The Mayflower Hotel, Autograph Collection
Washington, D.C.

Northeast IT & Security Leaders Forum 2023

The SINC Northeast IT & Security Leaders Forum brings together top leaders for three days of engagement geared specifically towards our IT executives.

Forum speakers and presentations will focus on topics most directly impacting attendee resource challenges, which will in turn drive regional industry growth. Executives and service providers alike will engage through one-on-one engagements and open-discussion group meetings, all while creating valuable networking and community-building opportunities to foster regional development.


The Mayflower Hotel, Autograph Collection

The Mayflower Hotel is a capital classic, a landmark hotel and Washington, D.C. original since 1925. Exactly like nothing else, the Mayflower Hotel brings timeless elegance, integrity and contemporary style to its role as the city’s past and present-day social hub – for business or for pleasure. As Harry S. Truman said – it is “Washington’s second-best address”.

Forum Agenda

Agenda may be subject to change. Check back regularly for Updates.

2:00 PM - 5:00 PM EST

Get familiar with SINC Staff and the event layout. Secure your complimentary Swag Bag and learn how to use the Onsite Application for Peer Engagement and win great prizes!

5:30 PM - 7:00 PM EST

Engage your Peers over canapes and cocktails

7:00 PM - 9:00 PM EST

Open seating buffet meal serving 5-star food and great Peer engagement before Day 1 kick’s off

7:00 AM - 7:55 AM EST

Full breakfast and lots of coffee available!

8:00 AM - 8:05 AM EST

A Thank You from SINC – setting the tone for a great day!

8:05 - 8:55 AM EST
KEYNOTE PRESENTATION - Exposing Adversarial Conversations

The latest snapshot of your network traffic logs may look innocent enough, but hidden within your common ports and protocols are the movements of a cybercriminal who has secretly breached your systems and is now trying to expand its foothold within your virtual walls in multi-cloud environments.

It’s this east-west infiltration that turns what could be just a relatively minor breach into a damaging data exfiltration incident or a full-scale ransomware attack. That’s why reducing attacker dwell time, curbing lateral movement and detecting advanced threats are essential components to any network security strategy, whether you operate largely on premises, in private clouds or multi-cloud architectures.

Gain key insights and strategies related to the defense against post-breach lateral movement:

  • Research, statistical analysis and threat reports that underscore the threat that lateral movement represents
  • Key metrics, strategies and solutions for detecting post-exploitation east-west movement, including behavioral analysis and identifying threat signatures
  • A Guide To Detecting & Restricting Lateral Movement

Speaker: Chad Skipper, Global Security Technologist, VMware

Presented by: VMware

9:00 - 9:30 AM EST
PRESENTATION - Drive the Needed Alignment Between Your Organizational Vision, Strategy, Execution, and Outcomes

Are your technology plans and resources fully aligned to your strategy, and are you achieving the expected outcomes? We will review the end-to-end strategy execution lifecycle, and we will discuss key aspects of how organizations truly connect vision to strategy, portfolio plans, execution, and outcomes. We will examine recommended practices and the pitfalls organizations face when developing and translating their strategy into actionable and successful plans. Finally, we will review the three critical pillars of adaptive strategy execution and discuss the related obstacles most organizations face.

Speaker: Morten Sorensen, VP System IT Portfolio Management Office, Federal Reserve System

9:40 - 10:10 AM EST
WORKSHOP 1 - How Organizations Can End the Era of Security Control Failure

Imagine a World Cup qualifying team that made it to the first match but had failed to prepare for its opponents. Stepping out on the pitch, the opposing team would run circles around them. This is the story in cybersecurity today. The impact of a lack of continuous security control validation is that security programs fail and breaches occur constantly. Only by testing controls against known threats can teams generate the data they need to understand performance, tune-up, and improve effectiveness.

In this talk, Jose will cover how the research team discovered that EDR controls in AttackIQ’s customer environments only stopped top adversary techniques 39 percent of the time, and outline recommendations for how to improve cybersecurity program performance at scale.

