SecurityWeek CISO Forum, Presented by Intel: Full Schedule

6:00pm PDT

Welcome Reception

Join us for a welcome reception at the Ritz-Carlton Observatory room overlooking Half Moon Bay. Meet other CISO Forum delegates and enjoy appetizers, cocktails and great conversation!

Tuesday September 24, 2019 6:00pm - 8:00pm PDT

7:30am PDT

Breakfast and Registration

Wednesday September 25, 2019 7:30am - 8:45am PDT

Breaks

8:45am PDT

Welcome Introductions

Moderators

Jim Gordon

GM of Security Ecosystem Strategy & Development, Intel Corp.

Jim Gordon is an Intel veteran of 20+ years and has held a variety of roles over this time. He has held leadership positions in Intel’s channel product, influencer, and software & services groups. Most notably he served 3.5 years as Chief of Staff and Technical Assistant to Intel’s... Read More →

Wednesday September 25, 2019 8:45am - 9:00am PDT

9:00am PDT

Advancing the Security of the Microsoft Windows OS

Windows is the operating system and application platforms that powers hundreds of millions of customers, enterprises, and core infrastructure globally. In order to remain resilient in a constantly evolving threat landscape, the OS security engineering team at Microsoft has built a strategy to address new and challenging attacks. This talk will walk attendees through Windows current and future security strategy and the engineering challenges with scaling across new devices, form factors, and threat models from client to the intelligent edge and cloud.

Speakers

David Weston

Director of OS Security, Microsoft

David Weston is the Partner Director of OS security at Microsoft where he is responsible for the Security engineering of Windows, Windows Server, and the Azure OS as well as the Offensive Security Research Team (also known as the Windows REDTEAM). Before leading security engineering... Read More →

Wednesday September 25, 2019 9:00am - 9:45am PDT

Presentation

9:45am PDT

Intel’s Security First Pledge: Come Walk a Mile in Our Shoes

Senior Director in the Intel Product Assurance and Security (IPAS) Group, Bryan Jorgensen, will provide an overview of Intel’s “Security First” pledge, a company-wide initiative that covers active security research and red-teams, a healthy bug-bounty program supporting third-party vulnerability research, architectural leadership, ongoing Security Lifecycle Development (SDL) improvements, incident response and product governance.

Speakers

Bryan Jorgensen

Senior Director, Intel Product Assurance and Security group (IPAS)

Bryan Jorgensen is a Senior Director in Intel’s Product Assurance and Security group (IPAS). He is responsible for leading Intel’s global security communications strategy, including advocating principles of Coordinated Vulnerability Disclosure (CVD), and strengthening collaboration... Read More →

Wednesday September 25, 2019 9:45am - 10:15am PDT

Presentation

10:15am PDT

Project Zero, iMessage and Attack Surface

Google Project Zero aims to make it more difficult for attackers to use 0-day vulnerabilities against all users. This talk will explore the team's recent research into iMessage. It will discuss the team's goals, their research methodology and what there is to learn from vulnerabilities in commonly-used software.

Speakers

Natalie Silvanovich

Security Researcher, Google Project Zero

Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is browser security, including script engines, WebAssembly and WebRTC. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research... Read More →

Wednesday September 25, 2019 10:15am - 10:45am PDT

Presentation

10:45am PDT

Morning Coffee Break

Wednesday September 25, 2019 10:45am - 11:00am PDT

Breaks

11:00am PDT

Cybersecurity on the Frontier: Workforce and Technical Challenges

Aanchal Gupta, Head of Security for Calibra, will share her perspective on managing and scaling security organizations. With an ever evolving threat landscape, it’s never been more important to have a robust and nimble security function. Aanchal will provide insights on building teams to scale to manage these threats, with a focus on bringing more diverse perspectives into the security industry.

Speakers

Aanchal Gupta

Head of Security, Calibra, Facebook

Aanchal Gupta is Head of security for Calibra at Facebook. Prior to joining Facebook, she was Chief Information Security Officer at Microsoft for Skype and Skype for Business. In this role, she managed several broad areas, including security, privacy, compliance, online safety, fighting... Read More →

Wednesday September 25, 2019 11:00am - 11:30am PDT

Presentation

11:30am PDT

[Panel] All the 'Zero Trust' Questions You Want Answered

How easy is it for a traditional company to embrace the Zero Trust model? Do we even understand what Zero Trust really means? How is it different from the BeyondCorp model? Join this panel of experts as they provide insight into how organizations can benefit from adopting a Zero Trust approach to risk management. The panelists will also frame a discussion to address misconceptions and share best practices around Zero Trust adoption.

