Agenda

CSO's FUTURE OF CYBERSECURITY AND TRUST SUMMIT

Event Dates: July 20-22

What’s happening, and when

Our agenda includes keynotes, talks, and conversations that will inform, answer, enlighten, inspire, solve, and prepare you for the challenges ahead. Session topics are carefully selected to be of maximum value. Below are the sessions we held at our March Cybersecurity Summit.

All times listed on the agenda are Eastern Standard Time.

12:30 - 12:55 PM

Tuesday’s Pre-Game It: Discussion Groups

Welcome to the Summit! Get started with some quality peer time by joining one of our discussion groups. These secure video discussions on our event platform let you self-select into topics of interest to get your questions answered and make new connections. Each has 14 seats, and if you’re the first to join, just hang out until others arrive!

New Year, New Risks: Our Strategy
SolarWinds Discussion
Success Factors for Multi- and Hybrid Cloud
Meet and Greet: I’m here to learn about…
Meet and Greet: East Coast
Meet and Greet: Midwest

1:00 - 1:05 PM

Welcome & Opening Remarks

Bob Bragdon, SVP/Managing Director Worldwide, CSO, IDG Communications, Inc.

1:05 - 1:30 PM

Lessons from the SolarWinds Attack on Securing the Software Supply Chain

Jim Routh, former CISO, MassMutual

The SolarWinds breach represents a tectonic shift in threat actor tactics, suggesting this kind of attack vector will be replicated. Not only were the attacker’s sophistication and technical proficiency high — allowing them to stay in stealth mode — they also understood the supply chain. Join us to learn how improved identity management and governance surrounding software components, along with workload runtime protection, are critical strategies in guarding against attacks like SolarWinds.

Interviewed by: Clint Boulton, Senior Writer, CIO.com, IDG Communications, Inc. 

1:30 - 1:55 PM

Open Security: Moving from a Patchwork of Solutions to a Critical Platform

Jason Keirstead, Distinguished Engineer and CTO of Threat Management, IBM Security

Security leaders today are stressed with too much to do, too many security tools, too much complexity, too many alerts, and not enough skills. The challenge is that the tools providing the cybersecurity technology we rely on, don’t talk to each other. The reasons why vary – vendors are not incented enough to do so; there are competitive concerns; the APIs or standards sometimes don’t exist, or if they do, don’t work well. There is, however, one direction that the cybersecurity industry is starting to move in together to solve these challenges, and that direction is “open”.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, IDG Communications, Inc.

1:55 - 2:15 PM

Tuesday’s Networking Break and Discussion Groups

During this break from sessions, take a spin through the Solution Providers area to learn more about our sponsors, book meetings with their team and access videos, articles and more. Visit CSO Resources for a curated selection of content from CSOonline.com. Or join a live discussion group to socialize, make new connections and share insights on a variety of topics.

The groups are self-moderated, so jump in and get acquainted.

Our 2021 Security Priorities
Open Source and Security
Meet and Greet: Financial Services
Meet and Greet: Health Care
Meet and Greet: Manufacturing
Meet and Greet: I’m here to learn about…
Quick Jam: Open Forum

2:15 - 2:40 PM

The Politics and Policy of SolarWinds

Richard Harknett, Chair, Center for Cyber Strategy and Policy, University of Cincinnati

Richard Harknett, PhD., Co-Director of the Ohio Cyber Range Institute, has examined the SolarWinds hack that’s not only dominated the news for months, but is defined by the level of sophistication, persistence, and patience exhibited by the attackers. Join us for this session when Professor Harknett looks at the big picture and discusses why we should be shifting our approach from a doctrine of persistent engagement, to a whole-of-nation frame that includes public and private sectors along with our international allies.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide CSO, IDG Communications, Inc. 

