December 6 2023


9:15 AM – 9:45 AM:

Meet your fellow Leaders, visit Exhibitors

9:45 AM – 9:55 AM:
Richard Greenberg

Welcome Address

10:00 AM – 10:45 AM:
Ira Winkler

10:50 AM – 11:05 AM:

Lightning Talk, Imperva

11:10 AM – 11:25 AM:
Austin Steffes

11:25 AM – 11:40 AM:

Break and Vendor Expo

11:40 AM – 12:40 PM:

Roundtable Discussions:

12:40 PM – 2:00 PM:

Lunch and Vendor Expo

2:00 PM – 2:45 PM:
Moderator: Richard Greenberg

4:25 PM – 4:45 PM:

Break, visit Exhibitors

6:20 PM – 6:30 PM:
Haral Tsitsivas

Closing Remarks

6:30 PM – 8:30 PM:

Happy Hour and Raffle Drawing

Talk Descriptions:

Soledad Ballroom

10:20 AM – 11:05 AM

Opening Keynote

Cybersecurity Credentials 101

Ira WInkler

With the supposed cybersecurity skills shortage, there is a lot of talk questioning the need for basic credentials. Requiring college degrees and certifications is now supposedly gatekeeping. Experience is now unnecessary. If you need a skill, you should train for it.
The reality is much different. As CISOs struggle to fill critical roles, this presentation serves as a refresher as to the importance of different credentials. The concept of “Cybersecurity Adjacent” is also covered as a critical way to help solve a hiring shortage.

Soledad Ballroom

11:10 AM – 11:25 AM

Lightning Talk

Open-Source Developers are Security’s New Front Line

Austin Steffes

Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, where OSS project credentials are compromised and malicious code is intentionally injected into open source libraries, allows hackers to poison the well. In this session, Sonatype will explain how both security and developers must work together to stop this trend. Or, risk losing the entire open source ecosystem.

Soledad Ballroom

11:40 AM – 12:40 PM

Roundtable Discussion

Cyber Insurance: a burdensome mandate or effective risk response?

Heath Nieddu

Cyber Insurance is increasingly used, but is it factoring into a CISO’s overall view of risk? In this session we will discuss how cyber insurance is used and any of the main challenges and benefits we are seeing with this increased use.

Soledad Ballroom

11:40 AM – 12:40 PM

Roundtable Discussion

Third Party Risk Management

Nelson Estrada

No company can do everything by itself. Join us to discuss strategies and best practices for securing the supply chain, including software and hardware components, to mitigate risks associated with third-party vendors and suppliers.

Soledad Ballroom

11:40 AM – 12:40 PM

Roundtable Discussion

GenAI: Friend, Foe, or Wolf in Sheep’s Clothing?

Alex Wood

GenerativeAI has been a hot button topic with some saying it will change the world and others saying it could cause the end of humanity. There are now countless LLMs and everything is in the process of having GenAI built into it.
There are great use cases and some less great. In all of them, there is risk, but how much? In this discussion, we will dive into the good, the bad, and the ugly of GenAI to decide if it is our friend, our foe, or something else.

Soledad Ballroom

11:40 AM – 12:40 PM

Roundtable Discussion

Defending against phone and SMS scams

Daniel Hoffman

Smishing and Vishing, or SMS and phone scams are becoming more common in the retail space.
How can we arm employees to identify and avoid these scams? Furthermore, what tools, policies and procedures can we use to mitigate the damage from successful attacks?

Soledad Ballroom

2:00 PM – 2:45 PM


Moderator: Richard Greenberg
Panelists: Dr. Fred Kwong, Gary Hayslip, Macy Dennis

Join your fellow Cybersecurity Leaders as they have an open dialogue about some of the most important topics keeping us all up at night. They will share their experiences and knowledge to help you at work. Don’t miss this important panel.

Soledad Ballroom

2:50 PM – 3:35 PM

Cyber Risk Governance – How Do We Achieve Multi-Level Visibility with Business and Technical Risk Context?

John B. Sapp

Cyber Risk Governance has been a topic of discussion amongst CISOs, C-Level executives and Board members for more than a decade, yet remains one of the most elusive and sought after outcomes by each of those stakeholders as well as the lines of business in every industry sector. This session will outline and dive into a strategic approach for establishing effective and efficient cyber risk governance and outline the outcomes and value that can be achieved at multiple levels (up, down and across), within an organization in a language that is consumable by the stakeholders with business and technical risk context.

Key Takeaways:

  • How to Define Cyber Risk Governance
  • Best Practices and Frameworks for Establishing a Foundation
  • Strategic Approach for Effective, Efficient (people, process, technology) Cyber Risk Management
    • Metrics/Measures for Operational Efficiency
    • Metrics/Measures for Cyber Risk Management
    • Metrics/Measures for Enterprise Risk Management in relation to a cyber attack

Soledad Ballroom

3:40 PM – 4:25 PM

Balancing Innovation and Risk in Today’s Ever-Expanding Technical Ecosystem


In today’s rapidly evolving business landscape, the expansion of our technical ecosystems pose both unprecedented opportunities and considerable challenges.

The proliferation of interconnected systems, emerging technologies, and the increasing interdependence among them have given rise to multifaceted system risks that organizations must navigate. These risks encompass cybersecurity threats, regulatory compliance (old and new), data privacy concerns, interoperability issues, and the potential for disruptive system failures.

Through collaborative insights and shared experiences, this discussion aims to equip the attendees with proven actionable strategies to include:

  • Understanding the dynamic nature of these risks
  • Aligning technological initiatives with overarching business objectives.
  • Blending innovation with a comprehensive understanding of organizational goals and market demand
  • Real world case studies highlighting successful alignment between business objectives and our InfoSec programs

Soledad Ballroom

4:45 PM – 5:30 PM

Ready, Set, Defend
Building Readiness Against Zero-Day Threats

Raffi Erganian

A zero-day vulnerability, by definition, has no known available patch, and no fingerprint when made public. How is an organization expected to respond? The goal is to identify potential exposure and apply mitigating controls, thereby reducing risk. But is the organization aware? And does it have both the insight and processes in-place to respond appropriately?

In this presentation we’ll be covering the modern organizations zero-day ‘vulnerability’ attack surface, strategies for responding to emerging vulnerabilities, and the tools (that you likely already have) that can help.

Soledad Ballroom

5:35 PM – 6:20 PM

Live recording of David Spark’s CISO Series Podcast

David Spark

David Spark hosts a live audience recording of CISO Series Podcast. Guests will be announced, but we will deliver everything you expect in a entertaining, informative, and fun packed show.
We’ll have conversations about security issues, working with vendors, staffing, and everyone’s favorite game, “What’s Worse?!”
Plus, we’ll be taking audience questions. Come join us. We guarantee you’ll have a great time.