About CISO Forum Virtual Summit

Designed for senior level security leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum's virtual edition will be hosted on November 13, 2024. 
 
Throughout this virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions. 
 
Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Agenda

time icon 11:00

Not Your Grandparents AI: New Age of Cybersecurity and IT Management

Join us for an engaging and insightful journey through the evolution of AI, from the pioneering days of Turing to today's cutting-edge generative models. In "Not Your Grandparent's AI: New Age of Cybersecurity and IT Management," we explore how AI is revolutionizing IT operations and cybersecurity, transforming our approaches to data analysis, threat detection, and endpoint management. We'll delve into:

  • the emotional rollercoaster of technology adoption
  • the new risks posed by generative AI how to balance
  • the need for speed and real-time data with security imperatives

This discussion will equip you with a deeper understanding of the current landscape and future trajectory of AI in our industry. Come discover how to harness AI's potential while navigating its challenges.

Tim Morris

Tanium, Chief Security Advisor

<p>Tim is a visionary leader and an expert in IT and cyber security, with decades of experience in various industries. He joined Tanium after retiring from Wells Fargo, where he was an SVP and led several teams in cyber operations, engineering, and research. He holds 24 US patents and has written many articles on cyber security topics. He is also a trusted source of insights and opinions for major publications and web shows, where he shares his knowledge and passion for the field. Tim started his IT career as a developer and sysadmin in manufacturing, then moved to banking, where was a software packaging, scripting, active directory administration, and M&amp;A projects. He has been dedicated to cybersecurity since 2009, specializing in areas such as detection and response, systems and patch management, vulnerability assessment, web-content filtering, malware analysis, red-teaming, and digital forensics.</p>

time icon 11:30

Avoid Migrating Legacy Issues to the Cloud: The Cloud Optimization Framework (COF)

What's the number one challenge organizations face today in managing cybersecurity threats in the cloud? Is it the rapid evolution of malware and zero-day threats, or is it the way we're structured to handle these issues? At Palo Alto Networks, we’ve developed a best practices framework specifically for cloud environments. This approach allows us to move past the common pitfalls that may have carried over into the cloud and to establish policies and procedures that can effectively address these challenges. Join this session to explore:

  • What’s gone wrong in cloud security, particularly with organizational silos and outdated policies/procedures
  • The best practices to overcome these issues
  • How to realistically implement meaningful change

Ben Nicholson

Global Practice Lead, Prisma Cloud by Palo Alto Networks

Ben Nicholson is a Global Practice Leader for Prisma Cloud at Palo Alto Networks. In this role, he orchestrates the seamless deployment of Prisma Cloud solutions for a diverse clientele and has in-depth working knowledge of many security platforms. With 20 years of experience in cybersecurity, Ben has held a range of product and security consulting roles for technology companies across North America.

time icon 12:00

Hunting in High Definition to Amplify SecOps

With an evolving threat landscape, the art of threat hunting has also advanced. In this session, we’ll dive into the art of threat hunting, anomaly detection, forensic investigations, and more, presenting a comprehensive approach to bolstering security operations. Explore the concept of amplifying security operations by harnessing the power of high-definition data analysis. Key strategies highlighted include innovative concepts such as Chained Detections and multi-directional hunts, all powered by AI. This methodology involves connecting seemingly unrelated artifacts and events to unveil hidden patterns, identify potential threats, and proactively mitigate risks before they escalate. Join us as we explore the forefront of cybersecurity operations and discover how the art of hunting in high definition can amplify your security operations.

Albert Caballero

SentinelOne, Field CISO

Albert Caballero is a patented cybersecurity expert, technology strategist, and published author with a passion for security engineering, cloud computing, and threat intelligence. Field CISO at SentinelOne, he has acted as Global Head of Security Engineering at Warner Bros. Discovery, CISO of HBO Latin America, and BISO within both WarnerMedia and AT&T. Co-founder of Trapezoid, a cybersecurity software company focused on firmware integrity management, and a SIEM Product Manager, he has also run a large Security Operations Center (SOC) at Terremark, a Verizon Managed Services Provider.

time icon 12:30

Identity Security: New Threats. New Paradigms.

