The Future of Cybersecurity

CISO Think Tank

February 22, 2024 - New York, NY

Visionaries

Leo Cunningham

CISO

Owkin Inc

Think Tank Speaker

Leo has a successful track record working within different blue-chip companies and industries ranging from Start-ups/Scale-ups, Banking, FinTech, SaaS and eCommerce, providing insight, consultancy and strategy across global remits covering Information Security, Cyber Security, GRC, Auditing, Cloud and a multitude of compliance remits including PCI DSS, SOX and GDPR. At Flo Health, the number one health and wellbeing app. His team protects the data of 250 million users, equating to 300 billion data points. He is currently an advisor to multiple start-ups from the Palta Group. He has been instrumental in leading security efforts within HealthTech and FemTech. In June 2022, Flo Security delivered the industry’s first ISO 27001 certification. Leo is a multi-award winner. A Snyk influencer. A Keynote speaker worldwide and was added to the CISO Platform Top 100

Ania Kowalczuk

VP of Information Security Risk and Compliance

MongoDB

Think Tank Speaker

Ania Kowalczuk, Vice President of Information Security Risk and Compliance at MongoDB, brings a wealth of experience in steering comprehensive security strategies in the tech industry. Her expertise lies in harmonizing rigorous compliance standards with operational efficiency, ensuring MongoDB's products not only adhere to, but set benchmarks in data security and risk management. Ania’s leadership extends to shaping advanced cybersecurity initiatives, notably in developing teams focused on evolving risk and security regulations. Her insight and foresight in these areas have made her a key player in addressing the nuanced security needs of MongoDB’s diverse clientele, earning her a reputation as a forward-thinking leader in information security.

Melissa Ouari

InfoSec Risk and Business Continuity Officer

Money Management International

Think Tank Speaker

Melissa Ouari is the Information Security and Business Continuity Officer for Money Management International. She has been I the world of technology and accounting for more than 25 years and has served in leadership positions while in her role at public accounting firms in New York City and Boston. Melissa has an array of cyber risk experience and worked across virtually all industry sectors. In her role at Money Management International, she is establishing collaborative relationships with key business and IT stakeholders to strengthen security protocols across the enterprise and finding balanced solutions to achieve productivity, efficiency and internal controls.

Sara Aby

SVP global data and technology

Starcom

Think Tank Speaker

Starcom, founded in 2000 and headquartered in Chicago, Illinois, is a media agency that specializes in advertising and marketing.

Todd Gordon

CISO

EisnerAmper

Think Tank Speaker

EisnerAmper clients are based in the U.S., or comprised of U.S. business interests of foreign entities. To serve domestically-based clients with interests in financial services opportunities overseas, Eisner Amper offers the resources of offices in the UK, Israel, India and  EisnerAmper Global, with offices in the Cayman Islands, Singapore, and Ireland; as well as the services of Allinial Global. Todd, leads the information security team and is an experienced, detail-oriented, and innovative professional with proven performance in information security, enterprise-level systems administration, and project management.

Yabing Wang

CISO

Justworks

Think Tank Speaker

Yabing Wang is the VP and Chief Information Security Officer at Justworks. She has been in the technology world for 25 years, and has more than 20 years of extensive leadership experience in cybersecurity across different industries. Yabing thrives in transforming security into a business enabler through executive leadership, program delivery, and partnership with all stakeholders. She has built global security practices and strengthened cyber resilience at multiple fortune 100 companies and tech-forward companies.

Alex Shulman

Managing Director, Cloud Security

Ernst & Young

Think Tank Speaker

Alex Shulman-Peleg, PhD, is a Managing Director and cybersecurity consulting leader at Ernst & Young in the Americas. She is supporting hundreds of clients with modernization and cost reduction via secure enablement of Clouds and AI, addressing the involved risk, cybersecurity and regulatory requirements. In her previous role, she was the Director and Head of Cloud Security at Citibank, where she established and led a global CISO cloud security program, as well as cloud-native security engineering enabling massive modernization and faster application development. Being a pioneer in Cloud security, she led IBM’s early products and groundbreaking R&D initiatives including multi-national European consortiums consisting of industry and research leaders. She has 14 patents and more than 30 scientific publications having thousands of citations. She has decades of technological leadership and holds PhD, MSc and BSc degrees in computer science in the areas of ML, AI and computer vision.

