CSO Conference & Awards 2024: Agenda

CSO Conference & Awards 2024: Agenda

CSO Conference is where you see what success looks like and learn from the best. Come for an all-new agenda that speaks to the top-of-mind security challenges, technical innovations, and leadership strategies in building high-performing teams.

All times listed on the agenda are Mountain Time.

Monday, October 21

1:00pm
Registration Opens
Wassaja Foyer
2:30 - 4:00pm
Executive Roundtables
ZeroTrust: Vital for the Emerging Risk Landscape
Wassaja 108

For nearly a decade, ZeroTrust has been bandied about as a marketing term, used and abused by many. As we enter an era of AI-assisted offense, we can no longer default to open and connected standards and IT stacks. Instead, we must embrace ZeroTrust and only enable what the business needs, when it needs it, in architecting IT services. It’s time for the plumbing to commoditize, for the attack surface to shrink and for fine grained authorization to scale, allowing businesses to truly leverage the power of the connected world, becoming the order of the day. This is what will ultimately make the greatest strides in cyber defense, future readiness and resilience in a world of accelerating disruption in AI, QC, Robotic, Nano, Synthetic Manufacturing, Synthetic Biology and more.

In this session, we will cover:
• Basic principles of ZeroTrust
• Current and expected technology disruption
• Advanced topics in a structured, open discussion format and an AMA session

Bring your ideas, your critical thinking, your tough questions and more. Chatham House Rules apply. *Pre-registration required.

Register here. 

Moderator
Lane Cooper Contributing Editor CIO, CSO, and Network World, Foundry, an IDG Inc. Company
Presented By
Zscaler
Closing the AI Email Security Gap
Wassaja 109

As email attacks grow more sophisticated, organizations increasingly rely on a complex array of technologies to minimize business disruption. While AI has significantly enhanced our ability to manage the scale and velocity of these threats, it is not without its limitations. But what happens when our cybersecurity solutions fall short? Is the failure due to technological flaws, inadequate resources, or simply a mismatch between the technology and the challenge at hand?

Many organizations, overwhelmed by the multitude of cybersecurity tools they manage, often neglect the crucial task of auditing these solutions. This roundtable discussion will explore the pain points around email security, examine the landscape of AI in email security, the vital role that human expertise still plays, and how we can effectively balance the two to optimize our defense strategies. *Pre-registration required.

Register here. 

Moderator
Bob Bragdon Publisher Emeritus CSO Online
Presented By
Cofense
4:15 - 4:45pm
Discussion Groups: Hot Topics in Security
Wassaja 103, 104

Join a discussion topic that best meets your needs. Facilitated by our partner subject matter experts, take a deep-dive into ideas, common questions, and proven solutions in an interactive, peer-sharing environment.

GRC Engineering with Adobe

The Art & Science of Using AI to Make Data Security Easy with Cyera

Securing Data in Motion: Mobile Security Challenges for Remote Workers in the Cloud with Lookout

Presented By
Adobe
Presented By
Cyera
Presented By
Lookout
5:45 - 7:30pm
Welcome Reception: Monday Night Football
Wassaja Patio

Join us for an exciting evening at the Welcome Reception, sponsored by Zscaler, where the excitement of Monday Night Football meets networking and camaraderie! As the Arizona Cardinals take on the Los Angeles Chargers at 6:00 PM, enjoy the game on a large LED screen while savoring delicious food and refreshing beverages. Connect with fellow industry leaders in a lively atmosphere as we kick off an exciting week.

Presented By
Zscaler

Tuesday, October 22

8:00 - 9:00am
Breakfast at CSO Conference & Awards
The Courtyard

Join us for a networking breakfast at the CSO Conference. Connect with industry leaders, share insights, and fuel up for a day of innovation and success. Start your morning right with great food and even greater connections.

