Future of Cybersecurity

CISO Summit

November 16, 2023 - New York, NY

Visionaries

Richard Rushing

CISO

Motorola Mobility Inc

Summit Speaker

Mr. Richard Rushing is the Chief Information Security Officer for Motorola Mobility LLC.; Richard participates in several corporate, community, private, and government Security Council’s and working groups setting standards, policies, and solutions to current and emerging security issues. As Chief Information Security Officer for Motorola Mobility, he has led the security effort by developing an international team to tackle the emerging threats of mobile devices, targeted attacks, and cyber-crime. He organized developed and deployed practices, tools and techniques to protect the intellectual property across the worldwide enterprise. A much-in-demand international speaker on information security Richard has presented at many leading security conferences and seminars around the world.

Erik Hart

CISO

Cushman & Wakefield

Summit Speaker

Erik Hart oversees global information security for Cushman & Wakefield, one of the world’s largest commercial real estate services firms. A recognized thought leader with more than 20 years of experience in providing information security services to various industries and organizations, he also serves in an advisory role for numerous companies and organizations in the information security field, including Mimecast, CrowdStrike, InfraGard Chicago Members Alliance and Western Illinois University. Before joining Cushman & Wakefield in 2018, he served as CISO and Director of IT Risk Management for Zebra Technologies, a provider of mobile, logistics and point-of-sale technology and systems to retail, health care, transportation, manufacturing and other industries. Erik earned his Bachelors from Western Illinois University and Masters from Western Governors University.

Ivan Durbak

CIO

Bronx Lebanon Hospital Center

Summit Speaker

Ivan Durbak is CIO at Bronx-Lebanon Hospital Center. In this role he leads an IT organization that supports the Bronx-Lebanon Hospital Center community, including two major hospitals, two nursing homes, a large emergency room and a large clinic ambulatory environment that sees nearly one million patients a year

Tony Parrillo

VP, Enterprise IT Global Head of Security

Schneider Electric

Summit Speaker

Experienced and passionate cybersecurity leader. Responsible for all facets of cyber security to Schneider Electric's enterprise IT, encompassing approximately 140,000 employees in 100 countries, including 220 factories, 35 distribution centers, and 1,200 sites

Rick Patterson

EVP CISO

Clear

Summit Speaker

Rick Patterson is the Chief Information Security Officer (CISO) at CLEAR since December 2020. Prior to CLEAR, he held leadership roles at Bridgewater Associates, PetSmart, and Sidley Austin. With a background in the U.S. Secret Service and U.S. Army Criminal Investigative Division, Rick brings extensive expertise in cybersecurity. He holds a Bachelor's degree from California State University, Fullerton, and a Master's degree from DePaul University. Recently, Rick served on the Selection Board for the 2023 CISOs Connect™ Top 100 CISOs (C100) Award.

Tim Swope

CISO

Catholic Health System

Summit Speaker

Mr. Swope brings over 20 years of experience in IT Project Management, BI Solutions Development, IT Security, IT Controls (CoBIT, SOX 404/MAR, etc) IT Risk Management, and HealthCare Compliance, to both the public and private sectors. His focus is on identifying gaps relating to key IT security processes and the implementation of IS Security and Risk Management programs to Health Care, Pharmaceutical and various commercial clients. Has a proven track record of delivering the following: • Interpreting and applying 21 CFR Part 11, GLP, GMP, GCP, and QSR regulations • MDM and Data Governance • Identity Access Management • HIPAA Risk Assessments and GAP analysis • Information Assurance Program Management - SCRUM, AGILE, SDLC, Six Sigma • Implemented large security, risk and compliance initiatives of SOX-404 IT, HIPAA/HITECH, including security policies, procedures and controls. • "Big Data", Data Management and Health Care Data Analytics • Federal Information Security Management Act (FISMA) Compliance Reviews • Implemented the security standards - 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule He has supported these Information Assurance and IS Security initiatives for organizations that include: Excellus BCBS, Medimmune/Astra Zeneca, ENDO Pharmaceuticals, Novo Nordisk, Daiichi-Sankyo Solutions, Catalent Pharma Solutions, Johnson and Johnson, District of Columbia Government office of the Chief Financial Officer, District of Columbia Water and Sewer Authority, City of Richmond, Virginia Department of Public Utilities, Virginia State Department of Health, and the Kentucky Department of Health Services, as well as the U.S. Department of Labor.

