IN-PERSON

San Francisco CISO Community
Executive Summit

June 25, 2024 | Grand Hyatt at SFO

June 25, 2024
Grand Hyatt at SFO

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Yassir Abousselham

UiPath
SVP, CISO

Selim Aissi

HealthEquity
EVP and CSO

Sujeet Bambawale

7-Eleven
VP, CISO

Krishnan Chellakarai

Gilead Sciences
CISO, Head of Information Security & Data Privacy

Cassie Crossley

Schneider Electric North America
VP, Supply Chain Security

Devin Ertel

Menlo Security
Chief Information Security Officer

Al Ghous

Snapdocs
CISO

Leda Muller

Stanford University, Residential and Dining Enterprises
Chief Information Security and Privacy Officer

Kannan Perumal

Applied Materials
Vice President, Chief Information Security Officer

Jeff Trudeau

Chime
VP, CIO & CSO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your San Francisco CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

June 25, 2024

morning afternoon

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

Time 2.0 — Applying Design Thinking to the Human Experience of Time

John Coyle

CEO and Founder of "Speaking Design Thinking"

Guest Speaker

Time, as we experience it, is not linear, yet why do we pretend that it is? How do we measure the true value of our time? In this mind-bending session, John K. Coyle will apply creative deconstruction to what we think we know about time, and you will learn how to slow, stop and reverse the perceived acceleration of time most adults feel and experience the endless summers of youth again.

Grab a seat and learn how to:

Understand the forces that govern experiential time
Discover actions you can take to manipulate your perception of time
Design your life to create intense and memorable experiences that expand time

9:15am - 9:40am Networking Break

9:40am - 10:25am Breakout Session

Turning Security Data in Action

Mani Keerthi Nagothu

Americas Field CISO Associate Director

SentinelOne

Security teams have an incredible amount of data but struggle to manage and generate value from this vast data repository. With the right approach to managing security data, CISOs will extract actionable insights that improve their security posture.

Join this session to learn:

Benefits of security data lakes and best practices for implementation
Effective data management strategies that enable and amplify AI use and improve productivity
Leveraging data lakes to strengthen your cyber resilience and security posture

9:40am - 10:25am Breakout Session

Fraternize and Maximize — Sharing Knowledge, Power, and Victory Over Common Risks

Kannan Perumal

Vice President, Chief Information Security Officer

Applied Materials

When it’s harder to attack anyone, it’s harder to attack everyone. It might feel like a brain teaser but, simply put, intra-industry CISO collaboration and collective intelligence partnerships don’t just benefit your business’s lagging competitors. Yes, sharing information with your fellow industry CISOs could give them a leg up on the next big risk but, in a world of exponential connectedness, squashing risk early is never selfless.

Join Kannan Perumal as he discusses:

The unique benefits of consorting with CISOs in your own industry
Why some industries are more apt to support these competitor collabs
The paradoxical support of a business’s ambition and opposition

9:40am - 10:25am Executive Boardroom

Communicating Effectively, Utilizing Outcome Driven Tactics

Tim Crothers

Director, Office of the CISO

Google Cloud Security

Andrew Schofield

SVP, Head of Information Security & IT Operations

Forge Global

Fernando Enrile

Head of Trust - Office of Cybersecurity

Marqeta

Anurana Saluja

Vice President - Global Head of Information Security, Privacy & Business Continuity

Sutherland

As security leaders gain more face time with the board and key stakeholders, communicating in a way that is understood and out of the weeds is getting more necessary. To keep communication effective as CISOs, implementing some of the process improvement tactics to your own style is helpful. Join this boardroom to get insight into:

Developing unique KPIs for your security team and yourself
Setting clear goals that allow your team to exceed them
Outcome driven security and how to implement it into your communication style

9:40am - 10:25am Executive Boardroom

Yesterday’s Shadow IT and Today’s Shadow AI

Young-Sae Song

CMO

Grip Security

Mark Lambert

Chief Product Officer

ArmorCode

Leda Muller

Chief Information Security and Privacy Officer

Stanford University, Residential and Dining Enterprises

Shadow AI introduced a new layer of risk in a time when security leaders are already grappling with the formidable challenges of managing hidden technical debt and uncovering shadow IT. Today’s digital landscape requires a new approach to risk and governance – one that identifies the shadows already existing in your organization and stops future shadows emerging as you harness the power of emerging technologies.

