Think Tank
The Future of IT & Cybersecurity

CXO Think Tank

Date

October 5, 2022

Location

Boston, MA

Community

CIO / CISO
Attend this Event
Become a Sponsor Attend this Event
Your Vision is our mission

Agenda

October 05, 2022
Download Agenda
All times Eastern Time
12:30 PM-1:00 PM
Welcome & Registration
1:05 PM-2:00 PM
Keynote Panel
Security Controls: Measuring Efficacy for the Business Growth

The industry is spending record amounts on cybersecurity tooling, but somehow CISOs still are at times left scrambling to respond to the vulnerabilities like Log4j. Assuming that these types of critical and far-reaching events are inevitable, how can CISOs further improve their organization’s preparedness for future cyberattacks?

This panel will discuss potential strategies for determining the critical security controls - both technology and behavioral - that can minimize cyber-risks and give the organization the competitive advantage to grow and innovate. We will explore frameworks for measuring the efficacy of cybersecurity investments, and KPIs that show the board the investment is safeguarding the company's digital infrastructure for the long term.

Chair
Brian Haugli SideChannel
Brian Haugli

CEO

SideChannel

Brian has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He creates a more realistic way to address information security and data protection issues for organizations. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. Brian is the contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. Lastly, he is a professor at Boston College, in the Woods College of Advancing Studies, Master’s Program in Cybersecurity.
Panelists
Tony Parrillo Schneider Electric

Speaker

Tony Parrillo

Global Head of Security

Schneider Electric

Experienced and passionate cybersecurity leader. Responsible for all facets of cyber security to Schneider Electric's enterprise IT, encompassing approximately 140,000 employees in 100 countries, including 220 factories, 35 distribution centers, and 1,200 sites
Mark Maybury Lockheed Martin

Speaker

Mark Maybury

VP, Commercialization, Engineering & Technology

Lockheed Martin

Dr. Mark Maybury is a C-Suite Executive and Board Member with leadership success across public and private sectors and expertise in senior management, innovation commercialization, ventures investment, cybersecurity, AI/ML, IOT, SaaS, data analytics, energy storage, new business models, startup incubation and acceleration, revenue growth, margin expansion, lean manufacturing, global supply chains, and digital marketing. Dr. Maybury is Stanley Black & Decker’s first Chief Technology Officer and Board Director and Nominations and Governance Committee Chair of the Internet Sciences Inc. He serves as a Special Government Employee for the Defense Science Board providing strategy and technology advice to the Office of the Secretary of Defense as well as a director for the boards of the Connecticut Science Center and Mark Twain House and Museum. He is a former board member of the Advanced Cybersecurity Center (ACSC), the Object Management Group (OMG) which oversees the Industrial Internet Consortium, the USAF Scientific Advisory Board, and the Homeland Security S&T Advisory Committee. From 2010 to 2013, Dr. Maybury was Chief Scientist of the USAF serving as chief scientific adviser to the Chief of Staff and Secretary of the USAF. He served on the Steering Committee and Senior Review Group of the AF Scientific Advisory Board. Mark spent 27 years (1990 to 2017) at The MITRE Corporation, including as VP of Intelligence Portfolios and Director of the NIST-sponsored National Cybersecurity FFRDC (NCF) supporting the National Cyber Center of Excellence (NCCoE). He also served as VP and CSO and CTO of MITRE. He is an active Fellow of the IEEE, Fellow of the Association for the Advancement of Artificial Intelligence, a Fed 100 awardee and the 2019 Veterans Advantage Veteran of the Year. Dr. Maybury is editor of Intelligent Multimedia Interfaces (AAAI/MIT Press 93), Intelligent Multimedia Information Retrieval (AAAI/ MIT Press 97), New Directions in Question Answering (AAAI/ MIT Press 2004), Multimedia Information Extraction (2012), co-editor of Readings on Intelligent User Interfaces (Morgan Kaufmann Press 1998), Advances in Text Summarization (MIT Press 99), Advances in Knowledge Management (MIT Press 2001), Personalized Digital Television (Kluwer Academic 2004), Intelligent Technologies for Interactive Entertainment (Springer 2005), and co-author of Information Storage and Retrieval (Kluwer Academic 2000). He chaired the 2020 AAAI Spring Symposium on AI and Manufacturing and a frequent author and keynote speaker.
Ganesh Pai Uptycs

Speaker

Ganesh Pai

Founder & CEO

Uptycs

Ganesh Pai is the Founder & CEO of Uptycs. Ganesh is a Boston-based entrepreneur and technologist who has been awarded multiple U.S. patents. Ganesh is a Featured Speaker at the CXO Think Tank in Boston, MA and will be discussing “Security Controls: Measuring Efficacy for Business Growth” in partnership with

Together with:

Uptycs
2:00 PM-2:35 PM
Keynote
Application Security in a DevOps, Cloud and API World

Security teams are challenged to modernize application security practices in light of accelerating shifts to DevOps delivery models and rapid adoption of cloud-native application designs. Applications built on microservices (e.g. serverless, containers, APIs) and delivered continuously are outpacing application security teams ability to secure them. CISOs need to consider new skills, new touch points and new platforms to maintain a strong security posture in light of these trends and the speed at which they are re-shaping IT.

