CISO Executive Forum – Free Coffee and Lemon Cake Included

Top level security executives and CISOs gathered last month in San Francisco for the International Systems Security Association (ISSA) CISO Executive Forum. The quarterly forum, which was chaired by XYPRO’s Head of Security, Steve Tcherchian and UPS Director of Security and Risk Management Wayne Proctor, focused on “New Strategy and Technology Approaches for the CISO” and there was plenty to discuss on the topic.

The guest speakers for the exclusive event were a who’s who of Silicon Valley (and Seattle) industry big hitters including HP Chief Information Security Officer Brett Wahlin, the United States FBI, the always entertaining and controversial CSO of Cisco Systems – John Stewart and Starbucks CISO, Dave Estlick – free coffee and lemon cake tasting included.

Cyber-terrorism, insider threats, regulatory compliance, cloud, the internet of (every)thing and security intelligence were at the forefront of the dialogue.

In their respective sessions, HP’s Brett Wahlin and Cisco’s John Stewart discussed how intelligence plays a vital new role in how security is assessed in the enterprise. It’s estimated by the end of 2015, the planet will have generated more data in 1 year than it has in the past 5000 years combined. That includes all of last year. Think about that exponential growth.

With so much data being produced, HP’s Wahlin explained how it’s key to separate noise, which in some cases can be billions of events per day, from the actionable data.  This filtering must be done at levels never previously attempted before, with the machines needing to  learn behavioral patterns and then  present and sometimes act on that data in an intelligent manner.  You’re literally looking for a needle in a haystack while more hay is continuously being piled on top.  Wahlin also discussed how getting creative with data sources and having the means (technology and staff) to intelligently aggregate and correlate that data allows for detecting anomalies that you may not necessarily be looking for. The evolution of the traditional SIEM in a sense.

As has been the ongoing case for quite some time now, regulatory compliance and protecting customer data was still a hot button issue. Whether its card holder data under PCI regulations or other types of customer data, the strategy of how to protect that valuable data went on throughout the day. This included solutions for endpoint protection and data tokenization to reducing or completely neutralizing the data to which a thief could get access. But with so many different solutions in the enterprise and having to understand and support multiple platforms, the CISO’s job becomes increasingly difficult as we try to identify our sensitive data and prevent gaps.  An average enterprise can have upwards of 30 different security tools, most of which aren’t fully implemented (See our blog about Security on the Shelf) or if they are, provide overlapping functionality that the security staff didn’t necessarily understand. At the end of the day, it’s those gaps that can be exploited and that’s what keeps CISOs up at night.

In all, another valuable and successful face-to-face event by ISSA enabling CISOs from all industries to share information about their strategies, threats, and solutions in a candid, beneficial environment.

The next CISO Forum will take place in August in Las Vegas just ahead of the BlackHat Conference.  The forum is a highly motivated, highly strategic cybersecurity event tailored for senior level security executives to interact with their peers.  If you’re interested in becoming a member, please go to to review membership criteria and submit an application to join.

XYPRO’s Head of Security joins ISSA CISO Advisory Council

Steve Tcherchian, XYPRO Technology’s Head of Corporate Security, recently joined the ISSA CISO Advisory Council as a board member. Already a member of CISO Executive Forum, Steve now joins the board which is responsible for all aspects of the quarterly event including setting the content and theme about what’s important in cybersecurity, speakers and sponsors and overseeing partnerships for the forum.

The CISO Executive forum provides a venue for C level security executives to share concerns, successes and feedback in a peer only environment. The forum creates a unified voice to influence security industry vendors, standards and legislation.

“Joining a leadership position in ISSA not only shows XYPRO’s commitment to our customers’ security as well as our own security posture, but also allows XYPRO to give back to the community by contributing its 30+ years of experience in the security space” said Steve Tcherchian.

XYPRO Technology Corporation

Leave a Reply