The Future of IT & Cybersecurity

CXO Think Tank

October 5, 2022 - Boston, MA

Visionaries

Grace Beason
Director of Governance, Risk and Compliance
Guidewire Software Inc

Think Tank Speaker

Accomplished Security, Risk & Compliance Manager with a proven track record of working in the information technology and services industry with expertise in information security and privacy. Strong operations leader skilled in Security, Risk & Compliance of next generation Cloud, IoT and legacy IT services. Broad client base of Fortune 100 and international government sectors. Effective leader with global and industry specific regulatory frameworks. Primary industries include: IT/ Cloud Services, Financial Services, Healthcare, Public Sector, Technology/ Telecom, Media and Entertainment.
Alex Cunningham
CISO
Advisor360

Think Tank Speaker

Alex leads the strategic direction and execution of Advisor360°'s information security, risk, governance, and audit programs. Previously, he was the CISO at Commonwealth Financial Network, and have served in information security leadership roles both in the US and UK within the financial services, market research, and military sectors. Alex has a MS degree in information security leadership from Brandeis University and a BS degree in information technology with a minor in business from the University of Massachusetts Lowell. His information security certifications include CISSP, CISM, and CRISC.
Brian Haugli
CEO
SideChannel

Think Tank Speaker

Brian has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He creates a more realistic way to address information security and data protection issues for organizations. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. Brian is the contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. Lastly, he is a professor at Boston College, in the Woods College of Advancing Studies, Master’s Program in Cybersecurity.
Mark Maybury
Former CTO
Stanley Black & Decker

Think Tank Speaker

Dr. Mark Maybury is a C-Suite Executive and Board Member with leadership success across public and private sectors and expertise in senior management, innovation commercialization, ventures investment, cybersecurity, AI/ML, IOT, SaaS, data analytics, energy storage, new business models, startup incubation and acceleration, revenue growth, margin expansion, lean manufacturing, global supply chains, and digital marketing. Dr. Maybury is Stanley Black & Decker’s first Chief Technology Officer and Board Director and Nominations and Governance Committee Chair of the Internet Sciences Inc. He serves as a Special Government Employee for the Defense Science Board providing strategy and technology advice to the Office of the Secretary of Defense as well as a director for the boards of the Connecticut Science Center and Mark Twain House and Museum. He is a former board member of the Advanced Cybersecurity Center (ACSC), the Object Management Group (OMG) which oversees the Industrial Internet Consortium, the USAF Scientific Advisory Board, and the Homeland Security S&T Advisory Committee. From 2010 to 2013, Dr. Maybury was Chief Scientist of the USAF serving as chief scientific adviser to the Chief of Staff and Secretary of the USAF. He served on the Steering Committee and Senior Review Group of the AF Scientific Advisory Board. Mark spent 27 years (1990 to 2017) at The MITRE Corporation, including as VP of Intelligence Portfolios and Director of the NIST-sponsored National Cybersecurity FFRDC (NCF) supporting the National Cyber Center of Excellence (NCCoE). He also served as VP and CSO and CTO of MITRE. He is an active Fellow of the IEEE, Fellow of the Association for the Advancement of Artificial Intelligence, a Fed 100 awardee and the 2019 Veterans Advantage Veteran of the Year. Dr. Maybury is editor of Intelligent Multimedia Interfaces (AAAI/MIT Press 93), Intelligent Multimedia Information Retrieval (AAAI/ MIT Press 97), New Directions in Question Answering (AAAI/ MIT Press 2004), Multimedia Information Extraction (2012), co-editor of Readings on Intelligent User Interfaces (Morgan Kaufmann Press 1998), Advances in Text Summarization (MIT Press 99), Advances in Knowledge Management (MIT Press 2001), Personalized Digital Television (Kluwer Academic 2004), Intelligent Technologies for Interactive Entertainment (Springer 2005), and co-author of Information Storage and Retrieval (Kluwer Academic 2000). He chaired the 2020 AAAI Spring Symposium on AI and Manufacturing and a frequent author and keynote speaker.
Tony Parrillo
VP, Enterprise IT Global Head of Security
Schneider Electric

Think Tank Speaker

Experienced and passionate cybersecurity leader. Responsible for all facets of cyber security to Schneider Electric's enterprise IT, encompassing approximately 140,000 employees in 100 countries, including 220 factories, 35 distribution centers, and 1,200 sites
Andrew Smeaton
CISO
Datarobot

