Westin Copley Place - Essex Ballroom

7:15am - 8:30am


8:30am - 8:50am
Registration Opens with a Breakfast Buffet and Networking in the Sponsor Pavilion

Welcome and Opening Remarks

Mary Lou Heastings
Executive Alliance Inc.
Richard Warner
Summit Moderator

8:50am - 9:20am

Morning Keynote – “Global Risks 2017”

Thomas Fuhrman

Global Leader, Cybersecurity and Advisory Services



Since 2006, Marsh & McLennan Companies has collaborated with the World Economic Forum on its landmark Global Risks Report. Tom Fuhrman, Summit Keynote speaker, will present on the findings from the Forum held in Davos, and share insights into key global risks, specific to cybersecurity and disruptive technologies.

Marsh is a wholly owned subsidiary of Marsh & McLennan Companies, a global professional services firm offering clients advice and solutions in the areas of risk, strategy, and people.

9:20am - 9:45am

“The Expanding Footprint of Executive Responsibilities”


Brian McGowan

Director IT Security and Compliance

Hasbro, Inc.


Christina Mazzone

Information Security Officer -

Brigham Health

Partners Healthcare



In an interview session, Brian McGowan, with responsibilities for IT Security and Compliance at Hasbro, and Christina Mazzone, Information Security Officer and Partners HealthCare, will discuss:

  • The new roles and responsibilities they are taking on and their impact to their organizations.
  • How they are managing legacy responsibilities as the processes mature.
  • How they envisage what new roles/responsibilities they think they will be taking on, or want to take on.

Hasbro, Inc. is an American multinational toy and board game company. Hasbro is the third largest toy maker in the world with revenues of approximately $4.45 billion. 

Partners HealthCare is a Boston-based non-profit hospital and physicians network that includes Brigham and Women’s Hospital (BWH) and Massachusetts General Hospital (MGH), two of the nation’s most prestigious teaching institutions.

9:45am - 10:15am

"A Risk-based Approach to Protecting Information in the Cloud –

Achieving Visibility and Control Across the Apps, Users and Data"


Marty M. Weiss
Cloud Security Sales Engineering and Author
Symantec, Platinum Sponsor


It’s no longer a question of “if clouds are secure?” Rather the question is how are you going to ensure that employees make appropriate use of and interact safely with applications from cloud service providers? Cloud governance, visibility and control are critical issues that need to be addressed. For many organizations cloud strategy still lags cloud use. After touching upon cloud ownership and risk acceptance, Marty Weiss with Platinum Sponsor, Symantec, will look closely at the two things you still have control over, and certainly accountability for — the people and the data.


10:15am - 10:55am

Break and Networking in the Sponsor Pavilion

10:55am -11:20am

"Navigating the Threat Landscape – The Knowns and Unknowns"


Pietr Lindahl

Head of Cyber Threat Reduction & Strategic Analysis



Richard Warner, Summit Moderator, interviews Pietr Lindahl, Head of Cyber Threat Reduction and Strategic Analysis at Philips on how his organization is facing the “knowns” of cyber security threats and also how he is looking towards the future as he builds his strategies for the “unknowns.”

Royal Philips is a Dutch technology company headquartered in Amsterdam with primary divisions focused in the areas of electronics, healthcare and lighting. It is one of the largest electronics companies in the world and employs around 105,000 people across more than 60 countries.

11:20am - 11:40am

Collaboration Without Constraints – “Securing Content and Workflows to Create the Limitless Enterprise”


Andy Feit
Chief Marketing Officer
Accellion, Gold Sponsor


As enterprises move to extend business processes to the outside world, we face constraints in order to achieve the benefits of productivity and agility necessary to compete in today’s global market. In terms of security, governance, and integration with existing systems and workflows, businesses must find ways to deliver a consistent and compelling user experience – whether on site or mobile – all while maintaining compliance and controlling costs. Andy Feit, Chief Marketing Officer with Accellion, Gold Sponsor, will provide insights into the key role of secure content collaboration as your organization rapidly evolves into a more open and mobile business.


11:40am - 12:00pm

"Top of Mind"

As security continues to evolve at a torrid pace, organizations are seeking answers to help remove complexity and to provide the ability to better understand the threat landscape.  This session will focus on insights into what executives are thinking in terms of bringing innovation into their organizations.

12:00pm - 12:20pm

"Cloud Security and Regulatory Compliance in the Financial Services Industry"


Gary Meshell

Global Sales and Business Development Leader

IBM Security , Gold Sponsor


Security within the Financial Services Industry is now more important than ever. The ability to not only prepare for the increase in attacks but also predict when these attacks will take place is paramount. For reference, IBM X-Force® Research reported that Financial Services was attacked more than any other industry in 2016. As Financial Services companies adopt hybrid cloud technology, regulatory and security concerns must be addressed. Gary will present his point of view on the Industry and how IBM can help financial services meet their regulatory obligations while maintaining a robust security posture.

