Register Now
August 5-10, 2023
Mandalay Bay / Las Vegas
+ Virtual

Black Hat CISO Summit

Tuesday, August 8, 2023

Four Seasons, Las Vegas, NV

The Black Hat CISO Summit is an approval-only event during Black Hat USA which brings together top security executives from global corporations and government agencies for a full day of unique discussions. Offered the day before the main Black Hat USA Briefings sessions, the CISO Summit is intended to give CISOs and other InfoSec executives leading-edge insight into the latest security trends, technologies, and enterprise best practices.

* The CISO Summit is currently at capacity *

Registration is now waitlisted. Submission of an application does not guarantee entry. You will be contacted as space becomes available. Final notifications will be sent on or about August 1, 2023.

At Capacity
$1,095 Registration
Closed
 

Attendee guidelines are located within the application form. The cost to attend is $1,095.

*Please note: In order to create an open and candid environment that promotes the sharing of ideas and discussion, the CISO Summit will follow Chatham House Rule; neither media nor event coverage is permitted. This program was designed for executive security practitioners; solution providers and vendor attendees are limited to event sponsors.

Agenda

Monday, August 7

5:00 - 7:00 PM CISO Summit Welcome Reception

Tuesday, August 8

8:00 – 9:00 AM Networking Breakfast
9:00 – 9:10 AM Welcome and Introductions
  • Jeff Moss, Founder, Black Hat + DEF CON

    Mr. Moss advises companies on security issues, both, electronic and physical, as well as speaking globally on the topic. He sits on several advisory boards helping enterprises make informed decisions on cyber risks.

    In April 2011 Mr. Moss was appointed as the Chief Security Officer for the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit whose responsibilities include coordinating and ensuring the security, stability and resiliency of the Internet's unique global identifiers as well as maintaining the root zone of the Internet. This position involved managing the IT security of the ICANN networks and information systems, the physical security of ICANN facilities and meetings, and ensuring that ICANN meets its security and resiliency commitments to the multi stake holder community that oversees ICANN. This position involved extensive international travel and coordination with governments, law enforcement, and operational security communities in support of discussions around Internet Governance and security. Mr. Moss left this position at the end of 2013.

    Moss is the founder and creator of both the Black Hat Briefings and DEF CON, two of the most influential information security conferences in the world, attracting over ten thousand people from around the world to learn the latest in security technology from those researchers who create it. DEF CON just had its 21st anniversary.

    Prior to creating Black Hat Briefings, Jeff was a director at Secure Computing Corporation where he helped establish their Professional Services Department in the United States, Asia, and Australia. His primary work was security assessments of large multi-national corporations. Jeff has also worked for Ernst & Young, LLP in their Information System Security division. Because of this unique background Jeff is uniquely qualified with his ability to bridge the gap between the underground researcher community and law enforcement, between the worlds of pure research and the responsible application of disclosure.

    Jeff is currently a member of the U.S. Department of Homeland Security Advisory Council (HSAC), providing advice and recommendations to the Secretary of the Department of Homeland Security on matters related to homeland security. Jeff is a life member of the Council on Foreign Relations, which is an independent, nonpartisan membership organization, think tank, and publisher.

    In 2013, Jeff was appointed as a Nonresident Senior Fellow at the Atlantic Council, associated with the Cyber Statecraft Initiative, within the Brent Scowcroft Center on International Security.

    In 2014, Jeff joined the Georgetown University School of Law School Cybersecurity Advisory Committee.

    Jeff is active in the World Economic Forum, and recently became a member of the Cyber Security Global Agenda Council for 2014-2016.

    ICSA President's Award for Public Service, 2011.

  • Steve Wylie, Vice President, Cybersecurity Market Group at Informa Tech
  • Jeremiah Grossman, MC

    Jeremiah Grossman is one of the most-experienced and accomplished experts operating within the internet security realm. He is a specialist at finding network weaknesses and backdoors in order to allow companies to fix them before they’re exploited—or what he calls, a “good hacker.” Jeremiah is currently the Chief of Security Strategy at SentinelOne, a former information security officer at Yahoo!, and the founder of WhiteHat Security, which today boasts one of the largest professional “hacking armies” on the planet. With a career that spans nearly 20 years, Jeremiah has lived a literal lifetime in computer security and has become one of the industry’s biggest names. Coding since he was eight years old, Jeremiah proudly counts breaking software and hardware as “hobbies” and has been publicly thanked by global corporations including Microsoft, Mozilla, Google, Facebook and others for privately informing them of weaknesses in their systems—a polite way of saying, “hacking them.” He grips audiences with his stories of hacking some of the biggest corporations working today and discusses the current threats to secure systems globally, including hacktivists, cyber criminals, and nation states. Jeremiah also shares what businesses need to know to protect themselves now and moving forward as cyber crime businesses using ever-evolving tactics such as ransomware, malware, and economic warfare develop.

