2019 Boston
CISO Roundtable

#IANSBoston #IANSEvents

Wednesday, November 6, 2019
Boston Convention and Exhibition Center, 415 Summer Street, Boston, MA

This 1-day roundtable at the Boston Information Security Forum is designed exclusively for CISOs and senior level information security executives to learn and share insights in a confidential setting. Join us for these high-level leadership sessions:

The Changing Landscape in Cybersecurity, Privacy and Risk Management – John Carlin, former Assistant Attorney General for the DOJ's NSD, will offer an insider's perspective on cyber matters and the business and privacy implications of today's cyber headlines.

Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer – Retired Navy SEAL Commander Brendan Leary will introduce techniques for becoming a better leader and more decisive decision maker in chaotic, complex situations. 

Understanding Threats: Why Modeling Equals Strong Security – IANS Faculty member Dave Kennedy will dive into attackers’ tactics, techniques, and procedures and offer up a program-centric approach to threat modeling.

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness – IANS and TrustedSec's Rockie Brockway will set a baseline understanding of ATT&CK and provide insights for leveraging the framework.

Managing the Media During an Incident: A Brunswick Group Workshop – Prepare for the publicly facing role as a CISO and learn recommendations on putting your best foot forward when communicating with the media.

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters – Two of the market’s leading CISO executive recruiters will discuss career development, hiring and compensation trends, and negotiation best practices.

Let your colleagues know you're coming!

Register Now

* Required Fields

CISO Roundtable Agenda

9:40 AM - 10:00 AM

IANS Overview & CISO Attendee Introductions

John Carlin

John Carlin

Morrison & Forrester, Global Risk and Crisis Management Practice Group Chair

John P. Carlin, former Assistant Attorney General for the US Department of Justice’s (DOJ) National Security Division (NSD), chairs Morrison & Foerster’s Global Risk + Crisis Management practice and co-chairs the National Security practice, where he advises industry-leading organizations in sensitive cyber- and other national security matters. He is the author of Dawn of the Code War: America’s Battle Against Russia, China, and the Rising Global Cyber Threat, which provides an inside look into how we combat daily attacks on United States companies, citizens and government.  Prior to serving as the DOJ’s highest-ranking national security lawyer, Mr. Carlin served as Chief of Staff and Senior Counsel to FBI Director Robert S. Mueller, III. Under his leadership, the NSD launched nationwide outreach across industries to raise awareness of national security, cyber- and espionage threats against US companies and encourage greater C-suite involvement in corporate cybersecurity matters. Mr. Carlin also chairs the Aspen Institute’s Cybersecurity and Technology policy program, which provides a cross-disciplinary forum for industry, government, and media to address the rapidly developing landscape of digital threats and craft appropriate policy solutions.

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

10:00 AM - 11:00 AM

The Changing Landscape in Cybersecurity, Privacy and Risk Management

with John Carlin and Phil Gardner

John Carlin, former Assistant Attorney General for the DOJ’s National Security Division and former Chief of Staff to then-FBI Director Robert Mueller, will offer an insider’s perspective on cyber matters. Join John and and IANS CEO Phil Gardner for a lively, closed-door discussion on the business and privacy implications of today’s cyber headlines. They'll cover:

  • Why CISOs get fired – lessons learned from mistakes CISOs make post-breach around board interactions, working with auditors, attorneys, and more
  • Where US federal and state privacy legislation is headed and what CISOs need to do now to prepare
  • Middle East-based start-ups (powered by private equity) are now hawking nation-state level cyber surveillance tools on the open market – how does this alter the corporate risk picture?
  • Why the OPM and Marriott hacks still matter as Chinese intelligence continues to build its intel data lake
Brendan Leary

Brendan Leary

McChrystal Group, Senior Principal

Brendan Leary is a Senior Principal at McChrystal Group, where he works as part of our Advisory Services team. Brendan has supported companies in several industries and is currently advising an international wealth management company.

Brendan has deep experience in leadership, team building, planning, crisis and deliberate decision-making, and operational execution. He has driven organizational transformation and achieved results at the executive-level in every organization in which he has served. Recently transitioned from the Naval Special Warfare community, Brendan has 21 years of experience leading SEALs and other special operations units. His diverse military career has included counterterrorism, undersea operations, contingency operations in Liberia, combat operations in Afghanistan and Iraq, and counter-insurgency and stability operations in Africa.

Prior to joining McChrystal Group, Brendan was the Deputy Commander of an 1,800-member special operations organization with nine subsidiaries and regional responsibilities on three continents. He has led, mentored and improved high-performing teams to execute sensitive missions, build strategic relationships, and develop effective technical solutions in complex, dynamic, and high-risk environments.

Brendan earned a Bachelor of Science degree from Springfield College and a Master of Science degree in Military Strategic Studies from the Marine Corps University.