9:00 - 9:15am
Welcome Remarks
Wassaja Ballroom
Moderator
Bob Bragdon Publisher Emeritus CSO Online
9:15 - 10:00am
From Wounded Warrier to World Champion: Lessons in Courage and Determination
Wassaja Ballroom

While deployed in Iraq, a blast from a roadside bomb caused Melissa Stockwell to lose her left leg above the knee. She was awarded the Bronze Star Medal and the Purple Heart, but she also found a new mission as a Paralympian. Melissa – a triathlon competitor in the 2024 Paralympic Games in Paris – now shares her belief in the power of choice. No person or organization can avoid obstacles in life, whether they come in the form of bombs or cyberattacks. But we can control our response. Join us for an inspirational and motivational talk on chasing remarkable goals.

Keynote Speaker
Melissa Stockwell American Two-Time Paralympian & Former U.S. Army Officer
10:00 - 10:30am
AI/ML and Zero Trust — Driving Business Success
Wassaja Ballroom

As cyber threats become more sophisticated and pervasive, enterprises need to adopt an agile approach to networks and security that promotes innovation and mitigates risk. AI/ML and zero trust are the key enablers of this transformation, offering visibility, control, and automation across users, workloads, IoT/OT devices, and business partners.

In this session you will learn:
– How AI will be used to fight AI and how generative AI will contribute to increased numbers of ransomware attacks
– How the growth of zero trust segmentation will happen in parallel with the rise of firewall-free enterprises, and Zero Trust SD-WAN will begin to replace traditional SD-WAN
– How AI/ML add defensive and analytics capabilities that drive IT and business success

Keynote Speaker
Deepen Desai CISO Zscaler
Presented By
Zscaler
10:30 - 11:00am
Networking Break & Meet Melissa Stockwell
Wassaja Foyer

Grab a coffee or iced beverage, enjoy the fresh air, and connect with award-winning CISOs and sponsoring partners. You’ll also have an opportunity to meet and take a photo with Paralympian Melissa Stockwell.

11:00 - 11:30am
Digital Poster Program
Wassaja 102-105

Learn about this year’s award-winning projects at a tour of digital poster presentations. Ask questions and dig into the technical and management details of these innovative projects, as well as network with peers who are interested in similar initiatives. This self-directed experience means you can focus your time on projects that are most relevant for you.

Project
Campbell’s S.A.F.E. Movement: Inspiring Security Culture through Community Engagement Campbell Soup Company Campbell's S.A.F.E. (Security Awareness For Everyone) Movement revolutionized the company’s security culture by emphasizing community engagement, and has a long-term vision of affecting security awareness nationwide. By focusing on external impact, it has driven internal change, increasing self-reporting rates, voluntary engagement, and fostering a proactive security mindset.
Project
HAPI (Hawkeye API) – API Governance Dashboard TIAA The HAPI API security governance dashboard provides a single pane of glass to govern our APIs and applications and will complement industry known API security observability tools to build a 360-degree view of assets. It also employs risk-based approach using AI/ML to generate security alerts and integrate with vulnerability management processes of the firm.
Project
Health System Cyber Resilience through Chaos Engineering: Flattening the Curve of a Cyber Attack Main Line Health Prompted by a surge in cyberattacks on healthcare, this initiative began with key cybersecurity investments then quickly evolved into an organization-wide effort to withstand ransomware and other disruptions. This culminated in enterprise-wide two-hour downtime drills simulating the critical transition from digital to analog care recordkeeping during a digital darkness event.
Project
Infosec360 – Sharper Visibility, Faster Insights Lead to Better Outcomes Genpact The InfoSec360 platform focuses on near real-time views, automation, holistic data integration, and customization to provide stakeholders with actionable insights. It consolidates data from multiple security technologies, enabling teams to extract actionable insights and prioritize risk mitigations.
11:35 - 12:05 pm
Digital Poster Program
Wassaja 102-105

Learn about this year’s award-winning projects at a tour of digital poster presentations. Ask questions and dig into the technical and management details of these innovative projects, as well as network with peers who are interested in similar initiatives. This self-directed experience means you can focus your time on projects that are most relevant for you.

