CISO Forum

CISO Forum

September 13-14 2022Register for Virtual Events

Designed for senior level security leaders to discuss, share and learn innovative information security and risk management strategies, Securityweek’s CISO Forum, will take place in 2022 as a virtual event.

The forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise. (SecurityWeek’s CISO Forum has been running since 2014 as a live event at the Ritz-Carlton, Half Moon Bay.)

Diamond Sponsor

 

Platinum Sponsors

Torq

Abnormal Security

Gold Sponsors

Okta

Process Unity

SkillsoftLastPass

Silver Sponsors

TIDELIFT

Agenda

September 13, 2022 11:00 am

Fireside Chat: Fidelity Investments CISO Adam Ely

Adam Ely
CISO, Fidelity Investments
Ryan Naraine
Editor-at-Large, SecurityWeek

Join us for an engaging fireside chat on security leadership with Adam Ely, Chief Information Security Officer at Fidelity Investments.

SecurityWeek's editor-at-large Ryan Naraine will host a discussion with Adam on the role of the modern CISO, the challenges of building a mature risk management program, communications challenges in large organizations, mentorship and staff retention, and much more.  

September 13, 2022 11:35 am

Navigating the Cloud Native Security Landscape

Jason Williams
Product Manager, Prisma Cloud, Palo Alto Networks

What happens when thousands of organizations start a cloud expansion journey at the same time? You would be interested to know what worked and what didn’t, right? The Prisma Cloud team at Palo Alto Networks was curious enough to survey 3,000 professionals about their cloud adoption experiences, cloud native security strategies, and best practices. Join this session as Jason Williams, product marketing manager at Palo Alto Networks, dives into:

  • Key cloud adoption and risk trends
  • Strategic and tactical decisions that worked [and did not work] during rapid cloud expansions
  • How Palo Alto Networks can help

September 13, 2022 12:00 pm

Top SOC Challenges in 2022

Ryan Darst
Director of Security Automation, Torq
Dan Mackenzie
Sr. Product Marketing Manager, Torq

We’ll review results from recent global surveys and examine how no-code automation can solve the most commonly reported challenges. Top takeaways:

  • What are the common challenges to security
  • Why automation is a necessary solution to those challenges
  • How Torq solves those challenges with no-code automation

September 13, 2022 12:30 pm

BREAK

Please visit our sponsors in the Exhibit Hall. 

September 13, 2022 12:45 pm

Managing Your Two Biggest Risks: Cybersecurity & Third Parties

Andrew Egoroff
Senior Cybersecurity Specialist, Process Unity

Each day organizations face new threats that jeopardize their critical networks. Gaining visibility into the security risks your supply chain or third-party vendors pose to your organization is a growing priority among cybersecurity leaders. Next-generation cybersecurity practices will require organizations to align both internal and external cybersecurity risk processes to create a standardized process to facilitate effective third-party cyber risk mitigation.  We’ll review new strategies and outline the steps to mature your program. You will learn how to:

  • Map external third-party risk to internal cybersecurity controls
  • Evaluate control effectiveness against both internal and external risks
  • Prioritize cyber/third-party risk projects based on control gaps and domain inefficiencies
  • Build a united cybersecurity program that protects against internal and external threats

September 13, 2022 12:45 pm

Passwordless Authentication with Okta

Mukul Hinge
Group Product Marketing Manager, Okta

Passwords always have a source of friction and a security risk in the authentication experience. Leaving passwords behind is key towards better security and employee login experiences. Okta has been helping its customers deploy passwordless authentication by taking foundational steps such as implementing multi-factor authentication (MFA) with secure factors such as FIDO2.0/WebAuthn, FastPass, MagicLink, and mobile authenticator apps that support biometric authentication. Join us in this session to understand how Okta FastPass enables secure passwordless authentication into any device, from any location. Even if your company uses a combination of device management tools, FastPass can work alongside a variety of deployments. Watch this 30-minute webinar now and see Mukul Hinge, Group Product Marketing Manager, Security at Okta demonstrate FastPass in action including how:

  • Users can register their devices to Universal Directory using Okta Verify.
  • Admins can set policies for when Okta FastPass should be delivered.
  • Okta Verify can check policies set by administrators, and allow a user to log in assuming the login meets the correct context.

September 13, 2022 01:15 pm

7 Steps CISOs Should Take to Build Agile, Prepared and Security-focused Teams

Okey Obudulu
CISO, Skillsoft

Threats to an organization's data come from all angles: inside, outside, bad actors, burnt out employees, even honest mistakes. The broad nature of the threatscape makes cybersecurity everyone's responsibility. More and more, business leaders recognize that cybersecurity is just as much their concern as it is for their partners in IT. Gartner research found 88% of boards agree cyber-threats pose a risk to the business (meaning, it's not just IT's problem). This is good news for CISOs who've worked hard to convince boards of the very serious threats to the business — even those that come from inside the organization where their greatest defenses lie. In this session, Skillsoft's CISO Okey Obudulu shares his experiences fostering a culture of cybersecurity throughout his career. He will provide advice, strategies and tips for those who want to unify all employees to manage risk and encourage agility and vigilance.

September 13, 2022 01:15 pm

Real Talk - Your Journey to Passwordless still Includes Passwords

Christofer Hoff
Chief Secure Technology Officer, LastPass

Passwordless authentication is a critical component of any zero-trust architecture and bringing that to users at scale is how businesses enable greater convenience for end users and stronger security with a narrowed attack surface. While broad implementation and adoption of passwordless is and should be the goal, it will inevitably take years to achieve. Join LastPass CTO Christofer Hoff as he discusses:

  • Why the pain points of passwords are the rewards of going passwordless
  • The requirements for making passwordless a widely-adopted reality
  • How passwordless can be achieved today

September 13, 2022 01:45 pm

BREAK

Please visit our sponsors in the Exhibit Hall.

