Monday, May 1

1:30pm – 6:00pm Registration Open
3:00pm – 4:30pm CSO50 Winner Presentations
4:30pm – 5:30pm CSO50 Interactive Workshop
5:30pm – 6:30pm Networking Reception

Tuesday, May 2

8:00am – 5:30pm Registration Open
9:00am – 12:00pm CSO50 Winner Presentations
12:00pm – 1:30pm Lunch
1:30pm – 5:00pm CSO50 Winner Presentations
5:00pm – 6:00pm Networking Reception

Wednesday, May 3

8:00am – 7:00pm Registration Open
9:00am – 12:00pm CSO50 Winner Presentations
12:00pm – 1:30pm Lunch
1:30pm – 5:30pm CSO50 Winner Presentations
7:00pm – 7:30pm CSO50 Awards Cocktail Reception
7:30pm – 9:30pm CSO50 Awards Dinner & Ceremony

Conference Sessions

CSO is pleased to announce that the following sessions will be presented by award-winning organizations at our CSO50 Conference + Awards.  We continue to add newly confirmed sessions to this page, so please revisit for updates.


Improving Safety and Security Through Improved Awareness

Bob Eichler, Director of Information Security, Cancer Treatment Centers of America
Cancer Treatment Centers of America (CTCA) is a national network of five hospitals dedicated to serving cancer patients — an environment where safety, security and privacy are high priorities.  Unfortunately, ransomware has recently taken its toll on healthcare organizations resulting in catastrophic events.  To address this and more, CTCA launched a new framework to create a highly reliable culture for the safety of all patients and employees.  Join us to learn how this campaign originated, was assembled, and how its positively enhancing safety and security throughout the organization.

Finding Operational Efficiencies with Data Loss Prevention

Swatantr Pal, Senior Manager, Global Information Security, Genpact
With 75,000 employees serving one-fifth of the Fortune Global 500, Genpact is a leader in business process management and services.  After realizing rapid company growth, the organization realized its data loss prevention efforts were experiencing too many false positives and not enough good reporting to senior management.  Join us to learn how they targeted and tuned their policies and procedures — including a preventative pop-up box that greets users before sending sensitive information — to improve their overall security posture.

Improving Security Awareness with Novel Approaches

Andrew Roberts, Director, IT Compliance and Risk Management, Grand Canyon University
Experiencing rapid growth over recent years, Grand Canyon University found the need to take a novel approach to security awareness.  The objective was to improve their employees’ ability to treat suspicious emails, phone calls, and websites with an appropriate level of skepticism.  Join us to learn how their new approaches reduced in-person training to only 15 minutes in total, and was enhanced with brief, regular communications designed to engage, entertain and encourage employees to take the desired actions — including shortened time to reporting.

Strengthening the Cyber Security Posture of a Large Healthcare Network

Rob Collins, CISO, Indian Health Service
Indian Health Service (IHS) is an agency within the United States Department of Health and Human Services responsible for providing federal health services to approximately 2.2 million American Indians and Alaska Natives.  IHS discovered that its information security program had become stagnant and unable to perform at the operational level needed to effectively secure a large healthcare network spanning over 679 hospitals, clinics, and health stations across 38 states and 567 sovereign nations.  Join us to learn how they’ve turned all of this around by establishing a world-class cybersecurity program to support a vast healthcare network.

Deploying a Security Awareness Program for 43,000 Employees Around the World

Victoria Thomas, Information Security Awareness Leader, Kimberly-Clark Corporation
Kimberly-Clark Corporation faced a tall order to create an effective security awareness program.  To take this on, the organization created and deployed a global, corporate-wide initiative designed to to strengthen the human firewall and increase workers’ understanding of information security principles.  Join us to find out how it leverages best practices from the National Institute of Standards and Technology (NIST) and educates users on keeping information safe both at work and at home.

Building an Effective Identity Life-Cycle Management System

Arun DeSouza, Chief Information Security and Privacy Officer, Nexteer Automotive Corporation
With manufacturing and engineering facilities around the world, Nexteer Automotive is a leader in advanced steering and driveline systems for the automotive industry.  Formed by a divestiture, the company faced a carved out Active Directory structure ill-suited to meet Nexteer’s identity management needs.  With this in mind, the organization sought to build an effective identity life-cycle management system that would minimize risk of intellectual property loss, lower the risk of a data breach, strengthen enterprise security, facilitate compliance with privacy regulations, and build automated unified on-boarding and off-boarding processes.  Join us to learn how they put it all together.

Creating Visibility to Reduce Fraud and Deny Cybercriminals

Chris Pierson, EVP, Chief Security Officer and General Counsel, Viewpost
Viewpost helps companies control cash flow by enabling them to exchange electronic invoices and payments on Viewpost’s secure business network — so knowing who their good customers are versus those who are cybercriminals is critical to Viewpost’s fraud prevention.  To reduce fraud, Viewpost’s security, fraud, and financial crimes teams worked together to uniquely code and develop software that analyzes all customers based on their risk, financial crime status, and relationships with other companies.  Ultimately, this new tool displays the individuals they want to watch, take off the platform, or allow to continue transacting business.  Join us to learn how this has reduced the risk of fraud, met the compliance expectations of their banking partners, and denied the platform to companies and individuals who might use the platform for illegal purposes.