Monday, May 1

1:30pm – 6:00pm Registration Open
3:00pm – 4:30pm CSO50 Winner Presentations
4:30pm – 5:30pm CSO50 Interactive Workshop
5:30pm – 6:30pm Networking Reception

Tuesday, May 2

8:00am – 5:30pm Registration Open
9:00am – 12:00pm CSO50 Winner Presentations
12:00pm – 1:30pm Lunch
1:30pm – 5:00pm CSO50 Winner Presentations
5:00pm – 6:00pm Networking Reception

Wednesday, May 3

8:00am – 7:00pm Registration Open
9:00am – 12:00pm CSO50 Winner Presentations
12:00pm – 1:30pm Lunch
1:30pm – 5:30pm CSO50 Winner Presentations
7:00pm – 7:30pm CSO50 Awards Cocktail Reception
7:30pm – 9:30pm CSO50 Awards Dinner & Ceremony

Conference Sessions

CSO is pleased to announce that the following sessions will be presented by award-winning organizations at our CSO50 Conference + Awards.  We continue to add newly confirmed sessions to this page, so please revisit for updates.


Improving Situational Awareness to Address Rapidly Evolving Cyber Threats

DJ Goldsworthy, Director, Security Operations and Threat Management, Threat and Vulnerability Management, Aflac
A Fortune 500 company serving 50 million customers worldwide, Aflac encountered a significant increase in the volume, velocity and spectrum of significant new security threats, now including ransomware. To address this, the company created a custom threat intelligence system capable of consuming large amounts of threat data, and leveraging the data to protect the business environment and inform security decisions. Join us to learn how they developed a system to: rapidly incorporate threat intelligence from industry sources, partners, government and private sector; observe patterns and behaviors from existing infrastructure; and self-calibrate and adapt to evolving threats.

Improving and Automating File Transfer Governance with Business Partners

Jerry Fink, Director, Information Security, Blue Cross and Blue Shield of North Carolina
Operating in a highly regulated industry, Blue Cross and Blue Shield of North Carolina (BCBSNC) needs to share data with many business and trading partners.  Like most companies, BCBSNC developed governance processes on the intake side of new file transfers, but lacked the same level of controls to ensure the transfers were decommissioned when no longer needed.  Join us to learn how their Managed File Transfers (MFT) Recertification project resulted in solution to recertify existing transfers in a sustainable, automated model that leveraged existing processes and technology used for certifying user access.

Leveraging RFID and the Internet of Things for Secure Document Management

Michael Hoffman, BNY Mellon
On behalf of several financial institutions, BNY Mellon is the designated custodian for about 100 million physical home loan documents.  Documents under custody require management throughout the term of the loan, and BNY Mellon’s previous process had weak tracking capabilities and a manual audit procedure for the documents.  Join us to learn how their Smart Docs Cyber Custodian – using RFID tags that enable document tracking throughout BNY Mellon and electronic access by clients — ensures files are transferred quickly and accessible when needed.

Improving Safety and Security Through Improved Awareness

Bob Eichler, Director of Information Security, Cancer Treatment Centers of America

Cancer Treatment Centers of America® (CTCA) is a national network of five hospitals dedicated to serving cancer patients in an environment where safety, security and privacy are high priorities. In response to the rising number of catastrophic events caused by ransomware at various healthcare organizations across the country, CTCA launched a new education framework to create a highly reliable culture that protects the safety of all patients and employees. Join us to learn about the initiation and execution of this campaign and how it is positively enhancing safety and security throughout the organization.

Modernizing Security for Critical Infrastructure

Mike Makowka, Security Principal, Information Systems, Flowserve Corporation
Flowserve manufactures and services fluid motion control systems for some of the world’s most critical applications.  Since physical or cyber attacks on their client organizations could be catastrophic, Flowserve found itself needing to modernize its security posture to address future threats and protect heavily regulated client production facilities.  Join us to understand how they increased their ability to identify threats, reduced the time required to identify them, simplified management and reduced administration costs.

Finding Operational Efficiencies with Data Loss Prevention

Swatantr Pal, Senior Manager, Global Information Security, Genpact
With 75,000 employees serving one-fifth of the Fortune Global 500, Genpact is a leader in business process management and services.  After realizing rapid company growth, the organization realized its data loss prevention efforts were experiencing too many false positives and not enough good reporting to senior management.  Join us to learn how they targeted and tuned their policies and procedures — including a preventative pop-up box that greets users before sending sensitive information — to improve their overall security posture.

Improving Security Awareness with Novel Approaches

Andrew Roberts, Director, IT Compliance and Risk Management, Grand Canyon University
Like many other organizations, Grand Canyon University found the results of their security awareness program to be lacking.  Rather than putting additional resources into more of the same, they redesigned the objectives of their program and then took a fresh approach to achieving their new set of goals.  Join us to learn how their new approach reduced in-person training to only 15 minutes in total enhanced with brief, regular communications designed to engage, entertain, and encourage employees to take the desired actions.  The results: engaged employees, fewer help desk calls, and reduced costs.

Strengthening the Cyber Security Posture of a Large Healthcare Network

Rob Collins, CISO, Indian Health Service
Indian Health Service (IHS) is an agency within the United States Department of Health and Human Services responsible for providing federal health services to approximately 2.2 million American Indians and Alaska Natives.  IHS discovered that its information security program had become stagnant and unable to perform at the operational level needed to effectively secure a large healthcare network spanning over 679 hospitals, clinics, and health stations across 38 states and 567 sovereign nations.  Join us to learn how they’ve turned all of this around by establishing a world-class cybersecurity program to support a vast healthcare network.

