Arrival: Sunday, August 25, 2024
Dinner on your own.
SINET will provide transportation to all planned activities except to and from the airport. Jackson is a small community and Uber is not recommended – prearranging a taxi to take you to and from the airport is advised. We recommend the below companies.
Jackson Hole Taxi (307) 699-3369
Teton Mountain Taxi (307) 699-7969
Andrew (Transportation Service) (307) 699-8455
Day One: Monday, August 26, 2024
Times subject to change.
7:30 AM
Buses depart from Wyoming Inn for Turpin Meadow Ranch promptly at 7:30 AM
9:00 AM – 2:10 PM
SINET Risk Executive Workshop
Turpin Meadow Ranch
Please note that there is no cell service or WiFi at Turpin Meadow Ranch. Please plan accordingly.
9:00 AM – 9:10 AM
Setting the Stage
Robert D. Rodriguez, Chairman & Founder, SINET
9:10 AM – 9:50 AM
Attendee Introductions
9:50 AM – 10:25 AM
Update on the DHS/CISA Cyber Safety Review Board Report with Bret Arsenault, CVP, Chief Cybersecurity Advisor, Microsoft
In this intimate conversation moderated by Robert Rodriguez, Bret Arsenault, Chief Cybersecurity Advisory of Microsoft, will share his insights on the Cyber Safety Review Board (CSRB) process and discuss progress on the recommendations for CSPs included in the CSRB’s report following its review of Storm 0558 intrusion. We will also explore the importance of security culture and collaboration between public and private sectors.
10:25 AM – 11:05 AM
Identity Security Reimagined with Jim Alkove, CEO and Co-Founder, Oleria Security
As compromised identities become more common in breaches, Risk Executives and their teams must answer the critical questions, “Who has access to what? How did they get it? What are they doing with it?”
We will explore
– Approaches to overcoming the limitations of legacy tools
– Best practices for handling the efforts required to manage identities and access
– Practical examples of what identify security can ideally looks like in the future to protect and enable business
11:05 AM – 11:15 AM
Break
11:15 AM – 11:55 AM
What Do Today’s Cyber Enforcement and Liability Trends Mean for CISOs & Other Executives? With Aravind Swaminathan, Global Co-Chair Cybersecurity and Data Privacy, Orrick, Herrington & Sutcliffe LLP
The SEC’s enforcement action against Solar Winds and its Chief Information Security Officer Tim Brown is one data point in a trend of regulators putting their sights directly on information security and technology executives. It follows on the DOJ’s prosecution and conviction of Joe Sullivan, Uber’s former Chief Security Officer, and the FTC’s consent decree against Drizly’s Chief Executive Officer James Cory Rellas. The landscape is changing fast – and there’s even more happening behind the scenes. Security professionals need to understand:
– What key regulators are currently focused on and how they are identifying potential targets for further investigations (e.g., sweeps, notice letters, informal inquiries, etc.)
– Regulatory changes by prominent regulatory agencies (e.g., SEC, FTC, NYDFS) and what these represent
– Steps that information security professionals should consider taking now, to stay ahead of the regulators and protect themselves
11:55 AM – 12:25 PM
Update From Tim Brown: Current Situation and Future Outlook with Tim Brown, VP Security and CISO, SolarWinds
Tim will provide an update on status and lead a discussion on lessons learned, limiting our exposure while doing our jobs, and how the community leverages the SECs actions for good.
12:25 PM – 12:55 PM
SINET Hosted Lunch
12:55 PM – 1:30 PM
Navigating Complexity: CISOs at the Crossroads of Tech, Strategy, and Business Enablement with Patricia Ryan, CISO, QuidelOrtho, Allen Wilson, CISO, AXIS Capital, and Troy Wilkinson, Global CISO Interpublic Group.
This discussion will explore the dual role of CISOs who must steer through high-level strategic discussions with company leaders while tackling day-to-day technical challenges. This balancing act requires influencing without always having direct authority. Our roundtable will address the broad range of their responsibilities and the real-world juggling act involved—all in a day’s work. For example:
– Starting your day in a high-stakes board meeting before ending it in a hands-on session with your security engineers.
– Discussing strategic investments with the finance team before deep diving into the specifics of a new security patch.
– Negotiating with security vendors, while also coordinating a rapid response to an unexpected security breach.
– Presenting long-term security roadmaps in a senior leadership retreat before being interrupted to troubleshoot urgent security issues that arise unexpectedly during the day.
