CISO New York and New Jersey Summit | March 2, 2021 | Virtual Summit - Real-time Online Conversations

agenda

PDF Download Agenda (PDF)

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Tuesday, March 2, 2021 - CISO New York and New Jersey Summit

9:15 am - 9:30 am

Welcome Registration & Opening Remarks

 

9:30 am - 10:10 am

Share:

Keynote Panel

People, Process, & Platforms... Tech Must Change Before it is Too Late!

Many technologists have had their departments shift from being cost centers to revenue generators for their organizations. That isn't the only shift that is coming for tech executives. Margins are reduced and expectations are high. Innovation has to move faster. Leadership has to evolve. Risk has a whole new meaning in 2021. Business continuity is just one of many complex business challenges creating unanticipated market turbulence. Join us to gain insight into how tech leaders are turning complexity and chaos into real strategy execution initiatives. 

 Key Takeaways: 

  •  Smarter Spending 
  •  Customer and Employee Experience 
  •  Leadership and Business Transformation

Moderated by:

Neil Kurtz, Executive Chairman, Vineti

 

Panelists:

Anthony Gonzalez, Divisional Chief Information Security Officer, QBE Insurance View details

 
 

Karl Schoen-Rene, CISO, Knights of Columbus View details

 
 

Poonam Soans, Chief Data Officer & Director of Application Development, State of New Jersey

 
 

10:10 am - 10:40 am

Executive Exchange

 

Share:

Keynote Presentation

Challenge the rules of security: Transform the threat surface to proactive control

With the dramatic increase in distributed workforces and the growing adoption of cloud applications, companies face unprecedented levels of IP, data, and identity sprawl beyond the enterprise firewall. Every endpoint is an entry into your business, cybercriminals have more ways to break in than ever before, and human error on the inside is a constant risk. Historically, endpoint security has been a zero-sum game - with the odds inevitably stacked against IT. But rather than protect devices, what if you could just control the security of them? 

In this presentation, see how Chrome OS and Chrome Browser are secure by design - embedding security into every workflow to provide proactive protection for users, devices, applications, and data, wherever work happens. This is cloud-first security control in the hands of the modern businesses that will thrive moving forward.

Sponsored by:

Google View details

 
 

Presented by:

Robert DeVito, Global Director, Chrome Customer & Partner Sales Engineering, Google

 
 

10:40 am - 11:00 am

Executive Exchange

 

Executive Boardroom

The Elephant in the Room: Why Many Security Programs Fail

Anecdotally, we've seen that most organizations will either fail to prevent, detect, or evict a sophisticated, persistent attacker. This is often despite those organizations having smart teams and significant resourcing. In conversations with more than 50 clients, I've developed the theory that this happens because many security organizations spend a lot of time and money on things that don't efficiently reduce risks. 

This discussion will: 

  • Identify common factors that can lead security programs to focus on activities without beneficial outcomes
  • Highlight characteristics we've seen in security programs that can prevent or contain an incident
  • Suggest specific actions that can lead an organization to better identify their risks and then maintain their focus on reducing them

Sponsored by:

Praetorian Security, Inc. View details

 
 

Presented by:

Matthew Eble, Principal, Praetorian Security, Inc.

 
 

11:00 am - 11:20 am

Executive Exchange

 

Share:

Executive Boardroom

Managing Third-Party Risk in the Modern Age

As organizations increase their dependency on third parties for a wide array of needs, firms have to make third-party risk management (TPRM) a critical piece of their cybersecurity program. A recent study found that third-party security incidents are rising 20% year over year. It's time to start thinking of ways to bring your TPRM program to the modern age, staying away from lengthy questionnaires and costly on-site visits that don't provide full risk visibility. 

 Join this session to learn how to:

  • Scale up your TPRM program by integrating critical pieces of technology 
  • How to automate security assessments for game-changing efficiency 
  • Provide the third-party risk metrics that matter most to executive teams and board members

Sponsored by:

RiskRecon View details

 
 

Presented by:

Jonathan Ehret, CISSP, CISA, CRISC, VP Vice President, Strategy& Risk, RiskRecon

 

Executive Boardroom

Establishing a Risk Aware Culture in the Enterprise

With data exposure events on the rise in 2021, CISOs everywhere are faced with the increasing challenges of instituting a successful insider risk strategy. Security needs to be moving at the speed of business where time to market and speed of innovation are critical outcomes. By attending this session, executive teams will learn how establishing a risk aware culture in the Enterprise can reduce the complexities of data security while promoting healthy collaboration.

Sponsored by:

Code42 View details

 
 

Presented by:

Tommy Todd, VP of Security, Code42

 
 

11:20 am - 11:40 am

Executive Exchange

 

Share:

Think Tank

Cybersecurity on the Frontline: Pushing Cyber Resilience in 2021

Working from home and shifting business initiatives have kept security executives on their toes in 2020. That intensity is unlikely to reduce in 2021. This session examines emerging threats in 2021 and beyond and how organizations can increase their security posture and achieve cyber resilience. - What should cybersecurity departments expect in 2021? 