Think Tank Speaker

Andrew is a globally-experienced certified Information Security executive and Board Advisor with a track record of success in complex, multi-stakeholder environments across Europe, North America, and the Middle East. His experience ranges from building information security teams from the ground up, enabling sales as a customer-facing CISO, maturing systems to reduce risk, and developing streamlined reporting to provide executive insight into data risks. Andrew transitions reactive information security environments into a culture where proactive prevention of information security risk is the norm. Andrew holds over 22 years of experience in the banking, financial services, startups, and healthcare industries. He is experienced in all facets of IT/IS Security & Risk Management, including acquisitions and disaffiliations, and has a track record of developing and implementing security strategies from inception through execution. In addition to his corporate experience, Andrew has also served on the executive boards for international conferences and advised government agencies on information security subjects. Andrew's skill set includes Security Risk Management, Security Program Development, Risk Assessment Methodologies, Application and Infrastructure reviews, Business Continuity (BC) and Disaster Recovery (DR), Security Training and Awareness, Data Loss Prevention (DLP), Audit and Regulatory Compliance, Mainframe, New Technology Research and Implementation, Application Security, Project Management (PM), Change Management (CM), Cloud Adoption Frameworks, and Cloud Security. Additionally, he comes from an IT background, which allows him to understand business requirements outside of the security environment and collaboratively create solutions that work for the business. Andrew’s regulatory compliance and privacy experience include FSA, NIST, PRA, FDIC, ISO 27K, COBIT, HIPAA, PCI-DSS, GLBA, Mass 201 CMR 17.00, SOX 404.SAMA, GDPR, CCPA, and NYDFS.
Larry Weber
VP Product Marketing
Veracode

Think Tank Speaker

Larry Weber is a Vice President of Product Marketing at Veracode. He is responsible for leading the overall product & industry marketing, market insights, and developer relations teams. Larry has multiple years of experience in cloud strategy, user experience and analytics. Prior to joining Veracode, he built and led the marketing team for the AWS Databases category and was responsible for thought leadership, awareness, adoption, engagement, and advocacy for AWS’s 15+ purpose-built managed database services. Larry received a Masters of Computer Science from North Carolina State University and an MBA from a UNC Kenan-Flagler Business School.
Oren Falkowitz
Field CSO
Cloudflare

Think Tank Speaker

Oren Falkowitz is a serial entrepreneur and cybersecurity industry visionary. He led Area 1 Security as its co-founder and CEO for the first seven years, with the mission to discover and eliminate targeted phishing attacks before they cause damage. Previously, he held senior positions at the National Security Agency (NSA) and United States Cyber Command (USCYBERCOM), where he focused on Computer Network Operations & Big Data. That’s where he realized the immense need for preemptive cybersecurity. Oren holds numerous patents and is an avid fan of Bowtie Thursdays.
Yotam Segev
Co-Founder & CEO
Cyera US Inc.

Think Tank Speaker

Yotam Segev is the co-founder and CEO of Cyera, the leader in Cloud Data Security. Yotam is a cyber security expert with 15 years of experience in offensive cyber security and security architecture. Yotam is an alumni of Israel’s prestigious Talpiot program, where he met Tamar Bar-Ilan, Cyera’s co-founder and CTO. Together they served in cyber security leadership roles for over a decade in unit 8200, the Israeli Defense Force’s signals intelligence service. At the agency, they experienced firsthand the tremendous challenge of securing data in the cloud and founded Cyera to solve this problem. Cyera has raised over $60M in its first year of operations and is backed by leading venture capital firms Sequoia, Accel and Cyberstarts. Cyera’s mission is to enable organizations to unlock the true value of their data while keeping it secure.
David Bullas
Director of Sales Engineering
Authomize

Think Tank Speaker

Dave has been working in the Software Industry since 1998. He has a Masters degree in Computer Science focused on Neural Networks from the University of Alberta and has been working at Authomize since early 2021. Dave has held a variety of technical and management roles in development and sales engineering and has been in charge of the implementation, sale, delivery, and evangelism of a number of software products. Dave's current role is Director, Sales Engineering at Authomize and in that role he leads a team that delivers technical outcomes, enablement, and evangelism for the Authomize team, our partners, and our customers. Dave's spare time is spent kayaking, rock climbing, running, and reading a wide range of science fiction and fantasy novels. He has a long-suffering and extremely supportive wife and 2 kids aged 18 and 14. Dave has been living in Calgary, Alberta, Canada since 2005.
Matt Tesauro
Distinguished Engineer/Director Security Evangelist - Global
Noname Security

