Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

Registration & Breakfast

Join City National Bank&rsquo;s CISO Brian Fricke and IANS&rsquo; CEO Phil Gardner for a far-ranging keynote conversation that will tackle how to make infosec risk management real and tangible, where to find talent,&nbsp;the importance &lsquo;speaking business&rsquo; and Brian&rsquo;s view on AI&rsquo;s infosec utility.

A Keynote Discussion with CNB’s Brian Fricke: Getting Real & Tangible Around Risk Management

A business-centric technology professional, specializing in strategic Enterprise Information Security Policy and Risk Management, Brian is currently the Chief Information Security Officer of City National Bank. Formally establishing the first of its kind Information Security Programs at BBVA &amp; Bank OZK, he has overseen the information &amp; cyber security risk portfolio of over 600 sites, 30,000 Personnel, and 20,000 systems and endpoints across the globe for public and private entities.Formerly a civil servant as the CISO and Cyber Security Branch Manager at the US Navy's Military Sealift Command (MSC) at the Washington Navy Yard in Washington, DC. Brian is a Certified Information Systems Security Professional (CISSP) and holds a variety of relevant certifications (CISM, CCSP, CSSLP etc.). In his role at MSC he was responsible for planning, organizing and managing the implementation of cyber security industry best practice, as well as DoD &amp; Federal cyber security mandates. A former active duty Marine, he has worked at the Joint Chiefs of Staff in the Pentagon, the US Agency for International Development (USAID), the Securities Exchange Commission (SEC) in Manhattan and was an officer of the Board of Directors of OutServe, a 501(c)(3) non-profit. He was Class President of the The George Washington University School of Business, World Executive MBA, Class of 2013, and also holds a Graduate Certificate in Strategic Cybersecurity Enforcement.

Join your peers and transition to the CISO Roundtable for a day of closed-door, high-level sessions.

Networking Break

Come join us as we welcome you to the Forum.

IANS Welcome and Perspective

General Forum Opening

2019 Atlanta General Forum Opening

Afternoon Networking Break

After spending a day learning and sharing ideas with your peers, join us for a networking reception to unwind and share insights from the day.

Networking Reception

MITRE&rsquo;s ATT&amp;CK&trade; is a framework that supports information security teams as they seek to improve their posture. However, many security leaders do not understand how to use the ATT&amp;CK framework to its fullest.
IANS Area Vice President Collin Snow and Rockie Brockway, Practice Leader at TrustedSec, will co-lead a session to set a baseline understanding of ATT&amp;CK, and provide insights for leveraging the framework to improve:
<div class="hung_list">
<ul>
 <li>Threat Modeling</li>
 <li>Threat Hunting</li>
 <li>Purple Teaming</li>
 <li>Product Evaluations</li>
</ul>
Using a client example, Rockie will also discuss leveraging ATT&amp;CK to assess coverage mapping, controls effectiveness, and testing &amp; validation.
You will walk away from the session with detailed examples and practical applications.

</div>

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness

Rockie is an experienced 25-year veteran of IT/IS and highly technical Information Security Analyst, Design Architect/Assessor specializing in Business Systems/Impact Analysis. Through an understanding of business needs in relation to protecting business critical data (Brand Protection), he assists organizations in achieving their desired business outcomes. He has consulted in nearly every vertical and marries a strong technical background with outstanding creativity, communication skills, leadership, team building/teamwork skills and business acumen.

Collin is an Area Vice President at IANS and currently responsible for overseeing, managing and growing IANS End User Business Practice in the Mid-west, Mid-Atlanta and Southern portions of the U.S. Collin obtained his Bachelor of Science from James Cook University in Australia and holds graduate certificates in Applied Project Management and Business Analysis from Boston University.

CISOs are increasingly public-facing executives &ndash; often in post-breach media briefings or other high-stakes situations. This Brunswick Group's workshop starts with an analysis of post-breach video clips and then pivots to recommendations on putting
your best foot forward in working with the media. Topics include:
<div class="hung_list">
<ul>
 <li>The CISO&rsquo;s new dual external and internal role</li>
 <li>Telling your story and honing your message</li>
 <li>Dealing with traps and left-field questions</li>
 <li>How to stay on message and avoid being sidetracked</li>
</ul>
</div>

Managing the Media During an Incident: A Brunswick Group Workshop

Stewart Jones is an Account Director in Brunswick Group’s Washington, D.C. office. She advises clients on a broad range of matters including cybersecurity and data privacy, reputation and profile-raising, and crisis.
 