12:20pm - 12:45pm

"Leadership During Challenging Times"

Ashley O'Connor-1.png

Ashley O’Connor

Vice President of Cyber Security Engineering

Federal Reserve Bank of Boston

In this interview session, Ashley O’Conner, VP of Cyber Security Engineering at the Federal Reserve Bank of Boston, will share insights into how she is facing the challenges today and leading her organization into the future.

The Federal Reserve Bank of Boston is one of the country’s twelve Federal Reserve Districts covering most of New England, Connecticut, Massachusetts, Maine, New Hampshire, Rhode Island and Vermont. The banks are jointly responsible for implementing the monetary policy set forth by the Federal Open Market Committee.

12:45pm -12:55pm

The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense


Andrew Finkelstein

Regional Manager

DarkTrace, Silver Sponsor


From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.

Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat. 

Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense,  is relied upon by organizations around the world, and can cover up to millions of devices. 

In this session, learn:

  • How new machine learning and mathematics are automating advanced cyber defense
  • Why 100% network visibility allows you to detect threats as they happen, or before they happen
  • How smart prioritization and visualization of threats allows for better resource allocation and lower risk
  • Real-world examples of unknown threats detected by ‘immune system’ technology
1:00pm - 2:05pm
Lunch and Networking in the Sponsor Pavilion
2:05pm - 2:40pm

"The Future of Privacy”


Trevor Hughes

President and CEO

The International Association of

Privacy Professionals


Privacy laws around the world are changing at a rapid pace whether it’s Privacy Shield, or the upcoming GDPR in 2018. Demand for data security and privacy professionals has grown exponentially, organizations are recognizing the need to better manage privacy and examine how privacy and security professionals can work together.  With the world turning its focus more towards privacy than ever before, Trevor will explore the changing privacy policy landscape and what companies should be focusing on to stay complaint with the latest laws and regulations. The session will also look at how new laws and policies are (or are not) keeping up with the privacy implications in the everchanging technology landscape. 

About the IAPP: The International Association of Privacy Professionals (IAPP) is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession. More information about the IAPP is available at iapp.org.

2:40pm - 2:50pm
Metrics of Effectiveness for CISOs

Mike Ruiz

Sales Engineer, Emerging Technology/ZPA Specialist

Zscaler Inc., Silver Sponsor




2:50pm - 3:15pm
Break and Networking in the Sponsor Pavilion

3:15pm - 4:30pm 

Executive Roundtable Discussions

Breakout sessions with your peers on topics determined by attendees during registration. Topics are facilitated by senior executives from across area, with debriefs provided during session wrap up.

Topic #1: Adaptive Security – Innovating for the Future

Gartner states that the intelligent digital mesh (people, devices, content and services), and related digital technology platforms and application architectures create an ever-more-complex world for security. The continuing evolution of the "hacker industry" and its use of increasingly sophisticated tools — including the same advanced technologies available to enterprises — significantly increase the threat potential. Relying on perimeter defense and rule-based security is inadequate and outdated, and organizations will need security-aware application design, application self-protection, user and entity behavior analytics, API protection, and specific tools and techniques to address IoT and intelligent app/thing vulnerabilities.

In this roundtable, discuss with your peers:

  1. Discuss the technologies you are using or researching in order to build a more adaptive environment.
  2. In terms of user and entity behavior analytics, where is your organization relative to profiling and baselining the activity of users, peer groups and other entities, such as endpoints, applications and networks?
  3. Discuss the use of technologies that enable application security self-testing, self-diagnostics and self-protection.
  4. What are the main obstacles you are running into in building an adaptive environment?
  5. Describe the strategy you are building (or would like to build) to move into technologies that allow for the adaptive environment.
Topic #2: Creating a High-Performing Information Risk Management Program

Cyber security readiness continues to evolve at a rapid pace as changes in the threat landscape forces organizations to be more vigilant than ever before.  In turn, the evaluation and prioritization of risk has taken on more importance to the business in order to make the right decisions.  

In this roundtable, discuss with your peers:

  1. How has your organization matured relevant to risk identification?
  2. Describe how your organization has been able to move from a security operations and technology focus to a more holistic, organization-wide approach involving multiple levels of people, processes and technology.
  3. What are some of the changes in the role and scope of your risk management program and what new activities are occurring as a result of the changes?
  4. Discuss the use of leading versus trailing indicators in developing your risk model.
  5. In terms of working towards building a more mature model of information risk, what areas are you still lacking in, in order to achieve the results you need?
  6. Where are the areas of success you have seen in your ability to evaluate risk?
  7. What are the key factors you believe an organization must for their risk management program to be considered “high performing?”

