Black Hat CISO Summit



The Intelligent CISO: Becoming a Pacesetter for Cybersecurity Resiliency

In order to outpace the myriad threats facing the corporate enterprise today, CISOs must be armed with the latest technologies, techniques, and talent for predicting and mitigating potentially crippling cyber-attacks. For today's CISO, there's a constant need to understand adversaries and threats that are known and unknown and stay out in front of the next incident. At the Black Hat CISO Summit, you'll have an opportunity to join 200 CISO peers to discuss cutting-edge technologies and best-practices being deployed by pioneering security experts. Our speakers will demystify emerging strategies in AI, blockchain, IoT, DevSecOps, and more, and through interactive sessions, we'll map out concrete plans for increasing resiliency in 2018 and beyond. The intelligent CISO will have a competitive edge in the rapidly evolving digital transformation of cybersecurity.

*Please note: In order to create an open and candid environment that promotes the sharing of ideas and discussion, the CISO Summit will follow Chatham House Rule; neither media nor event coverage is permitted. This program was designed for executive security practitioners; solution providers and vendor attendees are limited to event sponsors.


Monday, August 6
17:00 - 19:00
CISO Summit Welcome Reception
Tuesday, August 7
08:00 – 08:15
Welcome and Introductions
  • Brian Gillooly, Co-Host, Black Hat CISO Summit and Moderator
  • Jeff Moss, Founder, Black Hat
08:15 – 12:00 Morning Sessions – A Focus on Technologies
08:15 – 08:45 Black Hat Briefings Overview
08:45 – 09:15 Keynote: The Empowered CISO: Hard Learned Lessons on Influencing Large Organizations
  • Alex Stamos, CSO, Facebook
09:15 – 09:45 The REAL Impact of AI on Cybersecurity
09:45 – 10:00 Networking Break
10:00 – 10:30 Using Blockchain to Improve Security, Efficiency, and Trust
10:30 – 11:15 The Critical Security Future for IoT
11:15 – 11:55 Baking in Security: Why You Should Be Practicing DevSecOps
12:00 – 13:10 Networking Lunch
13:15 – 17:00 Afternoon Sessions – A Focus on Strategy and Implementation
13:15 – 13:45 Bolstering Discovery/Repair While Improving Detection/Response
13:45 – 14:30 How to Excel at Measuring Risk: The Risk/Cost Ratio
14:30 – 14:45 Networking Break
14:45 – 15:30 The Evolution of the CISO's Role and the Importance of Workforce Diversity
15:30 – 16:15 The Breacher Report
16:15 – 17:00 Future Threats & Criminals – A Whiteboarding Workshop Session
17:00 Closing Remarks
17:00– 18:00 Cocktail Reception


Alissa Johnson
Vice President and Chief Information Security Officer
John Johnson
CEO and Founder
Aligned Security
Juliet (Jules) Okafor
SVP of Global Security Solutions
Fortress Information Security
Richard Rushing

Alex Stamos
Mark Weatherford
SVP & Chief Cybersecurity Strategist


Brian Gillooly
Contributing Editor
Black Hat
Jeff Moss
Black Hat & DEF CON

Premium Sponsors

Cylance® is the first company to apply artificial intelligence and machine learning to cybersecurity, improving the way companies, governments, and end-users proactively solve the world's most difficult security problems. Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist.

By coupling sophisticated technology with a unique understanding of an attacker's mentality, Cylance provides the products and services to be truly predictive and preventive against advanced threats.

Cylance's award-winning product, CylancePROTECT®, provides enterprise endpoint security without a cloud connection or frequent updates and uses a fraction of the system resources associated with legacy solutions.

Complementing CylancePROTECT, CylanceOPTICS™ is an AI driven endpoint detection and response (EDR) solution designed to extend prevention through root cause analysis, scalable threat hunting, and immediate response with consistent visibility into threats against endpoints.

Visit www.cylance.com or call +1-877-973-3336 for more information.

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 10,300 customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The Company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

Philippe Courtot
Chairman and CEO

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures.

Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions.

Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a master’s degree in physics from the University of Paris.

Sumedh Thakar
Chief Product Officer

As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys’ PCI compliance platform.

A long time advocate of the SaaS model and cloud computing, Sumedh worked at Intacct, a cloud-based financial and accounting software provider, before working at Qualys. Previous to Intacct, Sumedh worked at Northwest Airlines to develop complex algorithms for yield and revenue management for their backend reservation system.

