EVENT
CISO Chicago Summit | March 12, 2019 | Convene - 16 West Adams Street - Chicago, IL, USA
agenda
Download Agenda (PDF)↓ Agenda Key
Keynote Presentation
Visionary speaker presents to entire audience on key issues, challenges and business opportunities
Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.
Executive Visions
Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics
Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.
Thought Leadership
Solution provider-led session giving high-level overview of opportunities
Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.
Think Tank
End user-led session in boardroom style, focusing on best practices
Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.
Roundtable
Interactive session led by a moderator, focused on industry issue
Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.
Case Study
Overview of recent project successes and failures
Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.
Focus Group
Discussion of business drivers within a particular industry area
Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.
Analyst Q&A Session 
Moderator-led coverage of the latest industry research
Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.
Vendor Showcase
Several brief, pointed overviews of the newest solutions and services
Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.
Executive Exchange
Pre-determined, one-on-one interaction revolving around solutions of interest
Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.
Open Forum Luncheon
Informal discussions on pre-determined topics
Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.
Networking Session
Unique activities at once relaxing, enjoyable and productive
Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.
Tuesday, March 12, 2019 - CISO Chicago Summit
8:00 am - 8:45 am
Registration & Networking Breakfast
8:45 am - 8:55 am
Welcome Address & Opening Remarks 
Presented by:
Steve Rubinow, President, Infocology Inc. 
8:55 am - 9:25 am
Keynote Presentation
All Eyes on You
Security breaches are the most intimidating threats for CISOs and security executives. Because of that, upper level management, shareholders, and even consumers, are focusing now more than ever on the security department. With that, CISOs need to see this as an opportunity to work closely with business stakeholders to incorporate cybersecurity strategy with their organization's business initiatives. This is an ideal opportunity to address skill shortages and increase professional development of the internal security workforce.
Takeaways:
- How the CISO's role has changed
- The latest security threats and how they can positively impact your team
- How to measures your teams shortcomings and areas for improvement
Presented by:
David Moschella, Research Fellow, Leading Edge Forum
9:30 am - 10:00 am
Keynote Presentation
Case Studies in Digital Transformation: Learnings Along the Journey
We will explore key learnings from various industries and verticals on the good, the bad and the ugly of digital transformation. We will have an opportunity to not only be exposed to successful use cases, but also ask the hard questions behind those successes.
Takeaways:
- One of the best ways to learn is to hear the stories of success (and failure) from companies similar to yours.
- Asking questions of HOW the journey unfolded are just as important as the end result.
10:05 am - 10:30 am
Executive Exchange
Think Tank
GDPR Causing Confusion with Cloud Technology
Security is and will continue to be an issue within cloud technology especially with recent regulations such as the General Data Protection Regulation (GDPR). Because of the advantages and opportunities of the cloud, organizations will likely rush into cloud technologies without being fully aware of the security risks. After GDPR came into effect, there is now an even greater responsibility on organizations to manage their data compliantly as they continue transformations towards the cloud.
Takeaways:
- How GDPR affects your organization's security and cloud services
- Discuss the threats that cloud technologies present and how your organization may be more vulnerable
- Regulations' impact on the future of cloud security
Presented by:
Ofer Amrami, Head of Information Security, James Hardie Building Products
10:30 am - 10:40 am
Morning Networking Coffee Break
10:45 am - 11:10 am
Executive Exchange
Thought Leadership
Say Goodbye to Vulnerability Backlogs: Using RASP to Reclaim Control and Reduce Risk
Knowing is half the battle when it comes to protecting applications and their sensitive data.
Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality - not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol.
A real-time, embedded solution like Prevoty's runtime application self-protection (RASP) changes the game completely. Prevoty places an automated security mechanism at the front of the line - directly in the application's operating environment - to immediately lower risk and act as a compensating control at runtime.
As such, Prevoty-enabled enterprises see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Prevoty RASP detects live production attacks and generates real-time security event longs and reports. Security teams can then correlate pre-production vulnerability scan results with Prevoty's runtime attack logs to go back, remediate based on actual risk - not just hypothetical threats. The result? Improved forensics.
Sponsored by:
Prevoty, Inc.
