Register Now
December 2-5, 2019
ExCel London / United Kingdom

Black Hat Executive Summit

December 3, 2019

Centred, The Excel London

Apply to attend

Black Hat Executive Summit offers CISOs and other cybersecurity executives an opportunity to hear from a variety of industry experts who are helping to shape this next generation of information security strategy. The program dissects the latest technologies designed to stay ahead of sophisticated adversaries and provide a peek into future platforms; we'll outline the next-level skills and strategies CISOs need to bolster their relevance and we'll discuss the latest techniques for maintaining a proactive approach to data protection. For CISOs and executives looking to transform from a mere manager of information into a corporate champion of business growth, it's imperative to stay on top of the latest insight. That journey begins at the Black Hat Executive Summit.

*Please note: In order to create an open and candid environment that promotes the sharing of ideas, thoughts, and discussion, the Executive Summit will follow Chatham House Rule; neither media nor event coverage is permitted. This program was designed for executive security practitioners; solution providers and vendor attendees are limited to event sponsors.

Executive Summit Applicants Must:

  • Have a CISO or equivalent job title or be an executive in charge of an organization's security decisions
  • Hold the primary responsibility for a substantial security program or be a top-ranking military/law enforcement officer
  • Contribute to an interactive, cooperative atmosphere; we are unable to accept employees of security vendors or contractors, except for the very limited number of executives that the event's sponsors will be able to send from their own ranks
  • The final determination of participants in the CISO Summit rests with Black Hat show management.

Advisory Board

Dr. Jessica Barker
Daniel Barriuso
Daniel Cuthbert
Jane Frankland
Phil Huggins
Darrin Johansen
Quentyn Taylor

Agenda

Click/press a title below to learn more.

Time Session
7:30 AM – 3:00 PM Registration
9:00 - 9:15 AM Opening Remarks
  • Steve Wylie, General Manager, Black Hat
  • Jeff Moss, Founder, Black Hat, DEF CON
9:15 - 9:55 AM

Cyber Security in the Modern Distributed Enterprise: Within and Beyond the Perimeter

As organisations undertake digital transformation and connectivity the digital security perimeter is evolving; this talk will discuss the leading-edge topics of risk management in the modern enterprise and explore the protection of assets across operations with a focus on supply chain and extended enterprise risk.

  • Dr. Kevin Jones, Global Chief Digital / Information Security Officer (CISO), Airbus
9:55 - 10:35 AM

The Enemy Within: Modern Supply Chain Attacks

I'm in your supply chain, and you're probably in mine. Our increasingly interconnected infrastructure leaves us all vulnerable. With hundreds of millions of devices and millions of enterprises betting on the cloud, we see sophisticated attacks every day. Hardware, software, and service-based attacks, good and bad engagements with suppliers and partners — we've seen it all.

Go behind the scenes and learn about how Microsoft thinks about supply chain attacks — from the techniques and objectives of adversaries, the mechanisms that were effective in blunting their attacks, and the challenges dealing with the upstream and downstream partnerships that enable our shared technology ecosystem.

  • Eric Doerr, General Manager, Microsoft Security Response Center
10:35 - 10:55 AM Networking Break
10:55 - 11:35 AM

Greenfielding Information Security

Startup successes, mergers, new investors, woken boards, new laws, security breaches – there are numerous reasons why established profitable organisations can have missing Information Security functions and be searching for their first CISO to hurriedly solve their perceived problems.

Greenfield specialist Darrin Johansen will share his knowledge and experiences of approaching these unique situations and highlight the differences in approach required from a normal CISO role.

  • Darrin Johansen, Interim CISO, Haumaru
11:35 AM - 12:20 PM

Strategies and Solutions for Finding and Hiring Great People

With large investments in security, it is imperative you hire great people as they will be the difference between an average or awesome security function. We all know the basics of hiring people, but what secrets do people that hire large and successful teams have? In this session, a panel of experts offer insights on the current strategies and solutions being deployed by enterprises for finding the right candidates and hiring great people.

  • Jane Frankland, CEO, Cyber Security Capital Limited
  • Tor Macleod, Director, Via Resource
  • John Meakin, CISO & Cyber Security Advisor, Cyber CISO Ltd
  • Becky Pinkard, CISO, Aldermore Bank PLC
  • Karla Reffold, Founder, BeecherMadden
  • Moderator: Quentyn Taylor, Director of Information Security, Canon Europe
12:20 - 1:30 PM Networking Lunch
1:30 - 2:10 PM

Does Security Really Deserve a Seat at the Table?

