Day Two: Tuesday, May 19, 2020

12:00 pm - 12:25 pm Lobby Opens

12:25 pm - 12:30 pm Chairperson's Opening Remarks

12:30 pm - 12:50 pm Volunteering During Crisis - CTI League, a Global Threat Intelligence Community of Experts that Neutralize Cyber Threats Exploiting the Current COVID-19 Pandemic

Ohad Zaidenberg - Lead Cyber Intelligence Researcher and COVID-19 CTI League Founder, ClearSky

Ohad Zaidenberg is the Founder of CTI League, a global cyber threat intelligence community. The Cyber Threat Intelligence (CTI) League is an online, global community of cyber threat intelligence researchers, Infosec experts, CISOs, and other relevant people within the industry, whose goal is to neutralize cyber threats exploiting the current COVID-19 pandemic. Our volunteers prioritize efforts on helping hospitals and healthcare facilities protect their infrastructures during the pandemic and creating an efficient channel to supply these services. In the CTI League platform, volunteers can find a clearinghouse for data, connection network and a platform for facilitating those connections. The CTI League’s current goal is to neutralize cyber threats exploiting the current COVID-19 pandemic. Our volunteers can choose the best path to achieve this goal: takedown the IoC from the internet, triage it to the medical sector or escalate it to the relevant law enforcement agencies. In his day job, Ohad is the Lead Cyber Intelligence Researcher at the ClearSky Cybersecurity, an Israeli cyber threat intelligence company.

Participate in this session to learn how to:

  • Neutralize cyber threats looking to exploit the current pandemic
  • Block and takedown bad actors
  • Access expert pro-bono industry support from CTI League members

Ohad Zaidenberg

Lead Cyber Intelligence Researcher and COVID-19 CTI League Founder

12:50 pm - 1:00 pm Live Q&A

Turn your cameras and microphones on and engage in an interactive discussion on the topic with your peers.

1:00 pm - 1:20 pm Becoming an Accelerator – Security for Transformational Healthcare

Stephen Brennan - Global Associacte Partner, Healthcare & Life Sciences, IBM Security Services

A look at how security can change its role within healthcare organizations from a burden to an accelerator. We will explore the broader role security plays in allowing payers and providers to embrace disruption to provide new patient pathways, improved community health, and open new revenue streams. We will also discuss how robust risk management practices can be refocused to unlock opportunities for optimization, transformation and innovation.

Key Takeaways:

  • Identify Risk to IT systems, data and medical devices
  • Contextualize Threats and Establish Visibility
  • Communicate cybersecurity impact on patient safety, security and privacy
  • Deploy strategies for security transformation

Stephen Brennan

Global Associacte Partner, Healthcare & Life Sciences
IBM Security Services

1:20 pm - 1:40 pm Securing the Front Lines: Cybersecurity Awareness & Other Human-Centered Approaches to Overcoming Insider Threats

Stephen Fridakis - Chief Information Security Officer, WW (Weight Watchers) International

While the proliferation of threat vectors continues to create challenges to CISO’s within the healthcare space, it’s important to recognize that insider threats will remain a serious vulnerability for organizations for the foreseeable future. This session will delve into how a renewed focus on cybersecurity awareness training is a fundamental component of minimizing and containing the huge vulnerability that insider threats pose to long-term cyber resiliency within a healthcare-focused organization. 

Participate in this session to gain a better understanding of: 

  • emphasizing the human factor of cybersecurity to front-line employees in a meaningful, digestible way that fits the unique nature and risks 
  • development and implementation of a rewards program to foster transparency through positive reinforcement 
  • strategies to identify and empower cross-functional “cyber champions” to reinforce best practices outside of the training room 
  • optimizing clinical workflows to reduce friction and seamlessly integrate advanced cybersecurity technology  
  • the use of identity management to protect against cyber security threats 

Stephen Fridakis

Chief Information Security Officer
WW (Weight Watchers) International

1:40 pm - 1:50 pm Live Q&A

Turn your cameras and microphones on and engage in an interactive discussion on the topic with your peers.

1:50 pm - 2:10 pm Prevent Credential Stuffing, Protect Customer Data

Andrew Jones - Senior Sales Engineer, Shape Security

Credential stuffing aimed at account takeover, fake account creation and other brute force attacks drive fraud and abuse that results in more than $40B of hard losses every year. Fraudsters commit large scale bot attacks to steal digital identities and to commit member and provider fraud by stealing wellness rewards and filing false claims. Most companies turn to user friction such as CAPTCHA as a defense which motivated frauders can easily bypass. In this session you will learn how fraudsters launch large scale bot attacks and how you can mitigate these attacks in real-time without the use of CAPTCHA.


·        Use real-time solutions to mitigate credential stuffing attacks by bots

·        Protect user and provider accounts from identity, rewards and claim fraud

·        Increase user login success by removing CAPTCHA 


Andrew Jones

Senior Sales Engineer
Shape Security

While we have no shortage of data points coming from our tools, CISOs need much more than raw data output to understand how well our security programs are performing. Join me on a journey through the good, the bad and the ugly metrics I have seen throughout my career and a discussion of how to develop meaningful metrics in healthcare environments. 

