Global CISO Forum Speakers 2020
2020 Speakers
Favour Femi-Oyewole
Group Chief Information Security Officer at Access Bank Plc
Favour is a graduate of Computer Science (BSc) – Ogun State University, with two (2) Master’s Degrees – MSc Computer Science – UNN and MSc Information Security – University of Liverpool, UK and currently a Doctoral student at the Covenant University, Nigeria.
She has over 20 years’ experience in managing all aspects of information technology with vast knowledge in Enterprise IT Security, Information Technology, IT Governance, Information Security best practices, Cyber Security, Business Continuity and Risk Management especially in dynamic, demanding large scale environments.
She also holds several certifications in the IT, e.g. Microsoft, Cisco, & Checkpoint, Information Security, Risk Management and Cybersecurity field. She is a Cisco Certified Security Professional, Checkpoint Security Administrator, 1st female COBIT 5 Assessor certified in Africa, Certified Chief Information Security Officer, Certified ISO 27001 Lead Implementer and Lead Auditor and Certified ISO 22301 Lead Auditor.
Favour is also the first female in Africa to be a Blockchain Certified Professional. She is a Certified ISO 27001:2013 Lead Implementer Trainer. An Alumni of both Harvard Kennedy School -HKS, Harvard University and Massachusetts Institute of Technology (MIT), USA.
She is a member of the Cybercrime Advisory Council in Nigeria with the Mandate of implementing Cybersecurity for all sectors in Nigeria and the pioneer Chair of Standard and Evaluations Committee.
Favour has brought global honour and recognition not only to her organization, the country, African continent, but to the entire world as she emerged the 1st woman in the world to win the Global Certified CISO (C|CISO) of the Year 2017 from the EC-Council in USA and currently nominated as part of the C|CISO Advisory Board.
Her diverse background in Information Technology, Enterprise Information Security and Cybersecurity has made her be outstanding in resolving complex Information Technology, Enterprise Information Security and Cybersecurity issues at different times in her career and also made her function effectively as a Global CISO.
She is versatile in the design and management of security implementations, Security Standards, security risk assessment, system-related security management and reviews, information security and Cybersecurity awareness training, IT Risk, IT Governance as well as Business Continuity Planning.
To her Security is not an afterthought, but must be embedded from the onset.
Prior to joining Access Bank as their Global CISO, she was the Group Head, Enterprise Risk Management at the Nigerian Stock Exchange having an oversight on both the Information Security and Enterprise Risk Management Department.
The CISO’s Battle – Securing the Unknown
We are going through challenging times globally while the continuous increase in global digitalization of most businesses have introduced associated security concerns, CISOs in turn have to change the approach used in securing their organizational assets. The current covid-19 pandemic which has suddenly turned the abnormal to norm has necessitated the importance of building a robust and resilient security culture more than ever as businesses combat largely unknown threats on a daily basis
Keith Rayle
Vice President and CISO at CCC Information Services
Mr. Rayle is a Security professional with over 20 years of direct experience in security sales, consulting, management and leadership. He is currently a security strategist for technologies and processes. A key part of his job role is the translation of security drivers into business support programs. The creation of security strategies, communication of program value to the business, and integration of board level security concerns to operational portfolio activities are key strengths. He has been a member of the Global PCI Council, a Managing Consultant with IBM as well as an Associate Partner. He has also provided executive advisory services for various industries and has a wide range of regulatory experience that includes PCI, SOX, FFIEC/FIDC, HIPAA and NERC CIP. Mr. Rayle regularly presents at summits and industry trade shows, and assists in writing industry certification exams.
Your first 100 Days as CISO
Join Keith Rayle, VP and CISO of CCC Information Services, as he walks through his first 100 days as a CISO. Shifting from a global speaker to an operational role was a roller coaster of a ride, with severe challenges and humorous situations throughout the journey. In this session Keith will talk about the experience to date, and how a security practice was rapidly transformed from a loose agglomeration of skills to groups of siloed specialties working as a larger, cross-functional team. We will talk through changing cultural mindset, managing internal politics, and other topics, providing a glimpse at…well…one approach to implementing a vision.
Malcolm Harkins
Chief Security and Trust Officer, Cymatic
Malcolm Harkins is the Chief Security and Trust Officer at cymatic reporting to the CEO and is responsible for enabling business growth through trusted infrastructure, systems and business processes. He has direct organizational responsibility for information risk, security and privacy policy.
