Gaylord Texan Resort & Convention Center • Dallas, TX

TOLA IT & Security Leaders Forum 2023

The SINC TOLA IT & Security Leaders Forum brings together top leaders for three days of engagement geared specifically towards our IT executives.

Forum speakers and presentations will focus on topics most directly impacting attendee resource challenges, which will in turn drive regional industry growth. Executives and service providers alike will engage through one-on-one engagements and open-discussion group meetings, all while creating valuable networking and community-building opportunities to foster regional development.


Gaylord Texan Resort & Convention Center

Standing on the shores of the majestic Lake Grapevine, Gaylord Texan Resort & Convention Center welcomes guests to a stunning, one-of-a-kind experience. Guests can explore the four-and-a-half acres of airy, indoor garden atriums, four award-winning restaurants, bars, the world-class Relâche Spa, and a state-of-the-art fitness center. Located near DFW Airport, LEGOLAND® Discovery Center, Cowboys Golf Club, Historic Downtown Grapevine, and water sports on Lake Grapevine itself, are all convenient so everyone can do more of what they love.

Forum Agenda

Agenda may be subject to change. Check back regularly for Updates.

2:00 PM - 5:00 PM CST

Get familiar with SINC Staff and the event layout. Secure your complimentary Swag Bag and learn how to use the Onsite Application for Peer Engagement and win great prizes!

5:30 PM - 7:00 PM CST

Engage your Peers over canapes and cocktails

7:00 PM - 9:00 PM CST

Enjoy a 3-course meal and engage with your peers before Day 1 kick’s off

7:00 AM - 7:55 AM CST

Full breakfast and lots of coffee available!

8:00 AM - 8:05 AM CST

A Thank You from SINC – setting the tone for a great day!

8:05 AM - 8:45 AM CST

 Check back for updates on this session.

Moderator: Bryan Tutor, CIO & Executive Counselor, Info-Tech Research Group


Nellson Burns, Managing Partner, Destination IT

Mark Walters, Trial Lawyer

8:55 AM - 9:35 AM CST
Presentation - Systems of Experience: The CIO's Role in the Future of Work

The definition of work-life balance has changed, and the nature of work has changed. Life, family, and work are all integrated, we need software solutions that allow us the flexibility to live our lives and attract a diverse talent. Solutions that improve experience locally while allowing us to operate globally removing the friction, increasing productivity improving employee experience and in turn positively impacting the customer experience. Focused on retention and customer satisfaction.

Speaker: Matt Lehman, Industry Principal, Financial Services, RingCentral

Presented by: RingCentral

9:35 - 9:55 AM CST

Circle back with your Peers on the content so far while grabbing a coffee and a snack

9:55 - 10:25 AM CST
WORKSHOP 1 - Using iPaaS to Drive your API Connectivity Needs

APIs are everywhere. There are APIs for 150k+ SaaS Apps, APIs for blockchain, IoT, artificial intelligence, and everything in between. Yet, at the same time, companies are finding themselves challenged to make timely, informed decisions because of scattered data. You could, in theory, stitch APIs together with existing systems to integrate and create exciting new applications, but how do you determine what tool you need to help you connect your systems and data sources? Or how do you know if you need an iPaaS or an API Management (APIM) platform?

The proliferation of applications and data sources used everyday has made it imperative for organizations to consider an integration solution that incorporates full lifecycle API Management capabilities. The combined power enables organizations to surface and share data quickly from any number of disparate sources so users can make informed, impactful decisions in real-time.

Join us for a 30-minute workshop to learn how your internal systems can be securely exposed as APIs with minimal effort using the Jitterbit Harmony platform. Watch us demonstrate live how you can create APIs through just simple clicks vs coding from scratch, enabling your customers to access data faster and make timely and informed decisions by leveraging Jitterbit API Management.

Key take-aways from this session:

  • Extend the value of Jitterbit Harmony API Integration platform by enabling your data to be shared between apps in real-time
  • Manage and expose APIs created from Harmony projects
  • Perform full lifecycle API Management capabilities, including creating, consuming and controlling APIs through an intuitive, low-code user interface
  • Securely expose your 3rd-party APIs through the Harmony platform and manage all your APIs from one place

Speaker: Tomydas Pall, Senior Product Manager, Jitterbit

Presented by: Jitterbit

9:55 - 10:25 AM CST
WORKSHOP 2 - How Organizations Can End the Era of Security Control Failure

Imagine a World Cup qualifying team that made it to the first match but had failed to prepare for its opponents. Stepping out on the pitch, the opposing team would run circles around them. This is the story in cybersecurity today. The impact of a lack of continuous security control validation is that security programs fail and breaches occur constantly. Only by testing controls against known threats can teams generate the data they need to understand performance, tune-up, and improve effectiveness.