    Jeremiah began coding at eight and was a network administrator by the time he was 12. At the age of 18, he created a Yahoo! account, hacked into it, and sent instructions on how to do so to Yahoo!’s IT department; he was subsequently offered a job by the tech titan at the age of 18. Jeremiah worked for Yahoo! for several years, managing security for a portfolio of 600 websites in 42 countries with 120 million users. He also worked alongside eBay, Amazon, and even the FBI when the first major DDoS attack occurred in 2000. After leaving Yahoo!, Jeremiah founded WhiteHat, where he worked for 15 years, steadily growing the company until he was ultimately managing a network of 1,000 customers and 30,000 websites.
9:10 – 9:40 AM

Tales from the Breach

  • Jason Haddix

    Jason Haddix currently serves as the CISO at BuddoBot where he leads all efforts in cyber security. Previously, Jason worked at Ubisoft where his group protected over 22,000 employees worldwide with a vast scope. In previous roles Jason was Director of Penetration Testing at HP, leading all efforts on matters of information security consulting. Jason has also served as a Director of Operations and VP of Trust and Security at Bugcrowd, leading teams of highly technical Application Security Engineers and Technical Operations staff. While leading teams for the past 11 years, Jason is also a world renowned security engineer and hacker, participating in the bug bounty scene and releasing methodologies and tools for ethical hackers.
9:40 – 10:10 AM

Building Real Offensive Security Teams - Lessons Learned

You’ve allocated a couple million dollars to building or improving your Offensive Security team. This talk is about how to get the most value as quickly as you can but also how not to kill the soul or your team in the process. We will cover; when you should have an Offensive Security Team, potential makeup and responsibilities, suggestions on where the team should sit in the organization and metric among other things. But most importantly, I’ll share things you should ask from your Offensive Security Lead and things you should expect them to ask of YOU.

  • Chris Gates

    Chris Gates has been in I.T. for 20 years and breaking things professionally for over 15 years via Network & Web Application Penetration Testing, Red Teaming & Adversarial Simulation. These days Chris spends most of his time focusing on building a great offensive security team and leading with an open heart as Sr. Manager for Robinhood’s Offensive SecurityTeam.
10:10 - 10:30 AM Networking Break
10:30 – 11:00 AM

CISO Success in the Board Room

  • Richard Seiersen

    Richard Seiersen is the Chief Risk Officer for Resilience – a cyber focused InsurTech. Prior to Resilience Richard was the co-founder of Soluble, a cloud-native security company sold to Lacework.com (2021). He is a former Chief Information Security Officer (CISO) for GE Healthcare, Twilio, and LendingClub. He is also consulting faculty with IANS helping CISO and their teams on strategy, risk quantification, and board presentations. Richard has also authored two books: How To Measure Anything In Cybersecurity Risk (with Doug Hubbard) and The Metrics Manifesto: Confronting Security With Data. Richard's first book is curriculum for the Department of Defence (DoD) CISO program at Carnegie Mellon and has been curriculum for the Society of Actuaries Exam Prep and several graduate programs at universities such as Harvard, Brown, Berkeley, and others.
11:00 – 11:30 AM

Personal Privacy & Security for CISOs

  • Caleb Sima

    Caleb Sima served as the Chief Security Officer at Robinhood where he built the team thru IPO and served as a public company executive. Prior to Robinhood he was VP of Information Security at Databricks a leading data analytics and machine learning company where he has built the security team from the ground up. Previously he was a Managing VP at CapitalOne, where he spearheaded many of their security initiatives. Prior to CapitalOne, Caleb founded SPI Dynamics and BlueBox security, which were acquired by HP and Lookout. He is attributed as one of the pioneers of application security and holds multiple patents in the space and is also the author of Web Hacking Exposed. He serves as an advisor, investor, and board member for security companies.
11:30 AM – 12:00 PM

Using Data to Prioritize Cybersecurity Investments

  • Scott Stransky

    Scott Stransky is Managing Director and Head of the Marsh McLennan Cyber Risk Intelligence Center. The Center launched in 2021 to provide cyber modeling, thought leadership, and cyber analytics guidance across Marsh McLennan. Previously, he led the Cyber Modeling group at extreme event modeling firm AIR Worldwide (part of Verisk Analytics). Under his leadership and guidance, the team sourced and cleansed detailed cyber security, incident, and claims data, and combined it with advanced machine learning algorithms, stochastic modeling techniques, and Monte Carlo simulations, providing the insurance industry with a robust suite of models to manage their cyber insurance portfolios. He is a recognized speaker across North America and Europe on the topics of cyber insurance risk and catastrophe modeling, having been invited to speak at numerous conferences sponsored by Advisen, NetDiligence, IUA of London, RAA, CPCU Society, AM Best, Lloyd's, and others, in addition to engaging directly with clients. He was voted by his industry peers to be the 2023 Cyber Risk Industry Person of the Year in the Actuary/Modeler category. Mr. Stransky earned a bachelor’s degree in Mathematics with Computer Science from MIT and a master’s degree in Atmospheric Science from MIT.
12:00 - 1:30 PM Lunch
1:30 – 2:00 PM

