2019 Philadelphia
CISO Roundtable

#IANSPhiladelphia #IANSEvents

Wednesday, October 16, 2019
Philadelphia Marriott Downtown, 1201 Market Street, Philadelphia, PA

This 1-day roundtable at the Philadelphia Information Security Forum is designed exclusively for CISOs and senior level information security executives to learn and share insights in a confidential setting. Join us for these high-level leadership sessions:

We Don’t Compete on Security – Booking Holdings’ Collaboration Lessons Learned – Join Mark Weatherford and his InfoSec colleagues for a panel discussing why and how their organization’s disparate teams work together.

Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer – Retired Navy SEAL Commander Brendan Leary will introduce techniques for becoming a better leader and more decisive decision maker in chaotic, complex situations. 

Building a Modern Day SOC – IANS Faculty member George Gerchow will discuss new processes to keep you agile and what’s needed to manage and maintain a SOC.

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness – IANS and TrustedSec's Rockie Brockway will set a baseline understanding of ATT&CK and provide insights for leveraging the framework.

Managing the Media During an Incident: A Brunswick Group Workshop – Prepare for the publicly facing role as a CISO and learn recommendations on putting your best foot forward when communicating with the media.

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters – Two of the market’s leading CISO executive recruiters will discuss career development, hiring and compensation trends, and negotiation best practices.

Let your colleagues know you're coming!

Register Now

* Required Fields

CISO Roundtable Agenda

9:50 AM - 10:20 AM

IANS Overview & CISO Attendee Introductions

Daniel Ostermeier Bio Photo

Daniel Ostermeier

Principal Developer, booking.com

Daniel Ostermeier is a principal developer and part of the leadership team within the security department at booking.com. He has been a part of the security team since its early days, giving him a strong insight into every aspect of the department, from application security to incident response and security assurance. More recently, he has been applying his experience and knowledge to the collaboration with the broader Booking Holdings group of CISO's.

Prior to his involvement in Security, Daniel focused his attention towards improvements in the development process through automation, continuous integration, testing, and related developer tooling, spanning multiple startups and one unicorn.

Mark-Weatherford

Mark Weatherford

Global Information Security Strategist, Booking Holdings

Mark Weatherford is the Global Information Security Strategist at Booking Holdings where he works with their brand companies that include Booking.com, Priceline, Agoda, Kayak, BookingGo, and OpenTable to create secure technology travel products for their millions of customers around the world.

He has held a variety of executive level cybersecurity roles including the Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, and Chief Security Officer at the North American Electric Reliability Corporation (NERC) where he led the cybersecurity program and worked with over 3,000 electric utility companies across North America.

In 2008 he was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer, and in 2011 he was appointed as the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity. As a U.S. Navy Cryptology Officer, Mr. Weatherford led the United States Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).

10:20 AM - 11:00 AM

Panel Discussion: We Don’t Compete on Security – Booking Holdings’ Collaboration Lessons Learned

with Daniel Ostermeier and Mark Weatherford

Booking Holdings, the world’s leader in online travel, is made up of the brands Booking.com, KAYAK, Priceline.com, Agoda, Rentalcars.com and OpenTable. These brands openly compete, but the various InfoSec teams collaborate. Join Booking Holdings' Daniel Ostermeier and Mark Weatherford for a panel discussing why and how these disparate teams work together. Topics will include:

  • Board reporting at the brand and holding company level
  • Using heat maps and dashboards to measure relative performance
  • Allowing red teams to operate across the platform
  • How vendor assessments are shared
Brendan Leary

Brendan Leary

McChrystal Group, Senior Principal

Brendan Leary is a Senior Principal at McChrystal Group, where he works as part of our Advisory Services team. Brendan has supported companies in several industries and is currently advising an international wealth management company.

Brendan has deep experience in leadership, team building, planning, crisis and deliberate decision-making, and operational execution. He has driven organizational transformation and achieved results at the executive-level in every organization in which he has served. Recently transitioned from the Naval Special Warfare community, Brendan has 21 years of experience leading SEALs and other special operations units. His diverse military career has included counterterrorism, undersea operations, contingency operations in Liberia, combat operations in Afghanistan and Iraq, and counter-insurgency and stability operations in Africa.

