Day One: January 31, 2024
Times subject to change.
7:30 AM – 8:30 AM
Breakfast Buffet & Registration
Ironwood Foyer
8:30 AM – 4:20 PM
SINET Risk Executive Workshop
Inwood B & C Ballroom
8:30 AM – 12:05 PM sessions limited to CISOs only
8:30 AM – 8:40 AM
Setting the Stage: The Issues at Hand and What We Intend to Accomplish
Robert D. Rodriguez, Chairman & Founder, SINET
Heather Rodriguez, Chief Executive Officer, SINET
Honorary Chair, Kirsten Davies, Global CISO, Unilever
8:40 AM – 9:40 AM
Attendee Introductions
9:40 AM – 10:30 AM
SINET Working Group on Robust Employment Agreements, Employment Risks, and Technology Risk Governance
An open discussion that aims to improve career resilience, protections, and organizational alignment before, during, and after a breach — from reporting lines, liability management, insurance, and financial protections — to strategic corporate policies. As the 21st-century Risk Executive continues to evolve, we see an opportunity for a movement that involves educating corporate executives and BODs on the importance of providing better protections for Risk Executives due to the inherent risks, liabilities, personal vulnerabilities, and potential consequences of their role. SINET’s recently released SINET Risk Executive Handbook serves as a guide for this critical conversation. This discussion is aimed at initiating version two of the handbook.
Presenters:
Brian Fricke, CISO, City National Bank of Florida
Michael Johnson, CISO, Meta Financial Technologies
10:30 AM – 10:40 AM
Break
10:40 AM – 11:25 AM
Cyber Board Reporting, SEC Disclosure Rules, and Related Metrics
Cyber incident and risk reporting requirements are proliferating globally – from the SEC and CISA in the US to NIS2, DORA and the CRA in Europe, and the Cybersecurity Law in China, and the more than 150 countries with data protection laws. Board members have fiduciary duties to oversee what matters, and can be liable if they fail to do so. The Uber and SolarWinds cases show that CISOs can also face significant legal jeopardy.
What does the rapidly evolving cyber regulatory enforcement landscape mean for the CISO-Board relationship? How should CISOs look to design and implement quantitative cybersecurity metrics to report cyber risk at Board level?
This discussion will unpack the new SEC cybersecurity disclosure rules and the recent regulatory enforcement paradigm, and how CISOs should look to design and implement quantitative cybersecurity metrics, such as Key Control Indicators (KCIs), to report cyber risk at the Board level.
Presenters:
David Simon, Partner, Co-Head of Global Cybersecurity & Data Privacy Practice, Skadden, Arps, Slate, Meagher & Flom LLP
Christopher Porter, SVP & CISO, Fannie Mae
11:25 AM – 12:05 PM
Lessons on Regulatory Risk from the Front Lines
Joe Sullivan will lead an interactive review and dialogue about the SolarWinds case and his own case, with specific focus on patterns between the cases and ways to reduce the risk of repeating those patterns in the future.
Presenter:
Joe Sullivan, CEO, Ukraine Friends
12:05 PM – 12:55 PM
SINET Hosted Lunch
12:55 PM – 1:25 PM
Cybersecurity Budget Negotiation: Qualitative Models to Justify, Explain, and Communicate Cybersecurity Expenses
Faced with evolving threats and resource constraints, organizational leaders struggle to justify cybersecurity expenses effectively. This issue exposes the limitations of traditional financial based models in addressing these multifaceted concerns and calls for a holistic strategy that integrates financial and non-financial factors to create a comprehensive justification strategy. The proposed approach empowers decision-makers to navigate complex dynamics, communicate the necessity of cybersecurity investments, and drive effective organizational change.
Presenter:
Juan Piacquadio, CIO & VP, Information Services, Phlow Corporation
1:25 PM – 2:05 PM
Is a Federated Data Governance Model Viable?
Traditional Data Governance methodologies are becoming increasingly beleaguered when faced with the onslaught of the explosion of data. In attempting to deal with the core challenges of data governance such as integration, interoperability, metadata management, etc, enterprises are becoming less efficient in their handling of data. This march for centralization of data has led to challenges such as siloed activity, loss of agility and blurred boundaries of data ownership.
Can data ever truly become federated? What are the limits of data federation, can AI help, and if it can, then in what form?
Presenters:
Ashish Gupta, CEO, President and Board Member, 1touch.io
Zak Rubinstein, Chief Business Strategy Officer, Founder, and Board Member, 1touch.io
2:05 PM – 2:45 PM
How to Make Digital Transformation More Secure, Efficient, and Safe
The reality is that it is no longer a question of “if” you are moving to the cloud, it is a question of “when”. It is not a battle; it is a digital transformation. There are several perceived challenges, but there are far more short- and long-term advantages. At the same time, there are very real risks that require diligence, attention and often assistance from the broader cybersecurity community. This talk will walk you through some of the real-world best practices, the current threats and where partners or solutions will help you have a very safe and secure transformation.
Presenters:
David Cross, SVP, CISO, Oracle
Aanchal Gupta, Corporate Vice President and Deputy CISO, Microsoft
2:45 PM – 2:55 PM
Break
2:55 PM – 3:35 PM
State of Software Supply Chain Security: Rise of Material Risks and Personal Liability
Presenters:
Mario Vuksan, CEO & Co-Founder, ReversingLabs
Saša Zdjelar, Chief Trust Officer, ReversingLabs
3:35 PM – 4:20 PM
Building Skill Sets to Address the Future of AI Governance and Defense
As we all hurtle toward an AI-dominated future, skill sets necessary for navigating next generation assurance and cyber defense programs will level up. The question becomes, to what extent and which components will be considered critical in these traditional domains? The new balance of skills will contain art, science, legal insights, new logic, and a dash of humor. Will the coming blueprint resemble current-day CISO/InfoSec frameworks? Or will it cater toward a survival guide, with aspiring user stories designed to master the underworld as we all fight as guardians, defending algorithmic virtue? This discussion will provide suggestions for immediate application and will debate what the future has in store for us all.