Think Tank Speaker

Matt Tesauro is a Distinguished Engineer at Noname Security. When not writing automation code in Go, Matt Tesauro is pushing for DevSecOps everywhere by contributing to open source projects, presenting, training and continuing to co-opt new technologies. Prior to joining Noname, he rolled out AppSec automation at a major financial institution and founded 10Security. Other experience includes the Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is a broadly experienced information security professional of 20+ years specializing in application and cloud security. He has also presented and provided training at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He is a lead for OWASP AppSec Pipeline & DefectDojo projects. The AppSec Pipeline project brings lessons from DevOps and Agile into Application Security while DefectDojo is an application that is the source of truth for DevSecOps activities and ingests output from 100 different security tools. He holds two degrees from Texas A&M University and several security and Linux certifications.
Ganesh Pai
Founder & CEO
Uptycs

Think Tank Speaker

Ganesh Pai is Founder & CEO of Uptycs. He was previously Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue, a leading provider of content delivery solutions to service providers (acquired by Akamai). Prior to Verivue, he was Principal Architect for NetDevices (acquired by Alcatel-Lucent). Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. He is a Boston-based entrepreneur and technologist and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.
October 5, 2022

Attend this event

Not available on October 5, 2022?
View other dates for the Think Tank

Agenda

All times Eastern Time
12:30 PM-1:00 PM
Welcome & Registration

1:00 PM-1:55 PM
Keynote Panel
Security Controls: Measuring Efficacy for the Business Growth

The industry is spending record amounts on cybersecurity tooling, but somehow CISOs still are at times left scrambling to respond to the vulnerabilities like Log4j. Assuming that these types of critical and far-reaching events are inevitable, how can CISOs further improve their organization’s preparedness for future cyberattacks?

This panel will discuss potential strategies for determining the critical security controls - both technology and behavioral - that can minimize cyber-risks and give the organization the competitive advantage to grow and innovate. We will explore frameworks for measuring the efficacy of cybersecurity investments, and KPIs that show the board the investment is safeguarding the company's digital infrastructure for the long term.

Panelists
Tony Parrillo
VP, Enterprise IT Global Head of Security
Schneider Electric
Experienced and passionate cybersecurity leader. Responsible for all facets of cyber security to Schneider Electric's enterprise IT, encompassing approximately 140,000 employees in 100 countries, including 220 factories, 35 distribution centers, and 1,200 sites
Mark Maybury
Former CTO
Stanley Black & Decker
Dr. Mark Maybury is a C-Suite Executive and Board Member with leadership success across public and private sectors and expertise in senior management, innovation commercialization, ventures investment, cybersecurity, AI/ML, IOT, SaaS, data analytics, energy storage, new business models, startup incubation and acceleration, revenue growth, margin expansion, lean manufacturing, global supply chains, and digital marketing. Dr. Maybury is Stanley Black & Decker’s first Chief Technology Officer and Board Director and Nominations and Governance Committee Chair of the Internet Sciences Inc. He serves as a Special Government Employee for the Defense Science Board providing strategy and technology advice to the Office of the Secretary of Defense as well as a director for the boards of the Connecticut Science Center and Mark Twain House and Museum. He is a former board member of the Advanced Cybersecurity Center (ACSC), the Object Management Group (OMG) which oversees the Industrial Internet Consortium, the USAF Scientific Advisory Board, and the Homeland Security S&T Advisory Committee. From 2010 to 2013, Dr. Maybury was Chief Scientist of the USAF serving as chief scientific adviser to the Chief of Staff and Secretary of the USAF. He served on the Steering Committee and Senior Review Group of the AF Scientific Advisory Board. Mark spent 27 years (1990 to 2017) at The MITRE Corporation, including as VP of Intelligence Portfolios and Director of the NIST-sponsored National Cybersecurity FFRDC (NCF) supporting the National Cyber Center of Excellence (NCCoE). He also served as VP and CSO and CTO of MITRE. He is an active Fellow of the IEEE, Fellow of the Association for the Advancement of Artificial Intelligence, a Fed 100 awardee and the 2019 Veterans Advantage Veteran of the Year. Dr. Maybury is editor of Intelligent Multimedia Interfaces (AAAI/MIT Press 93), Intelligent Multimedia Information Retrieval (AAAI/ MIT Press 97), New Directions in Question Answering (AAAI/ MIT Press 2004), Multimedia Information Extraction (2012), co-editor of Readings on Intelligent User Interfaces (Morgan Kaufmann Press 1998), Advances in Text Summarization (MIT Press 99), Advances in Knowledge Management (MIT Press 2001), Personalized Digital Television (Kluwer Academic 2004), Intelligent Technologies for Interactive Entertainment (Springer 2005), and co-author of Information Storage and Retrieval (Kluwer Academic 2000). He chaired the 2020 AAAI Spring Symposium on AI and Manufacturing and a frequent author and keynote speaker.
Ganesh Pai
Founder & CEO
Uptycs
Ganesh Pai is Founder & CEO of Uptycs. He was previously Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue, a leading provider of content delivery solutions to service providers (acquired by Akamai). Prior to Verivue, he was Principal Architect for NetDevices (acquired by Alcatel-Lucent). Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. He is a Boston-based entrepreneur and technologist and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

