Register Now
December 2-5, 2019
ExCel London / United Kingdom

Black Hat Executive Summit

December 3, 2019

Centred, The Excel London

Apply to attend

Black Hat Executive Summit offers CISOs and other cybersecurity executives an opportunity to hear from a variety of industry experts who are helping to shape this next generation of information security strategy. The program dissects the latest technologies designed to stay ahead of sophisticated adversaries and provide a peek into future platforms; we'll outline the next-level skills and strategies CISOs need to bolster their relevance and we'll discuss the latest techniques for maintaining a proactive approach to data protection. For CISOs and executives looking to transform from a mere manager of information into a corporate champion of business growth, it's imperative to stay on top of the latest insight. That journey begins at the Black Hat Executive Summit.

*Please note: In order to create an open and candid environment that promotes the sharing of ideas, thoughts, and discussion, the Executive Summit will follow Chatham House Rule; neither media nor event coverage is permitted. This program was designed for executive security practitioners; solution providers and vendor attendees are limited to event sponsors.

Executive Summit Applicants Must:

  • Have a CISO or equivalent job title or be an executive in charge of an organization's security decisions
  • Hold the primary responsibility for a substantial security program or be a top-ranking military/law enforcement officer
  • Contribute to an interactive, cooperative atmosphere; we are unable to accept employees of security vendors or contractors, except for the very limited number of executives that the event's sponsors will be able to send from their own ranks
  • The final determination of participants in the CISO Summit rests with Black Hat show management.

Advisory Board

Dr. Jessica Barker

Dr. Jessica Barker

×

Co-Founder and Socio-Technical Lead at Cygenta

Daniel Barriuso

Daniel Barriuso

×

CISO, Banco Santander

Mr. Barriuso was appointed Global Chief Information Security Officer (CISO) of Banco Santander group in 2017. He is responsible for the Santander´s cyber security vision, strategy, roadmap and operations globally. He joined from BP where he was Chief Information Security Officer and VP for Digital Security & Risk based in London. Previously he held leadership cyber security and risk management positions at Credit Suisse and ABN AMRO. Mr. Barriuso has coordinated multiple cyber security initiatives across the Financial Services and Oil & Gas sectors. He was the chairman of the Oil & Gas Cyber Security Network (OGCSN), and Chairman of the Investment Banking Information Security Group. He is a degree in Computer Science Engineering from the Polytechnic University of Madrid, and was awarded in 2015 with the Secure Computing Magazine Europe Award for CISO of the year.

Daniel Cuthbert

Daniel Cuthbert

×

Global Head of Cyber Security Research, Banco Santander

Daniel Cuthbert is Global Head of Cyber Security Research at Grupo Banco Santander. With a career spanning 20+ years in penetration testing, red teaming and secure software design. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).

Jane Frankland

Jane Frankland

×

CISO Advisor, Speaker, Author & Champion for Women in Cyber Security

Jane Frankland is a best-selling author, international speaker and award-winning entrepreneur. She is the Founder of Cyber Security Capital and the IN Security Movement and works with cyber security leaders of all levels. Last year she was named as the 3rd most influential person in cyber security in the UK.

Jane has over twenty years' worth of experience in cyber security, has built and sold her own global penetration firm and held executive positions at renowned consultancies. Over the years she has launched, created and been actively involved in numerous accreditation organisations, forums and schemes including OWASP, CREST and Cyber Essentials. She currently serves as an awards judge for three major awards in Europe and the USA, and as a Board Advisor for several organisations. She authors many articles, is regularly featured in industry and iconic British media, and is sought after as an international keynote speaker.

Jane is driven by her three children, an obsession to deliver outstanding quality and to make a positive difference in the world. Believing passionately in freedom, empowerment and entrepreneurism her vision is to build a more secure world by developing outstanding leadership and enabling diverse talents in cyber security to thrive. It's why she authored IN Security and created the Movement.

Phil Huggins

Phil Huggins

×

Independent Consultant and Interim CISO

Phil Huggins is a delivery-focused, chartered, security and risk professional with extensive experience of governance, management, system engineering and practical architecture across a wide range of disciplines and technologies. Phil is experienced in briefing and presenting cybersecurity risk concepts to boards and training NEDs. Phil has designed and operated security for critical national infrastructure and sensitive government. Phil has advised and managed global financial services organisations and advised national regulators on cyber resilience and cybersecurity.

Darrin Johansen

Darrin Johansen

×

Haumaru, LTD

Darrin Johansen has a Information Security career spanning 20+ years and specialises in greenfield and transformational leadership roles, architecting and delivering end to end Information Security and compliance functions in industries such as telecommunications, security, financial services and e-commerce.