As the threat landscape continues to intensify, relying on traditional models to secure identities is a losing proposition. It’s time to challenge conventional thinking and apply new security models to defend against identity-based cyberattacks. In today's world, characterized by the proliferation of identities and the double-edged sword of AI, every organization must embrace a set of new paradigms to secure every user - human and machine.

Nick McCrorey

CyberArk, VP, Security Strategic Advisory

Nick has been with CyberArk for 15 years in a variety of customer-facing roles. Through his extensive experience working with enterprises globally, Nick has gained perspective on the most effective strategies for securing identities. In his current role, Nick collaborates directly with CISOs to ensure executive-level alignment on Identity Security programs.

time icon 12:30

Data-First TPRM: Revolutionize Third-Party Assessments with an Exchange

Third-Party Risk Management (TPRM) jobs like onboarding, continuous monitoring, or 4th party risk evaluation require a lot of data that many organizations struggle to obtain. Until now. ProcessUnity’s Global Risk Exchange delivers the industry’s most advanced third-party risk data for you to harness for increased efficiency and effectiveness, ushering in a completely new way of tackling common TPRM challenges. Join us for an in-depth look at ProcessUnity’s Global Risk Exchange. In this session we’ll explore how the Global Risk Exchange leverages real-time data, advanced analytics, and Artificial Intelligence to deliver a more efficient, effective, and proactive TPRM process. Discover the key benefits of adopting a data-first strategy and how it can position your organization for success in an increasingly complex risk landscape. Key Takeaways:

  • Tips to identify and overcome the greatest challenges in managing third-party risk assessments.
  • Unique ways to embed third-party risk data into procurement due diligence, onboarding, ongoing monitoring, and emerging threat scenarios.
  • Introduction to the Exchange model for TPRM.

Sophia Corsetti

ProcessUnity, Product Marketing Manager

Sophia is a third-party risk management product specialist at ProcessUnity. Sophia conducts thorough research on industry best practices and has in-depth product knowledge of how CISOs and CPOs use the ProcessUnity platform.

time icon 13:00

How to Build an Effective Cyber Drilling Program

Today, most cyber threats target your people with potentially disastrous consequences. Join Immersive Labs as we discuss how to implement an effective cyber and micro drills program to prepare your organization for the latest attacks. Our experts will share best practices for giving your teams the knowledge, skills, and judgment they need to prevent and respond to cyber threats.

Jamie Knobles

Immersive Labs, Manager, Solutions Consulting

Jamie Knobles leads the Solutions Consulting team for Immersive Labs in North America. Initially entering the industry as a network engineer delivering managed services to data center customers, Jamie recognized the importance of adapting organizational defenses to counter cyber threats in today's fast-evolving digital landscape, and now focuses on helping organizations build and maintain cyber resilience across the entire workforce.

time icon 13:00

The importance of CISAs Stop Ransomware Guidelines and How to Meet Them

In this session, Brad Linch, Director of Enterprise Strategy at Veeam, will go through what CISA's stop ransomware Guidelines are, and how organizations can better prepare against cyberattacks. Successful cyberattacks are a result of a series of compounding failures. Simply being better prepared can go a long way.

Brad Linch

Veeam, Director of Technical Strategy

Brad is the Director of Technical Strategy in the office of the CTO. Brad has over 10 years of experience helping customers recover their data from both disaster and cyber incidents. Prior to Veeam, he worked at EMC where he focused on emerging technologies. At Veeam Brad has worn several hats from enterprise systems engineer to managing systems engineers to now driving strategic product and go-to-market programs while evangelizing Veeam's Data Resilience vision to keep businesses running.

time icon 13:30

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

time icon 13:45

CISO Playbook: Nailing Your Next Board Meeting

Translate security concepts into business language and nail your next board presentation. Learn from experienced security leaders who have successfully earned their seat at the boardroom table. You’ll gain actionable insights on how to effectively communicate your security strategy in ways that resonate with the board and hear candid advice from seasoned CISOs. We’ll explore:

  • Aligning with Board Expectations: Where CISOs should focus their time and attention during board meetings. Learn how to tailor your messaging for maximum impact.
  • Simplifying Technical Concepts: Learn strategies to break down complex security topics into digestible, business-focused narratives that resonate with non-technical board members.
  • Understanding how board members think: Uncover how to work with the board and senior leadership to align on risk tolerance and prepare for worst-case scenarios, ensuring the business is resilient in the face of security incidents.
  • Positioning security as a Business Enabler: Gain practical tips for demonstrating the ROI of security initiatives.
  • This is your opportunity to elevate your boardroom strategy.