11:00 AM - 12:00 PM

Winning in a Chaotic, Complex Environment: Lessons from a U.S. Special-Ops Officer

with Brendan Leary

Retired Navy SEAL Commander Brendan Leary will introduce insights that help you and your organization adapt quicker and make faster, better decisions when managing complex, chaotic situations.

Brendan will start the session with some organizational and leadership lessons from ‘down range’ – how he and a handful of Special Operations officers turn the tide on the Iraqi insurgency in 2009-2011. Drawing from their lessons, this session will offer a blueprint for how to restructure an organization and lead in a fast-changing environment with incomplete, often contradictory, data.

dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.

12:00 PM - 1:00 PM

Lunch & IANS Faculty Briefing: Understanding Threats: Why Modeling Equals Strong Security

with Dave Kennedy

The security industry is now primarily focused on attack identification vs. attack prevention. This castle mentality is no longer a viable way to defend against daily threats. As an industry, threat modeling provides us with the ability to focus on high risk areas while developing strategies for defense.

IANS Faculty member Dave Kennedy will dive into attackers’ tactics, techniques, and procedures and offer up a program-centric approach to threat modeling. The takeaway? If we can focus on identify abnormal patterns of behavior, we can minimize the attacker’s time window. Topics will include:

  • Building threat models to impact your security program long-term
  • Measuring success and focusing on deficiencies
  • Improving cyber capabilities over time and measuring against others

1:00 PM - 2:00 PM

Solution Provider Power Hour

Executives from Cyberbit, ZeroFOX, and one other venture backed vendor companies will deliver 15-minute technical presentation to the assembled CISOs.

Following the briefing, IANS will facilitate a closed door, CISO-only discussion of the value and drawbacks of the vendor offered solutions.

zerofox
Rockie Brockway

Rockie Brockway

Practice Lead, Office of the CSO, TrustedSec

Rockie is an experienced 25-year veteran of IT/IS and highly technical Information Security Analyst, Design Architect/Assessor specializing in Business Systems/Impact Analysis. Through an understanding of business needs in relation to protecting business critical data (Brand Protection), he assists organizations in achieving their desired business outcomes. He has consulted in nearly every vertical and marries a strong technical background with outstanding creativity, communication skills, leadership, team building/teamwork skills and business acumen.

tim-bernard

Tim Bernard

Area Vice President, IANS

Tim leads IANS’ end user business in the Northeastern US and Canada, and midwestern US. Tim graduated [ages ago] from Providence College (Go Friars!) with a degree in Business Economics. When not wrangling roundtables or related IANS folks, he’s probably chasing his kids or his manic dog.

2:00 PM - 2:45 PM

Leveraging MITRE ATT&CK for Coverage Mapping and Controls Effectiveness

with Rockie Brockway and Tim Bernard

MITRE’s ATT&CK™ is a framework that supports information security teams as they seek to improve their posture. However, many security leaders do not understand how to use the ATT&CK framework to its fullest.

IANS Territory Leader Tim Bernard and Rockie Brockway, Practice Leader at TrustedSec, will co-lead a session to set a baseline understanding of ATT&CK, and provide insights for leveraging the framework to improve:

  • Threat Modeling
  • Threat Hunting
  • Purple Teaming
  • Product Evaluations

Using a client example, Rockie will also discuss leveraging ATT&CK to assess coverage mapping, controls effectiveness, and testing & validation.

You will walk away from the session with detailed examples and practical applications.

2:45 PM - 3:00 PM

Afternoon Networking Break

Andrew Gernt

Andrew Gernt

Associate, Brunswick Group

Andrew is an Associate in Brunswick’s Washington, D.C. office where he supports clients on crisis communications, stakeholder engagement, corporate reputation, and public affairs campaigns. He is the Chief of Staff to the Cybersecurity and Data Privacy practice. Prior to joining Brunswick Group, Andrew worked on several political campaigns providing strategic communications advice, preparing public remarks, and serving as a campaign spokesman. He began his career on Capitol Hill where he served as U.S. Congressman David Cicilline’s Communications Director and U.S. Senator Jack Reed’s Deputy Press Secretary.

Andrew received his master’s degree in national security and strategic studies from the Naval War College and a bachelor’s degree in English from the University of Colorado at Boulder.

 

Siobhan Gorman

Siobhan Gorman

Partner, Brunswick Group

Siobhan Gorman is a Partner in the Washington, D.C., office of the Brunswick Group, where she concentrates on crisis, cybersecurity, public affairs, and media relations. Siobhan has worked on corporate crisis across a range of industries, including financial services, healthcare, defense, entertainment, technology, and automotive. 

Siobhan has also led a range of cybersecurity, public affairs, litigation, and corporate reputation projects in the financial, retail, airline, and technology sectors. Tapping her longtime journalism experience, she regularly advises clients on media relations issues and conducts media training for executives. 

Siobhan is a member of the Senior Advisory Group for Harvard University’s Defending Digital Democracy Project, which is focused on preventing and mitigating cyberattacks on the election process. She is also member of the Advisory Committee for Brown University's Executive Master in Cybersecurity.

