CISO Cloud Summit | November 11-13, 2018 | Westin Kierland Resort & Spa - Scottsdale, AZ, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Sunday, November 11, 2018 - CISO Cloud Summit

12:00 pm - 5:00 pm

Golf Tournament

Optional Activities

 

12:00 pm - 6:00 pm

Registration & Greeting

 

5:30 pm - 6:30 pm

Summit Networking Happy Hour

 

6:30 pm - 8:30 pm

Welcome Dinner and Panel

The Next Phase of Digital Transformation

Today's digital technologies quickly become commodities, and adoption of emerging technologies provides only temporary edge and differentiation. To stay ahead, you must think bigger and take bigger risks. Do not make the technologies themselves the focal point, but the profound business transformations they make feasible.

 

8:30 pm - 9:30 pm

After Dinner Networking

 

Monday, November 12, 2018 - CISO Cloud Summit

7:15 am - 8:00 am

Registration and Networking Breakfast

 

8:00 am - 8:10 am

Welcome Address and Opening Remarks

 

8:10 am - 8:45 am

Keynote Presentation

Security's Place in Enterprise Risk Management

While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.

Takeaways:

  1. Just because information security is an aspect of enterprise risk doesn't mean that the CISO needs to take a back seat position
  2. Enterprise risk is defined by the business but needs to be quantified by an expert; CISOs bring risk quantification expertise to the table
  3. The end goal is not about fiefdoms and ownership, it is about improving enterprise value and success; maintaining focus is essential

 

8:50 am - 9:25 am

Keynote Presentation

Knowing Is Half the Battle - Protecting Applications & Their Sensitive Data

Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality - not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol. 

A real-time, embedded solution like Prevoty's runtime application self-protection (RASP) changes the game completely. Prevoty places an automated security mechanism at the front of the line - directly in the application's operating environment - to immediately lower risk and act as a compensating control at runtime. 

As such, Prevoty-enabled enterprises see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Prevoty RASP detects live production attacks and generates real-time security event longs and reports. Security teams can then correlate pre-production vulnerability scan results with Prevoty's runtime attack logs to go back, remediate based on actual risk - not just hypothetical threats. The result? Improved forensics.

 

9:30 am - 10:05 am

Keynote Presentation

Digital Transformation: A Journey Not a Destination 

There are many forces that are driving companies to continue to transform how they do business. Technological advances such as IoT, AI, machine learning, virtual reality and augmented reality are creating demanding expectations from customers, employees and boards. Adding to the complexity of CIOs and CISOs is the increasing threats to the security of the data that is at the heart of digital transformation. This keynote presentation will focus on the realities that this transformation will never end and it is critical to implement both the mindset and processes to treat digital transformation as a journey...not a destination. 

Takeaways:  

  1. It is critical to realize that digital transformation will never end, but will always be unfolding. 
  2. CIOs and CISOs must implement processes to ensure that not only their departments are forward thinking, but that their entire company is aware of what new technologies can bring to bear for customers and employees.

 

 

10:15 am - 10:40 am

Executive Exchange

 

Think Tank

Shifting Security LEFT

Migrating operational aspects of the Software Supply Chain to the left ensures that concerns are represented as design constraints before they represent too much burden, debt or complexity. For security practitioners, shifting left is a complete nirvana because it represents the opportunity to see better security in products sooner. Essentially, security becomes a design constraint. The shift-left paradigm is also consistent with messaging that requires security to be built into software instead of being bolted on.

 

10:45 am - 11:10 am

Executive Exchange

 

Thought Leadership

Identity and the New Age of Enterprise Security

From a technology standpoint, the world of business has gone through two distinct stages in the evolution of its information security focus. The first addressed network-based protection and preventive controls such as firewalls and anti-virus. The second looked at data-centric and detective controls such as encryption and intrusion/extrusion monitoring. As breaches continue to occur at a record pace, what is needed today is a new evolution, one that pushes towards individual-focused security through granular user monitoring and management as provided by solutions such as Identity and Access Management. While IAM isn't a new technology field, it is one whose time has come and CISOs need to begin investing in modern-day, lightweight, easy to implement IAM solutions now to stay ahead of the curve, and to reduce enterprise threats

 

11:15 am - 11:40 am

Executive Exchange

 

Thought Leadership

The Connected Worker & the Enterprise of Things

The smartphone is the primary communication and computing device for many of today's consumers. This dependency on mobile devices will translate into a majority of enterprise computing outside of traditional PC computing. This will have the greatest impact with on campus (non-office-based) and off campus mobile workers who are becoming increasingly connected by rich real time communications powered by mobile applications running on wearable devices such as smart glasses. The rise of IoT in the enterprise, or the Enterprise of Things, will allow these workers to instantly connect with assets in the field to gain immediate understanding of the situation around them. 