Speakers

Ash Ahuja, CISM

VP Leadership Partner: EITL Security & Risk Management, Gartner

David Tsao

CISO, Marqeta

David Tsao is the VP Security Engineering at Marqeta, Inc. He is the former Head of InfoSec and Chief Information Security Officer (CISO) at BYTON, an electric vehicle company that designs cars as a fully connected smart device on wheels. Prior to joining BYTON, David was the Global... Read More →

Steve Martino

SVP, CISO, Cisco

As the leader of Cisco's Information Security organization, Steve Martino is responsible for driving effective data security and privacy practices across Cisco. His team fosters Cisco's security culture and secures Cisco in a manner that still allows the company to benefit from... Read More →

Lakshmi Hanspal

Global CISO, Box

Lakshmi Hanspal is the Global Chief Information Security Officer of Box. She is responsible for corporate, physical, and cyber security of Box’s footprint, including data protection and privacy. Prior to joining Box, Lakshmi was the Global CSO at SAP Ariba, where she protected the... Read More →

JD Sherry

CRO, Remediant

A seasoned technology executive, JD is responsible for providing vision and awareness regarding the latest trends in cyber security, risk and compliance. JD has spent nearly 20 years in senior leadership roles. Most recently as GM/Vice President of Cloud Security and Strategy at... Read More →

Wednesday September 25, 2019 11:30am - 12:15pm PDT

Panel

12:15pm PDT

Sponsor Lightning Round

Wednesday September 25, 2019 12:15pm - 12:30pm PDT

12:30pm PDT

Lunch

Wednesday September 25, 2019 12:30pm - 1:30pm PDT

Breaks

1:30pm PDT

[Panel] The Never-Ending Vulnerability Disclosure Debate

In this panel discussion, security stakeholders and decision-makers will discuss the long and winding curve of the decades-long vulnerability disclosure debate. The group will tackle a wide range a topics, from the controversial use of "responsible disclosure" to the current industry norm of "coordinated vulnerability disclosure," to public disclosure deadlines and the landscape around the bug-bounty ecosystem. This promises to be a fun and lively session.

Speakers

Ryan Naraine

Director, Security Strategy, Intel

Ryan Naraine heads up Intel's engagement efforts with the security research community, CISOs and security decision-makers. Prior to joining Intel, he managed Kaspersky Lab's security research team in the U.S. and served as Chief Marketing Officer at Bishop Fox, a firm offering... Read More →

Natalie Silvanovich

Security Researcher, Google Project Zero

Charlie Miller

Principal Autonomous Vehicle Security Architect, GM Cruise Automation

Charlie Miller is Principal Autonomous Vehicle Security Architect at Cruise Automation. Miller started his career in security as a computer hacker for the National Security Agency for five years. Since that time he has been a consultant and worked for the computer security teams... Read More →

David Weston

Director of OS Security, Microsoft

Amit Elazari Bar On

Director, Global Cybersecurity Policy, Intel

Amit is a Director, Global Cybersecurity Policy at Intel Corporation and a Lecturer at UC Berkeley’s School of Information. She graduated her JSD (doctor of science of law) from UC Berkeley School of Law, the world’s leading institution in law and technology. Her work on Cyberlaw... Read More →

Wednesday September 25, 2019 1:30pm - 2:15pm PDT

Panel

2:15pm PDT

Fireside Chat With Charlie Miller

Intel's Ryan Naraine will sit for a fireside chat with GM Cruise's Charlie Miller to discuss his career in vulnerability research, his work on offensive security exploits, the days of winning the CanSecWest Pwn2Own contest, hacking into cars and his thoughts on the future of self-driving cars. You don't want to miss this walk down memory lane and a peek into the future of security technologies.

