2019 Philadelphia
CISO Roundtable

#IANSPhiladelphia #IANSEvents

Wednesday, October 16, 2019
Philadelphia Marriott Downtown, 1201 Market Street, Philadelphia, PA

This one-day roundtable at the Philadelphia Information Security Forum is designed exclusively for CISOs and senior level information security executives to learn and share insights in a confidential setting. Join us for these high-level leadership sessions:

We Don’t Compete on Security – Booking Holdings’ Collaboration Lessons Learned – Join Booking Holdings colleagues for a panel discussing why and how their organization’s disparate teams work together.

Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer – Retired Navy SEAL Commander Brendan Leary will introduce techniques for becoming a better leader and more decisive decision maker in chaotic, complex situations. 

IAM Strategies that Work – IANS Faculty member Aaron Turner will discuss strategies for the planning, execution, operation, and governance of Identity and Access Management.

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness – IANS and TrustedSec's Rockie Brockway will set a baseline understanding of ATT&CK and provide insights for leveraging the framework.

Managing the Media During an Incident: A Brunswick Group Workshop – Prepare for the publicly facing role as a CISO and learn recommendations on putting your best foot forward when communicating with the media.

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters – Two of the market’s leading CISO executive recruiters will discuss career development, hiring and compensation trends, and negotiation best practices.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events

CISO Roundtable Agenda

9:50 AM - 10:20 AM

IANS Overview & CISO Attendee Introductions

Mary Ann LeFort

Mary Ann LeFort

Priceline, Vice President and Associate General Counsel, Compliance & Privacy

An experienced counselor to businesses and individuals, Mary Ann Le Fort is Vice President and Associate General Counsel, Compliance & Privacy, at Priceline LLC in Norwalk, Connecticut. Mary Ann is responsible for all facets of the company’s compliance program, including investigations, training, reporting, advising the business, and driving the values of the company’s Code of Conduct deep into the culture. Mary Ann also advises the company on all matters involving privacy, including governance, incident response and GDPR & CCPA readiness. She also has served the company as litigation and labor and employment counsel.

Prior to her time at Priceline, Mary Ann was Counsel at Skadden Arps, in the Mass Torts and Insurance Litigation department. Following law school, Mary Ann was a law clerk to the Hon. Denis R. Hurley in the United States Court for the Eastern District of New York. She is a graduate of Brooklyn Law School, where she was a member of the Brooklyn Law Review, and of Vassar College. She has served several not-for-profit organizations, is currently on the Board of Directors of Abundant Waters, Inc., which serves children in two public elementary schools on Manhattan’s West Side, providing free afterschool and summer enrichment programs.

Daniel Ostermeier Bio Photo

Daniel Ostermeier

Principal Developer, booking.com

Daniel Ostermeier is a principal developer and part of the leadership team within the security department at booking.com. He has been a part of the security team since its early days, giving him a strong insight into every aspect of the department, from application security to incident response and security assurance. More recently, he has been applying his experience and knowledge to the collaboration with the broader Booking Holdings group of CISO's.

Prior to his involvement in Security, Daniel focused his attention towards improvements in the development process through automation, continuous integration, testing, and related developer tooling, spanning multiple startups and one unicorn.

matt-southworth

Matt Southworth

VP, Security Engineering, Priceline

Matt Southworth is the VP, Security Engineering at Priceline. He leads the  security team to reduce risk, improve customer trust, and fight the bad guys  coming after our data.  
Matt joined Priceline in a security engineering role in 2013 and has overseen the  growth and maturation of the security team and capabilities. His team is  responsible for product security, network and infrastructure protection, user  safety, managing PCI compliance, and incident response. His team also has  operational responsibility for the security of Booking Holdings’ users and data. 

Matt has hosted security summits for the security teams at all Booking Holdings  brands, runs real-time collaboration tools to share technical data, and has also  organized industry-wide Threat Exchange summits bringing together OTAs,  GDSes, and metasearch providers. 

Prior to his time at Priceline and Booking Holdings, Matt held security  engineering roles at membership and loyalty providers, health and life sciences  companies, and several tech startups. 

