Boston CISO Executive Summit

November 30, 2022 | The Westin Copley Place, Boston

November 30, 2022
The Westin Copley Place, Boston

Collaborate with your peers

Get together with Boston's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Elevating the security practice and CISO role into strategic partners who manage cyber risk

Maturing IAM roadmaps and infrastructure to become more resilient against evolving demands

Evolving traditional approaches and technologies in response to the expanding attack surface

Boston CISO Governing Body

The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Kevin Brown


Javed Ikbal

Bright Horizons

Larry Jarvis

Iron Mountain Inc
SVP, Chief Information Security Officer

Holly Ridgeway

Citizens Financial Group
Chief Security Officer

Ravi Thatavarthy

Rite Aid
Vice President & Chief Information Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Boston CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.


November 29, 2022

November 30, 2022

6:00pm - 8:30pm  Governing Body Welcome Reception

Governing Body Welcome Reception Hosted by Expel

Governing Body members host this dinner for attendees to launch the event with an evening of peer networking.

11:20am - 12:05pm  Breakout Session

The Four Dimensions of Building a Solid Security Program

Andy Ellis headshot

Andy Ellis

Chief Security Officer

Orca Security

How do CISOs choose where to invest and whether they have the time and energy to spend on aspects of a new security program? A strong framework is essential to help evaluate the state of your security program and to identify where there are gaps in coverage. CISOs can do this by examining 4 areas: asset coverage, control comprehensiveness, risk context, and maturity continuity.

Join this session to learn:

  • How do the four building blocks work to create a solid security program
  • Why developing a security rubric is imperative
  • What a holistic view can reveal about your security program

11:20am - 12:05pm  Breakout Session

The Current and Future Cyber Insurance Climate

David Wasson headshot

David Wasson

Vice President, Professional and Cyber Practice Leader

Brown & Brown Insurance

Bobbi Bookstaver headshot

Bobbi Bookstaver

Director of Information Security

Shawmut Design and Construction

Daniel Gortze headshot

Daniel Gortze

Chief Information Security Officer


The cyber insurance application process is taking longer and has become more complicated in the last few years. Premiums are rising. Leaders from organizations big and small are questioning the value of cyber insurance.

 Join this session to discuss:

  • Perspectives on the changing cyber insurance landscape
  • Emerging carrier requirements for cyber insurance
  • Your personal cyber insurance concerns

11:20am - 12:05pm  Executive Boardroom

It Starts With People – Combating Data Loss and Insider Risk

Dennis Dayman headshot

Dennis Dayman

Resident CISO


Joe Burgoyne headshot

Joe Burgoyne

Sr. Director, Cyber Security

GE Healthcare

Sanju Misra headshot

Sanju Misra

VP, Information Security

Alnylam Pharmaceuticals

Data doesn’t move itself. People—whether they are negligent, compromised or malicious—move data in secure and risky ways. The growth in remote work from anywhere and everywhere has redefined the global security perimeter and increased the risk of insider-led data loss for organizations. At the same time, the frequency and volume of insider threats keeps rising, placing a significant burden on security teams to keep pace. Where do you start to stop insider threats?

Join this session to discuss:

  • Moving beyond legacy data loss prevention approaches
  • Managing insider threats and risks in your organization
  • Increasing visibility across multiple channels to accelerate incident response

11:20am - 12:05pm  Executive Boardroom

Accounting for Third-Party Risk in Strategic Planning

Greg Besegai headshot

Greg Besegai

Regional Director


Kevin Burns headshot

Kevin Burns



David Escalante headshot

David Escalante

Dir., Computer Policy & Sec.

Boston College

Third parties expose businesses to strategic, operational, financial, and compliance risks. Moreover, leaders have less visibility into third parties than into their own businesses. For many organizations, the pandemic exposed the fragility of the organization’s third-party network and impressed the need to flex quickly to new third and fourth parties in the extended enterprise to meet demand without increasing risk exposure.

