Stream One Chair

Stream Two Co-Chair

4:25pm - 5:25pm

Panel: Broadening and Deepening the Talent Pool to Attract and Retain Our Future Leaders

Linda Marcone

Linda Marcone

CISO

Crate & Barrel

  • How do we make Information Security career opportunities compete with other technically demanding, highly responsible roles?
  • Demonstrating that understanding you people as individuals with their own career goals and versions of work-life balance that can be catered to beyond one-size-fits-all approaches improves every Talent Management metric
  • Highlighting the opportunities we still have as Security professionals to further develop and encourage women to rise into senior leadership positions within our organizations
  • Showcasing companies that are finding success with new ideas and innovations in this area. What can other organizations learn from their experience and apply to their own efforts?
5:25pm - 6:00pm

Panel: Securing the Future: Navigating Cybersecurity Challenges in the Era of Remote and Hybrid Work

6:00pm - 7:00pm

7:30am - 8:15am

8:15am - 8:20am

Opening Remarks and Important Announcements

8:20am - 8:30am

Chair’s Welcome Address

8:30am - 9:05am

AI is the Game-Changer We Must Embrace as We Reinvent How Security Professionals Work

Phil Venables

Phil Venables

VP, Google, Chief Information Officer, Cloud

Google

  • Making the business case that CIOs and CISOs have long needed exactly the increased capabilities AI is now offering, and we have a responsibility to be on the leading edge of these new tools
  • How is AI eliminating human error and bias to provide real-time guidance for CISOs, CIOs, and their teams?
  • Demonstrating how AI is automating the mundance and freeing up our people for higher value activities, saving on headcount and improving productivity and retention while costing less
  • Remembering that AI is also empowering new and emerging threats. How are we preparing ourselves and our organizations for an AI-enabled threatscape?
9:05am - 9:40am

Staying Ahead of the Regulatory Curve: Compliance is the Starting Point, Not the Finish Line

Nasrin Rezai

Nasrin Rezai

Chief Information Security Officer

Verizon

  • Offering an overview of how the regulatory environment evolves, which factors drive change, and why being proactive and exceeding expectations will always offer a return on the additional investment
  • If we could start over and create our Compliance requirements and the behaviors that deliver it from a blank sheet of paper, what would that look like? What ambitions from that mental exercise can we apply to our real-world best practices?
  • Clarifying responsibilities and opening up lines of communication, coordination, and collaboration between the different stakeholders so everyone is doing what they need to do
  • Creating and maintaining a mechanism to ensure management is engaged, accountable, and able to react quickly to unexpected events
  • Discussing examples of what we ‘must do’ versus what else we can do with reference to specific real-world requirements
9:45am - 10:20am

Batman on a Beach, Einstein, and AI Robots

  • Hear the current state of security (spoiler alert it’s still bad). Understand how infrastructure, the surge in cybercrime, and attackers’ use of AI are affecting the threat landscape
  • Explore how a transition from a best-of-breed to a best-of-platform approach can streamline your portfolio, enhance visibility, and mitigate risks
  • Assess your company’s readiness for AI. Unveil its potential while also examining compliance challenges associated with this emerging technology
  • Learn how Microsoft leverages AI through Microsoft Copilot to simplify complexity, catch what others miss, and strengthen your team’s expertise
9:45am - 10:20am

How AI will Disrupt Cybersecurity for Both Security Professionals and Bad Actors

  • Cutting through the noise around AI innovation to talk about what is working right now, and what is coming soon
  • Examining strategies to leverage AI to help identify and mitigate threats faster
  • Debating what security standards should look like for responsible AI deployment
  • Thinking about AI opportunities from the perspective of threats. How are bad actors going to use these tools, and what can we do about it?
10:25am - 12:05pm
  • 10:30 am – 10:50 am: Meeting Slot 1/Networking
  • 10:55 am – 11:15 am: Meeting Slot 2/Networking
  • 11:20 am – 11:40 am: Meeting Slot 3/Networking
  • 11:45 am – 12:05 pm: Meeting Slot 4/Networking

These mutually agreed-upon conversations are arranged and facilitated by Executive Platforms staff to ensure attendees have valuable discussions about their top-of-mind questions, challenges, and opportunities.

