Black Hat Executive Summit

December 4, 2018

Centred, The Excel London

The Executive Summit at Black Hat Europe in London will return for its second year in 2018. The Black Hat Executive Summit offers CISOs and other cybersecurity executives an opportunity to hear from a variety of industry experts who are helping to shape this next generation of information security strategy. We'll be dissecting the latest technologies designed to keep ahead of sophisticated adversaries and provide a peek into future platforms; we'll outline the next-level skills and strategies CISOs need to bolster their relevance and wow the board; and, of course, we'll discuss the latest techniques for maintaining a proactive approach to data protection. For CISOs and executives looking to transform from a mere manager of information into a corporate champion of business growth, it's imperative to stay on top of the latest insight. That journey begins at the Black Hat Executive Summit.

*Please note: In order to create an open and candid environment that promotes the sharing of ideas, thoughts, and discussion, the Executive Summit will follow Chatham House Rule; neither media nor event coverage is permitted. This program was designed for executive security practitioners; solution providers and vendor attendees are limited to event sponsors.


Advisory Board

Dr. Jessica Barker
Co-Founder and Socio-Technical Lead at RedactedFirm
Daniel Barriuso
CISO
Banco Santander
Daniel Cuthbert
Global Head of Cyber Security Research
Banco Santander
Jane Frankland
CISO Advisor, Speaker, Author & Champion for Women in Cyber Security
Phil Huggins
Group Head of Information Risk & Security
Prudential plc
Darrin Johansen
Haumaru, LTD
Quentyn Taylor
Director of Information Security
Canon Europe
 

Agenda

Click/press a title below to learn more.

Time Session
07:30 – 15:00 Registration
09:00 - 09:15 Opening Remarks
  • Steve Wylie, General Manager, Black Hat
  • Jeff Moss, Founder, Black Hat, DEF CON
09:15 - 10:00 Keynote
  • Michael Colao, CISO/Head of Security, AXA UK
10:00 - 10:30
The Cyber Landscape: A Security Pro's Point of View
  • Timothy Wilson, Co-Founder & Editor-in-Chief, Dark Reading

Today's security professionals are not only wrestling with external threats – they're faced with internal challenges that range from compliance to risk management to uneducated upper management. In this session, we offer an analysis of several recent surveys conducted by Black Hat and Dark Reading that offer some insight on the attitudes and concerns of today's IT security managers, and how those concerns influence their decisions about enterprise defense.

10:30 - 10:50 Networking Break
10:50 - 11:30
Baking in Security: Why You Should Be Practicing DevSecOps
  • Jimmy Sanders, Information Security, Netflix

DevOps demonstrated to IT practitioners that combining development best practices with operational guidelines can yield faster results and better software. DevSecOps enables IT to incorporate security protocols into the process, saving time, money, and headaches as security is implemented and tested iteratively during development. Jimmy Sanders from Netflix presents examples of companies succeeding at DevSecOps and discuss the challenges of retrofitting existing development processes, training staff, and bridging on-premise vs. cloud-based approaches. We'll also discuss the realities of the time, costs, and skills involved in setting up DevSecOps and keeping it running smoothly.

11:30 - 12:20
CISOs' Perspective: Current Events Impacting the Enterprise
  • Beverley Allen, Head of Information Security Assurance, Old Mutual Wealth
  • Carole Embling, Information Security and Governance Lead, BMJ Publishing Group
  • Florence Mottay, CISO Europe, Ahold Delhaize
  • Moderator: Quentyn Taylor, Director of Information Security, Canon Europe

A panel of CISOs will discuss today's most pressing issues that are top-of-mind for security executives. The speakers will take a hard look at what’s important, what’s hype, and where you should be focusing your energy and resources as it relates to the business.

12:20 - 13:30 Networking Lunch
13:30 - 14:00
Surviving a Cyber-Weapon: One Year on from NotPetya
  • Andy Jones, Head of Research, Information Security Forum; Former CISO, Maersk

As the CISO for Maersk Line, last year Andy experienced probably the most disruptive cyber-attack in history. Now, as a researcher with a leading cyber-security organisation, he draws on his experience and that of over 400 global organisations to pose the question - what have we learnt? In the era of the cyber weapon Andy will discuss the implications of the NotPetya attack and suggest practical steps to improve resilience. Are you ready?

