2025 Agenda

download Agenda PDF

June 1st

3:45 pm

Badge Pick Up

4:25 pm - 5:25 pm WELCOME DAY SPECIAL CONTENT: PANEL

Panel: Broadening and Deepening the Talent Pool to Attract and Retain Our Future Leaders

Catrena Slaughter

Chief Information Security Officer – Mars Wrigley

Mars

Linda Marcone

CISO

Crate & Barrel

Christian Adam

Chief Information Security Officer - Managing Director - Digital Assets

BNY

Neil Daswani

Co-Director, Stanford Advanced Security Program

Stanford University

Session Details

How do we make Information Security career opportunities compete with other technically demanding, highly responsible roles?
Demonstrating that understanding your people as individuals with their own career goals and versions of work-life balance that can be catered to beyond one-size-fits-all approaches improves every Talent Management metric
Highlighting the opportunities we still have as Security professionals to further develop and encourage women to rise into senior leadership positions within our organizations
Showcasing companies that are finding success with new ideas and innovations in this area. What can other organizations learn from their experience and apply to their own efforts?

5:25 pm - 6:00 pm WELCOME DAY SPECIAL CONTENT: PANEL

Panel: Looking Forward: Where Will Information Security Be in 10 Years, AI’s Role, and What We’re Doing to Get There?

Nathan Wright

CISO

Textron

Eric Pickersgill

Chief Information Security Officer

FINRA

Param Vig

SVP , Chief Information Security Officer

Solventum

Session Details

Itemizing what has changed in terms of the threatscape, workload, and security mentality of people working in different environments from day-to-day
Identifying and mitigating new vulnerabilities and risks
Are there some positives in a distributed workforce that we can capitalize upon further by recognizing and reinforcing them?
Discussing best practices to collaborate with HR and department heads to make changing working conditions an opportunity to improve our organization’s capabilities and behaviors
Offering key takeaways based on our experiences with these issues to date that other information security professionals can apply to their own work

6:00 pm

Drinks Reception

June 2nd

Stream 1 Chair

Tomás Maldonado

Chief Information Security Officer

National Football League

Stream 2 Co-Chair

Executive To Be Announced

7:30 am - 8:15 am

registration & breakfast

8:15 am - 8:20 am

Opening Remarks and Important Announcements

8:20 am - 8:30 am

Chair’s Welcome Address

Tomás Maldonado

Chief Information Security Officer

National Football League

8:30 am - 9:05 am KEYNOTE

The State of the CISO: Leading in the Age of AI-Powered Threats and Defenses

Phil Venables

VP - Google / Chief Information Security Officer - Google Cloud

Google

Session Details

CISOs on the Front Lines: CISOs face increasing pressure daily due to sophisticated cyber threats and the rise of artificial intelligence (AI). the current challenges CISOs face in building resilient and secure organizations
Adopting AI Tools: CISOs must rapidly adopt and assess AI security tools to help organizations identify threats faster, reduce repetitive tasks, and enhance team expertise
Benefits of AI-powered Security: Examples of tangible benefits organizations gain from embracing AI-driven security solutions will be shared
Key Considerations for CISOs: Guidance on evaluating, deploying, and managing AI security tools to strengthen defenses will be provided
The Importance of Strong Relationships: The value of strong relationships between CISOs, the C-suite, and the board of directors will be emphasized as crucial for successful security transformations

9:05 am - 9:40 am KEYNOTE

Enabling Resilient, Secure Critical Infrastructure - What is the Right Balance and How Do You Achieve It

Nasrin Rezai

Chief Information Security Officer

Verizon

Session Details

Offering an overview of threat landscape and impacts to critical infrastructure
Evolution of technology and impact to effective defense
How do you balance resiliency, availability and security
Zero trust in an interconnected ecosystem

9:45 am - 10:20 am Workshops

Stream One

Batman on a Beach, Einstein, and AI Robots

Executive to be Announced

Bulletproof

Session Details

Hear the current state of security (spoiler alert it’s still bad). Understand how infrastructure, the surge in cybercrime, and attackers’ use of AI are affecting the threat landscape
Explore how a transition from a best-of-breed to a best-of-platform approach can streamline your portfolio, enhance visibility, and mitigate risks
Assess your company’s readiness for AI. Unveil its potential while also examining compliance challenges associated with this emerging technology
Learn how Microsoft leverages AI through Microsoft Copilot to simplify complexity, catch what others miss, and strengthen your team’s expertise

Stream Two

How AI will Disrupt Cybersecurity for Both Security Professionals and Bad Actors

2 Workshops

Session Details

Cutting through the noise around AI innovation to talk about what is working right now, and what is coming soon
Examining strategies to leverage AI to help identify and mitigate threats faster
Debating what security standards should look like for responsible AI deployment
Thinking about AI opportunities from the perspective of threats. How are bad actors going to use these tools, and what can we do about it?

