Register Now
August 1 - 6, 2020
Virtual Event

Black Hat CISO Summit

Tuesday, August 4, 2020

The Black Hat CISO Summit is an approval-only event during Black Hat USA which brings together top security executives from global corporations and government agencies for a full day of unique discussions. Offered the day before the main Black Hat USA Briefings sessions, the CISO Summit is intended to give CISOs and other InfoSec executives leading-edge insight into the latest security trends, technologies and enterprise best practices.

All applications will be reviewed by Black Hat management, and notifications will be sent to applicants by July 24. Attendee guidelines are located within the application form.

*Please note: In order to create an open and candid environment that promotes the sharing of ideas and discussion, the CISO Summit will follow Chatham House Rule; neither media nor event coverage is permitted. This program was designed for executive security practitioners; solution providers and vendor attendees are limited to event sponsors.

Advisory Board

Justine Bone

Justine Bone

×

CEO, MedSec

Justine Bone is a CEO, Board Member and former CISO with 20 years of experience across the medtech, defense, and financial industries. Her broad areas of expertise include technology risk management, business and product development, cybersecurity communications and business development for technology providers. Justine currently holds the position of CEO of MedSec, where she develops cybersecurity program strategies and solutions for Healthcare Delivery Organizations and Medical Device Manufacturers. She also serves as a member of HP Inc.'s Security Advisory Board, is a faculty member of IANS, and is Chairperson of the non-profit Miami Children Corporation. Prior to her current roles Justine led as CEO of Immunity Inc (acquired by Cyxtera) and Chief Information Security Officer and Head of Infrastructure and Risk Management with Bloomberg L.P. and Dow Jones. Justine's training was as a researcher and security analyst for New Zealand's Government Communications Security Bureau.

Trey Ford

Trey Ford

×

Black Hat Review Board; Head of Trust, Heroku

Trey Ford is the Head of Trust at Heroku, a division of Salesforce. Heroku's Trust organization is responsible for the service reliability engineering and information security of the platform.

Over the last 15 years, Trey ran Black Hat events worldwide as General Manager, and provided services ranging from strategy, incident response, product management, PCI QSA and security engineering for a variety for industry leaders including Rapid7, Zynga, McAfee, FishNet Security and WhiteHat Security.

Jeremiah Grossman

Jeremiah Grossman

×

Black Hat Review Board; Founder & CEO of Bit Discovery, Chief of Security Strategy (SentinelOne), Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, and Founder of WhiteHat Security

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including and many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!

Robert Hansen

Robert Hansen

×

Black Hat Review Board; CTO, Bit Discovery

Robert Hansen became the CTO of Bit Discovery after his company OutsideIntel was acquired. Mr. Hansen has worked for Digital Island, Exodus Communications and Cable & Wireless beginning as a Sr. Security Architect and eventually leading managed security services product management. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-malware and anti-virus. Later he was the VP of Labs for Whitehat Security. Robert currently sits on the technical advisory board of and contributes to the security strategy of several startup companies as a virtual CISO and Innovation Officer. Mr. Hansen ran the web application security lab at ha.ckers.org, and authored/co-authored several books.

Wendy Nather

Wendy Nather

×

Director, Advisory CISOs, Duo Security

Wendy Nather is head of the Advisory CISO team at Duo Security (now Cisco). She was previously the Research Director at the Retail ISAC, as well as Research Director of the Information Security Practice at independent analyst firm 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She speaks regularly on topics ranging from threat intelligence to identity and access management, risk analysis, incident response, data security, and societal and privacy issues. Wendy is co-author of The Cloud Security Rules, and was listed as one of SC Magazine's Women in IT Security "Power Players" in 2014, as well as an "Influencer" in the Reboot Leadership Awards in 2018.

Alex Stamos

Alex Stamos

×

Black Hat Review Board; Adjunct Professor, CISAC Fellow, and Hoover Visiting Scholar, Stanford University

Alex Stamos is an Adjunct Professor, CISAC Fellow, and Hoover Visiting Scholar at Stanford University. Alex is the former Chief Security Officer at Facebook, where he led a team of people around the world focused on ensuring the safety of the billions of people who use Facebook and its family of services. Before joining Facebook, Alex served as the CISO of Yahoo and is widely recognized for revitalizing Yahoo's security program with innovative technology and products. Prior to Yahoo, he was the co-founder of iSEC Partners and founder of Artemis Internet. Alex is a noted expert in global scale infrastructure, designing trustworthy systems, and mobile security. Alex holds a bachelor's degree in Electrical Engineering and Computer Science from the University of California, Berkeley.

Saša Zdjelar

Saša Zdjelar

×

Strategy Manager, ExxonMobil Corporation

Saša Zdjelar is the Modern Workplace Strategy Manager at ExxonMobil Corporation where he leads a global team of people working on figuring out the future. ;-) He has spent the last ~15 years at ExxonMobil in various security and non-security roles working on strategy, enterprise security, enterprise architecture, application development, ERP systems designs/integration, program/project management, planning & stewardship, etc. He is an active member and leader in organizations such as Cyber Readiness Institute (CRI), Infragard, ISACA and ISACA, has been published in various industry publications, and has spoken at a number of industry conferences and universities. Saša holds a bachelor's degree in Management and master's degree in Decision Science from the University of Florida.