Project
A Case Study of Rapid End-to-End Digital Lifecycle Management of Non-Employees The AES Corporation By centralizing its identity platform for access and identity controls across all users, AES has leveraged SailPoint Identity Security Cloud as a strategic catalyst for business transformation, innovation, and security resilience. Learn how it created the end-to-end digital lifecycle management for employees, contingent workers, and contractors.
Project
Clean Room Wesco Should primary and traditional disaster recovery sites not be available following a cybersecurity incident, Wesco sought to create an isolated environment to allow it to restore all critical platforms and data within 24 hours. Find out how Wesco is trying to get ahead of a constantly evolving threat landscape.
Project
External Attack Surface Management (EASM) Automation Intel Corporation Seeking to evolve beyond the traditional methods of perimeter vulnerability scanning, Intel created an automated dashboard that consolidates real-time views to monitor and comprehensively respond to attack surface risks. Find out how it increased the speed in the prioritization and remediation of perimeter risks as well as allowed for the increased visibility in breadth and depth of risks on the perimeter.
Project
Implementation of Zero Trust in Document Management System OHLA USA This initiative focuses on achieving micro-segmentation and least privilege through full automation. This approach not only meets OHLA’s primary zero trust goals but also lays the foundation for advanced data handling methods and enhances overall operational efficiency and data security.
12:05 - 1:30pm
Networking Lunch
The Courtyard

Join us for an engaging lunch where you can connect with newfound contacts! Take a seat and savor your meal while networking with peers. Don’t miss the opportunity to meet our sponsors and discover how their innovative solutions can benefit you.

1:30 - 1:40pm
CSO Editor Welcome
Wassaja Ballroom

CSO Online serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks. With incisive content that addresses all security disciplines from risk management to network defense to fraud and data loss prevention, CSO offers depth and insight to support key decisions and investments for IT security professionals. Regional Executive Editor Andrew Flynn will kick off the afternoon with a quick overview of CSO’s editorial mission.

Moderator
Andrew Flynn Regional Executive Editor CSO Online
1:40 - 1:55pm
Building a Security-First GRC Framework for Global Security Compliance
Wassaja Ballroom

Governance, Risk, and Compliance (GRC) serves as a critical discipline within organizations, enabling the fulfillment of business expectations and fostering growth, while ensuring compliance with leading industry frameworks and standards. As companies navigate intricate global regulatory landscapes and face growing cybersecurity concerns, the need for a unified and holistic approach to GRC and Security is now more important than ever. By implementing a unified security-first framework, organizations can effectively manage security risks while prioritizing compliance to industry standards at the same time. In response to the evolving landscape of regulatory and security framework requirements, Adobe has created its own open-source Common Controls Framework (CCF) version 5.0 to help streamline and accelerate compliance efforts for organizations across all sizes and sectors. Join this session to learn more about how to build a security-driven compliance program.

Speaker & Digital Poster Representative
Rahat Sethi Director of Technology Governance, Risk, & Compliance (GRC) Adobe
Presented By
Adobe
1:55 - 2:30pm
The Urgent Need for Business Continuity Plans
Wassaja Ballroom

In the wake of high-profile and highly damaging ransomware attacks at Change Healthcare and CDK Global, the spotlight is shining on the need for backups and other data protection plans. What does a business continuity plan look like, and what other high-level questions do you need to ask before diving in?

Speaker, CSO Hall of Fame Inductee
Jerry Geisler SVP & CISO Walmart Inc.
Speaker, CSO Hall of Fame Inductee
Gary Hayslip CISO SoftBank Investment Advisers
Speaker, CSO Hall of Fame Inductee
Keith Turpin CISO The Friedkin Group
Moderator
Bob Bragdon Publisher Emeritus CSO Online
2:30 - 3:00pm
What’s Stopping Everyone from Adopting MFA?
Wassaja 108

Multifactor authentication is recognized as an important layer of security to ward off credential thefts and malware attacks. Yet not all organizations have adopted it, and not all vendors require it to use their products – to their detriment in recent breaches. This session will dig into the reasons behind MFA reluctance, the difficulties of third-party governance, and the ways that security leaders can bolster their defenses.

