Sep 11
  • 9:00 am – 5:30 pm Forrester Leadership Boards Meetings
  • 2:30 pm – 5:00 pm Fast Track To Zero Trust Certification: Interactive Classroom Session


Sep 12
  • 7:30 am – 8:30 am Registration & Breakfast
  • 8:30 am – 10:15 am Part One: Zero Trust
  • 11:15 am – 12:15 pm Part Two: Skills & Automation
  • 1:15 pm – 3:15 pm Track Sessions
  • 4:00 pm – 5:30 pm Part Three: Future of Security
  • 5:30 pm – 6:30 pm Networking Reception


Sep 13
  • 7:30 am – 8:30 am Breakfast
  • 8:30 am – 9:45 am Part Four: Protect The Brand
  • 10:15 am – 12:15 pm Track Sessions
  • 1:15 pm – 2:15 pm Part Five: Secure What You Sell
  • 2:45 pm – 3:30 pm Part Six: Hackers Vs. Execs

Wednesday Sep 11

9:00 am – 5:30 pm

Forrester Leadership Boards Meetings

Join Forrester analysts and your peers at an intimate and exclusive gathering to explore the Zero Trust strategies and cybersecurity innovations that will transform your organization.

Featured Sessions Include:

  • Workshop: Zero Trust Theory To Practice featuring Chase Cunningham, Principal Analyst and Peter Cerrato, Principal Consultant, Forrester
  • Mapping Zero Trust Controls To Major Security Frameworks featuring Renee Murphy, Principal Analyst and Alla Valente, Analyst, Forrester
  • The Great Zero Trust Bakeoff featuring an analyst panel facilitated by Stephanie Balaouras, VP & Group Director, Forrester
  • A live peer insights session designed to share challenges, gather advice, best practices and lessons learned

Leadership Board meetings are reserved for members only. If you’re not a member but want to learn more about attending, please reach out to your Forrester team or Jessica Burn ( and visit our website here.

2:30 pm – 5:00 pm

Fast Track To Zero Trust Certification: Interactive Classroom Session

Pre-Registration Required

Gain critical understanding of Zero Trust as a holistic approach that spans people, processes, and technologies, and accelerate your own path to being Zero Trust Certified. This live classroom experience of “Lesson 1: The Zero Trust eXtended Ecosystem,” from Forrester’s Zero Trust Strategy course, is your head start to hone your skills, align your team, and adopt Zero Trust in your unique business context. After attending, continue to our unique online learning program to cement your understanding of Zero Trust, gain hands-on experience with our Zero Trust Toolkit, and earn your certification as a Zero Trust Strategist.

Who Should Attend?
Security and risk management professionals including cybersecurity executives, their direct teams, and their close collaborators will benefit from this introduction to Zero Trust strategy as a means to mitigate the dangers of the trust assumptions that exist in today’s perimeter-based environments. This sample lesson from Forrester’s in-depth Zero Trust Strategy course introduces the Zero Trust eXtended Ecosystem and how to get started in your organization’s transition to Zero Trust.

To learn more about this session, click here.

Join Waitlist

Peter Cerrato, Principal Consultant, Forrester
David Holmes, Senior Analyst, Forrester

Thursday Sep 12

7:30 am – 8:30 am

Registration & Breakfast, including

General Breakfast sponsored by Code42

Employees Quit And Take Your Data! It’s Time For Zero Trust
The insider threat problem is getting worse. It’s no longer a matter of whether data `leaves companies’, but when it leaves — and it’s leaving every day. Much of the time, the data loss is at the hands of employees who quit and take project plans, source code and customer lists with them. Titles and tenure at organizations have given rise to blind trust, which in turn, has resulted in numerous high-profile data breaches at companies like McAfee and SunPower. The reality? Companies must find better ways to protect sensitive data when their employees depart. Enter Zero Trust (ZT). 

