The Future of Cybersecurity

CISO Think Tank

February 23, 2022 - New York, NY

c-vision logo blk

Speakers

Anthony Gonzalez (1)
Anthony Gonzalez

Principal, Strategic Advisor

innervision Services LLC

Think Tank Speaker

Visionary, results and solutions-driven professional with 20+ years of experience in progressively responsible Cyber Security and IT leadership roles in the financial services, insurance, pharmaceutical, biotechnology, consumer goods,and chemical manufacturing industries. Adept in building and leading global Cyber Security, IT technical and support functions. Creative, resourceful problem solver with a track record of success in delivering cost-effective and value-added services to his customers. Additional experience in industrial engineering and process improvement. Specialties: Areas of expertise include: Cyber Security, Network Security,Application Security, Infrastructure Management and Security Incident Management, Disaster Recovery, Forensic Investigations, Operations Management, Financial Management, Project/Portfolio Management, Policy/Procedure Development, Budget Preparation, Strategic Planning, Process Design/Implementation, Risk Mitigation, Enterprise Architecture, IT Governance, Manufacturing/Laboratory Automation, Organizational Design, Vendor Audits, System, Start-Up Operations, Sarbanes-Oxley (SOX), Talent Development/Mentoring, International Team Management, and Regulatory Compliance

Jordan Tannenbaum Saint Peter's Healthcare System
Jordan Tannenbaum MD

CIO/CMIO

Saint Peter's Healthcare System

Think Tank Speaker

Jordan Tannenbaum, MD, MBA, MPH, PgC Healthcare Informatics is Vice President/Chief Information Officer and Chief Medical Officer and a CHIME Certified Healthcare Chief Information Officer (CHCIO). Saint Peter’s Healthcare System, sponsored by the Roman Catholic Diocese of Metuchen, is the parent company of Saint Peter’s University Hospital, a 478-bed acute-care teaching hospital and acute care children’s hospital; Saint Peter’s Physician Associates, a network of primary and specialty care physicians; Saint Peter’s Foundation, the fundraising arm of the healthcare system; and Saint Peter’s Health & Management Services Corporation, which focuses on the wide group of the system’s non-hospital related healthcare services, including the CARES Surgicenter. Saint Peter’s University Hospital, received its sixth consecutive designation as a Magnet® hospital for nursing excellence by the American Nurses Credentialing Center in 2020, is a state-designated children’s hospital and a regional perinatal center, and is a regional specialist in diabetes, gastroenterology, head and neck surgery, oncology, orthopedics, and women’s services. The Children’s Hospital at Saint Peter’s University Hospital provides families with access to a full range of pediatric specialties, including a nationally recognized Level III Neonatal Intensive Care Unit, pediatric surgery and orthopedic surgery featuring innovative anterior scoliosis correction.

Todd Gordon EisnerAmper
Todd Gordon

CISO

EisnerAmper

Think Tank Speaker

EisnerAmper clients are based in the U.S., or comprised of U.S. business interests of foreign entities. To serve domestically-based clients with interests in financial services opportunities overseas, Eisner Amper offers the resources of offices in the UK, Israel, India and  EisnerAmper Global, with offices in the Cayman Islands, Singapore, and Ireland; as well as the services of Allinial Global. Todd, leads the information security team and is an experienced, detail-oriented, and innovative professional with proven performance in information security, enterprise-level systems administration, and project management.

Ariel Weintraub MassMutual
Ariel Weintraub

CISO

MassMutual

Think Tank Speaker

Ariel Weintraub is the Head of Enterprise Cyber Security at MassMutual. Ariel joined MassMutual in the fall of 2019 as the Head of Security Operations & Engineering, responsible for the Global Security Operations Center, Security Engineering, Security Intelligence and Identity & Access Management (IAM). Prior to joining MassMutual, Ariel served as Senior Director of Data & Access Security within Cybersecurity Operations at TIAA where she led a three-year business transformation program to position IAM as a digital business enabler. Before working at TIAA, Ariel was Global Head of Vulnerability Management at BNY Mellon and was part of the Threat & Vulnerability Management practice at PricewaterhouseCoopers (PwC). Ariel holds a Master of Science in Cybersecurity from New York University (NYU) Tandon School of Engineering and a Bachelor of Science in Business Administration from the University of Southern California (USC) Marshall School of Business. Ariel has a passion for empowering women, especially the next generation of female cybersecurity leaders, and for tackling the cybersecurity workforce shortage. To help address these important issues, she serves on the Board for the Executive Women’s Forum (EWF) and the ISACA One in Tech Foundation, which is focused on building a digital world that is safe, secure and accessible for all. Most recently, Ariel also joined the FS-ISAC Board of Directors on which she is furthering her other passion for maximizing the value of threat intelligence sharing across the financial services sector.

