The Future of IT & Cybersecurity

CXO Think Tank

October 5, 2022 - Boston, MA

Visionaries

Grace Beason (1) Guidewire Software Inc
Grace Beason

Director of Governance, Risk and Compliance

Guidewire Software Inc

Think Tank Speaker

Accomplished Security, Risk & Compliance Manager with a proven track record of working in the information technology and services industry with expertise in information security and privacy. Strong operations leader skilled in Security, Risk & Compliance of next generation Cloud, IoT and legacy IT services. Broad client base of Fortune 100 and international government sectors. Effective leader with global and industry specific regulatory frameworks. Primary industries include: IT/ Cloud Services, Financial Services, Healthcare, Public Sector, Technology/ Telecom, Media and Entertainment.

alex cunningham Advisor360
Alex Cunningham

CISO

Advisor360

Think Tank Speaker

Alex leads the strategic direction and execution of Advisor360°'s information security, risk, governance, and audit programs. Previously, he was the CISO at Commonwealth Financial Network, and have served in information security leadership roles both in the US and UK within the financial services, market research, and military sectors. Alex has a MS degree in information security leadership from Brandeis University and a BS degree in information technology with a minor in business from the University of Massachusetts Lowell. His information security certifications include CISSP, CISM, and CRISC.

Brian Haugli SideChannel
Brian Haugli

CEO

SideChannel

Think Tank Speaker

Brian has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He creates a more realistic way to address information security and data protection issues for organizations. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. Brian is the contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. Lastly, he is a professor at Boston College, in the Woods College of Advancing Studies, Master’s Program in Cybersecurity.

Mark Maybury Lockheed Martin
Mark Maybury

VP, Commercialization, Engineering & Technology

Lockheed Martin

Think Tank Speaker

Dr. Mark Maybury is a C-Suite Executive and Board Member with leadership success across public and private sectors and expertise in senior management, innovation commercialization, ventures investment, cybersecurity, AI/ML, IOT, SaaS, data analytics, energy storage, new business models, startup incubation and acceleration, revenue growth, margin expansion, lean manufacturing, global supply chains, and digital marketing. Dr. Maybury is Stanley Black & Decker’s first Chief Technology Officer and Board Director and Nominations and Governance Committee Chair of the Internet Sciences Inc. He serves as a Special Government Employee for the Defense Science Board providing strategy and technology advice to the Office of the Secretary of Defense as well as a director for the boards of the Connecticut Science Center and Mark Twain House and Museum. He is a former board member of the Advanced Cybersecurity Center (ACSC), the Object Management Group (OMG) which oversees the Industrial Internet Consortium, the USAF Scientific Advisory Board, and the Homeland Security S&T Advisory Committee. From 2010 to 2013, Dr. Maybury was Chief Scientist of the USAF serving as chief scientific adviser to the Chief of Staff and Secretary of the USAF. He served on the Steering Committee and Senior Review Group of the AF Scientific Advisory Board. Mark spent 27 years (1990 to 2017) at The MITRE Corporation, including as VP of Intelligence Portfolios and Director of the NIST-sponsored National Cybersecurity FFRDC (NCF) supporting the National Cyber Center of Excellence (NCCoE). He also served as VP and CSO and CTO of MITRE. He is an active Fellow of the IEEE, Fellow of the Association for the Advancement of Artificial Intelligence, a Fed 100 awardee and the 2019 Veterans Advantage Veteran of the Year. Dr. Maybury is editor of Intelligent Multimedia Interfaces (AAAI/MIT Press 93), Intelligent Multimedia Information Retrieval (AAAI/ MIT Press 97), New Directions in Question Answering (AAAI/ MIT Press 2004), Multimedia Information Extraction (2012), co-editor of Readings on Intelligent User Interfaces (Morgan Kaufmann Press 1998), Advances in Text Summarization (MIT Press 99), Advances in Knowledge Management (MIT Press 2001), Personalized Digital Television (Kluwer Academic 2004), Intelligent Technologies for Interactive Entertainment (Springer 2005), and co-author of Information Storage and Retrieval (Kluwer Academic 2000). He chaired the 2020 AAAI Spring Symposium on AI and Manufacturing and a frequent author and keynote speaker.