Topic #3:  Employee Knowledge - The Facts of Security

Global spending on security awareness training for employees is predicted to reach $10 billion by 2027. A sampling of recent prediction articles report data breaches will become better targeted and cost more, hackers will find more avenues to access sensitive data, and ransomware will “spin out of control.” Faced with this hostile environment, how are organizations working with their employees to focus on securing against these threats? 

In this roundtable, discuss with your peers:

  1. How has your awareness training strategy changed as the exposure has increased?
  2. How are you overcoming the “noise” associated with security awareness training so that employees don’t tune out?
  3. Discuss the use of behavior analytics to deliver a more targeted training program at the individual level.
  4. What is your strategy in terms of security and privacy awareness training tailored specifically to executives?
  5. In terms of application security development, how is your organization dealing with IoT?
  6. What best practices have you implemented recently to prevent and detect risks that have proven to be extremely successful with your employees? How are you giving visibility to these successes?
  7. Where are there still gaps and why?
  8. In preparation for the future, where will your focus be in terms of security awareness?

Topic #4:  Security Analytics & Threat Intelligence - Leveraging the Knowledge

As security organizations have access to technologies that allow them greater insight, analysis, intelligence and forecasting capabilities, the focus now sharpens on how to detect and mitigate risks faster, and leverage the knowledge acquired.  

In this roundtable, discuss with your peers: 

  1. Describe your current framework for using security analytics today.
  2. What are the pain points or obstacles in the way to being able to pull intelligence out of the data you are gathering?
  3. Is there a dedicated group within your organization focused on the analytics? If not, how are you approaching building intelligence capabilities with your staff?
  4. In the lifecycle of security analytics (capture, detect in real-time, analysis, measure & remediate, prevent), what areas have you built strong capabilities and where do you need to focus?
  5. What is your vision for use of security analytics in the future?

Topic #5:  Finding the Right Talent 

It’s no secret that finding, hiring, and retaining top cybersecurity talent is one of the biggest challenges for all security organizations. As today’s security environment will most likely become even more complex, how are you approaching hiring the right talent who can positively impact your organization?

In this roundtable, discuss with your peers:

  1. What are the key skills you believe someone must have to be successful in your organization and how has it changed from the past?
  2. What are the key traits that you believe will put someone on a leadership path in your organization?
  3. Cybersecurity roles are becoming more multidisciplinary and cross-functional.  Ideally, what type of experience is needed in a new hire for someone to be able to work with different functions in the enterprise—HR, legal, public relations, and marketing, as examples?
  4. In a MIT Technology Review survey, respondents said their organizations lack adequate forensics skills to lead so-called “hunt teams.”  These are people who can perform a Sherlock Holmes type of investigation around a breach or a compromise. What are your thoughts on how to acquire this type 1of talent?
  5. What type of methodology are you using to identify talent gaps for the future and what is your strategy for ensuring you can fill these gaps?

Topic #6:  Maturing the Discussions with the Board on Cyber Risk

As information on the challenges surrounding information security continues to gain traction with senior business leaders, security organizations need timely and actionable data to help reduce their company’s risk profile.  Access to information is moving a security organization from assuming a total technology defense posture to a risk-based approach.  Discussions being held at board levels have moved to a more mature conversation with the focus on risk and its impact to a company’s brand, customer and revenues.

In this roundtable, discuss with your peers:

  1. According a recent survey, 89% of board members said they are very involved in making cyber risk decisions and cyber risks were the highest priority for 26% of board members surveyed.  What is your feedback on the awareness and involvement of boards today?
  2. What are the key issues you feel boards are grappling with now?
  3. What are your comments on the main issues a board now needs to be aware of?
  4. What is your approach, relative to using metrics, analytics, etc., in communicating information to the board for them to have the capabilities to look forward?

Topic #7:  The $191 Billion Cloud Market – Security and Compliance for the Future

With Forrester stating public cloud is in hypergrowth mode, with expectations of a $191 billion marketplace by 2020, organizations are being forced to rethink traditional and often manual IT controls to prove compliance.  With the many variables, including the cloud platform, the workload, access, and sensitivity of data, how does a security organization move into the future to secure, control, and validate?

In this roundtable, discuss with your peers:

  1. What has your organization done to improve confidence of compliance and protection in cloud development?
  2. Discuss how you are developing a comprehensive cloud-aware security plan.
  3. What are you doing to gain better visibility into your cloud environment?
  4. What are the key areas of your strategy that will take your organization to the next level?
  5. What are the gaps you still see in successfully leveraging the cloud environment and how do you expect to overcome them?
  6. Discuss how you are setting up your organization for the future to continue to leverage the cloud.
4:30pm - 4:45pm
Closing Remarks
4:45pm - 5:45pm
Reception and Networking with Prize Drawings