Cindy Cullen
Cindy Cullen

Global Director of Information Security

NDegrees

Think Tank Speaker

A cyber security professional well versed in Product/Application Security, Cloud Security, Enterprise Security Architecture (ESA), Risk Management, Identity & Access Management, Software Design, Data Security, Mobile Security, Project Management, Compliance and Large Scale Integration. A known international speaker and leader in the cyber security space with an extensive background in managing local cyber security associations and mentoring talent. Solid reputation for innovation, versatility excellent leadership and communications skills with a proven ability to analyze, prioritize, and implement complex and highly impactful programs.

Johnny Wong Veracode
Johnny Wong

Senior Director, Solutions Architecture

Veracode

Think Tank Speaker

Johnny Wong is the Sr. Director of Solutions Architecture Veracode. He oversees the East technical sales team for Strategic, Enterprise, and Channel regions. Johnny has been in security his entire career. The first part of his career, he was focused on identity and access management.  Johnny started his career as a software developer and after nearly five years of creating insecure code, he was offered an opportunity to not be a software developer and to join the world of pre-sales.

Johnny received a BS in computer Engineering from Tufts University. He and his family reside in Boston and he has no plans to ever leave because of the Boston Celtics! He loves to travel specifically to find and eat at the best restaurants across the world. At this point, the only animal he hasn’t eaten are the endangered or extinct ones.

Ivan Durbak Bronx Lebanon Hospital Center
Ivan Durbak

CIO

Bronx Lebanon Hospital Center

Think Tank Speaker

Ivan Durbak is CIO at Bronx-Lebanon Hospital Center. In this role he leads an IT organization that supports the Bronx-Lebanon Hospital Center community, including two major hospitals, two nursing homes, a large emergency room and a large clinic ambulatory environment that sees nearly one million patients a year

Adam Healy BlockFi
Adam Healy

CSO

BlockFi

Think Tank Speaker

Adam Healy has 20 years of technology and security experience having held senior roles at Intercontinental Exchange’s Bakkt subsidiary, Palantir Technologies, Microsoft, and the U.S. Intelligence Community. He’s been responsible for leading the implementation of numerous strategic cybersecurity, physical security, and technology initiatives within the U.S. government, as well as enabling enterprise data efforts at several Fortune 100 companies. Currently, Adam serves as BlockFi’s chief security officer overseeing a cross-functional team of over 100 employees and contractors responsible for an array of functions including cybersecurity, fraud, physical security, corporate information technology services, cloud engineering and SRE, and data science and machine learning. Skills: Cybersecurity | Information Security | Project Management | Leadership | Penetration Testing | Network Security | IT Operations | Vendor Management | Consulting | Enterprise Architecture | National Security | Bitcoin | Blockchain | ISO 27001 | NIST CSF | FIPS | Threat Modeling | Team Building | SDLC | Incident Response | Security Operations | ITIL | CISSP-ISSAP | PMP | PCI DSS | HIPAA | SOC 1 | SOC 2 | P&L | Insider Threat | Custody | Digital Assets | Multiple-Party Computation | MPC | Cryptocurrencies | Cryptographic Systems | FedRAMP | Physical Security | Insider Threat | CCSS | Digital Assets

