Application Security in a DevOps, Cloud and API World

CISO Dinner

March 17, 2022 - Chicago, IL

Attendees Include

Bradley Schaufenbuel (1) Paychex
Bradley Schaufenbuel

CISO

Paychex

Dinner

Bradley J. Schaufenbuel is currently Vice President and Chief Information Security Officer at Paychex. Prior to his current role, he held security leadership positions at Paylocity, Midland States Bank, Midwest Bank, Zurich Financial Services, Experian, and Arthur Andersen LLP. Bradley is the author of multiple books (including two "For Dummies" titles) and has had numerous articles published in professional journals on a wide variety of topics related to information security and governance. He is licensed to practice law in Illinois and is a member of the United States Supreme Court Bar. Bradley holds twenty-five professional designations in the areas of information security management, IT compliance, information privacy, fraud examination, IT audit, computer forensics, ethical hacking, business continuity planning, project management, cloud security, and process improvement, including the C|CISO, CISSP, CISM, CISA, CCSP, CIPP/US, CIPP/E, CIPM, CSSLP, PMP, CRISC, CGEIT, ISSMP, ISSAP, CFE, C|EH, CBCP, CCSK, CDPSE, DFCP, CIFI, CSOXM, CSOE, ITIL v3 Foundation, and Six Sigma Black Belt. He holds an MBA from DePaul University's Kellstadt Graduate School of Business and a JD and an LLM in information technology and privacy law from the University of Illinois at Chicago's John Marshall Law School. Bradley has served as a director on several corporate and non-profit boards, is a regular speaker at industry conferences, and has served numerous clients in the legal, financial services, and healthcare industries as a freelance consultant. He is an advisor to YL Ventures GP, Ltd., Glilot Capital, Eclipz, Inc., Great North Ventures, EventCombo, AttackIQ, Eclipz,io, Privatise, WireX Systems, Menlo Ventures, and ThirdPartyTrust. Bradley was recognized as the Chicago CISO of the Year in 2018, as one of the Top 100 CISOs by Cyber Defense Magazine in 2020, and as the North America Information Security Leader of the Year by GDS in 2021.

Karl Mattson Noname Security
Karl Mattson

CISO

Noname Security

Dinner

As a future-oriented information security executive my key strength is coaching and educating cybersecurity companies on listening to and interpreting the pain-points and priorities of enterprise customers. These insights help drive effective product strategies, go-to-market strategies and ongoing customer success. Over the years, I’ve had the privilege of advising several cyber entrepreneurs who are now thriving. On the heels of their success, I was looking for a new challenge. In 2020, I had the opportunity to meet with the Noname Security team early in its platform design. Recognizing that they were on the verge of solving several challenges in securing APIs, I wanted to be a part of their exciting adventure. I joined Noname as Chief Information Security Officer, where I’m currently establishing a rigorous standard for operational and security excellence, in addition to advocating for ongoing platform changes based on our customers’ needs. ABOUT NONAME SECURITY: Noname Security ensures secure APIs at the speed of business with the most powerful, complete and easy-to-use API security platform. How do I know it works? I was their first customer! I believe in the platform and want to share it with the world. According to Gartner, APIs will be the #1 attack vector by 2022. Gateways and WAFs don’t protect against API breaches or find misconfigurations. API testing and bug bounty programs have significant gaps, leaving businesses exposed. Noname resolves API vulnerabilities across 4 key pillars, or as we call it, DART: ➤ Discover ➤ Analyze ➤ Remediate ➤ Test We’ll find and take inventory of all existing APIs, use AI-based detection to illuminate risks, block attacks in real time and run tests to ensure API integrity before production. WHAT YOU CAN EXPECT: ➤ Solid engineering underpinning a product that’s ahead of the competition ➤ Flexible deployment model with many integrations that adapt to your business ➤ Coverage of the 3 main areas needed to protect APIs: posture management, detection and response and code security What are you doing to protect your company’s digital content? Keep your company’s APIs out of the news with Noname Security. LEARN MORE: See what our customers are saying about us and find more information on our website: www.nonamesecurity.com

Lamont Robertson Bank of America
Lamont Robertson

VP

Bank of America

Dinner

An Information Security Professional and proven cybersecurity leader, with a solid foundation of managing people, policies, processes and procedures that make a positive impact to organizations. I possess years of multi-industry, client-facing, and global experience in cyber security risk management, security controls implementation, audit, compliance, and program development. Lessons learned through my military experience has taught me to prioritize strong and effective relationships with senior management as well as my subordinates. I am a life-learner. As a cybersecurity professional, I believe that at such point that we stop learning is when we start failing. I believe in higher education and taking my learning to the next level. I believe that ambiguity is often the precursor to failure, therefore I work diligently to be an effective communicator. I subscribe to the idea that everything in business is a project, and I bring that innovation to my organization which helps me solve problems and provide solutions for my organization.

