CISO National Virtual Summit

March 23, 2021

CISO National Virtual Summit

Anyone can log in from anywhere. All you need is WiFi.

The Assembly will feature members from...


* All Times In EST


Opening Remarks


Keynote Panel: “State of Security 2021: Empowering CISOs and their teams

Moderated By:

Rob Cross
Sales Director, Synack

Pekin Insurance
Jack Henry & Associates
Greg Bee
CISO & Chief Risk Officer
Sujeet Bambawale
Yonesy Núñez

read more »

With the dynamic and rapid pace of technology innovations, cloud migrations, product releases, and development cycles, CISOs and their teams need to find ways to keep pace with malicious adversaries. Security teams have had to make tradeoffs and invest in less-than-ideal self-service scanning solutions to get broad attack surface coverage. These solutions fall short, producing noisy results, false positives, lack of actionable insights.

In this panel, moderated by Rob Cross, Sales Director at Synack, will discuss the use of on-demand security testing and analytics to:

  • Get actionable security data in real time at a continuous cadence
  • Insight into a comprehensive security strategy that minimizes risk
  • Understand how testing results and analytics can provide visibility to inform

« show less


Keynote Presenter: “Why the Rapid Removal of Phishing Threats Has Never Mattered More

Aaron Higbee
Chief Technology Officer and Co-Founder, Cofense

read more »

Threat actors are masquerading as business tools and communication platforms to slip past perimeter controls that are programmed to block known threats. In our recently released Annual State of Phishing Report, we discuss how 2020 saw the emergence of new threat actors, the appearance of some old ones, and changes in malware and phishing attacks.

Join Cofense CTO & Co-Founder, Aaron Higbee as he shares the best and worst of 2020, what we learned about phishing, phishing attacks, threat actors, malware, and more.

Attend this Keynote to Learn:

  • How attackers are diversifying the malware used in phishing campaigns.
  • How over 50% of phish reported to the Cofense PDC by end users are credential phish
  • How the COVID-19 pandemic reshaped the phishing landscape.
  • Why you can’t stop human attackers without human reporting and analysis

« show less


CXO FireSide: “ Rise of Next-Gen Software Supply Chain Attacks

Mondelēz International
Ax Sharma
Senior Security Researcher, Sonatype
Paolo Vallotti
Global CISO

read more »

Legacy software supply chain “exploits”, such as Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities that are left unpatched in the wild. Conversely, next-generation software supply chain “attacks” are far more sinister because bad actors are no longer waiting for public vulnerability disclosures. Instead, they are actively injecting malicious code into open source projects that feed the global supply chain.

Join this session ith Ax Sharma, Senior Security Researcher, Sonatype to:

  • Understand software supply chain attacks and their impact on the open-source ecosystem
  • Deep dive into prominent real-world examples of dependency confusion, typosquatting and brandjacking malware
  • Learn how your organization can proactively protect itself against software supply chain attacks

« show less


Thought Leadership: “Digital (IT) Governance Is Broken!”

Levi Gundert
Senior Vice President of Global Intelligence and Customer Success

read more »

As cyber-attacks increase in complexity, frequency, and velocity, in our experience, many enterprise organizations are reliant on outdated IT governance. The organizational paradigm is limited by slow-moving bureaucracy and scarce resources. This situation is often the result of a limited understanding of the risks on the part of decision-makers, like board executives who rely on outdated corporate governance frameworks that were developed in response to accounting scandals – e.g., WorldCom, Enron, Tyco, etc. – not cyber risks.

Enterprise executives continue to propagate a compliance check-box mindset that values minimal security control investment to meet audit standards. The focus on audit/compliance misses the costs that may extend beyond regulatory penalties into financial losses that are not always small enough to recover from without significant repercussions.

In this session, we draw from consulting experience, candid conversations with security leaders, and empirical research to define the current issues plaguing enterprise cyber governance, while offering specific remedies for organizational leaders striving for an effective governance model that moves beyond audit compliance to iterative and measurable risk reduction.

