Agenda

Building Leadership Connections

2022 Agenda Below

Proven security leaders who understand today’s challenges and will help you chart a course for a more protected, aware and results-oriented future.

Monday. September 19

12:30 pm - 6:00 pm

Registration Open


Location:
MGM Grand Ballroom Foyer

2:30 pm - 3:30 pm

What CISOs and CSOs Need to Know About the Turla Threat Group, and Why Now

Panelists: Michael Daniel, Amy Robertson, Charlie Donat
Moderator: Maggie MacAlpine

Location: Aria Meeting Room

Turla, a sophisticated geopolitical threat group, has infected victims in more than 45 countries by executing highly targeted campaigns aimed at exfiltrating sensitive information. Learn how it’s impacting the supply chain and why. Panelists will share insight into what CISOs and CSOs can do to defend against it and what the vendor community is doing to prepare them.

Michael Daniel, President & CEO, Cyber Threat Alliance (CTA)

Amy Robertson, Group Lead, Cyber Threat Intel & Adversary Emulation, MITRE

Charlie Donat, Intelligence Officer, Americas, FS-ISAC

Moderated by:

Maggie MacAlpine, Cyber Engagement Lead, MITRE Engenuity’s Center for Threat Informed Defense

3:30 pm - 4:00 pm

Break

Location: Salon A

Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.

4:00 pm - 5:00 pm

Peer-based Discussions

Location: Aria Meeting Room

Pull up a chair and join your peers to get their insights and share your own on one of the following topics. This is a great opportunity to start making connections and get the most out of the conference.

Topics include:

  • Metrics: What does your board really want?
  • Awareness Training: Getting the best results
  • Recruiting and Retention: Best practices
  • Managing Vendor Relationships

5:00 pm - 6:00 pm

CSO50 Opening Reception

Sponsored by IBM Security

Meet your peers and celebrate the kick off of the CSO 50.

Tuesday, September 20

8:00 am - 5:20 pm

Registration Open


Location:
MGM Grand Ballroom Foyer

8:00 am - 9:00 am

Networking Breakfast

Location: MGM Grand Ballroom, Salon A & Terrace

Grab a coffee and breakfast and connect with our sponsoring partners.

9:00 am - 9:10 am

Welcome & Opening Remarks

Location: MGM Grand Ballroom

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

9:10 am - 9:40 am

Improving the Cyber Ecosystem: What Government and Private Businesses Can Do to Strengthen Defenses

Location: MGM Grand Ballroom

Within the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency has raised its profile and stepped up communication on topics from specific vulnerabilities to bigger-picture warnings and threats from nation-state actors. CISA Director Jen Easterly will join us to talk about the role of government in private-sector security, future threats, and more.

Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

9:40 am - 10:10 am

Analyst Experience (AX) and Open: Shifting the Way the Industry Delivers Security Tools

Location: MGM Grand Ballroom

If security analysts are our first line of defense against cyberattacks, and 77% of analysts want more support for open standards, then why are more organizations not delivering open and analyst-friendly security tools? By investing in open analyst experiences, you can retain security expertise which leads to high-performing SOCs. IBM monitors over 1 trillion events each month and understands the importance of simplifying and streamlining analyst workflow. In this keynote, IBM will discuss how both open and AX are causing the security industry to rethink security tools.

Jason Keirstead, CTO of Threat Management & Distinguished Engineer, IBM

10:10 am - 10:35 am

Security & Supply Chain Challenges

Location: MGM Grand Ballroom

It’s clear now that supply chain disruptions are more than a product of the pandemic. Finding ways to upgrade technology to digitize them is a key priority for tech leaders, but what is security’s role? Join us to hear from two CSO Hall of Fame inductees on security’s role in predicting, minimizing, and mitigating risk to the supply chain – and where we may be headed.

James Beeson, SVP, Global Chief Information Security Officer , Cigna

Moderated by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

10:35 am - 11:05 am

Break

Location: Salon A

Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.

11:05 am - 11:25 am

The Upgrade Your PCs and Macs Have Been Waiting For

Location: Aria Meeting Room

Businesses need a solution that delivers a fast, modern work experience with simple deployment and effective, proactive security. Unfortunately, to upgrade existing hardware investments, you would normally need to rip and replace devices to experience this. In this presentation, you’ll see how Chrome OS Flex is enabling businesses to modernize their PC and Mac investments in a sustainable way. Chrome OS Flex is the cloud-first, easy-to-manage, fast and secure operating system. It’s easy to deploy across your fleet and simple to try it to see what a cloud-first OS has to offer.

