IN-PERSON

Boston CISO Community
Executive Summit

December 10, 2024 | Westin Copley Place

December 10, 2024
Westin Copley Place

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Julie Fitton

Analog Devices
CISO

Eric Galis

Cengage
CISO

Javed Ikbal

Bright Horizons
VP/CISO

Lorna Koppel

Tufts University
Director of Information Security/CISO

Ravi Thatavarthy

Rite Aid
Chief Information Security Officer

Michael Woodson

Sonesta
Director of Information Security and Privacy

Gernette Wright

Schneider Electric North America
IT Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Boston CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

December 10, 2024

morning afternoon evening

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

Law & Order — Cross Examining AI's Legal Boundaries

Eran Kahana

AI, Cybersecurity, and Intellectual Property Attorney

Maslon LLP

As AI technologies rapidly evolve, the laws and ethical standards designed to govern them lag behind, creating a mismatch in the pace of innovation and regulation. This misalignment often leads to inadequate alignment with core principles such as trustworthiness, safety, and ethics. For AI leaders, mastering governance strategies that drive alignment with these core principles is key to ensuring the organization’s risk profile is effectively managed.

Join AI, cybersecurity, and IP law expert Eran Kahana as he offers actionable insights on:

Navigating the Ethics of Cutting-Edge AI
Deciphering Global AI Legislation Dynamics
Mastering AI Governance for Risk Mitigation

9:15am - 9:40am Networking Break

9:40am - 10:25am Breakout Session

Bridging Security and Risk — The Evolving CISO Reporting Structure

Doug DeMio

CSO

Mapfre Insurance

In the evolving landscape of risk management, the integration of CROs and CISOs is quickly emerging. This new reporting structure empowers both CROs and CISOs to work synergistically, leveraging their combined expertise to protect the organization's assets, reputation, and strategic objectives in a rapidly changing threat landscape. It also creates a more cohesive and comprehensive approach to ensure that security becomes an enabler for faster, smoother business transactions rather than a bottleneck.

Join this session to discuss:

Allocating resources for risk management and cybersecurity initiatives
Aligning risk management strategies along with business objectives
Unifying to create a stronger Risk Management Framework

9:40am - 10:25am Executive Boardroom

Navigating Cyber Risks and Opportunities of Cloud - Evaluating Options

Mani Keerthi Nagothu

Americas Field CISO Associate Director

SentinelOne

Deb Briggs

Chief Security Officer

Netscout

Salomon Frangieh

VP - IT Risk and Resilience Oversight Lead

State Street

Christine Nagy

Global CISO

Advent International

The use of cloud technology has become a popular choice for businesses, providing them with numerous advantages and introducing new threats. Cyber security risks can cause financial and reputational damage if left unmanaged, which is why it is essential to understand all the ways to protect the enterprise.

Join this boardroom to discuss:

New insights to cloud-based attacks and the impacts
Cloud security strategies & Governance, Risk and Compliance
Cloud defenses for protecting organizations

9:40am - 10:25am Executive Boardroom

Innovating at Full Speed

Clinton Herget

Field CTO

Snyk

Ravi Thatavarthy

Chief Information Security Officer

Rite Aid

Matthew Wicker

Global Director of Cybersecurity

Regal Rexnord

Establishing trust between security and developers is crucial for successful outcomes, especially as modern development quickly embraces AI. Security and risk leaders need to move faster by adopting dynamic risk governance and use risk governance intensity, but how does the future of innovation hinge on achieving this open trust and communication.

Join this boardroom conversation with Snyk to delve into:

Communicating risk strategies & ownership to partners across the enterprise
Applying AI and how it can speed up and secure application security
Leveraging automation and analytics to safeguard the riskiest components of your digital portfolio

10:25am - 11:05am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:05am - 11:50am Breakout Session

It is AI Incident O'clock — Do you know where your AI Security Program is?

Javed Ikbal

VP/CISO

Bright Horizons

There are two kinds of companies, those that had an AI Security/Privacy Incident, and those that will. Artificial Intelligence brings both groundbreaking opportunities and considerable risks. To effectively manage these risks, the National Institute of Standards and Technology (NIST) has published a risk management framework. However, this framework does not fully address the pressing question for cybersecurity experts: how to prevent or respond and recover.