Tony Parrillo Schneider Electric
Tony Parrillo

VP, Enterprise IT Global Head of Security

Schneider Electric

Think Tank Speaker

Experienced and passionate cybersecurity leader. Responsible for all facets of cyber security to Schneider Electric's enterprise IT, encompassing approximately 140,000 employees in 100 countries, including 220 factories, 35 distribution centers, and 1,200 sites

Gene Daigle Lupl
Gene Daigle

Director Information Security

Lupl

Think Tank Speaker

Unrivaled breadth and depth of technical skills across nearly all IT disciplines, honed over 25 years working in SaaS, healthcare, manufacturing, & financial services industries. 25+ years of hands on experience with networking (all layers), and Microsoft server/domain/AD (some Unix, Novell, VMS, AS400) 20+ years of hands-on SQL/ASP/.NET development, telco, & call center design, support, & optimization 15+ years of hands-on with VOIP, VMWare, & InfoSec (from policy writing to packet sniffing) 20+ years of management, leadership, hiring, mentoring of technical teams Information Security compliance with NIST, HIPAA, ISO 27001, DIACAP, FISMA, PCI, SOC, SAS Disaster recovery planning and testing Penetration and vulnerability testing and remediation. Router, Firewall, Switch, WAF engineering; design/build/harden/operations Load balancing implementations on Cisco Local Director, MS NLB, Cisco CSM, F5 BigIP LTM/GTM Windows Server and Active Directory design/build/operate from NT 3.51 to current VMWare ESX design/build/manage high availabilty multi-site clusters from v4 to currrent

Larry Weber Veracode
Larry Weber

VP Product Marketing

Veracode

Think Tank Speaker

Larry Weber is a Vice President of Product Marketing at Veracode. He is responsible for leading the overall product & industry marketing, market insights, and developer relations teams. Larry has multiple years of experience in cloud strategy, user experience and analytics. Prior to joining Veracode, he built and led the marketing team for the AWS Databases category and was responsible for thought leadership, awareness, adoption, engagement, and advocacy for AWS’s 15+ purpose-built managed database services. Larry received a Masters of Computer Science from North Carolina State University and an MBA from a UNC Kenan-Flagler Business School.

Yotam Segev Cyera US Inc.
Yotam Segev

Co-Founder & CEO

Cyera US Inc.

Think Tank Speaker

Yotam Segev is the co-founder and CEO of Cyera, the leader in Cloud Data Security. Yotam is a cyber security expert with 15 years of experience in offensive cyber security and security architecture. Yotam is an alumni of Israel’s prestigious Talpiot program, where he met Tamar Bar-Ilan, Cyera’s co-founder and CTO. Together they served in cyber security leadership roles for over a decade in unit 8200, the Israeli Defense Force’s signals intelligence service. At the agency, they experienced firsthand the tremendous challenge of securing data in the cloud and founded Cyera to solve this problem. Cyera has raised over $60M in its first year of operations and is backed by leading venture capital firms Sequoia, Accel and Cyberstarts. Cyera’s mission is to enable organizations to unlock the true value of their data while keeping it secure.

David Bullas Authomize
David Bullas

Director of Sales Engineering

Authomize

Think Tank Speaker

Dave has been working in the Software Industry since 1998. He has a Masters degree in Computer Science focused on Neural Networks from the University of Alberta and has been working at Authomize since early 2021. Dave has held a variety of technical and management roles in development and sales engineering and has been in charge of the implementation, sale, delivery, and evangelism of a number of software products. Dave's current role is Director, Sales Engineering at Authomize and in that role he leads a team that delivers technical outcomes, enablement, and evangelism for the Authomize team, our partners, and our customers. Dave's spare time is spent kayaking, rock climbing, running, and reading a wide range of science fiction and fantasy novels. He has a long-suffering and extremely supportive wife and 2 kids aged 18 and 14. Dave has been living in Calgary, Alberta, Canada since 2005.