Presenters:
Rich Baich, CISO, AT&T
Beth-Anne Bygum, SVP, CISO, Q2
4:20 PM
Day One Concludes
6:30 PM – 9:00 PM
SINET Hosted Reception & Dinner On-Site
Talavera Restaurant
All workshop attendees are asked to attend (no guests). Offsite meals impact the quality of the overall program.
Day Two: February 1, 2024
Times subject to change.
8:00 AM – 9:00 AM
Breakfast Buffet & Registration
Ironwood Foyer
9:00 AM – 4:15 PM
SINET Risk Executive Workshop
9:00 AM – 9:45 AM
Delivering an Interconnected Cyber, Tech, Data, Resilience, and Third-Party Risk Management Program
This session will drive a facilitated discussion building out a set of hypotheses centered on a thesis that today’s and tomorrow’s threat environment requires the effective management of interconnected cross-domain risks, primarily cybersecurity, technology, data, resilience, and third-party risk. Doing so best serves the organization by targeting the root cause of most risk events, enabling better change and strategic execution, and developing more effective enterprise leaders that both protect and enable the enterprise.
Presenters:
George Smirnoff, Managing Director, Group Head of Operational Risk, Barclays
9:45 AM – 10:30 AM
Cybersecurity 2.0: Aligning Business and Security Outcomes
Welcome to Cybersecurity 2.0, where the 21st-century Risk Executive understands business objectives and is seen as a business enabler enterprise-wide, in a safe and secure manner. A world where questionnaires have been eliminated, generative AI is being leveraged more for the defenders than the attackers, and we have less tools overall (and they actually talk to each other).
This discussion will explore the future of Cybersecurity, where investments drive revenue/P&L/business-based outcomes and security-based outcomes, elevating Cybersecurity in the boardroom from a risk reduction function into a risk management function that drives business results.
Presenters:
Jeff Laskowski, SVP & GM of Professional Services, SecurityScorecard
Christos Kalantzis, Chief Technology Officer & EVP of Engineering, SecurityScorecard
Kevin McCarty, CISO, Cigna Healthcare
10:30 AM – 10:40 AM
Break
10:40 AM – 11:25 AM
Moving from Traditional Security Models: A Product & Services-Based Model & An Enterprise Risk Approach
Transitioning away from a traditional Cybersecurity operating model does not look the same for every organization. This discussion will explore two perspectives from CISOs of global CPG manufacturing companies on this crucial, yet organization-specific and dynamic move beyond traditional IT Security.
1) A Product and Services-Based Model
2) An Enterprise Risk Approach
Presenters:
Kirsten Davies, Global CISO, Unilever
Gary Harbison, Global CISO, Johnson & Johnson
11:25 AM – 12:10 PM
State of Affairs in Venture
Presenters:
Jay Leek, Managing Partner & Co-founder, SYN Ventures
Richard Seewald, Founder and Managing Partner, Evolution Equity Partners
12:10 PM – 1:00 PM
SINET Hosted Lunch
1:00 PM – 1:45 PM
Geopolitical Matters Impacting Cybersecurity: Preparing For the Unexpected
Cyber risks have evolved from information stealing and “hacking” events to indispensable nation-state intelligence collection and the impact of asymmetric warfare. Today’s CISO must be more attune to geopolitical events to not only understand the potential threats to their organization but also to their key enabling partners to include supply chain, critical infrastructure (e.g. – Communications, Energy, Finance, etc). This discussion will review current world events with a focus on Europe, the Middle East and Asia; the geopolitical escalation “triggers” CISOs need to be aware of; and, the situations when unrestricted cyberwarfare may be seen as an appropriate means to achieve national interests.
Presenters:
Dan Sadler, VP & CISO, Constellation Energy
Brian Harrell, VP & Chief Security Officer, Avangrid
1:45 PM – 2:25 PM
The Importance of Preparation Through Cyber Gaming
Military and some government agencies leverage cyber ranges for a variety of training exercises and simulations. These “cyber games” are not as common for most of the private sector, however some critical infrastructure companies do engage via their Information Sharing and Analysis Centers or through paid engagements with cyber range providers. Some companies also benefit from the National Cyber Incident Response Plan and the Tri-Sector Working Group; however, these efforts barely scratch the surface of our critical infrastructure protection. This session will share the importance of discovering ways to increase information sharing and improve cyber defenses.
Presenter:
Jon Brickey, Senior Vice President, Chief Information Security Officer, Mastercard
2:25 PM – 2:35 PM
Break
2:35 PM – 3:15 PM
The Nature of Threats: Who’s Targeting You?
There are a wide variety of cyber threats out there. Do you know who has you in their sights and why? It makes a difference about what you can expect. Various nation state hackers act differently. Even criminal groups have different tactics. Understanding a bit about motivation can help you assess what you are up against. We will explore the different types of attackers operating today.
Presenter:
Rob Joyce, Cybersecurity Director, National Security Agency
3:15 PM – 4:00 PM
Update on the SolarWinds Wells Act Investigation
Presenter:
Tim Brown, VP Security and CISO, SolarWinds
4:00 PM – 4:15 PM
Closing and Adjournment: What Are Next Steps?
Host:
Robert D. Rodriguez, Chairman & Founder, SINET
4:15 PM
Day Two Concludes
6:00 PM
SINET Hosted Reception & Dinner On-Site
Proof Canteen
All workshop attendees are asked to attend and families are welcome. Offsite meals impact the quality of the overall program.