12:10pm - 12:45pm

Risk Management is About Making Informed Decisions

Eric Smith

Eric Smith

VP, Chief Information Security Officer

TD Bank

  • How should security professionals best keep informed about new and emerging threats, evolving regulatory requirements, and the tools, tactics, and technologies needed to keep our organizations safe?
  • Applying a logical, understandable framework to how we prioritize where to spend our time and resources is the underpinning of any good risk management strategy. What comes next, and how do you update your risk-management policies as a living document that remains clear, concise, and actionable?
  • Detailing the role third-parties, industry allies, government agencies, and other like-minded and mutually interested organizations have in building a mutually reinforcing security ecosystem where risks are identified and mitigated both individually and collaboratively
  • Preparing and training for contingency plans, rapid response plans, business continuity plans, and other disaster and crisis management plans with all the relevant teams and leaders as part of a robust, resilient risk management strategy
12:10pm - 12:45pm

Cybersecurity Scope Creep: Choosing and Winning Our Battles

Linda Marcone

Linda Marcone

CISO

Crate & Barrel

  • Acknowledging that if everything is a priority, nothing is a priority. How do we make informed decisions about where to put out energies?
  • Discussing how the role of information security professionals is changing, and making the case that we have a major say in what new roles and responsibilities should be coming onto our plates
  • Taking a proactive role in growing the skillsets, competencies, experience, and expertise of the people we are relying upon to lead our organizations safely into the future
  • Flipping the fear of scope creep around for a moment: How do we want the role of a security leader within our organizations to evolve, and what are we doing individually and as a community of professionals to get there?
12:45pm - 1:45pm

Explore this year’s themed lunch discussions led by industry leaders, where executives engage in focused conversations over a meal, discussing topics they’re passionate about alongside their peers.

Data Privacy as the Top Priority

Omar Valerio

Omar Valerio

CIO / CTO

Westminster Christian School

Getting the Most Out of IaaS Now and in the Future

Best Practices and New Ideas to Optimize IPS and IDS Strategies

Understanding Social Engineering to Stay One Step Ahead of Bad Actors

Making Zero Trust Work for a Busy, Complicated, Diverse User Group

Why Does Security Culture Become Complacent, and What Can We Do About It?

1:45pm - 2:20pm

Aligning Our Cybersecurity Strategy and Risk Management with Our Business Objectives

Gary Harbison

Gary Harbison

Global Chief Information Security Officer

Johnson & Johnson

  • Protecting our company is not a static position or a preset gameplan, which means we need to have the flexibility and capacity to go where our business is going
  • Staying connected with the big picture and senior decision-makers of the company to allow cybersecurity planning and processes to adjust organically with the larger organization
  • Leveraging your operating model to support the business as it grows and optimizes its footprint and processes
  • Reflecting our company’s values of customer-centricity and continuous improvement as we build and maintain the systems that ensure the safety and security that allow our business to deliver on those values
2:25pm - 3:00pm

Application Data Security: New Technology Means New Attack Surfaces

  • AppSec throughout the software development lifecycle is not an afterthought. How are you working with developers to bake data security into every stage of their work?
  • Exploring how the proliferation of new tools and technologies create new vulnerabilities, and finding the commonalities among those potential threats to better mitigate risk
  • Remembering that good security should be something the user understands, buys into, and does not try to skip or workaround for the sake of workflow. Are you keeping people in mind as you build you AppSec?
  • Illustrating successful Application Data Security programs based on real-world examples with key takeaways for out InfoSec professions
2:25pm - 3:00pm

Fortify Your Network Through the Convergence of Networking and Security

Executive to be Announced

Fortinent

  • From software to infrastructure to endpoints to cloud, how are you identifying and mitigating risk? How much visibility do you when a vulnerability corrected in one instance might apply elsewhere?
  • Illustrating how AI-powered security services and tools in a unified platform are redefining what is possible in terms of network security
  • Demonstrating that integration and automation mutually reinforce one another to secure networks
  • Highlighting success stories and offering best practices from real-world examples and case studies
3:05pm - 4:15pm
  • 3:05 pm – 3:25 pm: Meeting Slot 5/Networking
  • 3:30 pm – 3:50 pm: Meeting Slot 6/Networking
  • 3:55 pm – 4:15 pm: Meeting Slot 7/Networking

These mutually agreed-upon conversations are arranged and facilitated by Executive Platforms staff to ensure attendees have valuable discussions about their top-of-mind questions, challenges, and opportunities.

4:20pm - 4:55pm

Building and Keeping the Team We Need to Succeed in a Competitive, Disruptive Environment

Vinny Hoxha

Vinny Hoxha

Chief Information Security Officer

McKesson

  • Acknowledging InfoSec as a career path requires very specific kinds of people who are also being pitched other opportunities. How are we getting and holding onto the next generation’s attention?
  • Coordinating with other leaders, including Human Resources professionals, to built a talent management system that treats each of our people as an individual whose specific wants and needs from their employer are understood and built into their career plan
  • Creating opportunities for people to grow personally and professionally as part of their job in alignment with their ambitions, their goals, and how they see work-life balance
  • Where else is the ‘New Normal of Work’ going to take us, and what should we be doing to get our organizations out in front of the trends to be an employer of choice?
4:55pm - 5:30pm