Key Takeaways:  

  • How organizations can focus their enterprise strategy to encompass cyber resilience 
  • What the new workplace will look like in the future from a cybersecurity standpoint 
  • New year, new strategy - learn tips to reboot and challenge new ways of thinking

Presented by:

Tim Swope, Chief Information Security Officer, Catholic Health Services of Long Island View details

 
 
 

11:40 am - 12:00 pm

Executive Exchange

 

Share:

Executive Boardroom

Rise of Next-Gen Software Supply Chain Attacks

Legacy software supply chain ?exploits", such as Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities that are left unpatched in the wild. Conversely, next-generation software supply chain ?attacks? are far more sinister because bad actors are no longer waiting for public vulnerability disclosures. Instead, they are actively injecting malicious code into open source projects that feed the global supply chain. 

 Join this fireside chat with Ax Sharma, Senior Security Researcher, Sonatype and Michelle Dufty, Senior Vice President, Marketing Sonatype to: 

 1) Understand software supply chain attacks and their impact on the open-source ecosystem

 2) Deep dive into prominent real-world examples of dependency confusion, typosquatting and brandjacking malware 

3) Learn how your organization can proactively protect itself against software supply chain attacks

Sponsored by:

Sonatype View details

 
 

Presented by:

Ax Sharma, Senior Security Researcher, Sonatype View details

 
 

Michelle Dufty, Senior Vice President of Marketing, Sonatype View details

 
 
 

12:00 pm - 12:20 pm

Executive Exchange

 

Share:

Think Tank

Building Integrated Security and Privacy Framework

With ever-emerging privacy regulations and trends: Privacy and security are overlapping more and more when it comes to tasks and responsibilities. The ISO (International Standards Organization) standard ISO 27701:2019 Framework was created to complement its previously released counterpart, the ISO 27001 (Information Security) Framework. 

These two practice areas must integrate fully in order for companies to successfully implement risk management. In the past, privacy and security were related, but separate areas of focus. Now, security without a privacy lens placed over it will suffer strategic gaps. 

With this in mind, the ISO Privacy Framework addresses: 

  • How to integrate privacy as you design and deploy new systems, products, and services. 
  • How to communicate about your privacy practices. 
  • How to avoid silos and spur collaboration across teams. 

In today's session, we will learn from the practitioner who leads successful implementation and certification projects for the world's premier financial and cyber consulting firm about ?Building Integrated Security and Privacy Framework? where both the teams can work in collaboration to meet modern era challenges.

Presented by:

Rahul Bhardwaj, Global Vice President, Privacy & Data Security, Duff & Phelps

 
 

12:20 pm - 12:40 pm

Executive Exchange

 

Share:

Executive Boardroom

The Dark Side of 3rd Party Scripts

What companies need to know & how to make sure you are protected. With the world happenings in 2021, so many industries are now more than ever positioned to favor online transactions. While Magecart and similar threats have been on the rise, experts predict we haven't seen the worst of it and these malicious threats should not only be something we should expect, but organizations should plan for. 

 Attend this Talk and Discover: 

  • What a real-time demo of a Formjacking attack looks like
  • What are 3rd party vendors actually doing on your pages? (based on data accumulated from thousands of websites)
  • An overview of the different technologies used to try and resolve this - pros & cons
  • Is it possible to adjust our Formjacking code to bypass these suggested technologies? 
  • Best practices to ensure your website is safe from these attacks

Sponsored by:

SourceDefense View details

 
 

Presented by:

Matt McGuirk, Senior Solution Architect, SourceDefense

 

Executive Boardroom

Cloud-First WANs
How Modern Enterprises can Benefit from Architectural Shifts in the Post Pandemic Era

Sponsored by:

Aryaka Networks, Inc. View details

 
 

Presented by:

Shashi Kiran, Chief Marketing Officer, Aryaka Networks, Inc.

 
 

12:40 pm - 1:00 pm

Executive Exchange

 

Share:

Think Tank

A Myriad of Apps... But Just As Many Threats: How to Secure Code at the Enterprise Level

In this session we will be examining the ever-growing application threat landscape. This increase of threats has put a stress and strain on already thinned tech departments. With that in mind, what are some tips and tricks to stay ahead of the bad actors while securing your enterprise at scale? 

Key Takeaways:

  • Build a culture of application security - from the top down, commit to a high priority communication strategy priority 
  • Ensure that employees have effective training on the importance of app security 
  • Explore the best way to conduct comprehensive testing

Presented by:

Ashish Atri, CISO, Tegra118 (Formerly Fiserv Financial Services)

 
 

1:00 pm - 1:10 pm

Closing Remarks