CISO San Francisco Summit | September 18, 2018 | San Francisco, CA, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Tuesday, September 18, 2018 - CISO San Francisco Summit

7:00 am - 7:55 am

Registration and Networking Breakfast

 

8:00 am - 8:10 am

Welcome Address and Opening Remarks

 

8:10 am - 8:40 am

Keynote Presentation

Digital Transformation and Security - Intelligent, Interconnected, Digital, and Secure? How can we have it all?

The impact of disruptive technologies (Internet of Things, Cognitive computing, Blockchain, Advanced robotics, Cloud native solutions) challenges enterprises to reinvent their systems, business processes, and in many cases their overall business models. We all start to feel the pressure of ?digitize-or-die' but realize that many emerging technologies prioritize capability over security. 

Industry 4.0 defines a world with highly interconnected, intelligent, and digital systems where the boundaries between cyber and physical start to blend? and any system disruptions and security vulnerabilities have a significantly higher impact in the physical world. 

Join the cross-industry dialog about the role CIO's can play to maximize value from emerging technologies AND manage the increasing security risk. 

Takeaways

  • Impact of digital transformation on cyber and physical security
  • How to enable innovation while managing vulnerability
  • How can we extend cross-industry collaboration for secure digital transformation?


 

8:45 am - 9:15 am

Keynote Presentation

Analytics & Cloud Together: Accelerating Innovation in the New Cognitive Era

Leading companies are disrupting the status quo by using data to inform business strategy and create new business models that fuel growth. CIOs have the power to uncover the insight that drives disruption and speeds transformation. 

Learn how leading IT organizations are maximizing the use of open source and cloud technologies alongside on-premises investments to accelerate innovation. And understand how CIOs are embracing new cloud-enabled consumption models while helping ensure data privacy, security and sovereignty.  

Takeaways:

  • Integrating analytics into key applications and systems can enable people throughout an organization to access and act on insights when and where it matters most.
  • Take advantage of more sources to enable better decisions. IT must create an environment with easy access to all types of data - structured and unstructured - from internal sources and those outside the organization.
  • Data science teams are answering the toughest questions by leveraging open source development platforms and tools to build models more quickly and easily.

 

9:20 am - 9:45 am

Executive Exchange

 

Thought Leadership

Secure, Simplify and Transform to a Cloud-Enabled Enterprise

Progressive companies are leveraging cloud, a powerful business enabler, to transform their business and make it more competitive. But cloud and mobility significantly impacts the current IT infrastructure - security, network traffic flow, applications, user experience and cost. As CIOs and CISOs embrace this transformation, they look for opportunities to exchange ideas with their peers who have gone through this journey.  

At this session, Zscaler will share experience of leading the massive network, security and datacenter application transformation that he managed across all business units of GE. 

Example topics will include: 

  • How to transform your hub & spoke network into a cloud-enabled network 
  • How to transform datacenter applications to a SaaS, AWS and Azure environment 
  • New security paradigm for the new world of cloud 
  • Changing role of IT execs 
  • Lessons learned
 

9:50 am - 10:15 am

Executive Exchange

 

Thought Leadership

Achieving Cybersecurity at IoT and Cloud Scale

With the growth of IoT and Cloud, the attack surface that enterprises must protect is expanding dramatically. Unique regulatory requirements by industry vertical are also placing extra pressure on Security Officers and their teams. How can CISOs effectively respond? First and foremost, taking an architectural approach, one that includes network segmentation, will create the best chance of solving Enterprise security holistically and for the long term. Key capabilities must include visibility of all security elements and the communications these systems and devices generate and, even more importantly, automation of operations and response. With the current cybersecurity skills gap that many enterprises experience today, the ability to quickly and effectively audit, recommend and automatically fix the entire network security architecture is critical. 

Takeaways: 

  • Technology evolution and innovation is exponentially expanding the attack surface. 
  • To keep up, enterprises must take an architectural approach to network security that includes visibility and automation.  
  • With limited resources, the ability to quickly and effectively audit, recommend and repair network security is crucial.
 

10:20 am - 10:30 am

Morning Networking Coffee Break

 

10:35 am - 11:00 am

Executive Exchange

 

Executive Boardroom

Securing the New Way that People Work: Why It's Time to Safely Enable Your Employees to Go Beyond the Perimeter

Join Netskope Chief Scientist, Krishna Narayanaswamy, for a birds' eye view of how mobile and cloud have conspired to dissolve the enterprise perimeter and transform IT as we know it. Hear Krishna's take on how these dynamics have shifted the role of enterprise IT, why letting users 'go rogue' is the path to business success, and how smart CISOs will become the drivers of growth and profits this decade.