Join this session to discuss:

Uncovering existing hidden technical debts and shadow IT that inhibit agility, innovation and security
Establishing centralized risk frameworks and governance that are enforceable and scalable
Involving the C-suite and end users in establishing and understanding protections to deter rogue IT and AI

10:25am - 11:05am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:05am - 11:50am Breakout Session

Endpoint, Cloud and the Board — Identifying Risk that Matters

Richard Seiersen

Chief Risk Technology Officer

Qualys

Prioritizing and eliminating the cyber risks that matter most is the ultimate goal of security leaders. But how do you validate that your efforts are hitting the mark? It all comes down to well-crafted measurements: metrics that are reliable and easily understood by all stakeholders across the business.

In this session, we will discuss:

Cybersecurity risk assessment essentials and which risks truly carry weight
Concrete approaches to determine effectiveness of security capabilities
Creating simple "metric cards" to communicate across stakeholders

11:05am - 11:50am Breakout Session

Security Hot Topics — Pulse Check Your Priority

Leda Muller

Chief Information Security and Privacy Officer

Stanford University, Residential and Dining Enterprises

Security continues to find its way into the boardroom and even into headlines. As the spotlight grows, so does the pressure CISOs face to foster constructive conversations around the value, opportunity and impact of key priorities.

Join this interactive session to:

Engage with like-minded CISO peers on shared priorities
Validate strategies and uncover new ways of thinking
Share key lessons learned and proven best practices

Table Themes Include: AI vs. Talent; Life After CISO/Board Membership; Leading Through M&A; Cloud Misconfigurations; OT Security; Quantum Computing / Next-Gen Technology

11:05am - 11:50am Executive Boardroom

Securing the Everywhere World — Building Cyber Resilience through a “Connectivity Cloud”

James Dolph

CISO

Guidewire Software

Kevin Song

Interim Chief Information Security Officer and Sr. Director of Enterprise Security

WeWork

Ling Wu

Senior Director, Information Security GRC

Cloudflare

When users are everywhere and digital operations span cloud, SaaS, and on-premises environments, achieving cyber resilience becomes paramount. The challenge lies in navigating this complexity and maintaining visibility and control to ensure continuous operation despite cyber threats.

Join this interactive roundtable to discuss:

Optimizing costs and improving security across diverse cloud environments
Adopting Zero Trust philosophies to protect users, data and applications
Innovating with AI while addressing global regulatory and data privacy requirements

11:05am - 11:50am Executive Boardroom

Doubling Down on Critical Third-Party Risk Vulnerabilities

Kelly White

Co-Founder & CEO

RiskRecon - A MasterCard Company

Ed Machado

ISO & Chief Privacy Officer/ Sr Manager, Information Security

Star One Credit Union

James O'Brien

Deputy Chief Information Security Officer

First Republic Bank

The complete entanglement of cyber risk with business risk is becoming increasingly more visible. CISOs now have an opportunity to better pinpoint third parties that present a threat to the organization. Yet the increasing complexities of third party, and even fourth party, risk management, prompted by a wide range of evolving threats, demands heightened attention. How can CISOs ensure they have a clear understanding of their vulnerabilities across ecosystems and supply chains?

Join this session to discuss:

Identification of vulnerabilities across your vendor landscape to prioritize response efforts
Third-party risk management strategies to safeguard your digital ecosystem
Overcoming resource challenges to prioritize extended supply chain risk

11:50am - 12:20pm Networking & Meal Service

Rising Together — Gender-Inclusive Networking Lunch

Leda Muller

Chief Information Security and Privacy Officer

Stanford University, Residential and Dining Enterprises

Female, non-binary, and allied cyber leaders are invited to eat lunch and connect in our reserved networking space. Hosted by a member of the San Francisco CISO community, those in attendance can freely discuss best practices, key challenges and mission-critical priorities before heading over to the midday keynote.