Ryan Kazanciyan

Wiz, CISO

As Chief Information Security Officer for Wiz, Ryan leads security engineering, operations, and risk & compliance functions. Previously, as a security engineering lead for Meta, Ryan focused on detection & response operations, WhatsApp and Messenger security strategy, and mergers & acquisitions diligence. In prior roles, Ryan was the Chief Technology Officer for Tanium, where he oversaw platform and product strategy, and a Technical Director for Mandiant, where he led dozens of breach investigations involving state espionage and financial crime. Ryan has been an instructor for Black Hat and the FBI's Cyber Squad, a contributing author for "Incident Response and Computer Forensics, 3rd Edition", and the technical consultant for seasons 2 and 3 of TV's "Mr. Robot."

Emily Heath

Cyberstarts, General Partner

Emily Heath is General Partner of Venture Capital firm Cyberstarts. She is a former security excecutive most recently serving as SVP & Chief Trust & Security Officer at DocuSign based in San Francisco, California. She is also a Board member for Gen Digital, (NASDAQ: GEN), formerly Norton Lifelock as well as cloud security company Wiz and Governance Risk & Compliance company LogicGate.Prior to DocuSign, she was the Chief Information Security Officer at United Airlines, and for F500 architecture, engineering and construction firm, AECOM where she led the global information security, regulatory compliance and risk programs. Prior to these roles, Emily served in various IT leadership positions, working with MGM Studios, Sony Pictures and home fitness company Beachbody LLC. Originally from Manchester, England, Emily is a former Police Detective from the UK Financial Crimes Unit where she led investigations into international investment fraud, money laundering and large scale identity theft cases, running joint investigations with the FBI, SEC and London’s Serious Fraud Office.Emily and her teams have been the recipients of CSO Magazine’s CSO50 Awards on numerous occasions for their work in cyber and risk. She has also been honored as part of CSO Magazines inaugural CSO hall of fame. She is a leader who believes in building creative, diverse and inclusive teams which has earned recognition both inside and outside the industry.

Jeremy Smith

Avery Dennison, VP, Information Security Officer

Jeremy Smith, the award-winning Vice President and Global Information Security Officer at Avery Dennison, is a renowned cybersecurity thought leader with over 15 years of experience. Driving the global cybersecurity strategy, he protects the company's critical data and assets while fostering a culture of security awareness. As a recognized expert in information security, risk management, and IT governance, Jeremy has built resilient security programs aligned with business goals. His innovative approach and commitment to continuous improvement have positioned him as a trusted voice in the industry. Beyond his leadership at Avery Dennison, Jeremy serves on advisory boards for several leading cybersecurity companies, offering his insights on emerging trends and threats. His collaborative nature and deep understanding of the industry have made him a valuable contributor to shaping the future of cybersecurity.

time icon 13:45

AI in the Software Supply Chain: How to Navigate New Threats While Balancing Innovation and Security

Generative AI, LLMs, and open source machine learning models provide a competitive edge for development teams and enterprises at large. Gartner has predicted that by 2025, 70% of enterprises will have operationalized AI architectures. However, with this adoption comes novel threat vectors within the software supply chain, affecting both software producers and enterprise software buyers. In this presentation, we will outline considerations that organizations must take when integrating AI into the software they build and buy, along with how to safeguard against threats that can be exploited by AI. This session will cover:

  • The adoption of developer AI copilots and open source ML models and how they can be a vehicle for malware, tampering, and malicious behaviors
  • How to remove the barriers to adopting advanced AI/ML capabilities without sacrificing due diligence
  • How to minimize your exposure to AI-powered software exploits

Dan Petrillo

ReversingLabs, VP, Product Marketing

Dan’s experience in security strategy began as the Product Manager for an Industrial IoT company in charge securing of building automation systems. He then spent time leading Product Marketing for Cybereason, Morphisec, Guardicore, and Akamai before joining ReversingLabs. Dan attended Northeastern University for his bachelor of science degree in Electrical Engineering.