10:25 am - 12:05 pm Pre-Arranged One-To-One Meetings

These mutually agreed-upon conversations are arranged and facilitated by Executive Platforms staff to ensure attendees have valuable discussions about their top-of-mind questions, challenges, and opportunities.

10:30 am – 10:50 am: Meeting Slot 1/Networking
10:55 am – 11:15 am: Meeting Slot 2/Networking
11:20 am – 11:40 am: Meeting Slot 3/Networking
11:45 am – 12:05 pm: Meeting Slot 4/Networking

12:10 pm - 12:45 pm Case Studies

Stream One

Speeding Up Security: How AI and Machine Learning Are Revolutionizing Threat Detection and Response

Sherrod DeGrippo

Director, Threat Intelligence Strategy

Microsoft

Session Details

Diving into the current trends, threat actors, and techniques shaping today’s digital risk environment
Learning how to create a proactive, intelligence-led security strategy to stay ahead of emerging threats
Exploring how AI tools and machine learning enhance threat detection, prediction, and response times
Discovering the benefits and challenges of collaborating with industry partners to share real-time threat intelligence data
Gaining insights on translating threat intelligence into actionable steps that enhance incident response and mitigation efforts

Stream Two

Why Security Metrics Suck and How to Make Them Better

Michael Rogers

CISO / Director Information Security and Compliance

Hormel Foods

Session Details

Many security metrics are disconnected from business objectives, making them difficult to interpret and act upon
Metrics often focus on the quantity of events (e.g., number of attacks blocked) instead of the actual effectiveness or business impact
Too many metrics and inconsistent definitions lead to confusion and “analysis paralysis,” hindering effective action
Use metrics not just for reporting but to provide context, insights, and opportunities for ongoing learning and strategy refinement
Focus on a small set of actionable metrics that link to business outcomes and standardizing definitions across teams for clarity and consistency

12:45 pm - 1:45 pm THEMED LUNCH DISCUSSIONS

Explore this year’s themed lunch discussions led by industry leaders, where executives engage in focused conversations over a meal, discussing topics they’re passionate about alongside their peers.

Getting the Most Out of IaaS Now and in the Future

Making Zero Trust Work for a Busy, Complicated, Diverse User Group

Understanding Social Engineering to Stay One Step Ahead of Bad Actors

Why Does Security Culture Become Complacent, and What Can We Do About It?

Fortifying the Perimeter: Mitigating Physical Security Threats in the Age of Cyber Risks

Leading Across the Generations in Cybersecurity

Data Privacy as the Top Priority

1:45 pm - 2:20 pm KEYNOTE

From Response to Recovery: Strengthening Organizational Resilience Against Cyber Threats

Garima Maheshwari

Vice President, Information Security and Risk Management, Business Information Security Officer

Johnson & Johnson

Session Details

Protecting our company is not a static position or a preset gameplan, which means we need to have the flexibility and capacity to go where our business is going
Staying connected with the big picture and senior decision-makers of the company to allow cybersecurity planning and processes to adjust organically with the larger organization
Leveraging your operating model to support the business as it grows and optimizes its footprint and processes
Reflecting our company’s values of customer-centricity and continuous improvement as we build and maintain the systems that ensure the safety and security that allow our business to deliver on those values

2:25 pm - 3:00 pm Workshops

Stream One

Application Data Security: New Technology Means New Attack Surfaces

Session Details

AppSec throughout the software development lifecycle is not an afterthought. How are you working with developers to bake data security into every stage of their work?
Exploring how the proliferation of new tools and technologies create new vulnerabilities, and finding the commonalities among those potential threats to better mitigate risk
Remembering that good security should be something the user understands, buys into, and does not try to skip or workaround for the sake of workflow. Are you keeping people in mind as you build you AppSec?
Illustrating successful Application Data Security programs based on real-world examples with key takeaways for out InfoSec professions

Stream Two

Fortify Your Network Through the Convergence of Networking and Security

Matt Fryer

CISO Architect and Field CTO

Fortinent

Session Details

From software to infrastructure to endpoints to cloud, how are you identifying and mitigating risk? How much visibility do you when a vulnerability corrected in one instance might apply elsewhere?
Illustrating how AI-powered security services and tools in a unified platform are redefining what is possible in terms of network security
Demonstrating that integration and automation mutually reinforce one another to secure networks
Highlighting success stories and offering best practices from real-world examples and case studies

3:05 pm - 4:15 pm Pre-Arranged One-To-One Meetings

3:05 pm – 3:25 pm: Meeting Slot 5/Networking
3:30 pm – 3:50 pm: Meeting Slot 6/Networking
3:55 pm – 4:15 pm: Meeting Slot 7/Networking

