CISO Finance Summit | Dec. 14, 2021 | New York, NY, USA

agenda

PDF Download Agenda (PDF)

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Tuesday, December 14, 2021 - CISO Finance Summit

8:30 am - 9:00 am

Registration & Networking Breakfasts

 

9:00 am - 9:40 am

Keynote Panel

Challenges and Lessons Learnt From Shifting Security Left
Changes in how organizations develop and deploy products over the last decade have strained efforts to drive security practices early into the process. Highly efficient and dynamic paradigms such as DevOps and CI/CD have increased the criticality of addressing security requirements in the earliest stages while at the same time increasing the challenges in doing so. Hear from Alyssa Miller, BISO and head of the cyber security program for S&P Global Ratings as she shares her perspectives from her work establishing security-minded culture not only within her current organization but from past consulting engagements as well. You'll hear about real-world challenges and lessons learned through these various initiatives. She'll also share key practices to overcome those challenges and gain buy-in and adoption from all areas of the business from grass roots clear up through the top levels of leadership. You'll leave understanding actionable steps you can take to align security initiatives with business objectives and truly make security an enabler of innovation and market leadership.

Presented by:

Alyssa Miller, Business Information Security Officer (BISO), S&P Global Ratings

 
 

9:45 am - 10:05 am

Executive Exchange

 

Thought Leadership

Passwordless: The Cornerstone to your Zero Trust Strategy
? Dealing with multiple credentials? 
? Struggling to understand how zero trust can be achieved? 
? Trying to achieve passwordless across your digital ecosystem? 

 Although everyone has heard of Zero Trust, it's not always clear what this hyped term means for businesses. There are various definitions floating around, causing confusion among IT leaders as many vendors claim their products are the answer to Zero Trust. The truth is there is no one zero trust vendor or solution, most of these solutions will address only part of your Zero Trust security model. But throughout the variety of vendors, the core idea of this model is the same â?" to never trust, always verify. A Zero Trust security model is impossible without verification of every user, machine, interaction, and process across your business. It might seem like an overwhelming process to build this new model, but you can build a strong foundation with Axiad Cloud- a single authentication and credential management platform for users, machines, devices, and digital interactions.

Sponsored by:

AxiaD IDS, Inc View details

 
 
 

10:10 am - 10:30 am

Executive Exchange

 

Executive Boardroom

SOC Modernization: Lessons for Post-Pandemic Recovery

TBC

Sponsored by:

Sumologic

 
 

10:35 am - 10:55 am

Executive Exchange

 

Think Tank

How To Keep Your Job as CISO

Did you know that the average tenure for a CISO is only a little over 2 years?  Did you know that 24% of the Fortune 500 CISOs have been in their jobs for less than 1 year?  This presentation will present ways for CISOs to demonstrate their effectiveness and how they are exercising due diligence in protecting their organisations from cyber-risks.


Presented by:

Paul Raines, Chief Information Security Officer, UNDP

 
 

11:00 am - 11:20 am

Executive Exchange

 

Executive Boardroom

Why You Want to Know about Cloud Infrastructure Entitlements Management
Managing identities and entitlements in public clouds is fraught with risk. Cloud complexity makes it virtually impossible to know if identities can access sensitive resources -- and to remove risky privileges. It's serious: By 2023, inadequate management of identities, access and privileges will be the cause of 75% of cloud security failures [Gartner]. Multi cloud environments make things even harder; yet shared responsibility makes the buck stop at your door. Seeing, fixing and preempting excessive permissions and other cloud access risks is a new priority for security and IAM stakeholders, and the antidote to such risks. It's why automated solutions for doing this are essential to protecting your cloud infrastructure and reducing your attack surface from malicious access and advanced attacks, including ransomware. 

Join Garrett Bechler, Ermetic's Senior Director of WW Sales Engineering, to explore the unseen access risks to your cloud posed by human and machine identities -- and how to simply reduce them using advanced entitlements management technology. You will learn how your organization can: 
- Gain the visibility into your AWS, Azure and Google entitlements that it lacks today 
- Understand -- across Okta, MFA and other integrated data -- what entities are privileged 
- Automate access-risk analysis and mitigation spanning identities, network and resources 
- Report on and investigate the blast radius should an incident take place 
- Manage compliance and entitlements in a unified pane of glass

Sponsored by:

Ermetic View details

 
 
 

11:25 am - 11:45 am

Executive Exchange

 

Think Tank

Using Zero Trust Data Access to bring order to the chaos of unstructured data in a Global Hybrid environment
In this session Anthony DeCristofaro, CEO of Qnext, will discuss the challenges of managing and governing unstructured data in a hybrid infrastructure and examine the security issues, costs and chaos it creates. He will then look at the importance of deploying a zero trust data access solution to help protect valuable data through role-based access according to least privilege and to govern, restrict and manage remote access to unstructured data. The result is reduced data exposure and the possibility of ransomware. Finally, he will briefly introduce you to FileFlex Enterprise, the world's first and leading ZTDA product. 

The Rise of Unstructured Data and Ransomware 
  •  Unstructured data makes up at least 80 percent of all enterprise data and is expected to grow 500% per year 
  • The average cost of storing a single TB of file data is $3,351 a year. That cost potentially skyrockets because of supporting technologies  
  • Unstructured data is the top vector for ransomware 
  • Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC's "2021 Ransomware Study" 
  • Ransomware complaints to the FBI are up 62% 
  • Ransomware has reached what can only be described as digital pandemic levels not seen before and with extreme focus on unstructured data
Movement to Zero Trust Architecture 
  • ZTNA and ZTAA platforms provide limited tools to control access to the file-based unstructured data such as documents, PDF files, images, videos and spreadsheets
  • A Zero Trust Data Access (ZTDA) platform provides the policy decision point for unstructured data access not found in ZTNA and ZTAA platforms 
  • Using a ZTDA platform for sharing files greatly reduces the threat profile of your organization

Presented by:

Anthony DeCristofaro, CEO, Qnext Corp., QNext Corp

 
 

11:50 am - 12:10 pm

Executive Exchange

 

Executive Boardroom

Protect your Hybrid Workforce with Data-First SASE
For enterprises with hybrid workforces and ubiquitous cloud services, protecting the edge is no longer enough. Security teams must deliver safer access to business resources and enforce security policies consistently. A data-first SASE architecture goes beyond access to control usage of data everywhere and ensure only the right people have access to the right data, while enabling you to understand the usage of data and apply appropriate control points where needed. 