Joe Coletta

ReversingLabs, Sr. Product Marketing Manager

Joe is a seasoned product marketing professional with 10 years of experience in application security. Originally an AppSec consultant, he brings his frontline experiences working with Fortune 500 enterprises to discuss cybersecurity trends and best practices.

time icon 14:15

Practical CISO Strategies for Navigating M+A Deals

Presented by Dheeraj Gurugubelli, Senior Director in EY’s Transaction Strategy & Execution Group, and John Hauser, Principal, M&A Cybersecurity and Data Privacy at EY, this session is based on takeaways from advising private equity investors and corporate sellers on cybersecurity risks and preservation of valuations in over 250+ M&A deals. Speakers will share practical strategies CISO’s can use when going through mergers, acquisitions, and divestitures. Including the right time to get involved, how to conduct/prepare for cybersecurity due diligence, limitations of technical tests, challenges, and more.

John Hauser

EY Parthenon, Principal, M&A Cybersecurity and Data Privacy

<p class="MsoNormal">Prior to joining EY, John worked as a Special Agent with the FBI and as an Assistant United States Attorney. He has extensive experience&nbsp;investigating and prosecuting complex, high-profile cases, including international cyber crime rings, and nation-state hackers who stole trade&nbsp;secrets from western corporations. John represented the FBI at meetings of the National Security Council, which produced an Executive&nbsp;Order imposing economic sanctions against overseas cyber offenders which was signed by the President in April 2015.<o:p></o:p></p><p class="MsoNormal">Since arriving at EY, John has been asked to present or provide commentary on cybersecurity matters in multiple venues, including&nbsp;Columbia Business School, private equity firm Carlyle&rsquo;s CISO Council, The Deal webcast, and the Wall Street Journal. John has been&nbsp;mentioned by name for his efforts in fighting cybercrime in the book Dawn of the Code War. He has also presented at multiple Private Equity&nbsp;CIO/CISO conferences, including Carlyle, Hellman &amp; Friedman, AEA, and others.<o:p></o:p></p><p class="MsoNormal">While at EY, John has primarily focused on cyber and data privacy advice for clients, including extensive experience in challenging,&nbsp;hardening, and shaping world class Cyber security organizations and capabilities through a strategic CISO perspective.</p>

Dheeraj Gurugubelli

EY-Parthenon, Senior Director, Cybersecurity and Data Privacy Practice

<p>Dheeraj Gurugubelli is a Senior Director in EY&rsquo;s Transaction Strategy &amp; Execution Group. He has over 10 years of security experience and worked with&nbsp;several Fortune 500 and PE clients spanning cyber risk management, strategy, tactical cybersecurity operations, data protection initiatives, and incident&nbsp;response. He advised and executed on security transformation efforts for clients in industries such as Financial Services, Healthcare, Retail, and Energy.</p><p>Dheeraj advises both private equity and corporates on cybersecurity strategy, risk, and security transformation across the capital agenda. He has led cybersecurity diligence in over 250 M&amp;A deals ($180B in assets transferred) across multiple industries globally.</p><p>Prior to EY, Dheeraj worked with Deloitte and Schlumberger. In the past, Dheeraj has published security research and has been cited by media outlets and&nbsp;organizations such as NATO. He has also served as a visiting scholar for the cybersecurity labs at Purdue University.</p><p>Dheeraj delivered a guest lecture on &ldquo;Impact of Cybersecurity in M&amp;A valuations&rdquo; at Harvard&rsquo;s Mergers, Acquisitions, and Restructuring program.</p>

time icon 15:00

PANEL: The Economics of Cyber: Balancing Innovation, Spending, and Vendor Lock-in

This panel will explore the growing trend of platformization in cybersecurity, where companies shift towards integrated, all-in-one solutions from major vendors. The discussion will feature leading CISOs sharing insights on how this shift is changing enterprise spending patterns and influencing startup innovation and venture capital investments. 