Prior to joining Brunswick, Siobhan had a successful 17-year career as a reporter, most recently at The Wall Street Journal. At The Journal, she covered a range of national security and law enforcement topics, including counterterrorism, intelligence, and cybersecurity. Prior to joining The Journal in 2007, Siobhan was a Washington correspondent for The Baltimore Sun covering intelligence and security. From 1998 to 2005, she was a staff correspondent for National Journal covering similar issues. She began her career as a researcher for a columnist at The Washington Post.

Siobhan won the 2006 Sigma Delta Chi Award for Washington Correspondence for her coverage of the National Security Agency and in 2000 received a special citation in national magazine writing from the Education Writers Association. She has been nominated three times for the Pulitzer Prize and is a graduate of Dartmouth College.

3:00 PM - 4:00 PM

Managing the Media During an Incident: A Brunswick Group Workshop

with Andrew Gernt and Siobhan Gorman

CISOs are increasingly public-facing executives – often in post-breach media briefings or other high-stakes situations. This Brunswick Group workshop starts with an analysis of post-breach video clips and then pivots to recommendations on putting your best foot forward in working with the media. Topics include:

  • The CISO’s new dual external and internal role
  • Telling your story and honing your message
  • Dealing with traps and left-field questions
  • How to stay on message and avoid being sidetracked
Steven Martano

Steven Martano

The Caldwell Partners, Consultant, Cyber Security Practice

Steven Martano is a consultant in Caldwell Partners’ Cyber Security Practice. He recruits across the information security function, including CISOs, CSOs, cyber advisory board members, and cyber leaders in professional services.

Steven spent seven years at Russell Reynolds Associates, where he helped build the Cyber Security and Supply Chain functional practices, serving as a member of the global Corporate Officers practice.

Earlier in his career, Steven worked at Sikorsky Aircraft (then part of United Technologies Corporation), where he led operations and financial planning for multi-billion contracts for the U.S military and key international customers in the Middle East, Asia and South America.

In addition to his professional career, Steven serves as an editor and featured writer at Beyond the Box Score, SB Nation’s baseball analytics platform, and is a contributing columnist to FanGraphs’ The Hardball Times. He holds a BA from The Catholic University of America and a master’s degree in economics & finance from Trinity College.

Michael Piacente

Michael Piacente

Co-Founder & Managing Partner, Hitch Partners

Michael is the co-founder and Managing Partner for Hitch Partners. Michael brings over 23 years of combined Cloud and IT practitioner and executive search experience. Michael leads a focused portfolio of search projects focused in the CISO space with a particular emphasis on Engineering and Product oriented Security leaders (Security Engineering and DevSecOps). Prior to starting Hitch Partners, Michael was the Founder and Managing Technology Partner for CVPartners which focused on CIO and Head of IT search projects.. Prior to his executive search life, Michael was a leader in the managed cloud operations space; first as an early member of the SiteSmith (now AboveNet) and then as a co-founder of OpSource (now Dimension Data). Michael began his career with MTI, one of the pioneers in the managed storage space. He is a native of Maryland, he lives in San Francisco and holds a B.S. Degree from the University of Delaware.

tim-bernard

Tim Bernard

Area Vice President, IANS

Tim leads IANS’ end user business in the Northeastern US and Canada, and midwestern US. Tim graduated [ages ago] from Providence College (Go Friars!) with a degree in Business Economics. When not wrangling roundtables or related IANS folks, he’s probably chasing his kids or his manic dog.

4:00 PM - 4:45 PM

Trends in Hiring and Compensation: A Panel Discussion of CISO Executive Recruiters

with Steven Martano, Michael Piacente, and Tim Bernard

In our final session, IANS Area Vice President Tim Bernard will moderate a discussion with two of the security industry's leading CISO executive recruiters. The session will focus first on career development and then move toward hiring, compensation trends and negotiation best practices. We'll discuss:

  • What traits do recruiters look for in high performing CISOs?
  • What does it take to advance to the Fortune 500 ranks?
  • Has my compensation kept up with the market?
  • What three negotiation tips should I use for my next position?
4:45 PM - 5:45 PM

Networking Reception

After spending a day learning and sharing ideas with your peers, join us for a networking reception to unwind and share insights from the day.

General Forum Opening

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:30 AM - 8:45 AM

IANS Welcome and Perspective

Come join us as we welcome you to the Forum.
8:45 AM - 9:30 AM

Keynote Interview

More information coming soon.
9:30 AM - 9:50 AM

Networking Break

Join your peers and transition to the CISO Roundtable for a day of closed-door, high-level sessions.

2019 Boston Facilitators

tim-bernard

Tim Bernard

IANS Area Vice President

Event: Boston Convention and Exhibition Center

415 Summer St, Boston, MA 02210

Hotel: Aloft Boston Seaport

401-403 D St, Boston, MA 02210

Room Rate:

$209

per night plus tax

Attendee Contact

ians@iansresearch.com

Check out IANS other upcoming events