IN-PERSON

Boston CISO Executive Summit

May 30, 2024 | Westin Copley Place

May 30, 2024
Westin Copley Place

Collaborate with your peers

Get together with Boston's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Establish security's critical role in protecting and advancing the business through AI adoption

Advance business growth and modernization through solid budgeting and prioritization

Improve and Achieve Operational Resilience

Boston CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Kevin Brown

SAIC
SVP, CISO

Julie Fitton

Analog Devices
CISO

Javed Ikbal

Bright Horizons
VP/CISO

Tony Parrillo

Schneider Electric North America
VP, Enterprise IT Global Head of Security

Bobby Rao

Fresenius Medical Care
Global CISO

Ravi Thatavarthy

Rite Aid
Chief Information Security Officer

Michael Woodson

Sonesta
Director of Information Security and Privacy

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Boston CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


May 30, 2024

7:45am - 8:30am  Registration & Breakfast

8:30am - 9:15am  Keynote

Remarkable Resilience - Tools for Combating Toxic Stress & Burnout

Sheila Hamilton headshot

Sheila Hamilton

Mental Health Thought Leader and Author of "All the Things We Never Knew"

Guest Speaker

Today’s CISOs face daunting challenges. As the business leader in charge of adding value to the company, finding the right talent and inspiring technology innovation, there’s an incredible amount of pressure. It’s no surprise that CISOs are experiencing burnout at unprecedented rates. While taking care of employees is important, how can CISOs make sure they are taking care of themselves to help make their careers sustainable while maintaining a sense of well-being? 

Join this keynote to explore:

  • Evidence-based strategies that can help alleviate burnout
  • How to recognize the signs and symptoms of toxic stress and burnout
  • How to remain engaged, energized, and focused during turbulent times


9:15am - 9:40am  Networking Break

9:40am - 10:25am  Breakout Session

The Resilient CISO - Benchmarking Your Well-being

Sheila Hamilton headshot

Sheila Hamilton

Mental Health Thought Leader and Author of "All the Things We Never Knew"

Guest Speaker

In the ever-challenging world of cybersecurity, CISOs are in a state of stress and hypervigilance.  But your humanity matters now more than ever. Now is the time to explore new strategies to maintain your well-being so you can so you can remain a resilient leader.

Join this interactive benchmarking session to dive deeper into:

  • How stress is really impacting your life
  • Your body/mind maintenance
  • Small everyday habits that can make a big difference

9:40am - 10:25am  Breakout Session

Endpoint, Cloud and the Board — Identifying Risk that Matters

Corey Smith headshot

Corey Smith

Vice President of Solution Architects

Qualys

Prioritizing and eliminating the cyber risks that matter most is the ultimate goal of security leaders. But how do you validate that your efforts are hitting the mark? It all comes down to well-crafted measurements: metrics that are reliable and easily understood by all stakeholders across the business.

In this session, we will discuss:

  • Cybersecurity risk assessment essentials and which risks truly carry weight
  • Concrete approaches to determine effectiveness of security capabilities
  • Creating simple "metric cards" to communicate across stakeholders


9:40am - 10:25am  Executive Boardroom

Yesterday’s Shadow IT and Today’s Shadow AI

Lior Yaari headshot

Lior Yaari

CEO and Co-Founder

Grip Security

Esmond Kane headshot

Esmond Kane

CISO

Steward Health Care System

Robyn Ready headshot

Robyn Ready

SVP, CISO

KnitWell Group

Karthik Swarnam headshot

Karthik Swarnam

Chief Security & Trust Officer

Armorcode

Shadow AI introduced a new layer of risk in a time when security leaders are already grappling with the formidable challenges of managing hidden technical debt and uncovering shadow IT. Today’s digital landscape requires a new approach to risk and governance – one that identifies the shadows already existing in your organization and stops future shadows emerging as you harness the power of emerging technologies.

