January 13, 2026

6:00 PM – 7:30 PM

Cocktails
Troon Lawn

Day One: January 14, 2026
Times subject to change.

8:00 AM – 9:00 AM

Breakfast Buffet & Registration

9:00 AM – 4:30 PM

SINET Risk Executive Workshop
Ironwood B & C Ballroom

9:00 AM – 9:05 AM

Setting the Stage

Presenters
Robert Rodriguez, Chairman, SINET, Venture Partner, SYN Ventures
Honorary Chair, Brian Fricke, MSVP, CISO, Technology Risk Executive, City National Bank of Florida

9:05 AM – 9:50 AM

Attendee Introductions

9:50 AM – 10:30 AM

The Evolving Mindset Regarding the CISO Role Among CEOs and Board Members
As cyber threats grow and persist, and pre-positioned destructive capability becomes the norm, leading organizations have shifted to a resilience mindset. For the CISO, the sole accountability to prevent breaches is alleviating. What does this mean for success, career development prospects, recognition, and the strategic importance of the role? For organizations that have not shifted the mindset, what is the role of the CISO in bringing their CEO and Board of Directors into the new reality? How do we resolve the current friction between protecting our company’s reputation and liabilities vs the collective defence?

Presenters
Carey Frey, CSO & CISO, TELUS
Greg Murray, SVP, Cyber Security, Privacy & Network, Loblaw Companies Limited

10:30 AM – 10:40 AM

Break

10:40 AM – 11:20 AM

Developing Cyber Agility at Speed and Scale
As the threat landscape evolves alongside advancements in AI, maintaining agility in defending your organization is more crucial than ever. This presentation will showcase concrete strategies to enhance your organization’s cyber defense programs and maintain agility in the face of evolving threats.

11:20 AM – 12:05 PM

Security Operating Models in a Platform and SaaS World

As cybersecurity organizations evolve, they are shifting from generalist teams to highly specialized functions such as vulnerability management, application security, incident response, and identity governance. This specialization, while necessary, introduces new challenges—such as organizational silos described by Conway’s Law. Meanwhile, SaaS and cloud security solutions are increasingly designed to bridge these silos, requiring different engineering operating models (e.g., agent/client, API, gateway, and cloud-native approaches). This session will explore the changing skill sets required to manage these modern security environments and discuss how AI is poised to further transform the expertise and collaboration needed for effective cloud security.

Presenter
Chris Porter, Senior Vice President & CSO, Fannie Mae

12:05 PM – 1:00 PM

Lunch

1:00 PM – 1:40 PM

From Policy to Practice – Fortune 500 Best Practices for AI Security & Governance Framework
As AI and agent adoption increase and AI becomes a core driver within enterprises, organizations are building frameworks to deploy them safely and effectively. In this session, we will map the different spaces of AI and agents in the enterprise, review lessons and best practices from Fortune 500 companies for the practical implementation of frameworks, and discuss the business value these frameworks enable.

Presenter
Niv Braun, Co-Founder & CEO, Noma Security

1:40 PM – 2:20 PM

The Transformation Trifecta: Industry, Organization, You
Transformation in cybersecurity isn’t just about adopting new technologies. It’s about fundamentally rethinking how we lead, operate, and evolve in an industry that never stands still. This session explores transformation through three critical lenses.

We’ll begin by examining the shifts reshaping our industry, including the the evolution from perimeter defense to zero trust and from infrastructure to product protection, the transition from “security as gatekeeper” to “security as business enabler,” and how emerging technologies are redefining both threats and opportunities. Understanding these macro transformations helps us anticipate what’s coming rather than constantly reacting.

Next, we’ll focus on organizational transformation. These are the changes within your control. How do you shift security culture from fear-based compliance to resilience thinking? What does it take to gain executive buy-in for transformation initiatives? How do you build teams that think differently and challenge assumptions? We’ll explore practical approaches to restructuring security organizations for agility and impact.

Finally, we’ll get personal. The most profound transformations often happen within ourselves as leaders. We’ll discuss the uncomfortable work of unlearning outdated approaches, adapting communication styles for different audiences, and developing the vulnerability and self-awareness that great leadership requires. Through candid stories and hard-won lessons, we’ll explore how personal transformation enables everything else.

Presenter
Kim Albarella, Global Head of Security, TikTok

2:20 PM – 3:00 PM

AI Deployment & Security Survey Recap
As artificial intelligence adoption grows across enterprises, most organizations are keeping deployments to low-risk areas like HR and marketing research, avoiding high-risk products over security concerns. SINET and Stifel Bank conducted a survey to examine how CISOs are balancing productivity gains with governance gaps and where AI security investments are headed.