Richard Rushing

CISO

Motorola Mobility Inc

Think Tank Speaker

Mr. Richard Rushing is the Chief Information Security Officer for Motorola Mobility LLC.; Richard participates in several corporate, community, private, and government Security Council’s and working groups setting standards, policies, and solutions to current and emerging security issues. As Chief Information Security Officer for Motorola Mobility, he has led the security effort by developing an international team to tackle the emerging threats of mobile devices, targeted attacks, and cyber-crime. He organized developed and deployed practices, tools and techniques to protect the intellectual property across the worldwide enterprise. A much-in-demand international speaker on information security Richard has presented at many leading security conferences and seminars around the world.

Amit Basu

VP, CIO & CISO

International Seaways

Think Tank Speaker

Amit Basu is the head of IT and IT Security at International Seaways (INSW). INSW, headquartered in New York City, is one of the largest tanker companies providing energy transportation services worldwide. Amit is a proven IT leader with over 25 years of experience in maritime IT and has pioneered several technology innovations in maritime. Over the last decade, Amit has led a digital transformation in INSW with a Cloud-Only IT strategy and is instrumental in designing a multi-layered cybersecurity framework promoting a cyber resilience culture. Amit holds an MBA as well as a Master of Science degree in Information Management from the Stevens Institute of Technology, New Jersey. He is also a Certified Information Security Manager from ISACA, certified in Cybersecurity Risk Management by HarvardX, Cybersecurity Oversight by Carnegie Mellon University, Maritime Cybersecurity by Lloyds Maritime, and Artificial Intelligence by MIT Sloan School of Management. Amit is an advisory board member for the Cybersecurity program at Pace University and Ithaca College, on the advisory board of Exium, and a member of the Governing Body of New York CIO Executive Summit.

Chris Hickman

Chief Security Officer

Keyfactor

Think Tank Speaker

Chris Hickman is the Chief Security Officer at Keyfactor. As a member of the senior management team, Chris is responsible for establishing & maintaining Keyfactor’s leadership position as a world-class, technical organization with deep security industry expertise. He leads client success initiatives and helps integrate the voice of the customer directly into Keyfactor’s platform and capability set. Chris previously held the position of Director of Technical Services at Alacris, an Ottawa based smartcard and certificate management company, which was sold to Microsoft and is now part of the Microsoft Identity Manager product suite. Chris has worked on PKI projects for organizations and firms including NATO, both the U.S. and Canadian Departments of Defense, Fortune 100 banks and financial institutions, manufacturers, insurance companies, telecommunication providers and retailers. He continues to be a trusted resource for enterprises looking to leverage digital certificates within existing portfolios and new product development.  Chris lives in Ottawa, Canada and enjoys traveling with his family, working on classic cars, and photography.

Anthony Gonzalez

Former VP & CISO

QBE North America

Think Tank Speaker

Visionary, results and solutions-driven professional with 20+ years of experience in progressively responsible Cyber Security and IT leadership roles in the financial services, insurance, pharmaceutical, biotechnology, consumer goods,and chemical manufacturing industries. Adept in building and leading global Cyber Security, IT technical and support functions. Creative, resourceful problem solver with a track record of success in delivering cost-effective and value-added services to his customers. Additional experience in industrial engineering and process improvement. Specialties: Areas of expertise include: Cyber Security, Network Security,Application Security, Infrastructure Management and Security Incident Management, Disaster Recovery, Forensic Investigations, Operations Management, Financial Management, Project/Portfolio Management, Policy/Procedure Development, Budget Preparation, Strategic Planning, Process Design/Implementation, Risk Mitigation, Enterprise Architecture, IT Governance, Manufacturing/Laboratory Automation, Organizational Design, Vendor Audits, System, Start-Up Operations, Sarbanes-Oxley (SOX), Talent Development/Mentoring, International Team Management, and Regulatory Compliance

Matt Goldberg

Chief of Staff (Office of the CISO)

Clear

Think Tank Speaker

Matt Goldberg is the Chief of Staff to the CISO at CLEAR. He partnered with the CISO to establish CLEAR’s Enterprise Risk program and also owns the board of directors reporting content. Prior to CLEAR, he worked in risk at Bridgewater Associates, where he helped generate client facing insight coverage for COVID-19. He began his career as a cyber threat intelligence analyst at Citigroup, where he assisted in the establishment and operation of the financial sector's first Cyber Security Fusion Center. He holds a Bachelor’s degree in Statistics and Ethics, History & Public Policy from Carnegie Mellon University. Matt lives in New York City with his fiancé and is as excited as anything for his UConn Huskies.