Join this session to discuss:

  • Uncovering existing hidden technical debts and shadow IT that inhibit agility, innovation and security
  • Establishing centralized risk frameworks and governance that are enforceable and scalable
  • Involving the C-suite and end users in establishing and understanding protections to deter rogue IT and AI

10:25am - 11:05am  Networking Break

10:30am - 10:55am  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:05am - 11:50am  Breakout Session

Developing Future-Ready Security Leaders Across the Commonwealth

Anthony O'Neill headshot

Anthony O'Neill

CISO & Chief Risk Officer

Commonwealth of Massachusetts

Christine Horan headshot

Christine Horan

Deputy Chief Risk Officer

Commonwealth of Massachusetts

Is it possible to combat the information security talent shortage and improve cyber resilience across 351 municipalities at the same time? The Commonwealth of Massachusetts is taking a unique approach to do just that.

Join this session with the Commonwealth's CISO & Chief Risk Officer, Anthony O'Neill, and Deputy Chief Risk Officer, Christine Horan, as they share how they're:

  • Leveraging community partnerships to spark interest in security careers from students of all ages
  • Connecting the dots between building future security leadership skills and addressing current security skills gaps
  • Building a sustainable pipeline of local cyber talent that will benefit public and private organizations across the Commonwealth

11:05am - 11:50am  Breakout Session

Unlocking Full Cloud Potential – Security Enhancements for Today’s Enterprise

Scott Montgomery headshot

Scott Montgomery

VP, Strategic Accounts

Island

While the vast majority of infrastructure has been upgraded and modernized to secure the shift to the cloud, enterprise IT teams are still missing an equally seamless access method to safely deliver those now cloud-native apps and data. While traditional browsers have become the de facto access point for the majority of business critical applications, they lack the deep inspection capabilities and hyper-granular security controls enterprises need. This results in security teams surrounding their browsers with layers of tech to meet those needs.

Join this breakout session to discover:

  • Why traditional cloud security methods undermine your modernization efforts and end-user experience
  • Embracing technological momentum to adapt to a "more-with-less" security landscape
  • How enterprise CISOs are using this solution to bolster cloud security


11:05am - 11:50am  Executive Boardroom

From Z to A - Extending Zero Trust to APIs

Anthony (Tony) Lauro headshot

Anthony (Tony) Lauro

Director, Security Technology and Strategy

Akamai Technologies

Anne Coulombe headshot

Anne Coulombe

Global CISO

WerfenLife

Kellen Gosselin headshot

Kellen Gosselin

VP & Sr. Director, Cybersecurity

Liberty Mutual

Brian McGowan headshot

Brian McGowan

CISO

SharkNinja

As more and more organizations adopt a Zero Trust architecture (ZTA), many initiatives overlook the increased prevalence of API-based access to sensitive application functionality and data. As CISOs move forward in their ZTA journey, how can they extend these principles to their API strategy to ensure security from the network layer to the application layer?

Join this session to discuss:

  • Breaking the kill chain by stopping infection vectors and protecting against lateral movement
  • Shielding sensitive data and limiting how APIs interact with data
  • Increasing real-time visibility across the business to mitigate threats

11:05am - 11:50am  Executive Boardroom

The Business of Security — Bridging the Gap Between Cyber Initiatives and Business Impact

Yanek Korff headshot

Yanek Korff

Co-Founder and COO

Expel

Alex Cunningham headshot

Alex Cunningham

CISO

Advisor360

Richard Walzer headshot

Richard Walzer

Chief Information Security Officer

Clean Harbors

Gernette Wright headshot

Gernette Wright

IT Security Officer

Schneider Electric North America

Economic trends have tightened purse strings everywhere, leaving CISOs and security leaders to demonstrate ROI and defend their budgets. But ROI is notoriously tough to quantify when the primary return for security investment is reduction in risk. As a result, bridging the gap between security investments and actual business impact can be easier said than done, particularly if your cybersecurity spend doesn’t clearly map to organizational goals.

Join this session to discuss:

  • Identifying the right metrics for quantifying security ROI and business impact        
  • Positioning security as a business enabler, rather than a cost center
  • Aligning security investments to organizational goals

11:50am - 12:35pm  Lunch Service

12:35pm - 1:10pm  Keynote

Advice for Enabling a Zero Trust Future

Sam Curry headshot

Sam Curry

Global VP, CISO in Residence

Zscaler

Eric Hussey headshot

Eric Hussey

CISO

Finastra

Organizations willing to adapt to a zero trust, AI-enabled future will be more well-protected and productive than those that ignore these strategies. Redefining our approach to architecture and legacy mindsets is essential for enabling CISOs to simplify and secure connectivity for users, workloads, branch offices, and devices.

