2019 Atlanta
CISO Roundtable

#IANSAtlanta #IANSEvents

Wednesday, October 30, 2019
Hyatt Regency Atlanta, 265 Peachtree Street NE, Atlanta, GA

This one-day roundtable at the Atlanta Information Security Forum is designed exclusively for CISOs and senior level information security executives to learn and share insights in a confidential setting. Join us for these high-level leadership sessions:

Speaking Your Board’s Language: The CISO’s Perspective – Hear from your CISO peers on how they’ve learned to learned to address their Boards and improve their effectiveness.

Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer – Retired Navy SEAL Commander Brendan Leary will introduce techniques for becoming a better leader and more decisive decision maker in chaotic, complex situations. 

Understanding Threats: Why Modeling Equals Strong Security – IANS Faculty member Dave Kennedy will dive into the tactics, techniques, and procedures (TTPs) of attackers and explain the best methods for success with developing a threat model centric program.

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness – IANS and TrustedSec’s Rockie Brockway will co-lead a session to set a baseline understanding of ATT&CK and provide insights for leveraging the framework.

Managing the Media During an Incident: A Brunswick Group Workshop – Prepare for the publicly facing role as a CISO and learn recommendations on putting your best foot forward when communicating with the media.

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters – Two of the market’s leading CISO executive recruiters will discuss career development, hiring and compensation trends, and negotiation best practices.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events

CISO Roundtable Agenda

9:40 AM - 10:10 AM

IANS Overview & CISO Attendee Introductions

Brian Fricke

Brian Fricke

CISO, City National Bank

A business-centric technology professional, specializing in strategic Enterprise Information Security Policy and Risk Management, Brian is currently the Chief Information Security Officer of City National Bank. Formally establishing the first of its kind Information Security Programs at BBVA & Bank OZK, he has overseen the information & cyber security risk portfolio of over 600 sites, 30,000 Personnel, and 20,000 systems and endpoints across the globe for public and private entities.

Formerly a civil servant as the CISO and Cyber Security Branch Manager at the US Navy's Military Sealift Command (MSC) at the Washington Navy Yard in Washington, DC. Brian is a Certified Information Systems Security Professional (CISSP) and holds a variety of relevant certifications (CISM, CCSP, CSSLP etc.). In his role at MSC he was responsible for planning, organizing and managing the implementation of cyber security industry best practice, as well as DoD & Federal cyber security mandates. A former active duty Marine, he has worked at the Joint Chiefs of Staff in the Pentagon, the US Agency for International Development (USAID), the Securities Exchange Commission (SEC) in Manhattan and was an officer of the Board of Directors of OutServe, a 501(c)(3) non-profit. He was Class President of the The George Washington University School of Business, World Executive MBA, Class of 2013, and also holds a Graduate Certificate in Strategic Cybersecurity Enforcement.

Gowen-Kevin

Kevin Gowen

CISO, Synovus

Kevin Gowen serves as Chief Information Security Officer for Synovus and is responsible for all aspects of information and cyber security, physical security, business continuity, and financial crimes. This includes security architecture and operations, risk assessment, business continuity planning, disaster recovery, identity and access management, fraud monitoring and investigations, and crisis management. He was named Chief Information Security Officer in February 2015. Gowen earned Bachelor’s and Master’s degrees in Mechanical Engineering from the Georgia Institute of Technology. He received the James H. Blanchard Leadership award in 2016 and was a finalist for the ISE Southeast Executive of the Year Award in 2019. Gowen is an alumnus of Leadership Columbus and serves as a board member of the National Technology Security Coalition.

Bob Varnadoe

Bob Varnadoe

NCR Corporation, Chief Information Security Officer

Bob Varnadoe is Chief Information Security Officer for NCR Corporation. His duties include overall information security and operational/IT aspects of NCR’s privacy program, IT risk management, and compliance company-wide, training and awareness for information security, and oversight of the deployment of security technologies. Bob works with NCR’s lines of business, Professional Services, Legal, Internal Audit, Customer Services and HW/SW Engineering to develop and build out our company-wide strategy for information security, and represents the IT organization in NCR’s Enterprise Risk Management committee.