The C in CISO has long driven calls for organisations to take security more seriously and give the CISO a 'seat at the table' but just like the CIO we have often struggled to break out of our own discipline and become true business leaders.

Phil will talk about how uninformed expectations from our bosses and peers and our own behaviours are holding us back. He will discuss practical ways we can become valued business leaders through clearly articulating our role, challenging impossible expectations, understanding our stakeholders needs and communicating in ways that gain traction with executives and board members outside our specialist field.

  • Phil Huggins, Independent Consultant and Interim CISO, Zava
2:10 - 2:40 PM

Personal Resilience - Thriving vs Surviving

Information Cyber Security professionals face a number of varying challenges; changing people's perceptions of our industry and business function; continually educating on the importance of investing in capabilities; lack of independent representation within the 'c' suite; to be understood as a business risk not an IT problem; skills, resource and budget shortages; all of which accumulate and lead to complete burnout and stressed individuals and teams.

As important as it is for us to support organisations in building their Cyber Resilience, are you spending an equal amount of time, if not more, building your Personal Resilience? Have you felt burnt-out and stressed? Has there been a consistent imbalance between your personal and professional life? Are your teams overwhelmed?

The focus of this session is to share experiences, tools and techniques, supporting you in building your personal resilience and facing your challenges by re-balancing and re-gaining control in order to thrive, not just survive.

  • Dee Deu, CISO, Xoserve
  • Bep Dhaliwal, Founder, Thrive365
2:40 - 3:00 PM Networking Break
3:00 - 3:30 PM

Black Hat Briefings Preview

Daniel Cuthbert, a member of the Black Hat Review Board, will provide a review of the hottest topics being covered during the Black Hat Briefings to give summit attendees a leg up on what to attend and what to look for during the conference. This conversation will set the premise for audience conversation and offer a framework for post-event action items for attendees.

  • Daniel Cuthbert, Global Head of Cyber Security Research, Grupo Banco Santander
3:30 - 4:00 PM

Managing Your Reputation in a Crisis

Incidents happen, how you manage them could make or break your reputation. In this session, Canon's Head of Corporate Communications — David Cook, will with a small panel of experts explore some of the golden rules for managing a crisis. The panel will discuss incidents relevant to InfoSec participants and help you understand how to come out of an incident with your reputation intact.

  • Will Hart, Managing Director, Brand, PR & Social, Nelson Bostock Unlimited
  • Rebecca Jabbar, Managing Director, Strategic Marcomms Consultancy
  • Thom James, Head of Social, Fever PR
  • Moderator: David Cook, Director of Corporate Communications, EMEA, Canon Europe
4:00 - 4:50 PM

Planning a Bug Bounty: The Strategic and Practical Nuts and Bolts from Concept to Launch

Thinking about launching a vulnerability disclosure or bug bounty program and not sure where to start or how ensure you get ROI? What should your program's goals be and how does align with your BAU security testing? How can you manage risks and engage your legal team(s)? Do you use a bug bounty platform or self-host; hire a 3rd party service provider or run things in-house? How much should you reward, and how do you safely pay researchers? How do you build partnerships with engineering teams and what do long product release cycles mean? There are lots of things to consider and this briefing will give you an actionable punch list of strategic and operational decisions to ensure you're set up for success!

  • Adam Ruddermann, Director, NCC Group
4:50 - 5:00 PM Closing Remarks
  • Quentyn Taylor, Director of Information Security, Canon Europe
5:00 - 6:30 PM Networking Reception, The Bridge at The ExCeL

Premium Sponsors

Jacobs leads the global professional services sector delivering solutions for a more connected, sustainable world. With more than $12 billion in revenue and a talent force of more than 50,000, Jacobs provides a full spectrum of services including scientific, technical, professional and construction- and program-management for business, industrial, commercial, government and infrastructure sectors. Our 70+ years of deep domain knowledge and engineering expertise enable us to push past the edge of innovation to achieve efficiency and Cyber resiliency required by today's industries and customers. We are the bridge and transformational engine securing the convergence of both critical Information Technology (IT) and Operational Technology (OT) data for a safer connected world.

Ernie Hayden

Foundation Sponsor

SecurityScorecard provides instant visibility into enterprise security posture as well as the cyberhealth of all vendors and partners in any organization's ecosystem. The platform uses trusted commercial and open-source threat feeds, and nonintrusive data collection methods, to quantitatively evaluate and continuously monitor the security posture of thousands of organizations worldwide. SecurityScorecard delivers the most accurate, transparent, and comprehensive security risk ratings available for small to large enterprises in every industry sector.

Fouad Khalil

Please direct inquiries to executivesummit@blackhat.com.