2023 Agenda
Day One: February 1, 2023
Times subject to change.
7:45 AM – 8:45 AM
Breakfast Buffet & Registration
Ironwood Foyer
8:45 AM – 5:00 PM
SINET Risk Executive Workshop
Inwood B & C Ballroom (Session limited to CISOs only)
8:45 AM – 8:55 AM
Setting the Stage: The Issues at Hand and What We Intend to Accomplish
Robert D. Rodriguez, Chairman & Founder, SINET
Heather Rodriguez, Chief Executive Officer, SINET
Honorary Chair, James Beeson, Chief Information Security Officer, Cigna
8:55 AM – 10:00 AM
Attendee Introductions
10:00 AM – 10:50 AM
Board Interactions, Governance, and Metrics: Communicating with Your Board as a Risk Executive
Abstract: In an age where there is not a single business or organization that hasn’t been transformed dramatically in the last twenty years by digital technology, how should a CISO best communicate the nature of cyber risk? Given the significant variability of board members knowledge and understanding of such risk is there a way to constructively have an effective dialogue to assist them in their fiduciary obligations?
Presenters:
Arthur Coviello, Investment Committee Chair, SYN Ventures
James Beeson, Chief Information Security Officer, Cigna
10:50 AM – 11:00 AM
Break
11:00 AM – 11:40 AM
Modernizing Risk Management Control Programs to Meet the Needs of the Business.
Abstract: This discussion presents a modernized approach for documenting an organization’s Information Security Program. This method focuses on improving Governance Programs (administrative controls) to withstand regulatory/audit scrutiny, continuity of Program Execution during transitions, and generally clarify the requirements, and expectations of personnel assigned to those sub-programs (Access, SecOps, Risk mgt, DLP, Vendor Mgt, BCP etc). The presentation will also cover practical ways to ensure alignment of risk and control program effectiveness to the lines of business, which is key for effective enterprise adoption of security programs.
Presenters:
Brian Fricke, Chief Information Security Officer, City National Bank
11:40 AM – 12:15 PM
Cyber Risk Calculus to Protect Your Organization: How to Make the Math Work
Abstract: Each company has something to protect, whether it is intellectual property, industrial control systems, personally identifiable information, etc. There are thousands upon thousands of software and hardware solutions to secure infrastructure, as evidenced by the thousands of vendors who have booths at major conferences like RSA. The recent popularity of zero trust is because it is a philosophy, rather than a discrete solution. This dicussion will be centered on risk calculus: What risk factors should be considered and how best should the weighting on each be determined? I would contend that some of the least intangible risk factors should carry the highest priority.
Presenter:
Edward Devinney, Corporate Director Cyber Programs, Northrop Grumman
12:15 PM – 1:15 PM
SINET Hosted Lunch
1:15 PM – 1:55 PM
Geopolitics, Cyber Security & Impacts to CISOs
Abstract: Fallout from recent geo-political shifts including restrictions on Chinese supply chains, the COVID-19 pandemic and Russia’s invasion of Ukraine are amongst the many challenges facing CISOs both domestically and globally striving to protect the security and reliability of their respective companies. This discussion will provide an update on the threat environment resulting from these geo-political shifts and what CISOs can expect over the next three years. This will be juxtaposed against the on-going roll-out of 5G networks globally and efforts to dis-intermediate China’s power on specific supply chains including micro-processors and telecommunications equipment. The speakers will cover risks and risk mitigation strategies for CISOs.
Presenter:
Carey Frey, Chief Security Officer & VP, TELUS Security, TELUS
1:55 PM – 2:30 PM
Perspectives on the Cyber & Infrastructure Software Market
Abstract: This session will discuss the latest in the macro environment to include the global reset, recessionary pressures, and the public market outlook – and then dive into the impact for cyber community (CISO’s, Investors, CEO’s). What are the sectors to watch? What are the trends with M&A and investment? What does the exit environment look like? How has the broader market reset impacted the cyber community? How should the cyber community respond to the dynamic changes in the market?
Presenter:
Brian White, Managing Director, Head of Security & Defense Technology, Technology Investment Banking, Piper Sandler & Co.
2:30 PM – 3:10 PM
Supply Chain Security and Installed Base Project
Abstract: Supply chain security is of the upmost concern to governments, companies operating in the critical infrastructure and those that rely on the critical infrastructure. During this session we will explore the impact of third-party risk events and introduce a new program to identify and mitigate potential risks in the installed base of the critical infrastructure.
Presenter:
Patrick Ford, Chief Information Security Officer, Americas, Cybersecurity Governance, Schneider Electric
3:10 PM – 3:20 PM
Break
3:20 PM – 4:00 PM
Rules, Legislation, Recommendations, and Reporting: Is Cybersecurity Being Over-Governed?
Abstract: Is cyber security unfortunately being over-governed? New SEC rules, FTC additions to GLBA, new rules in financial institutions around notification, CCPA, GDPR, proposed Congressional legislation, CISA recommendations, second line of defense challenge, Audit, SOX, DOJ, board reporting, and more. Is this helping or hurting?