Executive Boardroom

Unsupervised Machine Learning: A New Approach to Cyber Defense

From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. Legacy approaches to cyber security, which rely on knowledge of past attacks, are simply not sufficient to combat new, evolving attacks, and no human cyber analyst can watch so much or react quickly enough. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis. Self-learning systems represent a fundamental step-change in automated cyber defense, are relied upon by organizations around the world, and can cover up to millions of devices. Based on unsupervised machine learning and probabilistic mathematics, these new approaches to security can establish a highly accurate understanding of normal behavior by learning an organization's ?pattern of life,'. They can therefore spot abnormal activity as it emerges and even take precise, measured actions to automatically curb the threat. Discover why unsupervised machine learning is the future of defense and how the 'immune system' approach to cyber security provides complete network visibility and the ability to prioritize threats in order to better allocate time and resources. 

In this session, learn: 

  •  How new machine learning and mathematics are automating advanced cyber defense 
  • Why full network visibility allows you to detect threats as or before they emerge  
  • How smart prioritization and visualization of threats allows for better resource allocation and lower risk 
  • Real-world examples of unknown threats detected by 'immune system' technology
 

11:05 am - 11:30 am

Executive Exchange

 

Thought Leadership

Become a Change Agent for Business Transformation

Today's modern CIO is embarking on a digital transformation journey exploring radical hybrid IT strategies and leveraging new technologies like Cloud, Social, Mobile and Big Data. However, with 'keeping the lights on' legacy IT components costing nearly 90% of a typical IT budget, how can IT make powerful advancements and lead business change? 

Join this interactive session to learn how award-winning CIOs are successfully tipping the balance by liberating people, time and money from costly ongoing maintenance of their ERP systems including SAP and Oracle, to invest in strategic initiatives that create real-world competitive advantage.

 

11:35 am - 12:00 pm

Executive Exchange

 

Think Tank

Digital Disruption in Healthcare ... Fact or Fiction?

Digital disruption has happened in many industries, but not fully in healthcare...even though all signs indicate that the industry is ripe for disruption. There are key technology trends able to drive this transformation and a variety of players leveraging these tools. However, driving disruption requires more than technology. New, agile ways of designing business models, strategies and products are needed. CIOs are not only familiar with technology tools, but also with agile ways of delivering digital products and can play an important role in leading their businesses towards needed innovation. 

Think Tank

Data-Centric Security

For years the security focus of the enterprise was to build a hardened perimeter at the edge of the network, an impenetrable shell that kept the good out and the bad in. Over the last few years this model has fallen by the wayside. Technologies such as Cloud and Mobility have pushed the enterprise beyond its traditional perimeter while increased levels of partnership have created inroads through that shell. As a result, infrastructure based security is no longer sufficient or appropriate and enterprises everywhere are having to make the shift to a new security paradigm, one that is centered on the data itself, not on the infrastructure that houses it.

Takeaways:

  • Learn the principles of data-centric security
  • Understand the role encryption plays and how it should be integrated
  • Determine when and where data monitoring tools make sense

 

12:05 pm - 12:30 pm

Executive Exchange

 

Think Tank

Embracing IoT -Is Cybersecurity Helping to Set Our Organizations Up for Success?

The Internet of Things (IoT) comes in many different forms with their own unique challenges and threats. It surrounds us from when we wake up, to commuting to work, and in our respective organizations. And so when it comes to our organizations and how we are integrating IoT into our businesses, we need to ensure we have the right elements working in unison to mitigate risk from this dynamic paradigm shift of a highly interconnected world. We need to ensure we have the ability to identify capability gaps, determine the right solutions, and define the appropriate policies and procedures, such as data security and privacy, given geo-industry regulations or standards. Most of all, we need to quickly adapt and devise a strategy to embrace IoT in a secure fashion. 

Takeaways:

  • IoT touches us all whether we are in our homes or at work, and along the way there are risks and those risks are growing.
  • With highly interconnected ecosystems of assets, networks, and clouds, Security professionals are facing many challenges. There are technologies out there to help solve this problem, but technology alone is not enough. Security organizations need to develop a strategy.
  • Adding new controls within our organizations also creates new dilemmas, such as data privacy, identity and access.
  • IoT is a multi-dimensional challenge our industry is facing, and without a comprehensive defense-in-depth approach we will continue to see more and more incidents that are highly impactful to our society as a whole.

Think Tank

Building Dynamic Security Teams

There's no other way to say it than bluntly; Information Security is a white-hot field within Information Technology as a whole " over the last dozen years it has gone from after-thought, to scapegoat, to critical enterprise success factor. As a result, the need for capable and qualified Information Security specialists, whether front-line Analysts, mid-level Managers, or top level CISOs is at an all time high, but personnel and skills availability is sinking to an all-time (at least in terms of supply and demand ratio) low. There simply isn't enough expertise in existence to go around, or enough education occurring to create it. In this environment, senior Information Security leaders have to get creative in their pursuit of the people, performance, and passion necessary to address this capability shortfall.