In their analysis, the AttackIQ Adversary Research Team selected real-world adversary techniques from MITRE ATT&CK under the following criteria, including: (1) they needed to be common techniques (not edge cases); (2) they needed to have had pronounced historical impacts, including in recent Russian operations in Ukraine; and (3) most importantly, the EDR solution providers needed to consistently block these key techniques in AttackIQ’s lab environment. The goal in selecting these techniques was to find a sweet spot for realistic and popular techniques that could be prevented by recommended security configurations but are not currently being prevented most of the time in customer environments.

Attendees will leave the talk with a deeper understanding of why advanced cyberdefenses fail against threats and how organizations can use automated testing and the MITRE ATT&CK framework to improve their overall security program performance

Speaker: Jonathan Reiber, Vice President for Cybersecurity Strategy and Policy, AttackIQ

Presented by: AttackIQ

9:40 - 10:10 AM EST
WORKSHOP 2 - Bridging the Gap Between Tech and Business Leadership to Enable Innovation and Transformation

How do you create alignment between Tech and Business Leaders in your organization to develop a digital transformation strategy that includes analytics modernization, cloud migration, or data democratization to enable innovation and transformation in your organization? In this session, Steve discusses why, despite the strategic and competitive advantages of a data-centric approach, it may take a lot of effort to get others to see that it is the right thing to do for the corporation.

  • Understand the perceived gap between business, leadership, and IT.
  • Discover methods to become business-centric in your approach to IT.
  • Evaluate case studies where companies have benefited from taking a different approach to communicating value.
  • Learn from others’ mistakes and successes in the best ways to work with business and IT

Speaker: Steve Sarsfield, Director of Product Marketing, Vertica

Presented by: Vertica

10:10 - 10:25 AM EST

Circle back with your Peers on the content so far while grabbing a coffee and a snack

10:30 - 11:00 AM EST
WORKSHOP 1 - Shift-Left, Shield Right: The Role of Real-Time CWPP in a CNAPP World

The cloud is big business, and so is increasingly targeted by threat actors. The challenge comes down to this: how do we secure our cloud-enabled business without throttling innovation? After all, no one went to the cloud to slow down. Join SentinelOne as we speak plainly about cloud defense in depth. From build time to runtime, we will discuss the complementary roles of agentless (“shift-left”) and agent-based (“shield right”) security layers. We will cover both CNAPP (Cloud-Native Application Protection Platforms) and real-time cloud workload protection (CWPP), sharing insights which hopefully help you to accelerate innovation while operating securely.

Speaker: Rick Bosworth, Director of Cloud Marketing, SentinelOne

Presented by: SentinelOne

10:30 - 11:00 AM EST
WORKSHOP 2 - Accelerating Software Delivery and Ensuring Compliance through Value Stream Management

In the fast-paced world of IT and Security, optimizing software delivery and ensuring compliance are essential for organizations looking to remain competitive and meet ever-evolving customer demands. This presentation will explore the role of Value Stream Management (VSM) in accelerating software delivery, enhancing digital transformation efforts, and ensuring compliance within the IT & Security industry. Attendees will learn how VSM can drive innovation, efficiency, and compliance within their organizations by providing a comprehensive overview of VSM, discussing challenges and opportunities in the global context, and sharing best practices for successful implementation.

Speaker:Hope Lynch, Product Evangelists, Cloudbees

Presented by: CloudBees

11:10 - 11:40 AM EST
WORKSHOP 1 - Cultivating Developer Security Adoption

Security programs have undergone major changes in recent years, to adapt to the changes that Agile development, DevOps pipelines, and faster deployments bring. New DevSecOps programs and models have resulted in a significant security ownership shift to the development teams. But in order for development teams to truly take responsibility for security, they need to embrace and adopt the new security practices. This is no easy feat! It introduces many organizational, process, and tooling challenges. In this session, we will discuss how others have successfully achieved this, and talk about tips and best practices on how you can improve the developer adoption of your security needs, as well as common pitfalls or problems to avoid.