Matt Tesauro Noname Security
Matt Tesauro

Distinguished Engineer/Director Security Evangelist - Global

Noname Security

Think Tank Speaker

Matt Tesauro is a Distinguished Engineer at Noname Security. When not writing automation code in Go, Matt Tesauro is pushing for DevSecOps everywhere by contributing to open source projects, presenting, training and continuing to co-opt new technologies. Prior to joining Noname, he rolled out AppSec automation at a major financial institution and founded 10Security. Other experience includes the Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is a broadly experienced information security professional of 20+ years specializing in application and cloud security. He has also presented and provided training at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He is a lead for OWASP AppSec Pipeline & DefectDojo projects. The AppSec Pipeline project brings lessons from DevOps and Agile into Application Security while DefectDojo is an application that is the source of truth for DevSecOps activities and ingests output from 100 different security tools. He holds two degrees from Texas A&M University and several security and Linux certifications.

Ganesh Pai Uptycs
Ganesh Pai

Founder & CEO

Uptycs

Think Tank Speaker

Ganesh Pai is the Founder & CEO of Uptycs. Ganesh is a Boston-based entrepreneur and technologist who has been awarded multiple U.S. patents. Ganesh is a Featured Speaker at the CXO Think Tank in Boston, MA and will be discussing “Security Controls: Measuring Efficacy for Business Growth” in partnership with

Blake Atkinson Cloudflare
Blake Atkinson

Director of Infrastructure Security

Cloudflare

Think Tank Speaker

Blake leads the Infrastructure Security team at Cloudflare; collaborating with systems and hardware teams on a global, multi-faceted approach to preventing and detecting cyber security threats. He specializes in building cyber security engineering organizations that focus on delivering reliable and mature solutions for customers within and without. Previously, Blake built and led SRE teams responsible for security services and enterprise SaaS products. In between meetings, Blake can normally be found herding several cats and dogs around his home in Austin.

Alon Levin Seraphic Security
Alon Levin

VP of Product

Seraphic Security

Think Tank Speaker

Alon Levin is the VP of Product Management at Seraphic, the enterprise browser security solution. With a successful track record of over 15 years in the cyber security industry, Alon specializes in building and supporting the growth of new, innovative products in the areas of Product Management, Presales and Customer Success. Prior to joining Seraphic, he fulfilled numerous leadership positions such as VP Product Management at Infinipoint, and earlier in VDOO, and as a Consulting Engineer and Director of Sales Engineering at Palo Alto Networks, Cyvera and Wave. Alon holds a Bachelor of Science (B.Sc.) degree in Electrical Engineering from Tel-Aviv University.

Shirish Ranjit
Shirish Ranjit

CTO

Zen Labs

Think Tank Speaker

Shirish has a dozen plus years of technology experience currently CTO at Zen Labs and previously with State Street. He has a passion for decomposing particularly challenging problems into solvable units. He has pioneered the design and development of cloud-based strategies. His strengths include bringing artificial intelligence, machine learning, and big data analytics to experienced data scientists while also enabling “citizen" data scientists by providing them with simple and accessible ways to leverage cutting edge technologies.

Brian Haugli (1) SideChannel
Brian Haugli

CEO

SideChannel

Think Tank Speaker

Brian has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He creates a more realistic way to address information security and data protection issues for organizations. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. Brian is the contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. Lastly, he is a professor at Boston College, in the Woods College of Advancing Studies, Master’s Program in Cybersecurity.

Shirish Ranjit (1)
Shirish Ranjit

Senior Enterpris Architect

Staples Inc.

Think Tank Speaker

Shirish has a dozen plus years of technology experience currently at Staples and also CTO at Zen Labs and previously with State Street. He has a passion for decomposing particularly challenging problems into solvable units. He has pioneered the design and development of cloud-based strategies. His strengths include bringing artificial intelligence, machine learning, and big data analytics to experienced data scientists while also enabling “citizen" data scientists by providing them with simple and accessible ways to leverage cutting edge technologies.

October 5, 2022

Agenda

All times Eastern Time

12:30 PM-1:00 PM

Welcome & Registration


1:05 PM-2:00 PM
Keynote Panel

Security Controls: Measuring Efficacy for the Business Growth

The industry is spending record amounts on cybersecurity tooling, but somehow CISOs still are at times left scrambling to respond to the vulnerabilities like Log4j. Assuming that these types of critical and far-reaching events are inevitable, how can CISOs further improve their organization’s preparedness for future cyberattacks?