Takeaways:

  • Learn how to build grass-roots programs that cultivate a farm full of potential security experts through internal and collaborative programs.
  • Find out how to leverage key organizational traits to generate buzz and interest where none existed before
  • Understand the relevance of certs vs. experience and how to evaluate and validate the value of candidates



 

12:35 pm - 1:20 pm

Networking Luncheon

 

1:25 pm - 1:50 pm

Executive Exchange

 

Think Tank

Facilitating Marketing Goals with Innovative Technology

The days of "first touch" attribution are long gone. Today there is an intense focus for predictable revenue results, to know customer acquisition costs (CAC) and to understand the Customer Journey. Because of the Internet, the balance of power has shifted from Brands to customers with customers able to search myriad sources of information about a company and their products before ever engaging them with a phone call or a webform. This has led to the ongoing need to follow the Customer through multiple paths including SEM, SEO, Social, Display and more. Marketers and Customer Experience professionals are working side by side with IT professionals to move from Multi-Channel marketing to Cross-Channel Marketing to now Omni-Channel Marketing. 

Takeaways:

  • How critical it is for Marketers, Customer Experience and Information Technology to work closely together to ensure the production of accurate data on the Customer Journey.

Think Tank

Best-of-Breed or Consolidated: Principles in Security Architecture Design

When it comes to implementing network security infrastructure there are two schools of thought: use best-of-breed point solutions, or go with all round consolidated platforms. Pros and cons abound for either approach revolving around varying levels of protection, integration, and administrative overhead but the increasing complexity of current security infrastructure is showing a winning approach. Even though consolidated solutions may offer greater benefits in the long run, no one exists in a green-field situation when it comes to network and infrastructure security so careful planning is required to ensure the necessary protection.

 Takeaways: 

  • The management burden of best-of-breed outweighs performance benefits 
  • Consolidated platforms can lead to feature overlap and unnecessary cost
  • Planning is required to maximize coverage but minimize effort and spend
 

1:55 pm - 2:20 pm

Executive Exchange

 

Executive Boardroom

The Year of Ransomware: Can Technology Alone Prevent Phishing Attacks and Breaches?

2016 is certainly shaping up to be the year of the ransomware attack. As ransomware and phishing attacks continue to grow in number and sophistication, organizations need to reconsider their current security strategy. Companies continue to invest billions of dollars in technology to shore up their defenses against these threats. But is that enough? Is complete reliance on technology the answer? Or should we focus on the human and human behavior?

Executive Boardroom

Everything You've Always Wanted to Know About Incident Response (But were afraid to ask and for a good reason)

The threat landscape is continually changing. What was several years ago an era of advanced attackers seeking valuable data, has transformed to be one filled with global disruptive data related plagues instigated by nation-states seeking to dictate agenda and terms. In light of this evolution, organizations have come to realize that compromise is inevitable, and responding quickly in order to prevent the next data breach or disruption is paramount. However, the evolving incident response process holds in store a great challenge as measuring its effectiveness is fairly easy. Do you actually know how effective your current SOC/IR/MDR is in detecting, validating, containing and remediating infections in the environment? Are you ready to win the race to your own data?

 

2:25 pm - 2:50 pm

Executive Exchange

 

Thought Leadership

The winter cometh, and it's called Privacy Regulation

The rapidly-evolving challenges of the information economy has caused a rise in the need to preserve individual privacy and autonomy. Rules and regulations (such as GDPR, Breach notification laws, Cybersecurity Laws, etc.) are rapidly being formulated by nations, states and user/industry consortiums to ensure that all parties can thrive in such an economy. Apart from loss of customer trust, many of these impose massive monetary penalty for violations. Thus, breaches will soon become an even more existential threat for companies. 

New technologies such as Cloud, Blockchain, IoT and Artificial Intelligence offer companies to increase efficiency, but also pose new challenges to data protection. In this talk we aim to uncover how the rapidly evolving privacy and technology landscape is shaping today's business in protecting its most vital raw asset - data.

 

2:55 pm - 3:20 pm

Executive Exchange

 

Think Tank

The Unbearable Lightness of Digital Transformation

Building a Disruptive Technology Digital team. To become fully digital enterprises, you need to shift the focus inward and innovate the employee experience. Is this defined as how employees feel about their organizations with regard to both opportunities for growth/skills development, and employees' willingness to continue to work for their current firms? Use digital DNA behaviors. 