John Savini

CISO, Optum Insight & Analytics

Optum

Summit Speaker

John Savini serves as the Chief Information Security Officer for Optum Insight as well as OptumAI. As CISO at Optum, Savini has accountability to maintain the security program and posture for two of UnitedHealth Group’s broadest and most technically complex business segments. An Engineer and Data Scientist at heart, he has also overseen the development and operation of a best of breed identity risk AI platform serving a wide array of constituent risk use cases ranging from privacy to identity compromise and digital fraud. John has also cultivated a team of identity risk analysts capable of providing interventional response and forensic analysis in supporting the distinct needs of an increasingly complex healthcare ecosystem. With more than 20 years in health care technology, John has helped been focused on deploying innovative solutions to improve optimize and secure many aspects of the healthcare continuum. As an advocate for the next generation of our workforce, John was one of the founding sponsors of the UHG’s technology development Program as well as Executive Sponsor and Board Member for Black Girls in Cyber. John holds a bachelor’s degree in mechanical engineering from Worcester Polytechnic Institute, a master’s in Mechanical Engineer focused in aerospace and automation from the University of New Haven, and an MBA focused in finance and business strategy from Carnegie Mellon University.

Kenneth Townsend

Global CISO

Ingredion

Summit Speaker

Founded in 1906, Ingredion together with its subsidiaries, refines corn and produces sweeteners and starches. The company also provides animal feed products; edible corn oil; refined corn oil to packers of cooking oil and to producers of margarine, salad dressings, shortening, mayonnaise, and other foods; and corn gluten feed used as protein feed for chickens, pet food, and aquaculture. The company is headquartered in Westchester, Illinois.

Wade Lance

Field CISO

Synack, Inc.

Summit Speaker

Wade has been productizing new technologies in cyber security, education, and healthcare for more than 20 years. He has diverse experience in security solution design for global 1000 organizations, and a passion for mentoring and developing cyber security leaders.

Marcus Merrell

VP of Technology

Sauce Labs

Summit Speaker

As Vice President of Technology Strategy at Sauce Labs, Marcus uses experience from 20+ years in test to build robust, customer-centric solutions around test automation, release management, and the entire SDLC. He started using Selenium/WebDriver in 2007, contributes to the Selenium project, and chairs the Selenium Conference Organizing Committee.

Shannon Rowbury

Track and Field Olympian

US Olympics

Summit Speaker

For 15 years, I found myself defined by my accomplishments on the track. I’m proud of these achievements -- three-time Olympian, World Champion, World Record Holder, and 2-time World Bronze medalist -- but they do not fully define me. I have also excelled academically, graduating Magna Cum Laude from Duke before going on to earn my Master’s degree. A lifelong advocate in women’s sports, I was selected by the US Department of State to serve as a Sport's Envoy to Morocco. I have also worked with Nike and USATF to update maternity policies to make Track & Field more equitable. My long career in professional sports, including becoming a mother in 2018 and navigating a return to top form, offers a unique perspective into the full range of the athlete experience. As I move on from competition, my mission now is to find ways to share that insight with other dreamers and high achievers.

Anthony Gonzalez

Former CISO

QBE North America

Summit Speaker

Visionary, results and solutions-driven professional with 20+ years of experience in progressively responsible Cyber Security and IT leadership roles in the financial services, insurance, pharmaceutical, biotechnology, consumer goods,and chemical manufacturing industries. Adept in building and leading global Cyber Security, IT technical and support functions. Creative, resourceful problem solver with a track record of success in delivering cost-effective and value-added services to his customers. Additional experience in industrial engineering and process improvement. Specialties: Areas of expertise include: Cyber Security, Network Security,Application Security, Infrastructure Management and Security Incident Management, Disaster Recovery, Forensic Investigations, Operations Management, Financial Management, Project/Portfolio Management, Policy/Procedure Development, Budget Preparation, Strategic Planning, Process Design/Implementation, Risk Mitigation, Enterprise Architecture, IT Governance, Manufacturing/Laboratory Automation, Organizational Design, Vendor Audits, System, Start-Up Operations, Sarbanes-Oxley (SOX), Talent Development/Mentoring, International Team Management, and Regulatory Compliance