Prior to joining McChrystal Group, Brendan was the Deputy Commander of an 1,800-member special operations organization with nine subsidiaries and regional responsibilities on three continents. He has led, mentored and improved high-performing teams to execute sensitive missions, build strategic relationships, and develop effective technical solutions in complex, dynamic, and high-risk environments.

Brendan earned a Bachelor of Science degree from Springfield College and a Master of Science degree in Military Strategic Studies from the Marine Corps University.

11:00 AM - 12:00 PM

Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer

with Brendan Leary

Retired Navy SEAL Commander Brendan Leary will introduce insights that help you and your organization adapt quicker and make faster, better decisions when managing complex, chaotic situations.

Brendan will start the session with some organizational and leadership lessons from ‘down range’ – how he and a handful of Special Operations officers turn the tide on the Iraqi insurgency in 2009-2011.  Drawing from their lessons, this session will offer a blueprint for how to restructure an organization and lead in a fast-changing environment with incomplete, often contradictory, data.

george-gerchow

George Gerchow

IANS Faculty

As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance, and modern day Security Operation Centers in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including DevSecOps, cloud secure architecture design, virtualization, compliance, configuration management, and operational security and compliance. George has been on the bleeding edge of public cloud security and privacy since being a co-founder of the VMware Center for Policy & Compliance. Mr. Gerchow is also an active Board Member for several technology start-ups and the co-author of the Center for Internet Security - Quick Start Cloud Infrastructure Benchmark v1.0.0 and the MISTI Fundamentals in Cloud Security. He is a Faculty Member for IANS (Institute for Applied Network Security) and Cloud Academy.

12:00 PM - 1:00 PM

Lunch & IANS Faculty Briefing: Building a Modern Day SOC

with George Gerchow

CISOs are trying to figure out how to monitor and secure workloads that are built on microservices and containers. How does the SOC get out in front of the issue? In addition, what new pool of talent is both available and needed to manage and maintain a SOC?

IANS Faculty member George Gerchow's briefing will cover:

  • New processes to keep you agile
  • Leveraging a modern-day toolkit
  • The power of Bug Bounties, from code to cradle
1:00 PM - 2:00 PM

Solution Provider Power Hour

Executives from Aqua Security, ZeroFOX, and one other venture backed vendor company will deliver 15-minute technical briefings.  

Following the briefings, IANS will facilitate a closed door, CISO-only discussion of the value and drawbacks of each of the vendor solutions.

cycognito zerofox
Rockie Brockway

Rockie Brockway

Practice Lead, Office of the CSO, TrustedSec

Rockie is an experienced 25-year veteran of IT/IS and highly technical Information Security Analyst, Design Architect/Assessor specializing in Business Systems/Impact Analysis. Through an understanding of business needs in relation to protecting business critical data (Brand Protection), he assists organizations in achieving their desired business outcomes. He has consulted in nearly every vertical and marries a strong technical background with outstanding creativity, communication skills, leadership, team building/teamwork skills and business acumen.

tim-bernard

Tim Bernard

Area Vice President, IANS

Tim leads IANS’ end user business in the Northeastern US and Canada, and midwestern US. Tim graduated [ages ago] from Providence College (Go Friars!) with a degree in Business Economics. When not wrangling roundtables or related IANS folks, he’s probably chasing his kids or his manic dog.

2:00 PM - 2:45 PM

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness

with Rockie Brockway and Tim Bernard

MITRE’s ATT&CK™ is a framework that supports information security teams as they seek to improve their posture. However, many security leaders do not understand how to use the ATT&CK framework to its fullest.

IANS Area Vice President Tim Bernard and Rockie Brockway, Practice Leader at TrustedSec, will co-lead a session to set a baseline understanding of ATT&CK, and provide insights for leveraging the framework to improve:

  • Threat modeling
  • Threat hunting
  • Purple teaming
  • Product evaluations

Using a client example, Rockie will also discuss leveraging ATT&CK to assess coverage mapping, controls effectiveness, and testing and validation.

You will walk away from the session with detailed examples and practical applications.