Key takeaways: 
- Protecting remote workers in web and cloud, while controlling access to cloud and private apps without VPNs 
- Safeguarding the usage of data across the business 
- Continuously monitoring user risk

Sponsored by:

Forcepoint LLC View details

 
 
 

12:15 pm - 12:35 pm

Thought Leadership


Sponsored by:

Amazon Web Services View details

 
 
 

12:35 pm - 1:15 pm

Open Forum Luncheon

Networking Lunch
 

1:20 pm - 1:40 pm

Executive Exchange

 

Vendor Showcase

Is your source code secure? Are your secrets exposed?

TBC

Sponsored by:

Gitguardian View details

 
 
 

1:45 pm - 2:05 pm

Executive Exchange

 

Think Tank

TBC

Presented by:

Robert Mazzocchi, Former Vice President & CISO IT Security, AIG

 
 

2:10 pm - 2:30 pm

Executive Exchange

 

Executive Boardroom

Rise of Machine Identity: The Future of Identity

Content coming soon

Sponsored by:

Venafi View details

 
 

Presented by:

Kevin Bocek, VP Security Strategy & Threat Intelligence, Venafi View details

 
 
 

2:35 pm - 2:55 pm

Executive Exchange

 

Thought Leadership

Understanding Cyberattack Risk in Your Organization: Rethinking Access to Business-Critical Assets


Sponsored by:

Semperis View details

 
 
 

3:00 pm - 3:20 pm

Executive Exchange

 

Executive Boardroom

Automate Third-Party Identity and Risk Processes'
Today, organizations provide "internal" access to more third-party "outsiders" including vendors, supply chain, partners, and even bots (and "things") than ever before. 

However, most organizations are not able to automate key identity processes like onboarding, auditing, and offboarding for their third-party users. 

SecZetta believes that security leaders must automate their third-party identity and risk process to:
- Reduce onboarding cost and time 
- Improve risk mitigation with fewer orphaned accounts, third-party incident response capabilities, and timely offboarding 
- Confirm that users - especially those who are remote, are who they claim to be 

Value Proposition 
- Gain transparency into Third-Party users and their access 
- Align current third-party user relationship status to access 
- Reduce cost by removing third-party users from HRIS, proprietary systems, and manual onboarding and offboarding practices

Sponsored by:

SecZetta View details

 
 
 

3:25 pm - 3:55 pm

Executive Exchange

 

Executive Boardroom

Revolutionizing Application Development with Low-Code Technology

With the rapid pace of evolving technology challenges your financial institution must be creative and innovate to remain competitive.  Each planning year, CIOs are required to prioritize only the most critical initiatives, and as a result defer projects that would have a great positive impact.  In this session, Mendix will cover the 2021 CIO and Technology Leader survey results and how low-code can enable technology teams and their line of business partners to increase development capacity and accelerate delivery against the Enterprise Roadmap.  Join this session to hear about how your peers are leveraging low-code to deliver engaging digital customer experiences to the business faster and implementing modernization that will increase productivity across the enterprise.

Sponsored by:

Siemens Industry Software, Inc. (D/B/A Mendix) View details

 
 
 

4:00 pm - 4:20 pm

Executive Exchange

 

Executive Boardroom

Zero Trust Data Security: Enable Secure Digital Transformation

Even before the pandemic, banks were optimizing revenue-driving processes â?" such as loan applications â?" through digitization. Now, the move to cloud and remote-first environments has accelerated, and some banks struggle with securing new volumes of data without impacting business workflows and employee productivity.

Many financial institutions grappling with a sprawling enterprise architecture with on-prem and cloud-based data have adopted Zero Trust as a strategic methodology to control access to and secure their data. However, this focus has largely been on access and identity management, instead of on the largest revenue-driver and also the biggest risk for institutions: files and data. Join Votiro as we share Zero Trust strategies for securing data and documents without impacting core business functions and overview file threat research from our lab.


Sponsored by:

Votiro Cybersec Ltd View details

 
 
 

4:25 pm - 4:45 pm

Executive Exchange

 

Executive Boardroom

Stop Human Vulnerabilities from Hurting the Business: A Cross-Functional Approach to Risk Reduction
Last year, 85% of breaches involved exploiting a human element, according to the Verizon DBIR. Indeed, for the finance sector, social engineering was the most pervasive attack pattern, and human employees were the second-most targeted asset after servers. 

 In this session, George Kamide, Senior Director at SafeGuard Cyber, will share details on how a hyper-growth financial services company is reducing enterprise risk by mapping out the ?central nervous system of business communications,? and using a cross-functional approach to secure it. Attendees will learn: 

o How a hyper-growth company reduced the risks associated with rapid onboarding of new employees and communication technologies 
o How this company used a cross-functional approach to reduce risks in the ?central nervous system of business communication? 
o How to maximize situational awareness to detect and respond to risk in cloud communications

Sponsored by:

SafeGuard Cyber View details

 
 
 

4:50 pm - 5:00 pm

Closing Remarks

 

5:00 pm - 6:00 pm

Summit Happy Hour