Speaker: Ravi Maira, Vice President, Product Marketing, Snyk

Presented by: Snyk

11:10 - 11:40 AM EST
WORKSHOP 2 - Introduction to Data Lineage: A New Methodology to Data Protection

Data visibility and protection has continued to use the same, problematic approach for the past 25+ years. Regex, keywords, dictionaries, exact data matching, fingerprinting, partial file matching, limited contextual awareness, filetypes, etc. These approaches are useful at times, but are problematic (resource intensive), limited (text-only files), prone to false-positives, and easy to circumvent.
Data Lineage is a new approach that:
  • Identifies how data comes into existence in an organization
  • Monitors data behavior in all the places users create, handle, and distribute data
  • Provides visibility into all the operations and transformations that occur, providing a complete picture of the lifecycle of data and its derivatives
  • Can ultimately be extended to support use cases such as tracking data sprawl and identifying risk across the enterprise within insider risk programs

In this talk, Chris Saucier, Solutions Architect at Cyberhaven, will provide a history of data protection, an overview of data lineage, how the data model can be used to discover data in your environment and how it can be used to discover risk, and how data lineage can be extended beyond visualization.

Speaker: Chris Saucier, Solutions Architect, Cyberhaven

Presented by: Cyberhaven

11:45 - 12:35 PM EST
ROUNDTABLE + PANEL: Driving The Business Through Technology

It is no secret that technology is changing the fabric of business operations and outcomes, and collaboration between IT and the business is more important than ever before. The conversation is no longer about how to align IT with the business, however in many cases technology is still viewed as a commodity rather than an enabler. So what can we do to successfully change this mindset both within our own organizations and across the industry as a whole? During this session, we will discuss the various challenges IT and digital leaders face when undergoing this cultural shift.

Moderator: Lorenzo Hines, SVP of Information Technology, Citi


Parveen Malik, VP of IT Security, Charles River Development

Mitesh Patel, VP, JP Morgan & Chase

Steve Demeritt, VP, Global Head of IT Service & Delivery, Black & Veatch

Paul Cao, Global Head of Data Platform, Wells Fargo

12:35 - 1:30 PM EST

Open seating, Buffet-style lunch. Serving food for all tastes, pallets, and preferences. Vegan, vegetarian, and halal options available

1:35 - 2:15 PM EST
PRESENTATION - How to Maximize ROI on Digital Investments with Value Stream Management and FinOps

As macro-economic concerns increase in 2023, organizations are looking to drive higher ROI from digital investments. Value Stream Management helps DevOps teams accelerate time to market and build on success by unifying your organization’s business and technology objectives. But accelerating revenue must be accompanied by optimized operational expenditures in order to maximize ROI. That’s where FinOps comes in.

In this session, you’ll learn how OpenText simplifies Value Stream Management by helping organizations track, analyze, and predict resourcing, reduce risk, and identify waste to help you increase value as a product flows from “strategy to delivery” to achieve superior business outcomes. Then you’ll learn how FinOps can help you optimize the cloud costs that are driven by agile development through a three-step approach: Inform, Optimize, and Operate. This will enable you to:

  • Maximize Business Value and Effectiveness: Discover, visualize and manage the flow of value from “strategy to delivery” powered by AI and analytics that is easy to deploy.
  • Accelerate Delivery and Efficiency: Integrate with your existing toolchains to improve productivity and remove friction in the value stream with smart automation.
  • Gain Competitive Advantage: Differentiate customer experience with high-quality value stream insights to manage risk and streamline delivery. Empower continuous feedback, learning, and improvement.

Join OpenText to learn why the time for a joint VSM/FinOps approach is now and how to capitalize on it the easy way.