4:20 pm - 4:55 pm KEYNOTE

Fireside Chat: Building Trust from the Inside Out: Transitioning to a Zero Trust Security Model

Tim Crothers

SVP, Global Cyber Defense & Security Engineering

United Health Group

Session Details

Acknowledging InfoSec as a career path requires very specific kinds of people who are also being pitched other opportunities. How are we getting and holding onto the next generation’s attention?
Coordinating with other leaders, including Human Resources professionals, to built a talent management system that treats each of our people as an individual whose specific wants and needs from their employer are understood and built into their career plan
Creating opportunities for people to grow personally and professionally as part of their job in alignment with their ambitions, their goals, and how they see work-life balance
Where else is the ‘New Normal of Work’ going to take us, and what should we be doing to get our organizations out in front of the trends to be an employer of choice?

4:55 pm - 5:30 pm KEYNOTE

Adapting to Change: What Leaders Can Learn from a Historic CPG Merger

Jeffry Northrop

Chief Information Officer, Mars Wrigley North America

Mars Inc

Session Details

Cybersecurity Integration: Ensure that security protocols and risk management strategies are unified across both organizations to avoid vulnerabilities during the merger process.
Data Protection and Privacy: Prioritize compliance and safeguard customer and corporate data by aligning privacy policies across merged entities.
Risk Management in Transition: Implement continuous monitoring and robust risk assessments to mitigate potential security threats arising from system integrations.
Building a Resilient Security Culture: Foster a culture of cybersecurity awareness among employees to ensure ongoing protection during organizational changes and beyond.

5:30 pm - 5:35 pm

Chair’s Closing Remarks

Tomás Maldonado

Chief Information Security Officer

National Football League

5:35 pm

Drinks Reception

June 3rd

7:30 am - 8:25 am

registration & breakfast

8:25 am - 8:35 am

Chair's Welcome Address

Tomás Maldonado

Chief Information Security Officer

National Football League

8:35 am - 9:10 am KEYNOTE

Futureproofing Your Data Loss Prevention Strategies

Abie John

Chief Information Security Officer

Halliburton

Session Details

Summarizing past examples of DLP to find the commonalities between the threats, the exploited vulnerabilities, and the missed opportunities to prevent the data loss. How can this inform what we are doing now and what we need to do on an ongoing basis?
Thinking beyond the tools and technologies of today to talk about policies, training, and strategies that will remain relevant no matter the hardware or software involved in the future
Building DLP awareness into the day-to-day activities and understanding of everyone who engages with an organization’s data
Attaching a dollar-value to DLP as a way to build a business case for proactive measures and to demonstrate ongoing ROI from successes that otherwise would fly under the radar

9:10 am - 9:00 am KEYNOTE

Organization-Wide Security Culture: Fostering Technical Literacy and Security Consciousness

Michael Elmore

SVP & Global Chief Information Security Officer

GSK

Session Details

How can we make security everyone’s business, and why do security cultures become complacent over time?
What can organizations with robust security cultures do that their competitors cannot? Making the business case that the time and effort for Continuous Improvement on this issue will generate a sustained and ongoing ROI
Exploring effective ways to teach Information Security best practices to people who are not tech savvy. Can upskilling as part of workforce development be an avenue to improved technical literacy and safety consciousness?
Examining ways to create and sustain digital trust across your organization. It requires leadership to set an example, and it also needs to celebrate good actors at all levels

9:50 am - 10:25 am Case Studies

Stream One

Building a Robust Cybersecurity Governance Framework: Strategies for Success

Nate Vanderheyden

Deputy Chief Information Security Officer

Morgan Stanley

Session Details

Clarifying the difference between different types of data, different types of users, and how this dictates Data Governance decision-making
Establishing a robust Data Governance Framework with strategies for defining clear ownership, roles, and responsibilities in managing how data is collected, processed, stored, and shared
Making our organization’s Data Governance policies time-agnostic by building them on principles and values rather than specific tools or requirements and examples of the moment
What is the Gold Standard of Data Governance? Which organizations embody that system the best, and what can the rest of us take from their example?

