ISSA-LA Security Summit XIII – CISO Forum

This is a Special Collaborative Event for CISOs, Directors of Information Security, and their Deputies

Join your Peers at the Beach on October 4, 2023! Annenberg Beach House in Santa Monica, CA.
Free Admission for qualified InfoSec and IT Leaders


The CISO Forum brings together leaders in Information Security within government and private industry for a day of collaboration, networking, and presentations by leading Information Security professionals. Hear the success stories, pitfalls, project planning approaches, and other experiences of your fellow CISOs. You will be better prepared to move forward on your initiatives after attending this Forum

There will be breakout round-table discussions on a variety of important topics with a special dynamic panel of CISOs and experts. A full description of all the talks is here:

Fireside chats and the lineup of distinguished speakers includes:

There Will Be Four RoundTable Discussion Groups

Select one of the four (4) discussion groups to join. We will reconvene and share all the major points from all the groups.

Thanks to our RoundTable Leaders

CISO at ServiceTitan

Phishing Tests: Relevant Training Tool or Employee Anxiety Trigger?

Are phishing testing campaigns still needed in an age where phishing-resistant technologies are broadly available? Do phishing campaigns serve as valuable educational tools for employees, or do they merely instigate anxiety with minimum training benefits? Alternatively, has AI made phishing attacks so difficult to detect to the extent that phishing training has become an absolute need?

Join me in this roundtable discussion as we delve into these critical issues, exploring what adaptations information security teams need to make in response to this new reality.

VP of Information Security Operations, Fox Corporation

MFA bypasses: Attackers are using them; how are you protecting your organization from them?

The promise of MFA was to outright prevent an attacker from using a stolen credential, but with social engineering, cookie theft, SIM swapping and relay attacks – we’re right back where we started.  This discussion is not only around the different technology stacks that can detect and/or thwart these attacks (e.g. WebAuthN/FIDO2), but also around the roadblocks and headaches involved with deploying such technology across an enterprise.

Zero Trust; Reasonable Trust; Practical Trust; Pick One

In an era marked by rising cyber threats, ‘Zero Trust’ emerges as a resilient security approach. This roundtable aims to unpack Zero Trust’s principles and its transformation from its origin to now, clarifying common misconceptions.  While Zero Trust promises enhanced security, it introduces technological hurdles, the demand for architectural shifts, and organizational culture changes. We’ll delve into the potential benefits it offers for improving cybersecurity measures and streamlining operations.  Lastly, we’ll discuss the future, considering the impact of emerging technologies like generative AI and quantum computing on Zero Trust. Do they strengthen or potentially weaken it? Join us for a discussion aimed at reasonable and practical ‘Zero Trust’.

Decoding Executive Order 14028 & NIST SP 800-218: Navigating the New Era of Cybersecurity Compliance

As part of the United States’ push to bolster national cybersecurity, Executive Order 14028 mandates federal agencies to secure their supply chains by requiring vendors to align with the NIST SP 800-218 Secure Software Development Framework. As the ripples of this order extend across the vendor ecosystem, companies find themselves grappling with the emerging challenges.Join us in this illuminating roundtable as we delve into:

  • The significance and ramifications of EO 14028 and NIST SP 800-218 for the broader industry.
  • Practical steps and strategies companies are employing to align with these directives.
  • The inherent complexities and obstacles in achieving compliance.
  • The potential shift in business dynamics and client interactions in the backdrop of these requirements.

If you’re part of the vendor community or a stakeholder in cybersecurity, understanding these evolutions is crucial. Let’s navigate these waters together.

The ISSA-LA Information Security Summit CISO Forum is scheduled for October 4, 2023. You are also invited to attend Summit XIII (following day) on Thursday, October 5.

Meet the Keynote Speakers:

  • Ira Winkler, Field CISO for CYE (pronounced Sigh) Security | former Chief Security Architect at Walmart | author of You Can Stop Stupid, Security Awareness for Dummies, and Advanced Persistent Security

Meet other notable Summit XIII speakers:

  • Aaron Turner, Founder, Hybridge Ventures | IANS Faculty
  • Debbie Christofferson, Security Consultant Principle, Sapphire-Security Services LLC
  • David Spark, Founder and executive producer of the CISO Series
  • Katie Curran, Security and Compliance Program Manager | Treasury Director for the ISSA LA Chapter
  • Jake Bernardes, VP, Security & IT at Whistic | Security Leader

Stay for the Private Reception under the stars and ignore the 405 traffic!

ISSA-LA, the founding Chapter of the Information Systems Security Association in 1982, is the premier catalyst and information source in Southern California for improving the practice of information security. The Chapter provides various training classes for information Security and IT professionals throughout the year and at the Summit. ISSA-LA has a CISO Forum that meets quarterly at various companies throughout Southern California. The chapter meets monthly and regularly collaborates with other IT and InfoSec organizations, having joint meetings with ISACA, OWASP, the Cloud Security Alliance, HTCIA, and the Association of IT Professionals.