Steve Williams, Director, Solutions Engineering, OpenText

Walid Hbeika, Chief Technologist – Application Delivery Management – Professional Services, OpenText

Presented by: OpenText 

2:25 - 2:55 PM EST
WORKSHOP 1 - Top 3 Cloud Security Efforts to Focus on in 2023

As cloud data volumes grow, so does cloud complexity. Traditional security infrastructure is no match for the constant changes, updates, and shifts that come with the cloud – let alone the rapid rise of sophisticated, malicious threats. That’s a lot to get your teams’ arms around! We’ve got three things you can focus on this year to ease that complexity and keep your business safe in the cloud.

Join this session to discuss how:

  • Shifting left will be essential
  • Supply chain risk will be a major concern
  • Securing your cloud will be impossible without comprehensive visibility

Speaker: Alan Thatcher, Senior Manager, Field Architects, Lacework

Presented by: Lacework

2:25 - 2:55 PM EST

 Check back for updates on this session.


Dane Zielinski, Information Security Manager, TransAm Trucking

Craig Guymon, Lead Solutions Architect, Binalyze

Presented by: Binalyze

3:05 - 3:35 PM EST
WORKSHOP 1 - Lessons Learned from 1.7 Million Hours of Security Validation in One Year

The Cymulate security effectiveness report captured over 1.7m hours of customer assessments over a 12-month period. In this session, you’ll find out the top 10 attacks launched by customers and whether the security teams were focused on the right attacks to protect against. We’ll also share some disturbing insights, such as older exploits (over 2 years old) that were not being mitigated. Lastly, we will go over innovative ways to assess exposures, check attack path viability, and validate security control efficacy.

Five benefits for delegates attending this session:

  • Find out what we discovered from over 1.7 million hours of assessments
  • Hear real-life customer testing trends and which real-world breaches are tested the most
  • Understand that current state of legacy vulnerability patching and how to validate the efficacy of patches and controls
  • Learn about gaps in security testing and what the trends tell us
  • Discover how Cymulate safely uses threat actor attack techniques and automation to validate security controls


Carolyn Crandall, Chief Security Advocate and CMO, Cymulate

Mike Denapoli – Director of Technical Messaging, Cymulate

Presented by: Cymulate

3:05 - 3:35 PM EST
WORKSHOP 2 - Software Liability and a Path Forward

As a research and advisory organization, we have a unique perspective on key trends in technology. This talk will cover the key trends such as generative AI, zero-trust security, recession preparation, Metaverse, digital processes, industry-based data models, recession preparation, environmental/social governance, and their applicability to IT organizations.

Join Sonatype’s Maury Cupitt as he discusses how companies can achieve digital transformation by delivering safer and faster applications, and the shift that needs to happen with companies becoming proactive in securing their Software Supply Chain.

Presented by: Sonatype

3:35 - 3:50 PM EST

Circle back with your Peers on the content so far while grabbing a coffee and a snack

3:55 - 4:25 PM EST
PRESENTATION - Systems of Experience: The CIO's Role in the Future of Work

The definition of work-life balance has changed, and the nature of work has changed. Life, family, and work are all integrated, we need software solutions that allow us the flexibility to live our lives and attract a diverse talent. Solutions that improve experience locally while allowing us to operate globally removing the friction, increasing productivity improving employee experience and in turn positively impacting the customer experience. Focused on retention and customer satisfaction.

Presented by: RingCentral

4:30 - 5:20 PM EST
ROUNDTABLE & PANEL - Diving into Talent Acquisition, Diversity and Retention

In most markets, there is an abundance of open IT jobs with fewer people able to fill them – and the positions are getting more expensive. Working remotely is the norm, but not optimal (usually). There is less off-shoring and more resources are focused locally or within the same hemisphere.

Additionally, we are still not recruiting enough women and minorities into the rank and file, especially senior IT roles, and we’re losing talent to major tech hubs.

Join us at the roundtable with your peers as we dive into solutions to tackle the following challenges:

  • How do you scale staff/team without losing them to major tech hubs?
  • How do you create more diversity – not only among race and gender – but diversity of thought Old vs New Thinking?
  • How do we mentor universities to implement actionable steps for supplying more IT talent?

