A SecurityWeek Event

CISO Forum Agenda
Virtual Event

June 13-14th, 2023

An Exclusive Forum For Information Security Leaders

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event.

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.


June 13 Agenda

June 13, 2023 11:00

The New CISO Leadership Mandate

It’s now common for CISOs to be board members or regularly engage in C-level business discussions. To be effective, CISOs must learn to speak “dollars and cents” or the language of strategy and opportunity, transformation, and business risk. Rather than framing issues in terms of cybersecurity, they need to frame discussions in terms of business implications. After all, every cyber risk is a business risk (or opportunity). Join Jeff Margolies, Chief Strategy Officer at Saviynt, as he discusses the new CISO mandate with Jim Routh, Former CSO & CISO MassMutual, American Express, DTCC & Aetna.

Jim Routh
Board Advisor & Former CSO & CISO MassMutual, American Express, DTCC & Aetna

Jeff Margolies
Saviynt, Chief Strategy Officer

June 13, 2023 11:00

Why Cybersecurity Conversations Belong in the Boardroom

As the number of breaches and cyberattacks increase, it is crucial to prioritize security conversations in the boardroom. It’s no longer enough for cybersecurity to be the sole responsibility of CISOs. Every executive needs to be aware of the potential risks and take necessary precautions to protect their organization. Learn how to effectively communicate the importance of cybersecurity to the board and ensure your company takes cybersecurity concerns seriously in order to prevent financial losses and reputational damage. You’ll learn how to:

  • Tailor the cybersecurity message for your board
  • Advocate for the balance of security-specific risks against other business risks
  • Better inform your board on cybersecurity best practices and compliance

Tim Chase
Lacework, Field CISO

June 13, 2023 11:30

Stay Ahead of Bad Actors and Securely Accelerate your Cloud Transformation

Digital business is driving the continued migration of workloads to the cloud at a greater pace than ever. However, the complexity of securing cloud applications and their development and delivery pipelines across multi-cloud environments are causing many organizations to fall behind or inadvertently introduce security weaknesses. Between misconfigurations, over privileged identities, exposed sensitive data, source code vulnerabilities, and supply chain risks there are a myriad of considerations that have made cloud security humanly challenging to address. In this session, we will discuss the security best practices at every step in the application lifecycle to help accelerate your cloud transformation, including:

  • The common risks associated with cloud applications
  • How to get a 360° view of cloud security challenges across the code/build/deploy and run lifecycle
  • The typical cloud security journey and security use cases to address at each step
  • How to harness the power of data, threat intelligence, and AI to detect and prevent cloud threats
  • Ways to foster teamwork between developers, cloud ops, and security teams

Chandra Sekar
Palo Alto Networks, CMO Prisma Cloud

June 13, 2023 12:45


Please visit our sponsors in the Exhibit Hall and explore their resources. They’re standing by to answer your questions.

June 13, 2023 13:00

Attacker Mindset in the Cloud

Organizations can meet compliance/regulatory responsibilities in the cloud, but still be susceptible to a threat actor escalating privileges, exfiltrating data, targeting you for ransomware. Threat actors today have become cloud experts. Their TTPs are evolving quicker than most want to believe. Therefore it’s time we start thinking like them and mimicking detection on their attack behavior.

Taylor Bianchi
Uptycs, Senior Offensive Security Researcher

June 13, 2023 13:00

What the #%@& is Software Supply Chain Security

The Solar Winds, CircleCI, and 3CX software supply chain attacks has made Software Supply Chain Security one of the most discussed topics in cyber security. But what is Software Supply Chain Security? Depending on who or what vendor you talk to you will get a completely different answer. In this session, Matt Rose, Field CISO at Reversing Labs will discuss different approaches to ensuring the security of your software supply chain. What approaches work and what approaches fall short. In order to truly understand software supply chain security you need to understand what the #%@& software supply chain security is in the first place.

Matt Rose
ReversingLabs, Field CISO

June 13, 2023 13:20

Preventing Breaches with SOC Automation and MITRE ATT&CK

Preventing breaches starts with having the right detections in the SOC — but this is a major challenge when you have 50-100+ security tools sending telemetry to your SIEM from diverse log sources (Windows, Mac/Linux, cloud, email, IAM, etc.). And these complexity challenges are compounded by constant change in both your infrastructure and the global threat landscape. According to data from MITRE ATT&CK, the industry-standard framework for tracking adversary playbooks and behaviors on a global basis, there are now more than 350 adversary groups and 500 adversary techniques used to conduct cyberattacks ranging from ransomware to cyber espionage to attacks on critical infrastructure – and the number is constantly growing. Detection engineering is one of the last remaining SOC functions to still rely on manual ad-hoc processes, tribal knowledge, and specialized experts that are difficult to hire and retain, rather than on automated workflows and documented processes. In this session, we’ll look at the MITRE kill-chain for recent high-profile attacks and describe how detection posture management can help you detect them before they have material impact.