September 13, 2022 02:00 pm

Panel Discussion: Security Leadership in Times of Crisis

Kathy Wang
CISO, Discord
Aanchal Gupta
Corporate VP of Azure Security and M36, Microsoft

Our popular "In-CISOmnia" panel discussion returns with a focus on security leadership in times of crises. As CISOs and defenders face a surge in supply chain, ransomware, APT and clever social engineering attacks, our panel returns to share experiences and leadership lessons from a tumultuous year. Expect a robust discussion on measuring and managing risk, hiring and retention of cybersecurity talent, reporting security issues to boards of directors, communicating security to end users, wading through vendor pitches, and much more.

September 13, 2022 02:45 pm

Panel: A Threat Hunting Playbook for CISOs

Silas Cutler
Senior Director for Cyber Threat Research & Analysis, Institute for Security and Technology
Juan Andrés Guerrero-Saade
Principal Threat Researcher, SentinelOne
Allison Wikoff
Global Threat Intelligence Lead, PwC United States
Ryan Naraine
Editor-at-Large, SecurityWeek

The threat landscape headlines are becoming more ominous by the day: Nation-state APT threat actors. Cyberwar in Ukraine. Ransomware attacks against critical infrastructure. Zero-day attacks in the wild hitting modern infrastructure. What does it all mean? Are we over-fetishizing the APT? How does a CISO determine resources to defend against these threats?

These questions will be answered in this session where threat-hunting practitioners filter through the noise and share best practices on responding to the deluge of advisories and warnings.

September 13, 2022 03:30 pm

Networking & Virtual Expo

ON-DEMAND: Abnormal Security Walk-through

ON-DEMAND: Prisma Cloud- Cloud Security Posture Management Demo

ON-DEMAND: Cybersecurity Program Management Demo

ON-DEMAND: Deploying Passwordless Authentication with Okta

ON-DEMAND: LastPass Business Demo

ON-DEMAND: Skillsoft Demo

ON-DEMAND: Tidelift Demo

Agenda

September 14, 2022 11:00 am

Strategies for Securing your Cloud Journey

Bob West
Chief Security Officer, Prisma Cloud, Palo Alto Networks

Cloud is a journey that most all of us are on or soon will begin. This presentation will talk about some key strategies for establishing a security posture, methods for discovering security gaps. And best practices for securing your cloud platforms.

September 14, 2022 11:40 am

Fireside Chat: David Weston, Vice President, Microsoft

David Weston
VP, Enterprise and OS Security, Microsoft
Ryan Naraine
Editor-at-Large, SecurityWeek

In this fireside chat with SecurityWeek Editor-at-Large Ryan Naraine, Vice President of Enterprise and OS Security at Microsoft David Weston will share his vision for securing software at scale in a fast-changing threat landscape. The discussion is expected to include thoughts on foundational things that CISOs can do to head off advanced attacks, managing the tradeoffs between security and useability, the ongoing fight to mitigate memory safety vulnerabilities, and the U.S. government's push to secure software supply chains.

September 14, 2022 12:15 pm

From CEO Fraud to Vendor Fraud: The Shift to Financial Supply Chain Compromise

Crane Hassold
Director of Threat Intelligence, Abnormal Security

The tactics that worked for your business five years ago likely aren’t still working today, and cybercrime is no different. The CEO fraud that dominated the last few years is not nearly as successful as it used to be, partially because employees understand that their CEO isn’t emailing them about gift cards at 2:00 in the morning. Not to be outdone, cybercriminals have shifted their tactics, now relying more on vendor impersonation and vendor email compromise to run their scams. Join Abnormal Security as they answer your questions about this new threat, including:

  • What are the various types of financial supply chain compromise?
  • How do threat actors use impersonation and account compromise to run invoice fraud, aging report fraud, and blind third-party attacks?
  • Why have threat actors shifted tactics, and what do your employees need to know?
  • How can you stop these evolving attacks before they reach your inboxes?

The average invoice fraud attack costs $183,000 and Abnormal has seen attacks that request upwards of $2.1 million. Attend the webinar to make sure you’re prepared to defend against them.

September 14, 2022 12:45 pm

BREAK

Please visit our sponsors in the Exhibit Hall.

September 14, 2022 01:00 pm

The VC View: Trends in Cybersecurity Innovation and Investments

William Lin
Managing Director, Forgepoint Capital
Patrick Heim
SYN Ventures
Sunil Kurkure
Managing Director, Intel Capital
Sidra Ahmed Lefort
Principal, Munich Re Ventures

The last few years have seen a massive surge in venture capital investments in cybersecurity companies. Last year alone, according to Crunchbase data, an unprecedented $21.8 billion in venture capital poured into the security sector as investors continue to bet big on startups in a wide range of product categories. In this panel discussion, venture capital leaders discuss the emerging trends in cybersecurity innovation, the hot (and cold) product categories, the challenges of identifying successful entrepreneurs, and some market predictions as we head into 2023.

September 14, 2022 01:45 pm

Fireside Chat: Katie Moussouris, Luta Security

Katie Moussouris
Chief Executive Officer, Luta Security
Ryan Naraine
Editor-at-Large, SecurityWeek

In this fireside chat with SecurityWeek Editor-at-Large Ryan Naraine, Luta Security chief executive Katie Moussouris will share lessons from her work creating bug bounty and vulnerability disclosure programs for some of the biggest organizations in the world. Join this session to learn about the value -- and pitfalls -- of bug bounty programs, best practices around managing the flow of vulnerability data, and security response priorities.

September 14, 2022 02:15 pm

Networking & Virtual Expo

Designed for senior level security leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2022 as a virtual event.

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Event Details