Join this session to discuss:

Applying NIST's Five Functions to AI security
Protecting Gen AI applications with the OWASP LLM Top 10
Arming AI Governance with the NIST AI RMF

11:05am - 11:50am Executive Boardroom

Securing the Everywhere World — Building Cyber Resilience through a “Connectivity Cloud”

Stephen Stierer

Senior Director of Solutions Engineering

Cloudflare

Stephen Danckert

Director, Enterprise Architecture, Cybersecurity and Privacy

Haemonetics

Brian McGowan

CISO

SharkNinja

When users are everywhere and digital operations span cloud, SaaS, and on-premises environments, achieving cyber resilience becomes paramount. The challenge lies in navigating this complexity and maintaining visibility and control to ensure continuous operation despite cyber threats.

Join this interactive roundtable to discuss:

Optimizing costs and improving security across diverse cloud environments
Adopting Zero Trust philosophies to protect users, data, and applications
Innovating with AI while addressing global regulatory and data privacy requirements

11:05am - 11:50am Executive Boardroom

Risk to the Nth-Party Degree

John Chisum

VP, Solutions Consulting

RiskRecon - A MasterCard Company

Dean Lebron

Vice President, Information Technology

Ameresco

Brooke Satti Charles

Head of Risk and Compliance

PerkinElmer

Third party relationships are closest and may prove to be the most tangible risks to your business, yet the whole supply chain of your business partners still pose a substantial threat. Most organizations’ vendor relationships extend to the 8th party. CISOs need to understand this web of connectedness in order to better manage and communicate enterprise risk.

Join this session to discuss:

Gaining visibility into risk across the whole supply chain
Strategies for effective risk management and monitoring business partners
Overcoming resource challenges to prioritize third-party and extended supply chain risk

11:50am - 12:35pm Lunch Service

12:35pm - 1:10pm Keynote

Optimizing for Agility — Network and Security Convergence

Steve Riley

VP & Field CTO

Netskope

Integrating a complex ecosystem across all security areas can optimize defenses without simplifying adversaries’ challenges. This approach balances robust security with efficiency, crucial for navigating generative AI and tech advancements. Achieving this requires strategic selection and consolidation of platforms to enhance agility, reduce risk, and maintain cost-effectiveness.

In this session, you’ll learn:

The composition of an effective security architecture
Value you can derive from a converged networking and security platform
Common consolidation mistakes people make and how to avoid them

1:10pm - 1:35pm Break

1:35pm - 2:20pm Breakout Session

Who Knew It Could "BISO" Simple

Eric Galis

CISO

Cengage

Christina Mazzone

Global Managing Director, Corporate Information Security & Strategy

Omnicom Group

When it comes to success, people tend to offer silver bullets or single keys. However, true long-term success is achieved through multiple conversations and continued strategic relationships across the business – which is exactly where the BISO role can add tremendous value to a CISO's team.

Join this session to hear how CISOs are leveraging teams of BISOs to:

Improve collaboration between business units and the security team
More effectively identify and mitigate risks
Ensure its security posture is aligned with the rest of the business

1:35pm - 2:20pm Executive Boardroom

The Silent Spread of AI — Are We Losing Control Over It?

Lior Yaari

CEO and Co-Founder

Grip Security

Mick Leach

Field CISO

Abnormal Security

Astrid Lambert

Sr. Director Data & Development

Cambridge Health Alliance

Ravi Thatavarthy

Chief Information Security Officer

Rite Aid

AI risk is quietly creeping into every corner of your enterprise, and you don’t even realize it. As more employees adopt AI-powered tools, applications, and processes, it is becoming deeply embedded in your tech stack — but it’s not just your employees using AI. Attackers are also leveraging AI to enhance their own tactics and sharpen their attacks. The real question for CISOs is: Do you have visibility into the countless ways AI is spreading, and what’s the best way to use AI to protect against AI?

Join this session to discuss:

The hidden ways AI is entering your enterprise, from third-party tools to shadow AI projects and why it’s slipping under the radar
How attackers are using AI to improve their attacks and making them harder to detect by both legacy security tools and humans themselves
Actionable steps for CISOs to gain visibility and control over AI use across the organization

1:35pm - 2:20pm Executive Boardroom

Security Operations — Navigating a Moving Target

Gael Frouin

CISO

AAA Northeast

Lorna Koppel

Director of Information Security/CISO

Tufts University

Many security operations (SecOps) programs focus on tooling and existing processes to identify new, critical threat activity. However, many of the true unknowns are left missing. How can CISOs enable SecOps performance in today's sophisticated and ever-evolving threat landscape?