In this talk, Jose will cover how the research team discovered that EDR controls in AttackIQ’s customer environments only stopped top adversary techniques 39 percent of the time, and outline recommendations for how to improve cybersecurity program performance at scale.

In their analysis, the AttackIQ Adversary Research Team selected real-world adversary techniques from MITRE ATT&CK under the following criteria, including: (1) they needed to be common techniques (not edge cases); (2) they needed to have had pronounced historical impacts, including in recent Russian operations in Ukraine; and (3) most importantly, the EDR solution providers needed to consistently block these key techniques in AttackIQ’s lab environment. The goal in selecting these techniques was to find a sweet spot for realistic and popular techniques that could be prevented by recommended security configurations but are not currently being prevented most of the time in customer environments.

Attendees will leave the talk with a deeper understanding of why advanced cyberdefenses fail against threats and how organizations can use automated testing and the MITRE ATT&CK framework to improve their overall security program performance.

Speaker: Jose Barajas, VP, Global Sales Engineering, AttackIQ

Presented by: AttackIQ

10:35 AM - 11:05 AM CST
WORKSHOP 1 - Analytics Architecture Principles for Performance and Growth on a Budget

When building or changing an enterprise analytics architecture, there are a lot of things to consider–Cloud or on-prem, hybrid or multi-cloud, this cloud or that cloud, containerized, build tech, buy tech, use the skills in house, train new skills, etc. While balancing those decisions, there are a lot of considerations, but the main three are performance, costs, and planning for the future including future growth in analytics demand.

Learn how several companies like the Index Exchange,, Philips, and the Tradedesk analyze data from a single terabyte up to multiple petabyte ranges, track millions of realtime actions, generate 10’s of thousands of reports a day, keep thousands of machine learning models in production and performing, and still keep budgets under control.

In this session:

  • Discover the high-level principals that underly every decision around building a data analytics architecture for performance and rapid growth, without breaking the budget
  • Evaluate examples of successful analytic data architectures at several companies that are tackling some of the toughest analytics use cases.
  • Learn from others’ mistakes and successes managing and analyzing data with multiple simultaneous workloads, exponential growth, spikey workloads, or hundreds of concurrent users.

Speaker: Paige Roberts, Open Source Relations Manager, Vertica by OpenText

Presented by: Vertica by OpenText

10:35 AM - 11:05 AM CST
WORKSHOP 2 - Cultivating Developer Security Adoption

Security programs have undergone major changes in recent years, to adapt to the changes that Agile development, DevOps pipelines, and faster deployments bring. New DevSecOps programs and models have resulted in a significant security ownership shift to the development teams. But in order for development teams to truly take responsibility for security, they need to embrace and adopt the new security practices. This is no easy feat! It introduces many organizational, process, and tooling challenges. In this session, we will discuss how others have successfully achieved this, and talk about tips and best practices on how you can improve the developer adoption of your security needs, as well as common pitfalls or problems to avoid.

Speaker: Jim Armstrong, Sr. Director, Product Marketing, Snyk

Presented by: Snyk

11:10 - 12:00 PM CST
ROUNDTABLE & PANEL - Driving The Business Through Technology

It is no secret that technology is changing the fabric of business operations and outcomes, and collaboration between IT and the business is more important than ever before. The conversation is no longer about how to align IT with the business, however in many cases technology is still viewed as a commodity rather than an enabler. So what can we do to successfully change this mindset both within our own organizations and across the industry as a whole? During this session, we will discuss the various challenges IT and digital leaders face when undergoing this cultural shift.

Moderator: Ross Tucker, CIO, Texas United Management Corporation


Lucy Mariappa, CIO, International Leadership of Texas

Damian Mobley, CTO, IM Academy

Marc Paige, VP, GC Services

Rinkesh Patel, VP, Fidelity Investments

12:00 - 12:50 PM CST

Open seating, Buffet-style lunch. Serving food for all tastes, pallets and preferences. Vegan and vegetarian options available. 

1:00 - 1:30 PM CST
WORKSHOP 1 - Avoiding Burnout with a Mental Healthcare Plan

 Check back for updates on this session.