14:00 - 14:40
Moving Your Organisation from Internal Pentesting to Internal Red Teaming with Theoretical RT Engagements
  • Adam Schoeman, VP, Senior Red Team Cyber Analyst

For a business, there are a lot of advantages to utilizing red team engagements, especially when the team is internal. However, this approach is expensive in terms of analyst time and potential risk that is inherent from working on production systems. While that may be the nature of the red team beast, there are aspects of those engagements that can be carried over into a theoretical engagement. In this talk, Adam Schoeman will cover not only how a table-top or theoretical red team engagement can be a logical stepping stone from an internal pentesting team, but how it can be just as valuable to the business as a hands-on exercise. This talk will highlight which items to focus on, how to navigate common pitfalls, and how to evolve when you've nailed it and want to kick it up a notch.

14:40 - 15:00 Networking Break
15:00 - 15:30
Hacking the Skills Shortage
  • Jane Frankland, CISO Advisor, Speaker, Author & Champion for Women in Cyber Security

As hackers become more sophisticated, the skills shortage and the lack of diversity within the cybersecurity sector become even more apparent. Whether we’re talking about gender, competency or background, the current trend of recruiting from within small pools means the current workforce is not robust enough to deal with current threats - let alone future ones. Join best-selling author, and 20-year cyber security veteran Jane Frankland to understand the issues caused by a lack of diversity and how we, as an industry, can overcome it. Key takeaways include:

  • Understand why the skills shortage has evolved and its impact on leaders and society
  • Learn how to overcome the skills shortage problem through better leadership, security integration and stakeholder collaboration
  • Discover what data on the cybersecurity industry and more standardised job functions across the sector which will help with career progression and training
15:30 - 16:00
Black Hat Briefings Preview
  • Daniel Cuthbert, Global Head of Cyber Security Research, Grupo Banco Santander

Daniel Cuthbert, a member of the Black Hat Review Board, will provide a review of the hottest topics being covered during the Black Hat Briefings to give summit attendees a leg up on what to attend and what to look for during the conference. This conversation will set the premise for audience conversation and offer a framework for post-event action items for attendees.

16:00 - 16:50
Executive Summit Locknote
  • Mikko Hypponen, CRO, F-Secure

Worldwide security expert Mikko Hypponen will close the day with a summary on where we are coming from and where we are going. What will be the biggest trends in 2019 for both offense and defense?

16:50 - 17:00 Closing Remarks
  • Quentyn Taylor, Director of Information Security, Canon Europe
17:00 - 18:30 Networking Reception, The Bridge at The ExCeL

Welcome Reception Sponsor

Your enterprise needs to move faster, but lack of process and legacy tools hold you back. The ServiceNow System of ActionTM replaces unstructured work patterns of the past with intelligent workflows of the future. ServiceNow's Security solutions are part of the System of Action. ServiceNow Security Operations bring incident data from security tools into a structured enterprise security response engine. Workflows, automation, and a deep connection with IT help prioritize and resolve real threats fast. ServiceNow Governance, Risk, and Compliance (GRC) drives unified GRC programs. It transforms processes by continuously monitoring, prioritizing, and automatically responding to real risks in real-time. Learn more: www.servicenow.com/sec-ops


Premium Sponsors

Lockpath is an enterprise software company that helps organizations understand and manage their risk. The company's line of integrated risk management solutions provide companies with the means to efficiently and effectively identify, manage, and monitor risks, for a more agile and resilient business. Lockpath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas. For more information on Lockpath, visit lockpath.com.

Please click/press below for more information.

Chris Caldwell
Co-Founder and CEO

Software industry veteran Chris Caldwell serves as the president and CEO of Lockpath and leads the corporate direction and product vision. He leverages his experience serving as the vice president of products and marketing for GRC provider Archer Technologies, which was acquired by RSA, the security division of EMC, in 2010.

