May 19 - 21, 2019
Dallas, TX

Day Two: Monday, May 20, 2019

7:45 am - 8:25 am Networking Breakfast

8:25 am - 8:30 am Chairperson's Opening Remarks

Jesse Sun, Vice President, Sales at RiskLens

Jesse Sun

Vice President, Sales
RiskLens

8:30 am - 9:05 am How to Establish Credibility and Longevity as a CISO

CISO longevity on average is strangely short.  Given how long it takes to adopt change in an organization, this situation is unfortunate for both the CISO and her or his organization.  In this session, I will talk about methods to balance the competing demands of a CISO and gain credibility with the organization so you can stay long enough to make a profound difference.
Jim Goddard, Vice President and Chief Information Security Officer at Kaiser Permanente

Jim Goddard

Vice President and Chief Information Security Officer
Kaiser Permanente

9:05 am - 9:35 am Analyze, Inventory and Protect Medical Devices

Security executives realize that many of the devices were not created with security in mind but to monitor, diagnose and treat patients. The devices create easy entry point for hackers from which they can hop to servers filled with patient data. Healthcare data’s value is much greater than that of a stolen credit card because the accuracy of the data is higher and less changeable. Medical devices have long product life cycles, need continuous availability and may have outdated software, which was not created with the open Internet in mind. The business and clinical teams must work closely together to lessen risk and ensure patient safety.

•Establishing and enforcing policies and standards for medical device procurement
•Capturing a complete asset inventory
•Implementing layers of security- advanced micro segmentation
•Deploying behavior-based solutions 
•Balancing security, business and medical priorities

Russell Rice, Vice President Product Development at Ordr

Russell Rice

Vice President Product Development
Ordr

9:35 am - 9:50 am Networking Break



9:50 am - 10:20 am Business Meetings

10:20 am - 10:50 am Business Meetings

10:50 am - 11:20 am Business Meetings

11:20 am - 11:25 am Transition

BrainWeave

11:25 am - 12:10 pm Identifying, Monitoring and Mitigating Healthcare Security Risks in the Cloud
An astonishing 90% of the world’s data was created in the last two years. At the same time each day, hundreds of thousands of patients are treated by health care providers throughout the world. Tech giants have responded with highly scalable clouds that tout innovative tools that allow health care providers to take advantage of new ways to engage their patients and customers. However, the sensitive and regulated data managed by healthcare services requires heightened security and privacy controls and visibility. Beyond the benefits of scalability, agility, and redundancy, the cloud can be configured to be much more secure than traditional on premise data processing strategies. In this session, we will discuss the benefits of the cloud in healthcare innovation and ways to prevent, monitor, and address the risks to patient data, such as cyber attacks, malicious insiders, misconfigurations, human error, and social engineering, among others. 

Placeholder Session by ClearData
Chris Bowen, Chief Privacy & Security Officer at ClearDATA

Chris Bowen

Chief Privacy & Security Officer
ClearDATA

MasterClass

11:25 am - 12:10 pm Can Cybersecurity Be Easy?
Back in 2005, Marcus Ranum wrote in his “The Six Dumbest Ideas in Computer Security” article that, “sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness”. So why are we still focused on chasing “badness”? This approach might have been sufficient in the 1990s and arming ourselves with just an antivirus and a firewall gave us a sense of security, but this is definitely no longer the case.

Take-aways:
•Understand the definition of Negative Security and Positive Security models, with examples, advantages and disadvantages
•Describe the attack kill chain and intentions behind most attacks
•See demos of advanced attacks that bypass the majority of existing security controls
•Learn how to correctly implement defense-in-depth best practices

Nir Gaist, Chief Technology Officer and Founder at Nyotron

Nir Gaist

Chief Technology Officer and Founder
Nyotron

Security risks related to third-party services are an ongoing healthcare concern. Effective management of security risks is vital with more healthcare digital data including patient information and proprietary medical research and patents. The attacks grow in complexity and regulations change, which requires a layered-defense coupled with agility to respond to the ever-changing adversary.

In this session explore:
•Assessing and adjusting access  for third parties user and system accounts
•Deploying multi-factor authentication and endpoint protection 
•Segmenting internal networks to limit third party needs
•Monitoring and training third parties



Sonia Arista, National Healthcare Practice Director at Fortinet

Sonia Arista

National Healthcare Practice Director
Fortinet

Tony Lee, Chief Information Security Officer at Apotex

Tony Lee

Chief Information Security Officer
Apotex

Tim Swope, Chief Information Security Officer at Catholic Health Services of Long Island

Tim Swope

Chief Information Security Officer
Catholic Health Services of Long Island

1:00 pm - 2:00 pm Networking Lunch

Roundtable Discussions

Engage in a 45-minute targeted discussion enabling open exchange amongst industry peers.