AI vs. Software, Society, and Security Programs

  • Daniel Miessler

    Daniel Miessler is a recognized cybersecurity expert and writer with 20 years in Information Security. His experience ranges from technical assessment and implementation to executive-level advisory services consulting, to building and running industry-leading security programs.
2:00 – 2:30 PM

Cyber Preparedness - Future Conflicts Will Include Non-Military

  • Rich Baich

    Joseph “Rich” Baich serves as CIA’s Chief Information Security Officer (CISO) and Director of the Office of Cyber Security (OCS). Mr. Baich brings with him a wealth of technical leadership experience and cybersecurity expertise, including his most recent role as American Insurance Group’s (AIG) Global Chief Information Security Officer. At AIG, he was responsible for developing, implementing, and operating an information security strategy to address global cyber risks. Previously, Mr. Baich was the CISO for Wells Fargo and a principal at Deloitte. His prior government experience includes retiring as an Information Warfare Officer in the US Navy for NSA and serving as Special Assistant to the Deputy Director for the National Infrastructure Protection Center at the FBI. As a member of our Digital C-Suite, he partners with the Chief Information Officer and Chief Data Officer to further integrate our approaches to cybersecurity, enterprise information technology, and data management. Mr. Baich holds an MBA and a Master of Science in Financial Management from the University of Maryland University College, a Bachelor of Science from the United States Naval Academy, and is a graduate of the Joint Forces Staff College and Naval War College. During his military service, he qualified not only in surface warfare, but in various technical fields, including space, cryptology, and information warfare, all while maintaining numerous security industry certifications. He is the author of Winning as a CISO, a leadership sourcebook for security executives. In 2021, Mr. Baich was honored as one of the top 100 CISOs by CISO Connect and was selected by the Executive Women’s Forum (EWF) to receive their inaugural 2021 EWF Catalyst award. The EWF Catalyst Award was presented to five outstanding male executives that have been exemplary in their engagement, commitment, and support of gender equality.
2:30 – 3:00 PM

Cyber Security Economics

  • Fernando Montenegro

    Fernando Montenegro is a Senior Principal Analyst on Omdia’s cybersecurity research team, based in Toronto, Canada. He focuses on the Infrastructure Security Intelligence Service, which provides vendors, service providers, and enterprise clients with insights and data on network security, content security, and more.

    Fernando’s experience in enterprise security environments includes network security, security architecture, cloud security, endpoint security, content security, and antifraud. He has a deep interest in the economic aspects of cybersecurity and is a regular speaker at industry events.

    Before joining Omdia in 2021, Fernando was an industry analyst with 451 Research. He previously held a variety of operations, consulting, and sales engineering roles over his 25+ years in cybersecurity, always focusing on enterprise security at organizations including vArmour, RSA, Crossbeam, Hewlett Packard, and Nutec/Terra. Fernando holds a Bachelor of Science in computer science and different industry certifications.
3:00 – 3:20 PM Networking Break
3:20 – 4:00 PM

How Institutional Investors Evaluate Your Vendors

  • Roger Thornton

    Roger Thornton is a driving force behind hundreds of technology products and services that have formed and grown companies across a range of industries. As a founder and CTO, his visionary product and technology leadership helped create cybersecurity industry leaders Fortify Software and AlienVault. As an investor, mentor and board member he has helped multiple generations of entrepreneurs build more than 15 successful cybersecurity companies. In his General Partner role at Ballistic, Roger taps into over 30 years of experience and counsels future generations of cybersecurity founders who are focused on building great products as a foundation for great companies.

  • Bill Ryckman

    Bill Ryckman has a computer science background and a quarter century of experience analyzing, advising and investing in companies in the Aerospace and Defense industry, Mr. Ryckman decided in 2013 to dedicate himself to serving the cyber security mission exclusively.

  • Chenxi Wang

    Chenxi Wang is an experienced technology executive with deep cybersecurity expertise. Board of Director for MDU Resources, a Fortune 500 company, serving on Audit and ESG Committee. Founder and General Partner of Rain Capital, a Cyber-focused venture fund. Chenxi has held senior tech strategy roles in large companies (Intel Security). She has led Go-to-market operations and product strategy in booming Silicon Valley startups (Twistlock, Ciphercloud). Chenxi is also an advocate for diversity & inclusion, and founder of the Forte Group, a 5013(C) organization to advance women's careers in Cyber. Previously Chenxi was a computer engineering professor at Carnegie Mellon University. She holds a Ph.D. in Computer Science.