Stream Two

Roadmap for a Secure Cyber Future

Cynthia Kaiser

Deputy Assistant Director, Cyber Division

Federal Bureau of Investigation (FBI)

Session Details

Discover strategies for fostering stronger partnerships and aligning responsibilities across key stakeholders
Gain insights into overcoming obstacles and driving innovation in the ever-changing cybersecurity landscape
Learn how to prepare for and adapt to emerging trends and priorities in cybersecurity strategy

10:25 am - 11:15 am Pre-Arranged One-To-One Meetings

10:30 am – 10:50am: Meeting Slot 8/Networking
10:55am – 11:15am: Meeting Slot 9/Networking

11:20 am - 11:55 am Workshops

Stream One

Threat Exposure Management: Learning from What Works and What Does Not

Session Details

What do we know about how and why bad actors choose their targets, and how has that changed over time?
Building threat exposure management into existing risk models. What should our companies’ senior leadership understand about the security implications of some of their business decisions?
Walking through examples of organizations that have applied specific threat exposure mitigation strategies. What is the most effective, and why?
Discussing the power of collaboration between companies, across industries, and with government and third-party organizations to better address the issue of threat exposure

Stream Two

The Right IAM for Your Organization? Understanding the Pros and Cons of Identity Technologies and Access Management

Session Details

How is Identity and Access Management keeping up with the current and emerging demands of both users and security professionals?
What are the services and solutions available in this space today, and what are the right questions you should be asking to make informed decisions for your organization?
Incorporating IAM into a larger, interlocking security strategy to reinforce the larger whole
Avoiding complacency while maintaining usability through regular reviews and incremental updates as the best way to strike a balance and remain forward-looking in your IAM policies

12:00 pm - 12:35 pm Case Studies

Stream One

Adversity as a Teacher: How Cross-Industry Learnings Can Guide Your Security Evolution

Eric Smith

VP, Chief Information Security Officer

TD Bank

Session Details

Embracing Cross-Industry Insights: Learn how security practices from other industries can help shape innovative strategies for addressing new and emerging threats
Turning Adversity Into Opportunity: Explore how challenges and setbacks can drive improvement, innovation, and resilience in your security posture
Adapting to Change: Understand how diverse industry experiences can help CISOs pivot quickly in response to fast-evolving cyber threats, ensuring agility in security operations
Collaborative Risk Management: Discuss the power of building cross-industry networks and knowledge-sharing forums to enhance security resilience and preparedness

Stream Two

Cybersecurity Scope Creep: Choosing and Winning Our Battles

Linda Marcone

CISO

Crate & Barrel

Session Details

Acknowledging that if everything is a priority, nothing is a priority. How do we make informed decisions about where to put out energies?
Discussing how the role of information security professionals is changing, and making the case that we have a major say in what new roles and responsibilities should be coming onto our plates
Taking a proactive role in growing the skillsets, competencies, experience, and expertise of the people we are relying upon to lead our organizations safely into the future
Flipping the fear of scope creep around for a moment: How do we want the role of a security leader within our organizations to evolve, and what are we doing individually and as a community of professionals to get there?

12:35 pm - 1:35 pm

Excutive Lunch Seating

1:35 pm - 2:10 pm Case Studies

Stream One

New Ideas and Emerging Issues to Secure Our Endpoints and Manage Mobile Devices

Cassie Crossley

VP, Supply Chain Security

Schneider Electric

Session Details

Reviewing of the current state of affairs when it comes to securing our endpoints and especially mobile devices, especially in the ‘New Normal of Work’ where some of our most important people may be working in hybrid and remote working environments
Incorporating technical debt into our calculations and justifications for what it costs to maintain and advance our security posture
Striking a balance between hardware, software, and training to enhance our current security systems and processes against current and future threats
Remembering Social Engineering is a huge vulnerability. What are we doing to make our users’ experience safe and secure even from their own carelessness?
Taking good examples from industry leaders in this space. What do they have in common that we can apply quickly and easily to our own IT/OT networks?

Stream Two

The Power of Communication and Collaboration to Bring Partners and Suppliers into the Same Security Ecosystem Richard Nolan Richard Nolan

Richard Nolan

Deputy CISO

Biogen

Session Details

What can a security ecosystem do collectively that its individual entities would not be able to do on their own?
Building a community of like-minded organizations who will mutually benefit from sharing resources and information requires both leadership and a way to reach consensus. What does that look like in real terms?
Reviewing examples where large companies have used their value chain and service- and solution-providers as members of a security collective, and then comparing and contrasting that to a network based on opt-in equal partners. What are the pros and cons of both?
Who is doing good work in this space right now, and do we think all organizations are going to have to join a larger collective at some point in the future?

2:15 pm - 2:50 pm KEYNOTE

Navigating the Evolving Cyber Threat Landscape: Challenges and Strategies

Executive to be Announced

United States Department of Defense

Session Details

Identifying and understanding the forces driving change in the cyber threat landscape
Offering new ideas and best practices in Risk Management and proactive policies to get in front of vulnerabilities and other challenges
Itemizing the needs and wants our organizations need in terms of resources, people, tools, and technologies to best position ourselves for success
How do we communicate, collaborate, and coordinate with other business leaders?
Illustrating everything we are discussing based on real-world examples, and discussing which takeaways we can apply elsewhere

2:50 pm - 3:00 pm