CISO Track
Saturday at 9am, dive into a morning of learning and connecting with fellow CISOs. These workshops break away from the usual routine, offering fresh ideas and new insights to tackle the unique challenges CISOs face today. This new approach is built around creating an environment where you can work alongside other CISOs and Security leaders to learn new ways to solve problems. This is NOT the conference where someone stands in front and talks AT you, but a collaborative problem-solving, supportive peer-learning atmosphere.
Our plan is for all attendees to join together with other industry leaders to explore evolving business leadership topics like AI strategy, budgeting, consulting vs. CISO, and more. The goal for all of us will be to walk away with actionable insights that can be used to improve your own security leadership skills. This hands-on approach empowers CISOs to navigate complexity, inspire teams, and lead their organizations to success.
Afterwards, enjoy a catered lunch, take time to connect with colleagues, and enjoy networking. Wrap up the afternoon with an engaging keynote address from Pete Kim, Executive Director for Cyber Threat Operations at RTX.
Registration is separate from the main conference. Click here to register for a CISO Track ticket through Eventbrite.
Schedule
8:30 - 9:00am Check-in and coffee/tea reception
9:00 - 9:15am Opening Remarks
9:15 - 12:15pm Workshops
12:15 - 1:15pm Lunch
1:30 - 2:25pm Panel discussion
2:30 - 3:25pm Keynote by Pete Kim
3:30 - 4:00pm Closing remarks
Workshops
Across these workshops we learn how to develop a security strategy, how to get the financial support and resources to make it a reality, and how to plan for a variety of practical topics such as AI, Security Operations, and approaches to building a vCISO / business out of CISO related consulting services. All of this has been in the service of our illustrious made up company, Cactus Corp. The overall idea is that by moving through a series of realistic CISO scenarios for Cactus Corp, ranging from strategic to more tactical, you will have key insights into how to do these things for your own organization.
Security Operations Strategic Planning Workshop
Mark Dallmeier
This interactive hands-on workshop will provide insights into common operating models for security departments, best practices for strategic planning, and how industry leaders approach organizational design. The session will cover various questionnaires, frameworks, and templates that participants will utilize to create a mock security operations strategy and organizational design. The facilitator will also discuss common issues that can negatively impact security operations strategic planning, and how to overcome those challenges.
Cyber Security Investment Strategies: Making the most of your budget
Michael Manrod
Success or failure at translating a security strategy into actual risk reduction, usually hinges upon how well resources can be aligned and directed toward the fulfillment of that plan. In this workshop we will look at how to get support and funding for security projects and products, as well as how to use such support wisely. What investment strategies will help to reduce as much risk as possible for every dollar available? How can you effectively manage vendor relationships in a way that will provide what is needed, at a low cost, while also building quality long-term partnerships? We will explore such questions, as we create an investment strategy for an imaginary company created for these workshops (Cactus Corp).
Enterprise Strategies for Generative AI: How to move forward, without driving off the cliff
Christian Taillon
It seems like practically every organization is facing the same set of challenges, as Generative AI makes tremendous capabilities available: capabilities that can accelerate productivity and growth; capabilities that can also compound risk and empower adversaries. In this workshop we will look at how to create a strategy for AI that allows for an organization to realize the benefits, while remaining thoughtful about key risks and how to balance the risk equation optimally. In this workshop, you will create an AI strategy for the fictitious company Cactus Corp, in a way that will let you take these principles back to apply them where you work.
Performance and Program Metrics: Eating your veggies so you can have dessert
Lester Godsey
“It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth.”
The above is the actual quote from W. Edwards Deming, who is normally attributed to saying, “If you can’t measure it, you can’t manage it.”
As we have all seen in our professional lives, organizations will select performance metrics that seem to make no sense with their only real contribution being adding more work to our plates. As a result, many of us have been poisoned to the point that when the word metrics is uttered, it’s like using a four letter word. However, the right performance and program metrics can make all the difference in the world and allow us to get to that dessert we are looking for at the end of the meal: having cybersecurity looked upon as a business enabler and proactively consulted.