  • Justine Bone, Moderator

    Justine Bone is an experienced leader and board advisor serving the healthcare, defense, and financial sectors. Her areas of expertise include hacking, risk management, cybersecurity communications, and strategy development for technology companies. She serves as a member of HP Inc.’s Security Advisory Board, the Review Board of Blackhat, as a faculty member of IANS and is the co-founder of several cybersecurity companies. Justine also previously led as CISO of Bloomberg and Dow Jones. Her training was as a computer hacker and security analyst for the USA’s NSA and New Zealand’s GCSB. In addition to technology, Justine credits her creative interests to her international background and early career as a classical ballet dancer.
4:00 – 4:30 PM

Your Threat Model is Too Narrow: A Broader Look at Supply Chain Ecosystem Attacks

  • Mike Hanley

    Mike Hanley is the Chief Security Officer and SVP of Engineering at GitHub. Prior to GitHub, Mike was the Vice President of Security at Duo Security, where he built and led the security research, development, and operations functions. After Duo’s acquisition by Cisco for $2.35 billion in 2018, Mike led the transformation of Cisco’s cloud security framework and later served as CISO for the company. Mike also spent several years at CERT/CC as a Senior Member of the Technical Staff and security researcher focused on applied R&D programs for the US Department of Defense and the Intelligence Community. When he’s not talking about security at GitHub, Mike can be found enjoying Ann Arbor, MI with his wife and eight kids.
4:30 – 4:55 PM

CISO Liability – Lessons Learned

  • Joe Sullivan

    Joe Sullivan has worked at the intersection of government, technology, and security since the Internet went mainstream. He’s dedicated his career to helping to make the online world a safer place for everyone, where businesses and people can thrive without risk.

    He was the government employee who in 1995 was able to convince the Department of Justice to let him run a direct Internet cable into the office, where he used the connection to research global politics related to claims for political asylum in the United States. In 1997 , the DOJ gave him special technical training and computer equipment and invited him to join the Computer and Telecommunications Crime Coordinator program. He eventually became 100% focused on technology-related crimes, received national recognition from the DOJ for outstanding service as a federal prosecutor, and worked on many first-of-their-kind cybercrime cases, including supporting the digital aspects of the 9/11 investigation.

    Joe thought he would spend his whole career with the government but was recruited to eBay in 2002 to build out their eCrime team, and since then has been working at the forefront of cybercrime investigations to build large teams that have fought hard to protect consumers from digital harm. While the governments of the world struggled to be proactive in preventing internet crime, Joe took jobs at companies at the forefront of the Internet, where the companies needed to invest in building out their defenses to try to prevent harm from happening in the first place. At eBay and PayPal between 2002 and 2008, those efforts were focused on protecting people who used those services from financial harm. At Facebook between 2008 and 2015 he prioritized child safety, at a time when children were joining social networks and parents were struggling to keep up. At Uber he focused on protecting riders and drivers from physical world dangers, as technology revolutionized transportation. From early 2018 through late 2022, Joe was part of the team at Cloudflare, prioritizing both building out the team protecting the customers of the company and the privacy and security tools that are given away for free for everyone to use online.

    Even though he left government service in 2002, he’s never stopped actively supporting government efforts to promote safety online for everyone. He’s testified before the US Congress twice, been a commissioner on the National Action Alliance for Suicide Prevention, a board member on the National Cyber Security Alliance, a many-time opening plenary speaker at the Dallas Crimes Against Children Conference, a participant in a White House anti-online-bullying effort, an advisor to the Department of Homeland Security, and accepted an appointment from President Obama to his Commission on Enhancing National Cybersecurity.

    Joe is currently the CEO of a nonprofit named Ukraine Friends where he focuses on providing humanitarian aid to the people of Ukraine. He also advises several startups and mentors security leaders.
4:55 - 5:00 PM Closing Remarks
5:00 – 6:00 PM Cocktail Reception

Advisory Board

Justine Bone

Justine Bone

×

CEO

MedSec

Justine Bone is an experienced leader and board advisor serving the healthcare, defense, and financial sectors. Her areas of expertise include hacking, risk management, cybersecurity communications, and strategy development for technology companies. She serves as a member of HP Inc.’s Security Advisory Board, the Review Board of Blackhat, as a faculty member of IANS and is the co-founder of several cybersecurity companies. Justine also previously led as CISO of Bloomberg and Dow Jones. Her training was as a computer hacker and security analyst for the USA’s NSA and New Zealand’s GCSB. In addition to technology, Justine credits her creative interests to her international background and early career as a classical ballet dancer.

Trey Ford

Trey Ford

×

Deputy CISO

Vista Consulting Group

Trey Ford is a strategic advisor to enterprise leaders and corporate directors. Today Trey serves as Executive Director of Cyber Security in Vista Equity Partners’ Consulting Group. With twenty years focused on the offensive, defensive, and programmatic leadership aspects of security, he is well grounded in public cloud, abuse, application, network, and platform security.

Previously Trey was CISO of the Heroku platform at Salesforce, General Manager of Black Hat, held strategic advisory and global consulting roles, and still apologizes for time served as an auditor.

Jeremiah Grossman

Jeremiah Grossman

×

Black Hat Review Board; Founder & CEO of Bit Discovery, Chief of Security Strategy (SentinelOne), Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, and Founder of WhiteHat Security

Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. He has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for his security research. Jeremiah has written hundreds of articles and white papers. As an industry veteran, he has been featured in hundreds of media outlets around the world. Jeremiah has been a guest speaker on six continents at hundreds of events including and many top universities. All of this was after Jeremiah served as an information security officer at Yahoo!