11:50am - 12:35pm Lunch Service

12:35pm - 1:10pm Keynote

AI/ML and Zero Trust — Driving Business Success

Jay Chaudhry

CEO, Chairman & Founder

Zscaler

Hari Jayaram

Corporate Vice President, Chief Information Officer

Applied Materials

As cyber threats become more sophisticated and pervasive, enterprises need to adopt an agile approach to network and security that promotes innovation and mitigates risk. AI/ML and zero trust are the key enablers of this transformation, offering visibility, control, and automation across users, workloads, IoT/OT devices, and business partners.

In this session, you will learn:

How AI will be used to fight AI and how generative AI will contribute to increased numbers of ransomware attacks
How the growth of zero trust segmentation will happen in parallel with the rise of firewall-free enterprises, and Zero Trust SD-WAN will begin to replace traditional SD-WAN
How AI/ML add defensive and analytics capabilities that drive IT and business success

1:10pm - 1:35pm Networking Break

1:35pm - 2:20pm Breakout Session

A New Paradigm for Managing Third-Party Risk

Shimon Modi

VP, Product Management, Cyber

Dataminr

In the past 12 months, 87% of F1000 businesses were affected by significant cyber incidents as a result of a third-party. And yet, most rely on ‘snapshot in time’ questionnaires. While necessary, snapshots are insufficient by themselves, and must be augmented with continuous monitoring in support of ongoing security operations. This requires a different approach, that includes external threat detection capabilities by using AI across Public Data.

Join this session to learn about:

The Public Data opportunity: collect, process, alert across multiple languages / modalities
Real-time external threat detection on a rapidly evolving threat landscape
The most advanced AI techniques for automating the collection, processing, delivery, and initial analysis of millions of public data sources

1:35pm - 2:20pm Breakout Session

Developing and Upholding Your Supply Chain Standards

Sekhar Nagasundaram

Global Head of Cyber Defense and Threat Management and SVP Technology - Cybersecurity

Elevance Health

Hemanta Swain

Global Head of Security and Compliance (CISO)

Lucid Motors

Vendor selection, pre-partner due diligence and trusted implementation are merely the beginning of a healthy third-party management culture. With those pieces in place, the real work (like battling for constant visibility and enforcing your requirements) begins. You’ll need to prepare.

Gather and discuss how CISOs have successfully:

Vetted new and prospective third-parties
Monitored their network of existing third-parties
Upleveled and asserted their security requirements and expectations

1:35pm - 2:20pm Executive Boardroom

The Business of Security — Bridging the Gap Between Cyber Initiatives and Business Impact

Chris Hencinski

Senior Solutions Architect

Expel

Tammy Hawkins

VP of Cybersecurity and Fraud Prevention

Intuit

Jonathan Kaplan

Director of Information Security | CISO (Acting)

San Francisco International Airport

Economic trends have tightened purse strings everywhere, leaving CISOs and security leaders to demonstrate ROI and defend their budgets. But ROI is notoriously tough to quantify when the primary return for security investment is reduction in risk. As a result, bridging the gap between security investments and actual business impact can be easier said than done, particularly if your cybersecurity spend doesn’t clearly map to organizational goals.

Join this session to discuss:

Identifying the right metrics for quantifying security ROI and business impact
Positioning security as a business enabler, rather than a cost center
Aligning security investments to organizational goals

1:35pm - 2:20pm Executive Boardroom

From Z to A - Extending Zero Trust to APIs

Sean Flynn

Director, Security Technology and Strategy

Akamai Technologies

Ajay Wadhwa

CISO

State of California - State Compensation Insurance Fund

Tamal Biswas

VP, Head of Product for Cloud Platform and Infrastructure

Calix

As more and more organizations adopt a Zero Trust architecture (ZTA), many initiatives overlook the increased prevalence of API-based access to sensitive application functionality and data. As CISOs move forward in their ZTA journey, how can they extend these principles to their API strategy to ensure security from the network layer to the application layer?