Join this session to discuss:

Enabling SecOps through change and disruption
Working within resource constraints without compromising security posture
Elevating threat detection to drive SecOps efficiency

2:20pm - 3:00pm Networking Break

2:25pm - 2:50pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

3:00pm - 3:45pm Breakout Session

10-Minute Wins

Alex Cunningham

CISO

Advisor360

Lorna Koppel

Director of Information Security/CISO

Tufts University

Why learn from one peer when you can learn from three? In this unorthodox, but effective, breakout session you’ll hear from multiple members of your community — each taking the floor for 10 minutes to share what they’ve gleaned from their time in leadership.

3:00pm - 3:45pm Executive Boardroom

Protecting Innovation: Rethinking Data Security Strategies

John Loya

VP Of Sales Engineering

Cyberhaven

Josh Gordon

Sr. Director, IS Security

Steward Health Care System

Brian Castagna

CISO

PerkinElmer

AI makes creating and consuming data easier than ever, with shadow AI and dark data presenting new challenges to security teams. As the tactics for protecting data evolve, security leaders must adopt a risk-based strategy to protect mission-critical data and safeguard innovation.

Join this session to discover:

Effective practices for ongoing monitoring to identify risks
Rapid investigation and response techniques for insider threats
Strategies for evolving your data protection approach

3:00pm - 3:45pm Executive Boardroom

Cyber Risk — Telling the Right Story

Joe Burgoyne

Sr. Director, Cyber Security

GE Healthcare

Jay Carter

CISO

MEMIC

Samir Sanghani

Head of Information Security

Coverys

In an era where cybersecurity incidents often dominate headlines, managing stakeholder risk expectations has become more critical than ever. CISOs must ensure key stakeholders remain informed and confident in the organization’s risk posture.

Join this session to discuss:

Telling the story of cybersecurity’s impact on people, processes, and technology
Navigating the complexities of risk management in a highly interconnected digital world
Articulating the business impact of assumed risk

3:45pm - 4:10pm Break

4:15pm - 5:00pm Keynote

Foundational Building Blocks of Your Cybersecurity Program

Jennifer West

SVP, Chief Digital Trust Officer (CISO)

Takeda

Gernette Wright

IT Security Officer

Schneider Electric North America

In today's digital landscape where there are so many tooling options available and the influx of AI in every conversation, it is easy to forget the fundamental basics of your cybersecurity. For CISOs, mastering and enabling these principles as the foundation of your program is not just is a core maturity skill it is transformative as you approach critical areas such as AI, Data Management and IAM. Focusing on these elements can help create a resilient security framework that adapts to emerging threats.

Join the session to discuss:

How to instill foundational/basic security practices into your cybersecurity program
How to translate these concepts to the board and your executive team leadership
How this approach can enable transformation and prepare the organization for adopting new technologies such as artificial intelligence, zero trust

5:00pm - 5:10pm Closing Comments and Prize Drawing

5:15pm - 6:45pm Governing Body Reception

Governing Body Reception

Governing Body members host a reception for executives to close out the event with an evening of peer networking, food and drinks.

December 10, 2024

morning afternoon evening

Apply to join

ALREADY A MEMBER? SIGN IN TO REGISTER

Evanta facilitates exclusive, C-level communities by personally qualifying and understanding the priorities, challenges and interests of each member.

Our selective approach maintains the high quality of the network and ensures top-level discussions with peers from the world’s leading organizations.

Community Member Criteria

To ensure peer connections and conversations at the highest level, members must meet the following criteria:

- C-level or senior most executive for respective function

- Organization revenue of $500M+

Exceptions are considered.

I meet the criteria above

I would still like to be considered

My contact information is….

You agree to our Privacy Policy and T&Cs, which includes sharing your contact details with your peers and sponsors.

FORM CONTAINS ERRORS, PLEASE REVIEW THE ABOVE

We look forward to seeing you at an upcoming in-person gathering

Gartner cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location

Venue & Accommodation

Westin Copley Place

MORE INFORMATION

A block of rooms has been reserved at the Westin Copley Place at a reduced conference rate. Reservations should be made online or by calling 617- 262-9600. Please mention Boston Executive Summit to ensure the appropriate room rate.

Deadline to book using the discounted room rate of $259 USD (plus tax) is November 18, 2024.

RESERVE ROOM