CISO National Virtual Summit

March 23, 2021

CISO National Virtual Summit

Anyone can log in from anywhere. All you need is WiFi.
Inquire About Membership
Inquire About Sponsorship

The Assembly will feature members from...

Register Here

Agenda


* All Times In EST


12:00pm-12:05pm

Opening Remarks


12:05pm-12:50pm

Keynote Panel: “State of Security

Moderated By:



Pekin Insurance
7-Eleven
Jack Henry & Associates
Cemex USA
Greg Bee
CISO & Chief Risk Officer
Sujeet Bambawale
CISO
Yonesy Núñez
CISO
Romeo Siquijor
CIO



read more »


The charter of the CISO has always been daunting, made even more so by the challenges brought forth by the COVID pandemic. From budget constraints to competing priorities, business and security leaders need to rethink their ideas around business continuity, expansion/contraction, work-from-home/work-from-office, all while managing exposure and risk. The CISO is entrusted to protect and defend the enterprise internally and externally from continuous threats in a constantly changing landscape, typically with limited resources and unrealistic deadlines, all with the expectation that there are zero vulnerabilities. Given such an impossible reality, “hope” can seem to be the best strategy. It is not. Please meet our panel of CISOs that will share their experiences in how they navigate these challenges, and plan for success rather than hope for it! You will learn from them:

  • The unique COVID-related cybersecurity challenges presented in 2020;
  • The balance between playing “offense vs. defense” in today’s environment;
  • The benefits and difficulties with outsourcing vs. insourcing cybersecurity solutions;
  • Emerging threats.

« show less


12:55pm-1:20pm

Keynote Presenter: “”



read more »


Abstract: Zero Trust is suddenly THE cyber strategy that everyone is talking about. From the recent Forrester Zero Trust Wave to every security vendor’s website, the words “Zero Trust” are popping up just about everywhere. Despite the attention, Zero Trust is still a strategy for most, with little reality to show for it. In this session, Illumio’s Chief Evangelist Nathanael Iversen will discuss Zero Trust and <maybe offer some directions/steps/something> to make it a reality.

  • Real-world examples of effective Zero Trust strategies
  • Best practices for successful implementation
  • How to take an end-to-end approach to Zero Trust

« show less


1:25pm-1:50pm

CXO FireSide: “ Rise of Next-Gen Software Supply Chain Attacks

Mondelēz International
Ax Sharma
Senior Security Researcher, Sonatype
Paolo Vallotti
Global CISO



read more »

Legacy software supply chain “exploits”, such as Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities that are left unpatched in the wild. Conversely, next-generation software supply chain “attacks” are far more sinister because bad actors are no longer waiting for public vulnerability disclosures. Instead, they are actively injecting malicious code into open source projects that feed the global supply chain.

Join this session ith Ax Sharma, Senior Security Researcher, Sonatype to:

  • Understand software supply chain attacks and their impact on the open-source ecosystem
  • Deep dive into prominent real-world examples of dependency confusion, typosquatting and brandjacking malware
  • Learn how your organization can proactively protect itself against software supply chain attacks

« show less


1:55pm-2:25pm

Thought Leadership: “Digital (IT) Governance Is Broken!”

Levi Gundert
Senior Vice President of Global Intelligence and Customer Success



read more »

As cyber-attacks increase in complexity, frequency, and velocity, in our experience, many enterprise organizations are reliant on outdated IT governance. The organizational paradigm is limited by slow-moving bureaucracy and scarce resources. This situation is often the result of a limited understanding of the risks on the part of decision-makers, like board executives who rely on outdated corporate governance frameworks that were developed in response to accounting scandals – e.g., WorldCom, Enron, Tyco, etc. – not cyber risks.

Enterprise executives continue to propagate a compliance check-box mindset that values minimal security control investment to meet audit standards. The focus on audit/compliance misses the costs that may extend beyond regulatory penalties into financial losses that are not always small enough to recover from without significant repercussions.

In this session, we draw from consulting experience, candid conversations with security leaders, and empirical research to define the current issues plaguing enterprise cyber governance, while offering specific remedies for organizational leaders striving for an effective governance model that moves beyond audit compliance to iterative and measurable risk reduction.