Speaker
Shannon Lawson CISO City of Phoenix
Speaker
Dennis Legori Associate Director – Security Awareness & Digital Communications Carrier Global Corporation
Moderator
Andrew Flynn Regional Executive Editor CSO Online
Crossroads of AppSec & Gen-AI
Wassaja 109

Gain insights on the challenges of Application Security and how Generative AI is going to impact software development. The session will share critical findings and recommendations from Veracode’s State of Software Security research, demonstrating how GenAI further amplifies the risks associated with application stacks. The session will cover practical steps on how to adopt GenAI safely and overcome the velocity and adoption challenges it brings to the software development life cycle and overall organizational ecosystem.

Speaker
Sohail Iqbal Chief Information Security Officer (CISO) Veracode
Presented By
Veracode
3:00 - 3:30pm
Networking Break
Wassaja Foyer

Grab a coffee or iced beverage, enjoy the fresh air, and connect with award-winning CISOs and sponsoring partners.

3:30 - 3:45pm
Impossible Possibilities: Transforming Your Data Security Program
Wassaja Ballroom

Leveraging AI to transform your data security program so that it enables your business to innovate and grow is today’s reality. Historically though, data security has been the least mature domain in all of security, but due to new innovations now is the time that it can become security’s most mature program. This discussion, led by Jason Clark, Chief Strategy Officer at Cyera, will walk through how and why.

Speaker
Jason Clark Chief Strategy Officer Cyera
Presented By
Cyera
3:45 - 4:15pm
Security, Trust & AI
Wassaja Ballroom

Clearly, GenAI has created a seminal moment in technology markets. But what’s the actual impact of genAI on cybersecurity? Join us to hear the latest IDC research and analysis to inform your security strategy.

Speaker
Frank Dickson Group Vice President, Security & Trust IDC
4:15 - 4:25pm
Closing Remarks
Wassaja Ballroom
Moderator
Bob Bragdon Publisher Emeritus CSO Online

Wednesday, October 23

8:00 - 9:00am
Breakfast at CSO Conference & Awards
The Courtyard

Join us for a networking breakfast at the CSO Conference. Connect with industry leaders, share insights, and fuel up for a day of innovation and success. Start your morning right with great food and even greater connections.

9:00 - 9:45am
The Magic of Security
Wassaja Ballroom

Are the techniques of a mentalist all that different from the tricks a threat actor uses to social engineer an attack? No one has better insight into the overlap than Gary S, Chan, a sitting CISO who is also a mentalist. Informative as well as entertaining, Chan will combine game theory, math, and other elements to deliver an important and unforgettable message for security leaders.

Keynote Speaker
Gary S. Chan Security Mentalist System VP and CISO, SSM Health
9:45 - 10:15am
Offensive AI vs Defensive AI in Email Phishing Attacks: Is This a Fair Fight?
Wassaja Ballroom

Despite the advanced technology deployed to combat business phishing attacks, data indicates that over 90% of successful cyberattacks that harm revenue and reputation begin with a good employee inadvertently falling for a phishing scam. Not all phishing attempts are detected by technology. Dave sheds light on some surprising AI-related facts and focuses on risk mitigation strategies that aim to prevent you and your company from becoming headline news due to a security breach.

Keynote Speaker
David Van Allen CEO Cofense
Presented By
Cofense
10:15 - 10:40am
Does the Big Tech Pledge to Build Security into Product Go Far Enough?
Wassaja Ballroom

Under pressure from the U.S. Cybersecurity and Infrastructure Security Agency, some 65 tech companies have agreed to seven security best practices to put security at the forefront of the software development. Will they make a difference? Join this panel of security leaders who can assess the potential impact of the pledge, holding software providers accountable, and where they still need to improve.

Speaker
Ryan Boulais CISO AES Corporation
Speaker, CSO Hall of Fame Inductee
Michael Palmer CISO Hearst
Moderator
Bob Bragdon Publisher Emeritus CSO Online
10:40 - 11:00am
Networking Break & Meet Gary S. Chan
Wassaja Foyer

Grab a coffee or iced beverage, enjoy the fresh air, and connect with award-winning CISOs and sponsoring partners. You’ll also have an opportunity to meet and take a photo with CISO & security mentalist Gary S. Chan.