Mark-Weatherford

Mark Weatherford

Global Information Security Strategist, Booking Holdings

Mark Weatherford is the Global Information Security Strategist at Booking Holdings where he works with their brand companies that include Booking.com, Priceline, Agoda, Kayak, BookingGo, and OpenTable to create secure technology travel products for their millions of customers around the world.

He has held a variety of executive level cybersecurity roles including the Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, and Chief Security Officer at the North American Electric Reliability Corporation (NERC) where he led the cybersecurity program and worked with over 3,000 electric utility companies across North America.

In 2008 he was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer, and in 2011 he was appointed as the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity. As a U.S. Navy Cryptology Officer, Mr. Weatherford led the United States Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).

10:20 AM - 11:00 AM

Panel Discussion: We Don’t Compete on Security – Booking Holdings’ Collaboration Lessons Learned

with Mary Ann LeFort, Daniel Ostermeier, Matt Southworth, and Mark Weatherford

Booking Holdings, the world’s leader in online travel, is made up of the brands Booking.com, KAYAK, Priceline.com, Agoda, Rentalcars.com and OpenTable. These brands openly compete, but the various InfoSec teams collaborate. Join Booking Holdings for a panel discussing why and how the organization's disparate teams work together. Topics will include:

  • Board reporting at the brand and holding company level
  • Using heat maps and dashboards to measure relative performance
  • Allowing red teams to operate across the platform
  • How vendor assessments are shared
Brendan Leary

Brendan Leary

McChrystal Group, Senior Principal

Brendan Leary is a Senior Principal at McChrystal Group, where he works as part of our Advisory Services team. Brendan has supported companies in several industries and is currently advising an international wealth management company.

Brendan has deep experience in leadership, team building, planning, crisis and deliberate decision-making, and operational execution. He has driven organizational transformation and achieved results at the executive-level in every organization in which he has served. Recently transitioned from the Naval Special Warfare community, Brendan has 21 years of experience leading SEALs and other special operations units. His diverse military career has included counterterrorism, undersea operations, contingency operations in Liberia, combat operations in Afghanistan and Iraq, and counter-insurgency and stability operations in Africa.

Prior to joining McChrystal Group, Brendan was the Deputy Commander of an 1,800-member special operations organization with nine subsidiaries and regional responsibilities on three continents. He has led, mentored and improved high-performing teams to execute sensitive missions, build strategic relationships, and develop effective technical solutions in complex, dynamic, and high-risk environments.

Brendan earned a Bachelor of Science degree from Springfield College and a Master of Science degree in Military Strategic Studies from the Marine Corps University.

11:00 AM - 12:00 PM

Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer

with Brendan Leary

Retired Navy SEAL Commander Brendan Leary will introduce insights that help you and your organization adapt quicker and make faster, better decisions when managing complex, chaotic situations.

Brendan will start the session with some organizational and leadership lessons from ‘down range’ – how he and a handful of Special Operations officers turn the tide on the Iraqi insurgency in 2009-2011.  Drawing from their lessons, this session will offer a blueprint for how to restructure an organization and lead in a fast-changing environment with incomplete, often contradictory, data.

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

12:00 PM - 1:00 PM

Lunch & IANS Faculty Briefing: IAM Strategies That Work

with Aaron Turner

Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

In this session, IANS Faculty member Aaron Turner will offer immediately useful, vendor-agnostic guidance on such items as:
  • Identity as the last perimeter security has
  • Legacy systems versus Cloud – stretching identity resources to their limits
  • Next-gen MFA innovations
  • Privilege management problems – challenges we’re seeing among IANS customers and what to do about it
1:00 PM - 2:00 PM

Solution Provider Power Hour

Executives from Aqua Security, SentinelOne, and ZeroFOX will deliver 15-minute technical briefings.

Following the briefings, IANS will facilitate a closed door, CISO-only discussion of the value and drawbacks of each of the vendor solutions.

Aqua Security SentinelOne Zerofox
Rockie Brockway

Rockie Brockway

Practice Lead, Office of the CSO, TrustedSec

Rockie is an experienced 25-year veteran of IT/IS and highly technical Information Security Analyst, Design Architect/Assessor specializing in Business Systems/Impact Analysis. Through an understanding of business needs in relation to protecting business critical data (Brand Protection), he assists organizations in achieving their desired business outcomes. He has consulted in nearly every vertical and marries a strong technical background with outstanding creativity, communication skills, leadership, team building/teamwork skills and business acumen.

tim-bernard

Tim Bernard

Area Vice President, IANS

Tim leads IANS’ end user business in the Northeastern US and Canada, and midwestern US. Tim graduated [ages ago] from Providence College (Go Friars!) with a degree in Business Economics. When not wrangling roundtables or related IANS folks, he’s probably chasing his kids or his manic dog.