Stewart has experience working with clients on a variety of public affairs matters. Her Brunswick roster includes Waymo, Target, and Afiniti. Previously, Stewart was a manager on Chemonics International’s growth and diversification team where she focused on new client acquisition and market entry strategy for companies interested in emerging markets. Prior to this, she was a Fulbright Scholar in Malaysia. Stewart has a B.A. from DePauw University and an M.Ed. from Harvard University.

Siobhan Gorman is a Partner in the Washington, D.C., office of the Brunswick Group, where she concentrates on crisis, cybersecurity, public affairs, and media relations. Siobhan has worked on corporate crisis across a range of industries, including financial
 services, healthcare, defense, entertainment, technology, and automotive.&nbsp;Siobhan has also led a range of cybersecurity, public affairs, litigation, and corporate reputation projects in the financial, retail, airline, and technology sectors. Tapping her longtime journalism experience, she regularly advises clients on media
 relations issues and conducts media training for executives.&nbsp;Siobhan is a member of the Senior Advisory Group for Harvard University’s Defending Digital Democracy Project, which is focused on preventing and mitigating cyberattacks on the election process. She is also member of the Advisory Committee for Brown
 University's Executive Master in Cybersecurity. Prior to joining Brunswick, Siobhan had a successful 17-year career as a reporter, most recently at The Wall Street Journal. At The Journal, she covered a range of national security and law enforcement topics, including counterterrorism, intelligence,
 and cybersecurity. Prior to joining The Journal in 2007, Siobhan was a Washington correspondent for The Baltimore Sun covering intelligence and security. From 1998 to 2005, she was a staff correspondent for National Journal covering similar issues.
 She began her career as a researcher for a columnist at The Washington Post.Siobhan won the 2006 Sigma Delta Chi Award for Washington Correspondence for her coverage of the National Security Agency and in 2000 received a special citation in national magazine writing from the Education Writers Association. She has been nominated three times for the Pulitzer Prize and is a graduate of Dartmouth College.

Executives from SentinelOne, Tanium, Tenable, and Zerofox will deliver 15-minute technical presentation to the assembled CISOs.Following the briefing, IANS will facilitate a closed door, CISO-only discussion of the value and drawbacks of the vendor offered solutions.<div class="timeline_sponsor"><img class="mr-2" width="180px" src="[images%7COpenAccessDataProvider]2a46a336-9c21-4a98-a6e2-744749f82fdb" /><img class="mr-2" width="180px" src="[images%7COpenAccessDataProvider]97fb6026-1ea5-4d85-aba0-17afe96a3c26" /><img class="mr-2" width="180px" src="[images%7COpenAccessDataProvider]873a6ccd-f0d9-4c95-bdb5-152527b531c3" /><img src="[images%7COpenAccessDataProvider]5d747705-991d-4f3f-8a41-febd0fcb7974" width="180px" alt="zerofox" class="mr-2" /></div>

Solution Provider Power Hour

The security industry is now primarily focused on the identification of an attack vs. the ability to prevent. The castle mentality of old no longer holds true to how we defend against daily threats. As an industry, threat modeling provides us with the ability to focus on high risk areas within our enterprise while developing strategies for defense. We still need to have a way to identify threats, capabilities, and more. This talk will dive into the tactics, techniques, and procedures (TTPs) of attackers and explain the best methods for success when it comes to developing a program centric around threat models. There is no way we can prevent everything, however if we can focus on identify abnormal patterns of behavior in the enterprise, we can minimize the time window of an attacker. Detection and visibility are critical, and as an industry we can get better. Dave will address:
<div class="hung_list">
<ul>
 <li>Understanding how to build threat models to impact your security program long-term</li>
 <li>Measuring the success of your information security program and how to focus on deficient areas</li>
 <li>The ability to improve capabilities over time and measure the program towards others</li>
</ul>
</div>

Lunch & IANS Faculty Briefing: Understanding Threats: Why Modeling Equals Strong Security

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely
 popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research. Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one
 of the largest security collectives and offers certifications such as the CISSP.