Deploying a Security Awareness Program for 43,000 Employees Around the World

Victoria Thomas, Information Security Awareness Leader, Kimberly-Clark Corporation
Kimberly-Clark Corporation faced a tall order to create an effective security awareness program.  To take this on, the organization created and deployed a global, corporate-wide initiative designed to to strengthen the human firewall and increase workers’ understanding of information security principles.  Join us to find out how it leverages best practices from the National Institute of Standards and Technology (NIST) and educates users on keeping information safe both at work and at home.

Developing a Modern and Comprehensive Cyber Security Awareness Program

Mike Stewart, Director, Information Security Awareness and Education, Monsanto Company
As a Fortune 500 company, Monsanto’s goal is to empower farmers to produce more from their land while conserving natural resources like water and energy.  With an eye on protecting their digital assets, Monsanto recognized that, as technical security controls improve, human vulnerabilities are becoming the fastest growing method of threat for corporations across the globe.  Join us to understand how Monsanto’s Information Security Office (ISO) set out on an aggressive plan to develop a comprehensive cyber security awareness program — while simultaneously revamping all security policies to address specific risks related to today’s rapidly changing security landscape.

Building an Effective Identity Life-Cycle Management System

Arun DeSouza, Chief Information Security and Privacy Officer, Nexteer Automotive Corporation
With manufacturing and engineering facilities around the world, Nexteer Automotive is a leader in advanced steering and driveline systems for the automotive industry.  Formed by a divestiture, the company faced a carved out Active Directory structure ill-suited to meet Nexteer’s identity management needs.  With this in mind, the organization sought to build an effective federated identity life-cycle management system to strengthen enterprise security and privacy. The key business drivers included minimizing risk of intellectual property loss, securing access to cloud applications, lowering the risk of a data breach and automating talent on-boarding and off-boarding processes.  Join us to learn how they put it all together.

Minimizing Insider Threats Through Behavior Analytics and Machine Learning

Jennifer Darwin, Director, Identity and Access Management, Sallie Mae
Offering a variety of solutions that help students pay for their college education, Sallie Mae strives to ensure their customers and workforce members’ sensitive data is not at risk. Since traditional approaches to security can’t detect attacks by malicious insiders (or outsiders impersonating insiders), Sallie Mae took a new approach combining user behavior, data analytics and predictive anomaly detection to increase awareness of potential threats. Join us to understand how they now use user behavior and asset analytics to gain better visibility and security breach prevention.

Protecting Critical Infrastructure Statewide

Michael Roling, CISO, State of Missouri, Office of Administration
The State of Missouri’s Office of Cyber Security (OCS) launched a program to identify vulnerable, Internet connected systems belonging not to just state and local governments, but also to businesses, utilities, and academic institutions across the State of Missouri. The overall goal of the program is to identify the most vulnerable, high risk systems that if left insecure, could lead to disruptions within its critical infrastructure or significant data loss of citizen, student, and customer data.  Join us to learn how this new program allows them to identify vulnerable systems, contact the owners of impacted systems, and shows risk reduction over time.

Protecting Consumer Information with Sensors Located Around the World

Jasper Ossentjuk, CISO, TransUnion
TransUnion is one the world’s leading business intelligence providers, maintaining one of the largest collections of consumer information.  To protect their data, the organization created the TransUnion Enterprise Security Ratings Platform (SRP) that gathers terabytes of data from security sensors around the world and provides insight to indicators of compromise, infected machines, improper configuration, poor security hygiene and harmful user behavior.  The data is analyzed to determine the severity, frequency and duration of incidents and then mapped to known networks, resulting in an overall security rating for each selected organization.  Join us to see how the ratings provide intelligence and insight into each organization’s security posture on an ongoing basis and are used in TransUnion’s third party security program, self-assessment exercises, security benchmarking (competitive and internal) and mergers and acquisition activities.

Engaging White Hats to Protect Core Financial Assets

Ben Holley, Application Security Engineer, United Airlines
Managing the hundreds of millions of frequent flier miles across more than 93 million Mileage Plus member accounts is no small task, and United Airlines has to protect this critical data and assets from ambitious criminals intent upon stealing miles that have cash value.  With a commitment to ensuring the reliability of their critical infrastructure and confidentiality of customer data, United Airlines built a multilayered cyber security program in which their unique “Bug Bounty” program is the most visible.  Join us to learn how United has successfully engaged the global security researcher community of creative white hat hackers to validate the secure configuration of their primary web properties.

Creating Visibility to Reduce Fraud and Deny Cybercriminals

Chris Pierson, EVP, Chief Security Officer and General Counsel, Viewpost
Viewpost helps companies invoice and make payments to their trading partners by enabling them to send electronic invoices and payments on Viewpost’s secure business network — so knowing who their good customers are versus those who are cybercriminals is critical to Viewpost’s fraud prevention.  To reduce fraud, Viewpost’s security, fraud, and financial crimes teams worked together to uniquely code and develop software that analyzes all customers based on their risk, financial crime status, and relationships with other companies.  Ultimately, this new tool displays the individuals they want to watch, take off the platform, or allow to continue transacting business.  Join us to learn how this has reduced the risk of fraud, met the compliance expectations of their banking partners, and denied the platform to companies and individuals who might use the platform for other purposes.