2:40 - 3:05 PM

Security Startups: How to Engage Them for Specific Needs

Marina Levinson, Partner, Benhamou Global Ventures

Security solutions from startup companies can be unique opportunities for an organization to fill critical gaps for a specific security need. That said, the way to consider a startup’s solution — along with the relationship your organization has with them — is different than with an established vendor company. Join us as a former CIO turned technology investor provides experienced guidance on how best to work with security startup companies.

Interviewed by: Derek Hulitzky, VP, Content Development & Strategy, IDG Communications, Inc. 

3:05 - 3:12 PM

How to Deploy Devices Faster and with Optimized Apps

Jason Wong, Product Manager, Chrome OS, Google

Jason Wong, Product Manager for Chrome OS, is an expert on how today’s organizations need to deploy devices to employees more quickly and efficiently. Join us for this session to see how you can drop ship devices with zero-touch enrollment, and identify optimized apps for Chrome OS with its new partner program, Chrome Enterprise Recommended.

3:15 - 3:50 PM

SolarWinds, Ransomware, Critical Infrastructure and More: CSO’s Editors Discuss Regional Challenges Around the World

Lucian Constantin, Senior Writer, CSOOnline.com, IDG Communications, Inc.
Jens Dose, Editor, CIO Magazin, Germany, IDG Business Media GmbH
Marc Ferranti, Editor, CIO Middle East, IDG
Yogesh Gupta, Executive Editor, IDG India

Today’s security challenges – from Solarwinds to ransomware, regulation, hybrid workforces, data privacy, critical infrastructure and more — pose unique risks to various global regions. Join us as CSO’s editors around the world discuss the top risks in their geographies.

Moderated by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, IDG Communications, Inc.

3:50 - 4:15 PM

Take CARE in your Security Conversations

Moudy Elbayadi, CTO, Shutterfly
Neil Daswani, Co-Director, Stanford Advanced Security Certification Program; President, Daswani Enterprises
Robert Wagner, Security Executive Advisor, Splunk

The co-authors of the new book Big Breaches: Cybersecurity Lessons for Everyone, and Splunk’s security executive advisor discuss key takeaways from a variety of major security incidents, and how CISOs and other security pros can use the CARE concept to have more effective conversations with everyone from board members to the CEO and business peers. Learn how better storytelling and better preparation can put your company on a better security footing.

4:15 - 4:35 PM

Tuesday’s Concurrent Breakout Sessions

Overcoming Data Overload: Data Discovery and Risk Formulas That Standardize Risk at Scale
Nick Pavlichek, GRC Product Manager, OneTrust

Every organization is working to reduce the delay between issuing a risk assessment, receiving a response, gaining risk insight, and making a risk-based decision. Risk insights quickly lose value as time elapses from the initial assessment request, so businesses should leverage automated data discovery tools to find, document, and classify in real-time. Join us as we review how to quickly connect enterprise data through automated data discovery and translate the data into meaningful risk insights.

Navigating Enterprise Security in a Post-Compromise Reality
Dan Greer, Director of Sales Engineering, ExtraHop

Every organization gets compromised, and it’s how fast you detect and respond to an incident that matters. This takes on increasing urgency with the overnight move to remote work, rise in encrypted traffic, acceleration of cloud adoption, and proliferation of IoT that’s expanded and complicated the attack surface. Join us as we explore these trends and the post-compromise opportunities for security teams to prevent an event leading to an outage, or an incident becoming a full-scale data breach.

New IT, But Same Old Threat: A Modern Look at Identity Security
Barak Feldman, Senior Vice President, Identity Security GTM, CyberArk

The world has changed to remote/hybrid work, more cloud workloads and infrastructure, and DevOps tools driving digital transformation – all so businesses can modernize and enhance productivity. The result is an explosion of identities and an increased attack surface. A new approach to security is required, where identity is the new battleground, every user’s identity is verified, and privileged access is limited to just what they need and removed when they don’t need it. Join us as we discuss a modern approach to identity security, where securing privilege is still #1.