This session will explore the impact that these connected workers and endpoints will have on your enterprise and its ability to drive growth. Attendees will also learn security concerns that come with these new tools and how to best address them.

 

11:45 am - 12:10 pm

Executive Exchange

 

Thought Leadership

Machines Are Friends Not Foes: Using Cognitive Computing to Assess Threats

Popular movies, books and television shows typically position advanced technology as a threat to humanity and all we hold dear. Yet Cognitive Computing technologies such as Artificial Intelligence (AI), Machine Learning (ML), Natural Language Processing and Augmented Reality (AR) are helping CIOs and CISOs make better decisions faster. We will discuss how Cognitive Computing can help us navigate the acceleration of activity and decisions that we are experiencing on our Digital Transformation journeys. 

Takeaways: 

  1. New Cognitive Computing Technologies can be unnerving and difficult to trust
  2. Used properly, Cognitive Computing Technologies such as AI, ML and AR can provide data to humans in such a way to enable us to better prioritize the decisions we must make and make those decisions more effectively
 

12:15 pm - 1:30 pm

Networking Luncheon and Panel

Charging Ahead: Speeding Up Transformation Through Disruption

Disruption alters, destroys, but also creates value. You realize the need to act once revenue starts to shift, which is happening at a faster pace than most would think. Disruption can be a great thing if you act upon it, but it's a threat if you watch idly. We will discuss how CIOs and CISOs can be proactive and act on disruption by figuring out how to identify, prioritize and respond.

 

1:35 pm - 2:00 pm

Executive Exchange

 

Executive Boardroom

Year of the Defender - Cybersecurity Predictions for 2018 

Cybersecurity dominated the news cycle in 2017. There were headlines about viral ransomware, global destructive wipers posing as ransomware, leaks of spy tools from U.S. intelligence agencies, and breaches at major companies.  

What does 2018 hold in store for the defenders? Come discuss the largest security trends Cybereason researchers have identified for 2018.

 

 

2:05 pm - 2:30 pm

Executive Exchange

 

Executive Boardroom

Big Data Analytics - A Fundamental Shift

We have moved from an information-poor to an information-rich society. Practically unlimited availability of data, computing, networking, and socio-mobile connectivity are fundamentally altering our world. In particular, they are enabling businesses to become more effective and efficient by using big data analytics - collecting all relevant data and automating their processing to drive decision-making. This represents a fundamental shift from traditional business analytics where limited amount of structured data is batch-processed to produce standard Business Intelligence reports. We will assess the current state of big data analytics, technology and business trends, and their enormous implications to the future of all businesses. 

Takeaways: 

  1. How Big Data analytics is different from traditional business analytics  
  2. What businesses are getting out of big data analytics  
  3. Why Big Data analytics will become critical to every business
 

2:35 pm - 3:00 pm

Executive Exchange

 

Think Tank

Designing a Digital Workplace: Balancing Security with Effectiveness

Employees are consumers of digital technologies such as IoT, AR and VR. The plethora of mobile devices has enabled them to work where they want and when they want which has raised the bar on employee expectations for tools and capabilities from their employers. In order for companies to retain the best and get the most out of their employees, it is vital to design and continually update the digital workplace. We will discuss the current trends as well as share case studies of successful digital workplace implementations including how to deal with the inherent security risks of expanded accessibility to company resources.

 

3:05 pm - 3:30 pm

Executive Exchange

 

Executive Boardroom

Navigating Security and Risk In a Changing IT Landscape

Agile, DevOps, containers, microservices, the cloud are all seeing increased adoption across the enterprise. But, while there are valid business reasons to embrace these new models, there is potential risk in implementation. Is this change necessary? If so, how can this change be accommodated effectively, safely? This session will cover some common elements of the risk of change - and of not changing - and suggest approaches to minimize risk as you adopt these new technologies. 