Speaker: Michael Anderson, CISO, Dallas ISD

1:00 - 1:30 PM CST
WORKSHOP 2 - How to Survive a Ransomware Attack and Live to Tell About It

Ransomware is no longer just a problem for businesses and industries. Many school districts are now the target of ransomware attacks. But they assume they aren’t at risk and end up having to respond to a ransomware attack without proper preparation and plans in place. Get firsthand information and hear lessons learned from one district’s ransomware incident this year. Be better prepare and secure your staff, hardware, data, and network.

Speaker: Brad Stewart, CTO, Lufkin ISD

1:40 – 2:10 PM CST
WORKSHOP 1 - Security Validation as the Heart of Exposure Management

To increase security readiness given today’s dynamic attack surfaces and diverse cyberthreats,  security professionals need to move away from traditional vulnerability-centric methods to a new approach that identifies exploitable security exposures in their live IT environments.

Gartner describes Exposure Management (EM) as a new framework that incorporates the adversary’s view to continuously uncover exploitable security gaps, and prioritize remediation accordingly. One of the pillars of EM is security validation, which provides evidence of attackers’ possible achievements in the context of an organization’s deployed assets, configurations, and security controls.

During this session, we will present a pragmatic approach to implementing an Exposure Management strategy, focusing on automated security validation.

Speaker: Autumn Stambaugh, Senior Solutions Engineer, Pentera

Presented by: Pentera

1:40 - 2:10 PM CST
WORKSHOP 2 - Redefining Cloud, Data, and Network Security to Apply Zero Trust Architecture

The overall business transition to the Cloud is happening far faster than many experts predicted. That speed has left most companies reliant on security platforms built for a bygone world dominated by on-premises data centers. The covid pandemic further accelerated and complicated the situation, stressing CISOs and CIOs who are responsible for protecting a work-from-home staff that may not ever fully return to the office. Organizations are rapidly adopting SASE to safeguard data wherever it moves, support digital transformation efforts, and realize better efficiency and ROI from their technology. Come hear how Netskope’s converged SASE platform provides AI-driven zero trust security and simplified, optimized connectivity to any network location or device, including IoT.

Speaker: Gerry Plaza, Field CTO, Netskope

Presented by: Netskope

2:20 - 2:50 PM CST
WORKSHOP 1 - Minimizing Risk From Cyber Threats: Focus on Reducing Time to Containment

The threat landscape continues to evolve rapidly, and attacks are getting more sophisticated every day. Many organizations can no longer cope with the volume of alerts to the extent that 93% of organizations confirmed that they couldn’t respond to new alerts within the first 24 hours. As a result, the Mean-Time-To-Detect (MTTD), and Mean-Time-To-Respond (MTTR), which are two of the primary metrics for any Security Operations Center (SOC), continue to increase for the majority of organizations. In this session, we will discuss some of the main challenges that result in alert fatigue and an increase in MTTD and MTTR metrics and how Artificial Intelligence can play a vital role in driving efficiency for your team.

Speaker: Mani Keerthi Nagothu, Field CISO, Americas, SentinelOne

Presented by: SentinelOne

2:20 - 2:50 PM CST
WORKSHOP 2 - Data for DevOps: The Intersection of Data Automation & Data Security

Innovation driven by DevOps, cloud and AI/ML emboldens businesses to expand access to the essential fuel for those programs– enterprise data. At the same time, stringent privacy laws and frequent cyber attacks increase pressure to mitigate sensitive data risks. With more and more interaction shifting to the digital brand experience, how can today’s enterprises effectively unlock the power of their enterprise data and eliminate friction between data usage and data security?

Join this interactive session to discuss the cultural shift modern enterprises are actively engaged in to make data more available, secure, compliant and resilient.


Brandon Burge, Director IT, Express Scripts

Corey Brune, Senior Principal Solutions Engineer, Delphix

Presented by: Delphix

2:50 - 3:05 PM CST

Circle back with your Peers on the content so far while grabbing a coffee and a snack

3:05 - 3:45 PM CST
PRESENTATION - How to Maximize ROI on Digital Investments with Value Stream Management and FinOps

As macro-economic concerns increase in 2023, organizations are looking to drive higher ROI from digital investments. Value Stream Management helps DevOps teams accelerate time to market and build on success by unifying your organization’s business and technology objectives. But accelerating revenue must be accompanied by optimized operational expenditures in order to maximize ROI. That’s where FinOps comes in.