Joe Payne, President and CEO, Code42
Chase Cunningham, VP, Principal Analyst, Forrester

VIP Breakfast sponsored by McAfee

Cloud Security: New Platform, New Risk, New Rules 

Shift-Left is a new security model that allows developers of cloud native applications to enjoy the agility benefits provided by the flexibility of the cloud and the speed of CI/CD DevOps process while giving security administrators the peace of mind that systems are secure. This session will equip you to leverage the power of cloud native architectures that are here today, and quickly take advantage of the best of cloud technologies in the future through the collaborative efforts of DevOps and security.

This breakfast is invitation only. To submit a request to be considered to attend, please complete the form linked here 

John Dodds, Director Product Management Cloud Security, McAfee
Joe Bernik, Chief Technical Strategist, McAfee

8:30 am – 10:15 am

Part One: Zero Trust Goes Mainstream

The original driving force behind Zero Trust was a need to move security pros away from a failed perimeter-centric approach to security to a model that was much more data- and identity-centric and better adapted for today’s digital business. But Zero Trust is more than network segmentation; it’s a complete and holistic approach that includes processes and technologies.

Sessions include:

Zero Trust In The Real World

Unlike traditional network infrastructures, Zero Trust enables the business while adapting the firm’s security architecture to support new user populations (e.g., employees, partners, customers, and patients), customer engagement models, rapid cloud adoption, and new IoT devices and sensors. The model’s effectiveness and efficiency are why more and more organizations are choosing to adopt Zero Trust for their next-generation security architectures.

Chase Cunningham, VP, Principal Analyst, Forrester

Winning A Race With No Finish

This presentation will showcase the latest trends in threats and attacks by covering stories from the front lines, contrasted with responses from clients that are working to effectively limit the damage. We will discuss how to effectively mitigate attacks and build a more resilient organization moving forward. 

Wendi Whitmore, Vice President, X-Force Threat Intelligence, IBM

A Tale Of Two CISOs

In today’s mutating threat landscaping and rapidly evolving regulatory landscape, CISOs from different industries will have similar challenges but also some unique priorities specific to their vertical. In this panel discussion, we explore the differences and similarities between two CISOs from seemingly unrelated industries.

Bruce Pawelczyk, Director of IT Security, Governance, Risk & Compliance/Chief Information Security Officer, Raytheon Integrated Defense Systems
Olivia Rose, CISO, Mailchimp

Defining Trust

This moment marks an important inflection point where consumers’ expectation for trustworthiness is increasing while firms’ ability to sustain trustworthy relationships is waning. In this session, Anjali reveals Forrester’s latest data to illustrate how consumer privacy attitudes are changing, how trust fits in the equation, and what this means for your business.

Anjali Lai, Senior Analyst, Forrester

10:15 am – 11:15 am

Networking Break, sponsored by NTT

11:15 am – 12:15 pm

Part Two: You Don’t Have A Skills Problem: You Have An Automation Challenge

In the cybersecurity industry, there will be almost 2 million unfilled jobs by 2022 and intense competition for talent. However, much of this shortage is self-inflicted. Currently, women comprise only 11% of the cybersecurity workforce, and the diversity within that 11% is minimal.  Many organizations also rely on outdated recruiting practices that target a limited and quickly shrinking candidate pool. It’s time to rethink our talent strategies — particularly in light of the coming wave of AI and security automation.

Sessions include:

Dispel Security’s Staffing Shortage Myth With Recruiting, Diversity, and Automation

The lack of available security talent is the subject of many articles, vendor pitches, and conference tracks. Estimates indicate that there are millions of unfilled cybersecurity jobs and the problem is getting worse. The real issue, however, isn’t a dearth of willing job applicants. Instead, cybersecurity’s self-inflicted staffing shortage is the result of unrealistic expectations, ineffective recruiting and retention, and a lack of automation. In this session, we’ll discuss solutions for attracting, retaining, and augmenting cybersecurity staff.

Joseph Blankenship, VP, Research Director, Forrester

Your Data Map’s Missing Piece: Why Third-Party Risk Management Is Key

So you’ve mapped your data and understand where your processing activity risks lie, but are you missing the most important piece? In today’s shifting security and regulatory environment, it’s imperative that businesses understand the hidden risks that vendors and third-party data transfers pose to the reliability of organization’s records of processing activity. In this session, we’ll discuss the importance of incorporating third-party vendors in your data map and outline the benefits of ongoing monitoring and evaluation. We’ll provide a roadmap and action plan for updating your records of processing activity and share how it can be done more efficiently to support the entirety of the organization. 

Kevin Kiley, Vice President, OneTrust

The CISO Lens: How To Successfully Lead Change 

An analyst, a CISO, 5 themes and 15 minutes. What happens when you have two experts on stage with a microphone and a list of hot topics? It’s time to find out… In this session, Forrester’s Principal Analyst Jinan Budge will be working with Radian’s Chief Information Officer Donna Ross to tackle on a wide-ranging list of topics such as managing change, working with internal politics, managing the stresses of the job and other CISO leadership issues in rapid-fire format.

Donna L. Ross, Senior Vice President, Chief Information Security Officer, Radian Group
Jinan Budge, Principal Analyst, Forrester

12:15 pm – 1:15 pm

Lunch, including

VIP Lunch sponsored by Key Resources

Become Compliant Today – Modernize Mainframe Security

You must act now and know how to re-architect security policies and processes in real time, by mitigating code-based vulnerabilities, and retooling and training Security and Pen Testing teams.

In this session, attendees will learn:

  • Your number one priority must include scanning applications and operating system code
  • Mainframe security architects are essential
  • High risks of not including excessive access checking related to GDPR and other privacy regulations.
  • Differences between mainframe Penetration Testing and Vulnerability scanning.

This lunch is invitation only. To submit a request to be considered to attend, please complete the form linked here. 

Ray Overby, CTO & Co-Founder, Key Resources, Inc.

VIP Lunch sponsored by Cognizant

Your Business Depends On Fast And Accurate Responses To Today’s Cyber Threats

In this session you will learn:

  • Why new levels of speed and accuracy are needed in today’s threat environment
  • How modern security providers are delivering on these new security requirements
  • Which new technologies are being used by modern security providers

This session is invitation only. To submit a request to be considered to attend, please complete the form linked here. 

Ryan Parthasarathy, VP of Security Markets, Cognizant

1:15 pm – 1:45 pm

Track Sessions

In-depth examinations of key issues and best practices, led by Forrester’s best analysts. Choose from:

The Fast Track To Zero Trust

Organizations understand the strategic rationale for Zero Trust, but many struggle to know where to begin to actually implement it. Join this session to learn how to implement Zero Trust in common business use cases, using case studies from Forrester’s recent client engagements, to help you implement Zero Trust in practice.  

Paul McKay, Senior Analyst, Forrester

Maintain Your Security Edge: How To Develop And Retain Your Staff

Your recruiting efforts are wasted if your hires don’t see the point in staying. It’s not just about salaries. Join this session to explore measures you can take on every budget to provide skills development opportunities for your cybersecurity staff, support the conditions that enable employees to be successful in their roles, and improve retention.

Heidi Shey, Principal Analyst, Forrester

Peer Roundtable: Cloud Security Best Practices

Transitioning to the cloud is an operations mandate and a security nightmare. This session will facilitate a conversation and information exchange on how to secure your cloud platform’s configuration, hypervisors, containers and data in transit and at rest. We will discuss cloud platform (AWS, Azure, GCP) native and third party solutions to achieve the above.

Andras Cser, VP, Principal Analyst, Forrester

2:00 pm – 2:30 pm

Solution Sessions

Learn about the latest technologies that will help you power your security initiatives. Choose from:

CCPA: 5-Step Guide to California Consumer Privacy Act Compliance

With the clock ticking down until the California Consumer Privacy Act (CCPA) comes into effect on Jan. 1, 2020, many companies are struggling to understand the sweeping new privacy law, its impact on the business, and how to manage compliance across a matrix of global privacy laws. While there are still amendments to be settled before 2020, there are several few key ways to get ready for the CCPA’s privacy governance and consumer rights requirements. In this session, we’ll outline what this new law means for your business, detail what changes to expect to see before it’s put into effect, and lay out a 5-step guide to demonstrating on-going compliance the CCPA. We’ll also share findings from research conducted with the International Association of Privacy Professionals (IAPP) on how ready (or not) businesses are for the CCPA, what factors are driving compliance and how the GDPR fits into CCPA readiness. 

Kevin Kiley, Vice President, OneTrust
Addison Brown, Privacy Specialist, Allegis Group

Decoupling Security From Your Network: Blueprint For Segmentation Success

Protecting the digital assets of the trillion-dollar lender of lenders Fannie Mae began with an architectural shift to separate security from the network. Hear first-hand how Fannie Mae took advantage of this approach to operationalize segmentation – a foundational component of any Zero Trust strategy. 

Clayton Mascarenhas, Director, Information Security Engineering and Operations, Fannie Mae
PJ Kirner, Chief Technology Officer and Founder, Illumio

2:45 pm – 3:15 pm

Track Sessions

In-depth examinations of key issues and best practices, led by Forrester’s best analysts. Choose from:

Kill the Password with Zero Trust

Passwords continue to vex many organizations, both in terms of the escalating password management costs and the increased risk of data breaches caused by compromised password based accounts. The Identity and Access Management (IAM) components of the Forrester Zero Trust eXtended (ZTX) framework provide a mechanism for organizations to reduce reliance on passwords through implementing least privilege principles for devices and users. In this session, we’ll discuss how firms can transition easily to the new, identity-based perimeter ZTX framework and kill the password forever. 

Merritt Maxim, VP, Research Director, Forrester

Bring Zero Trust to Life With Infrastructure Automation

The Zero Trust Framework provides a great way to strengthen security and limit excessive access. To accomplish this, you need to partner with your infrastructure & operations brethren. Learn how enterprises drive Zero Trust down to the bare metal with automation and make DevSecOps a reality. 

Chris Gardner, VP, Research Director, Forrester

Tech Talk: Identity and Access Management for External Partners

Enterprises have to deal with hundreds and thousands of external partners for various business needs, such as product research, market research, network and infrastructure support, technology support, customer support, supply chain, and so on.  It has been ongoing challenges for enterprises to identify, manage, govern, authenticate and authorize external partners’ access to protected resources on premise and in Cloud. This session will go over various use cases and best practices to balance business needs, user experience, and security considerations for external partners.

Jing Zhang-Lee, Principal Security Architect/Engineer, Target

Peer Roundtable: Deep Dive Into The Davids And Goliaths Of GRC Platforms

2019 has brought a flurry of M&A activity to the GRC platform market.  This session will facilitate a discussion of who’s who of the GRC platform vendors, both large and small.

Alla Valente, Analyst, Forrester

3:15 pm – 4:00 pm

Networking Break

4:00 pm – 5:15 pm

Part Three: The Future of Security

In today’s world, it can be hard for security pros to assess the multiplicative risks created by emerging technology, increased network bandwidth, and interconnected devices, products, and services. What seemed like futuristic promises in 2013 — connected cars, homes, and cities — have become reality. These advances have also allowed attackers to dramatically expand their attack surface, automate their malicious activities, and launch attacks to disrupt services and products that were once unreachable. The bad news: The scale, scope, and impact of attacks will only expand.

Sessions include:

The Future Of Cybersecurity And Privacy: Defeat The Data Economy’s Demons

The combination of data and machines could fuel either techno-optimistic utopia (happier, healthier lives for all) or totalitarian dystopia (corporations and governments using personal data to extract oligopolistic rents and control people). In this session, we’ll discuss the key tools technology leaders and companies need to strive for the former.

Jeff Pollard, VP, Principal Analyst, Forrester

Benchmarks for Cyber Maturity: Insights from the Inside

Organizations are facing not only new threats but changing how they respond. The latest thinking in predicting, preventing, and responding to threats, based on benchmarks with over 300 enterprises, as well as how NTT’s own secure digital transformation as a global services provider, shows how the cybersecurity landscape is transforming. 