Demond Waters

CISO

City of New York

Summit Speaker

Demond Waters is a highly accomplished and visionary leader serving as the Chief Information Security Officer (CISO) for the New York City Public Schools, the largest school district in the United States. With a career marked by a deep commitment to safeguarding sensitive information, securing critical systems, and dedication to building the next generation of cybersecurity professionals. His extensive experience spans over 15 years in the field of information security. As the CISO of NYC Public Schools, Demond has established himself as a forward-thinking leader who embraces innovation while preserving a strong commitment to the safety of students, staff, and sensitive data. He has played a pivotal role in designing and implementing a comprehensive cybersecurity framework tailored to the unique requirements of the school district, prioritizing both proactive threat mitigation and responsive incident management. With Demond Waters at the helm as CISO, the New York City Public Schools are setting the benchmark for cybersecurity in the educational sector. His dedication to creating a safe and secure environment for students to learn and thrive ensures the continued success of the largest school district in the United States.

Rohit Agrawal

Global Head of Hybrid Cloud

Siemens Healthineers

Summit Speaker

Rohit Agrawal is a dynamic and forward-thinking tech leader renowned for his ability to drive transformative change and innovation in the world of technology. With over 17 years of experience in IT leadership roles across the globe, Rohit has built a reputation for delivering results in challenging environments and aligning technology with business needs. Currently serving as the Global Head of Hybrid Cloud at Siemens Healthineers, Rohit is spearheading groundbreaking initiatives including cloud transformation, data integration and incubation of emerging technology platforms. Rohit's leadership has transformed global teams and established a culture of agility and excellence, making him a sought-after speaker at public events. His relentless pursuit of excellence and unwavering commitment to aligning technology with business needs have made him a driving force in the healthcare technology industry

Kish Galappatti

Senior Sales Engineer

CardinalOps

Summit Speaker

Kish Galappatti, Senior Sales Engineer at CardinalOps is a data security professional with over 20 years experience implementing cybersecurity and data privacy solutions for enterprise clients. Kish has a background in the financial services industry where he built large scale distributed systems. He was subsequently instrumental in the adoption of cyber risk ratings for the insurance industry. At CardinalOps, Kish works with some of the largest enterprises in the world to ensure their detection posture is optimized.

Ky Nichol

CEO

Cutover Inc.

Summit Speaker

Ky is the CEO of Cutover, he started out in the Space Industry with a physics background, he spent some time working with NASA and more with the European Space Agency on the International Space Station Program. He loved the seamless way teams and technology come together in the Space Industry to do great things! He left that industry to work as a tech consultant in the enterprise, working with the founding team for many years. Following frustrations they saw in managing tech ops/IT operations/SRE in the enterprise, they had a vision for a framework for teams and automation to work together to harness volatile and complex processes to reduce risk, increase productivity and reduce costs - they call this Collaborative Automation. On that basis they founded Cutover which has grown tremendously since its inception in 2015 and is now adopted at many of the world’s largest financial institutions and technology companies.

Yotam Segev

Co-Founder & CEO

Cyera US Inc.

Summit Speaker

Yotam Segev is the co-founder and CEO of Cyera, the leader in Cloud Data Security. Yotam is a cyber security expert with 15 years of experience in offensive cyber security and security architecture. Yotam is an alumni of Israel’s prestigious Talpiot program, where he met Tamar Bar-Ilan, Cyera’s co-founder and CTO. Together they served in cyber security leadership roles for over a decade in unit 8200, the Israeli Defense Force’s signals intelligence service. At the agency, they experienced firsthand the tremendous challenge of securing data in the cloud and founded Cyera to solve this problem. Cyera has raised over $60M in its first year of operations and is backed by leading venture capital firms Sequoia, Accel and Cyberstarts. Cyera’s mission is to enable organizations to unlock the true value of their data while keeping it secure.

