

9:00 am - 9:05 am

Welcome & Opening Remarks

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

9:05 am - 9:50 am

What to Do When Things Go Wrong

Imagine that the worst moment of your professional career came in front of a global audience of 150 million people including your best customers, business partners, and the media – among them a crew from 60 Minutes. That’s what happened to Frank Supovitz, then the NFL’s senior vice president of events, during the historic Super Bowl blackout of 2013. The Super Bowl – an event that requires both cyber and physical security preparation – is just one of the high-profile events that Supovitz has managed over his career. Join us for an informative and entertaining session in which Supovitz shares his Ten Mega-Truths of Crisis Management, which provide a strategic framework and valuable takeaways for security leaders.

Frank Supovitz, President and Chief Experience Officer, Fast Traffic Events

 

 

9:50 am - 10:15 am

Building a Culture of Security Leadership

Blackstone, the world’s largest alternative asset manager, supports a number of CISOs across its portfolio companies. Instead of operating independently, they regularly gather as a team to share best practices, tackle common challenges, and brainstorm creative solutions to vexing issues. It’s all in the service of managing risk, creating efficiency, maintaining a competitive edge, and accomplishing other goals for both the portfolio companies (which include Foundry) and the company overall. Join us to hear insights that any company can use for building a security culture, encouraging transparency, and more.

10:15 am - 10:40 am

Cybersecurity Enforcement at the SEC

Carolyn Welshhans, Associate Director, US Securities and Exchange Commission, Division of Enforcement

The Securities and Exchange Commission’s Cyber Unit focuses on cybersecurity controls at regulated entities; disclosures of cybersecurity incidents and risks; and violations involving digital assets, initial coin offerings and cryptocurrencies, among other duties. Hear from Carolyn Welshhans, associate director in the Division of Enforcement and acting chief of the Crypto Assets and Cyber Unit, on the commission’s proposed rules on cybersecurity risk management, strategy, governance, and incident disclosure; choices facing regulated companies; and how it will measure compliance.

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

10:40 am - 10:50 am

Leading Company-Wide Cybersecurity Transformations

Sometimes the moment calls for massive projects with big ambitions. Two companies who recently led major cybersecurity initiatives – the manufacturing company Gates and biotechnology company Amgen – will discuss the hows and whys of taking a global approach, as well as address change management, getting buy-in from the top and across business units, and the results.

10:50 am - 11:15 am

Leading Company-Wide Cybersecurity Transformations

Sometimes the moment calls for massive projects with big ambitions. Two companies who recently led major cybersecurity initiatives – the manufacturing company Gates and biotechnology company Amgen – will discuss the hows and whys of taking a global approach, as well as address change management, getting buy-in from the top and across business units, and the results.

11:15 am - 11:40 am

Bringing Adversary Engagement to Your Organization

Hear from MITRE cyber experts on how to use cyber denial, deception, and adversary engagement to protect your organization. Using the MITRE Engage framework, find out the small steps you can take to quickly level up your cyber defense. Plus, learn how to connect with a whole community to support your efforts.

Maretta Morovitz, Group Leader of Cyber Operations, MITRE Labs

Modernizing Legacy Systems

Panelists: Justin Sherenco, Shane McDaniel
Moderator: Beth Kormanik

Transforming legacy technology infrastructure is no small management task. Hear from organizations that figured out better ways to migrate legacy systems that were achieved on time and under budget and produced a more secure environment that immediately showed results.

Justin Sherenco, Director, Cybersecurity Operations and Engineering, United Airlines
Shane McDaniel, Director of IT, City of Seguin
Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

11:45 am - 12:10 pm

CSO Industry Partner Session

Join us to learn about new cybersecurity strategies for your organization.

(session in development)

CSO Industry Partner Session

Join us to learn about new cybersecurity strategies for your organization.

(session in development)

12:15 pm - 1:45 pm

Lunch

1:45 pm - 2:10 pm

The Future Role of the Security Officer

As technologies and threats have changed, so too has the role of the security officer. Join us to hear Tim McKnight, EVP and CSO at SAP, discuss the core principles he has developed to become a successful security leader, trends and other developments to anticipate, and how he sees the role changing in the future.

Tim McKnight, Chief Security Officer, SAP

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

2:10 pm - 2:35 pm

Nurturing the Next Generation of Security Talent

The best leaders build strong teams around them, from entry level to top deputies. Join us for insights into leading teams, empowering deputies, and knowing when to move on for a bigger job yourself.

John McClurg, Senior Vice President & CISO, BlackBerry

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

 

2:40 pm - 3:05 pm

Industry Spotlight: Healthcare, Medical, Pharmaceutical & Bio-Tech

Panelists: Dave Ruedger, Mehul Patel
Moderator: Beth Kormanik

Explore security initiatives that meet the unique security and compliance needs of healthcare and related fields. Learn from award-winning projects that sought to secure sensitive R&D data, automate processes to ensure software versions met regulatory compliance, reduce complexity – all without slowing or stopping the flow of data and innovation.

Dave Ruedger, Chief Information Security Officer, Invitae
Mehul Patel, Technical Director, Infrastructure & Security, Amyris, Inc
Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

Automating Security for Greater Efficiency

Forward-thinking companies are finding value in using AI as a vital part of the security toolbox that also saves expert resources for higher-priority work. Learn about projects – one to automate, orchestrate and scale app testing and another to automate triage and scoring of suspicious emails – that overcame implementation challenges to achieve meaningful results at scale.

3:10 pm - 3:35 pm

CSO Industry Partner Session

Join us to learn about new cybersecurity strategies for your organization.

(session in development)

CSO Industry Partner Session

Join us to learn about new cybersecurity strategies for your organization.

(session in development)

3:40 pm - 4:05 pm

Empowering Security Champions

Panelists: Dennis Legori, Lisa Plaggemier, Matt Jackson
Moderator: Beth Kormanik

A motivated and well-trained workforce is an essential component of any successful security awareness program. Find out how Carrier, Code42 and the National Cybersecurity Alliance built engaging programs using competitions, training, social media, automation, and other creative methods to mitigate insider risk.

Dennis Legori, Associate Director, Security Awareness & Digital Communications, Carrier
Lisa Plaggemier, Executive Director, National Cybersecurity Alliance
Matt Jackson, Senior Director of Security Operations, Code42
Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

Securing the Hybrid Workforce

Panelists: Bob Schuetter, John Sander
Moderator: Anne McCrory

As remote and hybrid working models shift from temporary to permanent, security solutions have grown more sophisticated to provide secure, remote access to applications and data. Join us to learn how companies are implementing forward-thinking approaches – without disrupting employee productivity.

Bob Schuetter, Global Chief Information Security Officer, Ashland
Anne McCrory, Group Vice President, Customer Experience & Operations, Events, Foundry (formerly IDG Communications)

6:30 pm - 9:00 pm

CSO50 and CSO Hall of Fame Awards Ceremony

Join us for this very special awards ceremony where we’ll recognize 50 organizations that won a CSO50 award for 2022, along with our 2022 class of CSO Hall of Fame winners who’ll share their insights and career advice.