Prior to NCR, Bob was with Fiserv Corporation where he was responsible for information security within Fiserv’s corporate risk organization. His team was responsible for information security oversight, governance, and strategy across Fiserv’s business units. The team also provided consulting to Fiserv’s divisions and operating units for information security matters. Over his tenure at Fiserv Bob has led teams focused on information security engineering and operations for network infrastructure, distributed systems, and mainframe systems. He has also led teams focused on application security testing and consulting, information security strategy, and built Fiserv’s security operations center.

Bob joined Fiserv through the acquisition of CheckFree Corporation where he was responsible for information security strategy within CheckFree’s corporate function. Prior to joining CheckFree, Bob was IT Director for an architecture and engineering firm in Atlanta. He has over 25 years of experience in data networking and information systems. 20 years of which were spent exclusively in the security field. Bob holds a Bachelor’s Degree in Electrical Engineering from the Georgia Institute of Technology.

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

10:10 AM - 11:00 AM

Speaking Your Board’s Language: The CISO’s Perspective

with Brian Fricke, Kevin Gowen, Bob Varnadoe , and Phil Gardner

Board Members privately remark that they too often leave a CISO’s Board presentation more confused than when they started. CISOs often refer to their Board meetings as ‘hostile territory’. Clearly, we need to get better at communicating.

IANS CEO Phil Gardner will interview Brian Fricke, CISO of City National Bank, Kevin Gowen, CISO of Synovus, and Bob Varnadoe, CISO of NCR Corporation, on how they have learned to address their Boards and improve their effectiveness. The discussion will be specific and address:

  • How do you prepare for a Board session? Who do you pre-brief?
  • How long should your Board presentation be?
  • Should your Board presentation use a risk framework and, if so, which one?
  • When should you use benchmarking data with the Board? When is it a bad idea?
Brendan Leary

Brendan Leary

McChrystal Group, Senior Principal

Brendan Leary is a Senior Principal at McChrystal Group, where he works as part of our Advisory Services team. Brendan has supported companies in several industries and is currently advising an international wealth management company.

Brendan has deep experience in leadership, team building, planning, crisis and deliberate decision-making, and operational execution. He has driven organizational transformation and achieved results at the executive-level in every organization in which he has served. Recently transitioned from the Naval Special Warfare community, Brendan has 21 years of experience leading SEALs and other special operations units. His diverse military career has included counterterrorism, undersea operations, contingency operations in Liberia, combat operations in Afghanistan and Iraq, and counter-insurgency and stability operations in Africa.

Prior to joining McChrystal Group, Brendan was the Deputy Commander of an 1,800-member special operations organization with nine subsidiaries and regional responsibilities on three continents. He has led, mentored and improved high-performing teams to execute sensitive missions, build strategic relationships, and develop effective technical solutions in complex, dynamic, and high-risk environments.

Brendan earned a Bachelor of Science degree from Springfield College and a Master of Science degree in Military Strategic Studies from the Marine Corps University.

11:00 AM - 12:00 PM

Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer

with Brendan Leary

Retired Navy SEAL Commander Brendan Leary will introduce insights that help you and your organization adapt quicker and make faster, better decisions when managing complex, chaotic situations.

Brendan will start the session with some organizational and leadership lessons from ‘down range’ – how he and a handful of Special Operations officers turn the tide on the Iraqi insurgency in 2009-2011.  Drawing from their lessons, this session will offer a blueprint for how to restructure an organization and lead in a fast-changing environment with incomplete, often contradictory, data.

dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.