2:00 PM-2:35 PM
Keynote
Application Security in a DevOps, Cloud and API World

Security teams are challenged to modernize application security practices in light of accelerating shifts to DevOps delivery models and rapid adoption of cloud-native application designs. Applications built on microservices (e.g. serverless, containers, APIs) and delivered continuously are outpacing application security teams ability to secure them. CISOs need to consider new skills, new touch points and new platforms to maintain a strong security posture in light of these trends and the speed at which they are re-shaping IT.

Matt Tesauro
Distinguished Engineer/Director Security Evangelist - Global
Noname Security
Matt Tesauro is a Distinguished Engineer at Noname Security. When not writing automation code in Go, Matt Tesauro is pushing for DevSecOps everywhere by contributing to open source projects, presenting, training and continuing to co-opt new technologies. Prior to joining Noname, he rolled out AppSec automation at a major financial institution and founded 10Security. Other experience includes the Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is a broadly experienced information security professional of 20+ years specializing in application and cloud security. He has also presented and provided training at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He is a lead for OWASP AppSec Pipeline & DefectDojo projects. The AppSec Pipeline project brings lessons from DevOps and Agile into Application Security while DefectDojo is an application that is the source of truth for DevSecOps activities and ingests output from 100 different security tools. He holds two degrees from Texas A&M University and several security and Linux certifications.

In partnership with

2:35 PM-2:50 PM
Networking Break

2:50 PM-3:45 PM
Panel
The Greatest Fears?

The biggest fear is not the technology, it is the potential of human error that could expose your organization to a cyberattack. The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. Most also agree that they will not be able to reduce the level of employee disregard for information security. How do we guard against human error without limiting employee efficiency and productivity?

Panelists
Oren Falkowitz
Field CSO
Cloudflare
Oren Falkowitz is a serial entrepreneur and cybersecurity industry visionary. He led Area 1 Security as its co-founder and CEO for the first seven years, with the mission to discover and eliminate targeted phishing attacks before they cause damage. Previously, he held senior positions at the National Security Agency (NSA) and United States Cyber Command (USCYBERCOM), where he focused on Computer Network Operations & Big Data. That’s where he realized the immense need for preemptive cybersecurity. Oren holds numerous patents and is an avid fan of Bowtie Thursdays.
Grace Beason
Director of Governance, Risk and Compliance
Guidewire Software Inc
Accomplished Security, Risk & Compliance Manager with a proven track record of working in the information technology and services industry with expertise in information security and privacy. Strong operations leader skilled in Security, Risk & Compliance of next generation Cloud, IoT and legacy IT services. Broad client base of Fortune 100 and international government sectors. Effective leader with global and industry specific regulatory frameworks. Primary industries include: IT/ Cloud Services, Financial Services, Healthcare, Public Sector, Technology/ Telecom, Media and Entertainment.
Andrew Smeaton
CISO
Datarobot
Andrew is a globally-experienced certified Information Security executive and Board Advisor with a track record of success in complex, multi-stakeholder environments across Europe, North America, and the Middle East. His experience ranges from building information security teams from the ground up, enabling sales as a customer-facing CISO, maturing systems to reduce risk, and developing streamlined reporting to provide executive insight into data risks. Andrew transitions reactive information security environments into a culture where proactive prevention of information security risk is the norm. Andrew holds over 22 years of experience in the banking, financial services, startups, and healthcare industries. He is experienced in all facets of IT/IS Security & Risk Management, including acquisitions and disaffiliations, and has a track record of developing and implementing security strategies from inception through execution. In addition to his corporate experience, Andrew has also served on the executive boards for international conferences and advised government agencies on information security subjects. Andrew's skill set includes Security Risk Management, Security Program Development, Risk Assessment Methodologies, Application and Infrastructure reviews, Business Continuity (BC) and Disaster Recovery (DR), Security Training and Awareness, Data Loss Prevention (DLP), Audit and Regulatory Compliance, Mainframe, New Technology Research and Implementation, Application Security, Project Management (PM), Change Management (CM), Cloud Adoption Frameworks, and Cloud Security. Additionally, he comes from an IT background, which allows him to understand business requirements outside of the security environment and collaboratively create solutions that work for the business. Andrew’s regulatory compliance and privacy experience include FSA, NIST, PRA, FDIC, ISO 27K, COBIT, HIPAA, PCI-DSS, GLBA, Mass 201 CMR 17.00, SOX 404.SAMA, GDPR, CCPA, and NYDFS.