Quentyn Taylor

Quentyn Taylor

×

Director of Information Security, Canon Europe

Quentyn Taylor is Director of Information Security for Canon Europe. He has a wealth of experience in both the IT and information security arenas and, in recent years, has focused his attention on building business relationships across the world. Quentyn has driven Canon's strategy to highlight the importance of document security and help business customers to minimise their security risk. Quentyn strongly believes in educating users about the importance of a comprehensive, overall security framework that will allow Canon's business customers to improve security in a cost-effective way. During his career, Quentyn has worked in a variety of industries for a number of organisations including outsourced service providers, Internet service providers as well as Dotcom businesses, before moving to Canon in 2000.

Agenda

Click/press a title below to learn more.

Time Session
7:30 AM – 3:00 PM Registration
9:00 - 9:15 AM Opening Remarks
  • Steve Wylie, General Manager, Black Hat
  • Jeff Moss, Founder, Black Hat, DEF CON
9:15 - 9:55 AM

Cyber Security in the Modern Distributed Enterprise: Within and Beyond the Perimeter

As organisations undertake digital transformation and connectivity the digital security perimeter is evolving; this talk will discuss the leading-edge topics of risk management in the modern enterprise and explore the protection of assets across operations with a focus on supply chain and extended enterprise risk.

  • Dr. Kevin Jones, Global Chief Digital / Information Security Officer (CISO), Airbus
9:55 - 10:35 AM

The Enemy Within: Modern Supply Chain Attacks

I'm in your supply chain, and you're probably in mine. Our increasingly interconnected infrastructure leaves us all vulnerable. With hundreds of millions of devices and millions of enterprises betting on the cloud, we see sophisticated attacks every day. Hardware, software, and service-based attacks, good and bad engagements with suppliers and partners — we've seen it all.

Go behind the scenes and learn about how Microsoft thinks about supply chain attacks — from the techniques and objectives of adversaries, the mechanisms that were effective in blunting their attacks, and the challenges dealing with the upstream and downstream partnerships that enable our shared technology ecosystem.

  • Eric Doerr, General Manager, Microsoft Security Response Center
10:35 - 10:55 AM Networking Break
10:55 - 11:35 AM

Greenfielding Information Security

Startup successes, mergers, new investors, woken boards, new laws, security breaches – there are numerous reasons why established profitable organisations can have missing Information Security functions and be searching for their first CISO to hurriedly solve their perceived problems.

Greenfield specialist Darrin Johansen will share his knowledge and experiences of approaching these unique situations and highlight the differences in approach required from a normal CISO role.

  • Darrin Johansen, Interim CISO, Haumaru
11:35 AM - 12:20 PM

Strategies and Solutions for Finding and Hiring Great People

With large investments in security, it is imperative you hire great people as they will be the difference between an average or awesome security function. We all know the basics of hiring people, but what secrets do people that hire large and successful teams have? In this session, a panel of experts offer insights on the current strategies and solutions being deployed by enterprises for finding the right candidates and hiring great people.

  • Jane Frankland, CEO, Cyber Security Capital Limited
  • Tor Macleod, Director, Via Resource
  • John Meakin, CISO & Cyber Security Advisor, Cyber CISO Ltd
  • Becky Pinkard, CISO, Aldermore Bank PLC
  • Karla Reffold, Founder, BeecherMadden
  • Moderator: Quentyn Taylor, Director of Information Security, Canon Europe
12:20 - 1:30 PM Networking Lunch
1:30 - 2:10 PM

Does Security Really Deserve a Seat at the Table?

The C in CISO has long driven calls for organisations to take security more seriously and give the CISO a 'seat at the table' but just like the CIO we have often struggled to break out of our own discipline and become true business leaders.

Phil will talk about how uninformed expectations from our bosses and peers and our own behaviours are holding us back. He will discuss practical ways we can become valued business leaders through clearly articulating our role, challenging impossible expectations, understanding our stakeholders needs and communicating in ways that gain traction with executives and board members outside our specialist field.

  • Phil Huggins, Independent Consultant and Interim CISO, Zava
2:10 - 2:40 PM

Personal Resilience - Thriving vs Surviving

Information Cyber Security professionals face a number of varying challenges; changing people's perceptions of our industry and business function; continually educating on the importance of investing in capabilities; lack of independent representation within the 'c' suite; to be understood as a business risk not an IT problem; skills, resource and budget shortages; all of which accumulate and lead to complete burnout and stressed individuals and teams.

As important as it is for us to support organisations in building their Cyber Resilience, are you spending an equal amount of time, if not more, building your Personal Resilience? Have you felt burnt-out and stressed? Has there been a consistent imbalance between your personal and professional life? Are your teams overwhelmed?

The focus of this session is to share experiences, tools and techniques, supporting you in building your personal resilience and facing your challenges by re-balancing and re-gaining control in order to thrive, not just survive.

  • Dee Deu, CISO, Xoserve
  • Bep Dhaliwal, Founder, Thrive365
2:40 - 3:00 PM Networking Break
3:00 - 3:30 PM

Black Hat Briefings Preview

Daniel Cuthbert, a member of the Black Hat Review Board, will provide a review of the hottest topics being covered during the Black Hat Briefings to give summit attendees a leg up on what to attend and what to look for during the conference. This conversation will set the premise for audience conversation and offer a framework for post-event action items for attendees.