12:00 PM - 1:00 PM

Lunch & IANS Faculty Briefing: Understanding Threats: Why Modeling Equals Strong Security

with Dave Kennedy

The security industry is now primarily focused on the identification of an attack vs. the ability to prevent. The castle mentality of old no longer holds true to how we defend against daily threats. As an industry, threat modeling provides us with the ability to focus on high risk areas within our enterprise while developing strategies for defense. We still need to have a way to identify threats, capabilities, and more. This talk will dive into the tactics, techniques, and procedures (TTPs) of attackers and explain the best methods for success when it comes to developing a program centric around threat models. There is no way we can prevent everything, however if we can focus on identify abnormal patterns of behavior in the enterprise, we can minimize the time window of an attacker. Detection and visibility are critical, and as an industry we can get better. Dave will address:

  • Understanding how to build threat models to impact your security program long-term
  • Measuring the success of your information security program and how to focus on deficient areas
  • The ability to improve capabilities over time and measure the program towards others
1:00 PM - 2:15 PM

Solution Provider Power Hour

Executives from SentinelOne, Tanium, Tenable, and Zerofox will deliver 15-minute technical presentation to the assembled CISOs.

Following the briefing, IANS will facilitate a closed door, CISO-only discussion of the value and drawbacks of the vendor offered solutions.

zerofox
Rockie Brockway

Rockie Brockway

Practice Lead, Office of the CSO, TrustedSec

Rockie is an experienced 25-year veteran of IT/IS and highly technical Information Security Analyst, Design Architect/Assessor specializing in Business Systems/Impact Analysis. Through an understanding of business needs in relation to protecting business critical data (Brand Protection), he assists organizations in achieving their desired business outcomes. He has consulted in nearly every vertical and marries a strong technical background with outstanding creativity, communication skills, leadership, team building/teamwork skills and business acumen.

colin-snow

Collin Snow

Area Vice President, IANS

Collin is an Area Vice President at IANS and currently responsible for overseeing, managing and growing IANS End User Business Practice in the Mid-west, Mid-Atlanta and Southern portions of the U.S. Collin obtained his Bachelor of Science from James Cook University in Australia and holds graduate certificates in Applied Project Management and Business Analysis from Boston University.

2:15 PM - 3:00 PM

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness

with Rockie Brockway and Collin Snow

MITRE’s ATT&CK™ is a framework that supports information security teams as they seek to improve their posture. However, many security leaders do not understand how to use the ATT&CK framework to its fullest.

IANS Area Vice President Collin Snow and Rockie Brockway, Practice Leader at TrustedSec, will co-lead a session to set a baseline understanding of ATT&CK, and provide insights for leveraging the framework to improve:

  • Threat Modeling
  • Threat Hunting
  • Purple Teaming
  • Product Evaluations

Using a client example, Rockie will also discuss leveraging ATT&CK to assess coverage mapping, controls effectiveness, and testing & validation.

You will walk away from the session with detailed examples and practical applications.

3:00 PM - 3:15 PM

Afternoon Networking Break

Stewart Jones

Stewart Jones

Brunswick Group, Account Director

Stewart Jones is an Account Director in Brunswick Group’s Washington, D.C. office. She advises clients on a broad range of matters including cybersecurity and data privacy, reputation and profile-raising, and crisis.

Stewart has experience working with clients on a variety of public affairs matters. Her Brunswick roster includes Waymo, Target, and Afiniti. Previously, Stewart was a manager on Chemonics International’s growth and diversification team where she focused on new client acquisition and market entry strategy for companies interested in emerging markets. Prior to this, she was a Fulbright Scholar in Malaysia. Stewart has a B.A. from DePauw University and an M.Ed. from Harvard University.

Siobhan Gorman

Siobhan Gorman

Partner, Brunswick Group

Siobhan Gorman is a Partner in the Washington, D.C., office of the Brunswick Group, where she concentrates on crisis, cybersecurity, public affairs, and media relations. Siobhan has worked on corporate crisis across a range of industries, including financial services, healthcare, defense, entertainment, technology, and automotive. 

