CISO Hot Topic: Communicating to and Influencing CEOs and Boards of Directors: What Works and What to Avoid
- John Pescatore & Alan Paller
- Tuesday, June 14th, 6:00pm - 8:15pm
With security breaches regularly making headlines in mainstream media, CEOs, Boards of Directors and agency heads are focusing on cybersecurity and looking for answers from the CISO. As part of a continuing series of 'CISO Hot Topic' sessions, at SANSFIRE SANS will present sessions with real world lessons learned and 'What Works' examples for CISOs to learn how to take advantage of opportunities to interact with top management in ways that lead to increases in the effectiveness of the security program.
Agenda:
- 6:15pm - 7:00pm: Opening Talk: Steve Martino, VP Information Security, Cisco
- 7:00pm - 7:30pm: John Pescatore, SANS Director - "Creating and Monitoring Business Meaningful Security Metrics"
- 7:30pm - 8:15pm: Alan Paller, SANS Founder and Research Director - "The Most Important Errors CISOs Make in Briefing Top Executives and Boards, And Four Techniques That Have Worked Well"
Highlight Points:
- Briefing the board of directors is an opportunity to proactively improve the visibility security receives - which can be a good thing or a bad thing. However, it is also an opportunity to make mistakes that hurt a career.
- In order to take advantage of the opportunity to brief the BoD, CISOs need to understand the expectations board members have when they hear from any C-level corporate executive. SANS discussions with board members shows that all too often there is a big disconnect.
- Effective communications to the board requires both meaningful data and a communications approach and style that work to actually influence BoD member's discussions and recommendations and to drive the change necessary to make advances in corporate cybersecurity.
This session will be followed by SANS CISO and Instructor Frank Kim leading a session on "CISO Success Strategies."
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, June 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| Securing Your Kids | Lance Spitzner | Sunday, June 12th, 7:00pm - 8:00pm | SANS@Night |
Monday, June 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Dr. Johannes Ullrich | Monday, June 13th, 8:15am - 8:45am | Special Events |
| Women's CONNECT Event | Hosted by SANS COINS program and ISSA WIS SIG | Monday, June 13th, 6:00pm - 7:00pm | Special Events |
| State of the Internet Panel Discussion | Dr. Johannes Ullrich, ISC Director and Marcus Sachs, ISC Director Emeritus | Monday, June 13th, 7:15pm - 9:15pm | Keynote |
Tuesday, June 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| Managing Risk from Vendors and Other Third Parties | Hariom Singh, CISSP, Director, Policy Compliance (SME) | Tuesday, June 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Network Segmentation Quick Start How-to | Brett Young, Senior Security Consultant | Tuesday, June 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Next-Gen Now: Outsmarting Rootkits, Ransomware, and Zero-Day Attacks | Matt Hickey , DIrector, Sales Engineering | Tuesday, June 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Beyond Whois: See Threats Coming | Steve Butt, Sales Engineer | Tuesday, June 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Flipping the Economics of Attacks | Adam Lapins, Systems Engineer | Tuesday, June 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Critical Infrastructure ICS Attack Planning | Jason Dely, Principal Consultant, Professional Services | Tuesday, June 14th, 12:30pm - 1:15pm | Lunch and Learn |
| Innovation Showcase | — | Tuesday, June 14th, 5:30pm - 7:30pm | Vendor Event |
| CISO Hot Topic: Communicating to and Influencing CEOs and Boards of Directors: What Works and What to Avoid | John Pescatore & Alan Paller | Tuesday, June 14th, 6:00pm - 8:15pm | Special Events |
| Ultimate Test Drive (UTD) | Palo Alto Networks | Tuesday, June 14th, 6:00pm - 8:00pm | Vendor Event |
| GIAC Program Presentation | Jeff Frisk | Tuesday, June 14th, 6:15pm - 7:15pm | SANS@Night |
| Radware Attack Mitigation Systems (AMS) | Brian Ray, Sales DIrector, S.E. | Tuesday, June 14th, 6:30pm - 8:30pm | Vendor Event |