Join this session to discuss:

  • Standardizing third-party risk management assessments to be used by business units
  • Maintaining visibility of all ongoing third-party relationships
  • Identifying and mitigating the risks of the third-party network

12:05pm - 12:35pm  Lunch Service

12:35pm - 1:10pm  Keynote

Identity, Context, and the Strategic Approach to Zero Trust

Brad Moldenhauer headshot

Brad Moldenhauer

CISO - Americas


Organizations of every size are accelerating digital transformation to become more agile — but in the process, they’re greatly expanding their attack surfaces and exposing themselves to new threats. Once-stalwart castle-and-moat security architectures built on VPNs and virtual or physical firewalls are ill-equipped to address these new challenges. IT and security teams need to rethink networking and security, moving away from perimeter-based and network-focused solutions. That’s why today’s progressive leaders are turning to zero trust.

In this session, you’ll hear:

  • What exactly is zero trust
  • The essential elements of a true zero trust solution
  • How to successfully implement a zero trust architecture across your organization

1:10pm - 1:25pm  Break

1:25pm - 2:10pm  Breakout Session

The Evolution of Board Rooms – Surviving or Thriving

Esmond Kane headshot

Esmond Kane


Steward Health Care System

Cyber-risk is here to stay and ever-increasing. After repeated wake-up calls, the Board of Directors is under pressure to add cybersecurity skills to their responsibilities, they are held accountable for cyber-risk. The SEC have even proposed new rules to force public companies to add skilled cybersecurity members to their boards, a tactic that worked 20 years ago for financial expertise. But can it work again? It’s not going to be an easy shift, corporate governance requires specialized expertise, deep operational competency, an understanding of business value and how to manage exposure to risk.

Join this session to discuss:

  • Why not all boards are created equal - what you should know around board oversight
  • What organizations are looking for in board members with a security background
  • What you can do to prepare now

1:25pm - 2:10pm  Executive Boardroom

Automation Isn’t Everything

Kevin DeLange headshot

Kevin DeLange

Vice President & Chief Information Security Officer

IGT Global

Bobbi Bookstaver headshot

Bobbi Bookstaver

Director of Information Security

Shawmut Design and Construction

When it comes to security, automation should not be the end goal; it’s simply a means to an end. While security automation is certainly an incredibly valuable tool, it is just that: a tool. So how do you identify which areas of your security operation are the best candidates for automation, and which should stay in the hands of your team (at least for now)?

During this peer-discussion you will explore:

  • Creating a framework for evaluating automation use cases
  • Whether the “single pane of glass” vision of automation is truly achievable
  • Innovative ways other CISOs have used security automation

1:25pm - 2:10pm  Executive Boardroom

Data Practices for Cyber Resilience

Ryan Baker headshot

Ryan Baker

VP of Sales, US East & Canada


Bobby Rao headshot

Bobby Rao

Global CISO

Fresenius Medical Care

Larry Jarvis headshot

Larry Jarvis

SVP, Chief Information Security Officer

Iron Mountain Inc

Jon Fredrickson headshot

Jon Fredrickson

Information Security & Privacy Officer

Blue Cross & Blue Shield of Rhode Island

In an effort to establish agility and flexibility, the modern CISO must prioritize cloud maturity while securing traditional resources in the datacenter. Yet, resiliency opportunities continue to evolve in protecting, observing, and remediating your organization's most precious data resources, regardless of where data may reside.

Join a room of your executive peers and discuss how today's CISOs:

  • Manage critical data and plan to recover it in times of cyber distress
  • Capitalize on cloud benefits, while avoiding cloud pitfalls
  • Protect and secure on-prem and cloud apps without ignoring cost

7:45am - 8:45am  Registration & Breakfast

8:45am - 9:30am  Keynote

Facing Adversity with Boston Strong Resilience

Adrianne Haslet headshot

Adrianne Haslet

Boston Marathon Bombing Survivor

Guest Speaker

Adrianne Haslet is an exemplar of resilience, a world-renowned professional ballroom dancer at the peak of her career, she was spectating the Boston Marathon when terror struck. Adrianne lost her left leg on impact, along with all hope of dancing again. Yet she pulled from the strength of the city of Boston to not only dance but finish in fourth place at the Boston Marathon this year. Adrianne shares the life lessons she had to learn and relearn with unparalleled strength over adversity.