Effectively Communicating Our Wants, Needs, Issues, and Ideas to Non-Subject Matter Experts

Jeffry Northrop

Jeffry Northrop

Chief Information Officer, Mars Wrigley North America

Mars Inc

  • Starting at the Top: How should CIOs and CISOs inform and engage with the Board and the C-Suite with clarity? What do they need to understand about our work and our perspective on the important issues we are all facing?
  • Offering new ideas and improved best practices to navigate the transversal nature of security matters and the pressing need for the CISO and their teams to work across departments and silos
  • Connecting what we do to ROI so all the stakeholders and shareholders who want quantifiable metrics can see the value of our proactive day-to-day efforts
  • At what stage in an InfoSec professional’s career does technical expertise also need a firm grounding in communication skills? Are we doing enough to prepare our rising Top Talent for the leadership positions of tomorrow?
5:30pm - 5:35pm

Chair’s Closing Remarks

5:35pm

7:30am - 8:25am

8:25am - 8:35am

Chair’s Opening Remarks

8:35am - 9:10am

Decoding Threat Intelligence

Sherrod DeGrippo

Sherrod DeGrippo

Director, Threat Intelligence Strategy

Microsoft

  • Diving into the current trends, threat actors, and techniques shaping today’s digital risk environment
  • Learning how to create a proactive, intelligence-led security strategy to stay ahead of emerging threats
  • Exploring how AI tools and machine learning enhance threat detection, prediction, and response times
  • Discovering the benefits and challenges of collaborating with industry partners to share real-time threat intelligence data
  • Gaining insights on translating threat intelligence into actionable steps that enhance incident response and mitigation efforts
9:10am - 9:45am

Organization-Wide Security Culture: Fostering Technical Literacy and Security Consciousness

Michael Elmore

Michael Elmore

SVP & Global Chief Information Security Officer

GSK

  • How can we make security everyone’s business, and why do security cultures become complacent over time?
  • What can organizations with robust security cultures do that their competitors cannot? Making the business case that the time and effort for Continuous Improvement on this issue will generate a sustained and ongoing ROI
  • Exploring effective ways to teach Information Security best practices to people who are not tech savvy. Can upskilling as part of workforce development be an avenue to improved technical literacy and safety consciousness?
  • Examining ways to create and sustain digital trust across your organization. It requires leadership to set an example, and it also needs to celebrate good actors at all levels
9:50am - 10:25am

A CISO’s Guide to the AI Threatscape

Michael Rogers

Michael Rogers

CISO / Director Information Security and Compliance

Hormel Foods

  • Offering an overview of how we are seeing attackers adopt and deploy AI. What can we be doing to get ahead of future risk?
  • Illustrating the opportunities CISOs have to learn not just from responding to cyber events, but also recovering from them
  • Collaboration and communication can be the key to meeting this challenge: We should share what we are seeing with one another, because there is no competitive advantage in letting bad actors learn from attacking us one at a time in isolation
  • Giving examples of forward-thinking tactics to build an ideal cyber resilience framework based on our experience so far
9:50am - 10:25am

New Ideas and Emerging Issues to Secure Our Endpoints and Manage Mobile Devices

Cassie Crossley

Cassie Crossley

VP, Supply Chain Security

Schneider Electric

  • Reviewing of the current state of affairs when it comes to securing our endpoints and especially mobile devices, especially in the ‘New Normal of Work’ where some of our most important people may be working in hybrid and remote working environments
  • Incorporating technical debt into our calculations and justifications for what it costs to maintain and advance our security posture
  • Striking a balance between hardware, software, and training to enhance our current security systems and processes against current and future threats
  • Remembering Social Engineering is a huge vulnerability. What are we doing to make our users’ experience safe and secure even from their own carelessness?
  • Taking good examples from industry leaders in this space. What do they have in common that we can apply quickly and easily to our own IT/OT networks?
10:25am - 11:15am
  • 10:30 am – 10:50am: Meeting Slot 8/Networking
  • 10:55am – 11:15am: Meeting Slot 9/Networking

These mutually agreed-upon conversations are arranged and facilitated by Executive Platforms staff to ensure attendees have valuable discussions about their top-of-mind questions, challenges, and opportunities.