Moderators

Ryan Naraine

Director, Security Strategy, Intel

Speakers

Charlie Miller

Principal Autonomous Vehicle Security Architect, GM Cruise Automation

Wednesday September 25, 2019 2:15pm - 3:00pm PDT

Fireside Chat

3:00pm PDT

Security Reporting Through Data Analysis: Behind the Scenes on the Verizon DBIR

With dozens of outstanding security reports written every year in our industry, most readers have little idea of what goes into making them happen, or even why companies spend the time and money to create them. Join the Verizon Data Breach Investigations Report (DBIR) Team Leader in this session to understand how our research becomes written word, the importance of maintaining independence from ‘marketing’, and why you should never trust a survey-based report ever again.

Speakers

Alex Pinto

DBIR Team Leader, Verizon

Alex Pinto is a Distinguished Engineer of the Security Solutions Group at Verizon Enterprise Services, currently leading the Verizon Security Research team, which is responsible for the Verizon Data Breach Investigations Report (DBIR). Alex has over 20 years of experience in build... Read More →

Wednesday September 25, 2019 3:00pm - 3:30pm PDT

Presentation

3:30pm PDT

Afternoon Break

Wednesday September 25, 2019 3:30pm - 3:45pm PDT

Breaks

3:45pm PDT

Entering the Cave: Conquering Security Fears of Modern Infrastructure

Modern infrastructure holds proven benefits to productivity, performance, and stability for engineering teams. However, security teams can find themselves in the throes of anxiety at the prospect of adopting of modern tech – often without understanding how the tech works, let alone the right threat models for it.

In this talk, we will delve into some of the common misconceptions held by security teams regarding DevOps and microservices. Then, we will explore what risks truly matter in modern technology environments and how security teams can partner with their engineering colleagues to mitigate those risks – helping relieve security of its duty as a gatekeeper to productivity.

Speakers

Kelly Shortridge

VP of Product Strategy, Capsule8

Kelly Shortridge is currently VP of Product Strategy at Capsule8. In her spare time, she researches applications of behavioral economics to information security, on which she’s spoken at conferences internationally, including Black Hat, AusCERT, Hacktivity, Troopers, and ZeroNights... Read More →

Wednesday September 25, 2019 3:45pm - 4:15pm PDT

Presentation

4:15pm PDT

[Panel] The VC View: Security Innovation and Investments

Join this distinguished group of venture capitalists and CISOs as they discuss current opportunities for financing early-stage cybersecurity ventures. The panel will provide a deep dive in how VCs look at cybersecurity investments, the changing landscape for deal sizes, the emerging companies and sectors that will transform risk management and the role of investors and advisers in the success of startups.

Moderators

Scott Scheferman

Principal Security Technologist, SentinelOne

Mr. Scheferman draws from 20 years’ experience in the cyber-security industry in the Federal, DoD, SLED, Commercial and Technology sectors. He has assessed security risk for thousands of systems ranging from Satellite Control Systems to Enterprises containing over a million devices... Read More →

Speakers

Anne Marie Zettlemoyer

VP, Security Engineering, Mastercard

Anne Marie Zettlemoyer is a cyber strategist with over 20 years of experience in 8 industries. Sitting at the intersection of business, security, and analytics, Anne Marie has served as a trusted advisor for Fortune 500 companies, government agencies, law enforcement, security vendors... Read More →

Nipun Gupta

Global Cyber Security Innovation Lead, Deutsche Bank

Nipun Gupta is a Vice President of Technology focused on Cyber Security Innovation, supporting Deutsche Bank’s (DB’s) Chief Security Office (CSO). Armed with eight (8) years of experience helping F500 companies solve cyber risk challenges, Nipun is tasked at DB to keep a hand... Read More →

Will Lin

Partner & Co-Founder, ForgePoint Capital

Will is a Partner and a Co-Founder at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley. He... Read More →

Sunil Kurkure

Managing Director, Intel Capital

Sunil Kurkure is a Managing Director at Intel Capital driving early-venture and growth-equity investments in the Software and Security Sector across cloud infrastructure, big data, security and next-generation enterprise applications. He is actively involved with Intel Capital portfolio... Read More →

Wednesday September 25, 2019 4:15pm - 5:00pm PDT

Panel

5:00pm PDT

Security + DevOps Putting Security On Rails

By the time you finish reading this sentence your infrastructures will have changed 5 times! DevOps did that! Dev and Ops got on rails (becoming DevOps) and left security behind. Now security is the last to know about the new app, the new publicly facing end point, the new S3 bucket and countless other changes you care about.What would happen if we put security on rails? What happens if we don’t? This talk will explore putting security on rails the DevOps way. And perhaps most importantly, it will explore how security leaders can know (measure) when its working and when it’s not.

