Day One: January 29, 2025
Times subject to change.

7:30 AM – 8:30 AM

Breakfast Buffet & Registration

8:30 AM – 4:15 PM

SINET Risk Executive Workshop
Inwood B & C Ballroom
8:30 AM – 12:05 PM sessions limited to CISOs only

8:30 AM – 8:40 AM

Setting the Stage: The Issues at Hand and What We Intend to Accomplish
Robert D. Rodriguez, Chairman & Founder, SINET and Venture Partner, SYN Ventures
Heather Rodriguez, Chief Executive Officer, SINET and Venture Partner, Evolution Equity Partners

8:40 AM – 9:55 AM

Attendee Introductions 

9:55 AM – 10:35 AM

Breaking the Network: Understanding the Salt Typhoon Cyber Threat to Telecommunications and to National Security
As the backbone of modern communications, telecommunications networks have become the prime target for geo-politically motivated cyber threat actors. This session outlines the regulatory, economic and technological forces from the past three decades that have resulted in the current global telecommunications architecture becoming vulnerable to sophisticated threat actors. The session explores the tactics, techniques and motivations behind the ‘Typhoon’ cyber intrusions and their potential for greater disruption to national security, economic stability and data privacy.

Responses to this event from stakeholders including the telecom sector, federal government organizations, hyperscalers and cyber security vendors will be analyzed with lessons learned provided for information sharing, threat intelligence, regulatory & disclosure frameworks, telecommunications commercial relationships and public-private partnerships. Learn about the broader geopolitical implications and what your organizations can do to be resilient in the face of these threats and how to contribute to our ‘collective defense’ in the ongoing battle for cyber dominance.

Presenter:
Carey Frey, CSO, Telus

10:35 AM – 10:45 AM

Break

10:45 AM – 11:25 AM

Leveraging the U.S. Legal Landscape to Support Your Budget, Enhance Board Communications, and Protect Your Organization
Increasing legislative and enforcement priorities from regulators are creating a burden on companies and their information security teams.

This session will provide an overview of the U.S. legal landscape and update on recent Cybersecurity laws and regulations, with a focus on laws that require companies to deploy specific measures or risk allegations of noncompliance. Audience members should come ready to discuss their experiences and challenges communicating with non-technical executive teams about Cybersecurity issues. Together, we will explore how increased knowledge of current laws can help bridge gaps in communication and provide support for a more robust cyber program.

Is there an opportunity to leverage these laws to communicate with leadership and support their buy-in to pursue a robust Cybersecurity agenda?

Presenter:
Jena Valdetero, Co-Chair, U.S. Data, Privacy & Cybersecurity Practice, Greenberg Traurig, LLP

11:25 AM – 12:05 PM

The Journey of Moving InfoSec from Behind the Scenes to a Strategic Asset for the Company
This session will explore the evolution of the CISO role as it moves beyond the technical. The 21st-century CISO is a strategic leader that understands how to run a business enterprise-wide, deliver ROI, and advise leadership and boards on risk. This includes:
– CISOs’ close communication with the CEO, CTO, M&A team, and Board to enhance the management of enterprise and organizational risk.
– Visibility of the security team to customers and stakeholders.
– Strategic transformation of a security team’s function, technical skill level, and influence on the business; with an emphasis on research, operations, and investment.

Presenter:
Nikhil Kalani, VP and CISO, The Reynolds and Reynolds Company

12:05 PM – 12:55 PM

SINET Hosted Lunch

12:55 PM – 1:35 PM

Beyond Buzzwords: Building Genuine Cross-Functional Partnerships Across Your Organization
In today’s dynamic business environment, fostering authentic cross-functional partnerships is crucial for organizational success. This presentation delves into the essential elements that drive effective collaboration beyond mere buzzwords. We will explore:

– Cognitive Adaptability: Enhancing the ability to think flexibly and adapt to changing circumstances.
– Built-In Controls: Implementing robust systems to ensure alignment and accountability.
– Understanding Business Objectives: Aligning team efforts with the overarching goals of the organization.
– Building Trust through Collaboration, Flexibility, and Communication: Creating a culture of trust by emphasizing open communication and adaptability.
– Wellness and Mental Health: Prioritizing the physical and mental well-being of team members to better handle stress and workplace challenges.

Presenter: 
Patty Ryan, CISO, QuidelOrtho

1:35 PM – 2:15 PM

The Evolution of Ransomware
This session will present an informed look at the realities of the ransomware economy in 2025, including insights from fighting ransomware groups and with federal law enforcement agency partners. We will discuss

– How ransomware has evolved into highly technical, multi-part campaigns that leverage internal security tools commonly found in large enterprises.
– Critical information that has not been widely circulated about various publicized ransomware attacks.
– Best practices on how to tackle the growing problem of ransomware with actionable, practical models and threat intel based on real-world experience.