I believe, I belong, I matter ℠ – the art of curating commitment in yourself and others
Ever wonder how to create lasting commitment from your employees and for yourself? How to get your teams to stay engaged battling thru the challenges we see day in and day out? How to improve your connections in relationships both inside and out of work? In this talk, I will explore how logic leads to reason and how emotion leads to action. I will go through my personal journey exploring and sharing lessons from my +25 years managing people and leading teams. I will explore the I Believe, I Belong, I Matter ℠ framework I created out of my lessons in life, love, and leadership. This framework has helped me learn how to better channel moods/emotions in myself and others, make smarter empathic decisions, understand and regulate conflict better, handle setbacks & tough situations with resolve & resilience, and create greater team and individual performance results. I will share what gifted curators of commitment do to inspire purpose, passion, and persistence to achieve hard but worthy goal both inside the workplace and with family/friends.
Scott Kuffer
COO, Nucleus Security
Scott Kuffer is co-founder and COO of Nucleus, operating as a hands-on technical executive, building and managing the security software aimed at optimizing the vulnerability management process. Prior to founding Nucleus, Scott was a Security Engineer at Rampant Technologies, providing security, systems, and software engineering services to the Federal Government. Scott holds a Master’s of Cybersecurity Management and Policy from Embry-Riddle Aeronautical University.
LinkedIn: https://www.linkedin.com/in/scott-kuffer/
Nucleus Security:
Website: https://www.nucleussec.com/
LinkedIn: https://www.linkedin.com/company/nucleussec/
Twitter: https://twitter.com/nucleussec
Facebook: https://www.facebook.com/nucleussec
Heath Renfrow
Director & CISO, The Crypsis Group
Heath Renfrow, a Director/CISO at The Crypsis Group, is widely regarded as one of the world’s leading cyber security experts. He has more than two decades of experience as a high-level information security specialist, much of it as a chief information security officer (CISO) in the United States Department of Defense, where he addressed some of the nation’s most significant cyber challenges. In 2017 he was named Global CISO of the Year by EC-Council, the largest cyber- training organization in the world.
Heath joined Crypsis in early 2020 from LEO, a cyber security advisory and operations firm, where as a CISO consultant he worked with clients to guide development of a cybersecurity culture, including executive education, security architecture design, and enterprise-wide best practices and security strategy.
Previously, he served as the first CISO for U.S. Army Healthcare, the largest Healthcare organization within the Department of Defense and one of the largest providers globally, where he developed a long-term strategic roadmap for addressing cybersecurity risks to the Healthcare environment. The program he established there became the cybersecurity gold standard for all of DoD and many private Healthcare organizations.
Heath has also served as CISO at the U.S. Army Corp of Engineers, U.S. Army Installation Management Command and as chief joint security officer at the Defense Information Systems Agency, as well as chief security officer at the military’s Global Cyberspace Integration Center. He began his career as a cyber interface control officer with the U.S. Navy.
A frequent public speaker on cyber security matters, Heath serves on a number of boards, including the National CyberWatch Center Foundation, the Association for Executives in Healthcare Information Security, the University of Indiana Cyber Advisory Council, and the CyberPatriot Program Advisory Council. He earned his master’s degree in cyber studies at the American Public University System and is bachelor’s in information technology from the University of Management and Technology.
So, you want to be a Chief Information Security Officer? Here is the good, the bad, and the ugly roadmap to success!
There has been a surge in the need for CISO’s over the last few years and can only expect that need will continue to surge in the future. With the shortage of cyber security professionals globally, it also makes several the CISOs new job title. This lecture is not just for the new talent, but also for us old folks. What does your first 30, 60, 90, 120 and 365 days look like? We will highlight those ups and downs, along with a roadmap to guide you to the success you are seeking in the CISO journey!
Lois Boliek
Strategist, IT Security and Asurance, Technology Consulting, HPE
Lois Boliek is the global manager for the HP Technology Consulting IT Assurance Program. The goal of IT Assurance is to integrate security across all service portfolios and advanced solutions. The focus is to “assure” security is architected into all client solutions and offer security-enabling services as a competitive differentiator for HP Technology Consulting. Boliek has a proven track record as well as field experience in security practice leadership, sales support and portfolio development.
