7 Highlights from CISO Executive Summits in 2023


Community Blog
Written by Laurel Hiestand

JANUARY 2, 2024

Throughout 2023, Evanta, a Gartner Company, held 137 CISO community gatherings in North America, 44 CISO programs in Europe, and nine gatherings in Australia. The 2023 CISO Executive Summit agendas were focused around three guiding themes - Securing AI, Automation and New Technology, Building Operating Models that Foster Agility and Security by Design and Strengthening Cyber Risk's Role as a Driver for Enterprise Decision Making.

Our CISO communities around the globe continue to collaborate, learn and gain value from peer-led sessions and thought leadership from strategic partners and outside experts.

Below is a snapshot of Evanta’s highest-performing sessions and content in our CISO communities.
 

Highly-Rated Presentations

Keynote: Shadow in the Darkness – Cyber Defense in a Changing Threat Landscape
The last few years of global instability and conflict have defined a new threat paradigm for CISOs and their teams. Ransomware groups and bad actors are changing their initial access vectors as the digital attack surface and vulnerabilities shift. In this keynote presentation, CSO Brian Barrios of Southern California Edison Company, Vice President and Head of Cybersecurity Wes Gavins of LA28, and CISO Matt Crouse of Solar Turbines, were joined by Supervisory Special Agent Bernie Riedel of the Federal Bureau of Investigation to discuss the foundational measures required to build a multi-layered cyber defense. The executives talked about the importance of public-private partnerships for intelligence sharing and discussed supply chain risks and mitigations to protect against backdoor attacks.

Keynote: Board Perspectives — Is the Story of Security Resonating?
CISOs spend a considerable amount of time quantifying and qualifying security posture to engage board members on cybersecurity strategy. But is this effective in communicating the full story of cyber risk? This fireside chat-style keynote featured Selim Aissi, CISO and Corporate Board Director, and Ash Ahuja, VP, Global Role Lead and Executive Partner, Security & Risk Management at Gartner. They discussed how well board members are understanding the threat landscape, what the board really wants to hear from CISOs, and how CISOs can more effectively communicate risk.  

Breakout: Cybersecurity in the SEC’s Spotlight
CISOs are facing an important task as they navigate the U.S. Securities and Exchange Commission's (SEC) recently adopted rule amendments designed to improve the disclosure of cybersecurity risk management, strategy, governance, and incidents by public companies. This session brought together Nabeel Cheema, Special Counsel, Office of Rulemaking, Division of Corporation Finance at the SEC, and Kemper Seay, VP, Infrastructure and Chief Information Security Officer at Carter's, to discuss how to assess the materiality of an incident and the timeline for incident disclosure, what the disclosing processes are for assessing, identifying and managing material risks from cybersecurity threats, and how to describe the board and management’s roles in overseeing cybersecurity risks.

Breakout: Leading Locally, Influencing Globally — Giving Back as a CISO
The mix of technological and business expertise it takes to be a successful cybersecurity executive makes CISOs some of the most savvy leaders around. Many CISOs in our communities are going further to move the industry forward. In this session, Krishnan Chellakarai, CISO, Head of Information Security and Data Privacy at Gilead Sciences, and Leda Muller, Chief Information Security and Privacy Officer at Stanford University, hosted a discussion about what inspired them to create positive change in the industry and how they are leveraging their positions as security leaders to make an impact. 

Boardroom: The CISO as a Savvy Board Communicator
Translating the organization's cybersecurity posture to the board can be a catalyst in improving organizational resilience and building strong rapport. The challenge is how to communicate security initiatives clearly when the stakes are high. CISO Kevin Gowen of Synovus Financial, Vice President of IT and Information Security Brian Phillips of Macy's, and Director of Cybersecurity and Risk Management Matt Durant of BlueLinx, led this boardroom discussion on leveraging your expertise to build trust, demystifying cybersecurity spending, and translating cybersecurity into actionable language.

Boardroom: Countdown to Compliance – Preparing for Changing SEC Requirements
A significant regulatory shift looms on the horizon for CISOs of publicly traded companies. They will be mandated to disclose security breaches with substantial impact within a stringent four-business-day window. Moreover, these entities are entrusted with the continuous task of sharing details on their risk management apparatus and practices. In this boardroom, Mike Longenecker, Principal Solutions Architect at Expel, Billy Norwood, Chief Information Security Officer at FFF Enterprises, and John Rojas, VP, Head of IT (CIO/CISO) at Air Lease Corporation, talked about how to unravel the intricate web of considerations surrounding the SEC's revised mandate.

Town Hall: Value vs. Risk – A Thoughtful Approach to Generative AI
There’s nothing new about managing internal expectations on hyped technologies, but the recent advancements in AI have caused an increased demand for the evaluation and adoption of generative AI models. There is no question that these breakthroughs are just the beginning, but security and technology executives must temper expectations and ensure a thoughtful approach to building AI models that will add more value than risk. In this town hall, CISOs discussed how to communicate and quantify the benefits and risks of generative AI adoption, how to identify a business need and use case for AI implementation, and how to stay ahead of the continuous AI advancements.


Most Popular Content

  • Infographic: 2023 CISO Leadership Perspectives
    A highly popular piece of content each year, the Leadership Perspectives Survey infographic highlights the top takeaways from our annual survey of community members.
  • Survey Report: Top 3 Goals and Challenges for CISOs in 2023
    This report takes a deeper dive into the survey results, explaining the top priorities, opportunities and challenges for CISOs this year.
  • Blog: Top 3 Areas of Focus for CISOs in 2023
    Early in the year, we share the top things we think community members will focus on, based on conversations, feedback and recent trends.
  • Executive Blog: Rethinking Cyber Talent: Take a New Approach to Recruiting
    In this blog, Detroit CISO Community Member Steven Aiello, Security and Compliance Practice Director (CISO) of strategic consulting company AHEAD, shared his approach to building a pipeline of talent in cybersecurity.
  • Executive Blog: The CISO’s Guide for Reporting Cyber Risk to the Board in 2023
    In this executive blog, Aleksandar Radosavljevic, Global CISO for Global Fashion Group (GFG), shares strategies CISOs can use to overcome common challenges in communicating risks to the board and four metrics to monitor progress.
  • Infographic: CISO Community Pulse on AI & Your Business
    This year, we asked CISOs across our communities for their thoughts on generative AI. Here, we summarize what nearly 400 security leaders told us about AI and its impact on business.
     

Next year, the Evanta CISO Community will continue to provide data-driven content and insights focused on the CISO’s mission critical priorities. Looking ahead to 2024, CISOs will be focusing on the following three themes:

  • Improve and Achieve Operational Resilience
  • Enable AI's Potential through Trust, Risk and Security Management
  • Create Alignment with the Enterprise to Unlock True Value

Stay up-to-date with your Evanta CISO community by applying to join your local community or finding an opportunity to connect with CISO peers on our calendar.

 

Laurel Hiestand headshot

Laurel Hiestand

Sr Director, Content at Evanta, a Gartner Company