Miho Matsubara, Chief Cybersecurity Strategist, NTT
Craig Jett, VP Global Security Consulting, NTT

Where is Cybersecurity Heading? Perspectives from Investors

The first day of the Forum will wrap up with Merritt Maxim moderating a panel of local venture capitalist and investors, discussing the current state of cybersecurity innovation and venture creation. In this session, the panelists will explore such issues as which cybersecurity technology areas are hot (or not), the role of public/private sector partnerships and where the cybersecurity sector is headed in the next 18 to 24 months.

Merritt Maxim, VP, Research Director, Forrester
Ron Gula, President , Gula Tech Adventures
Michael Denning, Principal, Blu Venture Investments
Richard Gordon, Director, Inova Health System Personalized Health Accelerator

5:30 pm – 6:30 pm

Networking Reception

Friday Sep 13

7:30 am – 8:30 am

Breakfast, including

VIP Breakfast sponsored by Wickr

Data Security & Compliance In Our Zero Trust World

Microsoft consultants listening to Skype calls, Snapchat employees accessing saved Snaps and location, a Windows desktop vulnerability in Slack, the DoD forced to communicate on China’s 5G spectrum and Huawei hardware and the NSA using off the shelf Slack Channels for internal communications.  Recent real word examples of why we are all being pushed to rapidly embrace real zero trust strategies. The industry is saying Enough is Enough!… But with serverless computing “None is Enough”. 
Being private and zero trust by design is no longer optional for securing your most critical data.  Hear Wickr CEO Joel Wallenstrom discuss how organizations can:  
– Embrace technology where people and process (and partners) are measurably less trustful  
– Increase speed and productivity by moving people further away from sensitive data 
– Invoke the highest degree of security while still adhering to data governance/compliance 
– Prepare for and benefit from 5G for secure communications and locked down workflows 

This breakfast is invitation only. To submit a request to be considered to attend, please complete the form linked here. 

Joel Wallenstrom, CEO & President, Wickr

8:30 am – 9:45 am

Part Four: The Growing Security Mandate

CISOs must rapidly evolve to become business managers who protect their firm’s brand, strengthen its reputation, and build customer trust. To do so, CISOs need far more than just the latest technology; they need a team with the right mix of business and technical skills, a solid information security management system, a well-defined policy framework, metrics that demonstrate business value, and a business-aligned strategy that ties all this together.

Sessions include:

Protect The Brand And The Mission

Standard risk assessments may limit the imagination of participants by asking them to classify risks into static operational categories like legal, operational, and strategic. This gap may suggest why some of the biggest recent corporate losses caught their executives and boards off-guard. Instead, learn to categorize risks according to target, source, and impact. In this session, Renee will deliver new research on the financial impact of security failures and risk.

Renee Murphy, Principal Analyst, Forrester

Secure Cloud Apps by Design: Shift Security Into the DevOps Process

In this session, learn how to reduce risk by integrating automated security into the DevOps process. “Shift Left” is the concept of pushing the responsibility of security earlier into the development cycle; promoting Security by Design. Build security discipline early in the development process by integrating it into the check in and build processes. 

John Dodds, Director Product Management Cloud Security, McAfee
Joe Bernik, Chief Technical Strategist, McAfee

Payments Cyber Crime: That Was Then, This Is Now

Hackers don’t wear hoodies and launch attacks from basements anymore. They’re well-funded and well-organized. The payments industry is taking a proactive approach to disrupting criminal fraud enterprises, taking cyber intelligence and using machine learning to stop attacks before fraud can result.

Tia Ilori, Senior Director, Fraud and Breach Investigations, Visa

9:45 am – 10:15 am

Networking Break

10:15 am – 10:45 am

Track Sessions

In-depth examinations of key issues and best practices, led by Forrester’s best analysts. Choose from:

Creating An Ethical Framework For AI? Start With Privacy

Emerging technology, such as artificial intelligence (AI), can push firms’ forward only if customers, employees, and partners trust it and engage with it. A piecemeal approach to privacy, lack of transparency in data collection and handling practices, and failure to develop and implement effective data ethics frameworks undermine trust and will limit the success of your firm’s AI projects and innovation efforts.  Come to this session to hear how forward-looking Security, Risk, and Privacy pros are developing privacy and ethical standards to enable, support, and protect profitable innovation and earn the trust of the ecosystem. 

