EVENTCISO Dallas Summit | Mar 24, 2020 | The Westin Irving Convention Center at Las Colinas - Dallas, TX, USA
agenda
Download Agenda (PDF)↓ Agenda Key
Keynote Presentation
Visionary speaker presents to entire audience on key issues, challenges and business opportunities
Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.
Executive Visions
Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics
Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.
Thought Leadership
Solution provider-led session giving high-level overview of opportunities
Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.
Think Tank
End user-led session in boardroom style, focusing on best practices
Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.
Roundtable
Interactive session led by a moderator, focused on industry issue
Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.
Case Study
Overview of recent project successes and failures
Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.
Focus Group
Discussion of business drivers within a particular industry area
Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.
Analyst Q&A Session 
Moderator-led coverage of the latest industry research
Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.
Vendor Showcase
Several brief, pointed overviews of the newest solutions and services
Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.
Executive Exchange
Pre-determined, one-on-one interaction revolving around solutions of interest
Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.
Open Forum Luncheon
Informal discussions on pre-determined topics
Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.
Networking Session
Unique activities at once relaxing, enjoyable and productive
Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.
Tuesday, March 24, 2020 - CISO Dallas Summit
8:00 am - 8:30 am
Registration & Networking Breakfast
8:30 am - 8:40 am
Welcome Address & Opening Remarks 
Presented by:
Steve Harvey, Former CISO, BMO Financial
8:40 am - 9:30 am
Keynote Panel
Steering Cultural Change
An IT executive's role, goals and objectives have drastically changed over the years. Most leaders supervise teams and units beyond their IT department. Due to these changes in responsibilities, their success is measured in greater business metrics. As a result, these roles have become both more attractive and more demanding.
Takeaways:
- What are the significant changes regarding the role of the IT Executive
- How to keep up with the changing requirements
- How to properly measure an IT executive's success
Moderated by:
Jodi Watkins, Chief Commercial Officer, GTN Technical Staffing & Consulting 
Panelists:
Gregory Wilson, CISO, Pioneer Natural Resources Company
Rajesh Nagarajan, Vice President & Chief Information Officer, Celanese
Teresa Leeth, Director, Enterprise Applications, Triumph Group
Matthew Cox, Director, Data & Analytics, McAfee
9:30 am - 10:00 am
Keynote Presentation
Case Studies in Digital Transformation: Learnings Along the Journey
We will explore key learnings from various industries and verticals on the good, the bad and the ugly of digital transformation. We will have an opportunity to not only be exposed to successful use cases, but also ask the hard questions behind those successes.
Takeaways:
- One of the best ways to learn is to hear the stories of success (and failure) from companies similar to yours
- Asking questions of HOW the journey unfolded are just as important as the end result
10:05 am - 10:25 am
Executive Exchange
Thought Leadership
It's Not If - But When: Managing a Breach and Coming Out Stronger
Time is of the essence when your organization experiences a breach. Minutes could mean millions of dollars. Are you confident you can stop the bleeding while quickly educating your organization on best practices? How do you gain better and quicker visibility of what is happening across your environment with the analytics and detection capabilities to recover from the breach. Then using that information, come out the other side as a security team with the right tools in your hand to reduce future risk?
Takeaways:
- Learn how to garner the right visibility, in the right context, to defend what matters most
- Hear real-world examples of companies who battled risk and became stronger
- Find out what it takes to link your security strategy with your business priorities
10:30 am - 10:40 am
Morning Networking Coffee Break
10:45 am - 11:10 am
Executive Exchange
Think Tank
Supply and Demand: Closing the Growing Gap in Cybersecurity Skills
At a time when the threat landscape ever expanding, two out of three organizations worldwide claim to have a lack of the IT security staff needed. The need for cybersecurity professionals is at an all-time high. The deficit of qualified individuals has made the need for automated security tools more of a requirement than a desire in order to maintain a strong security foundation. Today's products and technologies can enable even small teams to appropriately secure multiple websites and applications, offering potential answers to the pressing recruitment issues.
Takeaways:
- There is a critical lack of qualified IT specialists
- Staffing deficits increase the need for automated tools
- New products can assist small teams facing big security challenges
Presented by:
Terry Koenn, Director, Information Security & Compliance, Experian
Think Tank
The Elephant in the Room, Data Breaches
In 2019, data breaches endured yet again as the largest security threat noted by organizations and IT security professionals alike. If data remains as a high valued commodity, ensuring data privacy and securing personal data will continue to be at the top of the list of an organization's concerns. The increases in privacy legislation, such as GDPR and CCPA, and the understanding of the ramifications stemming from a breach have allowed these concerns to remain heavily in the spotlight. Web application flaws have been identified as the top cause of data breaches. As such, establishing and maintaining web application security has developed into a high priority for all organizations.
