Future of IT & Cybersecurity

CXO Summit

November 15-16, 2023

Visionaries

Octavia Howell
CISO
Equifax Canada

Summit Speaker

Recognized as one of the 2022 Top 20 Women in Canada, Octavia Howell has spent her career protecting some of the world’s largest financial institutions from cyber attacks. Today, she serves as Equifax Canada’s Chief Information Security Officer and is the Founder and CEO of Augustus Redefined, an organization focused on the advise ent of Black Women in Cyber. Octavia believes a security leader should mentor, motivate trust, and lead their teams to act with integrity and transparency. She often says, “A team is only as strong as their leaders and each leader casts a shadow that they will be held accountable for.” Octavia is motivated by the belief that we are placed on this earth to help each other achieve greatness (whatever that may be).
Shaun Khalfan
SVP & CISO
Discover Financial Services

Summit Speaker

Shaun Khalfan is the Senior Vice President and Chief Information Security Officer at Discover Financial Services. He leads the Information Security organization and has the overall responsibility of implementing its strategy and objectives in order to build a strong cyber engineering function. Shaun has over 20 years of IT experience with specialization in information security and risk management. He was formerly the Managing Director and Chief Information Security Officer of Barclays International where he led a team focused on enabling business partners and managed cyber risk across a diverse global banking environment. Previously, he was the Vice President and Chief Information Security Officer at Freddie Mac where he was responsible for company-wide cybersecurity risk reduction efforts, security architecture, securing cloud transition, modern software delivery transformation, and end-user experience enhancement initiatives. Shaun has held roles in increasing responsibility at the Department of Defense, culminating in the role of Chief Information Security Officer for the Department of Homeland Security, U.S. Customs and Border Protection. Shaun is a fellow with the American Council for Technology, and an adjunct professor at Carnegie Mellon University. He holds an MBA from George Washington University and is a graduate of the University of Maryland. He is also a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and a graduate of the Department of Defense Executive Leadership Development Program.
November 15-16, 2023

Attend this event

Not available on November 15-16, 2023?
View other dates for the Summit
1:30 PM-2:30 PM
Advisory Board Think Tank

2:30 PM-3:00 PM
Welcome & Registration

3:00 PM-3:15 PM
Opening Remarks

3:15 PM-4:00 PM
Panel
Filling the Talent Void

Information Security is a white-hot field. Over the last decade, it has gone from after-thought, to scapegoat, to critical enterprise success factor. As a result, the need for capable and qualified Information Security specialists, whether front-line Analysts, mid-level Managers, or top level CISOs is at an all-time high. However, the availability of personnel with the necessary skills is sinking to an all-time low. There simply is not enough expertise to go around. In this environment, senior Information Security leaders must express creativity in their pursuit of the people, performance, and passion necessary to address this capability shortfall.


4:05 PM-4:50 PM
Panel
Being Effective.... Securely

In the post pandemic era, remote employment is the new status quo. Employers are forced to implement and improve the digital workplace by providing productivity tools and accessibility to company resources. In this session, we will share case studies of successful digital workplace implementations, including how to deal with the inherent security risks of expanded accessibility to company resources. In this session you will learn from real working examples the keys to implementing a successful digital workplace including how to evaluate the potential ROI from the different security strategies available.


4:50 PM-8:00 PM
Welcome Reception

8:45 AM-9:45 AM
Welcome & Breakfast

9:45 AM-10:00 AM
Morning Remarks

10:00 AM-10:45 AM
Panel
The Greatest Fears?

The biggest fear is not the technology, it is the potential of human error that could expose your organization to a cyberattack. The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. Most also agree that they will not be able to reduce the level of employee disregard for information security. How do we guard against human error without limiting employee efficiency and productivity?


10:50 AM-11:15 AM
Keynote
What’s AI Doing for You?

The terms "Artificial Intelligence" and "Advanced Machine Learning" are often thought of interchangeably. While there is a relationship between AI and AML, to say they are the same thing is an oversimplification and misclassification. Rather, one begets the other with AI being the basic principle upon which AML is developed. As AI begins to mature and migrate away from purely advanced mathematical operations into decision making paradigms, AML steps forward as the predictive ability of machines to process vast quantities of data. As data and analytics becomes foundational to the way every business operates, AI and AML will become foundational capabilities.


