A SecurityWeek Event


An Exclusive Executive Forum Focused on
Information Security Leadership and Strategy

September 13-14, 2022

2021 CISO Forum Presented by


2021 Diamond Sponsors


2021 Platinum Sponsors


2021 Gold Sponsors


Silver Sponsors


2021 CISO Forum

SecurityWeek’s CISO Forum takes place annually at the beautiful Ritz-Carlton, Half Moon Bay, which has served as the venue of the forum since 2014.

Given the global situation resulting from the COVID-19 pandemic, SecurityWeek’s 2021 CISO Forum, Presented by Cisco, will take place virtually. Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, specific zones & sponsor booths.

This  event is designed for security leaders to discuss, share and learn information security strategies. (Register)

Visit Here for the Latest Event Updates for the Virtual Edition

An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

September 14-15, 2021
Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Topics Include:

  • Fireside Chat: Adrian Stone: VP, CISO at Peloton
  • Winning Hearts and Minds on the Board
  • Designing and Architecting Security for a Hybrid World
  • CISO Panel: Navigating SBOMs and Supply Chain Security Transparency
  • Panel: CISO’s Guide to Building a Security Dream Team
  • Panel: The Top 5 Priorities of the Modern CISO
  • Defenders Playbook for Attack Simulation and Security Posture Validation
  • Virtual Expo and Networking
  • Identity-Focused Security for Your Zero Trust Journey
  • Winning Hearts and Minds on the Board
  • Securing Our Cloud Environment Against Hackers
  • Key Insights to Prevent Never-Before-Seen Cyber Attacks
  • SASE Industry Trends
  • Measuring Security and Building Trust with Leadership: Enabling Transformation Through Testing
  • How DevOps Can Make AppSec Testing Seamless
  • Addressing Sophisticated Supply Chain Attacks Head On with No Source Code Required
  • Much more! – Add to Calendar

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Adrian Stone

Adrian Stone


Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

VP, Security Engineering

Caleb Sima

Caleb Sima


Allan Friedman

Allan Friedman (Invited)

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI

Fredrick Lee

Fredrick ‘Flee’ Lee

Chief Security Officer

Shaila Shankar

Shaila Shankar

SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe


Aanchal Gupta

Aanchal Gupta

VP, Azure Security

Lena Smart

Lena Smart


Sounil Yu

Sounil Yu


Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert




September 24-26, 2019


1 Miramontes Point Rd, Half Moon Bay, CA 94019


+ 1 (650) 712-7000

CISOs: Five Ways to Ramp Up Your Security Strategy

12/21/2015 0

Every day, and usually without people realizing it, networks are breached. With confidential information exposed to the wrong eyes, secrets can become commodities capable of ruining corporate and personal reputations. We live in a world where network incidents are so common that no one can deny their existence. As attacks proliferate, problems mount. With the attack surface continually growing, new devices plugging into networks, and data in motion growing in volume, the challenges for corporate leaders are more complex than ever. Fortunately, most enterprise companies are taking steps to increase their defense in depth, but the security strategy does not become more effective by merely adding another layer of software to the stack. We need rethink the entire approach.

As most security professionals will attest, the task of setting up, maintaining and altering an integrated enterprise security system, often containing multiple vendor solutions, is not simple. There is no lack of solutions for security teams to choose from. What is important is knowing what type of solution to implement and why. The first step to combatting this challenge is to examine a number of common variables at work that point towards why cyber security problems seem to be getting worse despite the availability of innovative solutions in the market.

Expanding networks. Agile hackers. Let’s look at the variables.

  • Networks are getting larger with each user connecting multiple devices into the system.

  • While not necessarily smarter, attackers are more agile than most organizations and can afford a “low and slow” approach before pulling the trigger.

  • The explosion of social networking and the subsequent high volume of data and users it has created help hackers get even easier access into corporate networks.

  • The widespread reach of black markets and rampant utilization of automated systems has created a marketplace primed for maleficence.

  • The proliferation of technology has created a world that is more diverse and disparate than ever. We continue to be pulled in a million directions as information travels quicker.

The above scenarios are just the tip of the ‘cyber-risk iceberg’. In reality, there are hundreds of variables to identify, assess, and use when looking for the right solution. In this brief write-up, we will do our best to turn those variables into tangible steps in search for a more comprehensive security strategy.

Understand. Articulate. Act.

Where is a cyber security professional to begin when the stakes are set against the corporation? The key is better preparation. Below are five steps that will provide an approach to help build a strategy that offers the potential to outsmart the attacker.

  1. Stop guessing. Assume your enterprise has already been breached. This is where detection technology is critical. Implementing a signature-based system is helpful but it is not sufficient. What is needed is a system that detects behavior anomalies by correlating seemingly disparate events. Think of a night watchman on patrol, noticing potentially unrelated incidents that he can then tie together. He sees a security light has gone dark; this is not necessarily cause for alarm, but it could be if there is broken glass where the bulb was broken, not burnt out. Thus, it is the pinning together of isolated events that could shine light on abnormal behavior that leads to the discovery of a malicious intruder.

  2. Assess the most critical assets and potential compromises within your network.For example, are your end users reliant on mobile devices? Are your employees constantly working remote or on-the-go? The 2015 Cyberthreat Defense Report shows that 59% of respondents experienced an increase in mobile threats over the past year. If you have a mobile-heavy workforce, make sure you’re monitoring all apps and mobile traffic. Also, know the storage location of the most critical assets of your organization, such as corporate IP, client info, project plans, etc., and have consistent management of access permission settings.

  3. Understand your risks and core infrastructure. You must be aware of the most vulnerable risks posed to your organization in the event of a breach. What assets pose the greatest danger to your stability if they fall into the wrong hands? What is the level of security as defined by your existing cyber security stack? How much of your resources have been deployed to your perimeter versus network core?

  4. Articulate. Learn the way in which your organization’s board communicates and receives information best. They typically do not have time to review hundreds of metrics; therefore you must be able to organize your findings in a succinct, action-oriented manner that makes it easier for them to make decisions that help your organization. They certainly have the means to move resources. Make them your advocates.

  5. Act. Once a plan is in place, execution is vital. Make sure you put the necessary time and effort into building a resilient and secure system prepared to fight off invaders both inside and outside the firewall. In the end, it will save your organization valuable time and money while protecting your reputation.

Securing your network from the inside out via detection is crucial. Since we know that more than 90% of networks already have intruders present, we must take steps to detect their presence, identify how they got in, and make a plan to protect the network from future intrusion.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe for Event News