Phil Neray
CardinalOps, VP of Cyber Defense Strategy

June 13, 2023 13:50


Please visit our sponsors in the Exhibit Hall and explore their resources. They’re standing by to answer your questions.

June 13, 2023 14:00

in-CISO-mnia Panel: What Keeps CISOs on High Alert?

Our popular CISO Insomnia panel returns with a thought-provoking exploration of the pressing issues that keep CISOs and security leaders on high alert. Expect a robust conversation on the current threat landscape, the high-stakes decisions during crises, the priorities and strategies at the forefront of modern cybersecurity, and the future of securing digital assets at scale.

This panel will cover the rising ransomware epidemic, cloud security challenges, ever-growing attack surfaces, software supply chain risks and the changing face of communicating risk internally and externally.

Ryan Naraine
SecurityWeek, Editor-at-Large

Adam Ely
Fidelity Investments, Chief Information Security Officer

Lakshmi Hanspal
Amazon Devices and Services, Global Chief Security Officer

Shaun Marion
McDonald’s, Chief Information Security Officer

June 13, 2023 14:45

Security Leadership Fireside Chat: Discord CISO Kathy Wang


Kathy Wang
Discord, Chief Information Security Officer (CISO)

Ryan Naraine
SecurityWeek, Editor-at-Large

June 14 Agenda

June 14, 2023 11:00

Strategies for Protecting the CI Pipeline and Shipping Secure Apps by Default

Protecting the delivery pipeline is at least as important as securing the software that is built. In light of successful cloud breaches that target the engineering ecosystem it’s not surprising analysts like Gartner are highlighting the urgent need to develop a framework for protecting the software delivery pipeline. Join Stephen Giguere, developer advocate with Prisma Cloud, as he discusses:

  • How the attack surface has shifted left, outside the purview of traditional AppSec programs
  • Why runtime centric approaches are the most expensive way to build a CNAPP strategy
  • Simple 3 step framework for securing the engineering ecosystem and shipping code that’s secure by default

Stephen Giguere
Palo Alto Networks, Developer Advocate

June 14, 2023 11:30

CISO Panel: Combating Burnout as Cybersecurity Crises Escalate

The cybersecurity industry has experienced a seemingly endless series of high-stakes crises, taking a toll on the mental health and well-being of CISOs and security professionals. This panel will address the pressing issue of burnout, exploring its root causes, potential impacts on individuals and organizations, and practical strategies for prevention and recovery. This collection of security leaders and practitioners will share personal experiences and insights, aiming to foster a supportive dialogue and promote a healthier work-life balance within the industry.

Igor Varnava
Five9, VP, Chief Information Security Officer

Lena Smart
MongoDB, Chief Information Security Officer

Michael Piacente
Hitch Partners

June 14, 2023 12:15


Please visit our sponsors in the Exhibit Hall and explore their resources. They’re standing by to answer your questions.

June 14, 2023 12:30

CISOs Propose New Approach to Third Party Risk Management

While cybersecurity leaders understand the importance of managing and mitigating third-party risk, the current state of tooling and resource intensive questionnaires have created a hamster wheel of work that doesn’t make anything more secure.

In this session, two CISOs (Crossbeam’s Chris Castaldo and EAB’s Brian Markham) will discuss the investments made of the years, the scale of the third party risk management problem and propose an entirely new approach to dealing with this critical area of risk.

Chris Castaldo
Crossbeam, Chief Information Security Officer (CISO)

Brian Markham
EAB, Chief Information Security Officer

June 14, 2023 13:15

Panel: Cyber Insurance in the Age of Ransomware


Matt Honea
Forward Networks, Head of Security and Compliance

Evan D. Wolff
Crowell and Moring, Partner

Jason Shockey
Cenlar FSB, Chief Information Security Officer

Jonathan Jaffe
Lemonade, Chief Information Security Officer

Solutions Theater (On-demand)

Subscribe for Event News