11:15 AM-11:35 AM
Networking Break

11:35 AM-12:20 PM
Panel
Zero Trust Network

A zero trust approach to security has been steadily gaining steam for the last several years. The importance of this approach reached a new level with the May 2021 White House executive order requiring federal agencies to shift to this architecture by fall 2024.

Ransomware continues to grow and clearly as remote work became the new norm, and e-commerce increased. Leaders need to establish a mature level of cyber resilience to better handle ransomware and other potential data breaches. Luckily, zero trust can play a critical part in that strategy as more and more businesses are realizing that to build customer trust they must establish zero tolerance for trust in their security strategy. Will Zero Tolerance for Trust redefine the state of security as government and private industry scrutinize their trusted relationships more, and re-evaluate the ‘who, what, why’ in 2022 more than any other year?


12:20 PM-1:20 PM
Lunch

1:20 PM-2:05 PM
Panel
AI and ML: Using Emerging Technologies to Reinforce Security Defense Efforts

The improvements in Artificial Intelligence (AI) and Machine Learning (ML) are a double edged sword. It has the capability to improve upon security decision making and incident pattern recognition while also enabling hackers to create malware. Thus it is critical for CISOs to adopt these technologies to stay ahead of advanced threats and improve the recognition of exploits and weaknesses within their networks.


2:10 PM-2:45 PM
Fireside Chat
Guarding the Doors: Navigating 3rd Party Risk

Organizations are increasingly outsourcing business activities to 3rd-party vendors. It is critical for an organization to be vigilant when selecting the right 3rd-party vendor with the appropriate security posture, as many vendors are hosting, processing and transmitting sensitive regulatory information with unrestrained access to our IT assets.


2:45 PM-3:05 PM
Networking Break

3:05 PM-3:50 PM
Panel
Staff Shortages

We have always suffered from a shortage of good security employees. Is it any wonder we have trouble recruiting and motivating good security people?

The shift to work from home that was accelerated by the start of the COVID pandemic has resulted in a sharp increase in cyberattacks. Companies of all sizes were simply unprepared for the sudden and massive switch to remote work. As a result, data exfiltration and leakage has increased most sharply. Phishing, ransomware, VPN breaches and other security events have all shot up as well. Inevitably the sheer persistence of these attacks led to more hours of work needed leading to staff burnout, often more severe at organizations that are still trying to fight present battles with yesterday’s tools. Many believe that a new approach is needed to prevent cybersecurity staff burnout increasing the demand for more automated solutions since yesterday’s tools are not nearly as successful at stopping attacks as state-of-the-art methods, in addition to increasing the workload for cybersecurity staff, using them also exposes organizations to major losses.


3:55 PM-4:10 PM
Disruptor
Data Security and the Internet of Things

Enterprises are taking action on IoT security, but are they doing enough?

Intelligent, connected objects offer multiple opportunities for value creation and capture, but can also create tremendous risk, demanding new strategies for value protection. A single vulnerable device can leave an entire ecosystem open to attack, with potential disruptions ranging from individual privacy breaches to massive breakdowns of public systems. Being secure, vigilant, and resilient in the connected age is more important than ever as vast amounts of real-time information are captured by a growing number of connected devices we touch, pass, and encounter every day. Thanks to the IoT, data security risks will very likely go beyond embarrassing privacy leaks to, potentially, the hacking of important public systems.


4:15 PM-4:30 PM
Disruptor
Ransomware/Extortionware

CISOs face a huge headache trying to understand how to know when they were attacked, what data attackers have corrupted? How quickly can they recover from the attack? And do they have to pay a ransom to get the data back?

Ransomware remains a significant challenge for companies, not simply because it has become ubiquitous, but also because of the significant impact a single ransomware attack may have on a company and every other company or customer that relies on that company.

Cybersecurity and risk management have always been vital for the flow of any business. However, the current condition of the global supply chain makes it exceptionally vulnerable to severe damage from an attack more so than usual. When the supply chain is barely getting by, criminals are more likely to assume they have leverage over businesses. A ransomware attacker may be more brazen and exercise higher demands than they might have a few years ago.


4:30 PM-4:45 PM
Closing Remarks & Raffle Giveaway

4:45 PM-5:45 PM
Cocktail Hour