What’s Happening, and When

The Event Environment Remains Open: Login Here

All times listed on the agenda are Eastern Standard Time.

1:00 pm - 1:45 pm

The SaaS Security Wake-Up Call

Adam Fletcher, Chief Security Officer, Blackstone

It’s tempting – and easier – to assume that SaaS is secure by default. But companies will continue to experience breaches if security leaders fail to realize that they are the ones who need to configure the options that make SaaS secure. Join us for a discussion of the shared responsibility model and how CSOs and CISOs need to create a security plan for the lifecycle of their software.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO

1:45 pm - 2:05 pm

Supply Chain Resilience, Observability and Risk

Stuart Phillips, Product Marketing Director for Cyber, Interos

Supply chain interruptions are no longer “black swan” events, but a growing reality for many organizations. Interruptions can impede growth, as well as affect customer satisfaction and company reputation. That’s why many turn to AI and machine learning-enabled systems, such as those by Interos, to map, monitor, and model supply chain threats in the political, financial, cyber, geolocation, ESG, or operational realms. How well do you know your suppliers – or your suppliers’ suppliers?

Interviewed by: Charles Pelton, Contributing Editor, CSO, Foundry, formerly IDG Communications, Inc.

Watch a replay of the session here! 

2:05 PM - 2:30 PM

Securing the Software Supply Chain

Brian Behlendorf, General Manager, Open Source Security Foundation

The new Open Source Software Security Mobilization Plan – a $30 million effort supported by Amazon, Ericsson, Intel, Google, Microsoft and VMware led by the Linux Foundation and Open Source Security Foundation – will chart ways to improve the security of open-source software. Join us to learn more about the stakes of a secure software supply chain, what the initiative hopes to achieve, and the challenge that lie ahead.


2:30 pm - 2:55 pm

Building Resiliency into Third-Party Relationships

Alex Attumalil, Global Chief Information Security Officer, Under Armour
Ronald Banks, Executive Vice President, Chief Information Security Officer, Texas Capital Bank

You may feel confident about your internal security protocols, but what do you know about the security practices of the vendors you work with? Third-party security assurance is vital ensure that your vendors have the same level of security as your own organization. What do the due diligence process and other security assessments look like initially in contracts and service-level agreements? How should you structure ongoing monitoring through audits and other tools? Join us to explore strategies for how to stay resilient while trusting your data and services with a third party.

Moderated by: Richard Latayan, Chief Information Security Officer, AAA National

Protecting Critical Infrastructure in A Time of War

Christopher Burgess, CSO contributor, author, ex-CIA
Christopher Painter
, President, GFCE Foundation Board

Russia preceded its invasion of Ukraine with a cyberattack on the Viasat satellite communications system and DDoS attacks on Ukrainian governments websites. Since then, critical infrastructure on both sides have been targeted with cyberattacks, some carried out by vigilante groups. The Russia-Ukraine conflict give us a first look at modern cyberwarfare, how it might impact critical infrastructure, and what organizations can do to prepare for the threat. This discussion will examine the military and psychological objectives of wartime cyber actions, assess their effectiveness, and review what security professionals can learn from it.

Moderated by: Cynthia Brumfield, Contributing Writer, CSO

2:55 PM - 3:10 PM

Concurrent Silver Sessions

Modernizing Your Security Operations, With Soc-As-A-Service

Mark Chatoor, Director, Product Management, Cysiv

Because cyber criminals and insiders can bypass most defenses, it’s now essential that enterprises be able to quickly detect and respond to threats before they disrupt or damage your business. Learn how SOC-as-a-service can quickly and effectively modernize your SecOps, and the important role data science and analytics plays in addressing threats targeting your enterprise, including cloud workloads.

Watch a replay of the session here!

3:10 PM - 3:20 PM


Location: Salon A

Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.