Jince Lukose Applegate & Thorne-Thomsen
Jince Lukose

CTO

Applegate & Thorne-Thomsen

Dinner

• Global IT professional with 15 years of experience, specializing in application management, employee development, vendor management, offshore resource management and project management • Program manager and Financial Systems Applications Manager for a top international law firm responsible for the Firm’s Billing, AP, GL, Conflicts, HR, Procurement, Time Entry, Expense Reimbursement, Imaging, New Business Intake, Employee Performance Management, and Cost Recovery systems • Managed multiple software upgrades and new system implementations • Entrepreneur and co-founder of an international education business which tutors students in the U.S. using teachers off-shore

Bradley Schaufenbuel Paychex
Bradley Schaufenbuel

CISO

Paychex

Dinner

Bradley J. Schaufenbuel is currently Vice President and Chief Information Security Officer at Paychex. Prior to his current role, he held security leadership positions at Paylocity, Midland States Bank, Midwest Bank, Zurich Financial Services, Experian, and Arthur Andersen LLP. Bradley is the author of multiple books (including two "For Dummies" titles) and has had numerous articles published in professional journals on a wide variety of topics related to information security and governance. He is licensed to practice law in Illinois and is a member of the United States Supreme Court Bar. Bradley holds twenty-five professional designations in the areas of information security management, IT compliance, information privacy, fraud examination, IT audit, computer forensics, ethical hacking, business continuity planning, project management, cloud security, and process improvement, including the C|CISO, CISSP, CISM, CISA, CCSP, CIPP/US, CIPP/E, CIPM, CSSLP, PMP, CRISC, CGEIT, ISSMP, ISSAP, CFE, C|EH, CBCP, CCSK, CDPSE, DFCP, CIFI, CSOXM, CSOE, ITIL v3 Foundation, and Six Sigma Black Belt. He holds an MBA from DePaul University's Kellstadt Graduate School of Business and a JD and an LLM in information technology and privacy law from the University of Illinois at Chicago's John Marshall Law School. Bradley has served as a director on several corporate and non-profit boards, is a regular speaker at industry conferences, and has served numerous clients in the legal, financial services, and healthcare industries as a freelance consultant. He is an advisor to YL Ventures GP, Ltd., Glilot Capital, Eclipz, Inc., Great North Ventures, EventCombo, AttackIQ, Eclipz,io, Privatise, WireX Systems, Menlo Ventures, and ThirdPartyTrust. Bradley was recognized as the Chicago CISO of the Year in 2018, as one of the Top 100 CISOs by Cyber Defense Magazine in 2020, and as the North America Information Security Leader of the Year by GDS in 2021.

Ray Trygstad Illinois Institute of Technology
Ray Trygstad

Director of Information Technology Enterprise Infrastructure

Illinois Institute of Technology

Dinner

As the Associate Chair of IIT's Department of Information Technology and Management, designed and manage curriculum for Information Technology & Management and Applied Cybersecurity undergraduate and graduate degrees; advise undergraduate and graduate students enrolled in the programs. Design, write and manage curriculum and courses in Cybersecurity Management, Technology Ethics, Management, and Operating Systems for IIT School of Applied Technology. Evaluate and hire instructors for courses. Wrote and taught Web design courses for Stuart School of Business; Adjunct Professor of Public Administration for the Stuart School. Vice Chair, ACM Special Interest Group on Information Technology Education (SIGITE). ABET Program Evaluator in Information Technology and Cybersecurity. Past Chair, Illinois Institute of Technology Undergraduate Studies Committee. Past National Board Chair, Gamma Nu Eta, the Information Technology Honor Society. Served as a member of the Association of Internet Professionals Certification Accreditation Council. As former Director of Information Technology of the IIT School of Applied Technology, I was responsible for managing staff and assets including all computer laboratories, faculty and staff computer assets, UNIX/Linux/Windows/Solaris servers, networks, and multiple Web sites on two university campuses. As Manager of Client Services for university Computing and Network Services, I was responsible for managing staff and assets including all computer laboratories, Novell networks, Helpdesk services, and the university Web site.

