CISO National Summit
January 27, 2022
CISO National Summit
Anyone can log in from anywhere. All you need is WiFi.
The Assembly will feature members from...
Agenda
* All Times In EST
12:00pm-12:05pm
Opening Remarks
12:05pm-12:55pm
Keynote Panel: “The War on Talent: Scaling the Security Team through Developers“
 |
||||
| Simon Maple Field CTO |
VistaPrint |
Centene Corporation/Carolina Complete Health |
Baker Hughes |
The Standard |
|
| Rosa Feygin Head of Security |
Rick Doten CISO |
Aakrati Mehta Adhvaryu Director of CyberSecurity Identity and Access Management |
Suresh Chawdhary Sr. Director Information Security & Risk Management |
read more »
In today’s security landscape, there is a need to remain compliant, yet innovative, and to still be able to deliver new products to market without losing speed. How are CISOs balancing emerging regulatory concerns while also taking risks to win market share? Join this panel discussion to learn how Snyk and leaders in the industry are tackling new security requirements to do business and the challenges of talent shortages by empowering developers and shifting security left through developer first security.
We’ll discuss:
- How compliance can still be achieved through the governance and tracking of developer adoption and activity
- How security champions programs can formally bridge a gap across organizations
- How to find a balance between regulation and innovation
« show less
1:00pm-1:25pm
Keynote Presenter: “Why legacy MFA is not good enough for modern auth requirements“
 |
||||
| Patrick McBride CMO |
read more »
On top of new and existing regulatory requirements, the massive uptick in ransomware and other attacks that feed off of stolen credentials have prompted cyber insurers to mandate widespread adoption of MFA as a requirement for renewal. But not all MFA is created equal.
Long-standing MFA pain points such as user friction, complexity and cost are still notable obstacles to MFA adoption. But in a surprising change, the US Government and others are warning companies about the major vulnerability with “phishable” MFA. Join us for an insightful discussion on requirements for modern MFA and how you can build a trusted authentication architecture that includes both the ‘who’ you as well as ‘what’ device employees logging in from. We will also explore how this is a key building block for zero trust.
Discussion points:
- How does passwordless and MFA fit in?
- Can organizations avoid the “transitive trust” pitfall with new authentication models?
- What are the issues with existing, “legacy” MFA solutions and how can they be overcome?
- What does an ideal solution look like?
- What are some of the barriers to implementing stronger authentication?
- What path(s) are advanced organizations are taking to adopt strong authentication that can underpin their zero trust initiatives.
« show less
1:30pm-1:45pm
Fireside Chat: “Rise of Next-Generation Software Supply Chain Attacks“
 |
||||
| Maury Cupitt VP |
read more »
Next-Generation Cyber Attacks – An Upstream and Downstream Moving Target
Legacy software supply chain “exploits” prey on publicly disclosed open source vulnerabilities left unpatched in the wild. Conversely, next-generation software supply chain “attacks” are far more sinister because bad actors are no longer waiting for public vulnerability disclosures. Instead, they are taking the initiative and actively injecting malicious code into open source projects that feed the global supply chain.
By shifting their focus “upstream,” adversaries can infect a single component, that’s then distributed “downstream” using legitimate software workflows and update mechanisms.
Next-generation cyber attacks actively targeting open source software projects have increased 430% year-over-year. From February 2015 to June 2019, 216 such attacks were recorded. Then from July 2019 to May 2020 an additional 929 attacks were documented.
Next-generation software supply chain attacks are possible for three reasons:
1. Open source projects rely on contributions from thousands of volunteer developers, and discriminating between community members with good or malicious intent is difficult, if not impossible.
2. Open source projects themselves typically incorporate hundreds — if not thousands — of dependencies from other open source projects, many of which contain known vulnerabilities. While some open source projects demonstrate exemplary hygiene as measured by mean time to
remediate (MTTR) and mean time to update (MTTU), many others do not. The sheer volume of open source and massive number of dependencies makes it difficult to quickly evaluate the quality and security of every new version of a dependency.
3. The ethos of open source is built on “shared trust” between a global community of individuals, which creates a fertile environment whereby bad actors can prey upon good people with surprising ease.
When malicious code is deliberately and secretly injected upstream into open source projects, it is highly likely that no one knows the malware is there, except for the person that planted it. This approach allows
adversaries to surreptitiously “set traps” upstream, and then carry out attacks downstream once the vulnerability has moved through the supply chain and into the wild.
This session explores:
- the evolution of software supply chain attacks
- their impact on open source ecosystems
- how companies can proactively protect themselves
« show less
1:50pm-1:55pm
Senior Supporter: “What you need to know about protecting your APIs“
 |
||||
| Edward Roberts VP of Marketing |
read more »
Today, APIs help enable business growth. They are the connective tissue that powers digital transformation. Their adoption is widespread, with businesses continually opening API access to more partners, applications, mobile apps, and IOT devices. But how are organizations expected to protect this ever-changing API estate? How do you know what is good and bad behavior on each API your organization uses? This API blindspot is becoming the biggest security problem for today’s businesses.
In this talk you will learn:
- The scope of the business problem of API abuse.
- Where traditional security products fail.
- How mature is your organization on understanding API security issues.
- How to prepare your organization and adopt API security best practices.