Aamir Habib, Sales Specialist, Google Chrome

Supply Chain Resilience in a Time of Techtonic Geopolitical Shifts

Location: Beau Rivage Meeting Room

For decades, the confluence of globalization and digitization drove supply chains toward increasing complexity, optimization, opaqueness and insecurity. These physical and digital ties are fracturing at a rapid pace along geopolitical fault lines, powered by growing interstate hostilities, global trade wars, the Splinternet and emerging technologies, and an unprecedented pace of regulatory change. This session will detail the challenges and opportunities associated with these “techtonic” shifts and how organizations can take steps toward greater resilience during significant geopolitical uncertainty.

Andrea Little Limbago, VP of Research and Analytics, Interos

XDR: An Extension of SIEM or the Evolution of SIEM?

Location: MGM Grand Ballroom

SIEM (security information and event management) and XDR (extended detection and response) are powerful tools, but they are not one and the same. They each connect existing tools and solutions to provide better context and automate processes, but what is the fundamental difference between the two? In this session, we’ll cover market perceptions, current capabilities, and how IBM views the evolution of the two products.

Gary Katz, Chief Architect for Threat Content, IBM

11:30 am - 11:55 am

Metrics That Matter: Dashboards, Scorecards and More

Location: Aria Meeting Room

Panelists: Rahat Sethi, Tim Callahan, James Hartley
Moderator: Andy Ellis
Security initiatives generate countless metrics, so selecting the relevant information and presenting it in a useful and elegant way is a challenge. Learn how Adobe, Aflac and Zurich North America devised clear and actionable ways of communicating key security metrics. The results speak for themselves: elevating cyber risk visibility, measuring performance against goals, and closing the information gap between business leaders and security leaders.

Rahat Sethi, Director, Technology Governance, Risk and Compliance , Adobe

Tim Callahan, Senior VP/Chief Global Information Security Officer, Aflac

James Hartley, Associate Vice President of Cyber Security, Zurich North America
Andy Ellis, Advisory CISO, Orca Security

 

Post M&A Security Integration and Other Challenges

Location: Beau Rivage Meeting Room

Panelists: Tony Soules
Moderator: Beth Kormanik

Following a merger or acquisition, how do you ensure that each organization continues to stay protected while moving toward full integration of security programs and teams? Amgen, which recently went through that process, will share best security practices as it tackled consolidating data centers, application security, and protecting sensitive data.

Tony Soules, Executive Director, Information Security and Deputy Chief Information Security Officer, Amgen, Inc
Beth Kormanik, Manager, Content Development, Foundry, an IDG Inc. company

12:00 pm - 1:30 pm

Lunch

Location: Salon A

1:30 pm - 1:55 pm

New Approaches to Risk Management

Time: 1:30 pm – 1:55 pm
Location:
Aria Meeting Room

Panelists: Bob Bruns, Vidya Srinivasan
Moderator: Chris Ritchie

Identifying and managing security risks internally and with clients is a perennial challenge that requires a constant stream of new ideas. This session will explore Avanade’s new standardized, automated approach to managing risk as well as Genpact’s methodology of identifying risk throughout a lifecycle, a model that shifts risk from an InfoSec issue to the appropriate business unit. The result is that you’re not only speaking the language of business risk, but equipping the entire team to take action.

Bob Bruns, Chief Information Security Officer, Avanade
Vidya Srinivasan, Senior Vice President of Risk and Infrastructure, Genpact
Chris Ritchie, Vice President, North America, Foundry, an IDG Inc. company

 

The Heavy Lifting of Zero Trust

Time: 1:30 pm – 1:55 pm
Location:
Beau Rivage Meeting Room

Panelists: Stephanie Franklin-Thomas
Moderator: Beth Kormanik

Successful zero trust management of enterprise firewalls and other controls will have a ripple effect on the rest of the network. Learn best practices for implementing zero trust in an increasingly sophisticated threat environment, including partnering with business leaders and other security teams within an organization.

Stephanie Franklin-Thomas, Vice President & Chief Information Security Officer, ABM Industries
Beth Kormanik, Manager, Content Development, Foundry, an IDG Inc. company

 

2:00 pm - 2:25 pm

How to Think About Incident Response

Location: MGM Grand Ballroom

When cyberattacks are a matter of if, not when, effective responses are crucial to mobilize resources to contain the attack and limit damage. But does one kind of incident response fit all? Hear from CSO Hall of Fame inductees on their current thinking on incident response, how to plan and evaluate strategies, how to engage employees instead of demoralize them, and what they have learned from responding to real-world attacks.

Mark Connelly, Chief Information Security Officer, Boston Consulting Group
Chandra McMahon, Senior Vice President & Chief Information Security Officer, CVS Health

Moderated by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

2:25 pm - 2:50 pm

Getting Digitally Ready: Leaning Into New Technologies

Location: MGM Grand Ballroom

Creating strong cyber defenses and data protection is part of any security leader’s job. But so is building an offense. As CISO at Johnson & Johnson for more than 12 years, Marene Allison has drafted technology roadmaps that have helped the company pivot through unexpected challenges. Allison, a new CSO Hall of Fame inductee, will share her philosophy for keeping an eye on the future.

Marene Allison, Vice President and Chief Information Security Officer, Johnson & Johnson

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

2:50 pm - 3:20 pm

Break

Location: Salon A

Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.

3:20 pm - 3:50 pm

Join the Security Revolution

Location: MGM Grand Ballroom

Work has changed forever.  And it’s changed for the better. Anytime/anywhere productivity isn’t just possible, it’s popular and growing thanks to shifting social norms and cloud-first business strategies. As a result, a better and healthier flexible work schedule finally feels attainable. The catch is, these ways of working come with more vulnerabilities, risks and bad actors than ever before. And in many organizations, security hasn’t yet caught up to the aggressively paced change in working styles. Going back isn’t an option, so we must come together to move security forward. In this presentation, learn how Chrome Enterprise is evolving to provide new levels of proactive protection that complement today’s need for flexibility. It’s a look at  where security is heading, and where every business should be.

Loren Hudziak, Chrome Customer Engineer, Google Chrome

3:50 pm - 4:15 pm

Nurturing the Next Generation of Security Talent

Location: MGM Grand Ballroom

The best leaders build strong teams around them, from entry level to top deputies. Join us for insights into leading teams, empowering deputies, and knowing when to move on for a bigger job yourself.

John McClurg, Senior Vice President & CISO, BlackBerry

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

 

4:20 pm - 4:45 pm

Phish Fight: Strategies to Reduce Digital Harm

Time: 4:20 pm – 4:45 pm
Location:
Aria Meeting Room

Panelists: Diego Souza, Julie Moog
Moderator: Andy Ellis

Protecting the enterprise is everyone’s job, and it’s maddening how something as simple as clicking a malicious link can cause so much harm. Phishing threats evolve, and employees – including executives – can become complacent. Find out how TIAA revitalized its phishing awareness to raise the bar on KPI thresholds, hold associates accountable for poor performance, and invigorated a stagnated program, as well as how Cummins created the CyberSMART initiative to teach employees how to recognize the signs of potential phishing emails, how to respond to an active attack, and the proper handling of information and company assets.

Diego Souza, Global Chief Information Security Officer, Cummins, Inc
Julie Moog, Managing Director of Cybersecurity, TIAA
Andy Ellis, Advisory CISO, Orca Security

IT Solutions for Consumer Education

Time: 4:20 pm – 4:45 pm
Location:
Beau Rivage Meeting Room

Panelists: Max Graupner, Nick Percoco
Moderator: Beth Kormanik

A vital aspect of security is empowering the public on how to protect themselves against vulnerabilities. Using techniques such as passwordless technology, consumer education campaigns, and in-product privacy notifications, these companies all boosted security and privacy while improving the user experience.

Max Graupner, Senior Director of Security and Audit, RunBuggy
Nick Percoco, Chief Security Officer, Kraken
Beth Kormanik, Manager, Content Development, Foundry, an IDG Inc. company

4:50 pm - 5:20 pm

CSO50 Lightning Insights

Location: MGM Grand Ballroom

Join us for a lively series of five-minute market insights geared to solving your biggest challenges.

Vulnerability Program: Work Queue or Landfill? presented by Checkmarx

Lightning Insight, presented by LastPass

Cyber Threat Intelligence: Defining Needs for Your Organization & How it Can Be Used to Strengthen Your Cybersecurity Program Strategically & Tactically, presented by ZeroFox

Illuminating Hacker Ecosystems using Telos Advanced Cyber Analytics (ACA), presented by Telos Corporation

Be Quantum Secure, Today!, presented by Qrypt

Wednesday, September 21

8:00 am - 4:15 pm; 5:45 pm - 7:00 pm

Registration Open


Location:
MGM Grand Ballroom Foyer

8:00 am - 9:00 am

Networking Breakfast

Location: MGM Grand Ballroom, Salon A & Terrace

Grab a coffee and breakfast and connect with our sponsoring partners.

9:00 am - 9:05 am

Welcome & Opening Remarks

Location: MGM Grand Ballroom

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

9:05 am - 9:50 am

What to Do When Things Go Wrong

Location: MGM Grand Ballroom

Imagine that the worst moment of your professional career came in front of a global audience of 150 million people including your best customers, business partners, and the media – among them a crew from 60 Minutes. That’s what happened to Frank Supovitz, then the NFL’s senior vice president of events, during the historic Super Bowl blackout of 2013. The Super Bowl – an event that requires both cyber and physical security preparation – is just one of the high-profile events that Supovitz has managed over his career. Join us for an informative and entertaining session in which Supovitz shares his Ten Mega-Truths of Crisis Management, which provide a strategic framework and valuable takeaways for security leaders.

Frank Supovitz, President and Chief Experience Officer, Fast Traffic Events

9:50 am - 10:15 am

Building a Culture of Security Leadership

Location: MGM Grand Ballroom

Blackstone, the world’s largest alternative asset manager, supports a number of CISOs across its portfolio companies. Instead of operating independently, they regularly gather as a team to share best practices, tackle common challenges, and brainstorm creative solutions to vexing issues. It’s all in the service of managing risk, creating efficiency, maintaining a competitive edge, and accomplishing other goals for both the portfolio companies (which include Foundry) and the company overall. Join us to hear insights that any company can use for building a security culture, encouraging transparency, and more.

Adam Mattina, Managing Director & Deputy Chief Information Security Officer, Blackstone

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

10:15 am - 10:45 am

Break

Location: Salon A

Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.

10:45 am - 11:10 am

Cybersecurity Enforcement at the SEC

Location: MGM Grand Ballroom

Carolyn Welshhans, Associate Director, US Securities and Exchange Commission, Division of Enforcement

The Securities and Exchange Commission’s Cyber Unit focuses on cybersecurity controls at regulated entities; disclosures of cybersecurity incidents and risks; and violations involving digital assets, initial coin offerings and cryptocurrencies, among other duties. Hear from Carolyn Welshhans, associate director in the Division of Enforcement and acting chief of the Crypto Assets and Cyber Unit, on the commission’s proposed rules on cybersecurity risk management, strategy, governance, and incident disclosure; choices facing regulated companies; and how it will measure compliance.

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

11:10 am - 11:35 am

Leading Company-Wide Cybersecurity Transformations

Panelists: Daniel Garlick, Greg Barnes
Moderator: Bob Bragdon

Location: MGM Grand Ballroom

Sometimes the moment calls for massive projects with big ambitions. Two companies who recently led major cybersecurity initiatives – the manufacturing company Gates and biotechnology company Amgen – will discuss the hows and whys of taking a global approach, as well as address change management, getting buy-in from the top and across business units, and the results.

Daniel Garlick, Vice President  & Chief Information Security Officer, Gates

Greg Barnes, Vice President, Chief Information Security Officer Digital, Technology and Innovation, Amgen, Inc

Moderated by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

11:40 am - 12:05 pm

Bringing Adversary Engagement to Your Organization

Location: Aria Meeting Room
Panelists: Maretta Morovitz, Bill Hill

Hear from MITRE cyber experts on how to use cyber denial, deception, and adversary engagement to protect your organization. Using the MITRE Engage framework, find out the small steps you can take to quickly level up your cyber defense. Plus, learn how to connect with a whole community to support your efforts.

Maretta Morovitz, Group Leader of Cyber Operations, MITRE Labs

Bill Hill, Chief Information Security Official, MITRE

Modernizing Legacy Systems

Location: Beau Rivage Meeting Room

Panelists: Justin Sherenco, Shane McDaniel
Moderator: Beth Kormanik

Transforming legacy technology infrastructure is no small management task. Hear from organizations that figured out better ways to migrate legacy systems that were achieved on time and under budget and produced a more secure environment that immediately showed results.

Justin Sherenco, Director, Cybersecurity Operations and Engineering, United Airlines
Shane McDaniel, Director of IT, City of Seguin
Beth Kormanik, Manager, Content Development, Foundry, an IDG Inc. company

12:05 pm - 1:40 pm

Lunch

Location: Salon A

1:45 pm - 2:10 pm

The Future Role of the Security Officer

Location: MGM Grand Ballroom

As technologies and threats have changed, so too has the role of the security officer. Join us to hear Tim McKnight, EVP and CSO at SAP, discuss the core principles he has developed to become a successful security leader, trends and other developments to anticipate, and how he sees the role changing in the future.

Tim McKnight, Chief Security Officer, SAP

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

2:10 pm - 2:35 pm

Security as a Mindset and Culture: The Good, the Bad, and the Ugly

Location: MGM Grand Ballroom

Assuming that it’s not if but when organizations are going to have breaches, what does this mean to you relevant to your business? What are the keys to driving alignment on priorities, and business risk ownership and accountabilities? What do the conversations sound like to gain support for quantitative metrics for security, to raise the cost of attack and to preserve business continuity? In this session, we’ll hear from Bret Arsenault on the evolving role of CISO as strategic advisor on business risk and resiliency and key change agent for creating a secure digital culture. He will also share best practices and insights on what influences a board and how to address common questions boards ask their security leaders.

Bret Arsenault, CISO, Microsoft

Interviewed by:

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

2:40 pm - 3:05 pm

Industry Spotlight: Healthcare, Medical, Pharmaceutical & Bio-Tech

Location: Aria Meeting Room

Panelists: Dave Ruedger, Mehul Patel, Joshua Aaron
Moderator: Beth Kormanik

Explore security initiatives that meet the unique security and compliance needs of healthcare and related fields. Learn from award-winning projects that sought to secure sensitive R&D data, automate processes to ensure software versions met regulatory compliance, reduce complexity – all without slowing or stopping the flow of data and innovation.

Dave Ruedger, Chief Information Security Officer, Sunrun
Mehul Patel, Technical Director, Infrastructure & Security, Amyris, Inc
Joshua Aaron, CEO, Aiden Technologies
Beth Kormanik, Manager, Content Development, Foundry, an IDG Inc. company

Automating Security for Greater Efficiency

Panelists: Sharda Shetty, Haley Pereira
Moderator: Anne McCrory

Location: Beau Rivage Meeting Room

Forward-thinking companies are finding value in using AI as a vital part of the security toolbox that also saves expert resources for higher-priority work. Learn about projects – one to automate, orchestrate and scale app testing and another to automate triage and scoring of suspicious emails – that overcame implementation challenges to achieve meaningful results at scale.

Sharda Shetty, CIO India, Accenture’s ATCi

Haley Pereira, SAST, SCA and Threat Modeling Delivery Lead, Accenture CIO DevSecOps Engagement

Moderated by:

Anne McCrory, Group Vice President, Customer Experience & Operations, Events, Foundry, an IDG Inc. company

3:10 pm - 3:35 pm

Empowering Security Champions

Location: Aria Meeting Room

Panelists: Dennis Legori, Lisa Plaggemier, Matt Jackson
Moderator: Beth Kormanik

A motivated and well-trained workforce is an essential component of any successful security awareness program. Find out how Carrier, Code42 and the National Cybersecurity Alliance built engaging programs using competitions, training, social media, automation, and other creative methods to mitigate insider risk.

Dennis Legori, Associate Director, Security Awareness & Digital Communications, Carrier
Lisa Plaggemier, Executive Director, National Cybersecurity Alliance
Matt Jackson, Senior Director of Security Operations, Code42
Beth Kormanik, Manager, Content Development, Foundry, an IDG Inc. company

Securing the Hybrid Workforce

Location: Beau Rivage Meeting Room

Panelists: Bob Schuetter, John Sander, Imran Akhtar
Moderator: Anne McCrory

As remote and hybrid working models shift from temporary to permanent, security solutions have grown more sophisticated to provide secure, remote access to applications and data. Join us to learn how companies are implementing forward-thinking approaches – without disrupting employee productivity.

Bob Schuetter, Global Chief Information Security Officer, Ashland
John Sander, VP, Chief Information Security Officer, Wesco
Imran Akhtar, Cybersecurity Manager, Cox Automotive Enterprise
Anne McCrory, Group Vice President, Customer Experience & Operations, Events, Foundry, an IDG Inc. company

3:40 pm - 4:00 pm

CSO50 Key Takeaways & Insights

Location: MGM Grand Ballroom

Let’s make sure we walk away from this year’s conference with some real value points. Before we move on to recognize our CSO50 award winners and our CSO Hall of Fame inductees, we’ll regroup to collect the best practices that were shared this week.

Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, an IDG Inc. company

6:30 pm - 7:00 pm

CSO50 and CSO Hall of Fame Cocktail Reception

Location: Harbor Terrace

Join us to toast to the 2022 honorees.

7:00 pm - 9:00 pm

CSO50 and CSO Hall of Fame Awards Ceremony

Sponsored by IBM Security
Location: MGM Grand Ballroom

Come celebrate IT security excellence at this elegant dinner and awards ceremony where we will honor the CSO50 and CSO Hall of Fame award winners.