21st Century CISO: mission intolerable?

11th e-Crime & Cybersecurity Mid-Year Summit
October 17th, 2019, London, UK

Re-imagining the CISO
Is the current paradigm unsustainable? What must change and why?

 

Digital transformation is the key to business success. Cybersecurity is the key to digitalisation. There is a huge shortage of skilled cybersecurity professionals. So there has never been a better time to be a CISO... right?

Maybe not. 

As companies claim to recognise the strategic importance of cybersecurity, they have been piling ever more responsibility onto CISOs and their teams, but rarely increasing resources commensurately.

The CISO can now be any or all of: project manager, policy maker, compliance officer, designer of procedures, in-depth technologist and expert on everything from threat intelligence to DNS hacks, RFPer and POCer, incident response manager, SOC manager... the list goes on.

On top of all that, CISOs are increasingly expected to be able to interact with boards and provide assurance to clients, shareholders and other key stakeholders.

This is not a viable or reasonable job description, and it goes some way to explaining why so many CISOs are changing companies, joining vendors, becoming consultants, or even getting out of cybersecurity completely. CISO burnout is now a trending conversation.

If the job of the CISO has become an unwieldy, inadequately resourced aggregation of everything cyber, then not only is it impossible to do it well, but it reflects a much broader failure on the part of organisations to structure their information security, privacy and compliance efforts sensibly.

Making the CISO's job sustainable is not just about budget and board access. Digital transformation is rapidly overwhelming most companies' ability to deliver reasonable levels of security at an acceptable price.

Does the ever-growing list of CISO responsibilities indicate that companies need to re-engineer both the role and the activities it oversees? 

How much cybersecurity can realistically be carried out on-premises and what does that imply for teams and technologies?

And what are the resources and strategies that can contribute to a better outcome?

The 11th e-Crime & Cybersecurity Congress Mid-Year Summit will look at the fundamental issues which underlie CISO overload. There will be real-life case studies, strategic talks and technical break-out sessions from the security and privacy teams behind some of the world's most forward-thinking companies, with their solutions to the current problems in cybersecurity.

  • Let's talk about CISO overload

    • Why are security professionals under so much pressure - and does it matter?
    • Are businesses really committed to good security?
    • Is the fundamental security paradigm flawed?
  • Cybersecurity: someone else's problem?

    • What does best practice outsourcing look like?
    • What can you outsource and what should be kept in-house?
    • What are the implications of MSSPs and MDRs for costs, staff and security?
  • Cloud: not such a fluffy topic

    • We're going to the Cloud, so resilience is key
    • Identifying Cloud usage and exposure
    • Governing and monitoring Cloud access
    • Is a CASB right for you?
  • The people problem

    • Taking responsibility at the top
    • Is there a talent gap and if so, where is it?
    • Technologists vs. operational risk specialists
    • Is lack of diversity holding back security?
  • AI: much ado about nothing, or the only solution?

    • The CISO's workload is getting out of control, and budget is always an issue. Is automation the answer to reducing workload and building cost-effective security?
    • AI is extraordinarily complex and is still a work in progress, generally reserved for those with the deepest pockets. Can AI (and the more attainable statistical models) really deliver for cybersecurity?
    • Passive, static solutions are increasingly vulnerable in a world of adaptive malware and attackers developing AI-based threats. Can AI and predictive modelling help build solutions that bite back?
  • Consolidating the security stack

    • Integrated solutions versus best of breed
    • CISOs and the procurement process
    • Projects not products, reality not utopia
    • Re-thinking the vendor/CISO relationship
  • Joining up fraud, security and privacy

    • Fraud is the flipside of security and privacy but is often siloed away from them. Why?
    • AI and behavioural analysis in fraud detection
    • Solving key problems in fraud compliance