Siobhan has also led a range of cybersecurity, public affairs, litigation, and corporate reputation projects in the financial, retail, airline, and technology sectors. Tapping her longtime journalism experience, she regularly advises clients on media relations issues and conducts media training for executives. 

Siobhan is a member of the Senior Advisory Group for Harvard University’s Defending Digital Democracy Project, which is focused on preventing and mitigating cyberattacks on the election process. She is also member of the Advisory Committee for Brown University's Executive Master in Cybersecurity.

Prior to joining Brunswick, Siobhan had a successful 17-year career as a reporter, most recently at The Wall Street Journal. At The Journal, she covered a range of national security and law enforcement topics, including counterterrorism, intelligence, and cybersecurity. Prior to joining The Journal in 2007, Siobhan was a Washington correspondent for The Baltimore Sun covering intelligence and security. From 1998 to 2005, she was a staff correspondent for National Journal covering similar issues. She began her career as a researcher for a columnist at The Washington Post.

Siobhan won the 2006 Sigma Delta Chi Award for Washington Correspondence for her coverage of the National Security Agency and in 2000 received a special citation in national magazine writing from the Education Writers Association. She has been nominated three times for the Pulitzer Prize and is a graduate of Dartmouth College.

3:15 PM - 4:15 PM

Managing the Media During an Incident: A Brunswick Group Workshop

with Stewart Jones and Siobhan Gorman

CISOs are increasingly public-facing executives – often in post-breach media briefings or other high-stakes situations. This Brunswick Group's workshop starts with an analysis of post-breach video clips and then pivots to recommendations on putting your best foot forward in working with the media. Topics include:

  • The CISO’s new dual external and internal role
  • Telling your story and honing your message
  • Dealing with traps and left-field questions
  • How to stay on message and avoid being sidetracked
Steven Martano

Steven Martano

The Caldwell Partners, Consultant, Cyber Security Practice

Steven Martano is a consultant in Caldwell Partners’ Cyber Security Practice. He recruits across the information security function, including CISOs, CSOs, cyber advisory board members, and cyber leaders in professional services.

Steven spent seven years at Russell Reynolds Associates, where he helped build the Cyber Security and Supply Chain functional practices, serving as a member of the global Corporate Officers practice.

Earlier in his career, Steven worked at Sikorsky Aircraft (then part of United Technologies Corporation), where he led operations and financial planning for multi-billion contracts for the U.S military and key international customers in the Middle East, Asia and South America.

In addition to his professional career, Steven serves as an editor and featured writer at Beyond the Box Score, SB Nation’s baseball analytics platform, and is a contributing columnist to FanGraphs’ The Hardball Times. He holds a BA from The Catholic University of America and a master’s degree in economics & finance from Trinity College.

Phil Schneidermeyer

Phil Schneidermeyer

Ward Howell International, Partner

Phil Schneidermeyer is a Partner in the New York office of Ward Howell International. He has 25 years of executive search experience working across all sectors and with expertise across industries. While he has experience working across the C-suite, Phil specializes in Cyber, CIO and CTO leadership and talent advisory services. Prior to joining Ward Howell International he spent 14 years with another global executive search firm where he Co-led the Cyber Practice.

Phil started his search career in research with the world’s largest global executive search firm and rose through the ranks to serve as managing director and Global Chief Information and Technology Officers Practice leader. Phil also sat on the Americas Operating Group and served as chairman of the firm's Information Technology Committee. Entrepreneurial by nature he left the firm to start a boutique executive search firm working with early stage technology companies building their technology leadership teams.

Earlier, Phil was an economist with a Hartford-based consulting firm focused on the Connecticut economy and commercial real estate markets.