Wes Kussmaul

CIO

Reliable Identities

Summit Speaker

Reliable Identities is a unit of The Authenticity Institute, Inc., a spinoff of Delphi Internet Services Corporation. Founded in 1981, Delphi earned its claim as "The Company That Popularized The Internet" by harnessing the popular curiosity that had grown around the early Internet during the time when its usage had been limited to researchers and academics. Delphi was the first to capitalize on the lifting of the ban on commercial activity on the Net. The Authenticity Institute had been launched as an independent spinoff of Delphi, and was not part of the News Corporation acquisition. The company served magazine publishers and business clients by designing, building and managing their own private-label online services. During the next twelve years The Authenticity Institute provided business planning, design, engineering, hosting, management and promotion services for Digital Equipment Corporation, William F. Buckley's National Review, BioTechniques, Hardcopy, International Business, Business Digest, and many other companies and magazines. In 1998 The Authenticity Institute sold its hosting business to NTT Verio in order to focus its resources on meeting the need for reliable identities of participants in online spaces. Three years later the first component of the Quiet Enjoyment Infrastructure, the VIVOS® Enrollment Workstation, was introduced. In 2002 The Authenticity Institute became a signatory to the International Telecommunication Union's World e-Trust Initiative, whose goal is to bring the benefit of PKI-based authenticity to the online world.

Todd Carroll

CISO/VP of Global Cyber Operations

CybelAngel

Summit Speaker

Accomplished executive management professional in both the private and public sector. Helping grow a SaaS Cybersecurity company in the US in revenue and size. Over 31 years in law enforcement and national security (FBI, Local Law Enforcement, Army National Guard) with a wide range of experience and expertise in cyber, counterintelligence, counterterrorism, intelligence and violent crime investigations. Able to provide leadership and strategic vision focused on cyber and physical security, threat intelligence, risk analysis, compliance, insider threat identification and mitigation strategies. Todd graduated from the University of Maryland (Master’s in CyberSecurity), Carnegie Mellon University (CISO program) and Western Illinois University (Bachelor’s in LEA)

Justin Conza

Technical Product Specialist

KnowBe4

Summit Speaker

Justin is a seasoned Technical Product Specialist at KnowBe4, the world's largest security awareness training and simulated phishing platform. With a passion for cybersecurity and a wealth of experience in the field, Justin is dedicated to helping organizations navigate the complex landscape of social engineering threats.

November 16, 2023

Agenda

All times Eastern Time

8:00 AM-8:30 AM

Welcome & Registration


8:30 AM-9:00 AM

Morning Networking


9:00 AM-9:15 AM

Opening Remarks



9:35 AM-10:00 AM
Keynote

Testing the Limits of Possibility

We are at the ground floor of a new innovation curve—the breakthrough of modern AI—that blows past previous limits of what’s possible to build with software. This, coupled with its overlap with the mobile revolution, create an unprecedented moment, and software leaders must build a new set of practices around software development to embrace exponential increases in innovation, but without sacrificing the quality of customer experience that’s table stakes in a post-mobile world.

In this talk, In this talk, Marcus Merrell, Vice President of Technology Strategy at Sauce Labs, and executive committee member of the Selenium project, will leverage his expertise leading teams at the forefront of these two overlapping innovation cycles to document and explore the convergence of consumer expectations, digital transformation, and innovation in artificial intelligence. Culminating in a “call to arms,” a rally cry, for other executives across all industries and categories to think hard about their software development philosophy and how they will deliver quality customer experiences in an uncharted environment, or suffer the consequences of irrelevance.

In partnership with:

10:05 AM-10:45 AM
Fireside Chat

Synergy of Leadership, Athlete Mindset, Cybersecurity, and Technology for Business Success

In today's dynamic business landscape, the fusion of leadership principles and the athlete mindset, combined with a strong focus on cybersecurity and technology, offers a potent approach to meet evolving demands. Leadership qualities like adaptability, resilience, and vision complement the discipline, determination, and performance focus inherent in athletes. This connection is particularly relevant in the realm of cybersecurity and technology, where leaders must navigate constant change and cyber threats. Integrating athlete mental skills into technology leadership roles and fostering a culture of cybersecurity resilience is essential. By recognizing this synergy, businesses can equip their leaders to thrive in the face of technological disruptions and security challenges, ultimately ensuring sustainable success in the digital age.