Takeaways:
- Data breaches are the biggest security concern
- Data continues to be a high value asset but the need to protect it is even higher
- New laws like GDPR and CCPA enforce consequences for failing to secure data
11:15 am - 11:40 am
Executive Exchange
Executive Boardroom 
Passwords are So Last Decade
From biometrics to SSO, unique authentication to new mobile technologies - passwords, are being phased out by many organizations. Deemed by a lot of organizations as archaic and unsecure, passwords face an unsteady future in 2020. Find out how companies are eliminating risks and gaining security by examining new forms of logins.
Executive Boardroom
Filling the Identity Gap in Third-party Risk Management
Today, utilization of third-party vendors, contractors freelancers and even bots (and ?things?) has become a regular practice of organizations looking to cost-effectively increase their competitive edge.
However, most organizations are only managing third-party risk at the vendor level without taking into consideration the access needs and risk associated with each individual identity.
SecZetta argues that security leaders must evolve their approach and manage third-party risk at the individual identity level. In this session, SecZetta will overview how to execute risk-based identity access and lifecycle strategies for diverse third-party populations.
Takeaways:
- Utilizing growing numbers of increasingly diverse third-parties has become a massive source of unmeasured risk for most organizations
- Most organizations have no way to centrally track and manage their relationships with this burgeoning number of third-parties and the access to enterprise assets they require.
- In addition to unmeasured risk, organizations need to better understand the hidden costs of third-parties including the man hours needed for provisioning, completing audits, verifying access, and deprovisioning access.
Sponsored by:
SecZetta
Presented by:
David Pignolet, CEO & Founder, SecZetta
11:45 am - 12:10 pm
Executive Exchange
Think Tank
Combating the Rise in Cloud-based Threats
As the cloud migration continues, securing data and critical infrastructure is going to require new approaches. Organizations have struggled to maintain control of critical data and ensure real-time threat intelligence, giving cloud-based threats the ability to multiply. Data buckets being misconfigured, or inadequately secured increases the risk of a breach. Being able to manually manage security for large web application infrastructures has become a thing of the past. As such, organizations are being pushed to reevaluate their approach to web application security.
Takeaways:
- The rise of cloud migration means security will need to adapt
- Many organizations have struggled to secure data
- Cybersecurity threats will only increase and become more complex
Presented by:
Puneet Nanda, Head of Information Security & Compliance, Verizon
Think Tank
Automating Cybersecurity
IT security professionals all face one major issue: being asked to do more, with less resources. Automation and integration are a necessity in order to meet the demands of an organization's security needs. Managing risk without diminishing the speed and quality of development is achievable by integrating security into agile processes, like DevOps or CI/CD. Since most security teams are understaffed, automated solutions are becoming a requirement, rather than an option to properly manage the ever-increasing workload.
Takeaways:
- Automation is required to meet today's security demand
- DevOps can operate more efficiently with CI/CD
- IT security staff are responsible for more than ever
12:15 pm - 12:40 pm
Executive Exchange
Executive Boardroom
Zero Trust
With cybercrime at an all-time high, it's critical for organizations to take every threat seriously. The Zero Trust security model perceives any unfamiliar attempt to connect to an enterprise system as a threat. It requires vigorous verification before allowing access to any systems. When implemented correctly, Zero-Trust protects organizations from costly data breaches. Are your current security measures enough?
Executive Boardroom
Achieving Zero-Time Threat Prevention using Deep Learning
Machine Learning is a big step forward in combatting cyberattacks but is still no silver bullet. Many traditional cybersecurity solutions available today are causing huge operational challenges as they are inadequately defending against today's complex and sophisticated threats. It has become increasingly evident that the solutions used to protect your company and its data need to work pre-emptively to prevent attacks, rather than just detect and respond to them. Fortunately, AI technologies are advancing, and Deep Learning is proven to be the most effective cybersecurity solution, resulting in unmatched prevention rates with proven lowest false positive rates. As you evaluate new technologies for your organization, understand the differences and benefits of Artificial Intelligence, Machine Learning, and Deep Learning.