Robert Hansen

Robert Hansen

×

Black Hat Review Board

CTO, Bit Discovery

Robert Hansen became the CTO of Bit Discovery after his company OutsideIntel was acquired. Mr. Hansen has worked for Digital Island, Exodus Communications and Cable & Wireless beginning as a Sr. Security Architect and eventually leading managed security services product management. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-malware and anti-virus. Later he was the VP of Labs for Whitehat Security. Robert currently sits on the technical advisory board of and contributes to the security strategy of several startup companies as a virtual CISO and Innovation Officer. Mr. Hansen ran the web application security lab at ha.ckers.org, and authored/co-authored several books.

Allison Miller

Allison Miller

×

CISO and VP of Trust

Reddit

Allison Miller is the CISO (Chief Information Security Officer) and VP of Trust at Reddit, where she leads teams tasked with protecting Reddit's customers and systems. Miller is an industry expert and innovator, having spent the past 20 years scaling teams and technology that protect people and platforms, and pioneering the development of real-time risk prevention and detection systems running at internet-scale. She has also led major initiatives to engineer the defenses for core payment and e-commerce systems and technologies that protect consumers from online threats, having held technical and leadership roles at Bank of America, Google, Electronic Arts, Tagged/MeetMe, PayPal/eBay, and Visa International. Miller speaks internationally on security, fraud and risk and has held board roles with the Center for Cyber Safety and Education, ISC2, SIRA, and Keypoint Credit Union.

Wendy Nather

Wendy Nather

×

Advisory CISO team lead, Cisco

Wendy Nather leads the Advisory CISO team at Cisco. She was previously the Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS) and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the advisory board for Sightline Security. She is a Senior Fellow at the Atlantic Council’s Cyber Statecraft Initiative, as well as a Senior Cybersecurity Fellow at the Robert Strauss Center for International Security and Law at the University of Texas at Austin.

Caleb Sima

Caleb Sima

×

CSO | CEO | Founder

Caleb Sima served as the Chief Security Officer at Robinhood where he built the team thru IPO and served as a public company executive. Prior to Robinhood he was VP of Information Security at Databricks a leading data analytics and machine learning company where he has built the security team from the ground up. Previously he was a Managing VP at CapitalOne, where he spearheaded many of their security initiatives. Prior to CapitalOne, Caleb founded SPI Dynamics and BlueBox security, which were acquired by HP and Lookout. He is attributed as one of the pioneers of application security and holds multiple patents in the space and is also the author of Web Hacking Exposed. He serves as an advisor, investor, and board member for security companies.

Alex Stamos

Alex Stamos

×

Black Hat Review Board; Adjunct Professor, CISAC Fellow, and Hoover Visiting Scholar, Stanford University

Alex Stamos is an Adjunct Professor, CISAC Fellow, and Hoover Visiting Scholar at Stanford University. Alex is the former Chief Security Officer at Facebook, where he led a team of people around the world focused on ensuring the safety of the billions of people who use Facebook and its family of services. Before joining Facebook, Alex served as the CISO of Yahoo and is widely recognized for revitalizing Yahoo's security program with innovative technology and products. Prior to Yahoo, he was the co-founder of iSEC Partners and founder of Artemis Internet. Alex is a noted expert in global scale infrastructure, designing trustworthy systems, and mobile security. Alex holds a bachelor's degree in Electrical Engineering and Computer Science from the University of California, Berkeley.

Saša Zdjelar

Saša Zdjelar

×

Chief Trust Officer (CTrO), ReversingLabs

Operating Partner, Crosspoint Capital

Saša Zdjelaris is the Chief Trust Officer (CTrO) at ReversingLabs and Operating Partner at Crosspoint Capital with ~20 years of Fortune 10 global executive leadership experience. His CTrO scope includes leadership, oversight and governance of the CISO/CSO function, including product security, as well as partnering with other leaders on corporate and product strategy, strategic partnerships and research, and customer and technology advisory boards, including sponsoring the ReversingLabs CISO Council. Prior to ReversingLabs and Crosspoint Capital, Saša served as the Senior Vice President of Security at Salesforce, where he led a global organization encompassing enterprise security, product security, offensive security, security engineering/automation, bug bounty programs, technical product/program/project management, and mergers & acquisitions. He also played a crucial role as the executive sponsor for strategic corporate security initiatives, such as Zero Trust.

Prior to his tenure at Salesforce, Saša spent nearly two decades at ExxonMobil, holding various positions focusing on strategy, enterprise security & architecture, software engineering, ERP systems design/integration, program and product management, planning & stewardship, compute and hosting platforms, and digital/cyber resilience.