Presenters
Danny Hatfield, Managing Director – Venture Banking, Stifel
Brian Fricke, MSVP, CISO, Technology Risk Executive, City National Bank of Florida
Ben Murphy, SVP & Global CISO, Unum

3:00 PM – 3:10 PM

Break

3:10 PM – 3:50 PM

Insider Threats: When Trust Becomes the Attack Surface
Insider threats remain one of the most difficult—and misunderstood—risk categories facing security leaders. Unlike external attacks, insiders operate within trusted systems, legitimate access, and incomplete signals, forcing CISOs to balance detection, privacy, business continuity, and legal exposure in real time.

This session brings together a CISO and a cybersecurity attorney to examine several recent, high-profile insider-driven incidents and near-misses, focusing not on hindsight, but on how these events actually unfolded operationally. We will explore why insider threats are uniquely hard to prevent and investigate, where traditional security tooling and legal frameworks break down, and how misalignment between security, legal, HR, and leadership often amplifies risk.

Attendees will leave with practical lessons learned, decision-making frameworks for responding to suspected insider activity, and concrete steps to strengthen insider-risk programs without eroding trust, culture, or defensibility.

Presenters
Joe Santiesteban, Partner, Cybersecurity, Orrick, Herrington & Sutcliffe, LLP
Devon Bryan, Global CSO, Bookings Holdings

3:50 PM – 4:30 PM

Consolidating Identity Security – From AI to AD
While modern platforms for endpoint, network or cloud security are now a given, identity security has been lagging behind, and relies on a patchwork of point solutions and operational silos. From Active Directory and other legacy systems where security has been neglected for years, to modern cloud identities, non-human identities and now agentic identities, the industry is finally making critical steps towards a consolidated approach to identity security. In this session we will discuss the related security and business challenges that organizations have been facing, and how they can now overcome them and successfully consolidate the different components of identity security (ITDR, ISPM, IVIP, MFA, PAM, NHI security and more) across the different IAM silos – from legacy AD to agentic AI, and everything in between. We will also share a case study from an unpublished breach attempt by Scattered Spider on a Fortune 500 company, and how it was stopped when the attackers were already inside the network, using this approach.

Presenter
Hed Kovetz, CEO & Co-Founder, Silverfort

4:30 PM

Day One Concludes

6:30 PM 

SINET Hosted Reception & Dinner On-Site at Talavera
All workshop attendees are asked to attend (no guests). Off-site meals impact the quality of the overall program.

Day Two: January 15, 2026
Times subject to change.

8:00 AM – 9:00 AM

Breakfast

9:00 AM – 4:00 PM

SINET Risk Executive Workshop
Ironwood B & C Ballroom

9:00 AM – 9:50 AM

High-Velocity Governance: Engineering the Safe Acceleration of AI
The rapid, ubiquitous adoption of AI is unlike previous technology shifts. CISOs are navigating a unique pincer movement: Democratization has put powerful capabilities in every employee’s hands, organizations want to move at the speed of light, while CISOs are attempting to secure a rapidly evolving, supply chain-dependent ecosystem.

This panel brings together leading CISOs in the midst of this transformation in their organizations to discuss the operational reality of this AI Grand Prix and their role as the pit crew: How do they tune an engine they didn’t build (models), upgrade the brakes for drivers they can’t always see (democratized use with reliable guardrails), and install the airbags (resilience for when the unexpected happens)?

Join us for a candid, “under-the-hood” look at how CISOs are partnering with the business to drive innovation without spinning off the track. Governance accountability within the enterprise, debating the role of the CISO organization in AI Governance.

Presenters
Divyangi Anchan, AI Controls and Risk – Corporate Engineering, Google
Brian Fricke, MSVP, CISO, Technology Risk Executive, City National Bank of Florida
Sonia Arista, AVP Business Information Security Lead, CVS Health
Rick Orloff, VP, CISO, Pure Storage

9:50 AM – 10:30 AM

From Zero Trust to Adaptive Trust: Defending the Autonomous, AI-Driven Enterprise
The enterprise security model is being stress-tested by two simultaneous forces: the rise of autonomous, agentic AI and an attack landscape increasingly optimized for identity abuse, SaaS sprawl, and API-driven exploitation. In this session, Ramy Houssaini draws on real-world breach analysis, Cloudflare Radar insights, and frontline response to campaigns like Scattered Spider and recent SaaS supply-chain compromises to argue that “Zero Trust” as we’ve known it is no longer sufficient.

CISOs will explore how attackers now “log in, not break in,” how OAuth tokens, AI agents, and third-party integrations have become the new perimeter, and why MFA alone has become table stakes rather than a safeguard. The discussion reframes Zero Trust for the AI era—shifting from static, policy-based controls to adaptive, risk-aware trust decisions that span human identities, machine identities, APIs, and AI agents.