Samrah Kazmi

CISO

Koxa

Think Tank Speaker

Samrah Kazmi serves as the Chief Information Security Officer at Koxa, a fintech startup, and the Chief Innovation Officer at RESRG, an innovation advisory firm. She also serves as adjunct professor at New York University and The Pratt Institute. Samrah's extensive experience in leadership roles in Financial Services and Technology, as well as her deep domain expertise make her a trusted advisor to a wide range of clients, including complex financial institutions, government agencies, higher education, startups, and corporate boards. She covers a broad spectrum of topics, including Artificial Intelligence, Digital Ethics, Cybersecurity, Privacy, GRC, Regtech and Regulation. Notably, Samrah led the merger of the New York Stock Exchange with InterContinental Exchange as part of an elite Risk team and the $200bn Risk Transformation of General Electric. As an entrepreneur, she was the co-founder of Maiden Century, an alternative data platform. She has been ranked as a Top 100 Global Regtech influencer and received the Inspiring Fintech Female award from NYC Fintech Women and serves on the boards of multiple startups. In addition to degrees in Economics, Journalism, and Business, Samrah also holds certifications in Disruptive Strategy from Harvard, Digital Transformation from UC Berkeley, and Corporate Innovation and Fintech from MIT.

February 22, 2024

Agenda

All times Eastern Time

8:30 AM-9:00 AM

Registration


9:00 AM-9:30 AM

Morning Networking


9:35 AM-9:45 AM

Opening Remarks


9:45 AM-10:10 AM
Vision Voices Keynote

Securing Growth: Cybersecurity Considerations in Mergers and Acquisitions

Dive into the critical intersection of cybersecurity and M&A activities, where the stakes are high and the risks are significant. Arvin Bansal explores the unique challenges and complexities of integrating cybersecurity strategies during mergers, acquisitions, and divestitures. Gain insights into effective risk assessment methodologies, due diligence practices, and post-transaction integration strategies to safeguard sensitive data and mitigate potential threats. Join Arvin as he navigates the evolving landscape of cybersecurity in M&A transactions and explores best practices for ensuring security and compliance throughout the deal lifecycle.


10:15 AM-10:50 AM
Fireside Chat

Navigating AI Security in the Cloud: CISO Insights for 2024

"Navigating the Cloud" panel will focus on CISOs and InfoSec leaders exploring how to secure AI data in the evolving cloud landscape. Focused on AI security best practices, encryption, and threat intelligence, the session offers actionable insights from real-world experiences. The discussion extends to specialized topics like Zero Trust Architecture, regulatory compliance, AI-centric incident response, and vendor risk management. Engage with industry leaders for collaborative discussions, empowering CISOs with practical strategies to navigate the complexities of AI security in the cloud. Don't miss this session for essential insights into securing AI data in the dynamic cloud environment of 2024.


10:50 AM-11:15 AM

Coffee Break


11:15 AM-11:30 AM
Vision Voices

Enterprise Risk and Probability Theory

In today's complicated cyber environment, the significance of a risk-centric approach is paramount. Explore the importance of adopting a risk mindset as a core in building your security strategy and ensuring buy-in from senior leaders. 

Cyber Security is fundamentally a risk management function. We must know and understand our risks to effectively drive prioritization, but your picture is only as strong as your assumptions. There’s no magic crystal ball, but you can increase the confidence in your risk picture and generate buy-in from stakeholders using simple probability models. Join me as I outline these methods and show what you need to get started. 


11:35 AM-11:50 AM
Disruptor

Navigating Post-Quantum Cryptography: Communicating Cyber Risk at Board-Level

Ready or not, a new era for security is on the not-so-distant horizon, and there’s no shortage of hype surrounding quantum computing. But the most critical question security and business leaders must ask now is how will post-quantum cryptography (PQC) impact cybersecurity?

In this session, Chris Hickman, Chief Security Officer at Keyfactor, will share his expert views on the impact of quantum computing and what it will take to become quantum-ready – from the art of strategic planning and decision-making to communicating the potential cyber risk at the board level. 
  