2:45 PM - 3:00 PM

Afternoon Networking Break

Andrew Gernt

Andrew Gernt

Associate, Brunswick Group

Andrew is an Associate in Brunswick’s Washington, D.C. office where he supports clients on crisis communications, stakeholder engagement, corporate reputation, and public affairs campaigns. He is the Chief of Staff to the Cybersecurity and Data Privacy practice. Prior to joining Brunswick Group, Andrew worked on several political campaigns providing strategic communications advice, preparing public remarks, and serving as a campaign spokesman. He began his career on Capitol Hill where he served as U.S. Congressman David Cicilline’s Communications Director and U.S. Senator Jack Reed’s Deputy Press Secretary.

Andrew received his master’s degree in national security and strategic studies from the Naval War College and a bachelor’s degree in English from the University of Colorado at Boulder.

 

Siobhan Gorman

Siobhan Gorman

Partner, Brunswick Group

Siobhan Gorman is a Partner in the Washington, D.C., office of the Brunswick Group, where she concentrates on crisis, cybersecurity, public affairs, and media relations. Siobhan has worked on corporate crisis across a range of industries, including financial services, healthcare, defense, entertainment, technology, and automotive. 

Siobhan has also led a range of cybersecurity, public affairs, litigation, and corporate reputation projects in the financial, retail, airline, and technology sectors. Tapping her longtime journalism experience, she regularly advises clients on media relations issues and conducts media training for executives. 

Siobhan is a member of the Senior Advisory Group for Harvard University’s Defending Digital Democracy Project, which is focused on preventing and mitigating cyberattacks on the election process. She is also member of the Advisory Committee for Brown University's Executive Master in Cybersecurity.

Prior to joining Brunswick, Siobhan had a successful 17-year career as a reporter, most recently at The Wall Street Journal. At The Journal, she covered a range of national security and law enforcement topics, including counterterrorism, intelligence, and cybersecurity. Prior to joining The Journal in 2007, Siobhan was a Washington correspondent for The Baltimore Sun covering intelligence and security. From 1998 to 2005, she was a staff correspondent for National Journal covering similar issues. She began her career as a researcher for a columnist at The Washington Post.

Siobhan won the 2006 Sigma Delta Chi Award for Washington Correspondence for her coverage of the National Security Agency and in 2000 received a special citation in national magazine writing from the Education Writers Association. She has been nominated three times for the Pulitzer Prize and is a graduate of Dartmouth College.

3:00 PM - 4:00 PM

Managing the Media During an Incident: A Brunswick Group Workshop

with Andrew Gernt and Siobhan Gorman

CISOs are increasingly public-facing executives – often in post-breach media briefings or other high-stakes situations. This Brunswick Group's workshop starts with an analysis of post-breach video clips and then pivots to recommendations on putting your best foot forward in working with the media. Topics include:

  • The CISO’s new dual external and internal role
  • Telling your story and honing your message
  • Dealing with traps and left-field questions
  • How to stay on message and avoid being sidetracked
Matt Comyns

Matt Comyns

Managing Partner, Caldwell Partners

Matt Comyns is managing partner of Caldwell Partners' Cyber Security Practice and a member of the Stamford office. His focus is on recruiting chief information security officers and next-level-down top lieutenants in information security for large global corporations and fast-growing private companies, as well as cyber security consultants for leading professional services firms and top executives for cyber security technology companies.

Matt previously co-led Russell Reynolds Associates’ Global Cyber Security Practice, within the firm’s Technology Sector. Prior to joining the executive search industry, he served as CEO of Pacific Epoch, a consulting firm that specializes in market intelligence and research for U.S.-based companies seeking to invest in and expand into China—until the completion of the firm’s sale. Prior to that, he was a founding partner of BlackInc Ventures, a strategic advisory firm providing clients in the digital media sector with leading outsourced solutions for business, sales, and corporate development.

Before launching BlackInc Ventures in 2004, Matt worked with CNET Networks Inc. for nearly seven years, holding various positions including senior vice president/publisher of News.com, vice president of business development, and director of business development at Snap.com. He has also served as a sales manager for Dow Jones Interactive in Asia and as a founding board member of The Online Publishers’ Association.

