: Rob Clyde, Immediate Past Chair of ISACA’s Board of Directors , ISACA
: Avani Desai, President , Schellman
: Jack Nichelson, Chief Information Security Officer , MRK Technologies
: Jari Peters, Vice President, Cloud Security, Risk and Regulatory Compliance , Oracle
: Ed Pollock, Chief Information Security Officer , STERIS
: Joshua Washington, President , Lee Malveaux
: Keyaan Williams, CEO , Cyber Leadership and Strategy Solutions
As an InfoSec leader today your role is growing beyond worrying about cybersecurity risk and extends to catapulting your organization ahead of the competition. From building your team, developing long-term budgetary needs, and constructing and adopting a proactive defense organization, this year’s InfoSec Leadership Summit provides the tools and techniques you need to influence your employees, and your board, to follow your lead and achieve results.
Whether you are an army of one or the head of a large team, the InfoSec Leadership Summit brings you together with your peers to share successful strategies for driving and leading the business, while staying one step ahead of your attackers, and your competition.
InfoSec Leadership Summit Session Descriptions:
9:30 AM - 10:30 AM
ILS1 Protecting Your Blindside
Tim Callahan, Senior Vice President, Global Chief Security Officer, Aflac
The most dangerous thing for an organization and the CISO is what you don’t know: your blindside. Learn how Aflac successfully developed a strategy and architected a program to reduce its blindside. This session will cover building the team, constructing and adopting a proactive defense structure, developing bulletproof processes, and implementing an assurance program for complete effectiveness.
- Constructing a team and adopting a proactive defense structure with bulletproof processes
- Building a 3-5-year roadmap & program anatomy aligned to a cybersecurity framework
- Establishing appropriate governance/oversight committees & independent assessments
10:30 AM - 11:30 AM
ILS2 Raising the Red Flags in Cyber Risk and Keeping Ahead of the Competition
Rob Clyde, 2018-2019 Board Chair, ISACA
You know the scenario: you have allotted agenda time to explain complex cyber risk to the C-suite and boards of directors (who hope that you know what you’re doing, because they lack the time, desire or tech knowledge to delve deeper), and at the end of your presentation, blank stares or – worse – increased unease about your organization’s cyber readiness.
With a career spanning three decades, Rob Clyde has been on both sides of the table: he has served as CEO, CTO, and in other executive roles, and has also served as board director for many organizations and enterprises. His unique perspective allows you to see the presentation from both the board director’s and the security professional’s view. Clyde will offer helpful guidelines for creating a presentation that is clear, concise and transparent; you will learn how to articulate business impact, risk, and mitigation – but also how to tell the board what you need from them. Learn how to prepare key metrics and review examples of graphics, dashboards and helpful tools to summarize critical information.
Additionally, Clyde describes how to move your leadership beyond focusing on mitigating risk to understanding that the competitive risk of not adopting new technologies may be even more significant than security risk. This is the opportunity to go beyond the data to share your suggested strategies. Anticipate what questions might be asked and what data will ensure your board understands your cybersecurity program. Learn how you can share information on emerging technologies like IoT, AI and quantum computing so that your board can understand how they may impact your enterprise, and what can be done to mitigate security risks and safely adopt new technologies and opportunities. Take your leadership beyond worrying about cyber risk to adopting technologies that can catapult your organization ahead of the competition.
- How to share cyber risks and metrics with your board and anticipate their questions
- Board perspectives relative to new technologies, and how to explain competitive risk
- How to prepare key metrics; review examples of tools that summarize critical information
11:30 AM - 12:30 PM
ILS3 Cybersecurity Metrics and the Balanced Scorecard
Keyaan Williams, CEO, Cyber Leadership and Strategy Solutions, LLC
The best way for security to align with the business is to speak their language. About half of major companies in the US, Europe and Asia are using Balanced Scorecard (BSC) approaches. With so many business leaders using the BSC approach to align their practices to the mission and strategy of the organization, it is imperative that security and risk management leaders learn how to communicate using the same approach. This session will highlight the tools and techniques required to develop good metrics and present the data using the BSC to communicate the true value of security.
- Introduction to the Balanced Scorecard
- Developing effective metrics to measure the effectiveness of your security program
- Presenting the data in the BSC Worksheet for maximum impact with the business
1:30 PM - 2:30 PM
ILS4 Developing the Leader Within You!
Joshua Washington, President, Lee Malveaux
Learn how to influence your team to follow your lead and achieve results. This session will review the 5 Levels of Leadership and its impact on team and organizational performance. Leaders across various organizations will have an increased ability to lead teams, develop and sustain high quality staff, and achieve consistent performance results.
- Learn the 5 Levels of Leadership
- Assess which level you are currently demonstrating as a leader
- Learn how you can grow to the next level of leadership
- How to replicate at the employee level
2:45 PM - 3:45 PM
ILS5 Creating a Results Oriented Culture: By Measuring What Matters
Jack Nichelson, Chief Information Security Officer, MRK Technologies
Ed Pollock, Chief Information Security Officer, STERIS
Execution is everything. How simple goal setting with clear objectives and key results that are measurable will propel your team to exceed expectations.
What kind of operational data demonstrates cybersecurity leaders’ long-term budgetary needs for their programs and at the same time shows the progress they’ve made over the years? Learn how a duo of cybersecurity professionals used thought leadership and a goals-based approach to build the case for past capital and future spend—a system that won them both dollars and trust with peers and their boards.
In this session we will provide real-world examples of what metrics were chosen to show progress, and how the speakers have gone about gathering them. We’ll discuss how to make a difference and influence change in your organization if you are an army of one or a few more. You will leave this session not with abstract ivory-tower ideas on measurement, but with actionable tactics you can put in place within your own program today.
- Using metrics and soft skills to change behavior
- Using Lean methodology borrowed from the manufacturing industry to improve operations and inject security as a measured component
- Control the technologies and processes that require you to be involved with delivering the cool stuff: being a business enabler
- Real world examples of metrics used in our organizations
3:45 PM - 5:00 PM
ILS6 Overcoming Day-to-Day Challenges for Security, IT Risk and Privacy Workers
Jari Peters, Vice President, Cloud Security, Risk and Regulatory Compliance, Oracle
Avani Desai, President, Schellman
Workers in the area of Security, IT Risk and Privacy have extremely important roles that have very high stakes. These types of functions can at time feel thankless as if nothing negative happens work and effort often goes unnoticed. However, if there is a negative outcome in security or privacy the response will be extreme, and the impact can be extensive. Workers may feel unappreciated, overworked, underfunded and stressed. Stress can take an impact on work performance, happiness and health.
This session will review strategies to bolster the productivity, longevity, health and happiness of these workers.
- Allow team members to be part of innovative or proactive programs
- Offer opportunities to rotate into related or complementary job functions
- Offer opportunities to employees to mentor or train others on their expertise
- Implement programs to reward positive and successful practices rather than just reactions to negative, share accomplishments of the team with leadership regularly
- Ensure that employees take time to recharge and disconnect
- Provide them with opportunities to be visible and have a seat at the table