2:00 PM - 2:45 PM

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness

with Rockie Brockway and Tim Bernard

MITRE’s ATT&CK™ is a framework that supports information security teams as they seek to improve their posture. However, many security leaders do not understand how to use the ATT&CK framework to its fullest.

IANS Area Vice President Tim Bernard and Rockie Brockway, Practice Leader at TrustedSec, will co-lead a session to set a baseline understanding of ATT&CK, and provide insights for leveraging the framework to improve:

  • Threat modeling
  • Threat hunting
  • Purple teaming
  • Product evaluations

Using a client example, Rockie will also discuss leveraging ATT&CK to assess coverage mapping, controls effectiveness, and testing and validation.

You will walk away from the session with detailed examples and practical applications.

2:45 PM - 3:00 PM

Afternoon Networking Break

Katharine Cralle

Katharine Cralle

Director, Brunswick Group

Katharine has spent the last decade advising Brunswick clients around the world, having worked in the London, New York and Dubai offices prior to her move to Hong Kong. She specializes in helping companies position themselves to global stakeholders, both internal and external, around times of significant change, with a focus on capital markets events. Katharine has supported clients ranging from Alibaba Group, the world’s largest e-commerce company to Dubai Group, the diversified financial services company of Dubai Holding, to Pfizer, the world's largest research-based pharmaceutical company.

An employee engagement specialist, Katharine aids companies in developing change communications campaigns during periods of corporate development, supporting the National Bank of Abu Dhabi and the merger and integration of Abu Dhabi’s largest listed property developers, Aldar and Sorouh.

Andrew Gernt

Andrew Gernt

Associate, Brunswick Group

Andrew is an Associate in Brunswick’s Washington, D.C. office where he supports clients on crisis communications, stakeholder engagement, corporate reputation, and public affairs campaigns. He is the Chief of Staff to the Cybersecurity and Data Privacy practice. Prior to joining Brunswick Group, Andrew worked on several political campaigns providing strategic communications advice, preparing public remarks, and serving as a campaign spokesman. He began his career on Capitol Hill where he served as U.S. Congressman David Cicilline’s Communications Director and U.S. Senator Jack Reed’s Deputy Press Secretary.

Andrew received his master’s degree in national security and strategic studies from the Naval War College and a bachelor’s degree in English from the University of Colorado at Boulder.

 

3:00 PM - 4:00 PM

Managing the Media During an Incident: A Brunswick Group Workshop

with Katharine Cralle and Andrew Gernt

CISOs are increasingly public-facing executives – often in post-breach media briefings or other high-stakes situations. This Brunswick Group's workshop starts with an analysis of post-breach video clips and then pivots to recommendations on putting your best foot forward in working with the media. Topics include:

  • The CISO’s new dual external and internal role
  • Telling your story and honing your message
  • Dealing with traps and left-field questions
  • How to stay on message and avoid being sidetracked
Matt Comyns

Matt Comyns

Managing Partner, Caldwell Partners

Matt Comyns is managing partner of Caldwell Partners' Cyber Security Practice and a member of the Stamford office. His focus is on recruiting chief information security officers and next-level-down top lieutenants in information security for large global corporations and fast-growing private companies, as well as cyber security consultants for leading professional services firms and top executives for cyber security technology companies.

Matt previously co-led Russell Reynolds Associates’ Global Cyber Security Practice, within the firm’s Technology Sector. Prior to joining the executive search industry, he served as CEO of Pacific Epoch, a consulting firm that specializes in market intelligence and research for U.S.-based companies seeking to invest in and expand into China—until the completion of the firm’s sale. Prior to that, he was a founding partner of BlackInc Ventures, a strategic advisory firm providing clients in the digital media sector with leading outsourced solutions for business, sales, and corporate development.