Presenter:
Jerry Archer, SVP/Chief Security Officer, Sallie Mae
4:00 PM – 5:00 PM
Innovator Presentations
Eleven companies will present for five minutes each on how they see the attack vector evolving, the problem they are addressing, and how they are solving it. (Presenting companies are not permitted to attend the workshop, however they will attend the reception/dinner at 6:30pm on February 1st only)
5:00 PM
Day One Concludes
6:30 PM – 9:00 PM
SINET Hosted Reception & Dinner On-Site
Talavera Restaurant
All workshop attendees are asked to attend (no guests). Offsite meals impact the quality of the overall program.
Day Two: February 2, 2023
Times subject to change.
8:00 AM – 9:00 AM
Breakfast Buffet & Registration
Ironwood Foyer
9:00 AM – 4:10 PM
SINET Risk Executive Workshop
9:00 AM – 9:55 AM
Rough title: In the Chair: CSO/CISO Best Practices for Leading Through a Major Cyber Event and Avoiding Personal Liability
Presenters:
Michael Johnson, Chief Information Security Officer, Meta (Facebook Financial)
Ramy Houssaini, Chief Cyber & Technology Risk Officer & Group Privacy Office, BNP Paribas
9:55 AM – 10:45 AM
Making your Board of Directors Cyber Security Leaders
Abstract: The role of the Chief Information Security Officer has matured greatly over the past three decades. While none of the original requirements of the role have gone away, many new opportunities require CISOs to be excellent business leaders, board advisors, risk managers, technical engineers, and people leaders simultaneously. Jason Witty presents a unique perspective on how to balance these fluencies to be successful at the C-suite table and within the boardroom.
Presenters:
Jason Witty, Chief Security Officer, USAA
Jason Lish, Chief Security Officer, Lumen Technologies Inc
David Estlick, Chief Information Security Officer, Chipotle Mexican Grill
Shaun Khalfan, SVP, Chief Information Security Officer, Discover Financial Services
10:45 AM – 10:55 AM
Break
10:55 AM – 11:30 AM
Emerging Technologies and Partnerships
Abstract: Enterprise resilience in these uncertain times will require concerted focus on building workforce competencies in key emerging technologies, while nurturing partnerships, both existing and new, with key stakeholders. The establishment of the Transnational and Technology mission center within CIA will support this transition within the Agency, by approaching technology as an intelligence domain and by synchronizing Agency engagement with the domestic private sector.
Presenter:
Anthony Van Ness, Deputy Assistant Director for the Transnational and Technology Mission Center, Central Intelligence Agency
11:30 AM – 12:05 PM
State Affairs of Venture: Today, Tomorrow, and The Future
Presenter:
Art Coviello, Jr, Investment Committee Chair, Syn Ventures
12:05 PM – 1:05 PM
SINET Hosted Lunch
1:05 PM – 1:45 PM
Putting the Phrase “Cyber Defense is the New Offense” Into Practice
Abstract: Geopolitical risks continue to impact organizations’ operational risk models. Cyber leaders need to continue to adapt to the emerging cyber threats that are being created by nation states. The need to understand these threats and accurately provide a view of your cyber defense posture to your respective boards requires a new board metric.
Presenter:
Rich Baich, Chief Information Security Officer & Director of the Office of Cybersecurity, Central Intelligence Agency
1:45 PM – 2:25 PM
Securing The Super Bowl
Presenters:
Tomás Maldonado, Chief Information Security Officer, NFL
Welmer Magtoto, Information Security Risk Manager, NFL
2:25 PM – 2:35 PM
Break
2:35 PM – 3:15 PM
Authentication Strength vs. Account Takeover (ATO) Rates
Abstract: In this candid discussion, Jeff Lunglhofer, the current Chief Information Security Officer at Coinbase, will discuss the latest trends in attackers targeting Coinbase customers, current adoption rates of the various 2FA solutions offered to customers, and the rates at which ATOs occur across each group of users. We will cover the below topics and more as we discuss the overall information security program at Coinbase.
– How do attacks evolve as customers adopt stronger forms of account authentication?
– What frequency of successful attacks are we seeing at each level?
– How does an ATO in the crypto world differ from an ATO in the traditional finance world?
– How do we communicate with customers to ensure the highest levels of security?
Presenter:
Jeff Lunglhofer, Chief Information Security Officer, Coinbase
3:15 PM – 3:55 PM
Innovation and Cost Management During Austere Economic Times
Presenter:
Yuval Illuz, Group Chief Information Security Officer, and Chief Operating Officer, Trust, Data & Resilience Standard Chartered Bank
3:55 PM – 4:10 PM
Closing and Adjournment: What Are Next Steps?
Host:
Robert D. Rodriguez, Chairman & Founder, SINET
4:10 PM
Day Two Concludes
6:00 PM
SINET Hosted Reception & Dinner On-Site
Fountain Terrace & Troon Foyer
All workshop attendees are asked to attend and families are welcome. Offsite meals impact the quality of the overall program.