| How to bring some Advanced Persistent Trickery to your fight against Advanced Persistent Threats... | Bryce Galbraith and John Strand | Tuesday, June 14th, 7:15pm - 8:15pm | SANS@Night |
| Smartphone and Network Forensics Goes Together Like Peas and Carrots | Heather Mahalik and Phil Hagen | Tuesday, June 14th, 7:15pm - 8:15pm | SANS@Night |
| Digital Investigations: Leveraging the Multitude of Records | Ben Wright | Tuesday, June 14th, 7:15pm - 8:15pm | SANS@Night |
| Fire in the Hole: ICS Security Case Studies | Hosted by Derek Harp | Tuesday, June 14th, 7:15pm - 8:15pm | SANS@Night |
| Success Rates for Client Side Vulnerabilities | Jonathan Risto - Master's Degree Candidate | Tuesday, June 14th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Managing Large-Scale Incident Response | Kevin Liston, ISC Handler | Tuesday, June 14th, 8:15pm - 9:15pm | SANS@Night |
| Security Awareness: Understanding and Managing Your Top Seven Human Risks | Lance Spitzner | Tuesday, June 14th, 8:15pm - 9:15pm | SANS@Night |
| CISO Success Strategies | Frank Kim | Tuesday, June 14th, 8:15pm - 9:15pm | SANS@Night |
| The Nightmare on Cryptville Street: 20 Pills for a Night of Sleep | Oleg Bogomolniy - Master's Degree Candidate | Tuesday, June 14th, 8:15pm - 8:55pm | Master's Degree Presentation |
Wednesday, June 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| SANS Technology Institute Breakfast Reception | — | Wednesday, June 15th, 7:00am - 8:00am | Breakfast and Learn |
| Solutions Expo | — | Wednesday, June 15th, 12:00pm - 1:30pm | Vendor Event |
| Solutions Expo | — | Wednesday, June 15th, 5:30pm - 7:30pm | Vendor Event |
| Writing Tech: Stories from the Field | Joshua Wright | Wednesday, June 15th, 7:15pm - 8:15pm | SANS@Night |
| Homegrown AppSec: How to build your team from the inside | Frank Kim & Eric Johnson | Wednesday, June 15th, 7:15pm - 8:15pm | SANS@Night |
| Preparing for a PCI DSS Security Breach | Christian Moldes - Master's Degree Candidate | Wednesday, June 15th, 7:15pm - 7:55pm | Master's Degree Presentation |
| $HOME Sweet $HOME | Xavier Mertens, ISC Handler | Wednesday, June 15th, 8:15pm - 9:15pm | SANS@Night |
| Penetration Testing Mobile Banking Applications | Bojan Zdrnja, ISC Handler | Wednesday, June 15th, 8:15pm - 9:15pm | SANS@Night |
| Going Mobile: Are your apps putting you at risk? | Eric Johnson | Wednesday, June 15th, 8:15pm - 9:15pm | SANS@Night |
Thursday, June 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Hacking the Hacking Team | Jayson Wehrend , Solutions Engineer | Thursday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| Malware As A Service: Kill the Supply Chain | Tom Byrnes, CEO and Founder | Thursday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| MobileIron Mobile Security and Risk Review Research Results | James Plouffe, Lead Solutions Architect | Thursday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| Managing and Deploying Honeypots using Open Source Tools | Jason Trost, VP of Threat Research | Thursday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| ThreatConnect Demo | John Hurd, Intelligence Research Analyst, ThreatConnect | Thursday, June 16th, 12:30pm - 1:15pm | Lunch and Learn |
| Exploit Kits and Indicators of Compromise | Brad Duncan, ISC Handler | Thursday, June 16th, 7:15pm - 8:15pm | SANS@Night |
| Continuous Opportunity: DevOps & Security | Ben Allen | Thursday, June 16th, 7:15pm - 8:15pm | SANS@Night |
| Playing with SCADA's Modbus Protocol | Justin Searle | Thursday, June 16th, 7:15pm - 8:15pm | SANS@Night |
| Executing an Active Defense Strategy in an ICS/SCADA Network | Robert M. Lee | Thursday, June 16th, 8:15pm - 9:15pm | SANS@Night |
| The iOS of Sauron - How iOS Tracks Everything You Do | Sarah Edwards | Thursday, June 16th, 8:15pm - 9:15pm | SANS@Night |
| Pentest Apocalypse | Beau Bullock | Thursday, June 16th, 8:15pm - 9:15pm | SANS@Night |
Friday, June 17
| Session | Speaker | Time | Type |
|---|---|---|---|
| How to Make Sense of IOCs (or Automate it or Lose it!) | Pedro Bueno, ISC Handler | Friday, June 17th, 7:15pm - 8:15pm | SANS@Night |
| How to Commit Card Fraud | G. Mark Hardy | Friday, June 17th, 7:15pm - 8:15pm | SANS@Night |
| Data Mining Malware Like a Boss | John Bambenek, ISC Handler | Friday, June 17th, 8:15pm - 9:15pm | SANS@Night |