Moderator: Dr. Sue Tripathi, Partner, Data, Analytics, Technology, Transformation, IBM


Shayn Spingler, SVP Global Information Technology, Hill International

Davin Darnt, CISO, Confidential

Deshard Stevens, CIO/CISO, NYC Commission on Human Rights

Helen Knight, Transformation Consultant, Helen Knight Consulting

5:45 - 7:00 PM EST

Engage your Peers over canapés and cocktails

7:00 - 9:00 PM EST

Open seating buffet meal serving 5 star food and great Peer engagement

7:00 - 8:00 AM EST

Full Breakfast and lots of coffee available!

8:05 - 8:55 AM EST
ROUNDTABLE & PANEL - Engaging Remote Employees And The Platforms To Create A Happier, Healthier Enterprise

In today’s increasingly digital world, remote work has become a common practice, particularly in light of recent events that have led to a rise in remote work. However, while remote work has its benefits, it can also lead to disengaged employees and reduced productivity, making it essential for companies to find ways to keep their remote workers engaged and happy.

This presentation will focus on the various platforms available to companies to keep their remote employees engaged, healthy, and happy. From communication tools to project management software, there are many options to choose from to facilitate effective collaboration and communication between remote workers and the rest of the team. We will also discuss the importance of wellness programs, such as mental health initiatives, fitness challenges, and other employee wellness programs, in creating a happy and healthy work environment for remote employees.

The presentation will offer practical tips and strategies for managers and employers to create a positive remote work culture that fosters engagement, productivity, and well-being among their remote workers. By leveraging the right tools and implementing employee-focused initiatives, companies can build a happier, healthier enterprise that not only attracts and retains top talent but also ensures the continued success of the organization in the long term.

Moderator: Mark Hoeting, Executive Counselor, Info-Tech Research Group


Pradeep Mannakkara, CIO, Cvent

Michael Onuoha, Head of Engineering & Architecture, Risk, Fraud, Collections & Recovery, Citi

Cynthia Dixon, Sr. Director of IT, PepsiCo

Bill Boudreaux, CTO, City of Rochester

9:00 - 9:40 AM EST
PRESENTATION - In The Know: Coping with Recession Concerns on IT Spending

Concerns of a Recession looms whether there results in one or not. With a war raging across the ocean, a potential European energy crisis this winter, and inflation numbers in the US refusing to subside, the macroeconomic environment has caused enterprise IT leaders to rethink their strategies. Learn how your peers are changing their plans to deal with the recession.

Speaker: Eric Helmer, Chief Technology Officer, Rimini Street

Presented by: Rimini Street

9:50 - 10:20 AM EST
WORKSHOP 1 - Why the Nonprofit Sector Needs CIOS & How You Can Help

Building a compelling business case for digital transformation is a challenge faced by many technology leaders. It becomes even more complicated when the change beneficiaries are not the funders, and the choice to invest in technology feels like it is taking services from our most vulnerable citizens. Helen Knight, an award-winning leader of non-profit digital transformations will share how she modernized emergency shelters and food banks, and how she uses technology to optimize services for people struggling with poverty. Helen will also share ways technology leaders can use their skills to help people today, and invite you to help solve the challenges ahead.

Speaker: Helen Knight, Transformation Consultant, Helen Knight Consulting

9:50 - 10:20 AM AM EST
WORKSHOP 2 - Revolutionized Cybersecurity – AI/ML Based Cybersecurity Model

As cyberattacks grow in volume and complexity, artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. Curating threat intelligence from millions of research papers, blogs and news stories, AI technologies like machine learning and natural language processing provide rapid insights to cut through the noise of daily alerts, drastically reducing response times.

The session covers real life practical use cases that have been deployed and wherein AI helps analysts connect the dots between threats and shape up the modern day Cybersecurity programs.

