Please note all times are local, Mountain Daylight Time

16 June, 2024


5:00 pm - 6:10 pm

ROOM 2

WELCOME DAY SPECIAL CONTENT

Panel Discussion: Women in Security
  • Creating a purpose-driven strategy that makes an impact as our organization grows and nurtures a diverse workforce
  • Understanding the leader’s role as a force to shape and demonstrate corporate culture, and to serve as a catalyst for equality and inclusion
  • Sharing typical challenges faced by corporations when trying to promote diversity in the workforce
  • Illustrating the importance of today’s leaders building up and supporting the next generation our organizations will need for the future. What does that look like on a day-to-day basis?
  • Offering examples of strong and effective mentorship programs in onboarding, cross-training, job shadowing, and continuing education that make the difference

Hazleena Hashim
Chief Information Officer
Natural Habitat Adventures

Melanie Roush
Digital & IT VP – Infrastructure and CISO
Parker-Hannifin Corporation

Jennifer Franks
Director, Center for Enhanced Cybersecurity
US Government Accountability Office

6:15 pm - 7:30 pm

Welcome Drinks Reception

17 June, 2024


7:30 am - 8:15 am

Registration & Breakfast

8:15 am - 8:20 am

Opening Remarks and Important Announcements

8:20 am - 8:30 am

Chair’s Welcome Address

8:30 am - 9:05 am

The Past, Present, and Future of Cybersecurity Leadership
  • What factors are driving the evolution of the CISO role?
  • Why isn’t security at the top of anyone else’s agenda?
  • Navigating the transversal nature of security matters and the pressing need for the CISO and their teams to work across corporate silos
  • Emphasizing the importance of building trust with support functions, business units, business partners and suppliers
  • How can we as the security industry pivot away from “talking about things” onto “getting things done”?

Jerry Geisler
SVP & Chief Global Information Security Officer
Walmart

9:05 am - 9:40 am

Managing Your Insider Risk Program
  • Emphasizing the balance between employee privacy and company security
  • Prioritizing collaboration across functions and the importance of shared goals with clear measures of success
  • Engaging employees with data protection and compliance training
  • Utilizing emerging new insider risk management tools with adaptive security capabilities that can detect risky activities and mitigate potential impact

Bret Arsenault
Corporate VP and Chief Information Security Officer
Microsoft

9:45 am - 10:20 am

WORKSHOP

ROOM 1

Navigating the Challenges of Security in Serverless
  • Does spending less time thinking about infrastructure mean neglect for important security concepts?
  • Understanding why it is more essential to focus on security when developing and deploying serverless applications
  • Diving into the important questions if you’re going serverless
  • Demonstrating what an insecure serverless environment looks like, including how quickly a small vulnerability can lead to huge data loss

9:45 am - 10:20 am

WORKSHOP

ROOM 2

Never Let a Good Crisis Go to Waste: A Ransomware Case Study
  • Highlighting the importance of designating key decision-makers for handling crises before they happen
  • Getting comfortable making critical decisions during a ransomware attack without a lot of data
  • How a crisis allowed for more effective implementation of security changes

10:25 am - 12:05 pm

Pre-Arranged One-to-One Meetings
  • 10:30 am – 10:50 am: Meeting Slot 1/Networking
  • 10:55 am – 11:15 am: Meeting Slot 2/Networking
  • 11:20 am – 11:40 am: Meeting Slot 3/Networking
  • 11:45 am – 12:05 pm: Meeting Slot 4/Networking

12:10 pm - 12:45 pm

CASE STUDY ROOM 1

DATA MANAGEMENT

How Good Data Security Practices Drive Data Governance
  • Exploring key strategies to enable effective data stewardship, support innovation, and automate compliance while moving at the speed of the cloud
  • Gaining complete visibility into your data repositories
  • Ensuring scalability as you continue to generate exponential volumes of data
  • Implementing cloud-managed environments to handle innovations and new workloads

Kostas Georgakopoulos
Chief Technology Officer & Chief Information Security Officer
Mondelez International

12:10 pm - 12:45 pm

CASE STUDY ROOM 2

SECURITY STRATEGY

Why Should You Care About the Big Bad Threat Actors?
  • Who is responsible for navigating cyber security in a digitally driven world?
  • Exploring ways to create and sustain digital trust across your organisation by making it everyone’s business
  • Understanding how the impacts of changing technology have far-reaching impacts on the integrity of your organisation
  • The importance of connectivity: How your cyber team, c-suite and every employee need to work hand in hand to drive positive results