Takeaways: 

  1. The IT Landscape will continue to change leading to new processes, new technologies and new "standard" ways of doing IT business 
  2. This changing Landscape will present security challenges where you will need to balance the "pain of same" vs the "pain of change"
 

3:35 pm - 4:00 pm

Executive Exchange

 

Executive Boardroom

The Evolution of Cyber Crime - A New Approach to Risk is Critical

Evolution never stops. This is most evident in the world of cyber crime. Threats constantly mutate, technology progresses and the lines of responsibility blur. Protecting against new forms of attack requires experience of how criminals change their methods. Defenders must use intelligence on adversaries and understand the vulnerabilities of their organization to build a picture of the situation.

 

4:05 pm - 4:30 pm

Executive Exchange

 

Think Tank

AI and ML: Using Emerging Technologies to Reinforce Security Defense Efforts

Artificial Intelligence (AI) and Machine Learning (ML) both have the capability to greatly improve upon security decision making and incident pattern recognition. CISOs can improve upon being able to recognize exploits and weaknesses within their network by using the advancements of these technologies. With hackers using AI and ML to create malware, adopting these technologies to stay ahead of advanced threats has become a matter of high importance.

 

4:35 pm - 5:00 pm

Executive Exchange

 

Thought Leadership

Enabling a Business-First Network: The Emerging Solution for a Cloud-First Enterprise

As enterprises continue to adopt cloud infrastructure and applications, exploding traffic levels and changing traffic patterns are driving them to re-evaluate their WANs. The WAN is a key enabler in transforming businesses to the new digital economy, but the current WAN infrastructure based on conventional routers was not designed for the cloud. To keep branch offices protected from threats, all web-bound traffic is backhauled to headquarters-based security services, which negatively impacts cloud application performance. As a result, enterprises are faced with architectural complexity, inconsistent application performance, and security challenges for applications and users.

 

5:05 pm - 5:35 pm

Executive Visions

Securing the Human Factor

The biggest fear is not the technology, it is the mistakes made by the people using the technology that could potentially lead to a cyberattack. The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. Most also agree that they will not be able to reduce the level of employee disregard for information security. How do we guard against human error without limiting employee efficiency and productivity?

 

6:00 pm - 7:00 pm

Summit Happy Hour

 

7:00 pm - 8:30 pm

Networking Dinner and Panel

From the War Room to the Board Room; Communication is the Key

Digital transformation is changing how you equip your employees and how your company interacts with customers. It is also changing the role of the CIO and CISO to be a business leader and internal sales leader for transformation. CIOs are now responsible for communicating strategies and recommendations to CxOs, boards and key stakeholders within a company. Join us, during dinner, for a passionate panel discussion with your peers as they share how they are successfully communicating internally to accomplish the company's goals.

 

8:30 pm - 10:00 pm

After Dinner Networking

 

Tuesday, November 13, 2018 - CISO Cloud Summit

7:45 am - 8:35 am

Networking Breakfast

 

8:40 am - 8:45 am

Welcome and Opening Remarks

 

8:45 am - 9:20 am

Keynote Presentation

CIOs & CISOs: One Foot on the Gas & One Foot on the Brake?

CIOs are facing increasing pressure to guide their companies to rapidly adopt new technologies and solutions to keep their companies competitive in their industry. CISOs are facing increasing pressure to keep their company and its data safe and secure from all threats. Without great vision and cooperation these goals can appear to be at cross purposes. 

Takeaways: 

  1. CIOs and CISOs are both facing pressures that could seem to be at cross purposes. 
  2. CIOs and CISOs must work very closely together to accomplish both their individual organizational goals but also the overarching company goals to thrive.
 

9:25 am - 10:00 am

Keynote Presentation

Addressing Privacy on a Global Scale

Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.

Takeaways:

  1. Privacy is one of the most challenging issues for any business and CISO to address
  2. The difference in regulations between and among European countries (both those in and out of the EU itself) and North American ones means traversing a fraught landscape
  3. A strong approach to privacy that addresses global differences is essential to being a stable and viable global business
 

10:10 am - 10:35 am

Executive Exchange

 

Executive Boardroom

Watching the Watchers: What Happens When Your Security Provider Compromises Your Network?