Michael Gross Cleveland Clinic
Michael Gross

Manager, Cybersecurity Intelligence

Cleveland Clinic

Think Tank Speaker

With over 30 years of experience in the IT industry, including more than two decades specializing in cybersecurity, I am a seasoned professional known for visionary leadership and comprehensive expertise in safeguarding organizations from evolving cyber threats. Key Highlights: * Cybersecurity Visionary: Throughout my career, I have consistently developed and executed robust cybersecurity strategies that align seamlessly with organizational objectives. I excel at protecting critical assets, data, and systems while proactively identifying and mitigating risks. My specialties encompass advanced threat analysis, cyber risk management, incident response, security architecture design, and regulatory compliance. As a cybersecurity visionary, I have pioneered solutions that fortify organizations against emerging threats. * Agility and Problem-Solving: My career has been marked by my ability to tackle complex challenges with agility and innovation. I leverage my expertise in cybersecurity methodologies, industry best practices, and compliance standards to provide effective solutions. * Mentorship and Leadership: I take pride in guiding and mentoring cybersecurity teams to excel in vulnerability assessment, threat detection, incident response, and recovery. I am deeply committed to fostering a culture of continuous learning and professional growth. * Communication and Work Ethic: My strong work ethic, exceptional interpersonal skills, and adept relationship-building capabilities are complemented by my proficiency in multitasking and effective communication. I thrive on embracing challenging tasks and delivering results. I am passionate about the ever-evolving field of cybersecurity and committed to contributing my expertise to secure and protect businesses in the digital age. Let's connect and explore opportunities to collaborate or share insights in this dynamic industry.

Tim Swope Catholic Health System
Tim Swope

CISO

Catholic Health System

Think Tank Speaker

Mr. Swope brings over 20 years of experience in IT Project Management, BI Solutions Development, IT Security, IT Controls (CoBIT, SOX 404/MAR, etc) IT Risk Management, and HealthCare Compliance, to both the public and private sectors. His focus is on identifying gaps relating to key IT security processes and the implementation of IS Security and Risk Management programs to Health Care, Pharmaceutical and various commercial clients. Has a proven track record of delivering the following: • Interpreting and applying 21 CFR Part 11, GLP, GMP, GCP, and QSR regulations • MDM and Data Governance • Identity Access Management • HIPAA Risk Assessments and GAP analysis • Information Assurance Program Management - SCRUM, AGILE, SDLC, Six Sigma • Implemented large security, risk and compliance initiatives of SOX-404 IT, HIPAA/HITECH, including security policies, procedures and controls. • "Big Data", Data Management and Health Care Data Analytics • Federal Information Security Management Act (FISMA) Compliance Reviews • Implemented the security standards - 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule He has supported these Information Assurance and IS Security initiatives for organizations that include: Excellus BCBS, Medimmune/Astra Zeneca, ENDO Pharmaceuticals, Novo Nordisk, Daiichi-Sankyo Solutions, Catalent Pharma Solutions, Johnson and Johnson, District of Columbia Government office of the Chief Financial Officer, District of Columbia Water and Sewer Authority, City of Richmond, Virginia Department of Public Utilities, Virginia State Department of Health, and the Kentucky Department of Health Services, as well as the U.S. Department of Labor.

Ganesh Pai Uptycs
Ganesh Pai

Founder & CEO

Uptycs

Think Tank Speaker

Ganesh Pai is the Founder & CEO of Uptycs. Ganesh is a Boston-based entrepreneur and technologist who has been awarded multiple U.S. patents. Ganesh is a Featured Speaker at the CXO Think Tank in Boston, MA and will be discussing “Security Controls: Measuring Efficacy for Business Growth” in partnership with

Martin Howard
Martin Howard

EVP/IT & IS

Fortium Partners

Think Tank Speaker

Martin is an insightful IT executive, Martin collaborates with his team to assess their technology capabilities and establish a strategic plan and projects to strengthen IT impact. Martin has a history of implementing complex enterprise systems – enterprise risk planning, electronic medical records, and customer relationship management – on time and under budget. He demonstrates a calm, cool and collected leadership style when considering security matters and handling compliance and data breach concerns. Whether working with a start-up or at a company with international operations, Martin embraces innovation and promotes utilizing IT to drive business transformation.

Amit Basu International Seaways
Amit Basu

VP, CIO & CISO

International Seaways

Think Tank Speaker

Amit Basu is the head of IT and IT Security at International Seaways (INSW). INSW, headquartered in New York City, is one of the largest tanker companies providing energy transportation services worldwide. Amit is a proven IT leader with over 25 years of experience in maritime IT and has pioneered several technology innovations in maritime. Over the last decade, Amit has led a digital transformation in INSW with a Cloud-Only IT strategy and is instrumental in designing a multi-layered cybersecurity framework promoting a cyber resilience culture. Amit holds an MBA as well as a Master of Science degree in Information Management from the Stevens Institute of Technology, New Jersey. He is also a Certified Information Security Manager from ISACA, certified in Cybersecurity Risk Management by HarvardX, Cybersecurity Oversight by Carnegie Mellon University, Maritime Cybersecurity by Lloyds Maritime, and Artificial Intelligence by MIT Sloan School of Management. Amit is an advisory board member for the Cybersecurity program at Pace University and Ithaca College, on the advisory board of Exium, and a member of the Governing Body of New York CIO Executive Summit.