Cole Sinkford GE Energy
Cole Sinkford

CISO

GE Energy

Dinner

Cole Sinkford is GE Renewable Energy’s Global Chief Information and Product Cyber Security Officer, responsible for cybersecurity across the organization. In this role, he is responsible for all aspects of cybersecurity strategy and operations for Renewable Energy products and enterprise. Prior to his current role, Cole served as the Deputy Chief Information Security officer of Renewable Energy, establishing Renewables’ standalone Cybersecurity capabilities. Prior to that, Cole spent 3 years as part of GE’s Corporate Audit Staff, leading numerous projects and audits across the Digital Technology and business environments. Cole began his career as an Aviation DTLP located in Cincinnati, OH and now resides in Chicago, IL. Cole holds a bachelor’s degree in Electrical Engineering from the University of Cincinnati.

Meet Mehta Motorola Solutions
Meet Mehta

Global Director IT

Motorola Solutions

Dinner

Meet is a technology executive with extensive experience in large Asian and American firms. He is passionate about ideas that are at the intersection of business and technology and focuses on driving tech investments that deliver optimal business outcomes, by influencing the organization to be customer-focused, data-driven, and results-oriented. His areas of expertise include; strategy, mergers & acquisitions, ERP implementation, vendor management, financial technology, front office transformation, and emerging tech.

Chris Carter
Chris Carter

Global Head of Cyber Analytics

Dinner

An accomplished and approachable leader with 20 years of expertise successfully managing global projects, controlling budgets, assessing Information Security risks, and remediating threats and vulnerabilities for multiple global corporations. Proven ability to lead, motivate, and develop technical talent. Creative problem solver and strategic decision-maker in fast-paced and dynamic environments. Innovative team leader with a track record of empowering staff through training, coaching, and mentoring. Key Accomplishments: • Operational Excellence: Removed bottlenecks and production redundancies resulting in a 30% reduction time in the UAT process, and implemented a tool for operational reporting resulting in a 40% reduction in reporting time • Cost Savings Initiatives: Led the automation for the cybersecurity analytics reporting process resulting in over 200 hours saved annually • Strategic Planning: Orchestrated the IS communication strategy resulting in a 30% increase in stakeholder satisfaction, and drove the ideation and collaboration on company initiatives impacting the security posture • Certifications: CISSP, CRSIC, AWS, ITIL, CISM, CISA. Yellow Belt Professional and philanthropic careers have allowed the opportunity to meet various thought leaders in the Americas, Europe, Asia, Africa, and Australia. Passionate about developing and growing talent, and an inspiring mentor and coach for young professionals in the Cyber Security space across various verticals, and for aspiring leaders in corporate and not-for-profit entities. Specialties: Governance Risk and Compliance Management, Strategic Planning, Resource Evaluation, Talent Management, Coaching, Mentoring, Policy, Business Process Improvement, Change Management, Budgeting, Contract Negotiation, Project Management, Financial and Risk Reporting, Strategic Communication, Crisis Management, People Leadership

Cole Sinkford (1) Globalfoundries
Cole Sinkford

CISO

Globalfoundries

Dinner

Cole Sinkford the Global CISO at Globalfoundries Inc. Prior to this he was GE Renewable Energy’s Global Chief Information and Product Cyber Security Officer, responsible for cybersecurity across the organization. In this role, he is responsible for all aspects of cybersecurity strategy and operations for Renewable Energy products and enterprise. Prior to his current role, Cole served as the Deputy Chief Information Security officer of Renewable Energy, establishing Renewables’ standalone Cybersecurity capabilities. Prior to that, Cole spent 3 years as part of GE’s Corporate Audit Staff, leading numerous projects and audits across the Digital Technology and business environments. Cole began his career as an Aviation DTLP located in Cincinnati, OH and now resides in Chicago, IL. Cole holds a bachelor’s degree in Electrical Engineering from the University of Cincinnati.

March 17, 2022

Agenda

All times Central Time

5:30 PM-9:00 PM

Application Security in a DevOps, Cloud and API World

Security teams are challenged to modernize application security practices in light of accelerating shifts to DevOps delivery models and rapid adoption of cloud-native application designs. Applications built on microservices (e.g. serverless, containers, APIs) and delivered continuously are outpacing application security teams ability to secure them. CISOs need to consider new skills, new touch points and new platforms to maintain a strong security posture in light of these trends and the speed at which they are re-shaping IT.

In Partnership With