Presenters:
Jon Miller, CEO & Co-Founder, Halcyon
Jeff Williams, President, Halcyon

2:15 PM – 2:25 PM

Break

2:25 PM – 3:05 PM

GenAI Risk Management and Implementation, A Risk Executive Perspective
As GenAI capabilities, availability, and complexity continues to expand, it is important for Risk Executives to understand some recommended paths and processes which can enable responsible use both within our workforces and within our external products. Hear from industry executives about best practices for risk managing GenAI, to include tools and techniques used effectively at scale in global technology and financial services companies. This includes protections to be built into GenOS and GenSRF (Security, Risk and Fraud) platforms which power GenAI-enabled customer experiences built into its flagship products, as well as backend corporate systems to enable efficiency. Speakers will share details of their responsible AI programs, and the processes and governance that enable quick but responsible adoption through our large enterprises.

Presenter:
Erik Naugle, VP, Data Security & Use, Intuit

3:05 PM – 3:45 PM

SINET Working Group: Identity Security

Presenters:
Jim Alkove, CEO and Co-Founder, Oleria
Vijay Gajjala, VP of Product Management, Oleria

3:45 PM – 4:15 PM

Why It’s Important for CISOs to Work with Venture
The venture community is the lifeblood of innovation for cybersecurity. Without this funding, many startups would not survive and therefore corporations would struggle to protect themselves from the ever-evolving threat landscape and the continuously changing adversarial behaviors. This session will be led by two veteran security operators, one as a former F500 CISO and one as a former founder of a multi-billion dollar security company, to talk about the importance of partnering with startups and how to best engage to drive the greatest benefits for your organizations.

Presenters:
Jay Leek, Managing Partner and and Co-Founder, SYN Ventures
Richard Seewald, Managing Partner and and Founder, Evolution Equity Partners

4:15 PM

Day One Concludes

6:30 PM – 9:00 PM

SINET Hosted Reception & Dinner On-Site
Talavera Restaurant
All workshop attendees are asked to attend (no guests). Offsite meals impact the quality of the overall program.

Day Two: January 30, 2025
Times subject to change.

8:00 AM – 9:00 AM

Breakfast Buffet & Registration
Ironwood Foyer

9:00 AM – 5:45 PM

SINET Risk Executive Workshop 

9:00 AM – 9:40 AM

AI: The Next 12 Months and What to Expect
When the SINET group met in WY 2024 we discussed the AI paradigm shift and how it will impact Enterprise security. CISOs will need this context as we grow and sustain our businesses. We discussed the possibilities of a software revolution of shifting vulnerability discovery “left” in the software development lifecycle and preparing for a world where the adversaries may know more about our bugs than we do. We also discussed how to manage our risk if we cannot observe ephemeral digital assets like AI generated code and cloud systems. And finally how to deal with the challenges to Identity as what passes as “human” on the Internet as Trust changes substantially.

We are currently in the phase of the AI revolution where frontier research is delivering sufficiently capable AI. Much has happened since August 2024, including release this week of Deep Seek by a PRC-based company. This open-sourced model shows it’s possible to have Enterprise use on-premise without navigating Cloud data privacy and use issues. As such, I’d posit that after 2 years, LLMs are nearing the “good enough” state for broad reliable use. If so, where are we at with Enterprise adoption? Is it becoming ubiquitous as predicted and if not, why?

There is growing skepticism around the pace of adoptability of AI in the Enterprise. If things are going slowly, why? The answer is likely to be integration issues with legacy systems and workflows. In this roundtable, I’d like to level-set for what’s coming in the next year. First, on where we are as an industry in the integration phase of the AI revolution, then what practical problems are being faced today with legacy systems, and finally how this will impact enterprise controls for security and privacy going forward.

Presenter:
Heather Adkins, VP, Security Engineering, Google

9:40 AM – 10:20 AM

Hack the Future: Redefining Cybersecurity For the Next Era
As technology rapidly evolves, the future of cybersecurity demands a bold new approach. This session explores how emerging innovations like AI, quantum computing, and decentralized systems are reshaping the threat landscape—and the strategies needed to secure it. This session challenges conventional security models, offering fresh perspectives on building adaptive, proactive defenses that thrive in a hyper-connected, boundaryless world. Attendees will gain actionable insights on how to transform cybersecurity into a catalyst for trust, resilience, and innovation, ensuring organizations stay ahead of tomorrow’s threats while driving sustainable digital growth.