1:30 PM – 2:10 PM
What Do We Need to Do to Prepare for Conflict With China? With Carey Frey, CSO, TELUS
2:10 PM
Thought Leadership Presentations Conclude
2:10 PM
Horseback Riding, Fly Fishing, and UTV Tours at Turpin Meadow Ranch
SINET Hosted Dinner & Reception at Turpin Meadow Ranch
Buses depart for Wyoming Inn following dinner
Day Two: Tuesday, August 27, 2024
Times subject to change.
8:15 AM
Buses depart from Wyoming Inn for Amangani promptly at 8:15 AM
9:00 AM – 4:40 PM
SINET Risk Executive Workshop
Amangani
9:00 AM – 9:35 AM
How is AI Changing the Way We Operate Cyber? With Heather Adkins, VP, Security Engineering, Google
The rapid pace of technological advancement over the next two years is poised to fundamentally reshape not only the digital landscape, but also the global socioeconomic fabric. This transformation will have a profound impact on the cybersecurity domain, necessitating a reevaluation of current risk management strategies and governance frameworks. This interactive conversation seeks to explore the complex interplay between emerging technologies and the evolving cybersecurity threat landscape. Through an examination of recent developments and their potential long-term ramifications, we will engage in a dynamic dialogue on strategies to proactively prepare the industry, our teams, and ourselves for the challenges and opportunities presented by the next generation of technology.
9:35 AM – 10:15 AM
SaaS Attack Patterns and IOCs: Best Practices for Securing Your SaaS Estate with Brendan O’Connor, CEO, AppOmni
This interactive discussion will explore practical frameworks and programs for CISOs and Risk Executives to evaluate SaaS risks in terms of their business criticality, vulnerability footprint, and cloud journey.
We will discuss common attacker TTPs, the SaaS threat landscape, and how security leaders can enhance their evaluation of risk towards their organizations and share lessons learned from recent breaches including Snowflake, Okta, Sisense, and GitHub.
We will exchange perspectives on the shared responsibility model for SaaS security and opportunities for collaboration between security teams and business owners to secure the SaaS applications that now power the enterprise. I will also offer an early look at AppOmni’s 2024 State of SaaS Security survey and report with respondents from over 640 global enterprises. In addition, we will review ideas on how zero trust architectures can extend to SaaS applications, and best practices to secure your SaaS estate based on lessons learned from enterprises with hundreds of applications and thousands of internal and external users.
10:15 AM – 10:25 AM
Break
10:25 AM – 11:10 AM
Effective CISO Communications to Mitigate Risk: Before, During and After a Cyber Crisis with Christopher Porter, SVP & CISO, Information Security and Integrated Risk Management, Fannie Mae and Meredith Griffanti, Global Head of Cybersecurity & Data Privacy Communications, FTI Consulting
Cybersecurity incidents can impact operations, create legal risk, cause reputational harm, and hurt the bottom line. Managing the communications response is crucial for maintaining hard-earned trust with key stakeholders.
Being prepared to not only lead, but communicate, effectively during a cybersecurity crisis is a crucial skill for CISOs today. In fact, skillfully leading during times of crisis, and an ability to translate technical jargon into understandable terms are among the top five attributes C-suite executives expect of their CISOs, according to recent research from FTI Consulting. This interactive session will focus on:
– Key considerations to prepare your organization ahead of a cyber incident
– The kinds of rapid-fire communications expectations, inflection points, and decisions CISOs should expect to tackle during a live crisis
– Strategies that can make all the difference in leading your organization through the crisis while restoring trust and reputation
11:10 AM – 11:45 AM
Do We Need a National CISO Trade Association? Decode Washington with Emily Coyle, President, Cyber Governance Alliance
CISOs understand the importance of professional networks for information sharing and career development. The changing legislative, regulatory, and litigation landscapes directly impact the cyber profession, yet there is no national CISO trade association. This discussion will explore efforts to formally engage federal policymakers, best practices and how other professions organize themselves to engage policymakers, influence outcomes, and shape the future of industry.
11:45 AM – 12:15 PM
Enabling Business Innovation Through Security Automation with Michael Baader, VP, Divisional Information Security Officer – Banking & Premium Products, Capital One
The session will explore the business benefits a modern CISO can enable from investments in security automation and partnerships with technology partners. We will deep dive into one use case where a journey to have a more secure development lifecycle unlocked innovation in DevSecOps and vulnerability management practices to deliver new business value potential. Through exploring this use case we will review key outcomes, challenges and techniques to create win/win scenarios for cyber risk management, technology/product development and business value creation.
