CISO Atlanta Summit | March 21, 2023 | Atlanta, GA, USA

agenda

Registration & Networking Breakfast

8:30 AM - 9:00 AM

Welcome Address

9:00 AM - 9:10 AM

Keynote: A developer’s view from the CISO seat. A look into the security shift from DEPT of NO to DE

9:10 AM - 9:40 AM

I’m a developer sitting in the CISO seat. When I started my career as a naïve developer on the PAINT system at Home Depot, all I wanted to do was GO FAST and KICK ASS.  And some security folks angry at the world squashed my little spirit.  (You know who you are)  

Fast forward more years than I like to count (25), and my Security peers are talking about how to better serve.  Better enable.

My talk is about the change I have seen in the Security space. Evolving to trusted partner and enabler of even development teams.  From the Department of NO, to the Department of GO!  I will also cover my transition into the world of security and some intriguing similarities and differences I see in the spaces.  

I wrap by asking “What’s the answer – How does Security get a seat at the table”.  We earn a seat at the table through ENABLING our business to GO FAST, KICK ASS, AND BE SECURE. In my opinion that starts with LEARNING your business, then SERVING your business which ultimately leads to SECURING your business because your team will have a hand in it. From the board to shareholders, associates to customers. Create a culture where security is part of everyone’s daily vocabulary.  

Take Aways: 

  1. YOUR BUSINESS – LEARN IT, SERVE IT, SECURE IT
  2. SEEK TO UNDERSTAND – Not just the business. Ask your partners what slows them down 
  3. TRUST BUT VERIFY – We have lots of cool tools for this

Trey Tunnell

Chief Information Security Officer (CISO)

Floor & Decor

Keynote: Security Spring Cleaning for the Evolving Threat Landscape

9:45 AM - 10:15 AM

As we get into 2023, Security teams continue to be faced with critical questions: what is current state of the threat landscape? What are the latest malicious TTP’s and how can we prepare to defend against them?This year’s IBM Security X-Force Threat Intelligence Index (TII) Report presents an uncomfortable truth: cyberattacks are more prevalent, creative and faster than ever. 94% faster to be exact, as threat actors exponentially increase the time it takes to deploy ransomware from months to less than 4 days. The ransomware economy continues to add pressure with deployment of backdoors and ransomware attacks listed as the top 2 actions on objective from hackers, and attacks using extortion saw a sharp increase to more than a quarter of incidents observed.

Join IBM Security to hear the latest insights from the newly released 2023 TII Report, surfacing findings from thousands of real-life incident response engagements, top attack types and pathways to compromise, and recommendations to implement to strengthen your security posture. Discuss concrete actions that CISOs can take with their teams to proactively address the threats shown and shift from reactive to proactive threat management.

Jeff Crume

Distinguished Engineer, CTO Americas Security Technical Sales, IBM Master Inventor

IBM

Break

10:15 AM - 10:25 AM

Think Tank: Words & Actions Matter - Inclusion & Diversity, Transformation..

10:25 AM - 10:50 AM

Words and Actions Matter - Inclusion & Diversity, Transformation, Leading as a Change Sponsor

Sometimes, respectful discourse leads to underlying or unconscious bias. Cyber Security is often at the tip of the spear of change. Mainly because, it’s often identifying gaps or major risks. Emotional EQ and Situational awareness push these conditions to the forefront. 

A successful CISO understands technology and secures their organization; but that is only one piece of their overall responsibilities. As strategic change agents, CISOs are tasked with expanding their influence in their organization to create an environment that supports diversity and inclusion. Join this session to:

  • Hear about successes and failures as an executive leader building a new program 
  • Listen to real scenarios where use positive words and actions to breakdown change resistance 
  • Leave with a toolkit of ideas for influencing individuals and leaders within your organization

 

Michael Cunningham

VP & CISO

Graphic Packaging International LLC

Executive Boardroom: Embedding the Attacker’s Perspective

10:55 AM - 11:20 AM

Embedding the attacker’s perspective: an inside look into how hackers prioritize targets at scale.

Join, Evan Anderson, Co-Founder & Principal Technologist at Randori, an IBM Company, for an exciting session that dives into the fast-paced world of offensive security.