Lena Smart MongoDB
Lena Smart

CISO

MongoDB

Think Tank Speaker

MongoDB is one of the most popular NoSQL databases in the world. It is an open-source platform that provides the querying and indexing capabilities of a NoSQL database. Lena joined MongoDB with more than 20 years of cyber security experience. Before joining MongoDB, she was the Global Chief Information Security Officer for the international fintech company, Tradeweb, where she was responsible for all aspects of cybersecurity. She also served as CIO and Chief Security Officer for the New York Power Authority, the largest state power organization in the country, where she was responsible for physical and cyber security. She also has previously served as a Sector Chief with FBI InfraGard. Lena is a founding partner of Cybersecurity at MIT Sloan, formerly the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, which allows security leaders in academia and the private sector to collaborate on tackling the most challenging security issues.

David Cass Law and Forensics
David Cass

CISO

Law and Forensics

Think Tank Speaker

David Cass is a senior partner at Law & Forensics LLC where he leads the Cryptocurrency and Digital Banking Practice and is a member of the Cyber Security and Forensics Practice. He has extensive experience in financial services regulation, cryptocurrency, digital assets, blockchain, cloud, and digital banking. He most recently served as a lead regulator for the Federal Reserve Bank of New York where he was a member of the Large Institution Supervision Committee (LISCC). Prior to this appointment, David was the CISO & Global Partner of IBM’s Cloud Security Service Unit where he was responsible for its security practices, processes, and policies. He has been an active contributor of the FS-ISAC and the European Banking Federation on Cloud Compliance and Security for financial services firms and has worked closely with US and international regulators. He was part of the team that introduced the first financial services blockchain initiative utilizing public cloud supported by 10 major international banks. Previously, he served as SVP & CISO for Elsevier where he led an organization of experienced legal, risk, and security professionals who provided data protection, privacy, security, and risk management guidance on a global basis. He also served as Elsevier’s HIPAA officer. David has an MSE from the University of Pennsylvania, and an MBA from MIT. He is a frequent speaker at high-profile conferences and served on a public corporation’s Board of Directors. He also is an editorial board member for The Journal of Law & Cyber Warfare and serves as a board member for the UCLA Extension Silicon Beach Innovation Lab. He is a faculty member for the non-profit Global Cyber Institute, and an adjunct faculty member for Harvard and at the Rutgers Law School. He is a member of the New York City Cyber Critical Services & Infrastructure team organized by the NYPD and the office of the NY District Attorney. In his free time, David is a volunteer firefighter & Swiftwater Rescue Technician.

Johnny Wong (1) Veracode
Johnny Wong

Senior Director, Solutions Architecture

Veracode

Think Tank Speaker

Johnny Wong is the Sr. Director of Solutions Architecture Veracode. He oversees the East technical sales team for Strategic, Enterprise, and Channel regions. Johnny has been in security his entire career. The first part of his career, he was focused on identity and access management. Johnny started his career as a software developer and after nearly five years of creating insecure code, he was offered an opportunity to not be a software developer and to join the world of pre-sales. Johnny received a BS in computer Engineering from Tufts University. He and his family reside in Boston and he has no plans to ever leave because of the Boston Celtics! He loves to travel specifically to find and eat at the best restaurants across the world. At this point, the only animal he hasn’t eaten are the endangered or extinct ones.

