2019 Philadelphia
CISO Roundtable

#IANSPhiladelphia #IANSEvents

Wednesday, October 16, 2019
Philadelphia Marriott Downtown, 1201 Market Street, Philadelphia, PA

This 1-day roundtable at the Philadelphia Information Security Forum is designed exclusively for CISOs and senior level information security executives to learn and share insights in a confidential setting. Join us for these high-level leadership sessions:

We Don’t Compete on Security – Booking Holdings’ Collaboration Lessons Learned – Join Mark Weatherford and his InfoSec colleagues for a panel discussing why and how their organization’s disparate teams work together.

Leading in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer – Retired Navy SEAL Commander Brendan Leary will introduce techniques for becoming a better leader and more decisive decision maker in chaotic, complex situations. 

Building a Modern Day SOC – IANS Faculty member George Gerchow will discuss new processes to keep you agile and what’s needed to manage and maintain a SOC.

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness – IANS and TrustedSec's Rockie Brockway will set a baseline understanding of ATT&CK and provide insights for leveraging the framework.

Managing the Media During an Incident: A Brunswick Group Workshop – Prepare for the publicly facing role as a CISO and learn recommendations on putting your best foot forward when communicating with the media.

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters – Two of the market’s leading CISO executive recruiters will discuss career development, hiring and compensation trends, and negotiation best practices.

Let your colleagues know you're coming!

Register Now

* Required Fields

CISO Roundtable Agenda

9:50 AM - 10:20 AM

IANS Overview & CISO Attendee Introductions

10:20 AM - 11:00 AM

Panel Discussion: We Don’t Compete on Security – Booking Holdings’ Collaboration Lessons Learned

Booking Holdings, the world’s leader in online travel, is made up of the brands Bookings.com, KAYAK, Priceline.com, Agoda, Rentalcars.com and OpenTable. These brands openly compete, but the various InfoSec teams collaborate. Join Booking Holding’s Mark Weatherford and his InfoSec colleagues for a panel discussing why and how these disparate teams work together. Topics will include:

  • Board reporting at the brand and holding company level
  • Using heat maps and dashboards to measure relative performance
  • Allowing red teams to operate across the platform
  • How vendor assessments are shared
Brendan Leary

Brendan Leary

McChrystal Group, Senior Principal

Brendan Leary is a Senior Principal at McChrystal Group, where he works as part of our Advisory Services team. Brendan has supported companies in several industries and is currently advising an international wealth management company.

Brendan has deep experience in leadership, team building, planning, crisis and deliberate decision-making, and operational execution. He has driven organizational transformation and achieved results at the executive-level in every organization in which he has served. Recently transitioned from the Naval Special Warfare community, Brendan has 21 years of experience leading SEALs and other special operations units. His diverse military career has included counterterrorism, undersea operations, contingency operations in Liberia, combat operations in Afghanistan and Iraq, and counter-insurgency and stability operations in Africa.

Prior to joining McChrystal Group, Brendan was the Deputy Commander of an 1,800-member special operations organization with nine subsidiaries and regional responsibilities on three continents. He has led, mentored and improved high-performing teams to execute sensitive missions, build strategic relationships, and develop effective technical solutions in complex, dynamic, and high-risk environments.

Brendan earned a Bachelor of Science degree from Springfield College and a Master of Science degree in Military Strategic Studies from the Marine Corps University.

11:00 AM - 12:00 PM

Leading in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer

with Brendan Leary

Retired Navy SEAL Commander Brendan Leary will introduce techniques that help you become a better leader and more decisive decision maker when managing chaotic, complex situations.

Brendan will start the session with a case study from ‘down range’ – how he and a number of Special Operations officers turned the tide on the Iraqi insurgency in 2009-2011. Drawing from their lessons, this session will offer a blueprint for how to lead in a muddled, fast-changing environment with incomplete, often contradictory, data.

george-gerchow

George Gerchow

IANS Faculty

As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance and, modern day Security Operation Centers in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including DevSecOps, cloud secure architecture design, virtualization, compliance, configuration management, and operational security and compliance. George has been on the bleeding edge of public cloud security and privacy since being a co-founder of the VMware Center for Policy & Compliance. Mr. Gerchow is also an active Board Member for several technology start-ups and the co-author of the Center for Internet Security - Quick Start Cloud Infrastructure Benchmark v1.0.0 and the MISTI Fundamentals in Cloud Security. He is a Faculty Member for IANS (Institute for Applied Network Security) and Cloud Academy.