It’s clear from talking with hundreds of organizations that attackers and defenders often come to dramatically different conclusions around risk - even when looking at the same information. In this session, switch teams for a day as we pull back the curtain behind the system that keeps one of the world’s most advanced attack platforms on target 24/7/365.

Through examples, Evan will show how Randori (and attackers) are leveraging AI and decades of experience to discover, classify and prioritize millions of targets daily across some of the world’s largest organizations. He’ll break down the 6 “tempting” factors every vulnerability team should be used to prioritize risk.

Evan Anderson

Principle Technologist

Randori

Executive Boardroom You got 15 minutes – what's your story?

10:55 AM - 11:20 AM

Simple and effective communication with other executives and the board is vital in communicating your story. 

Attend this session to learn how to connect the dots between your metrics, industry standards, and dollars to tell your story in 15 minutes or less with value cards.  Nick Curcuru will show real-world examples of how CISOs have connected the dots for their crypto and PKI teams using value cards.  These cards told the story of the team's current efforts, laid out their future projects, built funding cases, and even minimized a reduction in force in their areas.

When you leave the session, you can return to your desk, shape your value card, and outline the story you must tell your fellow executives and the board. 

Nick Curcuru

Head of Solutions Marketing

Venafi

Think Tank: Cybersecurity Innovation, Research and Development

11:25 AM - 11:50 AM

Introduce a framework and concepts that identify, create, and promote disruptive innovative ideas to enhance cybersecurity, reduce risk, enable business opportunities, influence industry standards and practices, and improve effectiveness and efficiency of the overall security program. 

Takeaways:

  • How to create, gather, and develop cyber security ideas into viable solutions
  • How to promote unique and innovative cybersecurity ideas that align with constituency values and objectives
  • How to support and provide constituency with never considered ideas and opportunities
  • How to generate a pipeline of solutions to address immediate, near-term, and long-term cyber security prospects and solutions

 

Erwin Carrow

VP, Infosec, Innovation, Research & Dev.

US Bank

Think Tank: Measuring & Communicating Risk

11:25 AM - 11:50 AM

Risk management is an old and established part of security program capabilities. The identification of risks, measuring, ranking, prioritizing, attribution, remediation, and reporting of risks, is an evolving practice, however tied to existing standards and regulations. This isn’t a problem of what the next regulatory requirements will be, but of how we can do better with what we have.

James Baird

CISO

Focus Brands, LLC

Panel: Humans are the weakest and strongest links in Cybersecurity

11:55 AM - 12:20 PM

Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and It is not only about training and awareness. It is about the way users must behave online and IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.

Tamika Bass

Cybersecurity Technology Director

Gannett Fleming

Ashwin Rajendra

Manager, Cybersecurity Incident Response

Kimberly-Clark Corporation

Innovation: Complexity Wrangling: How to Contain Complexity for Greater Trust

12:25 PM - 12:35 PM
Modern cloud technologies are incredible, transformative, and coming at us at a pace we struggle to keep up with. All of this churn makes it increasingly difficult to stay on top of our understanding of risk, compliance, and security. How do we confront all of this complexity in a way that is simpler and more capable than throwing tools at problems? In this session, HashiCorp Field CTO, Michael Wood, will share some thoughts, patterns, and real examples of methods for wrangling complexity at scale.

Michael Wood

Field CTO

HashiCorp

Innovation: CyberRisk Management Strategy: Measures and Metrics

12:35 PM - 12:45 PM
What is the “Ring of Security”? Protecting your company against cyber loss requires more than securing your IT operations – your people, processes and facilities need to be part of your risk management strategy. Where do you begin? The most effective strategy to combat cyber threats and reduce organization risk begins with gaining visibility into your four pillars of security. Leapfrog’s CyberRisk Program covers all the bases to build a “Ring of Security” around your entire organization.

Bryant Tow

CSO

Leapfrog Services

Networking Lunch

12:50 PM - 1:50 PM

Think Tank: Fighting with Your Coworkers for Success

1:55 PM - 2:20 PM
For years the Information Security industry has watched as their end users have repeated the same failures: failing to follow security’s guidance, clicking on phishing links, entering their credentials into harvesting sites, and more. While some have thrown up their hands and decided that the users will always be the weakest link, others have begun looking in unconventional places for ways to succeed in reaching their coworkers. Exploring the relationships between professional fighters and their coaches and teammates provides a number of lessons we can leverage to achieve more successes. We can all fight together with the correct approach.

