CISO Forum has ended
Wednesday, September 23

11:00am EDT

11:00am EDT

Live Hacker Valley Studio Podcast: Frederick Lee, CSO, Gusto
In this special live recording of the Hacker Valley Studio podcast,  Chris and Ron are joined by Fredrick 'Flee' Lee, chief security officer at Gusto and an inspirational cybersecurity leader who is focused on making security "lovable" across the organization.

The Hacker Valley Studio podcast explores the human element of cybersecurity programs and the inspirational stories and knowledge to elevate culture and quality of security programs.

avatar for Fredrick 'Flee' Lee

Fredrick 'Flee' Lee

Chief Security Officer, Gusto
Fredrick "Flee" Lee is the Chief Security Officer at Gusto, where he leads information and physical security strategies including consumer protection, compliance, governance and risk. Before Gusto, Flee spent more than 15 years leading global information security and privacy efforts... Read More →
avatar for Ronald Eddings

Ronald Eddings

Security Architect, Hacker Valley Podcast
Ronald Eddings is an Austin, TX based cybersecurity expert, podcaster and digital nomad whose ingenuity, dedication, and ambition have earned him a reputation as a trusted industry leader. Over the course of his career, he has garnered experience, working at various fortune 500 companies... Read More →
avatar for Chris Cochran

Chris Cochran

Director, Security Engineering, Marqeta
Chris Cochran is former active duty US Marine Intelligence. Cochran has dedicated his career to building advanced cybersecurity and intelligence capabilities for national-level governments and the private sector. Cochran has made it his personal mission to motivate and empower cybersecurity... Read More →

Wednesday September 23, 2020 11:00am - 11:30am EDT

11:30am EDT

Prioritize Vulnerability Remediation and Mitigation Efforts Based on Network Insights & Business Context
Gartner predicts that by 2022, approximately 30% of enterprises will adopt a risk-based approach to vulnerability management. One of the greatest challenges cybersecurity and IT professionals face is the proliferation of security vulnerabilities, and the ability to prioritize their mitigation and remediation efforts. By combining vulnerability measures (CVSS and severity) with insights into how these vulnerabilities may be accessed and exploited via the network, you’ll have the context to identify and address vulnerabilities that pose the greatest threat to critical business assets.

Please join us for an informative session, hosted by Erez Tadmor, Director, Product Management at Tufin, to learn how you can:
  • Prioritize vulnerability remediation efforts based on exposure of critical assets as well as severity of vulnerabilities
  • Easily assess overall risk to critical assets resulting from vulnerabilities that are both accessible and exploitable
  • Automate risk mitigation by blocking access to the critical asset until remediation efforts can be fully implemented 
  • Monitor and measure risk exposure over time via a comprehensive dashboard that highlights overall vulnerability exposure network-wide and the impact of mitigation and remediation efforts

avatar for Erez Tadmor

Erez Tadmor

Director, Product Management, Tufin

Wednesday September 23, 2020 11:30am - 12:00pm EDT

11:30am EDT

Zero Trust for Humans
How user experience is crucial for a successful Zero Trust journey

avatar for Sean Frazier

Sean Frazier

Advisory CISO - Federal, Duo Security

Wednesday September 23, 2020 11:30am - 12:00pm EDT

12:00pm EDT

What CISOs Need to Know About Risk-Based Cybersecurity
As a security professional or executive, you can increase your security team’s value by focusing on risk over threats — even if you currently struggle to relate your role to your organization’s bottom line, or feel like you’re drowning in data that lacks context.
Join Stu Solomon, chief operating officer, Recorded Future for a live discussion on how to shift your organization toward risk-based cybersecurity. 
Attendees will walk away with:
  • An understanding of how security intelligence helps teams make better decisions based on contextual data and metrics
  • Methods for how to create a persistent information advantage for better security - with a focus on being profitable
  • A comprehensive framework that emphasizes risk over threats and learn how to create 

avatar for Stu Solomon

Stu Solomon

Chief Operating Officer, Recorded Future
Stu Solomon is Chief Operating Officer at Recorded Future, where he is responsible for leading all client facing activities globally including the intelligence research, analysis and delivery functions for Recorded Future.