12:00 PM - 1:00 PM

Lunch & IANS Faculty Briefing: Building a Modern Day SOC

with George Gerchow

CISOs are trying to figure out how to monitor and secure workloads that are built on microservices and containers. How does the SOC get out in front of the issue? In addition, what new pool of talent is both available and needed to manage and maintain a SOC?

IANS Faculty member George Gerchow's briefing will cover:

  • New processes to keep you agile
  • Leveraging a modern-day toolkit
  • The power of Bug Bounties, from code to cradle
1:00 PM - 2:00 PM

Solution Provider Power Hour

Executives from Aqua Security, ZeroFOX, and one other venture backed vendor company will deliver 15-minute technical briefings.  

Following the briefings, IANS will facilitate a closed door, CISO-only discussion of the value and drawbacks of each of the vendor solutions.

cycognito zerofox
Rockie Brockway

Rockie Brockway

Practice Lead, Office of the CSO, TrustedSec

Rockie is an experienced 25-year veteran of IT/IS and highly technical Information Security Analyst, Design Architect/Assessor specializing in Business Systems/Impact Analysis. Through an understanding of business needs in relation to protecting business critical data (Brand Protection), he assists organizations in achieving their desired business outcomes. He has consulted in nearly every vertical and marries a strong technical background with outstanding creativity, communication skills, leadership, team building/teamwork skills and business acumen.

tim-bernard

Tim Bernard

Area Vice President, IANS

Tim leads IANS’ end user business in the Northeastern US and Canada, and midwestern US. Tim graduated [ages ago] from Providence College (Go Friars!) with a degree in Business Economics. When not wrangling roundtables or related IANS folks, he’s probably chasing his kids or his manic dog.

2:00 PM - 2:45 PM

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness

with Rockie Brockway and Tim Bernard

MITRE’s ATT&CK™ is a framework that supports information security teams as they seek to improve their posture. However, many security leaders do not understand how to use the ATT&CK framework to its fullest.

IANS, along with Rockie Brockway, Practice Leader at TrustedSec, will co-lead a session to set a baseline understanding of ATT&CK, and provide insights for leveraging the framework to improve:

  • Threat modeling
  • Threat hunting
  • Purple teaming
  • Product evaluations

Using a client example, Rockie will also discuss leveraging ATT&CK to assess coverage mapping, controls effectiveness, and testing and validation.

You will walk away from the session with detailed examples and practical applications.

2:45 PM - 3:00 PM

Afternoon Networking Break

3:00 PM - 4:00 PM

Managing the Media During an Incident: A Brunswick Group Workshop

CISOs are increasingly public-facing executives – often in post-breach media briefings or other high-stakes situations. This Brunswick Group's workshop starts with an analysis of post-breach video clips and then pivots to recommendations on putting your best foot forward in working with the media. Topics include:

  • The CISO’s new dual external and internal role
  • Telling your story and honing your message
  • Dealing with traps and left-field questions
  • How to stay on message and avoid being sidetracked
Matt Comyns

Matt Comyns

Managing Partner, Caldwell Partners

Matt Comyns is managing partner of Caldwell Partners' Cyber Security Practice and a member of the Stamford office. His focus is on recruiting chief information security officers and next-level-down top lieutenants in information security for large global corporations and fast-growing private companies, as well as cyber security consultants for leading professional services firms and top executives for cyber security technology companies.

Matt previously co-led Russell Reynolds Associates’ Global Cyber Security Practice, within the firm’s Technology Sector. Prior to joining the executive search industry, he served as CEO of Pacific Epoch, a consulting firm that specializes in market intelligence and research for U.S.-based companies seeking to invest in and expand into China—until the completion of the firm’s sale. Prior to that, he was a founding partner of BlackInc Ventures, a strategic advisory firm providing clients in the digital media sector with leading outsourced solutions for business, sales, and corporate development.