Saša is an active participant and founding member of several CISO leadership communities. He is also a member of the Forbes Technology Council, Member of the Board at the National Technology Security Coalition, a Fellow at the Cyber Readiness Institute (CRI), a member of the Black Hat CISO Summit Advisory Board and Black Hat Content Review Board, and engages in organizations such as Infragard, ISACA, and ISSA. His insights have been published in various industry publications, and he has spoken at numerous industry conferences and universities.

Saša holds a Bachelor's degree in Management and a Master's degree in Decision Science from the University of Florida.

Sponsors

Welcome Reception - Monday, Aug 7 | 5 PM – 7 PM (Exclusive)

Qualys is a pioneer and leading provider of cloud-based security and compliance solutions that help organizations streamline and consolidate their security and compliance solutions and build security into digital transformation. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously across global IT assets.

Premium Sponsors

Gurucul is a global cyber security company changing the way organizations protect their most valuable assets from insider & external threats on-premises and in the cloud. Gurucul's real-time Unified Security and Risk Analytics Platform provides Analytics-Driven SIEM, UEBA, XDR, Risk-Driven SOAR, Identity Analytics, and Fraud Analytics.

Saryu Nayyar

Saryu Nayyar

×

CEO & Founder

Saryu Nayyar is an internationally recognized cybersecurity expert, author, speaker and member of the Forbes Technology Council. She has more than 15 years of experience in the information security, identity and access management, IT risk and compliance, and security risk management sectors. She was named EY Entrepreneurial Winning Women in 2017. She has held leadership roles in security products and services strategy at Oracle, Simeio, Sun Microsystems, Vaau (acquired by Sun) and Disney. Saryu also spent several years in senior positions at the technology security and risk management practice of Ernst & Young. She is passionate about building disruptive technologies and has several patents pending for behavior analytics, anomaly detection and dynamic risk scoring inventions.

Craig Cooper

Craig Cooper

×

Chief Operating Officer

Craig Cooper has served in several information security and risk management roles including CISO for a Fortune 500 Financial Services organization. While in this role, Craig defined and implemented an ISO standards-based Information Security program. Craig has led, developed, and delivered multiple Identity and Access Management Strategies and Roadmaps for several organizations. Craig has written for several trade magazines and has been a speaker with Burton Catalyst, Gartner, and ISSA.

Bobby Wescott

Bobby Wescott

×

VP Sales

Bobby spent the last 20+ years in the cyber security market. He was one of the founding members of Q1 Labs, in the early stages of the Log Management and SIEM business. He built sales and channels at the Company before it was acquired by IBM. He went on to build out enterprise sales and the federal business at LogRhythm, before their acquisition by Thoma Bravo. From there he was the first CRO at the GRC SaaS software firm, LockPath, building global sales and channels leading to a successful acquisition by Navex Global. Then, he joined RSA to run global sales ] selling advanced security operations center software, until the acquisition of RSA/EMC by Dell. He was also VP of Sales at MDR/XDR firms Cyderes and Proficio. The past 5 years he spent as a VP of Sales with OneSpan and One Identity/OneLogin.

Qualys is a pioneer and leading provider of cloud-based security and compliance solutions that help organizations streamline and consolidate their security and compliance solutions and build security into digital transformation. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously across global IT assets.

Sumedh Thakar

Sumedh Thakar

×

President and CEO

Qualys

As CEO, Sumedh leads the company’s vision and strategic direction. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. Since 2014, he has served as Chief Product Officer at Qualys, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.

Pinkesh Shah

Pinkesh Shah

×

Chief Product Officer

Qualys

As Chief Product Officer of Qualys, Pinkesh has global responsibility for all Product Management, Product & UX Design, Product Marketing, Demand Generation, Branding, Analyst Relations, and other Marketing functions. An entrepreneurial product leader, Pinkesh brings more than 18 years of experience in building and launching category-defining technology products designed to deliver delight. Pinkesh has deep cybersecurity expertise and has led product, engineering, and marketing teams at companies including McAfee, BeyondTrust, Exabeam, netIQ, IBM, among others.

Jonathan Trull

Jonathan Trull

×

CISO

Qualys

Jonathan is the Chief Information Security Officer and Senior Vice President for Security Solution Architecture at Qualys. He has more than 20 years of experience in the cybersecurity industry, and his career spans operational CISO and infosec roles with the State of Colorado, Qualys, Optiv, and Microsoft. At Microsoft, Jonathan led the Detection and Response Team (DART), whose members responded to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks.

Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with IANS. He is also an adjunct faculty member at Carnegie Mellon University, where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as Black Hat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA.

Foundation Sponsors

CrowdStrike is redefining security for the cloud era with an endpoint and workload protection platform built from the ground up to stop breaches. With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value.

George Kurtz

George Kurtz

×

President, CEO and co-founder

CrowdStrike

George Kurtz is the President, CEO and co-founder of CrowdStrike, a leading provider of next-generation endpoint protection, threat intelligence, and services. Mr. Kurtz is an internationally recognized security expert, author, entrepreneur, and speaker. He has more than 30 years of experience in the security space, including extensive experience driving revenue growth and scaling organizations across the globe. His entrepreneurial background and ability to commercialize nascent technologies have enabled him to drive innovation to market throughout his career. His prior roles at McAfee, a $2.5 billion security company, include Worldwide Chief Technology Officer and GM as well as EVP of Enterprise.