Enza Iannopollo, Senior Analyst, Forrester

Disruption In Development: What Are Developers Up To?

With the growth of open source, public cloud technologies, and consumption based billing models it’s easier than ever for developers to bring new software technologies into an enterprise through the back door. Join Forrester Vice President and Principal Analyst Jeffrey Hammond for an examination of the latest trends in the development and platform technologies, and where developers are taking the companies they work for (whether management realizes it or not). We’ll draw on adoption data from Forrester’s yearly developer survey, as well as inquiry data from Forrester’s application development and delivery team to identifies high growth platforms and shifts in development processes and tools along with their implications for security and risk management professionals. Finally, we’ll identify “win-win” opportunities that can keep developers happy while minimizing additional risk in the software development and delivery process.

Jeffrey Hammond, Vice President, Principal Analyst, Forrester

Peer Roundtable: Using Cybersecurity Ratings Solutions In Your Enterprise Security Program

Cybersecurity risk ratings solutions have become widely used. This session will facilitate a discussion on using cybersecurity risk ratings solution as part of your security program. Learn from peers how they use these solutions in assessing 3rd party supply chain security risks and assessing their own enterprise security performance. We will discuss how to practically use these solutions and where they have limitations.

Paul McKay, Senior Analyst, Forrester

VIP Session: Implementing Zero Trust In Your Environment
How do I get started implementing Zero Trust? What does an operating model for Zero Trust look like? Forrester’s Principal Consultants will lead a round table discussion on these and other practical concerns for making sure you plan for success in your Zero Trust roll out. You’ll learn:
  • How a solid communication plan, a reference architecture customized for your environment and an interactive approach to testing solutions must all work together as part of your operating model.
  • The three key elements of a Zero Trust operating model.
  • How human + machine learning will be key to managing the additional telemetry Zero Trust visibility will generate.


Hosted by:

Elaine Hutton, Principal Consultant, Forrester
Peter Cerrato, Principal Consultant, Forrester

This session is invite-only, and RSVPs will be accepted on a first-come, first-served basis. To confirm your attendance, please complete this form. Please email if you have any questions.

11:00 am – 11:30 am

Solution Sessions

Learn about the latest technologies that will help you power your security initiatives. Choose from:

Driving Zero Trust From The Top Down: Five Tips to Enable Zero Trust As A Leader

Zero Trust has become a strategic initiative for preventing successful cyberattacks, often driven from the top down. With so much buzz around Zero Trust, organizations still struggle to tactically implement a Zero Trust architecture. Join this session where John Kindervag, founder of Zero Trust, and Chase Cunningham, Forrester’s Principal Analyst for Zero Trust, give five tips on how, as a leader in your organization, you can empower your team to successfully deploy Zero Trust. 

John Kindervag, Field CTO, Palo Alto Networks
Chase Cunningham, VP, Principal Analyst, Forrester

People-Centric Cybersecurity in Your Zero Trust Journey

Learn new ways to quantify and respond to the security risk your people (employees, customers, and business partners) pose to your organization. We will discuss key technologies, integrations, and metrics that can inform your cybersecurity strategy and guide your journey to adopt a Zero Trust Approach. 

Jennifer Cheng, Director of Product Marketing, Proofpoint

11:45 am – 12:15 pm

Track Sessions

In-depth examinations of key issues and best practices, led by Forrester’s best analysts. Choose from:

What Supply Chain Can Learn from Third-Party Risk

IoT has transformed supply chains to be more efficient and cost effective through intelligent devices, networked sensors, and enhanced operational technology. It’s also presented a new challenge – supply chain cybersecurity. To protect against business disruption, regulatory fines, security breaches, revenue loss, or reputation harm, organizations and federal agencies must apply the same rigorous standards for vetting and assessing suppliers as they do with third- parties.  Learn about the threats and practical defenses for your digitally enabled business. 