Speaker: Rahul Bhardwaj, Deputy CISO, Kroll

10:20 - 10:35 AM EST

Circle back with your Peers on the content so far while grabbing a coffee and a snack

10:35 - 11:05 AM EST
WORKSHOP 1 - Why Traditional Application Security Is No Longer Enough

Modern software presents unique challenges that traditional application security measures cannot effectively handle. In this session, we will explore three of these challenges. First, we will examine the use of modern building blocks in software development. The abundance of new technologies and the fact that we often lack complete control over these building blocks can cause us to overlook the glue that keeps them together. Second, we will discuss the challenge of context in application security. Shifting left or right can only take us so far; taking a step back to see the context of the whole picture is necessary for adequate security. Finally, we will consider the use of open-source software and how it can lead to misplaced trust. Traditional application security tools are unable to compute trust in these situations. Join us to learn how to address these challenges and enhance your application security in today’s complex software landscape.

Speaker: Erez Yalon, VP of Appsec Research, Checkmarx

Presented by: Checkmarx

10:35 - 11:05 AM EST
WORKSHOP 2 - Deploying Cloud Security Controls

Topics addressed will include:

  • Cloud Security Checklist
  • 7 Critical Cloud Security Controls
  • Common mistakes Open for discussion and sharing ideas

Speaker: Nish Majmudar, VP & Chief Information Security Officer, Mathematica

11:15 - 11:45 AM EST
WORKSHOP - Proactive Cyber Risk Management – Be “in-front” of your Risks. Not Behind them!

In order to deliver value to our customers, patients, employees, communities and shareholders, we Healthcare organizations must understand and manage the risks faced across our entire organization. This seminar will outline a “proactive” approach to defining, categorizing and remediating cyber risks within your organization.

Speaker: Tim Swope, , Catholic Health Services

11:50 - 12:30 PM EST
PANEL - Building an Effective CIO-CISO Relationship

The CISO and CIO have different focuses across the IT organization – the CIO is focused on operations, keeping things running, and developing ROI. While the CISO is tasked with return on risk, focusing on security tools and processes that reduce risk across the organization. By definition, the two can immediately be in an adversarial relationship as security is often lost to tight budgets, office politics, and the drive of the organization.

This session will discuss:

  • Ways to work in tandem with the CIO to drive the business forward while still respecting organizational security
  • Effective strategies to build trust and unite all departments under one security umbrella
  • Future structural changes – how the CIO reporting to the CISO will change organizational culture

In this session, we will speak to a Panel of your Peers to better understand this new proposed policy change and how it affects you.

Moderator: Keith Donnelly, VP, Global Head of Risk Managment, Broadridge Financial


Gary Szukalski, SVP, Field, Partner, and Customer Marketing, Darktrace

Peter Rosario, CISO, USI

Bradley Schaufenbuel, CISO, Paychex

Pennie Turgeon, CIO/CISO, New York Institute of Technology

12:30 - 1:30 PM EST

Open seating, Buffet-style lunch. Serving food for all tastes, pallets, and preferences. Vegan, vegetarian, and halal options available. Serving to-go boxes for those in a hurry!

East Executive Advisory Council

Michael Marsillio


Paradies Lagardere

Ashok Narayan

Global Director of Applications and Emerging Technology

Tosca Services

Gina Bennett

Director of Enterprise Solutions

YMCA of Metropolitan Atlanta

Kenneth Foster

VP of IT Governance, Risk and Compliance


Kenneth Viciana

VP, Global Data & Analytics Products


Lorenzo Hines

Global SVP of Information Technology


Bradley Schaufenbuel


Paychex, Inc

Stephen Demeritt

Global Head of IT Services & Delivery

Black & Veatch

Mitesh Patel

VP of IT

JP Morgan

John Whiting

Global Director Cyber Risk


Michael Onuoha

Head of Engineering & Architecture, Risk, Fraud & Collections


Nish Majmudar

VP & Chief Information Security Officer


Robert Field

Vice President of Global Information Technology and Digital Solutions


Andy Flatt


National Healthcare

Deena Swatzie

SVP of Cyber Security Strategy & Digital Innovation


Karl Forsberg

Senior Director IT, Infrastructure and Operations

North America Partners in Anesthesia

Forum Speakers

Interested in speaking? Please submit a request.

Submit Request