Keyaan Williams
Founder and Managing Director, Cyber Leadership and Strategy Solutions, LLC (CLASS-LLC)
Keyaan J Williams is the Founder and Managing Director of Cyber Leadership and Strategy Solutions (CLASS-LLC), a professional services firm that helps global clients with cybersecurity strategy, program management, and workforce development. His professional experience includes two decades of support for corporate information security and risk management programs in large, regulated enterprises.
Keyaan’s reputation for leadership was established when he led the operational transformation of the Information Systems Security Association (ISSA) as the President of the International Board of Directors. He also served as the Sr. Manager Global Information Security with the DB Consulting Group working to build the program that standardized information security, risk management, and compliance practices across 46 country offices in Africa, Asia, and the Americas. This position stemmed from his previous service as Director Information Security (ISSO) for Centers for Disease Control and Prevention where he directed all aspects of information security, compliance, and risk management within the CDC Center for Surveillance, Epidemiology, and Laboratory Services (CSELS).
Keyaan has contributed to many books and publications, including his role as a leading author of the Certified CISO Body of Knowledge used by EC-Council to train and certify thousands of global technology and security executives.
Avoiding Senseless Security Metrics: A new prescription for seeing security information clearly
The struggle with metrics affects all business leaders who strive to measure and communicate the value of their programs and initiatives. Security metrics might be the most difficult measurements to communicate because non-technical business leaders and security executives speak completely languages. This session shines a new light onto old security measurements to help our business counterparts see the information more clearly.
Dick Wilkinson
Chief Technology Officer, New Mexico Supreme Court
Dick Wilkinson is the Chief Technology Officer on staff with the Supreme Court of New Mexico. He is a recently retired Army Warrant Officer with 20 years of experience in the intelligence and cybersecurity field. He has led diverse technical missions ranging from satellite operations, combat field digital forensics, enterprise cybersecurity as well as cyber research for the Secretary of Defense.
Moving beyond FUD: The kinder, gentler CISO
Fear, Uncertainty, and Doubt have been the calling card and sometimes crutch of the security professional. Motivating your peers and business partners with images of catastrophe will only serve short term objectives and doesn't build the long term productive relationships you will need to be a successful CISO. Learning what motivates the other C-Suite members and speaking their language will help you navigate the problems they are facing and allows you to integrate your own security objectives into their solutions. Showing up even when security is not the primary topic and proving your worth outside of the scope of IT will build a support base you will come to rely on when your proposal for the best security option is not the cheapest or most convenient. Trust, not fear, will win the day.
Steve Bartolotta
Vice President and CISO at Community Health Network of Connecticut, Inc.
Steve Bartolotta is a recognized information security and risk management expert who currently heads the enterprise Information Security and Risk Management programs at Community Health Network of CT, Inc. (CHNCT). Steve is a graduate of Tufts University and earned his MBA from the University of Hartford. After working as a math teacher for 4 years, he began his Information Technology and Information Security career. In 2004, he became Yale New Haven Health System’s first CISO and in 2014 accepted his current position as CISO and Vice President of Information Security and Risk Management at CHNCT.
Zen and the Art of Risk Management - Revisited
Follow one CISOs journey into the world of information security and risk management. Steve will use excerpts from Zen and the Art of Motorcycle Management to draw parallels to his adventures as a CISO. He will include wisdom and tips on a variety of topics including, starting a new security program or making an existing one yours, frameworks and regulations, metrics reporting and meeting with the Board, exceptions to policy, threats and vulnerabilities and risk management, incident response, recruiting and retention, organizations and membership, training and awareness, third party management, and the “Next Big Thing.”
Todd Bell
Chief Security & Trust Officer (CISO, Verdigris Holdings, Inc.
Todd Bell is the Chief Security & Trust Officer for Verdigris Holdings, a 100% cloud Banking as a Service (BaaS) located in Scottsdale, AZ. Todd brings more than 15+ years of information security & technology experience working at Fortune 500 global corporations to Start-up ventures. Bell is a recognized industry veteran that serves as a Subject Matter Expert (SME) for various analyst firms needing industry insights and market trends. Bell has made numerous contributions to the technology and cyber industry as CISOonline.com contributing writer and written white papers for EC Council and various organizations.