Panelists
Matt Tesauro Noname Security

Speaker

Matt Tesauro

Distinguished Engineer/Director Security Evangelist - Global

Noname Security

Matt Tesauro is a Distinguished Engineer at Noname Security. When not writing automation code in Go, Matt Tesauro is pushing for DevSecOps everywhere by contributing to open source projects, presenting, training and continuing to co-opt new technologies. Prior to joining Noname, he rolled out AppSec automation at a major financial institution and founded 10Security. Other experience includes the Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security, a Senior Software Security Engineer at Pearson and the Senior Product Security Engineer at Rackspace. He is also an Adjunct Professor for the University of Texas Computer Science department teaching the next generation of CS students about Application Security. Matt is a broadly experienced information security professional of 20+ years specializing in application and cloud security. He has also presented and provided training at various international industry events including DHS Software Assurance Workshop, OpenStack Summit, SANS AppSec Summit, AppSec US, EU and LATAM. His work has included security consulting, penetration testing, threat modeling, code reviews, training and teaching at the University of Texas and Texas A&M University. He is a lead for OWASP AppSec Pipeline & DefectDojo projects. The AppSec Pipeline project brings lessons from DevOps and Agile into Application Security while DefectDojo is an application that is the source of truth for DevSecOps activities and ingests output from 100 different security tools. He holds two degrees from Texas A&M University and several security and Linux certifications.
2:30 PM-2:45 PM
Networking Break
2:45 PM-3:00 PM
Disruptor
Secure Your Browser - the Most Commonly Used and Vulnerable Application

In recent years, users have migrated from the office and are now working from everywhere and the resources the users need access to have also migrated from their desktops and data-centers to the cloud. The browser has become the de-facto tool for performing almost any action. Unfortunately, risks and threats to the browser are continuously on the rise, The browser is exposed to multiple types of threats and adversaries are increasingly targeting the browser to achieve their nefarious goals.

Join Seraphic VP of Product Management Alon Levin to learn about the threats to browsers and how to ensure secure browsing and prevention of policy infringements in the browser across all users, in all platforms and in every browser.

The session will review how security teams detect and mitigate browsers risks such as:

  • Browser vulnerability exploitation
  • Phishing
  • Intentional or unintentional data leak
  • Additional web-based attacks
Panelists
Alon Levin Seraphic Security

Speaker

Alon Levin

VP of Product

Seraphic Security

Alon Levin is the VP of Product Management at Seraphic, the enterprise browser security solution. With a successful track record of over 15 years in the cyber security industry, Alon specializes in building and supporting the growth of new, innovative products in the areas of Product Management, Presales and Customer Success. Prior to joining Seraphic, he fulfilled numerous leadership positions such as VP Product Management at Infinipoint, and earlier in VDOO, and as a Consulting Engineer and Director of Sales Engineering at Palo Alto Networks, Cyvera and Wave. Alon holds a Bachelor of Science (B.Sc.) degree in Electrical Engineering from Tel-Aviv University.

Together with:

Seraphic Security
3:05 PM-4:00 PM
Panel
The Greatest Fears?

The biggest fear is not the technology, it is the potential of human error that could expose your organization to a cyberattack. The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. Most also agree that they will not be able to reduce the level of employee disregard for information security. How do we guard against human error without limiting employee efficiency and productivity?

Chair
Brian Haugli SideChannel
Brian Haugli

CEO

SideChannel

Brian has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He creates a more realistic way to address information security and data protection issues for organizations. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. Brian is the contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. Lastly, he is a professor at Boston College, in the Woods College of Advancing Studies, Master’s Program in Cybersecurity.
Panelists
Grace Beason (1) Guidewire Software Inc

Speaker

Grace Beason

Director of Governance, Risk and Compliance

Guidewire Software Inc

Accomplished Security, Risk & Compliance Manager with a proven track record of working in the information technology and services industry with expertise in information security and privacy. Strong operations leader skilled in Security, Risk & Compliance of next generation Cloud, IoT and legacy IT services. Broad client base of Fortune 100 and international government sectors. Effective leader with global and industry specific regulatory frameworks. Primary industries include: IT/ Cloud Services, Financial Services, Healthcare, Public Sector, Technology/ Telecom, Media and Entertainment.
Sumit Nagpal (1) Cherish Health
Sumit Nagpal Ph.D.