« show less


2:25pm-2:45pm

Executive Vision Presenter: “Anyone is a target for a Nation-State Attack, Even You

Ran Shahor
Brigadier General (Ret.)
CEO & Founder, HolistiCyber



read more »

« show less


2:50pm-3:30pm

CXO Panel: “Calculating the ROI on your security service provider“

Mike Rutledge
Strategic Business Manager, F-Secure Countercept



read more »

Working with outsourced security partners can sometimes feel like paying for an expensive black box. What are they really achieving for you and how do they do it? Understanding how, or perhaps even if, your security partner contributes to the ROI on your overall security plan is paramount and can start to reveal where improvements could be made. In this panel discussion, we will hear from peers working within information security how they tackle this challenge and what a good outsourced security partner looks like to them.

Key takeaway bullets:

  • An understanding of how your peers see value in their service providers
  • A range of options in methodology for calculating security ROI
  • An understanding of what good looks like in an outsourced security partner

« show less


3:35pm-4:00pm

CXO FireSide: “Assume Breach and Stop Attacker Movement

Castleton Commodities International
Wade Lance
Field CTO, Illusive
Nikolai Zlatarev
CISO



read more »

Human-operated attacks, including nation-state espionage and targeted ransomware, are on the rise against large enterprises in every industry. These are highly-targeted strains designed to evade security controls, reach critical assets and either steal information or surgically extort large sums of money. Despite significant investments, It’s still difficult for any given enterprise to be certain that attackers can’t bypass their security tools, move inside the environment and manipulate or encrypt data. During this presentation, we will examine how to stop sophisticated attackers by choking off their ability to move laterally and encrypt thousands of devices at scale.

« show less


4:05pm-4:45pm

Closing Keynote Panel: “Protecting your data – no matter what happens next

Moderated By:

John Grimm
Vice President of Strategy and Business Development



TracFone Wireless
Elanco
Bright Horizons
MassMutual
Igor Spektor
CISO
Murtaza Nisar
CISO
Javed Ikbal
CISO
Anne Coulombe
Head of Data Protection & Data Protection Officer



read more »

The use of encryption to protect sensitive data has become much more pervasive, with the average enterprise now using more than 8 different products that perform encryption. Protecting and managing the secret keys used to perform encryption and decryption is the linchpin of a data protection strategy, but many organizations struggle to do it consistently and effectively.

This session and discussion will explore:

  • The challenges created by digital transformation, mobility, and other initiatives that create new destinations for sensitive data
  • The evolving threat landscape and the role encryption plays – both good and bad
  • Best practices for managing encryption and the security of keys in complex multi-cloud and enterprise environments, particularly as new technologies are introduced.

« show less


* All Times In EST

Media Partners

Learn More About Our Partners

Got questions? We've got answers!

Why should I attend?

Your time is valuable and we make sure to make the most of it! We take the time to figure out your challenges and customize your experience to meet your needs. Our agendas are tailored to your feedback and we pride ourselves in covering the most cutting-edge content delivered by renowned industry experts. Look forward to building enduring partnerships and together we’ll go straight to the top.

Where is the event taking place?

The event is by invitation-only. The location will be released to all attendees once your registration has been confirmed. 

What is the dress code?

We recommend business attire. Most attendees wear suits or comparable attire. Ties are optional.

Can I bring a colleague with me?

Yes! We always urge our members to refer their colleagues! We love adding new members to the community, especially if they come highly recommended by a current member. Either have them reach out to your Apex POC or have them fill out the Member Registration Form.

What if I have dietary restrictions?

No problem! Please let your Apex POC know as soon as possible in order for us to work with the venue on providing alternate options for you at the event.

What if I want to speak at an assembly?

Apex is always looking for speakers that can contribute their valuable insight. If you would like to speak, please contact your Apex POC or fill out the Speaker Registration Form on the Assemblies page. Please keep in mind that we receive many inquiries for speaking and sessions are available on a first come first served basis. But no need to worry, we have plenty of opportunities available at future assemblies.

I plan on being in attendance, but what if something comes up and I have to cancel?

We understand that something may come up on your calendar! Before canceling with us, please know that we will have a separate room for attendees to step out for work-related activities (meetings, emails, conference calls, etc.). If you must cancel, we just ask that you let us know at least 48 hours in advance so that we can open up the waitlist for another member.

UPCOMING ASSEMBLIES

straight to the top
View All →