Prior to Verdigris Holdings, Todd served as VP of Enterprise Architecture & CISO for Intersec Worldwide, advising corporations how to build, sustain, and operationalize cybersecurity programs at scale. Before joining Intersec Worldwide, Todd was a Customer Chief Information Security Officer for a major franchise while at Fishnet Security and worked at Verizon Business that was formerly Cybertrust.
Bell holds an M.B.A. from Regis University in Denver, CO and bachelor’s degree in Business Information Systems. Bell holds a variety of professional certifications consisting of Corporate Governance (SOX) from Tulane University Law School, PMP credential from Project Management Institute, Information Security (CISSP), and a certified Master Project Manager from Regis.
API Security Is Critical for the API Connected Economy
Did you know that if you decompiled the source code for a mobile app that you can find the client ID, client secret, and the URL hardcoded into the mobile app! This isn’t just a lousy app design, this is for modern apps used on your iPhone to Android devices that make API calls to exchange your information. This is a cybersecurity problem that is not being properly addressed and having all of the API info can wreak havoc for critical mobile app connections that range from a DOS attack for application API’s, intercepting sensitive data that was not encrypted in flight as expected, flaws with the business logic, to an injection attack for unvalidated input to extract valuable data. We live in the API connected economy and security teams need to get deeper with DevOps to leverage security techniques such as GUID ID’s for session label swapping for an API endpoint that returns ID’s of objects and not expose the entire sensitive database of customer data. You don’t need to be a tech wizard for this presentation, just have an open mind for trying new methods to protect your company infrastructure. There are numerous measures that need to be taken to protect API’s and some clever methods for boosting mobile app/web app API security. This presentation will be a “how-to” of what to do and how to prevent your mobile apps and web site API’s from being exploited.
Bruno Fonseca
Corporate Chief Security Officer,
Asia, AXA Southside
As the Chief Information Security Officer at AXA Gulf, Bruno Fonseca oversees the areas of Information Security, Business Continuity & Crisis Management and IT Compliance and Risk, and is responsible for 4 countries (UAE, Oman, Qatar, Bahrain). As a Certified CISO and senior Information Security Professional with more than 19 years of experience in the Security and Operational Resiliency fields, he brings tremendous technical leadership and operational expertise to the company. Prior to joining AXA Gulf, Fonseca worked with some of the largest international Telecom and Insurance Groups, leading his teams towards best-in-class technology practices across all platforms and systems. Having started his career in the Military, he gained valuable experience in a variety of fields that has helped him succeed in the corporate landscape. Throughout his career, he has witnessed the steep increase in the complexity of the Information Security world and has worked on the continual improvement of the security practice in mature entities as well as establishing new security practices from scratch. Bruno is an active contributor in the Information Security community, and has been a keynote speaker at several conferences in Europe and the Middle East, on topics including Security breaches, Security trends, etc. He is also known to translate tech jargon into everyday language that is easily understandable by all business units.
Crash! Boom! Bang! How your CISO will not be enough to tackle your next crisis
As the threat landscape complexifies and the stakes get higher, is your Security team covering the right scope? Join Bruno Fonseca in this session where he will discuss the CISO role and how it needs to evolve to tackle multi-dimensional threats to keep your company safe and resilient.
Alex Leon
CISO,
Dime Community Bank
Alex Leon is the CISO at Dime Community Bank, a $6 Billion institution located in Brooklyn, New York. Alex has over 25 years of experience working in the Financial Services industry, including 18 years at Citibank and 4 years at Mitsubishi UFJ Trust and Banking. He has experience working in all 3 Lines of Defense (IT/IS, Risk, Audit). He has some of the most recognized Information Security certifications such as: C|CISO, CISSP, CISM, CISA, CRISC, CGEIT, CBCP, CTPRP and CSX-f. Alex has a Master of Science in IT Management from Colorado Technical University; and has recently earned a CISO Executive Program Certification from Carnegie Mellon University’s Heinz College of Information Systems and Policy. He is a Cybersecurity Advisory Board Member at Rutgers University, New Jersey. Alex is the first CISO at Dime Community Bank and reports directly to the Chief Risk Officer. He briefs the Bank’s Board of Directors at least quarterly. In his free time he shares his knowledge and industry experience with those entering the cybersecurity field. He is a Learning Tree Cybersecurity Instructor and enjoys skydiving during the summer months.