11:00 - 11:30am
Digital Poster Program
Wassaja 102-105

Learn about this year’s award-winning projects at a tour of digital poster presentations. Ask questions and dig into the technical and management details of these innovative projects, as well as network with peers who are interested in similar initiatives. This self-directed experience means you can focus your time on projects that are most relevant for you.

Project
Adobe Security Risk Management Framework Adobe Adobe established an agile framework that unifies security by centralizing risks into a unified register to deliver unbiased, meaningful, consistent results to risk owners and decision makers. It encompasses security risks identified by incident response, internal/external audits, red team exercises, security operations, vendor or supply chain reviews, bug bounty, penetration tests, and resiliency exercises.
Project
Distributed Isolation for Airport Operational Technology United Airlines United has integrated its operational technology inventory tool with a policy engine to implement port-based Network Access Control isolation. Through this novel combination of technologies, United aims to safeguard its current operations and create a security framework that can grow with its strategic business objectives. Learned how it achieved its goal within the environmental constraints of the airline industry.
Project
Kubikle Video Series National Cybersecurity Alliance How do you engage people who often feel apathetic or disengaged when it comes to cybersecurity? The Kubikle comedy web series is a fresh approach that transcends fear-based tactics. Find out how the National Cybersecurity Alliance captivated, entertained, and educated individuals who are oblivious to cybersecurity concerns and helped inspire proactive security practices.
Project
CMMC Bot Assistant Camelot Secure CMMC Bot Assistant integrates the latest GPT models for assistant chatbot features to enhance our ability to perform Gap Assessment for the Cybersecurity Maturity Model Certification process. By simplifying complex compliance requirements, our project aims to transform the CMMC landscape, offering assessors and organizations a robust tool to ensure cybersecurity resilience efficiently. Join us to learn how it works and how it’s performing so far.
11:35 - 12:05pm
Digital Poster Program
Wassaja 102-105

Learn about this year’s award-winning projects at a tour of digital poster presentations. Ask questions and dig into the technical and management details of these innovative projects, as well as network with peers who are interested in similar initiatives. This self-directed experience means you can focus your time on projects that are most relevant for you.

Project
Geolocation Process Supports HR, Legal, IT, Security and Procurement Objectives PROS While employees can work from anywhere in the world, the process for checking with Security and Legal for access, privacy, IP rights, and export control was clunky, inconsistent, and not well documented. This project created a cross-functional team to build a unified process based upon pre-determined country tiers, improving employee experience, reducing risk, and providing a mechanism to address potential violations.
Project
Ransomware Resiliency with Application Segmentation Penn Medicine As part of a ransomware risk reduction strategy designed to protect patient data processed, stored, and transmitted by applications that support clinical care, this project established a zero-trust application segmentation solution. Each application is encapsulated in a protective zone to reduce its risk exposure. Learn more about these and other strategies to bolster ransomware resilience in a complex enterprise environment.
Project
D.E.F.E.N.D.: Data Exfiltration Focus with Effective Network Defense NJ TRANSIT D.E.F.E.N.D. was constructed using Zero Trust principles to prevent threats at the data layer, while provisioning a unified platform to identify threat prevention, detection, and response. This approach offers real-time visibility into attack paths and relationships across on-prem and cloud directories. In addition, the initiative protects data from insider threats or ransomware with air-gapped, immutable, and access-controlled backups.
Project
FioriDAST: Reinvent Dynamic Security Scans for Modern Web-based Cloud Applications SAP SE SAP implemented an advanced protection of its web-based applications to secure them against complex threats. FioriDAST simulates user actions and attacks to identify potential security risks, thoroughly covering the application architecture and reducing misleading positives.
12:05 - 1:15pm
Networking Lunch
The Courtyard

Join us for an engaging lunch where you can connect with newfound contacts! Take a seat and savor your meal while networking with peers. Don’t miss the opportunity to meet our sponsors and discover how their innovative solutions can benefit you.

1:15 - 1:40 pm
Exclusive: Insights from Foundry’s 2024 Security Priorities Study
Wassaja Ballroom

Get the first look at the findings of Foundry’s 2024 Security Priorities Study, which identifies the security projects organizations are focused on in the coming year. The research looks at the issues that will demand the most time and strategic thinking for IT and security teams.