Before launching BlackInc Ventures in 2004, Matt worked with CNET Networks Inc. for nearly seven years, holding various positions including senior vice president/publisher of News.com, vice president of business development, and director of business development at Snap.com. He has also served as a sales manager for Dow Jones Interactive in Asia and as a founding board member of The Online Publishers’ Association.

Matt holds a BA in political science from Bucknell University and is conversational in Mandarin. He previously served as a member of the Board of Directors for Music National Service, a national nonprofit organization and movement that supports music as a strategy for public good.

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

4:00 PM - 4:45 PM

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters

with Matt Comyns and Phil Gardner

In our final session, IANS CEO Phil Gardner will moderate a discussion with two of the security industry's leading CISO executive recruiters. The session will focus first on career development and then move toward hiring, compensation trends and negotiation best practices. We'll discuss:

  • What traits do recruiters look for in high performing CISOs?
  • What does it take to advance to the Fortune 500 ranks?
  • Has my compensation kept up with the market?
  • What three negotiation tips should I use for my next position?
4:45 PM - 5:45 PM

Networking Reception

After spending a day learning and sharing ideas with your peers, join us for a networking reception to unwind and share insights from the day.

General Forum Opening

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:30 AM - 8:45 AM

IANS Welcome & State of the Industry

Come join us as we welcome you to the Forum.
Nick Mankovich

Nick Mankovich

Becton Dickinson, Vice President and CISO Emeritus

Nick is a Vice President and CISO Emeritus at Becton Dickinson – formerly the BD Chief Information Security Officer (CISO) bearing ultimate responsibility for the adequate protection of BD information asset confidentiality, integrity and availability.

Prior to his 3+ years at BD, he founded and operated CyberRisk Consulting LLC - a privacy, product security and enterprise security risk management consultancy.

From 1995-2015, Nick held positions at Philips Electronics, including as Corporate Research Department Head specializing in IT-based innovation. He then became a Healthcare Strategy Senior Director and moved on to create and manage both the Healthcare Product Security program and the Healthcare Privacy Office (8 years). During his final three years at Philips he was asked to transform Information Security at Philips as their first global CISO.

While at Philips and beyond, Nick worked on international standards – most notably with ISO-IEC Joint Working Group 7, responsible for establishing safety, effectiveness and security in connected healthcare technology.

Prior to 1995, Nick spent thirteen years in the UCLA School of Medicine, where he became Associate Professor of Radiological Sciences. During that time, he also had a 3-year appointment as a Visiting Professor in the School of Computer Sciences and Engineering at the University of New South Wales in Sydney.  Nick was engaged in hospital-wide digital initiatives including creating one of the first Radiological Picture Archiving and Communications Systems. In the 1980s he was one of the first to realize surgical planning-based digital imaging and 3D printing via stereolithography.  He has over 100 publications and holds 6 patents. 

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

8:45 AM - 9:30 AM

Keynote Interview: Reflections from a CISO Emeritus – A Discussion with BD’s Nick Mankovich

with Nick Mankovich and Phil Gardner Join IANS CEO Phil Gardner and Nick Mankovich, BD’s CISO Emeritus, for a keynote discussion where Nick will share some of the management lessons he’s drawn from a distinguished, decades-long security career. Nick is a believer that clear risk governance is the foundation of any corporate security program. We’ll explore how to implement this during our talk and discuss the benefits and the trade-off’s that come with being clear on “who-owns-what” in a corporate setting.
9:30 AM - 9:50 AM

Networking Break

Join your peers and transition to the CISO Roundtable for a day of closed-door, high-level sessions.

2019 Philadelphia Facilitators

Phil Gardner

IANS Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

tim-bernard

Tim Bernard

IANS Area Vice President

Event: Philadelphia Marriott Downtown

1201 Market Street, Philadelphia, PA 19107

Hotel: Courtyard Philadelphia Downtown

21 N Juniper St, Philadelphia, PA 19107

Room Rate:

$259

per night plus tax

Attendee Contact

ians@iansresearch.com

Check out IANS other upcoming events