Caldwell was the president and COO of PPM Information Solutions, where he transformed the healthcare software company into a market-leading provider of practice management products and services. As a partner for the interactive firm, VML, Inc., he developed innovative software products and services, such as Seer™, which positioned the organization to be acquired by media conglomerate WPP in 2001.

Tony Rock
Chief Operating Officer

Tony Rock brings extensive leadership experience in finance, operations, and technology to his role as Chief Operating Officer at Lockpath. Rock's career path has taken him from Accenture to startups to private equity to China. He's touched a multitude of industries, including energy, healthcare, food/agribusiness, consumer goods, high-tech, software, aerospace, professional services, and industrial products. Along the way, Rock has served nearly 100 operating units, yet somehow found time to earn an MBA in Finance and Marketing, as well as his Chartered Financial Analyst (CFA) designation. Given his many accomplishments, Rock's true north is in driving revenue for innovative companies poised for growth.

Sam Abadir
Vice President, Industry Solutions

Sam Abadir has over twenty years of experience helping companies realize value through improving processes, identifying performance metrics, and understanding risk. Early in Sam's career, he worked directly with financial institutions and manufacturing companies to help them realize institutional value. As a Senior Manager at Deloitte, he focused on improving processes and increasing value for Global 2000 companies. In the past seven years, Sam has worked with software companies like Lockpath to build the tools that help companies manage risk and create value that enhance performance in a structured and efficient manner.

 

Foundation Sponsors

IBM Security, with 8,000 professionals in 133 countries, delivers an immune system of security technology to detect and prevent threats and respond quickly and completely to breaches. We address the evolving security landscape and our clients' most critical needs with AI innovation in the cloud and intelligent orchestration.

Please click/press below for more information.

Ray Evans
MBCS CITP, CISSP, Regional Leader Europe, X-Force Red

Ray Evans is the Regional Leader for X-Force Red in Europe. His primary responsibilities are managing and delivering security services to a global client base.

Ray has worked in IT for more than three decades, mostly in information security. He performed his first penetration test in 1995, followed by performing numerous security assessments. Ray has helped many customers understand and mitigate their top security risks. In January 2008, Ray was appointed the first Europe Security Testing Manager at IBM. His experience covers many industries including banking, insurance, hospitality and manufacturing and his team has successfully performed work ranging from oil rigs to Internet-of-Things devices.

Ray holds multiple industry and security qualifications and presents at conferences and universities on cyber security.

Ray has been hacking since he was 7 years old.

Rob Sedman
Director of IBM Security Business in UK and Ireland

Rob Sedman is the Director of IBM Security Business in UK and Ireland, leading the Security team to deliver end-to-end security solutions and services to clients. In his role, Rob is responsible for P&L, strategy, sales, delivery and commercials for UK and Ireland. Rob has over 20 years of experience in the IT industry across all sectors, with solid experience in large transformation services deals and leading a number of sales and consulting areas in IBM's GTS (Global Technology Services). He is married with 2 children and enjoys all sports especially rugby.

SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their ecosystems through continuous, non-intrusive monitoring. The company's approach to security focuses on identifying vulnerabilities from an outside-in perspective, the same way a hacker would. SecurityScorecard's proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Web, Application Security, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Credentials, DNS Health, Endpoint Security, IP Reputation and Cubit Score. To receive an email with your company's current score, please visit instant.securityscorecard.com.


Networking Break Sponsors

Agari is the only cloud-native solution that uses predictive AI to stop advanced email attacks. Winner of Best Email Security Solution by SC Magazine in 2018, the Agari Email Trust Platform™ prevents ransomware, ATO, phishing, BEC and other identity deception attacks, restoring trust to digital channels for businesses, governments, and consumers worldwide. Learn more at www.agari.com.

Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System uses AI algorithms that mimic the human immune system to defend enterprise networks of all types and sizes. Our self-learning approach is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. By applying its unique, unsupervised machine learning, Darktrace has identified 63,500 previously unknown threats in over 7,000 networks, including zero-days, insider threats and subtle, stealthy attacks. Darktrace is headquartered in San Francisco and Cambridge UK, and has 33 offices worldwide. For more information, visit www.darktrace.com.


Please direct inquiries to executivesummit@blackhat.com.