Speakers

Rich Seiersen

CEO, Soluble

Richard Seiersen is CEO and co-founder at Soluble. He has held previous positions as SVP/CISO at LendingClub, CISO/VP Trust Twilio, and others. An author of "How to Measure Anything in Cybersecurity Risk" (Wiley 2016) and soon-to-be published "The Metrics Manifesto: Confronting Security... Read More →

Wednesday September 25, 2019 5:00pm - 5:30pm PDT

Presentation

6:00pm PDT

Coastal BBQ Dinner Overlooking Half Moon Bay, followed by Bourbon & S’Mores by The Ritz Carlton Fire Pits

Wednesday September 25, 2019 6:00pm - 9:00pm PDT

7:30am PDT

Breakfast

Thursday September 26, 2019 7:30am - 9:00am PDT

Breaks

8:30am PDT

Fireside Chat: Everything You Need to Know About Cyber Insurance

In this fireside chat, Emy Donavan, Global Head of Cyber, Tech and Media at Allianz SE, joins Cisco's Leslie Lamb to provide a deep dive into the cyber insurance landscape. Expect a thorough discussion on cyber insurance coverage areas, what goes into a decision to purchase cyber insurance, and the costs and limits to what companies can buy. This session is sure to prompt a lively Q&A session.

Speakers

Emy R. Donavan

Global Head of Cyber, Tech and Media, Allianz SE

Emy Donavan is currently serving as Global Head and CUO of Cyber, Tech & Media PI for Allianz Global Corporate and Specialty (AGCS). She also heads Allianz SE’s Cyber Center of Competence, which provides support and expertise on Cyber products for all Operating Entities of Allianz... Read More →

Leslie Lamb

Director, Global Risk & Resiliency Management, Cisco

Leslie Lamb is Director of Global Risk & Resilience Management within the Finance organization at Cisco Systems, Inc. in San Jose, CA. She has worked in the insurance and risk management field for over 30 years, including Cisco for close to 20 years. In her capacity as Risk Manager... Read More →

Thursday September 26, 2019 8:30am - 9:00am PDT

Fireside Chat

9:00am PDT

New Paradigms for the Next Era of Security

Over the next few years, we should expect to see attackers refine and mature their capability to drive outcomes that result in the *inability* for us to recover from an attack, i.e., irreversible attacks. We already are seeing evidence of this now through ransomware (irreversible attack on the availability of data), wikileaks (irreversible attack on the confidentiality of data), #fakenews (irreversible attack on the integrity of data). To proactively address this trend, we need to be in a position to make such attacks irrelevant by being able to conduct irreversible attacks against ourselves (e.g., Chaosmonkey) and design systems so that we can continue our business functions unimpeded. This session articulates the compelling need for us to consider new, business-aligned design patterns that enable us to have systems that are fully resilient against destructive/irreversible attacks and why we need to seriously consider pivoting to this approach within the next five years to survive. I'll also discuss the implications for our industry and our profession. I will also reveal a new set of concrete measurements and metrics that enable us to focus on true solutions and not just an never-ending list of vulnerability and patching metrics.

Speakers

Sounil Yu

Chief Security Scientist, Bank of America

Sounil Yu is a security evangelist with over 30 years of hands-on experience creating, breaking, and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, which are used by many organizations to improve their security... Read More →

Thursday September 26, 2019 9:00am - 9:45am PDT

Presentation

9:45am PDT

[Panel] Assessing Security in the Hardware Supply Chain

While security teams often think of attackers coming from the outside, some of the most insidious cybersecurity threats and weaknesses can be embedded within newly acquired hardware before it is ever delivered. Implants, backdoors, and weaknesses can be intentionally inserted by sophisticated attackers, or inadvertently included due to mistakes or insecure practices by manufacturers and partners. To ensure the integrity of their devices, organizations need to be able to ensure that the systems they acquire are safe, arrive intact and without tampering, and that all updates are valid and secure. Our panel will discuss what measures CISOs and OEMs can take to secure their supply chain from real-world attacks.