Wednesday September 23, 2020 12:00pm - 12:45pm EDT
Main Stage

12:45pm EDT

Wednesday September 23, 2020 12:45pm - 1:00pm EDT

1:00pm EDT

Keynote: Make Security Cool From the Classroom to the Boardroom
NASA didn’t market the complexities and PhDs required to get to space, they just showed off something really cool: a person flying. 
We are in pivotal times. Pivotal in terms of technology innovations like the cloud and APIs driving global economic growth and opportunity. Disastrous in terms of them leaving without us, growing the security landscape, and not taking any of our best practice controls with them. 
In this keynote, we are going to level set on the facts of our threat landscape, how breaches occur, and put them in context to help prioritize risk. And then we are going to pivot risk treatment into business and personal impact stories hoping to land our zero-gravity moment.

avatar for Mary Gardner

Mary Gardner

Mary Gardner is Chief Information Security Officer (CISO) at F5. In this role, she is responsible for F5’s corporate-wide information security management efforts, along with strategic planning, governance, and controls. This includes identifying, evaluating, and reporting on F5’s... Read More →

Wednesday September 23, 2020 1:00pm - 1:45pm EDT
Main Stage

1:45pm EDT

The New Endpoint Challenge - Cracks in the Foundation
Cyber adversaries are not “sophisticated”, rather they are pragmatic. They have mastered the art of staying one step ahead of our controls. The endpoint, still the nexus of the cyber challenge, has become difficult for adversaries to maintain persistence on, due to advances in AI/ML, EDR, and Threat Intelligence. The battlefield is defined by the "time advantage" that either side has over the other. Hence, both APTs and criminal ransomware groups have adapted by going “further down the stack”, and they have arrived at firmware, hardware, and driver level TTPs (Tactics, Techniques, Procedures) that now plague enterprises across myriad threat scenarios ranging from supply chain, to malware, to insiders, IOT, and more. There is a dire lack of visibility here, and attackers are enjoying the omnipotence and indefinite persistence that platform-layer TTP’s provide.

This talk will challenge fundamental assumptions we make about cyber risk, by exposing platform security for what it is: the very foundation of trust, integrity, confidentiality and availability upon which the rest of the computing and cyber stack are built. We say we want a Zero Trust strategy, yet we haven’t protected the foundation itself that attackers are targeting. Welcome to platform security, hold on tight.

avatar for Scott Scheferman

Scott Scheferman

Principal Cyber Strategist, Eclypsium
Mr. Scheferman is a mission-driven 20+ year cyber security industry veteran with a strong reputation for effective leadership, exceptional public speaking, candid thought leadership, and the proven ability to shape and shift industry outlook. Mr. Scheferman keeps a hyper-current beat... Read More →

Wednesday September 23, 2020 1:45pm - 2:15pm EDT
Solutions Theater

1:45pm EDT

Why Asset Management Matters for Cybersecurity
Asset management doesn’t have the hype as some of the other topics in cybersecurity, but it’s a foundational challenge that’s only getting worse. In this session we’ll show why teams still struggle to get a straight answer about assets in 2020, a simple approach, and how Axonius customers are able to get a comprehensive asset inventory, uncover security gaps, and automatically validate and enforce security policies.


Wednesday September 23, 2020 1:45pm - 2:15pm EDT
Solutions Theater

2:15pm EDT

The Githubification of InfoSec: Towards an Open, Shareable, Contributor-Friendly Model of Speeding InfoSec Learning
More defenders are joining the field of information security than ever before. While sharing and collaboration are common, infosec stubbornly remains an experience driven field that slows advancement. How can we increase the rate of learning for defenders everywhere? This keynote presentation will talk about a more contributor-friendly and vendor neutral model of infosec that speeds sharing know-how and learning.

avatar for John Lambert

John Lambert

VP, Microsoft Threat Intelligence Center & Distinguished Engineer, Microsoft
John Lambert holds the title of Distinguished Engineer and is the Vice President of the Microsoft Threat Intelligence Center. He has been at Microsoft for over 20 years. The Center is responsible for detecting and disrupting adversary based threats aimed at Microsoft and its customers... Read More →