Matt holds a BA in political science from Bucknell University and is conversational in Mandarin. He previously served as a member of the Board of Directors for Music National Service, a national nonprofit organization and movement that supports music as a strategy for public good.

tim-bernard

Tim Bernard

Area Vice President, IANS

Tim leads IANS’ end user business in the Northeastern US and Canada, and midwestern US. Tim graduated [ages ago] from Providence College (Go Friars!) with a degree in Business Economics. When not wrangling roundtables or related IANS folks, he’s probably chasing his kids or his manic dog.

4:00 PM - 4:45 PM

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters

with Matt Comyns and Tim Bernard

In our final session, IANS Area Vice President Tim Bernard will moderate a discussion with two of the security industry's leading CISO executive recruiters. The session will focus first on career development and then move toward hiring, compensation trends and negotiation best practices. We'll discuss:

  • What traits do recruiters look for in high performing CISOs?
  • What does it take to advance to the Fortune 500 ranks?
  • Has my compensation kept up with the market?
  • What three negotiation tips should I use for my next position?
4:45 PM - 5:45 PM

Networking Reception

After spending a day learning and sharing ideas with your peers, join us for a networking reception to unwind and share insights from the day.

General Forum Opening

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:30 AM - 8:45 AM

IANS Welcome and Perspective

Come join us as we welcome you to the Forum.
Nick Mankovich

Nick Mankovich

Becton Dickinson, Vice President and CISO Emeritus

Nick is a Vice President and CISO Emeritus at Becton Dickinson – formerly the BD Chief Information Security Officer (CISO) bearing ultimate responsibility for the adequate protection of BD information asset confidentiality, integrity and availability.

Prior to his 3+ years at BD, he founded and operated CyberRisk Consulting LLC - a privacy, product security and enterprise security risk management consultancy.

From 1995-2015, Nick held positions at Philips Electronics, including as Corporate Research Department Head specializing in IT-based innovation. He then became a Healthcare Strategy Senior Director and moved on to create and manage both the Healthcare Product Security program and the Healthcare Privacy Office (8 years). During his final three years at Philips he was asked to transform Information Security at Philips as their first global CISO.

While at Philips and beyond, Nick worked on international standards – most notably with ISO-IEC Joint Working Group 7, responsible for establishing safety, effectiveness and security in connected healthcare technology.

Prior to 1995, Nick spent thirteen years in the UCLA School of Medicine, where he became Associate Professor of Radiological Sciences. During that time, he also had a 3-year appointment as a Visiting Professor in the School of Computer Sciences and Engineering at the University of New South Wales in Sydney.  Nick was engaged in hospital-wide digital initiatives including creating one of the first Radiological Picture Archiving and Communications Systems. In the 1980s he was one of the first to realize surgical planning-based digital imaging and 3D printing via stereolithography.  He has over 100 publications and holds 6 patents. 

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

8:45 AM - 9:30 AM

Keynote Interview: Reflections from a CISO Emeritus – A Discussion with BD’s Nick Mankovich

with Nick Mankovich and Phil Gardner Join IANS CEO Phil Gardner and Nick Mankovich, BD’s CISO Emeritus, for a keynote discussion where Nick will share some of the management lessons he’s drawn from a distinguished, decades-long security career. Nick is a believer that clear risk governance is the foundation of any corporate security program. We’ll explore how to implement this during our talk and discuss the benefits and the trade-off’s that come with being clear on “who-owns-what” in a corporate setting.
9:30 AM - 9:50 AM

Networking Break

Join your peers and transition to the CISO Roundtable for a day of closed-door, high-level sessions.

2019 Philadelphia Facilitators

Phil Gardner

IANS Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

tim-bernard

Tim Bernard

IANS Area Vice President

Event: Philadelphia Marriott Downtown

1201 Market Street, Philadelphia, PA 19107

Hotel: The Notary Hotel

21 N Juniper St, Philadelphia, PA 19107

Room Rate:

$259

per night plus tax

Attendee Contact

ians@iansresearch.com

Check out IANS other upcoming events