CISO Chicago schedule

OPENING PANEL: Confessions of CISOs – Today’s Operational Reality
•    Insights into the unfiltered realities CISOs face as cyber risk, AI adoption, and regulatory scrutiny converge.
•    Exploring how security leaders are balancing innovation demands with shrinking tolerance for failure.
•    What CISOs wish boards understood about operational risk, talent constraints, and security debt.
George Coleman, Vice President, Chief Information Security Officer, ARIEL INVESTMENTS
Oscar J Giraldo, Assistant Vice President of Data Security, WATERTON
Tellis Williams, Chief Information Security Officer, THE DREAM EXCHANGE
Kathryn Mattie, Chief Information Officer, BRIGHTPOINT
Moderator: Chris Carter, Partner, Chief Information Security Officer Services, INFINATE PARTNERS 

•    What CISOs need to know about evolving AI regulation and executive accountability.
•    How to manage uncertainty when laws, standards, and expectations are still forming.
•    Insights from peers on engaging legal, risk, and compliance teams early.
Oscar J Giraldo, Assistant Vice President of Data Security, WATERTON
Mel Fenner, Chief Digital Innovation Officer, LINCOLN UNIVERSITY
Moderator: Nidhi Luthra, Global Chief Information Security Officer, BAXTER INTERNATIONAL (former)

Modern enterprises are no longer systems. They are ecosystems.

Every critical workflow now depends on a chain of external APIs, partner integrations, and event streams. Yet security models, tooling, and compliance frameworks still assume a world where boundaries are clear and systems are owned.

This mismatch has created an invisible attack surface. Not one defined by exposed ports or unpatched systems, but by implicit trust, fragmented standards, and a lack of shared visibility across dependencies.

In this session, we’ll explore how security breaks down in highly distributed, API-first environments and why traditional approaches fail to capture the real sources of risk. We’ll examine the compounding effects of credential sprawl, webhook-driven architectures, and third-party reliance, and how they introduce both security and operational vulnerabilities that are difficult to detect and even harder to control.
Finally, we’ll propose a shift in thinking: from securing systems to securing interactions, and from enforcing boundaries to managing trust across a network of dependencies. Because in today’s architecture, what you don’t control matters more than what you do.
Mike Koleno, Chief Technology Officer, BETTER TRUCKS

From vibe coding and autonomous agents to generative chatbots in everyday workflows, AI adoption is occurring at a pace that most security programs have not been able to realistically govern. Well-intentioned employees, misaligned agents, overly permissive access, and weak data controls are introducing new forms of risk, often without malicious intent. At the same time, adversaries are actively probing these gaps through indirect prompt injection and jailbreaking techniques. However, there's good news. More often than not, failures leave signals long before they become significant incidents. In this session, you'll learn how an AI security blueprint can help you identify emerging risk and align security controls to new and existing AI deployments, ensuring AI initiatives at every stage can realize their business value without security acting as a bottleneck. 
Marc Tabago - Senior Solutions Engineer, TRENDAI™

•    How to defend against AI-driven email threats that bypass traditional security controls 
•    Exploring how generative AI is reshaping phishing, BEC, and social engineering at scale 
•    Insights into why identity, not email, is now the true breach vector and what to do next 
Shelby Kiger, Cybersecurity Engineer, MCDONALD’S

•    Exploring accountability models when AI systems cause financial, legal, or reputational damage.
•    What boards and regulators will expect CISOs to answer after an AI-driven incident.
•    How to define ownership across security, data, legal, and product teams.
Mel Fenner, Chief Digital Innovation Officer, LINCOLN UNIVERSITY

•    Insights into which security investments are driving measurable risk reduction versus noise.
•    How to justify spend using business-aligned metrics instead of technical outputs.
•    What CISOs are deprioritizing to reduce tool sprawl and operational friction.
Kiran Rallabandi, Chief Technology Officer, WARRANTY PROCESSING 
Jeremiah Johnson, Associate Director of AV Collaboration, THE KRAFT HEINZ
James Knighton, Chief Information Security Officer, KNIGHTON REALTY
Moderator: Chris Carter, Partner, Chief Information Security Officer Services, INFINATE PARTNERS 