Join Adrianne Haslet as she shares her story about:

  • Finishing the race in every corporate and personal challenge
  • Learning to face challenges with a renewed mindset
  • Facing adversity with a renewed perspective

9:30am - 10:00am  Networking Break

10:00am - 10:45am  Breakout Session

What If The Browser Was Designed For The Enterprise?

Brian Kenyon headshot

Brian Kenyon

Chief Strategy Officer


The application enterprises use the most is the browser. In fact, it has become our primary work environment, but the browser we most often use was built for consumers. So, we have surrounded it with an endless, complex and expensive stack that overwhelms your security teams and interrupts end users. But what if the browser was designed for the enterprise? What could that do for security, productivity and work itself?

Join this session to discover how an enterprise browser can:

  • Protect critical SaaS and internal web applications
  • Streamline and secure third-party contractor access and BYOD strategies
  • Give you last-mile control to protect users’ activity with critical applications and underlying data

10:00am - 10:45am  Breakout Session

New SEC Rules: Are you Prepared?

Ravi Thatavarthy headshot

Ravi Thatavarthy

Vice President & Chief Information Security Officer

Rite Aid

Javed Ikbal headshot

Javed Ikbal


Bright Horizons

Robert Sherman headshot

Robert Sherman

Chief Information Security Officer & Vice President, Information Technology

American Tower Corp

Under the new reporting rules, cybersecurity is now mission-critical for senior executives and boards of directors. The opacity of cyber risk will no longer be acceptable. We are now entering a new era —one in which governments and regulatory agencies have more oversight of cybersecurity incidents.

Join this session to discuss:

  • How to prepare your board
  • What the impacts of the new SEC ruling will have
  • How can CISOs protect themselves from liability

10:00am - 10:45am  Executive Boardroom

Navigating the Third-Party Threat Landscape

Caitlin Gruenberg headshot

Caitlin Gruenberg

Director, Risk Solutions Engineer


Robert Guay headshot

Robert Guay

Director of Emerging Security Technologies

Johnson & Johnson

Richard Walzer headshot

Richard Walzer

Chief Information Security Officer

Clean Harbors

Companies are increasingly dependent on vast networks of third parties which makes it difficult to monitor the level of exposure these risks pose to the organization. Perfect monitoring of all third parties, especially at global scale is impossible with limited resources. However, a proper third-party risk management program can be the life-saving measure your business needs when your partners are under attack.

Join this session to discuss:

  • Prioritizing your vendor inventory for assessment
  • Leveraging automation for calculating risk streamlining the review process
  • Expanding third-party risk conversations beyond cybersecurity

10:00am - 10:45am  Executive Boardroom

Manage Security Posture and Risk Across SaaS Environments

Brandon Conley headshot

Brandon Conley



Robert Sullivan headshot

Robert Sullivan

CISO, VP Technology Shared Services


Tony Parrillo headshot

Tony Parrillo

VP, Enterprise IT Global Head of Security

Schneider Electric

As the adoption of enterprise SaaS grows, high-profile SaaS application data breaches are also on the rise. CISOs are ultimately responsible for the security of their organization’s data, including access by third party applications, and must implement appropriate security settings and data governance for their environments. The challenge, the most widely used gateway architecture solutions don’t deliver visibility into the complex, unique characteristics of different SaaS applications.

Join this Boardroom to discuss:

  • How to gain immediate visibility into what data can be accessed by all types of users
  • How to build the business case for a comprehensive SaaS security program 
  • How to integrate security into the Software Development Lifecycle to improve DevSecOps

10:45am - 11:20am  Networking Break

10:50am - 11:15am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:10pm - 2:45pm  Networking Break

2:15pm - 2:40pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:45pm - 3:30pm  Breakout Session

#EpicFail — A Ransomware Choose Your Own Adventure

Lorna Koppel headshot

Lorna Koppel

Director of Information Security/CISO

Tufts University

Julie Fitton headshot

Julie Fitton

Vice President, CISO

Stanley Black & Decker

Whether it comes from across the globe or down the street, the ever-looming threat of a ransomware attack is always in the back of the IT and security executive’s mind. Get your collaborative and creative juices flowing in this gamified choose your own adventure.