Post-quantum cryptography will affect everything we do, and adapting accordingly is inevitable. Whether you’re a CISO worried about Q-Day timing or complying with new industry standards around PKI and code signing, you won’t want to miss this! 
In partnership with:

12:00 PM-1:00 PM

Lunch & Disruptor Showcase


12:40 PM-12:55 PM
Disruptor

Leveraging Artificial Intelligence for SaaS Discovery

In today's interconnected business world, companies rely on SaaS applications as the operating system of business, which can pose significant cybersecurity risks. This makes it critical for companies to have effective security measures in place to properly secure their entire SaaS environment. Failure to do so can result in data breaches, financial losses, and reputational damage. To mitigate this risk, companies must ensure they are monitoring not only the SaaS applications that are managed and known to the IT team, but their entire SaaS environment. Application discovery provides a comprehensive view into the entire SaaS ecosystem, including what managed applications have access to data, connected third-party apps, and even shadow apps, as well as who has enabled them, and the level of access they’ve been granted. Using a combination of graph algorithms, anomaly detection, NLP, and GenAI tools, solutions leveraging AI can provide a complete picture of interactions and activities across users. This insight can be used to pinpoint common causes of a breach such as misconfigurations, overly permissioned users, and compromised accounts. In this session, we’ll explore the importance of investing in SaaS discovery, how AI can add the context needed to protect against common causes of breaches, and how organizations can secure their SaaS from the most common risks that can lead to a breach in 2023 and beyond.

In partnership with:

1:00 PM-1:55 PM
Keynote Panel

Building Cyber Fortitude: Digital and Risk Strategies for Resilient Cybersecurity

In the realm of building cyber resilience, organizations confront increased risk exposure amidst bold moves and evolving external challenges. Despite investments in technology and data, risk and digital leaders, including CISOs, express difficulty in keeping pace with the persistent threat of cyber crises. However, in today's business landscape, discussions of digital transformation or reinvention are inseparable from considerations of cybersecurity. Looking ahead, stakeholders, from the board to frontline cybersecurity operations, pose critical questions about resiliency. This includes inquiries about the adequacy of efforts to safeguard the company and its customers in the face of cyber attacks. The focus shifts to identifying opportunities to minimize the impact on business and shareholder value through effective threat response. Embracing cybersecurity as a whole-of-business endeavor, organizations are urged to align themselves with business owners, adapting to changes in the cyber landscape and fortifying resilience against disruptions. Building confidence in the cybersecurity program becomes paramount in navigating the dynamic and challenging cyber landscape effectively.


2:00 PM-2:20 PM

Networking Break


2:20 PM-3:05 PM
Panel

Ransomware and Cyber Readiness

Ransomware attacks are in the headlines, affecting businesses and individuals in all sectors. Through 2024, these attacks have continued to grow, resulting in significant financial losses, data theft, and reputational damage. Even businesses that have achieved a level of cybersecurity compliance remain at risk unless they have understood what impact a ransomware attack really means in the context of their business.

The good news? When you have identified how to protect your business from a ransomware attack you have already defined what needs to be done to reduce your total cyber risk exposure across all levels of attack. Ransomware might be the most reported attack, but is nowhere near the most expensive or damaging cyber attack you might face.


3:10 PM-3:25 PM
Disruptor

Safeguarding Non-Human Identities: Insights from Recent Breaches

Recent security breaches, exemplified by incidents such as Cloudflare's, serve as a poignant reminder of the vulnerabilities inherent in unattended Non-Human Identities (NHIs). These breaches underscore the intricate operational hurdles even the most seasoned security teams encounter in managing NHIs effectively. While modern enterprises have diligently crafted strategies to fortify human identities and have deployed tailored solutions accordingly, the same rigor is often lacking in the realm of NHIs. In this exclusive session, esteemed Oasis Security CEO, Danny Brickman, will expound upon how organizations can significantly curtail their susceptibility to breaches by implementing robust NHI management practices, thereby diminishing their attack surface and fortifying their cyber defenses.

In partnership with:

3:30 PM-4:05 PM
Fireside Chat

Third-Party Exposure

In today's interconnected business world, companies rely on vendors and suppliers for various services, which can pose significant cybersecurity risks. Third-party exposure is a major concern, as companies can be held liable for any data breaches or security incidents that occur due to the actions of their third-party providers. In 2024, this risk is expected to increase as companies continue to outsource work to third-party providers. This makes it more critical for companies to have effective security measures in place to properly secure third-party access. Failure to do so can result in data breaches, financial losses, and reputational damage. To mitigate this risk, companies must prioritize implementing comprehensive security measures that include vendor risk assessments, due diligence, contractual requirements, and ongoing monitoring. Additionally, companies must ensure that their third-party providers adhere to cybersecurity best practices and standards. By taking these proactive steps, companies can better protect themselves from the risks associated with third-party exposure in 2024 and beyond.


4:05 PM-4:15 PM

Closing Remarks & Raffle Giveaway


4:15 PM-5:15 PM

Cocktail Hour