Wednesday September 23, 2020 2:15pm - 2:45pm EDT
Main Stage

2:45pm EDT

Fireside Chat with Moody's SVP of Cybersecurity
In this session, moderated by Vinay Venkataraghavan from Palo Alto Networks, we will chat with George Kurian, SVP of Cybersecurity Services at Moody's, who will share their journey to the cloud and best practices on how they are managing risk and maintaining security controls while securing their applications in the cloud.

avatar for Vinay Venkataraghaven

Vinay Venkataraghaven

CTO for Prisma Cloud, Palo Alto Networks
avatar for George Kurian

George Kurian

SVP of Cybersecurity Services, Moody's Corporation

Wednesday September 23, 2020 2:45pm - 3:15pm EDT

3:15pm EDT

Break - Visit Expo Hall and Networking Lounge
Wednesday September 23, 2020 3:15pm - 3:30pm EDT
Exhibit Hall

3:30pm EDT

[Panel] -- Modeling Enterprise Security: North Korea? or Norway?
If we truly reflect on the type of models that we tend to emulate when designing enterprise security controls, the best comparison is that of North Korea: tightly controlled regimes with constant monitoring; restricted information flows to prevent exfiltration of secrets; forced use of specific operating systems and images; and severe penalties for non-compliance, up to and including termination. Even buzzwords like “Zero Trust” seems to reflect the state of how people treat each other in North Korea.

Is this the model of enterprise security that we really want? Can we strive for something better… like Norway, where people are free to interact and innovate to meet each other’s needs and drive economic growth? In this session, we plan to compare and contrast enterprise security models to understand what choices we have when we design our enterprise security controls, and how each choice that we take can make our environment look more like Norway or more like North Korea.

avatar for Sounil Yu

Sounil Yu

CISO in Residence, YL Ventures
Sounil Yu is a security innovator with 30+ years of hands-on experience creating, breaking, and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, serves on the Board of the FAIR Institute, teaches Cybersecurity Technologies... Read More →

avatar for David Tsao

David Tsao

VP Security Engineering, Marqeta
David Tsao is the VP Security Engineering at Marqeta, Inc. He is the former Head of InfoSec and Chief Information Security Officer (CISO) at BYTON, an electric vehicle company that designs cars as a fully connected smart device on wheels. Prior to joining BYTON, David was the Global... Read More →
avatar for Josh Goldfarb

Josh Goldfarb

Independent Security Consultant
Joshua Goldfarb (Twitter: @ananalytical) is an experienced information security leader who works with enterprises to mature and improve their enterprise security programs. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by Fir... Read More →
avatar for Nipun Gupta

Nipun Gupta

VP, Cyber Security Strategy & Innovation, Deutsche Bank
Nipun Gupta is a Vice President of Technology focused on Cyber Security Innovation, supporting Deutsche Bank’s (DB’s) Chief Security Office (CSO). Armed with eight (8) years of experience helping F500 companies solve cyber risk challenges, Nipun is tasked at DB to keep a hand... Read More →

Wednesday September 23, 2020 3:30pm - 4:15pm EDT
Thursday, September 24

11:00am EDT

Fireside Chat: The CISO’s Exposure to Personal Legal Jeopardy
In this special recording of the Security Conversations podcast, renowned cyber-attorney Evan Wolff will discuss some of the murky legal issues that CISOs (personally?) face during the course of everyday work. Whether it relates to negotiating and paying to recover from a ransomware infection, to handling extortion demands from hackers, CISOs and corporate decision-makers need to pay careful attention to the landscape to insulate themselves from personal liability.