3:20 PM - 3:50 PM

Strategies for a World-Class Cybersecurity Center

Kathryn Knerler, Department Manager and Senior Principal Cybersecurity Architect, MITRE Labs
Ingrid Parker
, Manager of Intelligence, Red Canary

Join us for an interactive workshop on building a world-class cybersecurity center with experts who literally wrote the book on the subject. Learn how to put together a cybersecurity center, hire and train the right people and implement the tools to protect and defend. Leave with tips on how to run CISO operations that you can enact immediately to enhance your operations.

3:50 PM - 4:20 PM

CISOs in the Hot Seat: Navigating Regulation and Liability

Simon Fawell, Partner, Signature Litigation
Aravind Swaminathan, Partner, Orrick, Herrington & Sutcliffe LLP
Jack O’Meara, Director and Cyber Litigation Support Lead, Guidehouse

Increasing data protection, privacy, and cybersecurity regulations are piling on the litigation pressure for CISOs across sectors and geographies. In this session, a panel of experts reflect on the cybersecurity liability threats CISOs face today and outline how security leaders can avoid falling foul of strict legislation across the United States.

Moderated by: Michael Hill, Editor, CSO Online

4:20 PM - 4:40 PM

Lightning Insights

Join us for a variety of lightning insights from industry executives.

Secure Software Creates New Possibilities
Presented by ForAllSecure

Cyber Situational Awareness Techniques
Presented by Netenrich

What is Passwordless?
Presented by Okta

Recorded Future Product Updates
Presented by Recorded Future

Watch a replay of the sessions here!

4:40 PM - 5:00 PM

Incorporating Security in the Software Development Lifecycle

Katie Norton, Senior Research Analyst, DevOps, IDC

It has become increasingly imperative for security to be integrated into the development process rather than added at the end of the development cycle. “Shift left” and DevSecOps have become synonymous, however security should be enforced across all phases of the lifecycle, including initial design, planning, development, integration, testing, deployment, and monitoring. Join us to learn about the areas where security is injected throughout the development lifecycle, supported by research insights and market data, and how – and why – to interweave it from start to finish.

5:00 PM - 5:30 PM

Taking Control of Your Organization’s Security Destiny

Vaughn Hazen, Assistant Vice-President & CISO, CN

CN, Canada’s largest railway and North American transportation and logistics leader, faces constant security threats. Join us to learn how to become a more resilient security leader in an evolving regulatory landscape and after the fallout from the pandemic on cybersecurity. Learn how to optimize investments in information security and the best ways to mitigate risk.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry, formerly IDG Communications

1:00 PM - 1:45 PM

How Leaders Can Thrive in the Face of Adversity

Eva Selhub, Resiliency Expert & Coach

Under the constant pressures of malware, insider threats and global conflict, even the most capable CISOs and CSOs may be suffering from burnout. How can you manage adversity and improve performance in the face of chaos? In this transformational talk, resilience expert and coach Dr. Eva Selhub will guide participants to build your personal infrastructure to creating a strong foundation that will help you and your team thrive. Learn how to master stress and use it to your advantage, redirect negative emotions, and implement practical, efficient and effective solutions while enhancing productivity, focus, engagement, creativity and optimal leadership.

1:45 PM - 2:10 PM

Beyond Lift & Shift: Strategic Legacy App Modernization

Ram Vaidyanathan, Cybersecurity Specialist, ManageEngine

We’re asking a lot of our developers and DevOps teams. DevSecOps sounds like just another job, all while demanding more innovation. The math doesn’t add up. But counterintuitively, DevSecOps has proven results that can actually save time while improving results. Join us as we discuss the challenges to achieving DevSecOps and the benefits once you get there.

Interviewed by: Michael Hainsworth, Contributing Editor, IDC & CSO, Foundry, Formerly IDG Communications, Inc.

Watch a replay of the session here!