12:30 - 12:55 PM

Wednesday’s Pre-Game It: Discussion Groups

Welcome back! Get started with some quality peer time by joining one of our discussion groups. These secure video discussions on our event platform let you self-select into topics of interest to get your questions answered and make new connections. Each has 14 seats, and if you’re the first to join, just hang out until others arrive!

Strategies for Identity and Privileged Access Protection
Meet and Greet: I’m here to learn about…
Meet and Greet: West Coast
Meet and Greet: Government

1:00 - 1:05 PM

Welcome & Opening Remarks

Bob Bragdon, SVP/Managing Director Worldwide, CSO, IDG Communications, Inc.

1:05 - 1:30 PM

Strategies for Elevating Security to an Evergreen Business Priority

James Shira, Chief Information and Technology Officer, PwC

PwC Chief Information and Technology Officer James Shira is an expert on managing security’s big picture. With the growing focus on risk management from boards and senior leadership, James shares advice on keeping security and risk management a top priority for senior business leadership. We’ll discuss where security should be focusing efforts, risks businesses should be prioritizing, how to address the security talent shortage, and ways security leaders can prepare themselves for the future.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide CSO, IDG Communications, Inc. 

1:30 - 1:55 PM

Moving the Industry and the Enterprise to an Open Security Model

Jason Keirstead, Distinguished Engineer and CTO of Threat Management, IBM Security

Security leaders struggle with too much to do, too many security tools and too much complexity, as well as alert overload and skills shortages. We all have access to the same technologies, but our tools don’t talk to each other, making actionable intelligence a challenge. One direction the industry is taking to address this is a move towards “open.” In our executive interview, Jason Keirstead will discuss the industry’s move towards “open,” what’s behind the move, and how it will impact all of us.

Interviewed by Bob Bragdon, SVP/Managing Director Worldwide, CSO, IDG Communications, Inc.

1:55 - 2:15 PM

Wednesday’s Networking Break and Discussion Groups

During this break from sessions, take a spin through the Solution Providers area to learn more about our sponsors, book meetings with their team and access videos, articles and more. Visit CSO Resources for a curated selection of content from CSOonline.com. Or join a live discussion group to socialize, make new connections and share insights on a variety of topics.

The groups are self-moderated, so jump in and get acquainted.

Staffing Strategies
What’s Keeping Me Up at Night
Meet and Greet: Global/International Organizations
Meet and Greet: Software Industry
Meet and Greet: Retail
Meet and Greet: Education
Quick Jam: Open Forum

2:15 - 2:40 PM

Creating a Cross-Cloud Security Architecture: IDG’s CIO Think Tank

Manish Desai, Cyber Security Senior Information Risk Manager, BNY Mellon
Eric Knorr, Editor in Chief, IDG Enterprise
Bradd Lewis, VP & Global Lead, Financial Services Vertical, Dell Technologies

IDG convened 30 senior IT executives as part of our CIO Think Tank Program to explore key opportunities and challenges with multicloud – including security issues IT leaders face in building a true multicloud architecture. Join us as we shed light on problems voiced by these IT executives, explore how savvy IT shops are crafting a cross-cloud security architecture, and discuss how their strategic vendor partners can help ease the burden of multicloud security for their customers.

Moderated by: John Gallant, Enterprise Consulting Director, IDG Communications, Inc.

2:40 - 3:05 PM

Passwordless Environments Are Here: How One Company Made the Shift

Mario Duarte, VP, IT Security, Snowflake

Every CISO understands how passwords across the workforce are difficult to remember, drive up help desk costs, and impede workforce productivity with ongoing password change requirements. And while single sign-on environments reduce some inefficiencies of passwords, they aren’t always ubiquitous. Are passwordless environments possible? Join us to hear how passwordless environments work, why Snowflake made the decision to deploy, and the efficiencies and upside they’re realizing.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide CSO, IDG Communications, Inc. 

3:05 - 3:20 PM

Wednesday’s Concurrent Sessions

Establishing a Risk Culture in the Enterprise
Tommy Todd, VP, Security, Code42

With data exposure events on the rise in 2021, CISOs everywhere are faced with the increasing challenges of instituting a successful insider risk strategy. Given these circumstances, security needs to be moving at the speed of business where time to market and speed of innovation are critical outcomes. Join us for this session to learn how establishing a risk aware culture in the enterprise can reduce the complexities of data security while promoting healthy collaboration.

Detecting and Counteracting Cyberattacks on Active Directory
Tony Cole, CTO, Attivo Networks
Carolyn Crandall, Chief Security Advocate, Attivo Networks

Much attention is given to recent large-scale attacks and why they have been so challenging to avoid, detect, and remediate. Testimony from industry leaders during the congressional hearings on SolarWinds have been both enlightening and troubling. Join this session as we focus on privileged access and lateral movement — the Achille’s heel of today’s businesses. We’ll share how new innovations in Active Directory vulnerability assessment and live attack detection are doing what SIEMs and log management have never been able to do.

3:20 - 3:45 PM

The Role of Ransomware Negotiators and What They Can and Can’t Do

Lucian Constantin, Senior Writer, CSOOnline.com, IDG Communications, Inc.
Michael Nadeau, Senior Editor, Reporter, CSO, IDG Communications, Inc.

CSO senior writer Lucian Constantin knows that paying ransomware demands should be avoided — unless lives are on the line or the survival of a business is at stake. Join us as Lucian talks about the role of the ransomware negotiator, the person called in to negotiate terms with the criminals holding data hostage. He’ll explain their role, their background, and what they can and can’t do to regain access to critical data. He’ll also discuss the ethics that legitimate ransomware negotiators should adhere to.

3:45 - 4:05 PM

Identity in the Era of Microservices

Sunil James, Senior Director, Security Engineering, HPE

‘Identity’ is a seemingly well understood concept. Ask anyone, and they’ll say something like, “identity lets you prove you are who you say you are.” This broad assertion affords us the ability to do various activities with relative ease – like flying, driving, and so on. Join us as we delve deeper into the fundamental idea of identity, and showcase its applicability in the world of microservices running on clouds, platforms, and all sorts of hardware. Like humans, microservices need to conduct various activities — and identity is the foundation to making that happen at scale.

12:30 - 12:55 PM

Thursday’s Pre-Game It: Discussion Groups

Welcome back! Get started with some quality peer time by joining one of our discussion groups. These secure video discussions on our event platform let you self-select into topics of interest to get your questions answered and make new connections. Each has 14 seats, and if you’re the first to join, just hang out until others arrive!

Zero Trust
Mitigating Insider Threats
Tips on DevSecOps
Quick Jam: Open Forum
Meet and Greet: Public Sector
Meet and Greet: Midmarket Enterprise

1:00 - 1:05 PM

Welcome & Opening Remarks

Bob Bragdon, SVP/Managing Director Worldwide, CSO, IDG Communications, Inc.

1:05 - 1:30 PM

Surviving a Destructive Nation-State Cyber Attack

Steve Bernard, former EVP, Security, Sony Pictures Entertainment

Former Sony Pictures Entertainment EVP of Security Stevan Bernard is an expert at understanding nation-state attacks. Join us as he shares what businesses need to know about adversaries in an era consumed by a pandemic, social and political unrest, and rampant cybercrime. We’ll discuss future risks businesses should be preparing for, the role businesses should be addressing given the declining security capabilities of governments, insider risks and how they’re evolving, and more.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide CSO, IDG Communications, Inc. 

1:30 - 1:50 PM

How Accenture Secures with Zero Trust

Kris Burkhardt, CISO, Accenture

With more than a half-million employees around the world, Accenture has a long history of supporting employees with technology as they visit clients. Those roots are what informed the organization’s traditional focus on the workstation, endpoint and identity — rather than backhauling traffic through a VPN to maintain a corporate perimeter. Join us for this session to learn about how this approach is even further modernized with Zero Trust.

Interviewed by: Bob Bragdon, SVP/Managing Director Worldwide, CSO, IDG Communications, Inc.

1:50 - 2:05 PM

Thursday’s Concurrent Sessions

Protecting Against Next-Gen Software Supply Chain Attacks
Ax Sharma, Developer Advocate, Sonatype
Michelly Dufty, Senior Vice President, Sonatype

Legacy software supply chain exploits, like the Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities left unpatched in the wild. Conversely, next-generation software supply chain attacks are far more sinister because bad actors aren’t waiting for public vulnerability disclosures. Instead, they’re actively injecting malicious code into open source projects that feed the global supply chain. Join us to learn how your organization can proactively protect itself against software supply chain attacks.

The Next Generation of Cyber Security: Autonomous Cyber AI
Justin Fier, Director of Threat Intelligence and Analytics, Darktrace

Darktrace’s Director of Threat Intelligence and Analytics Justin Fier knows our digital environments and workforces are more dynamic than ever. To navigate risks and challenges that digital innovation brings, he says organizations can rethink their security approaches by turning to new technologies like AI to achieve much-needed adaptability and resilience. Join us to hear how they’re helping to protect workforces and data by detecting, investigating and responding to cyber-threats in real time.

2:05 - 2:30 PM

Thursday’s Networking Break and Discussion Groups

During this break from sessions, take a spin through the Solution Providers area to learn more about our sponsors, book meetings with their team and access videos, articles and more. Visit CSO Resources for a curated selection of content from CSOonline.com. Or join a live discussion group to socialize, make new connections and share insights on a variety of topics.

The groups are self-moderated, so jump in and get acquainted.

AI in Our Security Stack
Innovating on the Cyber Team
Quick Jam: Open Forum
Event Takeaways – Section 1
Event Takeaways – Section 2

2:30 - 2:55 PM

Why Businesses are Turning to Zero Trust Models for an Evolving Workforce

Jeremy Smith, Global Head of IT Risk and Security, Avery Dennison
Jason Keenaghan, Director of Offering Management, IBM Security
Frank Dickson, Program Vice President, Cybersecurity Products, IDC

In the wake of the pandemic, more businesses are turning to a zero trust model to address the needs of their complex and evolving workforces. Join us as experts from IBM and IDC discuss the evolution of Zero Trust models and how they’re adding value to organizations now and into the future.

Moderated by: Bob Bragdon, SVP/Managing Director Worldwide CSO, IDG Communications, Inc. 

2:55 - 3:30 PM

WAN Evolution: From SD-WAN to Secure Access Service Edge (SASE)

Brandon Butler, Senior Research Analyst, Enterprise Networks, IDC
Christopher Rodriguez, Research Manager, Network Security Products & Strategies, IDC

Join IDC analysts Brandon Butler and Christopher Rodriguez as they talk with Network World’s Ann Bednarz about the SASE model for streamlining network access and improving security. Deployed as a cloud service, it blends SD-WAN’s network optimization capabilities with security features such as zero-trust authentication, data loss prevention, threat detection, and encryption. Learn how SASE can offer easier network and security management, lower costs, and fewer vendors to manage.

Interviewed by: Ann Bednarz, Assistant Managing Editor, Features, Network World, IDG Communications, Inc. 

3:30 - 3:55 PM

A Structured Approach to Securing the Software Supply Chain

Tami Hudson, CISO, Randstad

Managing risk across an extended supply chain is extremely challenging for organizations of all sizes. The sheer volume of connected components that communicate, store, and process data will continue to expand the attack surface, and increase organizational risk. To address this, organizations need to understand their supply chain structure, the vulnerabilities that make it fragile, and which vulnerabilities present the highest risk. Join us for this session as we discuss these strategies and more.

Interviewed by: Derek Hulitzky, VP, Content Development & Strategy, IDG Communications, Inc. 

Agenda subject to change.

Register Now