Phil currently serves on the Advisory Board for Year Up New York City, an organization providing young urban adults with professional skills, technical training and corporate apprenticeships. He earned a BA in business administration and was awarded a master’s degree in public affairs from the University of Connecticut.

colin-snow

Collin Snow

Area Vice President, IANS

Collin is an Area Vice President at IANS and currently responsible for overseeing, managing and growing IANS End User Business Practice in the Mid-west, Mid-Atlanta and Southern portions of the U.S. Collin obtained his Bachelor of Science from James Cook University in Australia and holds graduate certificates in Applied Project Management and Business Analysis from Boston University.

4:15 PM - 5:00 PM

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters

with Steven Martano, Phil Schneidermeyer, and Collin Snow

In our final session, IANS Area Vice President Collin Snow will moderate a discussion with two of the security industry's leading CISO executive recruiters. The session will focus first on career development and then move toward hiring, compensation trends and negotiation best practices. We'll discuss:

  • What traits do recruiters look for in high performing CISOs?
  • What does it take to advance to the Fortune 500 ranks?
  • Has my compensation kept up with the market?
  • What three negotiation tips should I use for my next position?
5:00 PM - 6:00 PM

Networking Reception

After spending a day learning and sharing ideas with your peers, join us for a networking reception to unwind and share insights from the day.

General Forum Opening

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:30 AM - 8:45 AM

IANS Welcome and Perspective

Come join us as we welcome you to the Forum.
Brian Fricke

Brian Fricke

CISO, City National Bank

A business-centric technology professional, specializing in strategic Enterprise Information Security Policy and Risk Management, Brian is currently the Chief Information Security Officer of City National Bank. Formally establishing the first of its kind Information Security Programs at BBVA & Bank OZK, he has overseen the information & cyber security risk portfolio of over 600 sites, 30,000 Personnel, and 20,000 systems and endpoints across the globe for public and private entities.

Formerly a civil servant as the CISO and Cyber Security Branch Manager at the US Navy's Military Sealift Command (MSC) at the Washington Navy Yard in Washington, DC. Brian is a Certified Information Systems Security Professional (CISSP) and holds a variety of relevant certifications (CISM, CCSP, CSSLP etc.). In his role at MSC he was responsible for planning, organizing and managing the implementation of cyber security industry best practice, as well as DoD & Federal cyber security mandates. A former active duty Marine, he has worked at the Joint Chiefs of Staff in the Pentagon, the US Agency for International Development (USAID), the Securities Exchange Commission (SEC) in Manhattan and was an officer of the Board of Directors of OutServe, a 501(c)(3) non-profit. He was Class President of the The George Washington University School of Business, World Executive MBA, Class of 2013, and also holds a Graduate Certificate in Strategic Cybersecurity Enforcement.

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

8:45 AM - 9:30 AM

A Keynote Discussion with CNB’s Brian Fricke: Getting Real & Tangible Around Risk Management

with Brian Fricke and Phil Gardner Join City National Bank’s CISO Brian Fricke and IANS’ CEO Phil Gardner for a far-ranging keynote conversation that will tackle how to make infosec risk management real and tangible, where to find talent, the importance ‘speaking business’ and Brian’s view on AI’s infosec utility.
9:30 AM - 9:50 AM

Networking Break

Join your peers and transition to the CISO Roundtable for a day of closed-door, high-level sessions.

2019 Atlanta Facilitators

Phil Gardner

IANS Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

colin-snow

Collin Snow

IANS Area Vice President

Collin is an Area Vice President at IANS and currently responsible for overseeing, managing and growing IANS End User Business Practice in the Mid-west, Mid-Atlanta and Southern portions of the U.S. Collin obtained his Bachelor of Science from James Cook University in Australia and holds graduate certificates in Applied Project Management and Business Analysis from Boston University.

Hyatt Regency Atlanta

265 Peachtree St NE, Atlanta, GA 30303

Room Rate:

$239

per night plus tax

Attendee Contact

ians@iansresearch.com

Check out IANS other upcoming events