1:00 pm - 1:45 pm
| The SaaS Security Wake-Up CallAdam Fletcher, Chief Security Officer, Blackstone
It’s tempting – and easier – to assume that SaaS is secure by default. But companies will continue to experience breaches if security leaders fail to realize that they are the ones who need to configure the options that make SaaS secure. Join us for a discussion of the shared responsibility model and how CSOs and CISOs need to create a security plan for the lifecycle of their software.
Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO
|
|
1:45 pm - 2:05 pm
| Supply Chain Resilience, Observability and RiskStuart Phillips, Product Marketing Director for Cyber, Interos
Supply chain interruptions are no longer “black swan” events, but a growing reality for many organizations. Interruptions can impede growth, as well as affect customer satisfaction and company reputation. That’s why many turn to AI and machine learning-enabled systems, such as those by Interos, to map, monitor, and model supply chain threats in the political, financial, cyber, geolocation, ESG, or operational realms. How well do you know your suppliers – or your suppliers’ suppliers?
Interviewed by: Charles Pelton, Contributing Editor, CSO, Foundry, formerly IDG Communications, Inc.
Watch a replay of the session here!
|
|
2:05 PM - 2:30 PM
| Securing the Software Supply ChainBrian Behlendorf, General Manager, Open Source Security Foundation
The new Open Source Software Security Mobilization Plan – a $30 million effort supported by Amazon, Ericsson, Intel, Google, Microsoft and VMware led by the Linux Foundation and Open Source Security Foundation – will chart ways to improve the security of open-source software. Join us to learn more about the stakes of a secure software supply chain, what the initiative hopes to achieve, and the challenge that lie ahead.
|
|
2:30 pm - 2:55 pm
|
Building Resiliency into Third-Party RelationshipsAlex Attumalil, Global Chief Information Security Officer, Under Armour
Ronald Banks, Executive Vice President, Chief Information Security Officer, Texas Capital Bank
You may feel confident about your internal security protocols, but what do you know about the security practices of the vendors you work with? Third-party security assurance is vital ensure that your vendors have the same level of security as your own organization. What do the due diligence process and other security assessments look like initially in contracts and service-level agreements? How should you structure ongoing monitoring through audits and other tools? Join us to explore strategies for how to stay resilient while trusting your data and services with a third party.
Moderated by: Richard Latayan, Chief Information Security Officer, AAA National
| Protecting Critical Infrastructure in A Time of WarChristopher Burgess, CSO contributor, author, ex-CIA
Christopher Painter, President, GFCE Foundation Board
Russia preceded its invasion of Ukraine with a cyberattack on the Viasat satellite communications system and DDoS attacks on Ukrainian governments websites. Since then, critical infrastructure on both sides have been targeted with cyberattacks, some carried out by vigilante groups. The Russia-Ukraine conflict give us a first look at modern cyberwarfare, how it might impact critical infrastructure, and what organizations can do to prepare for the threat. This discussion will examine the military and psychological objectives of wartime cyber actions, assess their effectiveness, and review what security professionals can learn from it.
Moderated by: Cynthia Brumfield, Contributing Writer, CSO
|
|
|
2:55 PM - 3:10 PM
| Concurrent Silver SessionsModernizing Your Security Operations, With Soc-As-A-Service
Mark Chatoor, Director, Product Management, Cysiv
Because cyber criminals and insiders can bypass most defenses, it’s now essential that enterprises be able to quickly detect and respond to threats before they disrupt or damage your business. Learn how SOC-as-a-service can quickly and effectively modernize your SecOps, and the important role data science and analytics plays in addressing threats targeting your enterprise, including cloud workloads.
Watch a replay of the session here!
|
|
3:10 PM - 3:20 PM
| BreakLocation: Salon A
Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.
|
|
3:20 PM - 3:50 PM
| Strategies for a World-Class Cybersecurity CenterKathryn Knerler, Department Manager and Senior Principal Cybersecurity Architect, MITRE Labs
Ingrid Parker, Manager of Intelligence, Red Canary
Join us for an interactive workshop on building a world-class cybersecurity center with experts who literally wrote the book on the subject. Learn how to put together a cybersecurity center, hire and train the right people and implement the tools to protect and defend. Leave with tips on how to run CISO operations that you can enact immediately to enhance your operations.
|
|
3:50 PM - 4:20 PM
| CISOs in the Hot Seat: Navigating Regulation and LiabilitySimon Fawell, Partner, Signature Litigation
Aravind Swaminathan, Partner, Orrick, Herrington & Sutcliffe LLP
Jack O’Meara, Director and Cyber Litigation Support Lead, Guidehouse
Increasing data protection, privacy, and cybersecurity regulations are piling on the litigation pressure for CISOs across sectors and geographies. In this session, a panel of experts reflect on the cybersecurity liability threats CISOs face today and outline how security leaders can avoid falling foul of strict legislation across the United States.
Moderated by: Michael Hill, Editor, CSO Online
|
|
4:20 PM - 4:40 PM
| Lightning InsightsJoin us for a variety of lightning insights from industry executives.
Secure Software Creates New Possibilities
Presented by ForAllSecure
Cyber Situational Awareness Techniques
Presented by Netenrich
What is Passwordless?
Presented by Okta
Recorded Future Product Updates
Presented by Recorded Future
Watch a replay of the sessions here!
|
|
4:40 PM - 5:00 PM
| Incorporating Security in the Software Development LifecycleKatie Norton, Senior Research Analyst, DevOps, IDC
It has become increasingly imperative for security to be integrated into the development process rather than added at the end of the development cycle. “Shift left” and DevSecOps have become synonymous, however security should be enforced across all phases of the lifecycle, including initial design, planning, development, integration, testing, deployment, and monitoring. Join us to learn about the areas where security is injected throughout the development lifecycle, supported by research insights and market data, and how – and why – to interweave it from start to finish.
|
|
5:00 PM - 5:30 PM
| Taking Control of Your Organization’s Security DestinyVaughn Hazen, Assistant Vice-President & CISO, CN
CN, Canada’s largest railway and North American transportation and logistics leader, faces constant security threats. Join us to learn how to become a more resilient security leader in an evolving regulatory landscape and after the fallout from the pandemic on cybersecurity. Learn how to optimize investments in information security and the best ways to mitigate risk.
Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, formerly IDG Communications
|
|