Kirsten Davies
Chief Information Security Officer
Unilever

12:45 pm - 1:45 pm

Overflow Lunch Seating

12:45 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Security Concerns for CISOs and How to Address Them

Josh Serba
Chief Information Officer
AHC+ Hospitality

12:45 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Cybersecurity and the Board: Strategies for Alignment

DeWayne Hixson
CISO
Bass Pro

12:45 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Driving Real Value Through AppSec Processes and Tech

Jeremy Schumacher
SVP, IT & Security
Cadent, LLC

12:46 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Innovate, Integrate, Influence: Tools for Effective Leadership

Mike Phillips
CISO
Cheniere Energy

12:46 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Building a Positive Security Culture

Michael McLaurin
Director of Global Cybersecurity
CoStar Group

12:46 pm - 1:45 pm

THEMED LUNCH DISCUSSION

How To Implement Data Governance In The Consumer Space

Ashiq Ahamed
Global CIO
Destination Auto Group

12:47 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Lessons Learned: Failing Forward

Rick Rampersad
Chief Information Officer
Early Learning Coalition of Hillsborough County

12:47 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Securing the Resources You Need to Succeed in a Crowded and Noisy Business Environment

Brandon Carter
Sr. Cybersecurity Specialist
Enviromental Protection Agency

12:47 pm - 1:45 pm

THEMED LUNCH DISCUSSION

How to Maximize ICS to Boost Efficiency and Data Management

Joseph Welch
Chief Information Officer
Fort Wayne City Utilities

12:48 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Securing Legacy Assets After M&A Activities

Leo Howell
Interim Vice President of Information Technology and Chief Information Officer
Georgia Tech

12:48 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Reinvigorating Long-Established and Too Comfortable Processes, Protocols, and Procedures

David Mullenix
Vice President, IT
JPI

12:48 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Cybersecurity in a High-Churn Workforce

Andrew Cook
Information Technology Security Manager
Milos Tea Company

12:49 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Software Security in the Supply Chain

Tom Shock
Head of Information Security
Shepherd Electric Supply

12:49 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Challenges of Adversarial AI in Cybersecurity

Omar Valerio
CIO / CTO
Westminster Christian School

12:49 pm - 1:45 pm

THEMED LUNCH DISCUSSION

Risk Management that Avoids the ‘Everything is Crucial so Nothing is Crucial’ Conundrum

1:45 pm - 2:20 pm

Defining Your Strategy for Agility and Resilience in Uncertain Times
  • Effectively balancing increasing volume, variety and speed of security and risk decisions
  • Assessing and transforming security programs to become digital business enablers
  • Preparing for continuous change in the technology and threat landscape
  • Overcoming barriers in organizational culture, resources and talent to grow and scale your digital initiatives

Taylor Lehmann
Director, Office of the CISO
Google

2:25 pm - 3:00 pm

WORKSHOP

ROOM 1

Driving Real Value Through AppSec Processes and Tech
  • Dissecting the efficacy of tools like SAST, DAST, and SCA; or processes like Threat Modeling and Pen Testing
  • Addressing issues with these tools and processes through thoughtful exchange and actionable insights
  • Challenging assumptions regarding long-accepted processes
  • Sharing perspectives and gathering understanding through the experiences of CISOs

2:25 pm - 3:00 pm

WORKSHOP

ROOM 2

Incorporating Threat Modeling into Cybersecurity Risk Assessments
  • How can threat modeling enhance your organization’s cybersecurity posture? Why is it important to incorporate it into existing risk management frameworks?
  • Identifying common challenges in integrating threat modeling into risk assessments
  • Understanding the STRIDE and DREAD methodologies for threat modeling and how to prioritize and mitigate risks using a risk matrix
  • Gaining insights into best practices for conducting successful risk assessments, including identifying and evaluating risks based on likelihood and impact

3:05 pm - 4:15 pm

Pre-Arranged One-to-One Meetings
  • 3:05 pm – 3:25 pm: Meeting Slot 5/Networking
  • 3:30 pm – 3:50 pm: Meeting Slot 6/Networking
  • 3:55 pm – 4:15 pm: Meeting Slot 7/Networking

4:20 pm - 4:55 pm

CASE STUDY STREAM 1

DATA MANAGEMENT

New Data Governance and Cyber Resiliency Standards for Healthcare
  • Exploring why traditional vulnerability management approaches are limited in effectiveness in healthcare organizations
  • Strategies for establishing standardized baseline cybersecurity controls to protect patient data and care
  • Understanding the landscape of healthcare’s attack ecosystem and highlighting some of the common pitfalls