Takeaways: 

  • Look after -Capability Planning, Innovation, Strategic Intelligence, Predictive Analytics, Disruptive Technology, Enterprise Architecture, Strategic Roadmap, M&A, Patents and Communication

Think Tank

Why CISO's Should Prioritize Application Security

In this no perimeter, modern world of assets like cloud instances, web-based applications, mobile devices, application containers, Application security isn't optional, it's the leading cause of breaches.(2016 Verizon Data Breach Investigations Report). As more applications become publicly accessible, more breaches are occurring at the application level. Apps are everywhere, and they are vulnerable. Shoring up CISO confidence demands a shift in priorities to address the new challenges of effective application security. Security having focused primarily on network security issues, may fail to ask the right questions of application development teams to discern potential risks. In this interactive conversation come hear what CISO's require to figure out where to start, how to sell their organization on the initiative & measure their success. 

Key Initiatives:

  • Building a security culture with development teams 
  • The use of automation to detect Application vulnerabilities 
  • Using Metrics to Manage your AppSec Program
 

3:25 pm - 3:35 pm

Afternoon Networking Coffee Break

 

3:40 pm - 4:05 pm

Executive Exchange

 

Executive Boardroom

Accelerate IT Optimization and Transformation Projects to Value Delivery

We get it. Your role as an IT leader is more challenging than ever. You are looking for ways to continue to improve IT service, while trying to more effectively manage existing IT operations and costs, and on top of that new technology is constantly threatening to disrupt your industry. You have unique challenges, and only you know what they are. So how can you accelerate your planned initiatives to achieve the results you need for your IT organization? We will present simple but effective strategies for accelerating IT results including changing the IT cost structure, improving at the ?business of IT', demonstrating technology leadership, and building credibility through delivery. 

Takeaways: 
  • Learn new strategies for accelerating IT results across four core strategies  
  • Learn a focused and integrated approach to Application Portfolio Management and how to deliver a 10-20% reduction in application spend in your organization  
  • Share & discuss your lessons learned on similar initiatives with your peers
 

4:10 pm - 4:35 pm

Executive Exchange

 

Think Tank

Disrupting Markets with Disruptive Technologies

While the combination of Social, Mobile, Analytics, and Cloud have been present and disrupting IT departments and enterprises as a whole for over two years now, in many ways organizations have still not fully embraced them, have still not fully leveraged them. These new platforms allow organizations radically new ways to go to market, allowing for broad scale deployment of systems of engagement that create dynamic relationships with clients and prospects. Finding the resources, wherewithal, and ability to fully commit to these technologies and the capabilities they create has proven to be a struggle for many, but a struggle that can be overcome by leveraging the right partners that bring the right skills and experiences to bear.

Takeaways:

  • Social, Mobile, Analytics, and Cloud are all here to stay; each one adds value to enterprises but collectively that value increases exponentially
  • The manner in which these technologies are implemented, operated, and utilized is different than the foregoing systems of record we are used to
  • Unique skills and capabilities are required to leverage the power and value of these platforms, skills and capabilities that can be in short supply

Think Tank

The Three Amigos of Security

Be Secure - Take a measured, risk-based approach to what is secured and how to secure it. 

Be Vigilant- Monitor systems, applications, people, and the outside environment to detect incidents more effectively.  

Be Resilient- Be prepared for incidents and decrease their business impact by improving organizational preparedness to address cyber incidents before they escalate. 

Takeaways: 

  • Managing cyber risks as a team and strategies for deployment of enterprise and emerging technologies 
  • Actively monitor the dynamic threat landscape 
  •  Retain and use lessons learned
 

4:40 pm - 5:20 pm

Executive Visions

Adopting AI Cyber Defense: Transitioning to Automation in the Enterprise

All CXOs need to understand that the scene of cyber security is changing: the battle has moved from the perimeter to the inside of the network, and attacks are moving at unprecedented machine speeds. Cyber security is quickly becoming an arms race. Compounding this challenge, organizations are facing a massive cyber skills shortage, with hundreds of thousands of unmanned cyber positions nationwide. Human security teams are struggling to keep up. 

In this new era of cyber defense, it will be imperative for  security teams to be augmented with AI-based technologies. But how do CISOs manage the transition to using AI in the enterprise? And how does it successfully identify emerging threats, without knowing what it's looking for in advance? Hear from those who have successfully adopted AI for cyber security, using it in practice to identify and neutralize cyber-threats at their earliest stages. 

In this panel, learn about: 

  • How AI approaches can both detect and respond to increasingly automated threats
  • How human teams adopt (or resist) automated defenses 
  • The concepts of 'human confirmation' mode and 'active defense'
  •  How results can be communicated to the executive team
  • Success stories across smart cities, genomic organizations, industrial control systems, and virtual environments

Panelist:

Nicole Eagan , Chief Executive Officer of Darktrace

 

5:20 pm - 5:30 pm

Thank You Address and Closing Remarks

 

5:30 pm - 7:00 pm

Cocktail Reception