Moderator
Bob Bragdon Publisher Emeritus CSO Online
1:40 - 2:05 pm
Becoming a Prepared CISO
Wassaja Ballroom

The CISO’s job revolves around preparing for an event they hope never happens, whether that’s a ransomware attack, legal issues like a class-action suit, or personal liability stemming from a SEC complaint. Actions and practices today – from having a clearly defined role, training your team in how they communicate, and productively managing stress – will help in the face of a crisis. Learn from the hard-earned wisdom and insights of a CISO who still, even now, thinks of the role as a “fantastic job.”

Speaker
Tim Brown CISO SolarWinds
2:05 - 2:40pm
SEC Disclosure Guidelines: What We’ve Loved, Loathed, and the Lessons Learned
Wassaja Ballroom

The public now knows more about the frequency and severity of data breaches following implementation cyber disclosure rules from the SEC. One year after their introduction, this panel will assess the state of disclosure. What can CISOs collectively learn about the disclosure? How do we better prepare? And what needs to change to create a better system for all?

Speaker
Deneen DeFiore VP & CISO United Airlines
Speaker
Dina Mathers CISO Carvana
Speaker
Petri Kuivala CISO Advisor Hoxhunt
Moderator
Bob Bragdon Publisher Emeritus CSO Online
2:40 - 3:10pm
Networking Break
Wassaja Foyer

Grab a coffee or iced beverage, enjoy the fresh air, and connect with award-winning CISOs and sponsoring partners.

IDC Office Hours
Wassaja 110

Drop in for unstructured conversation with one of IDC’s top security analysts. This is an opportunity to delve deeper into the themes and ideas from Dickson’s keynote presentation or to get insight on your own challenges – all in a casual environment.

Speaker
Frank Dickson Group Vice President, Security & Trust IDC
3:10 - 3:45pm
The Secrets to CIO Succession Planning
Wassaja Ballroom

No CISO stays in the chair forever. That makes thinking about succession a crucial task. Join us for an insider’s look at how to think about succession planning, including evaluating potential candidates both within and outside of your organization, the professional skills and experiences they need to have, and how to communicate the plan. This session will be helpful for sitting CISOs as well as those who aspire to the role.

Speaker
Kris Burkhardt CISO Accenture
Speaker, CSO Hall of Fame Inductee
Susan Koski CISO, Enterprise Information Security The PNC Financial Services Group
Speaker
John Pontrelli Retired CISO Discount Tire
Moderator
Bob Bragdon Publisher Emeritus CSO Online
3:45 - 4:15pm
Wrapping Up: The Hottest of Hot Topics
Wassaja Ballroom

To close our conference, we’ll respond to what’s on your mind. Attendees will choose the focus on this session in a vote on Tuesday, and we will announce the results Wednesday morning. Then this panel of experienced and thoughtful CISOs will share their collective wisdom in a candid conversation. Want to hear more about AI and security? Is it time for a frank discussion about careers and how CISOs can get the respect they deserve? Or perhaps a new industry development will have everyone buzzing. Let’s go there.

Speaker
Tim Callahan Senior Vice President, Global Security, Chief Security Officer Aflac
Speaker, CSO Hall of Fame Inductee
Vaughn Hazen CISO CN
Speaker
Robert Wahl Chief Information Security & Privacy Officer Harley-Davidson
Moderator
Bob Bragdon Publisher Emeritus CSO Online
6:00 - 6:30pm
CSO Awards and Hall of Fame Cocktail Reception
The Courtyard

Raise a glass to toast the 2024 honorees.

6:30 - 8:30pm
CSO Awards and Hall of Fame Induction Dinner & Ceremony
Wassaja Ballroom

Celebrate security excellence at this elegant dinner and award ceremony. The 2024 CSO Awards presentation will honor the winning organizations for their use of innovative security to deliver business value, followed by the induction of our newest members into the CSO Hall of Fame.

8:30 - 9:30 pm
Dessert Reception
The Courtyard

Celebrate the newest class of honorees with sweet treats and plenty of photo ops as we close out the CSO Conference.

Presented By
Cofense