Join this live episode of the podcast to learn about the ransomware-negotiations landscape and some basic things CISOs should be doing as part of a robust incident response program.

avatar for Ryan Naraine

Ryan Naraine

Director, Security Strategy, Intel Corp.
Ryan Naraine heads up Intel's engagement efforts with the security research community, CISOs and security decision-makers. Prior to joining Intel, he managed Kaspersky Lab's security research team in the U.S. and served as Chief Marketing Officer at Bishop Fox, a firm offering cybersecurity... Read More →
avatar for Evan D. Wolff

Evan D. Wolff

Partner, Crowell & Moring
Evan D. Wolff is a partner in Crowell & Moring's Washington, D.C. office where he is co-chair of the firm's Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity... Read More →

Thursday September 24, 2020 11:00am - 11:30am EDT

11:30am EDT

App Security to Defend Your Business Against Fraud and Abuse
Web and mobile apps now represent the single most lucrative set of targets for cybercriminals – which means that application security has never been more important. Together, our combined F5 and Shape Security solutions deliver a comprehensive application security stack that marries best-in-class defenses with the simplicity and ease of a single vendor. 
Attend this session to learn how F5 and Shape Security can help you achieve: 
  • Reduction in fraud and abuse losses
  • Measurable cost savings for hosting and bandwidth costs 
  • Detection and mitigation from vulnerability exploits to denial-of-service attacks 
  • Better application performance and uptime 

avatar for Shehzad Shahbuddin

Shehzad Shahbuddin

Solutions Engineer, Shape Security at F5

Thursday September 24, 2020 11:30am - 12:00pm EDT
Solutions Theater

12:00pm EDT

Rapid Response: CISO Leadership Under COVID-19
The sudden pandemic has strained business continuity plans and forced urgent digital transformation at organizations large and small.  This has been good- and bad-news for CISOs and defenders.  

First, the good: security budgets are expanding and CEOs and boards of directors are paying close attention to cybersecurity concerns. On the flip side, CISOs and defenders are scrambling on short notice to manage remote needs, cloud deployments, security micro-services.

This panel provides an inside look at the COVID-19 Rapid Response, examining how large enterprises shifted their operations on short notice. Successes, failures, lingering challenges and more.

avatar for Will Lin

Will Lin

Partner, Forgepoint Capital

avatar for Lakshmi Hanspal

Lakshmi Hanspal

Global CISO, Box
Lakshmi Hanspal is the Global Chief Information Security Officer of Box. She is responsible for corporate, physical, and cyber security of Box’s footprint, including data protection and privacy. Prior to joining Box, Lakshmi was the Global CSO at SAP Ariba, where she protected the... Read More →
avatar for Jeffrey Schilling

Jeffrey Schilling

Global CISO, Teleperformance Group
Jeff Schilling is Chief Information Security Officer at Teleperformance Group, where he is responsible for the overall direction, coordination, and evaluation of the cybersecurity function and global information security incident response. He serves as the strategic advisor to the... Read More →
avatar for Aanchal Gupta

Aanchal Gupta

VP, Azure Security, Microsoft
Aanchal Gupta is Vice President, Azure Security, at Microsoft.   Before joining Microsoft, Aanchal led security teams at Facebook, Skype and Yahoo.   Aanchal has more than two decades of experience leading geographically distributed teams developing secure and trustworthy software... Read More →

Thursday September 24, 2020 12:00pm - 12:45pm EDT
Main Stage

12:45pm EDT

Creating and Distributing Strategic Intelligence for CISOs
Cyber risk is a top of mind concern for those at the executive level however, it remains a challenge to oversee largely due to the gap between the technical and business sides of an organization. There is a way to bridge this divide, making the information relevant and understood by both parties. Anomali, Senior Sales Engineer, Thomas Graves,  will demonstrate several use cases to show how Anomali gathers and associates intelligence on threat actors, malware, campaigns, vulnerabilities, and tactics, techniques and procedures (TTPs) to support strategic intelligence reporting for CISOs. Strategic intelligence reports support senior leadership's ability to understand how adversary TTPs align with the organization's defensive controls,  highlighting gaps in the defensive posture. These use cases show you how to stay ahead of the bad guys, join the discussion.

avatar for Thomas Graves

Thomas Graves

Senior Sales Engineer, Anomali
Thomas Graves is a Senior Solutions Engineer at Anomali. He has more than a decade of experience in computer network defense, security operations, and cyber intelligence analysis. As a cyber solutions professional, he is primarily focused on helping clients harness threat intelligence... Read More →

Thursday September 24, 2020 12:45pm - 1:15pm EDT
Main Stage

12:45pm EDT

Measuring and Mitigating the Risk of Lateral Movement
The ability to remotely execute code is often the cornerstone of an attack, but bad actors also attempt to reduce their footprint by abusing legitimate credentials combined with network, application and operating system functionality, and new cloud capabilities to remotely access systems and find high risk data. Patrick Pushor, Technical Evangelist at Orca Security, will explore modern lateral movement threats, mitigation strategies, and examine new vectors with the shift to the cloud while sharing key findings from Orca's 2020 State of Public Cloud Security Report.