11:15 am - 11:40 am
Executive Exchange
Think Tank
The Solution for Your Legacy System's Security: the Cloud
Over the lifespan of an organization, CIOs/CISOs have developed and implemented technologies that has been key to the organization's success. However, CISOs and their security teams today find themselves stuck ensuring that legacy systems are secure. The solution is cloud-delivered security products that are more agile with the ability to implement new detection methods and services faster than on-site solutions.
While cloud security is an ideal solution, it is important to know that using the cloud is more than moving legacy management servers to the cloud.
Takeaways:
- Review the status of legacy system security
- What cloud solutions are the best fit for their business.
- What are the main needs in regards to system's scale, data telemetry, staff growth, machine learning, API-based access, and more.
Presented by:
Timothy Bohn, Head of Information Security/ Identity Management, Foot Locker
11:45 am - 12:10 pm
Executive Exchange
Executive Boardroom 
How to Avoid Catastrophe
Most information security failures, like most business failures, are foreshadowed by near misses and close calls that could have had far worse consequences. Near misses are often overlooked, but even worse, two cognitive biases â?" ?normalization of deviation? and outcome bias â?" blind us to the danger of broken processes that appear, on the surface, to be working. Since the Oracle database often holds your organization's most important data, we walk you through the near misses your company's data protection strategy is experiencing now; show you how cost and time pressures lead your IT organization to accept near misses; and provides seven strategies and tools including Oracle ZDLRA to avoid near misses altogether, that cost less and perform better than the catastrophe-prone alternatives.
Sponsored by:
Oracle
12:15 pm - 12:40 pm
Executive Exchange
Thought Leadership
Mistakes to Avoid During Breach Detection and Response
Organizations of all sizes are under attack today, and one common challenge is how ill-prepared we all tend to be while responding. Join RSA as we talk about lessons learned and how to most effectively combine people, processes, and technologies in the midst of a breach response.
Presented by:
Ben Smith, Principal Sales Engineer + Field CTO (US), RSA
RSA
12:40 pm - 1:20 pm
Keynote Luncheon
Digital Transformation: A Journey to a Business Transformation
Leading companies are disrupting the status quo by using data and data science to transform business strategy and create new business models that fuel growth. CIOs have the power to uncover the insights that drive disruption and speed transformation. Learn how leading companies are transforming their bottom line, using digital technologies like AI and Cloud to accelerate innovation in the cognitive era. And understand how CIOs are creating scalable analytics platforms embracing cloud model deployments while ensuring data privacy, security and sovereignty.
Takeaways:
- How to build a data science organization (people, process and technology) to disrupt the core and create new business value.
- The approaches to integrate analytics into key applications and systems to enable people throughout an organization to access and act on insights when and where it matters most.
- The ways data science teams are developing complex predictive, prescriptive and cognitive models to enable organization to make better business decisions leveraging AI, Cloud and open source development platforms and tools to build models more quickly and easily.
Presented by:
Nalini Polavarapu, Head of Data Science Strategy, Bayer CropScience
1:20 pm - 2:00 pm
Working Lunch & Panel
The Revitalizing Change in the Role of the CISO
A CISO's role, goals and objectives have drastically changed over the years as most CISOs supervise teams and units beyond their IT's security. Because of these changes in responsibilities, a CISO's success is measured in greater business metrics. As a result, the role of a CISO has become both more attractive and more demanding.
Takeaways:
- What are the significant changes regarding the role of the CISO?
- How to keep up with the changing requirements
- How to properly measure a CISO's success
Moderated by:
Steve Rubinow, President, Infocology Inc.
Panelists:
Vince Fattore, CIO, Temperature Equipment Corporation
Mohammed Dastagir, Chief Technology Officer, Sears Holdings Corporation
Ruben Chacon, CISO, Constellation Brands
2:05 pm - 2:30 pm
Executive Exchange
Executive Boardroom
Shift Left - Building Security into the Application Development Lifecycle
By building security into your application development lifecycle you not only help reduce your attack surface, but also save roughly 30% in costs associated to resolving the application security vulnerabilities afterwards... never mind the costs associated to a breach, such as shareholder value and brand tarnishing.
Sponsored by:
Micro Focus
2:35 pm - 3:00 pm
Executive Exchange
Think Tank
Machine Learning Is Here to Help, Not Replace
Over the next few years, machine learning (ML) will be a regular security practice and will offset skills and staffing shortfalls. Today though, ML is better at addressing smaller, more specific problems. Technology leaders have to understand that humans and machines complement each other and work better together that alone as ML can assist humans in addressing uncertainty by presenting relevant information.