Join this session to learn:

  • How to safely and effectively embrace tech innovations within your organization
  • The people, processes, and technologies needed to support secure transformation
  • How zero trust principles and critical thinking create future-proof operations

1:10pm - 1:35pm  Break

1:35pm - 2:20pm  Breakout Session

Industry's Opportunity to Drive Proactive Public-Private Partnerships

Helen Negre headshot

Helen Negre

Chief Information Security Officer, Americas

Siemens USA

Joel Max headshot

Joel Max

Cybersecurity Officer

Siemens USA

Peter Prunty headshot

Peter Prunty

Cyber Agent Boston Division

Federal Bureau of Investigation

Joe Szczerba headshot

Joe Szczerba

Cyber Division Section Chief

Federal Bureau of Investigation

Public-private partnerships are historically top-down initiatives, led by government agencies asking for private sector participation. But the pace of cyber threats -- particularly for critical infrastructure -- requires stronger collaboration, with industry leading the way.

Join this session for an open conversation about:

  • Improving intelligence sharing across sectors
  • Utilizing public agency resources to bolster your security programs
  • Building stronger relationships with government agency partners

1:35pm - 2:20pm  Breakout Session

Silent Invaders — Managing Third-Party Risk Amid Mass Zero-Day Exploits

Tim Miller headshot

Tim Miller

Field CTO- Cyber

Dataminr

The recent Change Healthcare breach has highlighted the critical need for robust third-party risk strategies. Security experts are now under pressure to swiftly adopt proactive measures to manage third-party risks.

Join this session to discuss:

  • Shift from reactive measures to a modern response
  • Emphasize agility and adaptability in reactive approaches
  • Utilize AI and real-time data to enhance threat detection

1:35pm - 2:20pm  Executive Boardroom

Agility in Security

Jake Lundberg headshot

Jake Lundberg

Field CTO

HashiCorp

Eric Galis headshot

Eric Galis

CISO

Cengage

Alyssa Robinson headshot

Alyssa Robinson

CISO

HubSpot

Matthew Wicker headshot

Matthew Wicker

Global Director of Cybersecurity

Regal Rexnord

Modern application delivery is changing drastically with the introduction of cloud and SaaS based solutions mixed with traditional datacenter operations. Securing applications and data across this diverse technology environment introduces new challenges.

Join this session to discuss:

  • Understanding security challenges in heterogeneous environments for application deployment
  • Adopting a zero trust mindset to build secure platforms
  • Overcoming common pitfalls organizations face while trying to build secure platforms

1:35pm - 2:20pm  Executive Boardroom

From Telemetry to Transformation – Measuring & Mitigating Human Risk

Oz Alashe headshot

Oz Alashe

CEO & Founder

CybSafe

Doug DeMio headshot

Doug DeMio

CSO

Mapfre Insurance

Robert Sherman headshot

Robert Sherman

Chief Information Security Officer & Vice President, Information Technology

American Tower Corp

Robert Sullivan headshot

Robert Sullivan

CISO, VP Technology Shared Services

Agero

Awareness, knowledge, education and training are not enough to change users' security behaviors in a sustainable way. That's because these core principles of traditional security awareness and training (SA&T) are focused on compliance. This makes sense in terms of ticking obligatory boxes, but it doesn’t actually tackle the issue at hand: cyber risk is fundamentally a human concern.