Co-Founder/CEO/CTO

Cherish Health

Blake Atkinson Cloudflare

Speaker

Blake Atkinson

Director of Infrastructure Security

Cloudflare

Blake leads the Infrastructure Security team at Cloudflare; collaborating with systems and hardware teams on a global, multi-faceted approach to preventing and detecting cyber security threats. He specializes in building cyber security engineering organizations that focus on delivering reliable and mature solutions for customers within and without. Previously, Blake built and led SRE teams responsible for security services and enterprise SaaS products. In between meetings, Blake can normally be found herding several cats and dogs around his home in Austin.

Together with:

Cloudflare
4:05 PM-4:20 PM
Disruptor
Guarding the Doors: Navigating Risk From Third-Party Code

Open source libraries are widely leveraged by developers. In fact, 97 percent of the typical Java application is made up of open source libraries. But nearly 80 percent of developers never update third-party libraries after including them in codebase.

What does this mean for your applications? There is a good chance that your third-party libraries have undetected vulnerabilities. Scary, right?

The good news is that when alerted to vulnerabilities in open source libraries, developers tend to act quickly. This is especially true when developers understand how the vulnerability could impact their application.

Join us as we review our annual study on open source libraries, State of Software Security (SOSS) v12: Open Source Edition. We will explore the most popular open source libraries, how libraries are evaluated and selected, and how to eliminate risk by fixing vulnerabilities.

Panelists
Larry Weber Veracode

Speaker

Larry Weber

VP Product Marketing

Veracode

Larry Weber is a Vice President of Product Marketing at Veracode. He is responsible for leading the overall product & industry marketing, market insights, and developer relations teams. Larry has multiple years of experience in cloud strategy, user experience and analytics. Prior to joining Veracode, he built and led the marketing team for the AWS Databases category and was responsible for thought leadership, awareness, adoption, engagement, and advocacy for AWS’s 15+ purpose-built managed database services. Larry received a Masters of Computer Science from North Carolina State University and an MBA from a UNC Kenan-Flagler Business School.

Together with:

Veracode
4:20 PM-4:35 PM
Networking Break
4:35 PM-4:50 PM
Disruptor
5 Steps to Securing Identity and Access for Everything in the Cloud

Identity and Access are under attack. The only way to protect the identity layer from risks and threats is to continuously monitor identities, assets, access privileges, and activities across cloud environments.

Join Authomize Director of Sales Engineering David Bullas, to learn about the 5 steps you need to take to ensure that your Cloud Identity and Access is secure and in compliance with standards and regulations. The session will review how security teams detect and mitigate Identity and Access risks such as:

  • Excessive Access exposing what you build in AWS
  • Identity lifecycle risks including partial offboarding
  • IdP risks including password stealing and user impersonation
Panelists
David Bullas Authomize

Speaker

David Bullas

Director of Sales Engineering

Authomize

Dave has been working in the Software Industry since 1998. He has a Masters degree in Computer Science focused on Neural Networks from the University of Alberta and has been working at Authomize since early 2021. Dave has held a variety of technical and management roles in development and sales engineering and has been in charge of the implementation, sale, delivery, and evangelism of a number of software products. Dave's current role is Director, Sales Engineering at Authomize and in that role he leads a team that delivers technical outcomes, enablement, and evangelism for the Authomize team, our partners, and our customers. Dave's spare time is spent kayaking, rock climbing, running, and reading a wide range of science fiction and fantasy novels. He has a long-suffering and extremely supportive wife and 2 kids aged 18 and 14. Dave has been living in Calgary, Alberta, Canada since 2005.

Together with:

Authomize
4:55 PM-5:50 PM
Panel
Cloud Data Security

According to Gartner, 79% of companies have experienced at least one cloud data breach during the pandemic. But the migration of critical business data to the cloud shows no sign of slowing. In fact, it’s accelerating. Yet, despite powerful trends and mounting threats, traditional data security has simply not kept pace with the cloud. Security teams still struggle to even understand the reality of what sensitive data they have in the cloud and its associated risks. This is not a sustainable status quo. Data is increasingly a business most valuable asset. And until organizations can align around a shared Data Reality, cloud security will remain several steps behind intensifying security threats and tightening data regulations.