IANS Overview & CISO Attendee Introductions

In our final session, IANS Area Vice President&nbsp;Collin Snow will moderate a discussion with two of the security industry's leading CISO executive recruiters. The session will focus first on career development and then move toward hiring, compensation trends and negotiation
best practices. We'll discuss:
<div class="hung_list">
<ul>
 <li>What traits do recruiters look for in high performing CISOs?</li>
 <li>What does it take to advance to the Fortune 500 ranks?</li>
 <li>Has my compensation kept up with the market?</li>
 <li>What three negotiation tips should I use for my next position?</li>
</ul>
</div>

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters

Steve is a partner in Artico Search’s cybersecurity practice. He is an expert in security executive recruiting and compensation focused on recruiting best-in-class CISOs and their teams across various industries. he leads strategic partnerships
and initiatives including Artico’s annual CISO compensation &amp; budget survey conducted in collaboration with IANS. Prior to Artico, Steve served in Caldwell Partner's cybersecurity practice and at Russell Reynolds associates.

Phil Schneidermeyer is a Partner in the New York office of Ward Howell International. He has 25 years of executive search experience working across all sectors and with expertise across industries. While he has experience working across the C-suite, Phil specializes in Cyber, CIO and CTO leadership and talent advisory services. Prior to joining Ward Howell International he spent 14 years with another global executive search firm where he Co-led the Cyber Practice.
Phil started his search career in research with the world’s largest global executive search firm and rose through the ranks to serve as managing director and Global Chief Information and Technology Officers Practice leader. Phil also sat on the Americas Operating Group and served as chairman of the firm's Information Technology Committee. Entrepreneurial by nature he left the firm to start a boutique executive search firm working with early stage technology companies building their technology leadership teams. 
Earlier, Phil was an economist with a Hartford-based consulting firm focused on the Connecticut economy and commercial real estate markets.
Phil currently serves on the Advisory Board for Year Up New York City, an organization providing young urban adults with professional skills, technical training and corporate apprenticeships. He earned a BA in business administration and was awarded a master’s degree in public affairs from the University of Connecticut.

Retired Navy&nbsp;SEAL Commander Brendan Leary will introduce insights that help you and your organization adapt quicker and make faster, better decisions when managing complex, chaotic situations.
 Brendan will start the session with some organizational and leadership lessons from &lsquo;down range&rsquo; &ndash; how he and a handful of Special Operations officers turn the tide on the Iraqi insurgency in 2009-2011.&nbsp;&nbsp;Drawing from their lessons, this session will offer a blueprint for how to restructure an organization and lead in a fast-changing environment with incomplete, often contradictory, data.

Winning in a Chaotic, Complex Environment:  Lessons from a U.S. Special-Ops Officer

Brendan Leary is a Senior Principal at McChrystal Group, where he works as part of our Advisory Services team. Brendan has supported companies in several industries and is currently advising an international wealth management company.Brendan has deep experience in leadership, team building, planning, crisis and deliberate decision-making, and operational execution. He has driven organizational transformation and achieved results at the executive-level in every organization in which he has served. Recently transitioned from the Naval Special Warfare community, Brendan has 21 years of experience leading SEALs and other special operations units. His diverse military career has included counterterrorism, undersea operations, contingency operations in Liberia, combat operations in Afghanistan and Iraq, and counter-insurgency and stability operations in Africa.Prior to joining McChrystal Group, Brendan was the Deputy Commander of an 1,800-member special operations organization with nine subsidiaries and regional responsibilities on three continents. He has led, mentored and improved high-performing teams to execute sensitive missions, build strategic relationships, and develop effective technical solutions in complex, dynamic, and high-risk environments.Brendan earned a Bachelor of Science degree from Springfield College and a Master of Science degree in Military Strategic Studies from the Marine Corps University.

Board Members privately remark that they too often leave a CISO&rsquo;s Board presentation more confused than when they started. CISOs often refer to their Board meetings as &lsquo;hostile territory&rsquo;. Clearly, we need to get better at communicating.IANS CEO Phil Gardner will interview Brian Fricke, CISO of&nbsp;City National Bank, Kevin Gowen, CISO of Synovus, and&nbsp;Bob Varnadoe, CISO of NCR Corporation, on how they have learned to address their Boards and improve their effectiveness. The discussion will be specific and address:<div class="hung_list"><ul><li>How do you prepare for a Board session? Who do you pre-brief?</li><li>How long should your Board presentation be?</li><li>Should your Board presentation use a risk framework and, if so, which one?</li><li>When should you use benchmarking data with the Board? When is it a bad idea?</li></ul></div>

Speaking Your Board’s Language: The CISO’s Perspective

Kevin Gowen serves as Chief Information Security Officer for Synovus and is responsible for all aspects of information and cyber security, physical security, business continuity, and financial crimes. This includes security architecture and operations, risk assessment, business continuity planning, disaster recovery, identity and access management, fraud monitoring and investigations, and crisis management. He was named Chief Information Security Officer in February 2015. Gowen earned Bachelor’s and Master’s degrees in Mechanical Engineering from the Georgia Institute of Technology. He received the James H. Blanchard Leadership award in 2016 and was a finalist for the ISE Southeast Executive of the Year Award in 2019. Gowen is an alumnus of Leadership Columbus and serves as a board member of the National Technology Security Coalition.