« show less
2:00pm-2:25pm
Fireside Chat: “Security Observability – Are you ready for the next Log4J?“
 |
|
|||
| Dana Gardner Director, Product Evangelist |
Sanjay Nagaraj Co-Founder & CTO |
read more »
When Log4j emerged, many organizations were caught “flying blind”, hoping that they could protect their applications with their traditional perimeter defense. Modern applications are extremely hard to secure because, in the cloud, the apps are no longer behind a firewall, but rather connected to services potentially everywhere. As a result, security at the gate is simply not enough, now we need visibility of what we have, how it is behaving, and how it is being used or abused. We need visibility with the context of the application in order to protect the business from emerging threats like Log4J and others.
In this session you’ll learn:
- How applications have changed and why we need to rethink application security
- How APIs are the key to security in the future
- How application security requires close collaboration across dev, sec, and ops
« show less
2:30pm-2:45pm
Disrupter Presenter: “Empowering your Organization to Prevent ATO Attacks and Ultimately Boost Revenue“
 |
||||
| Carl Mosby Manager, Solutions Engineering |
read more »
F5 blocks more than 2 billion fraudulent login attempts and other transactions every 24 hours and protects 200 million+ legitimate transactions. Now more than ever, organizations must learn how to defend apps for online users from automated and sophisticated attacks to prevent account takeover and fraud.
Join this session to learn how to:
- Mitigate imitation attacks that emulate human behavior to bypass security checks
- Detect sophisticated fraud that leverages human click farms and manual attacks to bypass security checks
- Mitigate client-side attacks that bypass security checks by targeting the user runtime environment
- Provide insights and context to security and fraud management ecosystems that help identify fraudulent transactions in real-time across the entire user journey
« show less
2:50pm-3:30pm
CXO Panel: “Ransomware: How to Reduce Your Likelihood of Being a Victim”
 |
Cushman & Wakefield |
State of Arizona |
Royal Caribbean Group |
|
| Jacob Olcott Vice President, Communications and Government Affairs |
Erik Hart CISO |
Dan Wilkins CISO |
Terry Griffith Director of Incident Response & Counter Threat Unit |
read more »
Colonial Pipeline. JBS meat processor. Scripps Health. The list of recent high-profile ransomware victims is long and growing. So are the costs to recover from these crimes.
But what if you could take preventive steps to reduce your likelihood of becoming a ransomware victim? BitSight recently analyzed hundreds of ransomware incidents to identify common security performance gaps and challenges that lead to successful ransomware incidents. One finding: Poor patching performance is a strong indicator of increased risk to ransomware. In fact, organizations with less mature patching programs
are 7x more likely to experience a ransomware incident.
Register for this executive roundtable for new insights and discussion about:
- Sector-specific insights tied to recent ransomware trends
- Vulnerabilities that indicate heightened risk of ransomware
- Programmatic areas to to reduce the likelihood of being a ransomware victim
« show less
* All Times In EST
Media Partners
Got questions? We've got answers!
Why should I attend?
Your time is valuable and we make sure to make the most of it! We take the time to figure out your challenges and customize your experience to meet your needs. Our agendas are tailored to your feedback and we pride ourselves in covering the most cutting-edge content delivered by renowned industry experts. Look forward to building enduring partnerships and together we’ll go straight to the top.
Where is the event taking place?
The event is by invitation-only. The location will be released to all attendees once your registration has been confirmed.
What is the dress code?
We recommend business attire. Most attendees wear suits or comparable attire. Ties are optional.
Can I bring a colleague with me?
Yes! We always urge our members to refer their colleagues! We love adding new members to the community, especially if they come highly recommended by a current member. Either have them reach out to your Apex POC or have them fill out the Member Registration Form.
What if I have dietary restrictions?
No problem! Please let your Apex POC know as soon as possible in order for us to work with the venue on providing alternate options for you at the event.
What if I want to speak at an assembly?
Apex is always looking for speakers that can contribute their valuable insight. If you would like to speak, please contact your Apex POC or fill out the Speaker Registration Form on the Assemblies page. Please keep in mind that we receive many inquiries for speaking and sessions are available on a first come first served basis. But no need to worry, we have plenty of opportunities available at future assemblies.
I plan on being in attendance, but what if something comes up and I have to cancel?
We understand that something may come up on your calendar! Before canceling with us, please know that we will have a separate room for attendees to step out for work-related activities (meetings, emails, conference calls, etc.). If you must cancel, we just ask that you let us know at least 48 hours in advance so that we can open up the waitlist for another member.
Speaker: Vivienne Suen, Cybersecurity Architect, CCSP, IBM Security 
With an alarming number of breaches, it is clear that the attack surface has greatly expanded. As enterprises work to develop a progressive strategy, there is an increasing need to deploy and manage a variety of advanced internal and external security services. This leaves the Chief Information Security Officer faced with a multitude of challenges to maintain and run a secure enterprise.
The CISO is at the center of the security dialogue and is ultimately responsible for the guidance and leadership of an increasingly intricate technology landscape. Given the weight of that responsibility, the search for the most transformative solutions that enable them to protect the enterprise is constant and the need to stay ahead of the curve, a must.
Apex Assembly will unite visionary leaders and industry experts for a half day of content and discussion, where we will examine the challenges and the most pressing issues of 2022 in the information technology sector.
Through collaboration with our executive community, we have discovered key industry challenges and trends. These topics form the foundation of the Summit and will be addressed through Panels, Disrupter sessions, and Fireside chats.
Hosted using video conferencing technology, our Virtual Summit gives executives and service providers the opportunity to engage with like-minded executives and industry leaders without having to leave their office or home.