This panel will discuss potential strategies for determining the critical security controls - both technology and behavioral - that can minimize cyber-risks and give the organization the competitive advantage to grow and innovate. We will explore frameworks for measuring the efficacy of cybersecurity investments, and KPIs that show the board the investment is safeguarding the company's digital infrastructure for the long term.

In partnership with:
Uptycs

2:00 PM-2:35 PM
Keynote

Application Security in a DevOps, Cloud and API World

Security teams are challenged to modernize application security practices in light of accelerating shifts to DevOps delivery models and rapid adoption of cloud-native application designs. Applications built on microservices (e.g. serverless, containers, APIs) and delivered continuously are outpacing application security teams ability to secure them. CISOs need to consider new skills, new touch points and new platforms to maintain a strong security posture in light of these trends and the speed at which they are re-shaping IT.


2:30 PM-2:45 PM

Networking Break


2:45 PM-3:00 PM
Disruptor

Secure Your Browser - the Most Commonly Used and Vulnerable Application

In recent years, users have migrated from the office and are now working from everywhere and the resources the users need access to have also migrated from their desktops and data-centers to the cloud. The browser has become the de-facto tool for performing almost any action. Unfortunately, risks and threats to the browser are continuously on the rise, The browser is exposed to multiple types of threats and adversaries are increasingly targeting the browser to achieve their nefarious goals.

Join Seraphic VP of Product Management Alon Levin to learn about the threats to browsers and how to ensure secure browsing and prevention of policy infringements in the browser across all users, in all platforms and in every browser.

The session will review how security teams detect and mitigate browsers risks such as:

  • Browser vulnerability exploitation
  • Phishing
  • Intentional or unintentional data leak
  • Additional web-based attacks
In partnership with:
Seraphic Security

3:05 PM-4:00 PM
Panel

The Greatest Fears?

The biggest fear is not the technology, it is the potential of human error that could expose your organization to a cyberattack. The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. Most also agree that they will not be able to reduce the level of employee disregard for information security. How do we guard against human error without limiting employee efficiency and productivity?

In partnership with:
Cloudflare

4:05 PM-4:20 PM
Disruptor

Guarding the Doors: Navigating Risk From Third-Party Code

Open source libraries are widely leveraged by developers. In fact, 97 percent of the typical Java application is made up of open source libraries. But nearly 80 percent of developers never update third-party libraries after including them in codebase.

What does this mean for your applications? There is a good chance that your third-party libraries have undetected vulnerabilities. Scary, right?

The good news is that when alerted to vulnerabilities in open source libraries, developers tend to act quickly. This is especially true when developers understand how the vulnerability could impact their application.

Join us as we review our annual study on open source libraries, State of Software Security (SOSS) v12: Open Source Edition. We will explore the most popular open source libraries, how libraries are evaluated and selected, and how to eliminate risk by fixing vulnerabilities.

In partnership with:
Veracode

4:20 PM-4:35 PM

Networking Break


4:35 PM-4:50 PM
Disruptor

5 Steps to Securing Identity and Access for Everything in the Cloud

Identity and Access are under attack. The only way to protect the identity layer from risks and threats is to continuously monitor identities, assets, access privileges, and activities across cloud environments.

Join Authomize Director of Sales Engineering David Bullas, to learn about the 5 steps you need to take to ensure that your Cloud Identity and Access is secure and in compliance with standards and regulations. The session will review how security teams detect and mitigate Identity and Access risks such as:

  • Excessive Access exposing what you build in AWS
  • Identity lifecycle risks including partial offboarding
  • IdP risks including password stealing and user impersonation
In partnership with:
Authomize

4:55 PM-5:50 PM
Panel

Cloud Data Security

According to Gartner, 79% of companies have experienced at least one cloud data breach during the pandemic. But the migration of critical business data to the cloud shows no sign of slowing. In fact, it’s accelerating. Yet, despite powerful trends and mounting threats, traditional data security has simply not kept pace with the cloud. Security teams still struggle to even understand the reality of what sensitive data they have in the cloud and its associated risks. This is not a sustainable status quo. Data is increasingly a business most valuable asset. And until organizations can align around a shared Data Reality, cloud security will remain several steps behind intensifying security threats and tightening data regulations.

In partnership with:
Cyera US Inc.

5:50 PM-5:55 PM

Closing Remarks


5:55 PM-6:55 PM

Cocktail Hour