Allison Miller
Chief Information Security Officer & SVP, Global Cybersecurity Office
Optum Inc., United Health Group

4:20 pm - 4:55 pm

CASE STUDY STREAM 2

SECURITY STRATEGY

Why Your Cyber Resilience Strategy Should Be Intelligence-Led
  • Designing a holistic and pragmatic cyber resiliency strategy to manage cyber risk and drive business value
  • How to develop your strategy to ensure it is aligned with your business strategy
  • Incorporating key aspects such as legal, compliance, and risk management to enable a return on investment
  • Discussing how intelligence and the frontline experience should be leveraged within your organization

Cynthia Kaiser
Deputy Assistant Director, Cyber Division
Federal Bureau of Investigation (FBI)

4:55 pm - 5:30 pm

Prevent, Detect, and Respond: Finding and Fixing Flaws
  • Why increased security sometimes starts with developer competency in a developing environment or a growth period
  • Exploring ways of managing and maintaining your attack surface
  • Learning from actionable, practical response processes from major organizations that have been there, done that, and come out on the other side

Gary Harbison
Global Chief Information Security Officer
Johnson & Johnson

5:30 pm - 6:05 pm

Achieving a Dominant Cybersecurity Posture in the Digital Economy
  • Digital Transformation as an imperative to protect the homeland from the nation’s adversaries
  • Accelerating cloud migration to enhance war fighting effectiveness
  • Deploying a high-degree of automation to improve defensive capabilities across agencies
  • Zero Trust adoption as a federal priority and its implications for the industry at large

David McKeown
Deputy DoD CIO for Cybersecurity/Chief Information Security Officer
United States Department of Defense

6:05 pm - 6:10 pm

Chair’s Closing Remarks

6:10 pm - 7:10 pm

Drinks Reception

6:30 pm

Executive Dinners

18 June, 2024


7:30 am - 8:25 am

Registration & Breakfast

7:45 am - 8:20 am

ROOM 2

BREAKFAST WORKSHOP

Combating Data Loss and Insider Risk
  • Moving beyond legacy data loss prevention approaches
  • Managing insider threats and risks in your organization
  • Increasing visibility across multiple channels to accelerate incident response

8:25 am - 8:35 am

Chair’s Opening Remarks

8:35 am - 9:10 am

A CISO’s Guide to the AI Threatscape
  • Why should CISOs care about not only responding to cyber events, but also recovering from them?
  • How we are seeing attackers adopt and deploy AI now and ways to get ahead of future risk
  • Balancing the good and bad of Generative AI in your businesses: Efficiency VS risk
  • How CISOs should prepare moving forward and ensure your teams are ready through upskilling and adequate education
  • Key strategies for building an ideal cyber resilience framework

Brent Conran
Chief Information Security Officer, GM Infrastructure
Intel Corporation

9:10 am - 9:45 am

Ensuring a Sustainable Open-Source Ecosystem through Innovation
  • Understanding new requirements coming from the US government around software supply chain
  • How are we working towards effectively finding and mitigating vulnerabilities in software?
  •  Assessing, auditing, and enhancing your open-source security

Mark Ryland
Director, Amazon Security
Amazon

9:50 am - 10:25 am

CASE STUDY ROOM 1

DATA MANAGEMENT

Fireside Chat: Meeting Data Security Challenges in the Age of Digital Transformation
  • Looking into the ways that which data can be stolen, corrupted, or compromised in some way now and in the future
  • Understanding how modern requirements for securing data have grown beyond most enterprises’ capacity to meet them
  • Discussing the acceleration of digital transformation and the ways in which this phenomenon has upended how data security works
  • Strategies for applying new, more effective security controls

Vinny Hoxha
Chief Information Security Officer
General Motors

9:50 am - 10:25 am

CASE STUDY ROOM 2

SECURITY STRATEGY

Fireside Chat: The Best Security Offense is a Good Defense
  • Guarding potential new attack surfaces caused by growing digitization across operations
  • Exploring emerging concerns around attacks enabled by the growing availability of generative AI tools
  • Collaborating with everyone at the national, state, and local levels to test and trial scenarios leading up to a national event to ensure preparation
  • Constantly focusing on maximizing visibility and assessing threats
  • Working towards maximum visibility into networks and creating multiple layers of defense

Tomás Maldonado
Chief Information Security Officer
National Football League

10:25 am - 11:15 am

Pre-Arranged One-to-One Meetings
  • 10:30 am – 10:50 am: Meeting Slot 8/Networking
  • 10:55 am – 11:15 am: Meeting Slot 9/Networking