The 2017 M.E. Docs cyberattack that crippled hundreds of companies crafted blueprints for hijacking a vendor by targeting and attacking clients through trusted vendor partners. These events herald a new generation of supply chain-based attacks that pit vendor and client against each other as they struggle to navigate co-managed risk mitigation and the resulting consumer, regulatory and legal backlash. 

In 2018, eSentire detected and mitigated an exploit that targeted a key remote administration tool relied upon by a multitude of managed security service firms. This exploit was used to deliver a dangerous payload to their client base. In this talk, Mark Sangster will provide frameworks for assessing your vendors' cyber resilience and discuss building a trusted supply chain through co-managed cybersecurity programs, open communication and event notification, and proactive contractual obligations. 

Learning Objectives:  

  1. Understand how to navigate co-managed risk mitigation when working with a vendor. 
  2. Build and utilize a framework to assess your vendors' cyber resilience.
  3. Understand the indicators of compromise and detection mechanisms needed to proactively detect and mitigate exploits that target vendors. 
  4. Explore the real-time forensics data and disruption capabilities of Endpoint security through real-world attacks.
 

10:40 am - 11:05 am

Executive Exchange

 

Executive Boardroom

Knowing Your Network: Tracking Your Assets in the Age of Machine-Speed Attacks

In this talk, we will discuss how attackers have begun conducting Internet-scale attacks at machine speed by leveraging new scanning technologies. Qadium will present examples of how new classes of perimeter exposures are creating new risks, and data on global Internet trends.

 

11:10 am - 11:35 am

Executive Exchange

 

Executive Boardroom

Zero Trust Privilege for the Modern Threatscape

As traditional network perimeters dissolve, organizations must discard the old model of "trust but verify" which relied on well-defined boundaries. Zero Trust mandates a "never trust, always verify, enforce least privilege" approach to privileged access, from inside or outside the network. Zero Trust Privilege helps organizations grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, organizations minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity and costs for the modern, hybrid enterprise.

 

11:40 am - 12:05 pm

Executive Exchange

 

Executive Boardroom

How Analytics Disrupted the NPM Market and What's Next

It is no secret that the IT landscape is evolving rapidly, creating new challenges for IT organisations. Megatrends such as mobility, desktop virtualisation, ransomware, the Internet of Things and the software-defined datacentre all demand that IT organisations operate smarter and are equipped with real-time insights into what is happening in their environments. However, legacy IT monitoring products have not kept pace with these changes, leaving enterprises with a hodgepodge of niche tools designed for the paradigms of decades past. Left without a means to cut through increasing complexity, IT teams struggle to achieve key outcomes. 

This session will discuss: 

  • How the network is the richest source of data.  
  • How the network has become the common denominator tying everything together during digital transformation. 
  • How organisations are able to mine the communications between devices for real-time insights and data-driven operation.  
  • How your wire data can be used strategically within your IT ecosystem. 

This session will offer a clear understanding of how your organisation can unlock the hidden value in your networks, discovering, observing, and analyzing every digital interaction as it occurs.

 

12:10 pm - 12:35 pm

Executive Exchange

 

Think Tank

Which "Friends" Do I Trust? Realities of 3rd Party Risk

It is not a matter of if, but a matter of when. Organizations, more and more, and are outsourcing business activities to 3rd-parties because of cost-savings, revenue opportunities, expertise, etc. Thus collaborating with our business partners early to select the right 3rd-party vendor(s) with the appropriate security posture is essential, especially for vendors hosting, processing and/or transmitting sensitive/regulatory information, or having access to our IT assets.

 

12:40 pm - 1:05 am

Executive Exchange

 

Think Tank

Navigating Security and Risk In a Changing IT Landscape

Agile, DevOps, containers, microservices, the cloud are all seeing increased adoption across the enterprise. But, while there are valid business reasons to embrace these new models, there is potential risk in implementation. Is this change necessary? If so, how can this change be accommodated effectively, safely? This session will cover some common elements of the risk of change - and of not changing - and suggest approaches to minimize risk as you adopt these new technologies.

 

1:05 pm - 1:10 pm

Closing Remarks


 

1:10 pm - 1:45 pm

Grab & Go Luncheon