
San Francisco CISO Community
Executive Summit
November 8, 2023 | Parc 55
November 8, 2023
Parc 55
Collaborate with your peers
Get together with San Francisco's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.
Join your peers to discuss the most critical issues impacting CISOs today:
Quantifying the business's cyber-risk appetite and leveraging it to frame security investments
Improving the agility of security operating models to keep pace with organizational priorities
Enhancing product security to better protect against and take advantage of advanced AI capabilities
San Francisco CISO Governing Body
The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven By CISOs, For CISOs®.
Governing Body Co-Chairs

Yassir Abousselham
UiPath
SVP, CISO

Selim Aissi
CISO and Corporate Board Director

Sujeet Bambawale
7-Eleven
VP, CISO

Krishnan Chellakarai
Gilead Sciences
CISO, Head of Information Security & Data Privacy

Devin Ertel
Menlo Security
Chief Information Security Officer

Al Ghous
Snapdocs
CISO

Leda Muller
Stanford University, Residential and Dining Enterprises
Chief Information Security and Privacy Officer

Kannan Perumal
Applied Materials
Vice President, Chief Information Security Officer

Jeff Trudeau
Chime
VP, CIO & CSO
What to Expect
Agenda
7:45am - 8:30am Registration & Breakfast
8:30am - 9:15am Keynote
Leading Like a Game Master

Dr. Timm Woods
Professional Game Master
Tabletop exercises, wargaming sessions, etc. — whatever you call them, security leaders are no strangers to using interactive role-playing to practice incident response scenarios with stakeholders. But there's so much more to learn from the wide world of tabletop roleplaying games (TTRPGs).
Dr. Timm Woods, an expert on the role of TTRPGs in business and educational contexts, joins us to share practical insights learned from hundreds of hours as a professional Game Master, including:
- Fostering a team environment that authentically encourages innovation, trial and even error
- Using the power of storytelling to make intangible concepts feel as real as life and death
- Working with (not against) the fast-paced and unpredictable nature of security (and games) to embrace a more improvisational leadership style
9:15am - 9:40am Networking Break
9:40am - 10:25am Breakout Session
Unpacking the Impacts & Implications of the SEC Cyber Disclosure Rules
Hosted by BitSight

Lauri Floresca
SVP & Partner
Woodruff Sawyer

Gary Hayslip
CISO
SoftBank Corporation
With its new cyber rules, the SEC made clear that it expects more transparency from senior executives and board directors of public companies around cyber risk. Other things – like a definitive determination on what is “material” and potential increased personal liability for CISOs – remain a little less clear, however.
Join this session to participate in an open discussion about:
- Board-level oversight of cybersecurity
- C-Suite liability and information security risk
- Relevant cases, proposed policies and procedures
9:40am - 10:25am Executive Boardroom
Modernizing your Security SecOps Program in the Cloud
Hosted by Panther

Will Lowe
COO
Panther

Jitendra Joshi
Founder
Cyylocity

Pathik Patel
Head of Cloud Security
Informatica
In today’s rapidly evolving security landscape, security programs must possess three indispensable capabilities to be truly effective: speed, scale, and flexibility. But to get to that ideal state, CISOs must overcome a bevy of obstacles, like legacy tools that are continuously breaking and homegrown systems that are challenging to maintain.
In this session we will discuss:
- Building a scalable infrastructure by exploring tools, processes and skills
- Challenges with current SecOps frameworks and ideas for more modern approaches
- Solutions for high volume cloud log sources while keeping budget in check
9:40am - 10:25am Executive Boardroom
Strategic Pitfalls in Third-Party Risk Management
Hosted by RiskRecon, a Mastercard Company

Dave Holden
Regional Sales Director
RiskRecon - A MasterCard Company

Kailas Pimple
Global Information Security Manager
Bio-Rad Laboratories
Managing cyber risk across an enterprise IT infrastructure has never been harder. Remote workers, advancing attack methods, and an ever-expanding vendor network are challenging every firm, as total visibility into threats has become nearly impossible. As digital business strategy matures, more organizations are becoming dependent on the cyber posture and protection of third parties. Third-party risks present a unique challenge because you are depending on vendors and partners to operate securely to keep your data and information safe. How are you mitigating the associated risks and demonstrating this to the business to ensure effective security programs?
Join our session to hear about:
- Common failings across TPRM programs that led to breach events
- How executives can provide strategic direction for third-party risk teams
- Key practices being implemented by leading vendor risk firms to maintain strong supply chain risk management
9:40am - 10:25am Executive Boardroom
Empowered Women, Empowering Women — Getting the "Chief" Title (And Beyond)