Chair
Brian Haugli SideChannel
Brian Haugli

CEO

SideChannel

Brian has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He creates a more realistic way to address information security and data protection issues for organizations. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. Brian is the contributing author for the latest book from Wiley, “Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework“. Lastly, he is a professor at Boston College, in the Woods College of Advancing Studies, Master’s Program in Cybersecurity.
Panelists
alex cunningham Advisor360

Speaker

Alex Cunningham

CISO

Advisor360

Alex leads the strategic direction and execution of Advisor360°'s information security, risk, governance, and audit programs. Previously, he was the CISO at Commonwealth Financial Network, and have served in information security leadership roles both in the US and UK within the financial services, market research, and military sectors. Alex has a MS degree in information security leadership from Brandeis University and a BS degree in information technology with a minor in business from the University of Massachusetts Lowell. His information security certifications include CISSP, CISM, and CRISC.
Yotam Segev Cyera US Inc.

Speaker

Yotam Segev

Co-Founder & CEO

Cyera US Inc.

Yotam Segev is the co-founder and CEO of Cyera, the leader in Cloud Data Security. Yotam is a cyber security expert with 15 years of experience in offensive cyber security and security architecture. Yotam is an alumni of Israel’s prestigious Talpiot program, where he met Tamar Bar-Ilan, Cyera’s co-founder and CTO. Together they served in cyber security leadership roles for over a decade in unit 8200, the Israeli Defense Force’s signals intelligence service. At the agency, they experienced firsthand the tremendous challenge of securing data in the cloud and founded Cyera to solve this problem. Cyera has raised over $60M in its first year of operations and is backed by leading venture capital firms Sequoia, Accel and Cyberstarts. Cyera’s mission is to enable organizations to unlock the true value of their data while keeping it secure.
Shirish Ranjit

Speaker

Shirish Ranjit

Sr Enterprise Architect

Fortune 500 Private Sector

Shirish has a dozen plus years of technology experience currently CTO at Zen Labs and previously with State Street. He has a passion for decomposing particularly challenging problems into solvable units. He has pioneered the design and development of cloud-based strategies. His strengths include bringing artificial intelligence, machine learning, and big data analytics to experienced data scientists while also enabling “citizen" data scientists by providing them with simple and accessible ways to leverage cutting edge technologies.

Together with:

Cyera US Inc.
5:50 PM-5:55 PM
Closing Remarks
5:55 PM-6:55 PM
Cocktail Hour
Don't take our word for it

Together With

Veracode
Cloudflare
Cyera US Inc.
Authomize
SideChannel
Uptycs
Seraphic Security
Noname Security
Become a Sponsor
Don’t take our word for it

Heard In The Room

Partner

The process was very well organized by C-Vision. Perfect organization, honest and authentic speakers of high level.

Paige Adams
Paige Adams
Group CISO
Zurich Insurance Group
Visionary

A very warm welcome and interesting speakers. I was very pleased to be among such a dynamic group.

Allison Miller
Allison Miller
CISO
Optum
Partner

I love the engaging format of the councils. Very high level discussions and never a sales pitch. The C-Vision staff members are amazing.

Jeffrey Vinson
Jeffrey Vinson
SVP CISO
Harris Health System
Partner

Thoughtful discussion among experienced leaders regarding current challenges and complexities, and valuable exchange of pragmatic approaches and best practices. Well organized and facilitated.

Dorothy Yu
Dorothy Yu
Principal
DY Partners, Ltd.
Visionary

C-vision's events combine relevant topics with a suitable audience. I found great value at my last attendance, and would definitely consider upcoming events.

Bjørn R. Watne
Bjørn R. Watne
SVP & CISO
Storebrand
Partner

Intimate, immersive experiences provided by a group of individuals always available to support our needs. Fantastic organization and very high-level executives. The promise was delivered!

Maarten Ectors
Maarten Ectors
Chief Innovation Officer
Legal & G
Visionary

C-Vision laid out an articulate plan for us to be much more targeted, presented a stronger ROI and on top have come through with the Results they Promised.  They really have become an adjunct "team for hire" building trust with us all along the way.  There is no second guessing on this relationship and consistently over-deliver.  My kind of Partner.

Mark Musselman
Mark Musselman
CRO
LogicHub
Partner

C-Vision was really professional, responsive, listened and are very thoughtful in their approach. They are very high touch and truly care about the customer and end result. Our speakers were impressed with the format, and who they brought to the table.

Marla Jaeger
Marla Jaeger
CMP | Marketing Programs Manager Demand Generation & Marketing Operations
Palo Alto Networks