Prior to joining McAfee, Mr. Kurtz started Foundstone in October 1999 as the founder and CEO responsible for recruiting the other founding team members. Foundstone, a worldwide security products and services company, had one of the leading incident response practices in the industry, and was acquired by McAfee in October of 2004.

Michael Sentonas

Michael Sentonas

×

President

CrowdStrike

Michael Sentonas is responsible for CrowdStrike’s product and go-to-market functions, including its sales, marketing, product & engineering, threat intelligence, privacy & policy, corporate development, corporate strategy and CTO teams. A 20-plus year cybersecurity veteran, Sentonas is an active public authority on security issues and the evolving threat landscape, and is regularly featured as a speaker at key industry events, an expert source in the media, and a trusted advisor to governments and company boards, alike.

He is highly-sought after to provide insights into security issues and solutions by the media including television, technology trade publications and technology centric websites. Michael has spoken around the world at numerous sales conferences, customer and non-customer conferences and contributes to various government and industry associations’ initiatives on security. Michael holds a bachelor’s degree in computer science from Edith Cowan University, Western Australia and has an Australian Government security clearance.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 75 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

John C. Checco

John C. Checco

×

Leader, CISO Advisory Board on Financial Services

Proofpoint

John C. Checco is an information security professional providing subject matter expertise across various industries. He currently resides as leader for the CISO Advisory Board on Financial Services for Proofpoint, and President Emeritus of InfraGard's NY Metro Chapter and President of ISSA's NY Metro Chapter.

Blake P. Sallé

Blake P. Sallé

×

Chief Revenue Officer

Proofpoint

Proofpoint Leadership Page
www.proofpoint.com/us/leadership-team

Blake P. Sallé is the Chief Revenue Officer at Proofpoint, where he leads the company’s global customer-facing and go-to-market functions. With nearly 30 years of experience, Mr. Sallé has a strong background in building strategic sales, customer success, routes to market, and field operations initiatives that drive momentum, growth, and revenue across international markets.

Before joining Proofpoint in 2017, he served as President of Kony, the leading provider of enterprise mobility solutions. Mr. Sallé has also held senior leadership positions at some of the most recognized and innovative organizations in technology and healthcare such as Cisco, VCE, VMware, EMC, Johnson & Johnson, DXC, PTC, and an Andreessen Horowitz-backed start-up acquired by RSA. Mr. Sallé holds a bachelor’s degree from the University of Texas at Austin.

LinkedIn:
www.linkedin.com/in/blakesalle

Blake Sallé is an esteemed tech executive with experience building strategic initiatives to drive momentum, growth, and revenue across global markets. With nearly 30 years of experience, Blake has formed an impressive resume, having held senior sales executive positions with some of the most recognized and innovative organizations in technology and healthcare, including Cisco, VCE, VMware, EMC, DXC, PTC, and Johnson & Johnson.

Today, Blake oversees all customer-facing and go-to-market functions as Chief Revenue Officer of Proofpoint, a leading cybersecurity and compliance company. Before this role, he was Proofpoint’s EVP, Worldwide Sales and previously led their Americas sales organization. Under Blake’s leadership, his team of 1,500 security sales professionals across 23 countries supports organizations of all sizes, including more than 80 percent of the Fortune 1,000, in mitigating their most critical cyber risks across email, cloud, social media, and the web.

ReliaQuest, the force-multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud-native security operations platform, GreyMatter. ReliaQuest GreyMatter is built on an XDR architecture and delivered as a service anywhere in the world, any time of the day, by bringing together telemetry from tools and applications across cloud, on-premises, and hybrid cloud architectures.

Hundreds of the world’s most trusted brands team up with ReliaQuest to enable them to extend detection and response across cloud, endpoint, and network infrastructures, leveraging relevant data from both security and business applications. ReliaQuest is a privately held technology unicorn headquartered in the U.S. with multiple global locations. For more information, visit www.reliaquest.com

Rick Holland

Rick Holland

×

ReliaQuest

Rick is an experienced cybersecurity leader with a background as a practitioner, CISO, and Forrester Research analyst. Rick runs the Threat Research team, ReliaQuest’s threat intelligence team. He also supports ReliaQuest's Office of the CISO. Rick is also a US Army Intelligence veteran and co-chairs the SANS Cyber Threat Intelligence Summit. Rick is a graduate of the University of Texas at Dallas.

Jason Pfeiffer

Jason Pfeiffer

×

Chief Strategy Officer

ReliaQuest

Jason Pfeiffer, Chief Strategy Officer for ReliaQuest, is responsible for strategic initiatives across the organization, ensuring alignment with the company’s vision and market needs. Jason is one of the industry’s leading cybersecurity professionals, specializing in incident response, security operations, security architecture and risk assessment. He has spent his career building and leading world-class information security programs for global businesses, including Lockheed Martin and PwC. Jason earned an B.S in Management Information Systems (MIS) from the University of Central Florida (UCF) and a M.S. in Technology Management from Rensselaer Polytechnic Institute (RPI).