Bob Varnadoe is Chief Information Security Officer for NCR Corporation. His duties include overall information security and operational/IT aspects of NCR’s privacy program, IT risk management, and compliance company-wide, training and awareness for information security, and oversight of the deployment of security technologies. Bob works with NCR’s lines of business, Professional Services, Legal, Internal Audit, Customer Services and HW/SW Engineering to develop and build out our company-wide strategy for information security, and represents the IT organization in NCR’s Enterprise Risk Management committee.
Prior to NCR, Bob was with Fiserv Corporation where he was responsible for information security within Fiserv’s corporate risk organization. His team was responsible for information security oversight, governance, and strategy across Fiserv’s business units. The team also provided consulting to Fiserv’s divisions and operating units for information security matters. Over his tenure at Fiserv Bob has led teams focused on information security engineering and operations for network infrastructure, distributed systems, and mainframe systems. He has also led teams focused on application security testing and consulting, information security strategy, and built Fiserv’s security operations center.
Bob joined Fiserv through the acquisition of CheckFree Corporation where he was responsible for information security strategy within CheckFree’s corporate function. Prior to joining CheckFree, Bob was IT Director for an architecture and engineering firm in Atlanta. He has over 25 years of experience in data networking and information systems. 20 years of which were spent exclusively in the security field. Bob holds a Bachelor’s Degree in Electrical Engineering from the Georgia Institute of Technology.

CISO Roundtable Agenda

2019 Atlanta CISO Roundtable Agenda

Default Calendar

Attendee Contact

This one-day roundtable at the Atlanta Information Security Forum is designed exclusively for CISOs and senior level information security executives to learn and share insights in a confidential setting. Join us for these high-level leadership sessions:
Speaking Your Board’s Language: The CISO’s Perspective&nbsp;– Hear from your CISO peers on how they’ve learned to learned to address their Boards and improve their effectiveness.
Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer&nbsp;– Retired Navy SEAL Commander Brendan Leary will introduce techniques for becoming a better leader and more decisive decision maker in chaotic, complex situations.&nbsp;
Understanding Threats: Why Modeling Equals Strong Security&nbsp;– IANS Faculty member Dave Kennedy will dive into the tactics, techniques, and procedures (TTPs) of attackers and explain the best methods for success with developing a threat model centric program.
Leveraging MITRE ATT&amp;CK for Coverage Mapping and Controls Effectiveness&nbsp;– IANS and TrustedSec’s Rockie Brockway will co-lead a session to set a baseline understanding of ATT&amp;CK and provide insights for leveraging the framework.
Managing the Media During an Incident: A Brunswick Group Workshop&nbsp;– Prepare for the publicly facing role as a CISO and learn recommendations on putting your best foot forward when communicating with the media.
Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters&nbsp;– Two of the market’s leading CISO executive recruiters will discuss career development, hiring and compensation trends, and negotiation best practices.

Register Now

This one-day roundtable is designed exclusively for CISOs and senior level information security executives to learn and share insights in a confidential setting.

CISO Roundtable

This one-day roundtable at the Atlanta Information Security Forum is designed exclusively for CISOs and senior level information security executives to learn and share insights in a confidential setting.

2019 Atlanta CISO Roundtable

Hyatt Regency Atlanta

Professional Development

Executive Competencies

Live Online Training

Online Training Library

Compensation & Budget

Take the Survey

Reports

Survey Visualization Tool

Executive Communications

Incident Command Center

Resource Center

Events

Forums

CISO Roundtables

Symposiums

Webinars

Vendor Assessment Community

Who We Are

About Us

Our Story

Careers

Contact Us

What We Do

InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.

Live Faculty-led instruction and interactive labs to build you and your team"s InfoSec skills.

2019 Atlanta

CISO Roundtable

Contact us at:

Contact us at: