A SecurityWeek Event

A VIRTUAL EVENT FOR 2022

An Exclusive Executive Forum Focused on
Information Security Leadership and Strategy

September 13-14, 2022

2021 CISO Forum Presented by

https://www.cisoforum.com/wp-content/uploads/2021/08/Cisco-Secure-Logo.png

2021 Diamond Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Synack_Logo-300x76-1.jpeg
https://www.cisoforum.com/wp-content/uploads/2020/09/Palo_Alto-Networks-logo.png

2021 Platinum Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Okta_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Recorded_Future-Logo-wide.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Beyond_Identity-logo-320x144.png

2021 Gold Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Proofpoint-Logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Eclypsium_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/synopsys_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Corel_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Abnormal-Security.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Cymulate_Logo.jpg
https://www.cisoforum.com/wp-content/uploads/2021/08/ReversingLabs_logo.png

Silver Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/VirusTotal.png

2021 CISO Forum

SecurityWeek’s CISO Forum takes place annually at the beautiful Ritz-Carlton, Half Moon Bay, which has served as the venue of the forum since 2014.

Given the global situation resulting from the COVID-19 pandemic, SecurityWeek’s 2021 CISO Forum, Presented by Cisco, will take place virtually. Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, specific zones & sponsor booths.

This  event is designed for security leaders to discuss, share and learn information security strategies. (Register)

Visit Here for the Latest Event Updates for the Virtual Edition

An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

September 14-15, 2021
Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Topics Include:

  • Fireside Chat: Adrian Stone: VP, CISO at Peloton
  • Winning Hearts and Minds on the Board
  • Designing and Architecting Security for a Hybrid World
  • CISO Panel: Navigating SBOMs and Supply Chain Security Transparency
  • Panel: CISO’s Guide to Building a Security Dream Team
  • Panel: The Top 5 Priorities of the Modern CISO
  • Defenders Playbook for Attack Simulation and Security Posture Validation
  • Virtual Expo and Networking
  • Identity-Focused Security for Your Zero Trust Journey
  • Winning Hearts and Minds on the Board
  • Securing Our Cloud Environment Against Hackers
  • Key Insights to Prevent Never-Before-Seen Cyber Attacks
  • SASE Industry Trends
  • Measuring Security and Building Trust with Leadership: Enabling Transformation Through Testing
  • How DevOps Can Make AppSec Testing Seamless
  • Addressing Sophisticated Supply Chain Attacks Head On with No Source Code Required
  • Much more! – Add to Calendar

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Adrian Stone

Adrian Stone

Peloton
VP, CISO

Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

Mastercard
VP, Security Engineering

Caleb Sima

Caleb Sima

Robinhood
CISO

Allan Friedman

Allan Friedman (Invited)

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI
CISO/CIO

Fredrick Lee

Fredrick ‘Flee’ Lee

Gusto
Chief Security Officer

Shaila Shankar

Shaila Shankar

Cisco
SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe

Lemonade
CISO

Aanchal Gupta

Aanchal Gupta

Microsoft
VP, Azure Security

Lena Smart

Lena Smart

MongoDB
CISO

Sounil Yu

Sounil Yu

JupiterOne
CISO

Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert

https://www.cisoforum.com/wp-content/uploads/2015/12/halfmoonbay.jpeg

HALF MOON BAY, CA

Ritz-Carlton

September 24-26, 2019

Address

1 Miramontes Point Rd, Half Moon Bay, CA 94019

Phone

+ 1 (650) 712-7000

Security Awareness Training a Top Priority for CISOs: FS-ISAC Report

02/14/2018 0

(SecurityWeek – Kevin Townsend) – Thirty-five percent of CISOs in the financial sector consider staff training to be the top priority for cyber defense. Twenty-five percent prioritize infrastructure upgrades and network defense.

The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled more than 100 of its 7,000 global members to produce the first of its planned annual CISO Cybersecurity Trends Study. ISACs are non-profit organizations, usually relevant to individual critical infrastructure sectors, designed to share threat information among their members and with relevant government agencies. They were born from Bill Clinton’s 1998 Presidential Decision Directive PDD 63.

The FS-ISAC’s 2018 Cybersecurity Trends Report (PDF) notes a distinction in priorities based on the individual organization’s reporting structure. Where CISOs report into a technical structure, such as the CIO, the priority is for infrastructure upgrades, network defense and breach prevention. Where they report into a non-technical function, such as the COO or Legal, the priority is for staff training.

This could be as simple as CISOs prioritizing areas for which they are most likely to get funding. However, that staff training is considered the overall priority does not surprise Dr. Bret Fund, founder and CEO at SecureSet.

Request an invite to SecurityWeek’s CISO Forum

“I think that speaks to CISOs seeing first-hand how their largest risks of breach rest in the people component vs. the product or process components,” he suggests. “Executives and Boards cannot underestimate the need for a robust security culture inside their organizations; and the way that you achieve that is through proper education and training.”

Dan Lohrmann, chief security officer at Security Mentor, agrees. “The mission-essential business aspects that end user security awareness training is now playing in global financial organizations must be front and center surrounding around all data handling and incident response.” He recommends metrics-based training so that progress can be monitored.

The report finds no common reporting structure within financial organizations. Only 8% of CISOs report directly to the CEO. Sixty-six percent report to the CIO (39%), the CRO (14%) or the COO (13%). Despite these differences, there appears to be no impact on the frequency of reporting to the board of directors on cybersecurity.

Reporting most frequently occurs every three months (54% of CISOs). Eighteen percent report every six months, and 16% report annually. Only 6% report monthly.

There is no indication within the report on structural trends, which could provide an insight into the evolving role of the CISO. Greg Reber, CEO at AsTech, thinks this is an omission. “At AsTech, we see moves away from CISOs reporting to CIOs, as the incentives can be at odds,” he explains. “CIOs may need to get things done quickly to realize financial goals — moving processing to the cloud environments for example — while CISOs are chiefly concerned with risk management.”

He also notes a failure to comment on cyber risk insurance. “This falls into an ‘event response’ category, which we see as a top priority. However, it didn’t appear in the top three responses in this survey.” Reber equates ‘cyber defense’ with a Maginot Line philosophy, and believes resources should be balanced between defense and response.

“This report from FS-ISAC highlights the continued need for cyber awareness and vigilance from staff,” comments Stephen Burke, founder and CEO at Cyber Risk Aware. “Hackers are great at exploiting human nature, using social engineering tactics to gain their victims’ trust. Once they can get through defense and onto a user’s machine they may use sophisticated methods to stealthily move laterally across a network stealing data or credentials.”

FS-ISAC’s recommendations to its members based on its survey findings is that staff training should be prioritized regardless of the reporting structure. “People can be the solution to these growing online risks, or they can be contributors to the growing level of security problems,” says Lohrmann. “Effective security awareness training will enable the enterprise to successfully stop cyberattacks.”

Venture and M&A

Security awareness firms have been the subject of significant funding and M&A transactions in recent months.

Earlier this month, security awareness training firm Wombat Security agreed to be acquired by Proofpoint for $225 million in cash. In August 2017, Webroot acquired Securecast, an Oregon-based company that specializes in security awareness training. In October 2017, security awareness training and simulated phishing firm KnowBe4 secured $30 million in Series B financing, which brought the total amounbt raised by KnowBe4 to $44 million. Security awareness training firm PhishMe has raised nearly $58 million in funding, including a $42.5 million series C funding round in July 2016.


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe for Event News