Breakfast Sponsors

Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world. For more, visit Axonius.com.

Sophos delivers superior cybersecurity outcomes by providing cybersecurity as a service to protect companies of all sizes from the most advanced cyberthreats. Our cybersecurity products and services include managed detection and response (MDR), firewall, email, endpoint (XDR), and cloud native security protection. Sophos products and services defend against ransomware, phishing, malware, and more. They connect through the cloud-based Sophos Central management console and are powered by Sophos X-Ops, our cross-domain threat intelligence unit. We provide fully managed security solutions so you can manage your cybersecurity directly with our security operations platform. Or, you can supplement your in-house team with Sophos' products and services.

www.sophos.com

Networking Break Sponsors

Check Point is a leading provider of cyber security solutions globally, protecting customers from 5th generation attacks with an industry leading catch rate of malware, ransomware and other types of attacks. We offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention, which defends enterprises’ cloud, network and mobile device held information. www.checkpoint.com

Immersive Labs is the leader in people-centric cyber resilience. We help organizations continuously assess, build, and prove their cyber workforce resilience for teams across the entire organization, from front-line cybersecurity and development teams to Board-level executives. We provide realistic simulations and hands-on cybersecurity labs to evaluate individual and team capabilities and decision-making against the latest threats.

Organizations can now prove their cyber resilience by measuring their readiness compared to industry benchmarks, building team capabilities, and demonstrating risk reduction and compliance with data-backed evidence.

Immersive Labs is trusted by the world’s largest organizations and governments, including Citi, Pfizer, Daimler, Humana, T. Rowe Price, and the UK National Health Service. We are backed by Goldman Sachs Asset Management, Summit Partners, Insight Partners, Citi Ventures, and Menlo Ventures.

Learn more: www.immersivelabs.com

Event Sponsors

CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on Privileged Access Management, CyberArk provides the most comprehensive security solutions for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads, and throughout DevOps pipelines. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit www.cyberark.com

Cybereason ends Malicious Operations (MalOps). As defenders, our battle will never be won by chasing alerts. Instead we must be able to identify, pinpoint, and respond to the MalOp with unquestionable precision. While every other security solution is alert-centric, Cybereason is operation-centric. We empower defenders to instantly visualize MalOps from root cause to every affected endpoint with real-time, multi-stage displays of all attack details. This gives you the power to end attacks with a single click, across not just your endpoints, but your enterprise, to everywhere. www.cybereason.com

Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization’s cloud and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at www.lacework.com.

Powered by Runtime Insights, Sysdig stops threats instantly and reduces vulnerabilities by up to 95%. We created Falco, the open standard for cloud threat detection, and apply Runtime Insights to help you focus on the vulnerabilities and threats that matter most. Prevent, detect, and respond at cloud speed with Sysdig. www.sysdig.com

Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Learn more at tenable.com.

We’re reinventing cloud security from the inside out. Led by an experienced and visionary team, we are on a mission to help organizations create secure cloud environments that accelerate their businesses. By creating a normalizing layer between cloud environments, our platform enables organizations to rapidly identify and remove critical risks. www.wiz.io

Sponsored Executive Dinner - Monday, Aug 7 | 7:30 PM – 9:30 PM (Exclusive)

ServiceNow makes work, work better for people. Our cloud based platform and solutions deliver digital experiences that help people do their best work. Now, security, risk, and IT teams can identify and prioritize security incidents, vulnerabilities, and enterprise risks quickly, and respond faster using digital workflows, automation, and orchestration.

Sponsored Executive Dinner - Tuesday, Aug 8 | 6:30 PM – 8:30 PM (Exclusive)

SentinelOne (NYSE:S) is pioneering autonomous cybersecurity to prevent, detect, and respond to cyber attacks at faster speed, greater scale, and higher accuracy than human-powered technology alone. The Singularity Platform empowers enterprises to achieve greater visibility of their dynamic attack surfaces, including endpoints, cloud workloads, containers, identity, and mobile & network-connected devices, and take action in real time with AI-powered automation and cross-platform correlation. Over 10,000 customers, including 4 of the Fortune 10, hundreds of the Global 2000, prominent governments, healthcare providers, and educational institutions, trust SentinelOne to bring their defenses into the future, gaining more capability with less complexity. www.sentinelone.com

Become a Sponsor

Continuing Professional Education (CPEs)

Those who are certified through ISC2 can earn 5.5 Continuing Professional Education (CPE) credits for attending the CISO Summit.

Black Hat does not maintain records of earned CPE credits. However, we will report your credits to ISC2 on your behalf after the event. Please provide your ISC2 member number when registering for the event.

For questions about credits for CISO attendees, e-mail cisosummit@blackhat.com.

ISC2