Who attends

Job titles

Global Manager, Service Continuity
CISO
Head of Payments
Global IS Manager
Head of Digital Risk
Group I.T. Audit Manager
Global Security Supervisor
Head of Penetration Testing
Chief of Cybercrime Section
CISO, Head of Information Security
Global Head I.T. Governance
Head of ISAG
Global Fraud Risk Controller
Head of Global I.T. Security
Head of Data Protection
CISO
Head of I.T. Security Risk Management
Global IS Risk Manager
Global Head of IT Security
Head of Information Security Risk
CISO, Head of Digital Security & Risk
Group Finance & Compliance Director
Chief Security Officer
Chief Information Officer
Head of Cybercrime Unit
Head of Cyber Threat Intelligence
Head of Internal Audit
Head of I.T. Security
Chief Information Security Officer
Group I.S. Manager
Chief Executive
Head of Emergency Response
Head of I.T. Security
Director Of Information Security
Chief Information Security Officer
CISO
Head of Operational Risk Management
Group Data Security Manager
Head of Information Security
CIO
Head of Specialist Crime
Director of Security
Head of Informantion Security Risk
Head of Cyber & Investigations
Chief Information Security Officer
Head of Group I.T.
Head of Information Security
Global Head of Fraud Investigations
Chief Information Security Officer
Global Security Manager
Group CISO
Chief Information Security Officer
Director Global Investigations
Head of Policy & Performance
Head of Information Security
Global Head of Cyber Intelligence
Head of Information Security
Director Cybercrimes
Head of Payments & Fraud
Director of Risk & Compliance
Head of Information Security
Head of I.T. Security Operations
Group Information Security Manager
Head of Operational Security
Head of Payment & Financial Crime
Chief Information Security Officer
Head of Internal Audit
Head of Information Security
Head of IT Risk & Control
Director Enterprise Technology
Head of Business Controls
Director
Director of Security
Head of Cybercrime Investigations
Head of I.T. Security
Director, Global Security
Group I.T. Security Officer
Head of I.T.
Head of Risk & Resilience
Director Group Risk Management
Head of Investigations
Head of Customer Security
Chief Technology Risk Officer
Group Fraud Manager
CISO
Chief, Cyber Crimes
Chief Risk Officer
Head of Business Risk
Group IT Security Analyst
CIO Risk Manager
Group Infrastructure Manager
Head of Operations & Infrastructure
Head of Technical Support
Head Cybersecurity Operations
Head of Fraud Oversight
Director, Technical Investigations
Director
Global I.T. Security & Compliance
Director, Information Security

Companies

Trafigura
GE Capital
Babcock International Group
Scotia Gas Networks
Telefónica O2
Bank of America Merrill Lynch
ING
Catella Bank
Channel 4
H&M
BP
John Lewis Partnership
Royal Canadian Mounted Police
Experian
Jordan Cyber Crime Project
Zamir Telecom
John Wiley & Sons
Halma
Zurich Financial Services
Security Service of Ukraine
HSBC
British Medical Association
Romanian Directorate
TUI Travel
Markit
Western Union
Pennant International Group
TSL Education
Liverpool Victoria
The Finance Practice
Camelot Group
Capital One
Noble Group
HSBC
Dixons Carphone
Halma
Ghana International Bank
British American Tobacco
First Rate Exchange Services
Unum Provident
Santander
Rexam
Matalan
John Lewis Partnership
Home Retail Group
Allen & Overy LLP
ITV
Virgin Money
Spamhaus
Rank Group
EveryMatrix
Shop Direct
Sky
QVC
Lloyds Banking Group
General Motors Corporation
Tullett Prebon
Atcore Technology
Aviva
CIFAS
Premier Oil
HSBC
Rothschild
HSBC
Liverpool Victoria
Permanent TSB
Auto Trader
Public Health England
Selfridges
NBC Universal
Office of Civil Nuclear Security
UBM
Citigroup
SABMiller
Legal & General
Post Office
JD Sports
CERT-UK
Eurostar
Mayer Brown LLP
Swiss Re
UBS
Open University
The Bank of Tokyo - Mitsubishi UFJ
Dixons Carphone
Post Office
JustGiving
Bank of America Merrill Lynch
FIA Pakistan
Norgren
GE Capital
Unipart Group
Heathrow
Inmarsat
Modern Times Group
Ocado
Capital One

Industries

Banking
Industrial Engineering
Industrial Engineering
Oil/Gas
Telecommunications
Banking
Banking
Banking
Media
Retail
Oil/Gas
Retail
National Law Enforcement
Banking
National Law Enforcement
Telecommunications
Retail
Electronic/Electrical Equipment
Insurance
Central Government
Banking
Healthcare
National Law Enforcement
Travel/Leisure/Hospitality
Media
Banking
Aerospace/Defence
Media
Insurance
Banking
Casinos/Gaming
Banking
Mining/Metals
Banking
Retail
Electronic/Electrical Equipment
Banking
Food/Beverage/Tobacco
Banking
Insurance
Banking
Household/Personal Products
Retail
Retail
Retail
Legal
Media
Banking
Charity
Casinos/Gaming
Software
Retail
Media
Retail
Banking
Automobiles/Parts
Banking
Banking
Central Government
Insurance
Central Government
Oil/Gas
Banking
Banking
Banking
Insurance
Banking
Media
Central Government
Retail
Media
Central Government
Healthcare Services
Banking
Food/Beverage/Tobacco
Insurance
Transportation/Shipping
Retail
National CERT
Transportation/Shipping
Legal
Insurance
Banking
Education
Banking
Retail
Transportation/Shipping
Charity
Banking
National Law Enforcement
Industrial Engineering
Industrial Engineering
Regional Law Enforcement
Transportation/Shipping
Transportation/Shipping
Telecommunications
Media
Transportation/Shipping
Banking


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0844 415 6752
 

Directions:
Please click here