In partnership with

3:50 PM-4:05 PM
Disruptor
Guarding the Doors: Navigating Risk From Third-Party Code

Open source libraries are widely leveraged by developers. In fact, 97 percent of the typical Java application is made up of open source libraries. But nearly 80 percent of developers never update third-party libraries after including them in codebase.

What does this mean for your applications? There is a good chance that your third-party libraries have undetected vulnerabilities. Scary, right?

The good news is that when alerted to vulnerabilities in open source libraries, developers tend to act quickly. This is especially true when developers understand how the vulnerability could impact their application.

Join us as we review our annual study on open source libraries, State of Software Security (SOSS) v12: Open Source Edition. We will explore the most popular open source libraries, how libraries are evaluated and selected, and how to eliminate risk by fixing vulnerabilities.


In partnership with

4:05 PM-4:20 PM
Networking Break

4:20 PM-4:35 PM
Disruptor
5 Steps to Securing Identity and Access for Everything in the Cloud

Identity and Access are under attack. The only way to protect the identity layer from risks and threats is to continuously monitor identities, assets, access privileges, and activities across cloud environments.

Join Authomize Director of Sales Engineering David Bullas, to learn about the 5 steps you need to take to ensure that your Cloud Identity and Access is secure and in compliance with standards and regulations. The session will review how security teams detect and mitigate Identity and Access risks such as:

  • Excessive Access exposing what you build in AWS
  • Identity lifecycle risks including partial offboarding
  • IdP risks including password stealing and user impersonation

In partnership with

4:40 PM-5:35 PM
Panel
Cloud Data Security

According to Gartner, 79% of companies have experienced at least one cloud data breach during the pandemic. But the migration of critical business data to the cloud shows no sign of slowing. In fact, it’s accelerating. Yet, despite powerful trends and mounting threats, traditional data security has simply not kept pace with the cloud. Security teams still struggle to even understand the reality of what sensitive data they have in the cloud and its associated risks. This is not a sustainable status quo. Data is increasingly a business most valuable asset. And until organizations can align around a shared Data Reality, cloud security will remain several steps behind intensifying security threats and tightening data regulations.

Panelists
Alex Cunningham
CISO
Advisor360
Alex leads the strategic direction and execution of Advisor360°'s information security, risk, governance, and audit programs. Previously, he was the CISO at Commonwealth Financial Network, and have served in information security leadership roles both in the US and UK within the financial services, market research, and military sectors. Alex has a MS degree in information security leadership from Brandeis University and a BS degree in information technology with a minor in business from the University of Massachusetts Lowell. His information security certifications include CISSP, CISM, and CRISC.
Nicholas Bruno
CISO
SAI360
Yotam Segev
Co-Founder & CEO
Cyera US Inc.
Yotam Segev is the co-founder and CEO of Cyera, the leader in Cloud Data Security. Yotam is a cyber security expert with 15 years of experience in offensive cyber security and security architecture. Yotam is an alumni of Israel’s prestigious Talpiot program, where he met Tamar Bar-Ilan, Cyera’s co-founder and CTO. Together they served in cyber security leadership roles for over a decade in unit 8200, the Israeli Defense Force’s signals intelligence service. At the agency, they experienced firsthand the tremendous challenge of securing data in the cloud and founded Cyera to solve this problem. Cyera has raised over $60M in its first year of operations and is backed by leading venture capital firms Sequoia, Accel and Cyberstarts. Cyera’s mission is to enable organizations to unlock the true value of their data while keeping it secure.

In partnership with

5:35 PM-5:40 PM
Closing Remarks

5:40 PM-6:40 PM
Cocktail Hour