Moderators

Gene Casady

VP Security Delivery & Operations, Global Payments

Gene Casady is Vice President of Security Delivery & Operations for Global Payments and its subsidiaries, now the world's leading pure-play payments technology company after their recent acquisition of TSYS. Gene oversees Security Architecture, Security Engineering, and Security... Read More →

Speakers

Patrick Heim

CISO and Operating Partner, ClearSky

Patrick Heim is an Operating Partner and Chief Information Security Officer at ClearSky. Patrick is a senior security executive with over two decades working in security spanning Fortune 500 enterprises, cloud providers as well as early stage security technology companies. Prior... Read More →

Talha Tariq

CISO, HashiCorp

Talha Tariq is Chief Security Officer at HashiCorp. Talha has more than 15 years of experience building and scaling security programs from startups to Fortune 100 organizations. Prior to HashiCorp, Talha served as Chief Information Security Officer at Anki where Talha was responsible... Read More →

Yuriy Bulygin

CEO, Eclypsium

Yuriy Bulygin is CEO and co-founder of Eclypsium. Prior to Eclypsium, he led the Advanced Threat Research team at Intel Security and microprocessor security analysis team at Intel Corporation. He also created CHIPSEC, the open-source firmware and hardware security assessment framework... Read More →

Thursday September 26, 2019 9:45am - 10:30am PDT

Panel

10:30am PDT

Morning Break

Thursday September 26, 2019 10:30am - 10:45am PDT

Breaks

10:45am PDT

In-CISOmnia – What Keeps CISOs up at Night?

Our “CISO concerns” panel returns for 2019! Zero-Day vulnerabilities. Targeted attacks. “Trusted” insiders walking out the door with corporate secrets. Privacy. Compliance. Board Meetings. These are just a few of the headaches today’s security leaders are faced with on a daily basis. With security executives more accountable than ever, and an increasingly sophisticated threat landscape, this panel of security chiefs will discuss what is top of mind for them and what the future looks like as chief defenders of the enterprise.

Moderators

Alexander Hughes

Director of Security, Tanium

Alexander Hughes has built security products and managed security operations for the Royal Bank of Scotland Group, Wells Fargo, Kaiser Permanente, Sony Group, and Tanium. As the Director of Security for Tanium, he runs the corporate information security team while designing new products... Read More →

Speakers

Scott Scheferman

Principal Security Technologist, SentinelOne

Nick Yoo

CISO, Noodle.ai

Nick Yoo is Chief Information Security Officer at Noodle.ai. Noodle.ai's applications and platform apply advanced data science to industries at the core of the global economy to create a world without waste. He has more than 20 years of IT experience and served as Chief Security... Read More →

Chris Castaldo

CISO, Dataminr

Chris Castaldo is the Chief Information Security Officer at Dataminr. Previously, he built cybersecurity programs at startups, educational technology companies and telecommunication cloud providers, and he worked at the National Security Agency solving some of the most challenging... Read More →

Igor Varnava

CISO, SAP Sales Cloud

Thursday September 26, 2019 10:45am - 11:30am PDT

Panel

11:30am PDT

[Panel] The CISO Guide to Reporting to the Board

The modern CISO is the point person -- with a target on their back -- for managing security incidents or data breaches and reporting security program issues to the company's board of directors. In this panel discussion, practitioners will discuss how to prepare for reporting breaches and risks to the board of directors, the importance of using transparent data, the value of knowing your audience, and tips and tricks to make board reporting a success.

Moderators

Will Lin

Partner & Co-Founder, ForgePoint Capital

Speakers

Shelbi Rombout

SVP, Deputy CISO, Mastercard

Shelbi Rombout is an information technology and security professional with more than 20 years of experience in leadership roles within information security, risk management, technology project management and networking. As the Deputy Chief Information Security Officer for Mastercard... Read More →

Sounil Yu

Chief Security Scientist, Bank of America

Rich Seiersen

CEO, Soluble

Thursday September 26, 2019 11:30am - 12:15pm PDT

Panel

12:30pm PDT

End of 2019 SecurityWeek CISO Forum & Closing Remarks

Thursday September 26, 2019 12:30pm - 12:30pm PDT

Breaks

1:30pm PDT

2019 SecurityWeek Golf Classic – Shotgun Start

Thursday September 26, 2019 1:30pm - 5:30pm PDT