Before launching BlackInc Ventures in 2004, Matt worked with CNET Networks Inc. for nearly seven years, holding various positions including senior vice president/publisher of News.com, vice president of business development, and director of business development at Snap.com. He has also served as a sales manager for Dow Jones Interactive in Asia and as a founding board member of The Online Publishers’ Association.

Matt holds a BA in political science from Bucknell University and is conversational in Mandarin. He previously served as a member of the Board of Directors for Music National Service, a national nonprofit organization and movement that supports music as a strategy for public good.

tim-bernard

Tim Bernard

Area Vice President, IANS

Tim leads IANS’ end user business in the Northeastern US and Canada, and midwestern US. Tim graduated [ages ago] from Providence College (Go Friars!) with a degree in Business Economics. When not wrangling roundtables or related IANS folks, he’s probably chasing his kids or his manic dog.

4:00 PM - 4:45 PM

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters

with Matt Comyns and Tim Bernard

In our final session, IANS Area Vice President Tim Bernard will moderate a discussion with two of the security industry's leading CISO executive recruiters. The session will focus first on career development and then move toward hiring, compensation trends and negotiation best practices. We'll discuss:

  • What traits do recruiters look for in high performing CISOs?
  • What does it take to advance to the Fortune 500 ranks?
  • Has my compensation kept up with the market?
  • What three negotiation tips should I use for my next position?
4:45 PM - 5:45 PM

Networking Reception

After spending a day learning and sharing ideas with your peers, join us for a networking reception to unwind and share insights from the day.

General Forum Opening

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:30 AM - 8:45 AM

IANS Welcome and Perspective

Come join us as we welcome you to the Forum.
nick-mankovich-new

Nick Mankovich

Becton Dickinson, Vice President and CISO Emeritus

Nick is a Vice President and CISO Emeritus at Becton Dickinson – formerly the BD Chief Information Security Officer (CISO) bearing ultimate responsibility for the adequate protection of BD information asset confidentiality, integrity and availability.

Prior to his 3+ years at BD, he founded and operated CyberRisk Consulting LLC - a privacy, product security and enterprise security risk management consultancy.

From 1995-2015, Nick held positions at Philips Electronics, including as Corporate Research Department Head specializing in IT-based innovation. He then became a Healthcare Strategy Senior Director and moved on to create and manage both the Healthcare Product Security program and the Healthcare Privacy Office (8 years). During his final three years at Philips he was asked to transform Information Security at Philips as their first global CISO.

While at Philips and beyond, Nick worked on international standards – most notably with ISO-IEC Joint Working Group 7, responsible for establishing safety, effectiveness and security in connected healthcare technology.

Prior to 1995, Nick spent thirteen years in the UCLA School of Medicine, where he became Associate Professor of Radiological Sciences. During that time, he also had a 3-year appointment as a Visiting Professor in the School of Computer Sciences and Engineering at the University of New South Wales in Sydney.  Nick was engaged in hospital-wide digital initiatives including creating one of the first Radiological Picture Archiving and Communications Systems. In the 1980s he was one of the first to realize surgical planning-based digital imaging and 3D printing via stereolithography.  He has over 100 publications and holds 6 patents. 

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

8:45 AM - 9:30 AM

Keynote Interview: Reflections from a CISO Emeritus – A Discussion with BD’s Nick Mankovich

with Nick Mankovich and Phil Gardner Join IANS CEO Phil Gardner and Nick Mankovich, BD’s CISO Emeritus, for a keynote discussion where Nick will share some of the management lessons he’s drawn from a distinguished, decades-long security career. Nick is a believer that clear risk governance is the foundation of any corporate security program. We’ll explore how to implement this during our talk and discuss the benefits and the trade-off’s that come with being clear on “who-owns-what” in a corporate setting.
9:30 AM - 9:50 AM

Networking Break

Join your peers and transition to the CISO Roundtable for a day of closed-door, high-level sessions.

2019 Philadelphia Facilitators

Phil Gardner

IANS Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

tim-bernard

Tim Bernard

IANS Area Vice President

Event: Philadelphia Marriott Downtown

1201 Market Street, Philadelphia, PA 19107

Hotel: The Notary Hotel

21 N Juniper St, Philadelphia, PA 19107

Room Rate:

$259

per night plus tax

Attendee Contact

ians@iansresearch.com

Check out IANS other upcoming events