Takeaways:
- Discuss the ways machine learning can assist teams and organizations
- How to make the right machine learning choices for your organization
- The future of machine learning
Presented by:
Gary Patterson, Director of Information Security & IT Infrastructure (Head of Security & IT), Vivid Seats LLC
3:05 pm - 3:30 pm
Executive Exchange
Executive Boardroom
Scaling Multicloud and Hybrid Cloud Usage without Sacrificing Data Security and Compliance
Analysts claim that 50% of today's public cloud data and workloads will migrate to private clouds in the next two years. But, don't worry about the public cloud behemoths because their average CAGR continues above 20%. However, the result is that cloud data is spreading across multiclouds and increasingly migrating to private clouds that offers the Enterprise more control. This acceleration in lift and shift of workloads creates data security and compliance risks as well as management complexities. In this discussion, we'll share trends and best practices for enabling data portability without compromising security, compliance, and operational efficiencies.
Take Aways:
- Sharing trends seen by analysts and your peers on multicloud adoption and challenges
- Discussion of best practices for leveraging native cloud data security services effectively to maintain compliance and control
- Methodology for efficiently applying data security techniques that allow for secure lift and shift between public and private clouds
Sponsored by:
Thales eSecurity, Inc.
Eric Wolff, Senior Product Marketing Manager, Thales eSecurity, Inc.
3:35 pm - 4:00 pm
Executive Exchange
Think Tank
The Geopolitical Landscape's Effects on Organizations
The recent U.S. government bans against Russian-based security products and Chinese smartphones are the latest results of suspicion and distrust of competing world powers. Organizations working with government entities must be aware of the geopolitical stipulations regarding their business relationships.
Even with the geopolitical landscape, the buying decisions of security products are still based on trust in the supplier. It is important for CISOs and security leaders to incorporate geopolitical risk in all business-critical software, hardware and services purchasing decisions - even if that means considering local alternatives.
Takeaways:
- Review the geopolitical landscape and how it has effected industries and organizations.
- What to be aware of with your buying decisions
- What to anticipate and prepare for in the coming years
4:05 pm - 4:30 pm
Executive Exchange
Executive Boardroom
Navigating Security & Risk in a Changing IT Landscape
Agile, DevOps, containers, microservices, the cloud are all seeing increased adoption across the enterprise. But, while there are valid business reasons to embrace these new models, there is potential risk in implementation. Is this change necessary? If so, how can this change be accommodated effectively, safely? This session will cover some common elements of the risk of change - and of not changing - and suggest approaches to minimize risk as you adopt these new technologies.
Takeaways:
- The IT Landscape will continue to change leading to new processes, new technologies and new "standard" ways of doing IT business
- This changing Landscape will present security challenges where you will need to balance the "pain of same" vs the "pain of change"
Sponsored by:
nCipher
4:35 pm - 5:00 pm
Executive Exchange
Think Tank
Becoming More Decentralized
Today, increased centralization has put the power and trust into the hands of the few big players. This, of course, raises many security concerns. The risk of disruptions and undesirable outcomes increases as centralization opens the door to exclusive possession or control of commodities and services.
As a result, technologies like Blockchain implemented to create decentralized alternatives as they move computing resources away from centralized servers.
Takeaways:
- Evaluating the risks of centralization on availability, confidentiality and resiliency
- Exploring decentralized technologies like Blockchain and edge computing that offer visibility as well as enhanced security for your organization.
- Understand the fact or fictionalization of developing AI strategies and the cause for concern for decentralized AI models
5:00 pm - 5:15 pm
What's the Next Stop On the Transformation Journey?
Our Governing Board will summarize the learnings from the day and discuss the path forward for building an ongoing community of CIOs where common issues can be addressed and success stories can be shared.
Takeaways:
- Building an ongoing community with your peers can be an invaluable resource for tackling the digital transformation projects ahead of you.
- Sharing stories of success (and failures) is not reserved to a one-day CIO Summit, but should be shared on a regular basis with your peers.
Presented by:
Steve Rubinow, President, Infocology Inc.
5:15 pm - 6:30 pm