In partnership with:

10:45 AM-10:55 AM

Coffee Break


10:55 AM-11:10 AM

Poor Cyber Hygiene

In the digital age, practicing good cyber hygiene is essential to maintaining the security and integrity of personal and business data. However, in 2023, the lack of basic cyber hygiene practices will continue to be a major cause of cyber incidents. Cybercriminals exploit these vulnerabilities to gain unauthorized access to sensitive information, steal data, and launch damaging cyber attacks. It's crucial for individuals and businesses to prioritize basic cyber hygiene practices, such as using strong passwords, regularly updating software, and backing up data. Additionally, individuals and businesses must educate themselves and their employees on cybersecurity best practices and the latest threats to stay ahead of the evolving threat landscape. By taking these proactive steps, individuals and businesses can protect themselves from cybercriminals who prey on poor cyber hygiene practices.


11:15 AM-11:30 AM
Disruptor

Compliance: What Can be Done Today about Tomorrow's Challenges

In the dynamic landscape of cybersecurity and compliance, 2024 looms as a pivotal year. CISOs and cybersecurity leaders are focused on safeguarding not just data, but the future of your business. For this intimate, virtual gathering we bring together industry experts to delve into the upcoming compliance challenges, including the formidable PCI DSS 4.0, and explore how proactive preparation can be a catalyst for business resilience.

Join us for an insightful journey that transcends checkboxes and audits, focusing on aligning compliance with broader business objectives. Discover strategies to enhance organizational agility, reduce risks, and ensure that compliance not only meets regulatory mandates but also fuels your business growth.

In partnership with:

11:35 AM-11:50 AM
Disruptor

Leveraging Artificial Intelligence for SaaS Discovery

In today's interconnected business world, companies rely on SaaS applications as the operating system of business, which can pose significant cybersecurity risks. This makes it critical for companies to have effective security measures in place to properly secure their entire SaaS environment. Failure to do so can result in data breaches, financial losses, and reputational damage. To mitigate this risk, companies must ensure they are monitoring not only the SaaS applications that are managed and known to the IT team, but their entire SaaS environment. Application discovery provides a comprehensive view into the entire SaaS ecosystem, including what managed applications have access to data, connected third-party apps, and even shadow apps, as well as who has enabled them, and the level of access they’ve been granted. Using a combination of graph algorithms, anomaly detection, NLP, and GenAI tools, solutions leveraging AI can provide a complete picture of interactions and activities across users. This insight can be used to pinpoint common causes of a breach such as misconfigurations, overly permissioned users, and compromised accounts. In this session, we’ll explore the importance of investing in SaaS discovery, how AI can add the context needed to protect against common causes of breaches, and how organizations can secure their SaaS from the most common risks that can lead to a breach in 2023 and beyond.

In partnership with:

11:55 AM-12:10 PM
Disruptor

Your Most Important Asset: Data - Is It Really Secure?

Boosting data security posture is a top priority for organizations in 2023 and beyond. In a recent Forrester Research study commissioned by Cyera, 71% of security leaders said legacy technologies and manual processes inhibit business success. Join this deep dive discussion on why today’s security executive expects the most transformational business benefits to come from automating data security, specifically risk assessments, data discovery, and classification. 

Session topics will include:

  • The struggle to meet security goals while enabling the business to use data and advanced technologies
  • New approaches to data security that keep pace in the era of cloud and AI
  • Generative AI - risk versus reward
  • Embracing automation and rapid time are critical capabilities in cybersecurity
In partnership with:

12:15 PM-1:15 PM

Lunch & Networking


1:15 PM-2:00 PM
Panel

Ransomware and Cyber Readiness

Ransomware attacks are becoming increasingly prevalent and sophisticated, affecting businesses and individuals in all sectors. In 2023, these attacks are expected to continue to grow, resulting in significant financial losses, data theft, and reputational damage. Businesses should implement comprehensive security measures, including regular backups, employee training, and endpoint security, to minimize the risk of a ransomware attack. Additionally, because cyber attacks are unpredictable and complex it's important to have cyber recovery plans in place to orchestrate both teams and technology to minimize the impact of an attack. Businesses must develop recovery plans detailing the tasks to restore systems, manage data integrity, keep stakeholders informed of progress and meet regulatory requirements.