12:15 PM – 1:05 PM
SINET Hosted Lunch
1:05 PM – 1:40 PM
Performance and Stress: Practical Tools to Manage the Most Important Part of Your Job, You with Ben Miron, Business Unit CIO, Florida Power & Light
Through a personal journey we will discuss how stress can lead to physical and mental ailments. We will also share lessons and a few practical tools to understand stress and mental focus to improve performance in all aspects of life.
1:40 PM – 2:20 PM
Crypto Security Overview with Jeff Lunglhofer, CISO, Coinbase
2:20 PM – 2:30 PM
Break
2:30 PM – 3:15 PM
SINET Working Group on Robust Employment Agreements, Personal Liability, Employment Risks, and Technology Risk Governance with Brian Fricke, CISO, City National Bank of Florida and Michael Johnson, CISO, Meta Financial Technologies
Cyber is an existential risk to trust-based, digital businesses. Cyber threats continue to grow in frequency and sophistication. Institutions today must simultaneously safeguard and defend against both thieves and nation state-capable adversaries. Managing that risk is a complex, high-stakes endeavor, fraught with peril for immature or unprepared enterprises, but especially for CISOs. CISO are charged with working with the business to prevent major cyber events where possible, and when the inevitable happens, to quickly detect, respond, and recover. Being a CISO leading through a major cyber event can be a tiring, difficult, and lonely experience.
In this not-for-attribution, educational talk, based on real world personal experiences, experienced CISOs share concrete recommendations on minimizing personal and corporate liability. This includes recommendations on a CISO employment contract, a comprehensive cyber strategy, quantitative cybersecurity risk management, and how to communicate with key stakeholders including boards of directors.
3:15 PM – 4:00 PM
SINET Working Group on Defining a Forward-Looking and Proactive Cybersecurity Risk Appetite with Kirsten Davies, CISO, Unilever and George Smirnoff, MD, Global Information Security, Compliance and Operational Risk Executive, Bank of America
An effective Cybersecurity Risk Appetite is one that is integrated into a cybersecurity risk program that enables the organization to be forward-looking and proactively adjust its risk posture across the cybersecurity risk domain, inclusive of related interconnected risks and business processes, to avoid material breaches.
The SINET Handbook on Defining Cybersecurity Risk Appetite Within an Interconnected Risk Management Framework (currently in draft) will provide an approach based on five core components: (1) Building a foundation based on top-down business objectives and a bottom-up risk and control framework; (2) Differentiating between maintaining the risk profile and proactively managing the risk where it is changing; (3) Managing cybersecurity risk as an interconnected risk across other risk domains; (4) Defining financial and non-financial, quantitative and qualitative measures; and (5) Establishing forward-looking and proactive triggers for management engagement.
4:00 PM – 4:40 PM
Protect the CISO with John Carlin, Partner, Paul, Weiss, Rifkind, Wharton & Garrison LLP
This program discusses how CISOs can manage cyber-related risk, with particular attention to CISO liability with ever-increasing global data breach and privacy-related regulations, civil litigation, and enforcement actions. The presenter provides a review of key developments in 2024. Some main topics include: 1) AT&T and the SEC exception to cybersecurity incident disclosures, 2) lessons in incident response from the Change Healthcare breach, and 3) takeaways from the recent SolarWinds decision regarding CISO liability.
4:40 PM
Thought Leadership Presentations Conclude
Buses will depart for Wyoming Inn
5:00 PM – 7:15 PM
Free Time
If you’d like to use this time to explore the historic Jackson Town Square prior to dinner, you must arrange your own transportation. Once in the Town Square, you will be within walking distance to dinner at The Cloudveil.
7:15 PM
Buses depart from Wyoming Inn for Dinner promptly at 7:15 PM
7:30 PM – 9:30 PM
SINET Hosted Dinner & Reception
The Cloudveil Hotel Rooftop
Spouses and plus ones are welcome for dinner on August 27th.
9:30 PM
Buses will return guests to the Wyoming Inn
Optional Day Three: Wednesday, August 28, 2024
(This opportunity is now fully booked.)
For those interested, SINET will treat you to an additional day of Fly Fishing on the Snake River with your Executive Peers.