« show less


Executive Vision Presenter: “Anyone is a target for a Nation-State Attack, Even You

Ran Shahor
Brigadier General (Ret.)
CEO & Founder, HolistiCyber

read more »

« show less


CXO Panel: “Calculating the ROI on your security service provider“

Cambridge Health Alliance
Mike Rutledge
Strategic Business Manager, F-Secure Countercept
Amit Bhardwaj
Arthur Ream III
Josh Senzer
Senior Solutions Consultant

read more »

Working with outsourced security partners can sometimes feel like paying for an expensive black box. What are they really achieving for you and how do they do it? Understanding how, or perhaps even if, your security partner contributes to the ROI on your overall security plan is paramount and can start to reveal where improvements could be made. In this panel discussion, we will hear from peers working within information security how they tackle this challenge and what a good outsourced security partner looks like to them.

Key takeaway bullets:

  • An understanding of how your peers see value in their service providers
  • A range of options in methodology for calculating security ROI
  • An understanding of what good looks like in an outsourced security partner

« show less


CXO FireSide: “Assume Breach and Stop Attacker Movement

Castleton Commodities International
Wade Lance
Field CTO, Illusive
Nikolai Zlatarev

read more »

Human-operated attacks, including nation-state espionage and targeted ransomware, are on the rise against large enterprises in every industry. These are highly-targeted strains designed to evade security controls, reach critical assets and either steal information or surgically extort large sums of money. Despite significant investments, It’s still difficult for any given enterprise to be certain that attackers can’t bypass their security tools, move inside the environment and manipulate or encrypt data. During this presentation, we will examine how to stop sophisticated attackers by choking off their ability to move laterally and encrypt thousands of devices at scale.

« show less


Closing Keynote Panel: “Protecting your data – no matter what happens next

Moderated By:

John Grimm
Vice President of Strategy and Business Development

Ricoh USA, Inc
Murtaza Nisar
David Levine
Chief Security Officer
Anne Coulombe
Head of Data Protection & Data Protection Officer

read more »

The use of encryption to protect sensitive data has become much more pervasive, with the average enterprise now using more than 8 different products that perform encryption. Protecting and managing the secret keys used to perform encryption and decryption is the linchpin of a data protection strategy, but many organizations struggle to do it consistently and effectively.

This session and discussion will explore:

  • The challenges created by digital transformation, mobility, and other initiatives that create new destinations for sensitive data
  • The evolving threat landscape and the role encryption plays – both good and bad
  • Best practices for managing encryption and the security of keys in complex multi-cloud and enterprise environments, particularly as new technologies are introduced.

« show less

* All Times In EST

Got questions? We've got answers!

Why should I attend?

Your time is valuable and we make sure to make the most of it! We take the time to figure out your challenges and customize your experience to meet your needs. Our agendas are tailored to your feedback and we pride ourselves in covering the most cutting-edge content delivered by renowned industry experts. Look forward to building enduring partnerships and together we’ll go straight to the top.

Where is the event taking place?

The event is by invitation-only. The location will be released to all attendees once your registration has been confirmed. 

What is the dress code?

We recommend business attire. Most attendees wear suits or comparable attire. Ties are optional.

Can I bring a colleague with me?

Yes! We always urge our members to refer their colleagues! We love adding new members to the community, especially if they come highly recommended by a current member. Either have them reach out to your Apex POC or have them fill out the Member Registration Form.

What if I have dietary restrictions?

No problem! Please let your Apex POC know as soon as possible in order for us to work with the venue on providing alternate options for you at the event.

What if I want to speak at an assembly?

Apex is always looking for speakers that can contribute their valuable insight. If you would like to speak, please contact your Apex POC or fill out the Speaker Registration Form on the Assemblies page. Please keep in mind that we receive many inquiries for speaking and sessions are available on a first come first served basis. But no need to worry, we have plenty of opportunities available at future assemblies.

I plan on being in attendance, but what if something comes up and I have to cancel?

We understand that something may come up on your calendar! Before canceling with us, please know that we will have a separate room for attendees to step out for work-related activities (meetings, emails, conference calls, etc.). If you must cancel, we just ask that you let us know at least 48 hours in advance so that we can open up the waitlist for another member.


straight to the top