Join this session to:

  • Discuss what makes a metric meaningful
  • See examples of good and not so good metrics
  • Discuss how to use meaningful metrics to solve some of the typical issues found in healthcare environments

Vicky Ames

Director, Information Security, Risk & Compliance
United Therapeutics Corporation

2:30 pm - 2:40 pm Live Q&A

Turn your cameras and microphones on and engage in an interactive discussion on the topic with your peers.

2:40 pm - 3:00 pm Risk Mitigation of Digital Communication

Homayun Yaqub - Security Strategist, Forcepoint

In a world of risk mitigation, we have vastly enabled video-conferencing and messaging as primary forms of communication in order to diagnose and treat patients. By allowing providers to maximize safety of during crisis, we have had to redefine the status quo. By modernizing consultations, we have been able to handle lower risk health concerns, (e.g. allergies, common cold, flu, etc.) without bogging down clinicians on the front lines. The security challenges that arise from this new digital ecosystem, are ensuring that clinicians are properly recording and submitting all captured data from patient interactions back into their electronic medical record systems. Taking the expanded remote workforce into consideration, additional layers of data protection and cloud application governance will be critical in safeguarding the privacy and safety of our employees, customers, and patients.


Homayun Yaqub

Security Strategist

3:00 pm - 3:30 pm Business Meetings

3:30 pm - 4:00 pm Business Meetings

4:00 pm - 4:30 pm Business Meetings

4:30 pm - 4:40 pm Break


4:40 pm - 5:20 pm Cyber Hygiene and the Fog of More
Daniel McGregor - Technical Director, Customer Success, Merlin

We are hyper-focused on cybersecurity more than ever. We need to be. Our business, employees, partners, and customers depend on our ability to see and assess risk so that we can make smart, critical decisions. However, managing hybrid environments that have rapidly spawned from the traditional on-site landscapes to the cloud, combined with the growing number of security products being implemented into our hybrid environments, is not only making our job overwhelmingly complex, but also hindering our ability to see and manage risk.

New and shiny tools continue to be introduced into the market at breakneck speeds. We test and validate, purchase and implement, but that simply isn’t enough. Smart enterprises are shedding this complexity and regaining the visibility and control they need to reliably make smart risk-based decisions.

During this session you will learn how to:

  • Maintain good cyber hygiene in a complex IT environment
  • Manage the security silos and tools
  • Promote transparency and cyber hygiene with your key stakeholders

Daniel McGregor

Technical Director, Customer Success


4:40 pm - 5:20 pm Zero Trust Access: Zero-Trust Approach for the Healthcare Workforce
Ken Perkins - Lead Solutions Engineer, Duo Security
Mark Royall - Solutions Engineer, Enterprise, Duo Security

Healthcare records remain one of the "holy grail" personally identifiable information (PII) data types for cyber-criminals. With patient data being more valuable to attackers than ever, alongside stricter HIPAA and HITECH compliance requirements and an ever-growing device inventory to manage, IT teams modernization projects must account for these risks in their planning. To mitigate the risks being faced efficiently, healthcare organizations need to adopt a 'zero-trust' security approach and start viewing every threat surface, access point, identity and login attempt as the new security perimeter.

By deploying solutions that can verify users and establish device trust while protecting every application (both cloud and legacy), healthcare organizations can quickly and effectively reduce the threat surface and meet compliance requirements.


Ken Perkins

Lead Solutions Engineer
Duo Security


Mark Royall

Solutions Engineer, Enterprise
Duo Security

Unfortunately, CISO’s often struggle to gain adequate funding to support a truly offensive cybersecurity posture. Both the traditionally tight profit margins within the healthcare space and focus on investment in novel, bleeding-edge clinical technology often take precedent in the healthcare space, leaving CISO’s with a unique challenge when it comes to funding improvements in terms of cyber hygiene. 

 Offer your experience and insights concerning: 

  • evaluating which legacy systems are most vulnerable and apt for replacement
  • strategies to perform patching or other necessary system updates while minimizing financial and clinical impact
  • successful communication strategies that help non-experts better understand the intrinsic connection between healthy cyber hygiene and improved financial and clinical outcomes 

Tim Swope

Chief Information Security Officer
Catholic Health Services of Long Island


Toby Tsuchida

Information Security Officer
Partners HealthCare


Elliott Jones

Chief Information Security Officer
Keck Medicine, USC


John Dunn

Vice President Enterprise Cybersecurity
GE Healthcare


Nick Gerteisen

Senior Director, Global Product Security
Smith & Nephew

5:55 pm - 6:05 pm Live Q&A

Turn your cameras and microphones on and engage in an interactive discussion on the topic with your peers.

6:05 pm - 6:10 pm Chairperson

6:10 pm - 6:40 pm Peer to Peer Virtual Networking