In this session, you’ll learn how OpenText simplifies Value Stream Management by helping organizations track, analyze, and predict resourcing, reduce risk, and identify waste to help you increase value as a product flows from “strategy to delivery” to achieve superior business outcomes. Then you’ll learn how FinOps can help you optimize the cloud costs that are driven by agile development through a three-step approach: Inform, Optimize and Operate. This will enable you to:

  • Maximize Business Value and Effectiveness: Discover, visualize, and manage the flow of value from “strategy to delivery” powered by AI and analytics that is easy to deploy.
  • Accelerate Delivery and Efficiency: Integrate with your existing toolchains to improve productivity and remove friction in the value stream with smart automation.
  • Gain Competitive Advantage: Differentiate customer experience with high-quality value stream insights to manage risk and streamline delivery. Empower continuous feedback, learning, and improvement.

Join OpenText to learn why the time for a joint VSM/FinOps approach is now and how to capitalize on it the easy way.


Parker Reguero, Enterprise Sales Director, ADM West, OpenText

Travis Greene, Sr. Director of Product Marketing, OpenText

Presented by: OpenText

3:50 - 4:40 PM CST
ROUNDTABLE & PANEL - Diving into Talent Acquisition, Diversity and Retention

In most markets, there is an abundance of open IT jobs with fewer people able to fill them – and the positions are getting more expensive. Working remotely is the norm, but not optimal (usually). There is less off-shoring and more resources are focused locally or within the same hemisphere.

Additionally, we are still not recruiting enough women and minorities into the rank and file, especially senior IT roles, and we’re losing talent to major tech hubs.

Join us at the roundtable with your peers as we dive into solutions to tackle the following challenges:

  • How do you scale staff/team without losing them to major tech hubs?
  • How do you create more diversity – not only among race and gender – but diversity of thought Old vs New Thinking?
  • How do we mentor universities to implement actionable steps for supplying more IT talent?

Moderator: Helen Knight, Founder & CEO, Helen Knight Consulting


Charles Ahn, Director of SAP Technology Integration and Enablement, Kimberly-Clarke

Angela McGuire, VP of Digital Financial Services, Worldlink

Nickoria Johnson, Chief Diversity Officer, Credera

Robert Pace, VP & CISO, Invitation Homes

4:50 - 5:20 PM CST
WORKSHOP 1 - Having a Culture of Data Security isn’t as Hard as You Think

For years, organizations have struggled to meet the requirements of regulatory compliance, incident response, security, and best practice for their critical data.

And now, with the huge upsurge and modernization of business applications and the pressure to migrate to the cloud or to manage a hybrid environment, data security, and compliance requirements are evolving to the point where traditional solutions are no longer enough to provide every answer, and the demand for a modernized data security solution is growing .

Modern Data Security requires:

  1. Support for any location, Multi-cloud, on-prem, both.
  2. Coverage for any data type
  3. Convergence of Legal, Risk, IT and Security
  4. Augmenting hard to find expertise
  5. Building Data security into Business Processes

Join Imperva’s Terry Ray to learn what to consider when modernizing your data security solutions to meet the constantly changing security challenges of the modern enterprise

Speaker: Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow, Imperva Inc

Presented by: Imperva

4:50 - 5:20 PM CST
WORKSHOP 2 - API Security: How Are You Securing the #1 Attack Vector?

No surprise in the era of digital transformation: In its API Security and Management report, Gartner predicts that by 2023, API abuses will move from infrequent to the most frequent attack vector, and by 2025, more than 50% of data theft will be due to unsecure APIs. And yet many security leaders, when pressed, do not even know how many APIs they have in their environments – never mind their level of security. So, what are you doing proactively to protect your environment from API vulnerabilities, design flaws, and misconfiguration?

Join the Noname Security session on API security to discover:

  • How are adversaries exploiting API security gaps to launch successful attacks?
  • What are the top API vulnerabilities, and how are proactive enterprises mitigating them?
  • How can API visibility be enhanced for automated monitoring, detection, and response?

Speaker: Henry Obialisi, Director, Solutions Architects West, Noname Security

Presented by: Noname Security

6:00 - 7:00 PM CST

Engage your Peers over canapés and cocktails

7:00 - 9:00 PM CST

Enjoy a 3-course meal and engage with your peers

8:00 AM - 8:55 AM CST

Full Breakfast and lots of coffee available!

9:00 AM - 9:40 AM CST
CISO PANEL - The Ongoing Shift in Protecting our Networks

Aggressive attacks on Enterprise computer networks are continuing with increased frequency and threatening economic and national security. Actions like vulnerability reduction and passive defenses on their own simply are not cutting it and there needs to be a functional shift in the way we mitigate this substantial threat. Companies can seek to protect their most sensitive data by implementing an environment of actionable intelligence and detection to bring the fight to the adversaries and ensure a proactive approach to securing data. This session will discuss best practices in managing the constant evolution in the security environment.