Alla Valente, Analyst, Forrester

Security for Profit

Even though companies still may look at security as a “tax” on product development and operations, security for profit is not an oxymoron. This session will highlight how savvy CISOs can turn their firms internal and external security into competitive differentiators. We will look at examples of 1) rethinking and retooling business processes to make them less expensive and more secure, 2) how to imbue and resell your firm’s internal security as a product, and 3) how to profit from improved customer identity management. The result? Using security not only as a means to protect your customers and employees, but also as a springboard for business growth. 

Andras Cser, VP, Principal Analyst, Forrester

Peer Roundtable: Infrastructure Automation Best Practices

DevSecOps doesn’t happen without silo–crashing and compromise. This session will facilitate a conversation between your infrastructure and security teams. Infrastructure automation, hybrid cloud management and continuous delivery release automation will be discussed.

Chris Gardner, VP, Research Director, Forrester

12:15 pm – 1:15 pm

Lunch, including

VIP Lunch sponsored by Instart

Web Skimming: The Silent Data Attacks Impacting Your Web Apps
Web skimming attacks – those that steal personal customer information from web apps – are becoming increasingly popular thanks to groups like Magecart. Unfortunately, these breaches are costly for businesses following the recent fines handed out to major companies such as British Airways and Ticketmaster. Web skimming attacks are difficult to detect, yet surprisingly easy to perform. They also hurt organizations’ brands and can result in massive challenges relating to GDPR, CCPA and more. In this session, attendees will learn: What web-skimming attacks are and how they work Why organizations should be concerned What organizations can do to protect against them.  

This session is invitation only. To submit a request to be considered to attend, please complete the form linked here. 

Jon Wallace, Technologist, Instart

1:15 pm – 2:15 pm

Part Five: Security Everywhere

As our products and services become increasingly digital, and integrate themselves more deeply into our customers’ lives, the concept of (and the need for) security expands far beyond the perimeter of our own systems — and requires security professionals to become active participants in the secure design and delivery of what we sell.

Sessions include:

Secure What You Sell

Today, savvy customers worry about their privacy and a business’ ability to protect them from cybercriminals, fraudsters, dubious third parties, and government surveillance. CIOs and tech leaders must proactively protect customers from complex privacy abuses and more-sophisticated cyberattacks. That means that security teams must move out of their familiar backoffice roles and become active partners in the development and design of new products and services.

Amy DeMartine, VP, Research Director, Forrester

Privacy & Innovation: Busting The Zero Sum Game Myth

Privacy naysayers warned us that GDPR would kill innovation and put the kibosh on AI advances. But by all measures, neither has happened. So are privacy and technological innovation really a zero sum game? In this panel, we’ll discuss how privacy can actually be a boon for safe and future-proof innovation, and how privacy and security professionals can overcome objections for more, better standards and practices within their own organizations.

Fatemeh Khatibloo, VP, Principal Analyst, Forrester
Kevin Stine, Chief, Applied Cybersecurity Division, Information Technology Laboratory, National Institute of Standards and Technology (NIST)
Robin Berjon, Executive Director, Implementation and Data Governance, The New York Times

2:15 pm – 2:45 pm

Networking Break

2:45 pm – 3:30 pm

Part Six: Hackers vs Executives

Prepare to be encrypted! In this years’ Hackers vs Executives, we’re going to explore the inner thought processes of a CISO’s experiencing a ransomware outbreak. Fortunately, our brave heroes will not be alone, as they will be joined by industry experts in digital forensics, ransomware negotiation, and cyber insurance to help answer their questions (and yours) as we tabletop this terrifying scenario. 

Josh Zelonis, Principal Analyst, Forrester
James Webster, Vice President of Infrastructure and Operations/CISO, ManTech
Olivia Rose, CISO, Mailchimp
Tim Parisi, Director, Incident Response Services, Crowdstrike
Russ Cohen, Vice President, Cyber Services, Chubb
Tom Hofmann, VP of Intelligence, Flashpoint