10:40 am - 11:15 am

EXHIBITION HALL

FOCUS GROUP

Clean Room as a Service

Tyrone Grandison
Chief Technology Officer – App Innovation, Infrastructure, and Security – GISVs & Digital Natives
Microsoft

10:40 am - 11:15 am

EXHIBITION HALL

FOCUS GROUP

Navigating SEC Regulation Updates

Arve Kjoelen
CISO
McAfee

10:40 am - 11:15 am

EXHIBITION HALL

FOCUS GROUP

The Hybrid Office and Cyber Security Protection in the New Normal

Andrew Stanley
CISO & VP Global Digital Operations
MARS

11:20 am - 11:55 am

Defending Global Institutions from Supply Chain Cyber Risks
  • Learning how supply chain cyber risks pose unacceptable risk levels to supply chain operations to the and how we can proactively mitigate
  • Gaining a better understanding of both short and long term impacts that supply chain cyber risks pose across the value chain
  • Taking a deep dive into real-world data to understand the magnitude of potential issues and how vulnerable some of the most critical industries are

Gene Sun
Corporate Vice President, Chief Information Security Officer and Risk Mangement
FedEx Corporation

12:00 pm - 12:35 pm

CASE STUDY STREAM 1

DATA MANAGEMENT

Governing Generative AI: Safeguarding the Wnterprise Without Stifling Exploration
  • Identify Stakeholders: Identify key stakeholders which may include developers, researchers, policymakers, ethicists, legal experts, affected communities, and end-users to Ensure diverse representation.
  • Establish Clear Policy:  Define clear objectives and principles guiding the development, deployment, and use of generative AI systems that articulates ethical guidelines, legal requirements, and best practices to address concerns such as bias, privacy, security, and accountability.
  • Assess Risk: Conduct comprehensive risk assessments to identify potential hazards, vulnerabilities, and impacts unique to generative AI systems such as the potential for misuse, amplification of biases, or creation of misleading content.
  • Enforce Governance: Implement mechanisms for monitoring, auditing, and enforcing compliance with established policies.
  • Engage Stakeholders: Facilitate stakeholder engagement throughout the governance process, including consultation, collaboration, and feedback mechanisms and encourage participation from diverse stakeholders to ensure inclusivity and responsiveness to varied perspectives and concerns.
  • Promote  Accountability: Establish mechanisms for accountability, including traceability of decisions, attribution of responsibility, and avenues for redress in case of harm or errors.
  • Educate and Train: Provide education and training programs to enhance understanding of generative AI technologies, governance principles, and ethical considerations among stakeholders. Equip developers, users, and decision-makers with the knowledge and skills necessary to navigate ethical dilemmas, assess risks, and implement responsible practices.

Jeff Northrop
Chief Information Security Officer, Mars Petcare
Mars Inc

12:00 pm - 12:35 pm

CASE STUDY STREAM 2

SECURITY STRATEGY

Building Culture Bridges in Information Security and Cyber
  • Understanding how navigating across cultures is essential to the success of any cyber initiative
  • Determining which practices lead to long-term change for you and your organization
  • Exploring areas such as international relations, the IT/OT gap, public/private partnerships, and diversity issues

Dave Estlick
Chief Information Security Officer
Chipotle, Inc.

12:35 pm - 1:35 pm

Overflow Lunch Seating

1:35 pm - 2:10 pm

Network-Embedded Security: Securing Connections for Everyone
  • How AT&T is using advanced cybersecurity services that are embedded into the network to combat the rising number of cyber-attacks
  • Why network-embedded security offers a more robust defense by actively detecting and mitigating threats faster and more effectively than many options available today
  • Discussing how businesses small to large can be thinking about their cyber defenses in the future

Rich Baich
SVP, Chief Information Security Officer
AT&T

2:15 pm - 2:50 pm

Panel: The Business of Global Talent
  • Placing diversity and inclusivity at the core of everything you do
  • Breaking new ground and finding new ways of managing the holistic talent life cycle, enabled by advanced technology
  • Forging partnerships across the business to attract a new generation of talent from outside the core cyber function
  • Using internal, external and unconventional talent pools to build and develop a sustainable global talent pipeline

Eric Smith
VP, US CISO
TD Bank

Matt Conner
Chief Information Security Officer
Westinghouse Electric Corporation

2:50 pm - 3:00 pm

Chair’s Closing Remarks