2:10 PM - 2:30 PM

Live Discussion: Dr. Eva Selhub on Resilience and Overcoming Burnout

Eva Selhub, Resiliency Expert & Coach

Following her keynote presentation, Dr. Eva Selhub will answer your questions about maintaining health, happiness and drive in a stressful work situations. She can discuss practical solutions to burnout – both in yourself and on your teams. Bring you questions and challenges for a lively and productive interactive conversation.

Moderated by: Beth Kormanik, Manager, Content Development, Foundry (formerly IDG Communications)

2:30 PM - 2:55 PM

Building Agility to Face Emerging Threats

Mishu Rahman, Head of Cyber Strategy, Business Risk, Board Governance, and Regulation, BNP Paribas

When facing an emerging threat, whether a zero-day incident or a unexpected geopolitical issues, few organizations have the ability to turn on a dime despite a rich toolbox and efforts at threat anticipation. The necessary framework and agility to mobilize stakeholders from the board to individual analysts, and often restructure resources and investment is a major challenge. Learn how to identify and work through bottlenecks, understand the difference between managing risk and managing compliance, and what to expect as regulators raise the bar.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

Strategies for Strong Security Leadership

Doug Fisher, SVP & CSO, Lenovo

Communication and culture are essential at Lenovo, a Fortune Global 500 technology company. Join us for a leadership-focused discussion covering topics such as building a security-first culture, strengthening your organization, and forging a connection to the board and senior leadership.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, Foundry (formerly IDG Communications)

2:55 PM - 3:05 PM


Location: Salon A

Now’s the time to refresh your coffee, visit sponsor booths, or set up a quick meeting with other attendees.

3:05 PM - 3:35 PM

Redefining Insider Threats and Third-Party Risk

Christopher Burgess, CSO contributor, book author, ex-CIA
Adrian Ludwig
, Chief Trust Officer, Atlassian

According to a recent Ponemon Institute study, more than half of insider security incidents are caused by negligent employees and contractors and one in five involve stolen credentials. Over the past few years, attackers have increasingly targeted remote employees, software vendors, managed IT services providers and business partners to abuse their legitimate access into corporate networks. Join us for a discussion on how this is changing the insider threat landscape and the challenges organizations face mitigating these risks.

Moderated by: Lucian Constantin, Senior Writer, CSO Online

3:35 PM - 4:00 PM

Managing Access for the Modern Workplace

Christofer Hoff, Chief Secure Technology Officer, LastPass

Passwords are the keys to your kingdom – yet one of the areas where you are most vulnerable. To get employees to comply with your policies in the modern, often hybrid workplace, you need to make it easy for them to do so. Join this session and learn how today’s leading organizations are balancing usability with security, where they are making tradeoffs, and how they are selecting the right approach to keep their data and applications safe.

Anne McCrory, GVP, Customer Experience and Operations, Events, Foundry

Watch a replay of the session here!

4:00 PM - 4:25 PM

Our Passwordless Future

Andrew Shikiar, Executive Director, FIDO Alliance

With the many risks associated with passwords, businesses need to find new solutions to stop relying on them – and all credential-related attacks. Find out how the FIDO Alliance is forging a safer path with its specifications, which includes plan from Apple, Google and Microsoft to support passkeys as sign-in alternative in order to turn the tide on data breaches and remote attacks. Learn about regulatory pushes in the United States and globally on authentication as well as issues around biometrics and privacy.

Interviewed by: Beth Kormanik,Manager, Content Development, Foundry, formerly IDG Communications

4:25 pm - 4:55 pm

Cybersecurity Metrics that Matter

Victor Shadare, Head of Cyber Security, Condé Nast
Pete Lindstrom,
Vice President of Research, Spire Security
Andy Ellis,
Advisory CISO, Orca Security

Quantifying the success and the value of cybersecurity initiatives is essential, both in proving how well the function is performing as well as in attracting new funding. Choosing the right metrics to share will help you make that case. In this session we will explore the metrics that are necessary for the CISO and those are better suited to the board for oversight and budgetary decisions.

Moderated by: Michael Nadeau, Senior Editor, CSO

Agenda subject to change.