  • Daniel Cuthbert, Global Head of Cyber Security Research, Grupo Banco Santander
3:30 - 4:00 PM

Managing Your Reputation in a Crisis

Incidents happen, how you manage them could make or break your reputation. In this session, Canon's Head of Corporate Communications — David Cook, will with a small panel of experts explore some of the golden rules for managing a crisis. The panel will discuss incidents relevant to InfoSec participants and help you understand how to come out of an incident with your reputation intact.

  • Will Hart, Managing Director, Brand, PR & Social, Nelson Bostock Unlimited
  • Rebecca Jabbar, Managing Director, Strategic Marcomms Consultancy
  • Thom James, Head of Social, Fever PR
  • Moderator: David Cook, Director of Corporate Communications, EMEA, Canon Europe
4:00 - 4:50 PM

Planning a Bug Bounty: The Strategic and Practical Nuts and Bolts from Concept to Launch

Thinking about launching a vulnerability disclosure or bug bounty program and not sure where to start or how ensure you get ROI? What should your program's goals be and how does align with your BAU security testing? How can you manage risks and engage your legal team(s)? Do you use a bug bounty platform or self-host; hire a 3rd party service provider or run things in-house? How much should you reward, and how do you safely pay researchers? How do you build partnerships with engineering teams and what do long product release cycles mean? There are lots of things to consider and this briefing will give you an actionable punch list of strategic and operational decisions to ensure you're set up for success!

  • Adam Ruddermann, Director, NCC Group
4:50 - 5:00 PM Closing Remarks
  • Quentyn Taylor, Director of Information Security, Canon Europe
5:00 - 6:30 PM Networking Reception, The Bridge at The ExCeL

Premium Sponsors

Jacobs leads the global professional services sector delivering solutions for a more connected, sustainable world. With more than $12 billion in revenue and a talent force of more than 50,000, Jacobs provides a full spectrum of services including scientific, technical, professional and construction- and program-management for business, industrial, commercial, government and infrastructure sectors. Our 70+ years of deep domain knowledge and engineering expertise enable us to push past the edge of innovation to achieve efficiency and Cyber resiliency required by today's industries and customers. We are the bridge and transformational engine securing the convergence of both critical Information Technology (IT) and Operational Technology (OT) data for a safer connected world.

Ernie Hayden

Ernie Hayden

×

Senior ICS OT Cyber Security Engineer

Ernie is a highly experienced and seasoned technical consultant, author, speaker, strategist and thought-leader with extensive experience in the critical infrastructure protection/information security domain, industrial controls security, cybercrime, cyberwarfare, power utility industry, and physical security areas. His primary emphasis is on offering expert advice and commentary on industrial controls security, chemical/oil/gas/electric grid security, and energy supply security. Ernie has held a broad variety of roles as an Executive Consultant at Jacobs; Founder and Principal of 443 Consulting LLC; an ICS Lead at BBA Engineering; Executive Consultant at Securicon LLC; and an information security officer/manager at the Port of Seattle, Group Health Cooperative (Seattle), ALSTOM ESCA, and Seattle City Light.

Ernie is a very active contributor in global security forums. He is currently a member of the European Union Network and Information Security Agency (ENISA) Stakeholder Board on Industrial Controls Security. He has been an instructor, curriculum developer, and advisor for the University of Washington Information System Security Certificate program in Seattle. Additionally, Ernie has been a contract instructor for the Cyberterrorism Defense and Analysis Center, sponsored by the U.S. Department of Homeland Security. He is a graduate of the FBI Citizens Academy, Seattle Police Department Citizens Academy, and US National SCADA Test Bed (NSTB) SCADA Security Course.

Foundation Sponsor

SecurityScorecard provides instant visibility into enterprise security posture as well as the cyberhealth of all vendors and partners in any organization's ecosystem. The platform uses trusted commercial and open-source threat feeds, and nonintrusive data collection methods, to quantitatively evaluate and continuously monitor the security posture of thousands of organizations worldwide. SecurityScorecard delivers the most accurate, transparent, and comprehensive security risk ratings available for small to large enterprises in every industry sector.

Fouad Khalil

Fouad Khalil

×

VP, Compliance

Fouad Khalil is the VP Compliance at SecurityScorecard and responsible for compliance programs, auditor education and alignment with best practices. With experience in the technology space, SDLC, IT, program management and most recently IT Security and Compliance management, Khalil's career path has provided him with keen insights in the areas of network, system and database administration, software programming and much more. For two decades, Khalil has focused on data security and compliance — an industry expert in IT, NIST, Internal Controls, GDPR, SOX, PCI DSS, HIPAA and HITECH. Khalil holds a BS in EECE from Marquette University and CISA and ITIL.

Please direct inquiries to executivesummit@blackhat.com.