Patrick Pushor

Technical Evangelist, Orca Security

Thursday September 24, 2020 12:45pm - 1:15pm EDT
Main Stage

1:15pm EDT

Break - Visit Expo Hall and Networking Lounge
Thursday September 24, 2020 1:15pm - 1:30pm EDT
Exhibit Hall

1:30pm EDT

The Ever-Evolving Trendlines in Cloud Native Security 2020
Recently, Palo Alto Networks set out to better understand the practices, tools and technologies innovative companies are using to overcome the challenges of cloud native architecture, along with methodologies to fully realize the rewards of moving to the cloud. 

Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, Palo Alto Networks came away with an understanding of current and future investment levels in cloud and cloud native security tooling and level of preparedness in using hybrid- and multi-cloud infrastructure.
Join Palo Alto Network’s Head of Product Marketing, Prisma Cloud Keith Mokris and CSO Public Cloud, Matt Chiodi to unpack the findings on:

avatar for Matt Chiodi

Matt Chiodi

CSO, Public Cloud, Palo Alto Networks
Matt has spent the last eight years of his career focused exclusively on public cloud security working for some of the most well-respected companies in the Fortune 500. Prior to joining Palo Alto Networks by way of the RedLock acquisition, Matt was the Global Head of Cloud Security... Read More →
avatar for Keith Mokris

Keith Mokris

Head of Product Marketing - Prisma Cloud, Palo Alto Networks
Keith Mokris leads product marketing for Prisma Cloud at Palo Alto Networks where he is focused on helping enterprises secure their cloud native applications. Previously, he led product marketing at Twistlock and NowSecure, a mobile application security testing startup. In his free... Read More →

Thursday September 24, 2020 1:30pm - 2:15pm EDT
Main Stage

2:15pm EDT

Changing the Conversation to Get Your Business's Attention [Panel]
Do you agree that we need to market the impact of security differently to get the attention of end-users, business owners, and boards? 

On this panel, F5 will be talking to senior executives to understand where they think security is failing, and where it is succeeding, and how that translates to what we know are the biggest security risks to any organization. And because no security team will ever scale to address all risk, we are going to discuss what we need from our Vendors to close the gap.

avatar for Sara Boddy

Sara Boddy

Senior Director, F5 Labs, F5

avatar for Lisa Young

Lisa Young

VP, Cyber Risk Engineering, Axio
avatar for Mary Gardner

Mary Gardner

Mary Gardner is Chief Information Security Officer (CISO) at F5. In this role, she is responsible for F5’s corporate-wide information security management efforts, along with strategic planning, governance, and controls. This includes identifying, evaluating, and reporting on F5’s... Read More →
avatar for Shuman Ghosemajumder

Shuman Ghosemajumder

VP, Global Head of AI, F5

Thursday September 24, 2020 2:15pm - 3:00pm EDT

3:00pm EDT

Scale Efficiency Gains Through a Security Organization
Security teams are bombarded by noise daily – false positives, alerts without enough context, and incomplete data. Recorded Future's natural-language processing and machine-learning powered platform builds quantitative risk around IOCs based on the threat landscape.

During this presentation, Recorded Future will showcase how to consolidate data from 1M+ sources into relevant "intelligence cards" that analysts can use to make judgements during their day-to-day workflows, specifically around vulnerability management. Tune in for this live session to learn how all of this data can be programmatically extracted into SIEM tools, such as Splunk ES, to scale efficiency gains throughout a security organization.