Attendees will leave with practical guidance on securing the full AI lifecycle, extending Zero Trust into SaaS ecosystems, and building an autonomous defense model that emphasizes visibility, speed, and continuous adaptation—without slowing innovation.

Key takeaways include:

• Why identity, APIs, and AI agents are now the primary attack surface
• Lessons learned from 2025: recent SaaS and supply-chain breaches
• How to operationalize adaptive, context-aware trust at scale
• What “defense in depth” really means in an AI-accelerated enterprise
• Concrete steps CISOs can take in 2026 to prepare for the autonomous internet

Presenter
Ramy Houssaini, Chief Cyber Solutions Officer, Cloudflare

10:30 AM – 10:40 AM

Break

10:40 AM – 11:20 AM

Funding Early-Stage Investments in the Age of AI

Presenters
Richard Seewald, Founder & Managing Partner, Evolution Equity Partners
Art Coviello, Managing Partner, SYN Ventures

11:20 AM – 12:05 PM

The CISO of the AI Age – Rise of Autonomous Cyber Risk Management
The CISO role is undergoing a fundamental transformation. No longer defined by tools, alerts, or defensive controls, the modern CISO is emerging as a risk leader—one who quantifies uncertainty, translates technology into business value, and drives enterprise resilience at scale.

In this session, Nick Sanna, President of SAFE, and CISO of Victoria’s Secret, share how leading organizations are redefining cybersecurity as an economic and decision intelligence discipline powered by AI. Through real-world experiences, they explore how autonomous cyber risk management enables CISOs to move beyond defense—becoming strategic advisors who prioritize investments, guide executive decisions, and continuously reduce risk in business terms.

Presenters
Nick Sanna, President, Safe Security

12:05 PM – 1:00 PM 

Lunch

1:00 PM – 1:40 PM

Transforming Identity – Facing the Challenge of Global Enterprise Identity in the Era of Agentic AI
Carey will cover the industry reaction to the publication of the SINET Handbook on Identity, the ongoing challenges and choices for identity architectures for Agentic AI, and how TELUS is undertaking a multi-year, global initiative to build a greenfield identity platform for its enterprise.

Presenter
Carey Frey, CSO & CISO, TELUS

1:40 PM – 2:20 PM

Burn the Binder: The Future of Incident Response
Incident response plans are widely regarded as a cybersecurity best practice, yet they are rarely relied upon during real incidents. This presentation examines why traditional, document-centric approaches combined with a firefighting mindset for incident response typically fail under operational pressure. As agentic AI accelerates and scales cyberattacks, response efforts will face adversaries with relentless pace, increasing complexity and decision volume—further exposing the limits of the industry’s legacy approach to incident response. Drawing on real-world experience across security, legal, and incident response, the session explores how organizations can adapt through meaningful preparation, consistent execution, cross-functional alignment, and defensible decision-making—enabling more effective response and demonstrable accountability to customers, executives, regulators, insurers, and other stakeholders when it matters most.

Presenters
Anderson Lunsford, CEO, Co-Founder, BreachRx
Matt Hartley, Co-Founder & Chief Product Officer, BreachRx
James Beeson, CISO Advisor, Cyber Advisors

2:20 PM – 2:30 PM

Break

2:30 PM – 3:10 PM

Rethinking Cyber Organization and Operating Models – A Product and Services-Based Approach
The presentation by Gary Harbison, Global CISO at Johnson & Johnson, explores the rethinking of cybersecurity organizational models through a product-and-services-based approach. It highlights challenges with traditional models, such as siloed teams, a compliance-focused culture, and a lack of strategic alignment. The new model emphasizes integrating business planning with security products and services, standardizing operating models, and clarifying roles. Key initiatives include aligning resources to capabilities, implementing QBRs and MBRs, and forming capability squads to drive lifecycle management. Lessons learned will also be explored that stress the importance of visibility, accountability, and structured adoption through playbooks and coaching. The goal is an outcome-driven, collaborative, and efficient cybersecurity ecosystem within the business.

Presenter
Gary Harbison, SVP, Global CISO, Johnson & Johnson

3:10 PM – 3:40 PM

“It’s finally over. Let’s celebrate.”
Tim Brown will discuss the long journey and the dismissal of the case against him and SolarWinds. The Sunburst incident occurred in December 2020 with full closure in December 2025. It’s been a long road with a great outcome. Tim will discuss some of the details, some lessons learned and the important next steps we need to consider.

Presenter
Tim Brown, CISO, SolarWinds

3:40 PM – 4:00 PM

Closing 

Presenter
Robert Rodriguez, Chairman, SINET, Venture Partner, SYN Ventures

4:00 PM

Day Two Concludes

6:30 PM

SINET Hosted Reception & Dinner On-Site at Proof
All workshop attendees are asked to attend, and plus ones are welcome. Off-site meals impact the quality of the overall program.