Day One: Monday, May 18, 2020

12:00 pm - 12:25 pm Lobby Opens

12:25 pm - 12:30 pm Chairperson's Welcome Orientation

12:30 pm - 1:00 pm Establishing a Culture of Comprehensive Vigilance within Both Your Cyber & Physical Security Teams

Paul Connelly - Chief Information Security Officer, HCA Healthcare

The evolution of the Internet of Things into the Internet of Everything has profound consequences on clinical settings and requires the development of a comprehensive strategy to create synergies between cyber and physical security assets. Join Paul Connelly, CISO at HCA Healthcare, as he shares how he’s leveraging the convergence between the two functions to protect both sensitive, HIPPA-protected patient data as well as his organization’s varied physical assets. 

Participate in this session to gain insights into: 

  • Improving the accuracy and efficiencies of risk assessments by avoiding duplication and establishing a “single source of truth”
  • Establishing appropriate physical controls that take into account the complexity of identity and access management within a layered, complex clinical ecosystem 
  • Generate cost savings by assessing how cyber threats pose risks to both physical assets and IT infrastructures  
  • Maintaining the individual identities of both the physical and cybersecurity teams while fostering collaboration 

Paul Connelly

Chief Information Security Officer
HCA Healthcare

12:50 pm - 1:00 pm Live Q&A

Turn your cameras and microphones on and engage in an interactive discussion on the topic with your peers.


1:00 pm - 1:30 pm Latest Ransomware: How Cybercriminals are Reacting to the Virtual Work Environment
Erich Kron - Security Awareness Advocate, KnowBe4

Ransomware has evolved again and has some new tricks up its sleeve that are causing more trouble than ever. Although some ransomware gangs said they would halt attacks in healthcare during the crisis, the attacks continue. On top of that, cybercriminals have been taking advantage of the challenges related to the COVID-19 pandemic to intensify phishing and smishing attacks while people are working from home, putting in longer hours and are less protected.

In this session we will discuss the latest trends in ransomware and the methods the attackers are using now to spread it. Plus, key defensive strategies you can use now against ransomware and phishing attacks during this time of rapid change. 

We will cover:

  • New tricks the ransomware attackers are employing
  • The rise in attacks around the COVID-19 pandemic
  • Defending against the new threats
  • How to create your human firewall


Erich Kron

Security Awareness Advocate


1:00 pm - 1:30 pm Protecting against Ransomware and Phishing with Isolation
Kowsik Guruswamy - Chief Technology Officer, Menlo Security

Hospitals and other healthcare organizations (HCOs) are increasingly singled out by cybercriminals for ransomware and other attacks. Not only are 'patients' sensitive medical records being targeted, but—as the FBI warns—their intellectual property and credit card information are also up for grabs.

Cybercriminals will always target those organizations with the weakest defenses and the most valuable data. Few industries are as dependent on data and information as the healthcare industry; without patient records, a hospital cannot operate.

In this presentation, we will discuss:

  • Ransomware and its impacts on HCO's
  • A new preventative approach to protecting against such attacks
  • The four key requirements of an Isolation service for HCOs 


Kowsik Guruswamy

Chief Technology Officer
Menlo Security

1:30 pm - 1:40 pm Ignite: Quick Wins to Automate Cyber Defense Validation and Reduce Risk

Aviv Cohen - CMO, PCYSYS

With today’s remote work reality many organizations seek ways to automate every possible aspect of vulnerability assessment and security validation to support business continuity and control spending.   

In this session, we will uncover the fast path to Cyber Hygiene in the Work-From-Home era while enabling small security teams to triple their work capacity.


Aviv Cohen


1:40 pm - 2:00 pm How to Build a Web Security Program to Secure Thousands of Applications

Ferruh Mavituna - Founder & Chief Executive Officer, NetSparker

Many organizations have thousands of web applications but almost none of them have a scalable program to be in control of their web security posture. This presentation will explain what key components a good web application security program needs and how you can build or improve your application security program.