Maulik Limbachiya

Recorded Future, Solutions Engineer - Global Accounts

Thursday September 24, 2020 3:00pm - 3:30pm EDT
Main Stage

3:30pm EDT

Break - Visit Expo Hall and Networking Lounge
Thursday September 24, 2020 3:30pm - 3:45pm EDT
Exhibit Hall

3:45pm EDT

Reducing Complexity and Shrinking the Security Stack [Panel]
Managing complexity in corporate environments continues to be a growing problem for cybersecurity. As new frameworks emerge, defenders are increasingly facing "posture fatigue" as they respond to ongoing attacks by adding more and more tools to the security stack.  This leads to an increase in attack surface and ongoing difficulties in properly managing risk.  According to data from Palo Alto Networks, large enterprises are using more than 130 tools on average, and even midsize companies are using 50 to 60 tools to address security problems.

Is this sustainable? How can we realistically shrink the security stack and reduce complexity? Do we need to use fewer tools? Do we need to focus on integration and orchestration? The panel will address these questions and more.

avatar for Ash Ahuja, CISM

Ash Ahuja, CISM

VP Leadership Partner: EITL Security & Risk Management, Gartner

avatar for Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

VP, Security Engineering, Mastercard
Anne Marie Zettlemoyer is a cyber strategist with over 20 years of experience in 8 industries. Sitting at the intersection of business, security, and analytics, Anne Marie has served as a trusted advisor for Fortune 500 companies, government agencies, law enforcement, security vendors... Read More →
avatar for Justin Berman

Justin Berman

Head of Security, Dropbox
Justin is the Head of Security at Dropbox.  He brings more than a decade of security and technology experience from high-profile organizations. Previously, Justin served as CISO of Zenefits and Vice President of Information Security of Flatiron Health. Prior to that he led security... Read More →
avatar for Sean Duca

Sean Duca

VP, Regional CSO Asia Pacific & Japan, Palo Alto Networks
Sean is vice president and regional chief security officer for Asia Pacific and Japan at Palo Alto Networks. In this role, Sean spearheads the development of thought leadership, threat intelligence and security best practices for the cybersecurity community and business executives... Read More →

Thursday September 24, 2020 3:45pm - 4:30pm EDT
Main Stage

4:30pm EDT

In-CISOmnia – What Keeps CISOs up at Night? [Panel]
Our popular “CISO concerns” panel returns with another laundry list of items to discuss:  Account takeover attacks, ransomware demands and whether to pay to recover, zero-day attacks, patch management, board meetings, reporting structures, compliance, privacy, etc, etc. This promises to be another lively panel of defenders sharing war stories and best practices.

avatar for Homaira Akbari

Homaira Akbari

AKnowledge Partners, AKnowledge Partners
Dr. Homaira Akbari is President and CEO of AKnowledge Partners, a  strategy advisory firm providing services to leading private equity funds and large corporations in the sectors of Internet of Things, Cyber Security, Big Data and Analytics, and Supply Chain Visibility. She serves... Read More →

avatar for Pietr Lindahl

Pietr Lindahl

Deputy CISO, Biogen
avatar for Zach Moody

Zach Moody

Head of Global Information Security, AVX Corporation
avatar for Chris Forbes

Chris Forbes

Chris Forbes has over 35 years of IT, Risk, and Security experience including 20 years focusing on Information Risk, Cybersecurity, and Privacy. Chris is currently a CISO Executive Advisor for Evotek, and was previously CISO and Chief Privacy Officer for the Banc of California, CISO... Read More →
avatar for Talha Tariq

Talha Tariq

Chief Security Officer, HashiCorp
Talha Tariq is Chief Security Officer at HashiCorp.   Talha has more than 15 years of experience building and scaling security programs from startups to Fortune 100 organizations. Prior to HashiCorp, Talha served as Chief Information Security Officer at Anki where Talha was responsible... Read More →

Thursday September 24, 2020 4:30pm - 5:15pm EDT
Main Stage
  • Timezone
  • Filter By Date CISO Forum Sep 23 -24, 2020
  • Filter By Venue SecurityWeek Virtual Conference Center
  • Filter By Type
  • Break
  • Login
  • Panel
  • Presentation

Filter sessions
Apply filters to sessions.