Steve Ripple

Director, Information Security - Governance, Risk & Compliance

Newell Brands

Think Thank: The Cybersecurity Hiring Challenge; Solve the Mismatch

1:55 PM - 2:20 PM
There are many considerations when building a security team, or backfilling a position. Hard, technical skills often are the first to come to mind; however, the fact is, hiring externally should often be your last option. We will discuss when a team should hire externally, and when an internal hire/transfer might be the optimal path. There are several ways to leverage internal positions/teams to create an informal team of Security Champions. Additionally, we’ll discuss a few best-practice tips of recruiting, including writing an effective job description, as well as how to begin your search for candidates.

Jonathan Waldrop

Senior Director, Cyber Security

Insight Global

Executive Boardroom: MagicEndpoint Passwordless Authentication goes beyond MFA

2:25 PM - 2:50 PM

Join, Ryder Gaston, Chief Revenue Officer at WinMagic for an exciting session that will dive into the world of passwordless authentication. WinMagic's, recently released, MagicEndpoint protects access by focusing on the endpoint, for the user. It requires no user action, and no third-party devices or keys, so it’s seamless, secure and virtually invisible.

 

The solution goes beyond traditional MFA, with phishing resistance that can be applied to a number of use cases including, Pre-Boot login, Windows login, VDI & RDP login, and Email (Office 365). The authentication to remote services is so seamless that it requires no user action, delivering frictionless and secure Single Sign-On (SSO).

 

In this session, you’ll also see an exclusive demonstration of MagicEndpoint. Join to learn how WinMagic is making the world more secure.

Ryder Gaston

Chief Revenue Officer

WinMagic

Think Tank: Mitigating Risk in 2023 and Beyond

2:55 PM - 3:20 PM
As we move into the second quarter of 2023, the rapid pace of technological change continues to create new challenges for organizations of all sizes. While new technologies bring many benefits, they also introduce new risks and vulnerabilities that must be managed effectively. In this session led by Ken Foster, Fleetcor, we will explore the top information technology risks that organizations face in 2023, including cyber threats, data breaches, and regulatory compliance. We will also discuss strategies that organizations can implement to mitigate these risks, including investing in cybersecurity technology, establishing a culture of security, and conducting regular risk assessments. By understanding the challenges and opportunities presented by information technology risk in 2023, organizations can develop effective risk management strategies and stay ahead of the curve.

Ken Foster

VP, IT Risk, Governance and Compliance

Fleetcor

Innovation Partner: The Platform vs Products In ICS Security Showdown: Why Platforms Always Win

3:20 PM - 3:30 PM
During this session, attendees will see firsthand the benefit of using a platform vs. product for efficient threat detection and incident response. Being able to leverage a single cohesive platform introduces many enhancements from an operational perspective, allowing SOC and security teams to work smarter. We will demonstrate the value with workflows, as well as leveraging automation for daily tasks. Learn how to squeeze more from your tools!

Sandeep Lota

Field CTO

Nozomi Networks

PM Break

3:30 PM - 3:40 PM

Executive Vision: Why Your Employee Endpoints are the Biggest Risk to Data Loss in 2023

3:45 PM - 4:10 PM
This session will explore best practices in 2023 for securing endpoints to prevent data breaches. Topics will include identifying and securing vulnerable systems, implementing access control policies, and assessing and mitigating security risks. Additionally, this session will discuss the importance of educating users on the importance of security and implementing data loss prevention solutions that enable secure sharing of information. Finally, the session will conclude with best practices for monitoring and responding to potential threats. Attendees of this session will gain valuable insight into how to secure their endpoints to prevent data breaches.

Mark Roberts

CRO

CoSoSys

Closing Panel: Getting Board Level Support

4:15 PM - 4:50 PM

Lee Parrish

VP & CISO

Newell Brands

Shilpi Ganguly

VP, IT Cybersecurity

Weather Channel

Deena Swatzie

VP, Information Security

Truist

Arati Chavan

Staff Vice President Identity and Access Management

Elevance Health

Closing Remarks

4:50 PM - 5:00 PM

Summit Happy Hour

5:00 PM - 6:00 PM