11:20am - 11:55am

Threat Exposure Management: Learning from What Works and What Does Not

  • What do we know about how and why bad actors choose their targets, and how has that changed over time?
  • Building threat exposure management into existing risk models. What should our companies’ senior leadership understand about the security implications of some of their business decisions?
  • Walking through examples of organizations that have applied specific threat exposure mitigation strategies. What is the most effective, and why?
  • Discussing the power of collaboration between companies, across industries, and with government and third-party organizations to better address the issue of threat exposure
11:20am - 11:55am

The Right IAM for Your Organization? Understanding the Pros and Cons of Identity Technologies and Access Management

  • How is Identity and Access Management keeping up with the current and emerging demands of both users and security professionals?
  • What are the services and solutions available in this space today, and what are the right questions you should be asking to make informed decisions for your organization?
  • Incorporating IAM into a larger, interlocking security strategy to reinforce the larger whole
  • Avoiding complacency while maintaining usability through regular reviews and incremental updates as the best way to strike a balance and remain forward-looking in your IAM policies
12:00pm - 12:35pm

Futureproofing Your Data Loss Prevention Strategies

Abie John

Abie John

Chief Information Security Officer

Halliburton

  • Summarizing past examples of DLP to find the commonalities between the threats, the exploited vulnerabilities, and the missed opportunities to prevent the data loss. How can this inform what we are doing now and what we need to do on an ongoing basis?
  • Thinking beyond the tools and technologies of today to talk about policies, training, and strategies that will remain relevant no matter the hardware or software involved in the future
  • Building DLP awareness into the day-to-day activities and understanding of everyone who engages with an organization’s data
  • Attaching a dollar-value to DLP as a way to build a business case for proactive measures and to demonstrate ongoing ROI from successes that otherwise would fly under the radar
12:00pm - 12:35pm

Scaling Our Security as Our Company Grows

Richard Nolan

Richard Nolan

Deputy CISO

Biogen

  • How do organizations that are rapidly growing or expanding into new markets maintain and enhance their security infrastructure as they scale?
  • Avoiding the temptation to change horses midstream. Change should be through frequent iteration rather than dramatic transitions to avoid dangerous disruptions
  • Examining the common challenges and opportunities InfoSec leaders can expect during M&A activities
  • Giving easy wins and low-hanging fruit to take what works locally and translate it into organization-wide best practices during the wider change management already underway
12:35pm - 1:35pm

Explore this year’s themed lunch discussions led by industry leaders, where executives engage in focused conversations over a meal, discussing topics they’re passionate about alongside their peers.

In-Depth Risk Assessments: What Do We Want Know But Are Afraid to Hear?

Cyber-Resilience in the Age of Disruption

Going Above and Beyond on PHI Compliance and Security

1:35pm - 2:10pm

Data Governance as the Foundation for All Our Data Strategies

  • Clarifying the difference between different types of data, different types of users, and how this dictates Data Governance decision-making
  • Establishing a robust Data Governance Framework with strategies for defining clear ownership, roles, and responsibilities in managing how data is collected, processed, stored, and shared
  • Making our organization’s Data Governance policies time-agnostic by building them on principles and values rather than specific tools or requirements and examples of the moment
  • What is the Gold Standard of Data Governance? Which organizations embody that system the best, and what can the rest of us take from their example?
1:35pm - 2:10pm

The Power of Communication and Collaboration to Bring Partners and Suppliers into the Same Security Ecosystem

  • What can a security ecosystem do collectively that its individual entities would not be able to do on their own?
  • Building a community of like-minded organizations who will mutually benefit from sharing resources and information requires both leadership and a way to reach consensus. What does that look like in real terms?
  • Reviewing examples where large companies have used their value chain and service- and solution-providers as members of a security collective, and then comparing and contrasting that to a network based on opt-in equal partners. What are the pros and cons of both?
  • Who is doing good work in this space right now, and do we think all organizations are going to have to join a larger collective at some point in the future?
2:15pm - 2:50pm

Panel: Looking Forward: Where Will Information Security be in Ten Years, and What are We Doing to Get There?

  • Reviewing how our profession has already evolved and changed since the start of our careers. How will we continue to evolve and grow into the future?
  • Discussing the threats we all face, the responsibilities we all must shoulder, and how we are building the teams and business competencies necessary to meet the challenges of today and tomorrow
  • How should we better communicate, collaborate, and consolidate our best ideas so we all succeed?
2:50pm - 3:00pm

Chair’s Closing Remarks

Agenda Day Filter
Agenda Session Type Filter

Sessions From Previous Years

Download The Agenda PDF

"*" indicates required fields

Are you a delegate or sponsor?*

By completing and submitting this form, you agree to receive marketing emails from Executive Platforms Inc. You can opt-out at any time by utilizing the unsubscribe link provided at the bottom of each email. All data collected will be handled in accordance with our Privacy Policy and Terms of Use.

2024 Summit Floorplan

Sign Up For Our Newsletter

"*" indicates required fields

Are you a delegate or sponsor?*

By completing and submitting this form, you agree to receive marketing emails from Executive Platforms Inc. You can opt-out at any time by utilizing the unsubscribe link provided at the bottom of each email. All data collected will be handled in accordance with our Privacy Policy and Terms of Use.