Building Up Your Appetite
A Bank CISO will discuss how to build your own Cyber Risk Appetite. Alex Leon will be joined by Maraike Harten, who together with combined extensive banking experience, will provide the attendees with details on how to identify and build your organizations’ Cyber Risk Appetite. Key risks will be reviewed and they will recommend when the Risk Appetite needs to be updated.
Sujeet Bambawale
CISO, 7-11
It is an honor and a privilege to serve as the Chief Information Security Officer of an iconic global brand that has a deep, cherished, always-on connection into communities everywhere. Information Security at 7-Eleven focuses on maintaining and enhancing an industry-leading, comprehensive and cohesive security fabric around our business value drivers in a customer-obsessed manner. The 7-Eleven Information Security organization brings together the various technical domains within Information Security with the force multipliers of Governance, Risk and Compliance as well as Data Protection to facilitate unified accountability and expedient action.
I came to 7-Eleven from Symantec’s Consumer Business Division where I had the honor of driving a global security engineering portfolio. Prior to joining Symantec via the LifeLock acquisition, I spent 5 years at NetApp, and over 10 years with Intuit; after working with the information security and risk management teams at Ernst & Young and KMPG. I have been responsible for leading key security initiatives that helped integrate security into the culture of the company and extend the brand into global markets. It has been a great honor to lead NetApp’s ISO27001 recertification, speak at NetApp’s conferences in Berlin and Tokyo and be a recipient of Intuit’s Innovation Award. At Ernst & Young and KPMG; I was responsible for developing risk mitigation strategies primarily for Fortune 500 clients in the financial and technology sector.
My focus is on maturing the organization’s security posture by driving execution to a well-socialized and accepted security strategy that benefits internal and external stakeholders through a pragmatic mix of building cross-organizational relationships and developing people managers. I have a Masters degree in Electronics Engineering and am a Certified Chief Information Security Officer (C|CISO), a Certified Information Security Manager (CISM) as well as Certified in the Governance of Enterprise IT (CGEIT). Most recently, I was fortunate to learn about organizational leadership at global scale, with a focus on innovation and cybersecurity; from my professors and colleagues at the Haas Business School in UC Berkeley.
I support the local and global security community by contributing to non-profit security organizations in a leadership capacity, offering mentorship and being an executive sponsor for key initiatives like Women in Technology, hiring veterans and academic programs designed to help kids & young adults stay safe online.
After automation comes prediction
This presentation is about artificial intelligence and deep learning being used as engines to drive a prediction model for accurately viewing the current threat landscape. Using a standard maturity model as a backdrop, automation helped security get to a repeatable state; and now prediction will let us get to an optimized state.
Marcus Fowler
Darktrace
Marcus Fowler spent 15 years at the Central Intelligence Agency developing global cyber operations and technical strategies, until joining Darktrace in 2019. He has led cyber efforts with various US Intelligence Community elements and global partners, and has extensive experience advising senior leaders on cyber efforts. He is recognized as a leader in developing and deploying innovative cyber solutions. Prior to serving at the CIA, Marcus was an officer in the United States Marine Corps. Marcus has an engineering degree from the United States Naval Academy and a Masters’ Degree in International Security Studies from The Fletcher School. He also completed Harvard Business School’s Executive Education Advanced Management Program.
Securing the Future of Work With Cyber AI
The future of work remains unpredictable and uncertain. More than ever before, business leaders need to remain confident that their operations can continue securely in the face of global or even regional crises, and while sections of the economy are slowly re-opening, cyber-attackers are ramping up their campaigns.
As businesses look set to rely on cloud and SaaS tools for the long term, our digital environments are going to be more dynamic than ever. Yet organizations are finding themselves undergoing a delicate balancing act—each new work practice and technology that is introduced also brings unforeseen risk. Static, legacy approaches have become redundant, both unintelligent and ill-equipped to adapt.
Organizations must rethink their approach to security, and rely on new technologies like AI to achieve much-needed adaptability and resilience. Darktrace is the world leader in cyber AI technology, and leverages unsupervised machine learning to seamlessly adapt and integrate into changing environments, and to detect and respond to attacks in the earliest moments.
In the face of an uncertain present and future, Cyber AI enables businesses to continue communicating, operating, and innovating.