Moderator: Erik Boemanns, VP of Technology, Cybersecurity, Improving


Sujeet Bambawale, VP & CISO, 7-Eleven

Ted Layne, CISO/CSO, Fairway Independent Mortgage Corporation

Ray Texter, CISO, Texas United Management Corporation

Keith Donnelly, VP, Global Head of Risk Management, Broadridge Financial

David Mata, SVP, Global Head of Incident Management, Darktrace

9:50 - 10:20 AM CST
WORKSHOP 1 - Supply Chain – The Real Insider Threat

What if I told you that 80% of the source code for your application was written by strangers? Furthermore, your developers have implicitly invited those strangers to help on your digital transformation projects. By downloading and using open source libraries, you have decreased your time to market. What has it done to your risk? What governance do you have over open source in your enterprise, and can you detect if something is wrong?

Incidents such as the recent Log4J CVE, have reminded us that while not malicious, these libraries can be misused to attack us. If you were impacted by this event, you should have some idea of how mature your organization is and made some decisions on how to improve. Your ability to respond in a timely manner to these situations is critical.

Today we are seeing the rise of the criminal coder. Through various means, they are injecting open source software with malicious code. The ecosystem for sharing these libraries was created to share easily, not securely. Using some traditional attacks as well as some that are novel and unique to each ecosystem, they have put your company at risk.

Your ability to detect and react to this new threat landscape has three components:

  1. Telemetry that alerts you to the suspicious and malicious software that your developers have inadvertently selected and integrated
  2. The quality and maturity of your incident response playbook
  3. The hygiene of your development organization and its ability to make production changes quickly and safely

Join us to learn about these topics and bring real improvements back to your workplace.

Speaker: Peter Chestna, CISO of North America, Checkmarx

Presented by: Checkmarx

9:50 - 10:20 AM CST
WORKSHOP 2 - In The Know: Coping with Recession Concerns on IT Spending

Concerns of a Recession looms whether there results in one or not. With a war raging across the ocean, a potential European energy crisis this winter, and inflation numbers in the US refusing to subside, the macroeconomic environment has caused enterprise IT leaders to rethink their strategies. Learn how your peers are changing their plans to deal with the recession.

Speaker: Eric Helmer, Chief Technology Officer, Rimini Street

Presented by: Rimini Street

10:20 - 10:35 AM CST

Circle back with your Peers on the content so far while grabbing a coffee and a snack

10:40 - 11:10 CST
WORKSHOP 1 - Shift Left, the Right Way

The current “shift-left” mindset to assess, assert, and evidence compliance and to harden the software supply chain are a DevOps antipattern. The impact goes well beyond over-burdening developers with toil that distracts them from innovation, unplanned audits are highly disruptive, and management is left to make decisions without defensible data. We will discuss this impact as a tax and suggest attributes of solutions to do Shift-Left right.

Speaker: Tim Johnson, Senior Product Marketing Manager, CloudBees

Presented by: Cloudbees

10:40 - 11:10 CST
WORKSHOP 2 - New Techniques Emerge via High Profile eCrime Attacks

Review of Scattered Spider and Slippy Spider, the updated attack techniques observed, and changes in the eCrime landscape

Speaker: Aaron Ausherman, Sales Engineering Manager, CrowdStrike

Presented by: CrowdStrike

11:15 - 12:00 PM CST
PRESENTATION - Inclusive Leadership: Keys to Modern Leadership

 Check back for updates on this session.

Speaker: Nickoria Johnson, Chief Diversity Officer, Credera

12:00 - 1:00 PM CST

Serving food for all tastes, pallets, and preferences. Vegan and vegetarian options available. Serving to-go boxes for those in a hurry!

TOLA Executive Advisory Council

Radhika Murudeshwar

Director Enterprise Architecture - Clinical

UnitedHealth Group

Ross Tucker


Texas United Management Corporation

Dana Prochaska

Executive Security Advisor / vCISO


Jeff Baker


NB Business Solutions

Rusty Kennington


Henry Company

Sudhakar Virupakshi


Buckeye Partners

Robert Pace


Invitation Homes

Shivani Agarwal

Head of IT

McLane Company

Tod Huber


Milwaukee County

Bhadresh Patel

Chief Technology Officer


Forum Speakers

Interested in speaking? Please submit a request.

Submit Request