In this interactive session attendees will:

  • Collaborate to identify threat responses
  • Respond to choices and forces out of their control
  • Discuss pitfalls and best practices

2:45pm - 3:30pm  Executive Boardroom

Maximizing Your Cyber Security Insurance Strategy

Neil Clauson headshot

Neil Clauson

Regional CISO

Mimecast North America

Kevin Brown headshot

Kevin Brown



David Guffrey headshot

David Guffrey

Medical Device Cybersecurity Program Manager

Mass General Brigham

The cost of cyber insurance is skyrocketing. In response to a string of high-profile attacks, record-setting ransomware numbers and government regulations, insurers are being forced to significantly increase premiums for cyber coverage. It’s not matter of “if”, it’s a matter of “when” (or even “when again?”) you’ll need protection from cyber insurance carriers.

Join this boardroom hosted by Mimecast to discuss:

  • Strategies to understand and quantify your firm’s risk and threat profile
  • Techniques to demonstrably reduce your attack surface and enhance your ecosystem of controls
  • Methods to communicate your program’s effectiveness in order to maximize cyber insurance coverage

2:45pm - 3:30pm  Executive Boardroom

User Access — Leveraging the Right Technologies

Brian Cayer headshot

Brian Cayer


Tufts Medical Center

Tony Petisce headshot

Tony Petisce

Vice President, IT Operations & Information Security Officer

Fallon Health

Michael Woodson headshot

Michael Woodson

Director of Information Security and Privacy


The path to a stronger IAM strategy lies within an agile digital system. CISOs are often challenged with keeping an entire company up to date, as well as identity-related breaches and core business operations being interrupted - but easy to use technology (when leveraged correctly) can be a game changer.

Join this boardroom to discuss:

  • What the essentials are for building an efficient IAM system
  • The challenges faced when protecting a hybrid workforce environment
  • Readying your staff when adopting a user access program

3:30pm - 3:45pm  Networking Break

3:45pm - 4:20pm  Keynote

Building for the Future — How CIOs and CISOs are Winning Together

Robyn Ready headshot

Robyn Ready

Chief Information Security Officer

Ascena Retail Group Inc

Jaap van Riel headshot

Jaap van Riel



The CIO and CISO roles are evolving to become customer-facing, revenue-driving, and cost-saving experts. While these terms may have different meanings to every organization, the basic goal remains the same — to better serve customers and the business without increasing risks.

Join CISO Robyn Ready and CIO Jaap van Riel, with ascena Retail Group to hear how they navigate:

  • Working collaboratively and achieving more even when they have conflicting paths
  • Risk reduction and increased velocity of business change
  • Fostering a growth mindset while ensuring Security, Privacy, and Compliance don’t lose ground

4:20pm - 4:50pm  Closing Reception & Prize Drawing

5:30pm - 10:00pm  Social Experience

Governing Body Summit Celebration

Stay after the summit to catch a Boston Celtics game! Transportation to and from TD Garden will be provided, starting at 5:30pm. 

November 29, 2022

November 30, 2022

We look forward to seeing you at an upcoming in-person gathering


Venue & Accommodation

The Westin Copley Place, Boston

A block of rooms has been reserved at the The Westin Copley Place, Boston at a reduced conference rate. Reservations should be made online or by calling 617-262-9600. Please mention Evanta Executive Summit to ensure the appropriate room rate.

Deadline to book using the discounted room rate of $289 USD (plus tax) is November 7, 2022.

Your Community Partners

CISO Thought Leader
Key Partners
Program Partners

Community Program Manager

For inquiries related to this community, please reach out to your dedicated contact.

Spencer Bisgaard

Program Manager