Global CISO Executive Summit

CISO executives have a special invitation to be one of the first groups on the course at Cantigny Golf Course! Tee times are 8:40am, 8:50am, 9:10am, and 9:20am. 

For those who would like to take advantage of the complimentary transportation from The Waldorf Astoria, please arrive in the lobby at 7:00 am. To help you get ready for the day, breakfast will be provided upon checking in at the hotel. At the conclusion of your golf experience, shuttles buses will be waiting to transport you back to The Waldorf Astoria. 

Please meet in the Waldorf Astoria Chicago Lobby for transportation to the Welcome Reception at City Hall. 

Transportation provided from 4:30pm - 5:45pm. 

City Hall: 838 W. Kinzie, Chicago, IL

Are you ready for the live podcast that has spotlighted one of the most critical areas of InfoSec – relations between buyers and sellers of cybersecurity products? Join us as our host David Spark and special guests comment on hot cybersecurity issues, and listener questions, and play risk-based security games like "What's Worse?!"

As Global CISOs gather for the 10th annual summit of this community, hear from Wolfgang Goerlich, Advisory CISO at Cisco Secure, as he explores where we have been, where we currently are and where we are going as global security leaders.  As we all move forward with our unique vantage points, let us lean on one another to create a more secure future.

The Governing Body invites attendees to kick off the Global CISO Executive Summit with a welcome reception and night full of networking with peers. 

Transportation will be back to the Waldorf Astoria Chicago starting at 8:30pm CT. 

Be among the first to see what’s new and next in the security solutions landscape. Three early-stage providers will get the chance to showcase their innovative solutions to the most pressing cybersecurity challenges.

The three providers you will hear from are: 

• Cado Security
• Noetic Cyber
• Corsha

Digital transformation is a powerful business enabler that is compelling leaders to fundamentally change their technology ecosystems. The potential of technology to unlock value and drive progress has never been greater and the imperative to transform your business, securely, has never been more urgent. With data, users, and devices everywhere, how can CISOs reimagine cybersecurity in a world without boundaries?

Join this keynote to hear strategies on:

• Accelerating transformation with innovative security services, and communicating their value to the business
• Scaling and simplifying security across the organization, minimizing risk and gaining agility
• Protecting today's cloud-first, hybrid workforce with a proactive, intelligent, and radically simple security architecture

While COO of Morgan Stanley, Jim Rosenthal, was tasked with ensuring that the bank was protected against supply chain attacks. From there, he expanded his efforts to protect the broader financial industry from falling victim to a significant cyberattack impacting its core banking operations. The repercussions could reverberate across the entire financial system, wreaking havoc and sowing doubt in the safety of our global monetary system.

In this keynote, as current CEO of BlueVoyant, Jim will discuss:

• Learn how supply chain cyber risks posed an unacceptable risk to the US financial sector and how those risks were mitigated
• Gain a better understanding of how supply chain cyber risks impact your global business and industry
• Take a deep dive into real-world data to understand the magnitude of the issue and how vulnerable some of the most critical industries are

Join this breakout session to hear Marc Varner, Corporate VP & CISO, Lowe's Companies talk about his success story of navigating the Log4j incident and the lessons learned. 

When walking into a new CISO leadership role and taking into consideration the evolving global threat environment and our abilities to protect our organizations, it is critical to understand how to drive cybersecurity transformation across the organization.

Join this session to learn:

• How to build a case for transformation
• Demonstrate the value of cybersecurity as a business enabler to the Board
• How to use partners as a catalyst for execution

As business and technology teams around the world drive cloud adoption and implement modern application architectures, the security vulnerabilities of the sprawling IT stack multiply as visibility dwindles. Now is the time to explore new applications and API security strategies to proactively reduce risk, secure the environment, and capitalize on cloud-native capabilities to meet these challenges for a global workforce.

Join this boardroom to discuss:

• Managing the lifecycle of API risks
• Defending against API attacks
• Developer-led API security practices

Many organizations are challenged with implementing their security programs across widely distributed infrastructure, using an array of tools while often sharing responsibility and control with their service providers. So how can they best maintain visibility into those environments, detect malicious activity and orchestrate effective, business wide, responses? Or perhaps even eliminate much of the noise in that process by identifying and reducing their exposure and risk proactively?

Join this interactive boardroom to discuss:

• Key industry advances in open interconnectivity of tools and data sources
• How overall exposure and risk can be better managed
• Improving the efficiency and effectiveness of threat management programs to allow security teams to focus on the what’s most important

As we continue to evolve our corporate defenses, even the best crisis response plans struggle to account for the human element. The performance of your technology might be a known quantity, but what about your human capabilities? This interactive session will test organization-wide decision-making skills using a realistic cyber crisis.