This session will cover:
- Introduction to Deep Learning รข?" Differences between AI/ML/DL
- Applying deep learning as a preventative approach to cybersecurity
- Advantages of using deep learning to autonomously block any threat in milliseconds
Sponsored by:
Deep Instinct
12:40 pm - 1:40 pm
Networking Lunch and Keynote
The Next Phase of Cybersecurity
Today's digital technologies quickly become commodities, and adoption of emerging technologies provides only temporary edge and differentiation. To stay ahead, you must think bigger and take bigger risks. Do not make the technologies themselves the focal point, but the profound business transformations they make feasible. While these transformations offer organizations great benefits, they also offer extreme risks that must be accounted and planned for.
Takeaways:
- Get a leg up on next gen technologies
- High risk can yield high reward
- Focusing less on products and more on company alignment to them
Presented by:
Jim Motes, Chief Information Security Officer, GameStop
1:45 pm - 2:10 pm
Executive Exchanges and Networking
2:15 pm - 2:40 pm
Executive Exchange
Think Tank
You've got a Bad Leaver with the Keys to Your Kingdom
The biggest driver to enhancing your insider threat program should be your privileged users. Are you ready to have an IT admin leave your company on bad terms, whatever the reason? Let us chat about what we have seen, actions we would take, and what not to do in order to survive an adverse termination with elevated privileges.
Presented by:
Cindy (Satterfield) Heiner, Director, Security Advisory, Aon Corporation
Think Tank
AI: Friend or Foe?
Advances in artificial intelligence (AI) are introducing new technologies to a wide array of products across every industry, especially cybersecurity. Facial recognition and natural language processing have become a reality thanks to deep learning algorithms, however, there is a dark side to these advancements. Cybercriminals have managed to weaponize AI to create extremely intricate malware and attack methods. This has forced organizations to use advanced heuristic solutions rather than counting on known vulnerability and attack signatures.
Takeaways:
- Artificial Intelligence products are already being deployed in many industries
- Features like facial recognition and chat bots are common examples
- Cybercriminals can weaponize this technology without proper security measures
2:45 pm - 3:10 pm
Executive Exchange
Thought Leadership
Phishing Scams
Phishing Scams are the number one culprit for data breaches. Usually a hacker is able to gain access by sending emails within your organization that contain links to malware and ransomware. Most companies have implemented security tests and additional training to avoid an employee accidentally exposing their system to a breach. While those trainings and tests are helping to inform the workforce, phishing scams and data breaches persist. Learn how to best safeguard your organization.
3:15 pm - 3:40 pm
Executive Exchange
Think Tank
Going Mobile, Securely
The average employee uses at least 3 different mobile devices to access business data. This number has risen and so has the amount of company data that is being stored on each device. Each device represents another endpoint that needs to be secured. While mobile malware threats are low, it's expected that there will be a rise in data breaches directly related to mobile devices. Providing access to company data via a secure web application infrastructure with real-time vulnerability management is one way of reducing risk with mobile devices.
Takeaways:
- Mobile devices are generally considered safe means to access business data
- Employees use an average of three mobile devices, each is its own security challenge
- Data breaches through mobile devices are expected to increase
Presented by:
Randy Stroud, Information Security Officer, Hunt Companies
Think Tank
Security in the Crosshairs - The Future Comes into Focus
All organizations, regardless of size, are continuously evolving through modern technologies. Having an incident response plan and an effective cybersecurity strategy is not a luxury, but rather a requirement. Finally, security training for employees to improve their awareness is becoming the rule instead of the exception. Security is now establishing a permanent footprint within the software development lifecycle, with SecDevOps/DevSecOps processes to incorporate security at all layers of development.
Takeaways:
- Any organization can fall victim to a data breach
- Having a plan of action is essential to business survival
- Security has become a part of the conversation at nearly every level of an organization
3:40 pm - 3:50 pm
Afternoon Networking Coffee Break
3:55 pm - 4:20 pm
Executive Exchange
Thought Leadership
Securing the Human Factor
The biggest fear is not the technology. Who is responsible for mistakes that take place using technology, which can potentially lead to a cyberattack? The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. How do we guard against human error without limiting employee efficiency and productivity?
Takeaways:
- Are technologies vulnerable to user error?
- Phishing Scams are the biggest culprit for breaches.
- Training is essential to implementing new technologies at your organization.
4:25 pm - 4:50 pm
Executive Exchange
Innovation Partner Showcase
4:55 pm - 5:00 pm
Closing Remarks
Presented by:
Steve Harvey, Former CISO, BMO Financial
5:00 pm - 6:30 pm