Join this session to discuss:

  • Unpacking pain points and limitations of traditional security awareness training (SA&T)
  • Quantifying cyber risk in more human terms of likelihood and impact
  • Translating risk metrics into actionable insights for business stakeholders

2:20pm - 3:00pm  Networking Break

2:25pm - 2:50pm  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

3:00pm - 3:45pm  Breakout Session

From ‘No’ to ‘Know-How’ – Enabling a Secure Culture Workshop

Jon Fredrickson headshot

Jon Fredrickson

VP & CISO

Surgery Partners

Daniel Gortze headshot

Daniel Gortze

Chief Information Security Officer

MIB Group

The security function and the word ‘no’ have become synonymous over time. Although security leaders are being called on to be stronger business enablers, there are still instances where ‘no’ or ‘not yet’ are the safest approach. How do you effectively communicate and educate in these situations without compromising a collective and innovative culture?

Join this interactive session to discuss:

  • Communicating an unpopular, yet informed, decision clearly
  • Managing stakeholder expectations of cybersecurity concerns
  • Gaining buy-in through education and fostering a “team sport” mindset  

3:00pm - 3:45pm  Executive Boardroom

Not If, But When — Preparing for Response

Robert Guay headshot

Robert Guay

Director of Emerging Security Technologies

Johnson & Johnson

Michael Kun headshot

Michael Kun

CISO

Banco Santander

Heinrich Piard headshot

Heinrich Piard

Chief Information Security Officer & Head of Global IT Operations

Hamilton Insurance Group

Every organization is one cybersecurity incident away from executing an incident response plan. CISOs must consider all aspect of recovery from containment to ensuring business resilience.

Join this boardroom session to discuss:

  • Proven incident response best practices
  • Opportunities for improved preparedness
  • Future landscape of incident response

3:00pm - 3:45pm  Executive Boardroom

Taking a Data-Driven Approach to Securing Digital Trust

Bobbi Bookstaver headshot

Bobbi Bookstaver

Director of Information Security

Shawmut Design and Construction

Jeremiah Salamon headshot

Jeremiah Salamon

Information Security Officer

Choate

With constant news of high-profile breaches, it’s never been more critical for organizations to reassure key stakeholders, customers and employees that they are capable of safeguarding their data and privacy. How can CISOs support and enable the digital processes, interactions and transactions that drive their business, while ensuring that their digital footprint remains secure?

Join this peer-driven roundtable session to discuss and share best practices for:

  • Establishing a data-centric strategy when protecting your company's information
  • Getting more from your existing tech stack to close gaps in your data security strategy
  • Accelerating visibility, classification, and actionable insight across all types of enterprise data

3:45pm - 4:10pm  Break

4:10pm - 4:55pm  Keynote

Generative AI – Short-Term Hype, Long-Term Impact

Julie Fitton headshot

Julie Fitton

CISO

Analog Devices

Lorna Koppel headshot

Lorna Koppel

Director of Information Security/CISO

Tufts University

Ravi Thatavarthy headshot

Ravi Thatavarthy

Chief Information Security Officer

Rite Aid

Gernette Wright headshot

Gernette Wright

IT Security Officer

Schneider Electric North America

Generative AI’s mainstream surge created historical digital and business disruption. Despite the hype, CISOs are at a critical point in the Generative AI lifecycle. How can the security function go beyond setting guardrails in place, to truly enabling the business through its exploration and adoption of this continuously evolving technology?

Join this cross-industry CISO panel to explore:

  • Peer experiences supporting the business through GenAI adoption
  • Proven best practices in keeping pace with the demands of the business
  • Varied perspectives on future business value and productive use cases of GenAI

4:45pm - 5:00pm  Closing Comments and Prize Drawing

5:00pm - 7:30pm  Networking

Governing Body Reception

Join us for an after celebration of the Executive summit where Governing Body members host this dinner with an evening of peer networking.

May 30, 2024

We look forward to seeing you at an upcoming in-person gathering


Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location


Venue & Accommodation

Westin Copley Place
MORE INFORMATION

A block of rooms has been reserved at the Westin Copley Place at a reduced conference rate. Reservations should be made online or by calling 617- 262-9600.

Deadline to book using the discounted room rate of $339 USD (plus tax) is April 8, 2024.

Your Community Partners


Global Thought Leaders
CISO Thought Leaders
Key Partners
Program Partners

Community Program Manager


For inquiries related to this community, please reach out to your dedicated contact.

Spencer Bisgaard

Senior Community Program Manager

541-912-0183

spencer.bisgaard@evanta.com