In this workshop, using the fictitious Cactus Corp we will drive right into it, talking about what we can and maybe can’t measure, but acknowledging that all it needs to be managed.
Build a business using your powers as a CISO: Consulting and VCISO
Andy Jordan
Looking to make money without having to drive for Uber?! Why not use the cybersecurity skills you've gained!? You've found someone who needs help, but things always seem to stall out as soon as they start asking about your W-9 EIN number, business insurance, and other types of business administrative documents. This workshop will focus on HOW to safely consult with other companies without putting your personal bank account or employment at risk. Participants will also learn how to get started as a consultant and how to structure the services that they want to provide. This can be a good way for CISO's to remain technical by helping other companies or take the big jump by starting your own company.
Navigating Thorny Terrain: Practical Program Development
Daniel Shuler
Session Summary: In this session, participants will learn how to establish a framework for security program development using a tactile approach. The focus will be on navigating the complex and often challenging landscape of security program development, with practical tips and strategies for success. Participants will gain a deeper understanding of the key elements of a successful security program and learn how to apply these principles in their own organizations.
Daniel Shuler is an Information Security executive who has been working in the Information Security Industry for 20+ years. Daniel has executed strategic security objectives across the Utility, Government, Healthcare and Consulting industries. He began his career applying security controls to the critical infrastructure of Phoenix, AZ, progressed to designing cyber security programs for Americas Nuclear reactor operators, he established the risk management program for 4th largest County in the US, developed and operated the information security program for Phoenix Children's Hospital and is now focused on developing and certifying a world class security program for Exponent, a premier engineering consulting firm with offices around the world.
Panel Discussion facilitated by Andy Jordan
Kim Jones - Director of Cyber Craft at Intuit
Ryan Murray - Deputy Director and Chief Information Security Officer at State of Arizona Department of Homeland Security
Daniel Shuler - Information Security, Privacy and Compliance and CISO at Exponent
Ed Vasko - Director, Institute for Pervasis Cybersecurity at Boise State University
Andrew Wilson - Vice President and General Manager of Mexico at Avertium
Keynote: Pete Kim
Lessons on Leadership - How to elevate teams to extraordinary levels of performance.
During this action-packed day of CISO learning, we have gone through a series of practical workshops, we heard from experts on the panel, and had informal conversations that have hopefully resulted in new ideas and helpful connections. This day of learning will be closed out with a compelling talk by Pete Kim built on lessons from Coach John Wooden, applied to what it takes to lead an effective security team. Coach Wooden, known as the "Wizard of Westwood" shattered countless records coaching UCLA and has been widely studied and analyzed for decades due to his iconic leadership style and incredible results. Pete has a very compelling take on how lessons from Coach Wooden can be directly applied to help us more effectively lead security teams.
Pete Kim is the Executive Director for Cyber Threat Operations for RTX, responsible for protecting the enterprise from cyber attacks and managing cybersecurity risks across international operations. In his current role, Pete also builds relationships with key stakeholders across the cyber industry, from both the private and public sectors. Pete was formerly the Chief Information Security Officer for Raytheon Missiles & Defense.
Pete is a retired United States Air Force Colonel and former Air Force Senior Executive Service member who advanced military cyber operations in the Department of Defense, United States Cyber Command and the United States Air Force.
Prior to joining Raytheon in 2018, Pete was the first Air Force Chief Information Security Officer after successfully leading a global cybersecurity task force for the Chief of Staff of the Air Force in 2015 that pioneered cyber defense concepts for Air Force missions and weapon systems. As the first Air Force CISO, he established cybersecurity policies and compliance programs and oversaw the execution of global cybersecurity programs and operations for Air Force missions around the world.
Pete currently advises several cybersecurity startups and is on the board of two cyber non-profits, the Arizona Cyber Threat Response Alliance, and AZ Cyber Initiative.