Presenter:
Ramy Houssaini, Chief Cyber Solutions Officer, Cloudflare

10:20 AM – 10:30 AM

Break

10:30 AM – 11:15 AM

SINET Working Group: Defining a Forward-Looking and Proactive Cybersecurity Risk Appetite
A discussion on a framework for establishing a forward-looking, measurable, and proactive Cybersecurity Risk Appetite. Moving beyond traditional financial limits, it emphasizes aligning risk appetite with broader business objectives, considering Cyber Risks alongside other enterprise risks (strategic, operational, reputational, compliance, and financial). This approach focuses solely on Cyber Risk as a distinct competency, recognizing its impact on the entire organization.

The framework emphasizes the crucial relationship between risk tolerance and risk appetite, defining acceptable risk levels within the context of business goals. It advocates for a balanced approach, incorporating both qualitative and quantitative metrics to provide clear guardrails for risk management.

Finally, the framework emphasizes the need for clear escalation triggers, defining specific events that necessitate a review of risk materiality. This document, developed in collaboration with CISOs across various industries, provides a flexible framework for organizations to develop meaningful, actionable, and effective Cyber Risk Appetite statements that guide decision-making and resource allocation.

[Find the link to the working document on SINET CISOConnect]

Presenters:
Brain Fricke, CISO, City National Bank of Florida
Brandon Pinzon, CISO and Advisor, SPKTR Ventures

11:15 AM – 11:55 AM

Purdues and Purdon’ts: Resolving OT Problems

Presenter:
Jack Hamm, VP Security Engineering & Architecture, Albertsons Companies

11:55 AM – 12:35 PM

AI Trust, Safety, and Governance: Building Confidence in 2025
Gartner predicts that “by 2028, enterprises using Al governance platforms will achieve 30% higher customer trust ratings and 25% better regulatory compliance scores than their competitors”, but organizations today are in different stages of AI adoption – from GenAI and Copilot experimentation, to training and/or building enterprise ML models – and there is a lot of uncertainty on how to build effective AI Governance.

Wherever you are today in your AI journey, this interactive session will explore new approaches to AI trust, safety, and governance that will enable CISOs to gain a better understanding of:
– How you can achieve confidence in AI experimentation and adoption without compromising trust
– The significance of AI Governance in 2025
– What is an AI Trust Hub
– Current use cases
– What an end-to-end operational AI Governance model looks like

Presenters:
Jonathan Dambrot, CEO, Cranium
Felix Knoll, COO/CRO and Co-Founder, Cranium

12:35 PM – 1:35 PM

SINET Hosted Lunch

1:35 PM – 2:10 PM

13 Cyber Prognostications for 2025
In anticipation of Groundhog’s Day on February 2nd, retired Brigadier General Greg Touhill, former Chief Information Systems Officer of the US government and current Director of the CERT at Carnegie Mellon University’s Software Engineering Institute, channels the spirit of Punxsutawney Phil, the famous weather prognosticating groundhog, as he shares a forecast into 2025’s emerging cybersecurity environment. Greg will share 13 cybersecurity issues that CISOs should be taking into account as they align their defenses, prepare their teams, and make strategic investments to best serve their organizations during 2025.

Presenter: 
Greg Touhill, Director, CERT Division at the Software Engineering Institute, Carnegie Mellon University

2:10 PM – 2:50 PM

The Autumn of Our Career: Legacy of the Risk Executive, Expanding Contribution and Driving Maturity of the Ecosystem
At this point of maturity in our careers we will briefly reflect on the rapid vertical trajectory of the position ( and professional skills refined along the way) , the ways to expand our personal contribution to the broader ecosystem, and discuss pertinent skills and education needed for the next iteration of risk management and security – and what we can act upon now to address the gap.

Presenter: 
Sonia E. Arista, AVP Cyber Affairs and Strategic Operations, BISO Lead, CVS Health

2:50 PM – 3:30 PM

Cybersecurity Regulation: Impact on Incident Response and Information Sharing

Presenter: 
Tim Brown, CISO, SolarWinds

3:45 PM – 5:30 PM

Guest of Honor

5:30 PM – 5:45 PM

Closing and Adjournment: What Are Next Steps?

Host:
Robert D. Rodriguez, Chairman & Founder, SINET

5:45 PM

Day Two Concludes

7:00 PM

SINET Hosted Reception & Dinner On-Site
Proof Canteen 
All workshop attendees are asked to attend and families are welcome. Offsite meals impact the quality of the overall program.