Deepali Bhoite
CISO
Anaplan

Michele Buschman
Chief Information Officer
American Pacific Mortgage
While the number of women in technology roles is growing, there's one area where the gender disparity is still very noticeable — right at the very top. Women in working IT, security and risk management still face more barriers to career advancement than their male counterparts, particularly when it comes to getting to the "Chief" title and level of authority.
In this session, women in the Bay Area technology community who've reached the "chief" level (and beyond) in their organizations will share some key moments in their career journeys, then we'll transition to more open discussion. Come prepared to share your perspective and forge new connections!
Access will be reserved for, but not limited to, women who are leading the IT, security and/or risk functions at their organizations (CISO, etc. or equivalent) and women reporting directly to these heads of function. Male allies and others are welcome as space allows.
10:25am - 11:00am Networking Break
10:30am - 10:55am Peer-to-Peer Meetings
Peer-to-Peer Meetings
Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.
11:00am - 11:45am Breakout Session
Prevention Focus — Limiting How Security Leaders Utilize 3rd Party Frameworks
Hosted by Fortinet

Tony Giandomenico
Global VP FortiGuard Security Consulting Services
Fortinet
Many organizations today still purely focus on hardening systems and networks against an intrusion, aka “Prevention Focus.” This approach can result in a lack of focus on how an organization’s security solutions, people and procedures would support responding to a security incident if it were to occur. Would you be surprised to know that many victim organizations had the capabilities to detect these intrusions, but they weren’t enabled?
Join this session to discuss:
- Assessing third-party frameworks
- Articulating an organization’s ability to employ counter measures
- Identifying threat actors within their current organizational environment
11:00am - 11:45am Breakout Session
FBI Cybersecurity Update – What's Now, New & Next in the Threat Landscape?
Hosted by Rubrik

Elvis Chan
Asst. Special Agent in Charge, FBI San Francisco, Cyber Branch
Federal Bureau of Investigation

Sujeet Bambawale
VP, CISO
7-Eleven
Today's varied threat landscape features both foreign and domestic security concerns that could stop or delay business. With so many avenues for malicious actors, how should CISOs be prioritizing their resources to improve resiliency?
Join this open discussion with a cybersecurity expert from the FBI's San Francisco field office to discover and discuss:
- The latest cyber threats both already here and on the horizon
- Strategies for addressing the emerging threat landscape
- Best practices of working with law enforcement before, during and after a breach
11:00am - 11:45am Executive Boardroom
Unifying the Analyst Experience to Improve Threat Detection and Response
Hosted by IBM Security

John Velisaris
Director of Threat Management Services
IBM Security

Kannan Perumal
Vice President, Chief Information Security Officer
Applied Materials

James O'Brien
Deputy Chief Information Security Officer
First Republic Bank
Given today’s dynamic threat landscape, involving constantly changing malicious TTPs, CISOs must have a proactive threat management strategy to handle complex attacks. However, with widely distributed infrastructures and the number of tools with different levels of control and responsibility, maintaining true visibility is difficult. Staffing shortages and the high volume of alerts that come in from fragmented tools adds to this challenge. The solution? Unifying the analyst experience to connect existing tools and workflows across your hybrid cloud environment.
Join this session to discuss:
- Detecting and responding to advanced attacks like ransomware
- Unifying the analyst experience with AI and machine learning - starting with understanding your attack surface and through EDR/XDR, SIEM, SOAR
- Identifying blind spots in your cloud security strategy due to information fragmentation
11:00am - 11:45am Executive Boardroom
Break the Attack Chain — The Importance of Integrated Threat Protection
Hosted by Proofpoint

Ryan Kalember
EVP, Cybersecurity Strategy
Proofpoint

Sekhar Nagasundaram
Staff VP, Technology, Cybersecurity Threat Management
Elevance Health

Mario Duarte
VP of Security
Snowflake
Organizations worldwide are being faced with multistage attacks such as BEC, ransomware, and supply chain, that happen with the same basic steps in the same sequence. It’s been a decade since defenders began referring to this as the attack chain, but the attacks continue to successful with the same tactics, from phishing to Active Directory abuse to data exfiltration. So how do we finally turn the tables on adversaries, and take away what they depend across the attack chain?
Join this interactive roundtable as CISOs discuss:
- Understanding the evolving nature of initial compromises
- The art and science of preventing small compromises from becoming big incidents
- Reducing your team's workload by using the attack chain to prioritize controls
11:45am - 12:30pm Lunch Service
Apply to Participate
Apply to participate in the San Francisco CISO Community Executive Summit.
Gartner facilitates exclusive, C-level communities by personally qualifying and understanding the priorities, challenges and interests of each member.
Our selective approach maintains the high quality of the network and ensures top-level discussions with peers from the world’s leading organizations.
Each application will be reviewed, and once your participation is confirmed, you will have access to year-round community programs.
Location
Venue & Accommodation
Parc 55A block of rooms has been reserved at the Parc 55 at a reduced conference rate. Reservations should be made online or by calling (415) 392 8000.
Deadline to book using the discounted room rate of $279 USD (plus tax) is October 16, 2023.
Community Program Manager
For inquiries related to this community, please reach out to your dedicated contact.