Join this interactive session to:

• Understand the business impact of technical choices, stakeholder management actions, and more
• See real-time data on the effects of decisions on crisis management and response
• Strengthen your organization's resilience at both the executive and technical levels

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can security leaders best face changing threat vectors?

Join Geoffrey Jenista , Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency to discuss:

• Understanding the adversary’s goals and objectives
• How to build a more secure and resilient infrastructure through preparedness, incident response, and mitigation
• What security executives can do to build resiliency

SaaS and public cloud services are driving a fundamental paradigm shift and a resulting API explosion. As we do our best to navigate this newly grown jungle of connectivity, it can be hard to notice system vulnerabilities.

Join this session learn:

• Ways to manage and protect these seemingly endless connections
• Best practices for distributing APIs through Cloud and SaaS
• The public cloud transition process and why it does not necessarily mean starting over

Data doesn’t move itself. People—whether they are negligent, compromised or malicious—move data in secure and risky ways. The growth in remote work from anywhere and everywhere has redefined the global security perimeter and increased the risk of insider-led data loss for organizations. At the same time, the frequency and volume of insider threats keeps rising, placing a significant burden on security teams to keep pace. Where do you start to stop insider threats?

Join this session to discuss:

• Moving beyond legacy data loss prevention approaches
• Managing insider threats and risks in your organization
• Increasing visibility across multiple channels to accelerate incident response

As security professionals scrambled to enable remote and hybrid workforces in 2020, leaders had to make sacrifices in a world that was changing by the minute. Attackers took advantage, recognizing that security tools were limited and people were distracted by their new environments. But in a (nearly) post-pandemic world, how do we ensure that the tradeoffs we made were the right ones and that our workforces are protected moving forward?

Join this session as Mike Britton, CISO at Abnormal Security and his peers discuss:

• Enabling security tools for a hybrid environment
• Creating a cybersecurity literate workforce
• Protecting your people in an ever-changing cybercrime landscape

There is no shortage of data available to the security function, but insights – the signals of a real threat that demands action — are a different story. CISOs who can derive meaningful findings from their environments can better detect threats with fewer resources — a difficult, ongoing challenge as organizations become increasingly digital and complex.

Join your peers to discuss:

• How emerging technologies and evolving digital businesses are challenging security analytics
• Best practices for monitoring user behavior and other dynamic risks
• How to reduce the noise created by the growing number of threat detection technologies and data volume

Whether it comes from across the globe or down the street, the ever-looming threat of a ransomware attack is always in the back of the IT and security executive’s mind. Get your collaborative and creative juices flowing in this gamified choose your own adventure.

In this interactive session attendees will:

• Collaborate to identify threat responses

• Respond to choices and forces out of their control

• Discuss pitfalls and best practices

Companies are increasingly dependent on vast networks of third parties which makes it difficult to monitor the level of exposure these risks pose to the organization. Perfect monitoring of all third parties, especially at global scale is impossible with limited resources. However, a proper third-party risk management program can be the life-saving measure your business needs when your partners are under attack.

Join this session to discuss:

• Prioritizing your vendor inventory for assessment
• Leveraging automation for calculating risk and streamlining the review process
• Expanding third-party risk conversations beyond cybersecurity

The last few years have been an extreme test as companies face new operational realities, including an acceleration of organized retail crime. As the lines between advanced cybercriminals and traditional fraudsters have become increasingly blurred, Target has expanded the scope of its cyber team to include retail fraud strategy and operations. Hear how Target merged teams and is leveraging advanced cyber capabilities to protect customers, improve the experience, and drive growth.

Join this keynote session with Rich Agostino, SVP, CISO and Jodie Kautt, VP of Cybersecurity to learn about:

• Target’s cybersecurity journey and strategy
• Role of security as a business enabler and driver
• Lessons from the blending of their cybersecurity and fraud functions

The path to a stronger IAM strategy lies within an agile digital system. CISOs are often challenged with keeping an entire company up to date, as well as identity-related breaches and core business operations being interrupted - but easy to use technology (when leveraged correctly) can be a game changer.

Join this boardroom to discuss:

• What the essentials are for building an efficient IAM system
• The challenges faced when protecting a hybrid workforce environment
• Readying your staff when adopting a user access program

The topic of enterprise risk management presents a twofold problem: the calculation of the level of risk and effective communication to top management. CISOs must communicate an accurate risk assessment that is understood thoroughly by those with decision making power. Knowing how to describe information security risk to top management effectively is essential to aid decision-making and ensure an organization is secure.

Join this session to discuss:

• Which metrics should be applied to communicate value to the board while strengthening your security program
• How to clearly articulate risk across the organization in a manner that encourages others to act
• Understanding how to effectively measure the metrics that matter

Organizations have accelerated their cloud and digital transformation strategies over the past two years creating tremendous opportunity. The impact of this is still being felt, and it's important to take stock and assess where enterprises have found challenges and successes along the way. It is time to consider the influence of this acceleration, understand how CISOs are taking advantage of business evolution to better their cloud infrastructure and explore the impact of key tools and processes such as SOARs, security analytics and Zero Trust initiatives.

Join this boardroom session to discuss:

• SOAR tools have increased efficiencies and quickened cloud adoption
• Security analytics have evolved in tandem with the complexity of threats and challenges faced along the way
• The Zero-Trust approach has become an essential foundation to organizations cloud security

At age 14, Easton LaChappelle created a robotic hand for a science fair that would go on to disrupt the prosthetics industry.  Now, his bionic arms are more technologically sophisticated than conventional prosthetics and cost a fraction of the price. LaChappelle will share insights into leveraging technology to make structural changes in the market.

Join this keynote to learn: 

• Creating a systematic change that leads to a significant impact
• Using technological advances to address gaps in the market and improve the lives of others
• Setting the foundation for global change

Transportation will be provided back to the Waldorf Astoria Chicago started at 8:30pm CT. 

Be among the first to see what’s new and next in the security solutions landscape. Three early-stage providers will get the chance to showcase their innovative solutions to the most pressing cybersecurity challenges.

The three providers you will hear from are: 

• Phosphorus Cybersecurity
• Netography
• Halcyon

Sometimes attaining your goals can feel like summitting a mountain. But how can the lessons from actual mountain climbing apply to your life? Seasoned mountaineer Ed Viesturs has reached the peak of many of the world’s most treacherous mountains without supplemental oxygen. He will share compelling and actionable insights into how he accomplished his goals that can apply to the business world, and your role as a leader.

Join this inspirational keynote to learn: 

• How to plan ahead with resources to make sure you finish what you set out to do
• Managing and mitigating risk through perseverance, dedication, and teamwork
• Leadership and rational decision making in times of crisis to complete a monumental goal

Work-from-anywhere, geopolitical conflicts, digitization and evolving regulations are changing the security risk landscape. Organizations are facing rising cases of unplanned outages driven by sophistication of cyberattacks and rising skill gaps. An increasing number of successful incidents has shown that conventional security approaches are insufficient to prevent breaches. The CISO role is therefore breaking organizational siloes and evolving into a Chief Cyber Resilience Officer role.  

Join this session with Kris Lovejoy to learn:

• What factors are driving the evolution of the CISO role
• Why should CISOs care about not only responding to cyber events, but also recovering from them
• How to build an ideal cyber resilience framework

With cloud adoption accelerating and the emergence of permanent hybrid workforces, traditional network security constructs are pushed to their breaking point. As remote work has become the new normal, users, applications and data are now everywhere, challenging traditional notions of security and performance. CISOs need a new security architecture designed to protect our ever-expanding perimeters from ever-evolving threats without sacrificing performance.

Join this session to discuss:

• Zero Trust principles that address the security and performance needs of today’s digital businesses
• How modern security architectures should be optimized to deliver leading performance and resiliency
• Why advanced ML/AI techniques deliver superior protections from today’s sophisticated threats

Today’s CISOs face daunting challenges. It’s a balance between fighting off increasingly sophisticated attacks, maintaining a positive company culture, and navigating governance and company-wide risk assessments. It's no surprise that CISOs are needing to find innovative ways to manage stress and burnout.

Join this boardroom session to discuss:

• Best practices for managing stress  
• Recent cyber events and how this impacts the CISO role
• What can organizations do to support their CISOs and cybersecurity teams

Cyber threats don't take time off. And with varying budgets, staffing and technologies challenges, CISOs find that they must react and adapt accordingly to ensure their SOC is performing effectively. Find out how you can gain visibility into data flows across endpoints, datacenters and cloud environments with real time situational awareness to combat against todays sophisticated attacks.

Join this session to learn:

• How to provide internal visibility as it relates to threat intel and ransomware attacks
• Successful internal strategies to prevent impacts from cyberattacks as well as simplify attack surface
• Quickly mitigate zero day threats