The panel will also address the pros and cons of vendor consolidation, including M&A  trends among established players, and examine the strategic trade-offs between integrated platforms and specialized solutions in today’s SaaS-dominated landscape.

Nick Vigier

Oscar Health, CISO

<p class="MsoNormal">Nick Vigier is the CISO for Oscar Health, a publicly traded Affordable Care Act insurer with a mission of helping people live healthier lives. He has been in the security industry for over 20 years in a variety of security leadership roles, such as an advisor as well as a CIO.</p>

Jason Kikta

Automox, CISO

<p class="MsoNormal">Jason Kikta is the Chief Information Security Officer at Automox. He previously&nbsp;served for over twenty years in the United States Marine Corps. This included&nbsp;seven years at United States Cyber Command designing and managing the&nbsp;national counter-APT and counter-ransomware missions. Jason is also an&nbsp;adjunct lecturer at the Alperovitch Institute for Cybersecurity Studies at the&nbsp;Johns Hopkins University&rsquo;s School of Advanced International Studies in&nbsp;Washington, DC. Additionally, he is an adjunct Senior Technical Advisor to the&nbsp;Institute for Security and Technology in San Francisco, CA.</p>

Fernando Montenegro

Omdia, Industry Analyst

<p class="MsoNormal">Fernando is a Senior Principal Analyst on Omdia&rsquo;s cybersecurity research team, based in Toronto, Canada. He focuses on the Infrastructure Security Intelligence Service, which provides vendors, service providers, and enterprise clients with insights and data on network security, content security, and more.<o:p></o:p></p><p class="MsoNormal">Fernando&rsquo;s experience in enterprise security environments includes network security, security architecture, cloud security, endpoint security, content security, and antifraud. He has a deep interest in the economic aspects of cybersecurity and is a regular speaker at industry events.&nbsp;</p><p class="MsoNormal">Before joining Omdia in 2021, Fernando was an industry analyst with 451 Research. He previously held a variety of operations, consulting, and sales engineering roles over his 25+ years in cybersecurity, always focusing on enterprise security at organizations including vArmour, RSA, Crossbeam, Hewlett Packard, and Nutec/Terra. Fernando holds a Bachelor of Science in computer science and different industry certifications.</p>

Ryan Naraine

SecurityWeek, Editor-at-Large

<p class="MsoNormal">Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.</p>

time icon 16:00

FIRESIDE CHAT: Building Influence and Trust: Effective Stakeholder Engagement for CISOs

A fireside chat between two cybersecurity leaders who challenge the status quo of fear-based narratives, framework-oriented discussions, and compliance-heavy metrics that often fail to resonate with business leaders. In this candid conversation, we explore practical approaches for shifting the focus to business value, using storytelling to highlight cybersecurity’s role in enabling growth and success, and building trusted relationships to elevate the CISO as a go-to member of the CEO’s team. Gain actionable insights on how to communicate more effectively, foster stronger partnerships, and advance your role as a business leader.

Chris Brown

New Cyber Executive, CISO & Executive Coach

<p>Chris Brown is an executive coach to CISOs, with decades of experience in cybersecurity leadership, including roles as CISO and executive for hire. Drawing on his deep understanding of the unique circumstances faced by CISOs, he offers an alternative to the conventional mindsets that often place undue stress and responsibility on cyber executives&rsquo; shoulders to control what they cannot.</p><p>Rather than focusing on policy and risk stances, Chris asks what businesses can achieve through the effective use of their cybersecurity leaders. Just as top executives apply their skills beyond core functions to contribute to company strategy, Chris reframes the CISO role as a potential member of the CEO&rsquo;s go-to team, supporting company-wide objectives, which serves as the foundation for their influence in cybersecurity decisions. Many CISOs, he notes, stay focused on cybersecurity operations, missing the opportunity to shape company strategy as a trusted advisor in the CEO&rsquo;s inner circle.</p><p>Chris founded New Cyber Executive to remove these barriers, providing executive coaching that helps CISOs discover their own unique path to business relevance and practical influence at the executive level. In his consulting work, he has advised Fortune 500 companies on moving beyond traditional risk management, avoiding the common trap of equating planning with strategy, and instead focusing on transforming cybersecurity engagement and culture by starting with a business mindset.</p>