Join this session to discuss:

Breaking the kill chain by stopping infection vectors and protecting against lateral movement
Shielding sensitive data and limiting how APIs interact with data
Increasing real-time visibility across the business to mitigate threats

2:20pm - 3:00pm Networking Break

2:25pm - 2:50pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

3:00pm - 3:45pm Breakout Session

Governing Generative AI in your Organization

Mandy Andress

CISO

Elastic

Generative AI is being utilized by companies and employees alike–sometimes without permission. The normalization of this emerging technology has expanded the attack surface and left many security leaders feeling anxious and uncertain. Is generative AI worth the risk, and how should it be governed in an organization?

Join Elastic’s CISO, Mandy Andress, to explore:

What to expect from the threat landscape as generative AI becomes increasingly normalized
What adopting generative AI does to your attack surface, and if you should even allow it
How to implement governance rules that your organization will follow

3:00pm - 3:45pm Executive Boardroom

What Grade Would You Give Your IGA Deployment?

Rich Dandliker

Chief Strategist

Veza

Krishnan Chellakarai

CISO, Head of Information Security & Data Privacy

Gilead Sciences

Prakash Kalaiah

Head of Security

Enphase Energy

Identity Governance and Administration (IGA) has been a cornerstone of compliance programs for decades. Despite this history, the reality of IGA rarely matches the customers’ initial expectations and the needs of the business. Increasingly, customers are demanding that IGA tools not only “check the box” for auditors, but also drive forward Least Privilege to secure their organization in today’s landscape of cyber threats.

Join this interactive roundtable session to discuss:

Explore current practices, tools, and effectiveness of IGA programs
Evaluate the extent to which IGA goes beyond compliance to bolster security posture
Identify the critical gaps that may limit the effectiveness of an IGA program

3:00pm - 3:45pm Executive Boardroom

Navigating the Expanding Challenges of the CISO Role

Paul Davis

CISO, Americas

JFrog

Bryan Green

CISO

Andreessen Horowitz

Orus Dearman

VP - Cyber Security

iRhythm Technologies

CISOs are now tasked with managing an expanded set of security teams. Now, often managing Development, Application Security and Data Science, the CISO still needs to empower their Security Operations teams to embrace new IT disciplines.

Join your C-level peers for a private conversation on:

Managing new security disciplines
Quickly and securely maturing your software supply chain
Doing it all with consideration to formalized development and delivery pipelines

3:00pm - 3:45pm Executive Boardroom

Identity Security - Your Key to Mitigating Breaches

Sandeep Kumbhat

Field CTO

Okta

Sangram Dash

Chief Information Security Officer

Sisense

Jonathan Chan

Head of Global IT & Security

EpiSource

Attackers are not breaking in – they are logging in. Exploiting weak passwords, phishing credentials, navigating privileged access, and session hijacking is a threat actor's easiest way to infiltrate your organization, often leading to compromising your resources and applications.

Join this session and learn how, when done right, identity can be:

Your organization’s first line of defense
The backbone of your security strategy
The leverage you need in putting a stop to breaches

3:45pm - 4:10pm Networking Break

4:10pm - 4:45pm Keynote

Powerful Partnerships - Lessons On Linking Security and Privacy

Leslie Stevens

Global Privacy Officer, Associate Vice President Privacy and Compliance

Agilent Technologies

David Tugwell

AVP/CISO

Agilent Technologies

Mukund Sarma

Senior Director

Chime

Data protection, confident compliance, enhanced stakeholder trust, and effective risk mitigation - all are possible when security and privacy executives are working in harmony.

Listen as CPO Leslie Stevens and CISO David Tugwell, both of Agilent Technologies, break down how they: