A SecurityWeek Event

A VIRTUAL EVENT FOR 2023

An Exclusive Forum For
Information Security Leaders

June 13-14th, 2023

2023 Diamond Sponsor

https://www.cisoforum.com/wp-content/uploads/2020/09/Palo_Alto-Networks-logo.png

2023 Platinum Sponsors

https://www.cisoforum.com/wp-content/uploads/2023/05/Abnormal-logo-black.png
https://www.cisoforum.com/wp-content/uploads/2023/05/CardinalOps_Logo.png

2023 Gold Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/ReversingLabs_logo.png

ReversingLabs

https://www.cisoforum.com/wp-content/uploads/2023/05/Uptycs-Logo-1-320x95.png

Proofpoint

https://www.cisoforum.com/wp-content/uploads/2023/05/Lacework-Logo-320x53.png

Eclypsium

https://www.cisoforum.com/wp-content/uploads/2023/05/Saviynt-Logo.png

Synopsys

2023 Featured Speakers

Adam Ely

Adam Ely

Fidelity
CISO

Shaun Marion

Shaun Marion

McDonald’s
VP, CISO

Kathy Wang

Kathy Wang

Discord
CSO

Lena Smart

Lena Smart

MongoDB
CISO

Jason Shockey

Jason Shockey

Cenlar FSB
SVP, CISO

Igor Varnava

Igor Varnava

Five9
SVP, CISO

Brian Markham

Brian Markham

EAB
CISO

Chris Castaldo

Chris Castaldo

Crossbean
CISO

Michael Piacente

Michael Piacente

Hitch Partners
Managing Partner

Evan Wolff

Evan Wolff

Crowell & Moring
Partner

Evan Wolff

Jonathan Jaffe

Lemondade
CISO

2023 Agenda is Coming Soon

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event.

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.


An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Previous CISO Forum Speakers

Adrian Stone

Adrian Stone

Peloton
VP, CISO

Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

Mastercard
VP, Security Engineering

Caleb Sima

Caleb Sima

Robinhood
CISO

Allan Friedman

Allan Friedman

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI
CISO/CIO

Fredrick Lee

Fredrick ‘Flee’ Lee

Gusto
Chief Security Officer

Shaila Shankar

Shaila Shankar

Cisco
SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe

Lemonade
CISO

Aanchal Gupta

Aanchal Gupta

Microsoft
VP, Azure Security

Lena Smart

Lena Smart

MongoDB
CISO

Sounil Yu

Sounil Yu

JupiterOne
CISO

Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert

Security Awareness Training a Top Priority for CISOs: FS-ISAC Report

02/14/2018 0

(SecurityWeek – Kevin Townsend) – Thirty-five percent of CISOs in the financial sector consider staff training to be the top priority for cyber defense. Twenty-five percent prioritize infrastructure upgrades and network defense.

The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled more than 100 of its 7,000 global members to produce the first of its planned annual CISO Cybersecurity Trends Study. ISACs are non-profit organizations, usually relevant to individual critical infrastructure sectors, designed to share threat information among their members and with relevant government agencies. They were born from Bill Clinton’s 1998 Presidential Decision Directive PDD 63.

The FS-ISAC’s 2018 Cybersecurity Trends Report (PDF) notes a distinction in priorities based on the individual organization’s reporting structure. Where CISOs report into a technical structure, such as the CIO, the priority is for infrastructure upgrades, network defense and breach prevention. Where they report into a non-technical function, such as the COO or Legal, the priority is for staff training.

This could be as simple as CISOs prioritizing areas for which they are most likely to get funding. However, that staff training is considered the overall priority does not surprise Dr. Bret Fund, founder and CEO at SecureSet.

Request an invite to SecurityWeek’s CISO Forum

“I think that speaks to CISOs seeing first-hand how their largest risks of breach rest in the people component vs. the product or process components,” he suggests. “Executives and Boards cannot underestimate the need for a robust security culture inside their organizations; and the way that you achieve that is through proper education and training.”

Dan Lohrmann, chief security officer at Security Mentor, agrees. “The mission-essential business aspects that end user security awareness training is now playing in global financial organizations must be front and center surrounding around all data handling and incident response.” He recommends metrics-based training so that progress can be monitored.

The report finds no common reporting structure within financial organizations. Only 8% of CISOs report directly to the CEO. Sixty-six percent report to the CIO (39%), the CRO (14%) or the COO (13%). Despite these differences, there appears to be no impact on the frequency of reporting to the board of directors on cybersecurity.

Reporting most frequently occurs every three months (54% of CISOs). Eighteen percent report every six months, and 16% report annually. Only 6% report monthly.

There is no indication within the report on structural trends, which could provide an insight into the evolving role of the CISO. Greg Reber, CEO at AsTech, thinks this is an omission. “At AsTech, we see moves away from CISOs reporting to CIOs, as the incentives can be at odds,” he explains. “CIOs may need to get things done quickly to realize financial goals — moving processing to the cloud environments for example — while CISOs are chiefly concerned with risk management.”

He also notes a failure to comment on cyber risk insurance. “This falls into an ‘event response’ category, which we see as a top priority. However, it didn’t appear in the top three responses in this survey.” Reber equates ‘cyber defense’ with a Maginot Line philosophy, and believes resources should be balanced between defense and response.

“This report from FS-ISAC highlights the continued need for cyber awareness and vigilance from staff,” comments Stephen Burke, founder and CEO at Cyber Risk Aware. “Hackers are great at exploiting human nature, using social engineering tactics to gain their victims’ trust. Once they can get through defense and onto a user’s machine they may use sophisticated methods to stealthily move laterally across a network stealing data or credentials.”

FS-ISAC’s recommendations to its members based on its survey findings is that staff training should be prioritized regardless of the reporting structure. “People can be the solution to these growing online risks, or they can be contributors to the growing level of security problems,” says Lohrmann. “Effective security awareness training will enable the enterprise to successfully stop cyberattacks.”

Venture and M&A

Security awareness firms have been the subject of significant funding and M&A transactions in recent months.

Earlier this month, security awareness training firm Wombat Security agreed to be acquired by Proofpoint for $225 million in cash. In August 2017, Webroot acquired Securecast, an Oregon-based company that specializes in security awareness training. In October 2017, security awareness training and simulated phishing firm KnowBe4 secured $30 million in Series B financing, which brought the total amounbt raised by KnowBe4 to $44 million. Security awareness training firm PhishMe has raised nearly $58 million in funding, including a $42.5 million series C funding round in July 2016.


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe for Event News