Sumedh is active in the PCI and security community working closely with the PCI Council on the development and enhancement of PCI DSS. He co-authored “PCI Compliance for Dummies,” an easy-to-read guide designed to educate merchant organizations about PCI. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.

Foundation Sponsors

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber-attacks. FireEye has over 5,300 customers across 67 countries, including more than 825 of the Forbes Global 2000.

StrozFriedberg, an Aon company, is a specialized risk management firm built to help clients solve the complex challenges prevalent in today's digital, connected, and regulated business world. Our focus is on cybersecurity, with leading experts in digital forensics, incident response, and security science; investigation; eDiscovery; intellectual property; and due diligence. Stroz Friedberg works to maximize the health of an organization, ensuring its longevity, protection, and resilience. Founded in 2000 and acquired by Aon in 2016, Stroz Friedberg has thirteen offices across nine U.S. cities, London, Zurich, Dubai, and Hong Kong. Stroz Friedberg serves Fortune 100 companies, 80% of the AmLaw 100, and the Top 20 UK law firms. Learn more at www.strozfriedberg.com.

Breakfast Sponsors

Cybereason gives your company the upper hand by taking an entirely new approach to cybersecurity - EDR, next-gen antivirus, anti-ransomware, fileless malware protection, and security services, all powered by a purpose-built in-memory graph database. Gain unmatched visibility and collapse your security stack with Cybereason's cybersecurity data analytics platform. Learn more at cybereason.com.

Rapid7 powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.

Networking Break Sponsors

Cofense, formerly known as PhishMe®, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches.  Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise. For more information on Cofense solutions, please visit www.cofense.com.

Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more. We enable this digital transformation on a foundation and capability for cybersecurity with products and services that have security built in from the start. Our unique approach combines a comprehensive, agile platform together with unparalleled intelligence and strategic partnerships in order to better protect your endpoints, move faster to detect threats, and respond to security breaches across even the largest of organizations. www.microsoft.com

Event Sponsors

Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world's largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 411,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

CrowdStrike is the leader in cloud-delivered next-generation endpoint protection. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus, endpoint detection and response (EDR), and a 24/7 managed hunting service - all delivered via a single lightweight agent. The CrowdStrike Falcon™ platform, certified to replace legacy antivirus, has reinvented how endpoint security is delivered with its industry-leading, cloud native architecture.

CyberArk, the #1 provider of privileged access security, provides a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50% of the Fortune 100, to protect against external attackers and malicious insiders, and address audit and compliance requirements. CyberArk is the only public company 100% focused on privileged access security, delivering innovative solutions to stay one step ahead of attackers.

Splunk Inc. (NASDAQ: SPLK) turns machine data into answers. Organizations use market-leading Splunk solutions with machine learning to discover their "aha" moments with machine data and solve their security challenges, including risk mitigation, incident response and compliance. Use Splunk software in the cloud and on-premises to improve the detection of insider and advanced threats, fraud and ransomware. Join millions of passionate users by trying Splunk software for free: www.splunk.com/free-trials.

Veracode, now part of CA Technologies, enables the secure development and deployment of the software that powers the application economy. With its combination of automation, process and speed, CA Veracode becomes a seamless part of the software lifecycle, eliminating the friction that arises when security is detached from the development and deployment process. As a result, enterprises are able to fully realize the advantages of DevOps environments while ensuring secure code is synonymous with high-quality code. CA Veracode serves more than 1,600 customers worldwide across a wide range of industries. The CA Veracode Platform has assessed more than 6 trillion lines of code and helped companies fix more than 30 million security flaws.

Welcome Reception Sponsor

Your enterprise needs to move faster, but lack of process and legacy tools hold you back. The ServiceNow System of ActionTM replaces unstructured work patterns of the past with intelligent workflows of the future. ServiceNow's Security solutions are part of the System of Action. ServiceNow Security Operations bring incident data from security tools into a structured enterprise security response engine. Workflows, automation, and a deep connection with IT help prioritize and resolve real threats fast. ServiceNow Governance, Risk, and Compliance (GRC) drives unified GRC programs. It transforms processes by continuously monitoring, prioritizing, and automatically responding to real risks in real-time. Learn more: www.servicenow.com/sec-ops