2:00 pm - 2:50 pm Zero-Trust/Beyond Corp for Healthcare

Healthcare records remain one of the “holy grail” personally identifiable information (PII) data types for criminals.  With patient data being more valuable to attackers than ever, alongside stricter HIPAA and HITECH compliance requirements and an ever-growing device inventory to manage, IT teams modernization projects must account for these risks in their strategic planning. To mitigate the risks being faced efficiently, healthcare organizations need to adopt a 'zero-trust' security approach and start viewing every threat surface, access point, identity, and login attempt as the new security perimeter. By deploying solutions that can verify users and establish device trust while protecting every application (both cloud and legacy), healthcare organizations can quickly and effectively reduce their threat surface and meet compliance requirements.
Ken Perkins, Lead Healthcare Enterprise Solutions Engineer at Duo Security

Ken Perkins

Lead Healthcare Enterprise Solutions Engineer
Duo Security

2:00 pm - 2:50 pm Increasing Your Cybersecurity Posture: Value of Partnering with a Healthcare Exclusive MSSP

Many healthcare organizations today are hiring managed security service providers (MSSP) to manage specific security initiatives, or in some cases, outsourcing their entire security program. This approach is especially beneficial to those that have limited IT resources, lack internal security expertise, struggle to hire security talent, or simply need to implement a security program faster than they could in-house. But hiring an MSSP without the specific healthcare experience can pose just as much risk as cyber threats and attacks.  Dan Dodson, President of Fortified Health Security will discuss best practices for IT leaders to use when evaluating MSSPs and the importance of choosing the right partner.  Topics include 
 
  • Understanding the nuances of securing a healthcare environment
  • Key skills, certifications, and experience necessary for an effective healthcare MSSP
  • Real-life examples of disruption that can be caused by an inexperienced cybersecurity team
Dan Dodson, President at Fortified Health Security

Dan Dodson

President
Fortified Health Security

2:50 pm - 2:55 pm Transition

MasterClass

2:55 pm - 3:40 pm Vulnerability Assessment, Penetration Testing, Training and Compliance and Their Importance in the Healthcare Space
This will highlight the importance of training and compliance requirements to reduce risk while identifying targeted activities such as Vulnerability Assessments and Penetration Testing. These activities with the appropriate overarching strategy to be conducted regularly can reduce risk to organizations in the Healthcare space as opposed to doing each activity alone with no consideration to the others

•What is a Vulnerability Assessment and why are they important?
•What is a Penetration Testing and why is it important?
•Why audit & compliance alone can't solve all of your problems 
Thomas Hernandez, Managing Director, Global Cybersecurity & Risk Advisory Leader at GIBC Digital

Thomas Hernandez

Managing Director, Global Cybersecurity & Risk Advisory Leader
GIBC Digital

BrainWeave

2:55 pm - 3:40 pm Do You Know Your Cyber Health Score?
Are you sure your cyber tools are optimally configured and do you have a constant pulse on framework control coverage? Do you believe that 80% of your cyber risk can be solved by getting cyber hygiene correct, rather than chasing the latest advanced technology? This session will feature a roundtable discussion on cyber hygiene including:

•        Auditing against compliance frameworks
•        Optimizing tool configuration
•        Locating gaps and overlap in coverage
•        Prioritizing risk and determining your own threat tolerance levels
•        Other cyber hygiene ideas
Anjali Khatri, Senior Program Manager at Merlin International, Inc.

Anjali Khatri

Senior Program Manager
Merlin International, Inc.

3:40 pm - 3:55 pm Networking Break



3:55 pm - 4:25 pm Business Meetings

4:25 pm - 4:55 pm Business Meetings

4:55 pm - 5:25 pm Business Meetings

5:25 pm - 5:30 pm Transition

5:30 pm - 6:15 pm Privacy and Security of Medical Data: When Everyone Wants to Bring Their Own Device

The Health Insurance Portability and Accountability Act – provides data privacy and security provisions for protecting patients’ private medical information from different threats. Cybersecurity and privacy experts play a vital role in helping care provider industries to maintain network and data integrity.  Join this discussion as a privacy and security officer share how they work together as devices and regulations continue to increase.
Tim Swope, Chief Information Security Officer at Catholic Health Services of Long Island

Tim Swope

Chief Information Security Officer
Catholic Health Services of Long Island

Lesli Giglio, Chief Privacy Officer at Catholic Health Services of Long Island

Lesli Giglio

Chief Privacy Officer
Catholic Health Services of Long Island

6:15 pm - 6:20 pm Closing Remarks

Jesse Sun, Vice President, Sales at RiskLens

Jesse Sun

Vice President, Sales
RiskLens

6:20 pm - 6:50 pm Networking Reception