Justin Dellaportas

Syniverse, CISO

<p>As Chief Information Security Officer at Syniverse, Justin Dellaportas brings with him years of cybersecurity experience and leadership. He is responsible for securing Syniverse&rsquo;s global telecommunications and enterprise messaging network and maintaining the trust of their clients around the world. Prior to Syniverse, Justin joined Nielsen in 2015 and played a pivotal role in building the Cybersecurity organization&rsquo;s people, process and technologies. Justin led the strategy and implementation of Nielsen&rsquo;s foundational cybersecurity defense platforms, generated cost savings through process improvement and also helped develop a sophisticated 24/7/365 Cybersecurity Operations Center.&nbsp; Justin&rsquo;s proven track record of maturing the cybersecurity posture of organizations, overseeing growth strategies, and creating world class teams has earned him a well respected reputation in his field. Most notably, he was recognized as an honoree for the Tampa Bay Business Journal&rsquo;s 40 under 40 award which highlights his excellence in leadership and his impactful contributions to the Cybersecurity industry. Earlier in his career, Justin was an Engineer working for global security and aerospace company, Lockheed Martin. He is trained in the planning, implementing and auditing of Critical Security Controls and in Continuous Monitoring and Security Operations from the SANS Institute. He studied Engineering at the University of Central Florida and earned a GIAC Security Essentials Certification.</p>

time icon 16:45

Networking and Exhibit Hall Connections

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

time icon 11:00

[ON-DEMAND] Staying Ahead with AI—Without the Risks: How Securing AI Becomes a Game-Changer

With the rapid growth of AI-driven innovation, many organizations are feeling the pressure to give developers free rein in AI development. However, this can lead to dangerous security blind spots. In this session, we'll explore the critical pitfalls and emerging security risks that are already impacting AI projects today. You'll gain insights into the top attack vectors targeting AI systems and we'll explore best practices and strategies to safeguard your AI development process without stifling innovation. Join us to ensure your AI initiatives remain secure in a rapidly evolving threat landscape.

time icon 11:00

[ON-DEMAND] Experience Unified SecOps with the Singularity Platform

Addressing threats across different attack surfaces is a huge challenge for organizations. The existence of data silos and disconnected tools result in analysts conducting manual investigations without complete visibility and context. To better safeguard organizations, security teams need comprehensive protection across the entire enterprise. The SentinelOne Singularity™ Platform is the first AI security platform to provide enterprise- wide visibility and protection, bringing all enterprise data together in a unified data lake to reduce risk and help protect businesses. In this real-world scenario, experience how the unified Singularity Platform enables security teams to seamlessly detect, triage, investigate, and remediate cybersecurity attacks with AI-driven techniques and automation.

time icon 11:00

[ON-DEMAND] Spectra Assure for Software Supply Chain Security

Software represents the largest under-addressed attack surface in the world, and classic AppSec tools cannot address the full scope of threats impacting the software supply chain. ReversingLabs Spectra Assure rapidly deconstructs large, complex software packages and detects threats and exposures that lead to sophisticated, widespread, and costly attacks. Have more trust in your software by empowering software producers and buyers to eliminate coverage gaps, prioritize alerts, enforce custom policies, streamline remediation, and validate build integrity.

time icon 11:00

[ON-DEMAND] Immersive Labs Demo

Build a More Cyber Resilient Organization from Store Room to Board Room With one Platform

time icon 11:00

[ON-DEMAND] 5 Minute Demo of Third-Party Risk Management

ProcessUnity for Third-Party Risk Management (TPRM) protects companies and their brands by reducing risk from third parties, vendors and suppliers. TPRM expands the scope of risk management to encompass any external party that could pose a risk to an organization, including vendors, contractors, partners and suppliers.

Event Sponsors