•    Insights into how public cyber incidents are reshaping board expectations.
•    How to proactively address reputational risk before an incident occurs.
•    What boards now expect CISOs to explain in the first 48 hours after a breach.
Anamika Roy, Director, IT Audit & Data Analytics, OLD REPUBLIC GENERAL INSURANCE (former)

•    Why Risk Communication Fails
•    Translating Risk into Business Impact
•    Practical Playbook that works
•    Driving Decision in Today’s Reality
Pal Vankayalapati, Chief Information Officer, PLZ CORP

•    Exploring how organizations are proving security and compliance across hybrid estates.
•    How to maintain resilience when visibility, controls, and ownership are fragmented.
•    What regulators and auditors increasingly expect to see.
•    How to inventory cryptographic dependencies and prepare for post-quantum migration across multi-cloud environments.
Abiola Olamoyegun, Vice President, Information Technology IA, PHEAA
Ross Esguerra, Director Cloud & Systems Engineering, HYATT HOTELS CORPORATION 
Flotentin Zlatea, Enterprise Architect Cyber Security & Risk Management, THE KRAFT HEINZ COMPANY
Moderator: Pal Vankayalapati, Chief Information Officer, PLZ CORP

In cybersecurity, every decision comes with trade-offs, and not all risks are created equal. In this high-energy, live debate, top security leaders face off to tackle some of the toughest “what-if” scenarios CISOs encounter daily, from ransomware vs. silent data breaches, to strict access controls vs. business agility, and everything in between.

Audiences will witness real-time arguments, expert insights, and a clash of perspectives as panelists defend their stance on difficult security dilemmas. Attendees will gain insights into:
•    A deeper understanding of the trade-offs behind major security decisions
•    Actionable frameworks for prioritizing risk in their own organizations
•    Fresh insights into how leading CISOs think under pressure

Expect surprises, audience polling, and lively debate, because in cybersecurity, sometimes there is no right answer… only what’s worse.

Moderator: Arpine Long, Deputy Chief Information Security Officer, COLLECTIVE HEALTH 
Karen Habercoss, Chief Information Security & Privacy Officer, UCHICAGO MEDICINE
Dave Gerleman, Board Member, INFRAGARD CHICAGO MEMBER ALLIANCE

•    Insights into why foundational TPRM controls are often undervalued and how reframing them drives stronger adoption.
•    How to design onboarding and ongoing monitoring practices that reduce third-party cyber risk before incidents occur.
•    Exploring peer collaboration as a catalyst for improving TPRM maturity and prevention strategies.
Josh Aubey, Chief Compliance & Privacy Officer, WELLBE SENIOR MEDICAL
Brandin Brooks, Senior Credentialing Specialist, WELLBE SENIOR MEDICAL

KEYNOTE: Rewriting Leadership:  Leading Humans and Machines Together

As artificial intelligence reshapes how organizations operate, compete, and innovate, leadership itself is undergoing a fundamental rewrite. No longer confined to managing people and processes, today’s leaders must orchestrate dynamic ecosystems where humans and intelligent machines collaborate, learn, and make decisions together.

This keynote explores what it truly means to lead in a world where algorithms influence strategy, automation drives execution, and data becomes a core leadership asset. It challenges traditional management models and introduces a new leadership paradigm - one that blends human judgment, ethical responsibility, and emotional intelligence with the speed, scale, and precision of AI systems.
Attendees will gain practical insights into building high-performing hybrid teams, fostering trust between humans and AI, and navigating the complex risks surrounding cybersecurity, bias, and governance. The session will also examine how leaders can create cultures that embrace continuous learning, adaptability, and responsible innovation while maintaining accountability in increasingly autonomous environments.
Designed for forward-thinking executives and decision-makers, this keynote will equip leaders with the mindset and strategies needed to thrive at the intersection of human potential and machine intelligence - where the future of leadership is not just managed, but co-created.

Jigar Shah, Chief Information Security Officer, MEDUSIND