In partnership with:

2:05 PM-2:20 PM
Disruptor

Using Strategic Security Testing to Transform Your Security Posture

Most security testing today is purely tactical- we find vulnerabilities and sometimes fix them. We use this process to satisfy compliance requirements and report point-in-time status to regulators, but we rarely learn anything about our overall security posture and use that information to change our strategy and priorities.  Strategic, transformational security testing is the solution.

Strategic security testing uses aggregated data from individual penetration tests to reveal the root cause of persistent weaknesses in security posture due to broken processes and overwhelmed staff. Security and IT management can use that data to invest in training and solutions that are specifically targeted at organizational deficiencies. Moreover, a strategic security testing program will track improvements in overall security posture over time so those improvements can be communicated to senior leadership and the board.

In partnership with:

2:20 PM-2:50 PM

Networking Break


2:25 PM-2:40 PM
Disruptor

Enhancing the Resilience of Your Organization's Final Barrier: The Human Firewall

In today's digital landscape, social engineering attacks like phishing, Business Email Compromise (BEC), and Ransomware are increasingly prevalent. These cunning tactics rely on manipulating humans to gain unauthorized access to protected systems and sensitive data. As the frequency of such cyber-attacks rises, it is crucial to fortify your organization's last line of defense: the human firewall.

In this session we will look into case studies around:

  • Regular, tailored security awareness training to educate employees about social engineering threats.
  • Foster a reporting culture for prompt identification of suspicious activities.
  • Strengthen password policies and use multi-factor authentication (MFA) to reduce risks.
In partnership with:

2:50 PM-3:05 PM
Disruptor

The Current and Future State of your External Attack Surface

Today's threat landscape is growing two fold every year due to a growing cyber ecosystem with partners, third parties and vendors.  Add the technically "savvy" remote employee workforce with an increase in remote services use, the threats to IP, data and operations has significantly grown.
In this session we will:
  • Review key data from the CybelAngel EASM report and current data trends
  • Show visibility into this attack vector is possible to help identify high risk areas and help prioritize threats before they become front page news.
In partnership with:

3:10 PM-3:25 PM

CISO Evolution: Adopting a Risk Mindset

In today's complicated cyber environment, the significance of a risk-centric approach is paramount. Explore the importance of adopting a risk mindset as a core in building your security strategy and ensuring buy-in from senior leaders. In this talk, I will discuss my journey over the last 30 years, lessons learned, and mistakes made. As well as the urgency to get this right in light of the evolving cybersecurity landscape and heightened CISO liability.


3:30 PM-4:15 PM
Panel

Cloud Vulnerabilities

Cloud computing services have become a cornerstone of modern business operations, providing organizations with the agility and scalability needed to thrive in the digital age. However, in 2023, the threat of cloud vulnerabilities will continue to grow as more companies adopt cloud services. Cybercriminals are constantly finding new ways to exploit vulnerabilities in cloud infrastructure, which can result in data breaches, unauthorized access, and financial losses. To mitigate the risks of cloud-related security incidents, businesses must prioritize implementing robust security measures such as multi-factor authentication, encryption, and regular penetration testing. Additionally, businesses must develop comprehensive incident response plans that take into account the unique challenges of cloud-based attacks. By taking these steps, businesses can protect themselves and their customers from the growing threat of cloud vulnerabilities in the digital age.

In partnership with:

4:15 PM-4:25 PM

Networking Break



4:45 PM-5:30 PM
Panel

Internet of Things

The Internet of Things (IoT) is a network of physical devices that communicate and exchange data, creating new opportunities for businesses and consumers alike. However, in 2023, the increasing adoption of IoT devices will pose new security risks. Cybercriminals are becoming more adept at exploiting vulnerabilities in IoT devices, which can result in data breaches, unauthorized access, and privacy violations. It's essential for businesses to prioritize security measures such as strong authentication protocols, regular software updates, and network segmentation to minimize the risk of an IoT-related security incident. Additionally, businesses should implement comprehensive incident response plans to quickly and effectively respond to a potential IoT-related attack.


5:30 PM-5:45 PM

Closing Remarks & Raffle Giveaway


5:45 PM-6:45 PM

Cocktail Reception