Agenda

Tuesday, August 4

9:00 – 9:30 AM		 Welcome and Introductions
9:30 – 10:00 AM

The Next-Generation CISO: Deploying a value-based approach to cybersecurity

It's time to view your cybersecurity voyage with new eyes. The next-generation CISO is a customer-oriented business partner. As individuals and organizations, we're on a mission to keep our technology ecosystems safe and secure. Learn how partnering with key business stakeholders and your customers can help you achieve long-lasting systemic change and increase cybersecurity.

  • Roberto Suarez, VP, CISO, Becton Dickinson
10:00 - 10:15 AM Networking Break
10:15 – 10:45 AM

Shadow IT: Adversary or Ally?

In this session we will discuss how a CISO can most effectively engage with Shadow IT so as to turn the relationship from the traditional adversarial to an effective partnership that benefits both the Shadow IT group and the security program. We will specifically discuss:

  • What is Shadow IT and why does it exist?
  • Why is Shadow IT generally a good thing to the organization?
  • Aligned goals and objectives is the first step to a successful relationship with Shadow IT
  • Navigating the tension between IT and Shadow IT
  • Some cautionary tales

The goal of this presentation is to equip CISOs of all experience levels with a new appreciation of Shadow IT and how, with effort to build effective relationships, dramatic improvements to the organizational security program can be achieved.

  • Martin Fisher
10:45 – 11:00 AM Networking Break
11:00 – 11:30 AM

ZeroTrust

You have probably heard about Zero Trust, probably too much. You might be sick of the term even. Don't fret. This session will delve into the hard realities of why this strategy makes sense and discuss why you should actually care. Join in and get the truth on what Zero Trust is, where it came from, why it works, and don't worry there will be no vendor spin allowed.

  • Chase Cunningham, Forrester
11:30 AM - 12:15 PM Networking Break/Lunch
12:15 – 12:45 AM

Hide and Seek: A CISO's guide to the "new normal" of insider threat

COVID-19 WFH ZTA DLP MDM WTH

The global pandemic has forced an emergency shift to remote work in many countries and all verticals. The IT and security efforts to implement this shift for has been less than graceful. This, coupled with large-scale layoffs due to a struggling economy has created unique problems for security organizations, which have themselves been impacted by layoffs. Insider threats and disgruntled employees have never before posed as much risk to organizations as they do right now. What can CISOs do to mitigate this risk? Gal and Rob will frame the problem and discuss solutions and best practices in this new normal for cyber security, from a blue and red team perspective.

  • Rob Fuller, Executive Security Consultant
  • Gal Shpantzer, vCISO
12:45 - 1:00 PM Networking Break
1:00 – 1:30 PM

How Microsoft enabled a fully remote workforce during a global pandemic

Jonathan Trull will be presenting on Microsoft's response to COVID, specifically, lessons learned, guidance, and best practices to how we moved our own employees to work remotely and how we securely managed 97% of our workforce shifting to remote work overnight.

  • Jonathan Trull
1:30 - 1:45 PM Networking Break
1:45 – 2:15 PM

Cybersecurity Futures 2025

This session explores, via four alternate scenarios, the new and different ways in which technology will intersect with society in 2025, and the resulting cybersecurity problem sets faced by businesses, governments, and societies. The session begins with an introduction to the scenario methodology and a description of the four ‘alternate future worlds' we used as the basis for the work. We will then present the top challenges and opportunities that emerged from our research, and how those challenges are viewed differently around the world. Next, we will present overall results to date, and discuss the implications of those results - and what CISOs might be grappling with in the future. Finally, we will walk participants through examples of the types of criminals, black markets, and threats that might result from the new security environment, and how our view of this has changed (or not changed) in the pandemic.

  • Ann Cleaveland, Executive Director, Center for Long-Term Cybersecurity, UC Berkeley
  • Steve Weber, Faculty Director at the Center for Long-Term Cybersecurity and Professor in the School of Information
2:15 - 2:30 PM Networking Break
2:30 – 3:00 PM

What Got Us Here (May) Get Us There: Trends from over a decade of DBIR reporting

The Verizon Data Breach Investigations Report (DBIR) has been a staple in security reporting for over a decade, always aiming to both document and inform on the current shape of the security threat landscape. It has also been a cathartic outlet of bad jokes and puns for the authoring team.

While the main purpose of the report is to examine what has recently (and not so recently) occurred, it has become clear to the team that over time attackers will attempt to maximize their Attack Return on Investment (AROI). While we can't tell you what the Next Big Attack (tm) will be, we'll delve into what the data suggests will define it and help to prepare for it.

Join us on a critical analysis of over a decade of alternating very stale and surprising trends, and learn how to better strategize in a landscape that changes very slowly at first and then suddenly all at once.

  • Alex Pinto, DBIR Team Manager and Co-author, Verizon
  • Gabe Bassett, DBIR Lead Data Scientist and Co-author, Verizon
3:00 - 4:00 PM Closing Reception