Spending more than a decade securing web applications, we’ve seen organizational and technological challenges. Based on our success and learning over a decade we built a straightforward, actionable and result-oriented program that will make your organization measurably more secure within 3 months.


Ferruh Mavituna

Founder & Chief Executive Officer

2:00 pm - 2:30 pm Business Meetings

2:30 pm - 3:00 pm Business Meeting

3:00 pm - 3:30 pm Business Meetings

3:30 pm - 3:40 pm Break

3:40 pm - 3:50 pm The Balancing Act: Optimizing Tech in Security Operations Management

Bruce Potter - Chief Information Security Officer, Expel

Building a scalable team is hard enough. Figuring out how to get your team to work in harmony with the tech in your security portfolio is a challenge that leaves even the best of us scratching our heads (or ripping our hair out). In this presentation, Expel CISO Bruce Potter will talk about how you can create efficiency through the way your team works with tech


Bruce Potter

Chief Information Security Officer

3:50 pm - 4:10 pm Intelligence Transforms Identity and Access Management

Eve Maler - Chief Technology Officer, ForgeRock

Helping people safely and simply access the connected world requires adding intelligence. Explore the requirements for managing organizations that act as organisms.


Eve Maler

Chief Technology Officer

Organizations around the globe have been confronted with the realities of shifting their workforce to work from home in the wake of the coronavirus (COVID-19) with little to no planning or maturity in their IT and security processes. This shift in workforce dynamics is critically challenging for healthcare, with InfoSec and IT operations teams unable to reimage or surgically remediate events and issues remotely in a timely manner.

 Join us to:

  • Understand how healthcare organizations can continue to remain vigilant against adversaries seeking to take advantage of the highly complex environment we’re operating in
  • Discuss best practices around transitioning employees to remote workers
  • Learn how to ensure resilient security across an entire remote workforce now and in the future


Saxxon McCarty

Director (Americas), Falcon Complete Managed Endpoint Protection Services


Keith Duemling

Director of Cybersecurity Technology Protection
Cleveland Clinic


John Beauchamp

Director of Information Security
LifePoint Health


Jesse Fasolo

Technology and Information Security,
St. Joseph’s Health

4:55 pm - 5:25 pm Disrupting Healthcare: Consumerization, Coronavirus and Caution

Esmond Kane - Chief Information Security Officer, Steward Health Care

In a matter of months, Covid-19 has done more to transform Healthcare digitally than in the prior decade of curated investment encouraged by the 2009 Health Information Technology Economic and Clinical Health (HITECH) Act. Care is the home is always preferred, it has dramatic positive benefits on patient outcomes but now its essential to stem the pandemic. Life in the new normal, after the Coronavirus pandemic, continues a radical and profound change in the delivery of care. In this presentation, lets discuss:

  • The shifting responsibilities for security and governance
  • Trust and Transparency when using consumer technology, BYOD and IoMT
  • Risk management and pragmatic security at the speed of a pandemic

Esmond Kane

Chief Information Security Officer
Steward Health Care

5:25 pm - 5:35 pm Live Q&A

Turn your cameras and microphones on and engage in an interactive discussion on the topic with your peers.

For years, healthcare organizations have seen explosive growth in both the quantity and variety of unmanaged, IoT and IoMT devices. This evolution to hyper-connectivity renders traditional and agent-based network security approaches insufficient. As organizations embark on an IoT and IoMT security initiative, what are the security considerations? Which stakeholders should be involved? How should a real-world deployment be architected for success? How should CISOs evaluate vendors?

Join us for a fun fireside chat with Rich Mason, former CISO of Honeywell who will pose these questions and more to Taylor Lehmann, Athena Health CISO.


Taylor Lehmann

Chief Information Security Officer
Athena Health


Richard Mason

President & Chief Security Officer
Critical Infrastructure, former CISO of Honeywell

5:55 pm - 6:00 pm Chairperson Closing Remarks

6:00 pm - 7:00 pm Peer to Peer Virtual Networking