Anthony Gonzalez QBE North America
Anthony Gonzalez

CISO NA

QBE North America

Think Tank Speaker

Visionary, results and solutions-driven professional with 20+ years of experience in progressively responsible Cyber Security and IT leadership roles in the financial services, insurance, pharmaceutical, biotechnology, consumer goods,and chemical manufacturing industries. Adept in building and leading global Cyber Security, IT technical and support functions. Creative, resourceful problem solver with a track record of success in delivering cost-effective and value-added services to his customers. Additional experience in industrial engineering and process improvement. Specialties: Areas of expertise include: Cyber Security, Network Security,Application Security, Infrastructure Management and Security Incident Management, Disaster Recovery, Forensic Investigations, Operations Management, Financial Management, Project/Portfolio Management, Policy/Procedure Development, Budget Preparation, Strategic Planning, Process Design/Implementation, Risk Mitigation, Enterprise Architecture, IT Governance, Manufacturing/Laboratory Automation, Organizational Design, Vendor Audits, System, Start-Up Operations, Sarbanes-Oxley (SOX), Talent Development/Mentoring, International Team Management, and Regulatory Compliance

David Cass (1) GSR
David Cass

CISO

GSR

Think Tank Speaker

David Cass is a senior partner at Law & Forensics LLC where he leads the Cryptocurrency and Digital Banking Practice and is a member of the Cyber Security and Forensics Practice. He has extensive experience in financial services regulation, cryptocurrency, digital assets, blockchain, cloud, and digital banking. He most recently served as a lead regulator for the Federal Reserve Bank of New York where he was a member of the Large Institution Supervision Committee (LISCC). Prior to this appointment, David was the CISO & Global Partner of IBM’s Cloud Security Service Unit where he was responsible for its security practices, processes, and policies. He has been an active contributor of the FS-ISAC and the European Banking Federation on Cloud Compliance and Security for financial services firms and has worked closely with US and international regulators. He was part of the team that introduced the first financial services blockchain initiative utilizing public cloud supported by 10 major international banks. Previously, he served as SVP & CISO for Elsevier where he led an organization of experienced legal, risk, and security professionals who provided data protection, privacy, security, and risk management guidance on a global basis. He also served as Elsevier’s HIPAA officer. David has an MSE from the University of Pennsylvania, and an MBA from MIT. He is a frequent speaker at high-profile conferences and served on a public corporation’s Board of Directors. He also is an editorial board member for The Journal of Law & Cyber Warfare and serves as a board member for the UCLA Extension Silicon Beach Innovation Lab. He is a faculty member for the non-profit Global Cyber Institute, and an adjunct faculty member for Harvard and at the Rutgers Law School. He is a member of the New York City Cyber Critical Services & Infrastructure team organized by the NYPD and the office of the NY District Attorney. In his free time, David is a volunteer firefighter & Swiftwater Rescue Technician.

Martin Howard (1) Avesis
Martin Howard

EVP/CIO

Avesis

Think Tank Speaker

Martin is the EVP & CIO of Avesis. In 1978, Avēsis began as a regional ancillary benefits administrator. Today, Avesis is a national enterprise with 14 regional offices. Today, Avesis is a benefits provider for more than one million commercial members and more than eight million government members across the country. An insightful IT executive, Martin collaborates with his team to assess their technology capabilities and establish a strategic plan and projects to strengthen IT impact. Martin has a history of implementing complex enterprise systems – enterprise risk planning, electronic medical records, and customer relationship management – on time and under budget. He demonstrates a calm, cool and collected leadership style when considering security matters and handling compliance and data breach concerns. Whether working with a start-up or at a company with international operations, Martin embraces innovation and promotes utilizing IT to drive business transformation.

February 23, 2022

Agenda

All times Eastern Time

12:00 PM-12:30 PM

Welcome & Registration


12:30 PM-1:25 PM
Keynote Panel

Keynote Panel: Security Controls: Measuring Efficacy for the Business Growth

The industry is spending record amounts on cybersecurity tooling, but somehow CISOs still are at times left scrambling to respond to the vulnerabilities like Log4j. Assuming that these types of critical and far-reaching events are inevitable, how can CISOs further improve their organization’s preparedness for future cyberattacks?

This panel will discuss potential strategies for determining the critical security controls - both technology and behavioral - that can minimize cyber-risks and give the organization the competitive advantage to grow and innovate. We will explore frameworks for measuring the efficacy of cybersecurity investments, and KPIs that show the board the investment is safeguarding the company's digital infrastructure for the long term.


1:30 PM-2:15 PM

Fireside Chat: Technology Supply Chain

Many large enterprises in today’s fiercely competitive climate look toward optimizing its supply chain to increase business scale and agility. By harnessing a combination of technologies like artificial intelligence, machine learning, and predictive analytics, companies can automate and create new customer experiences that increase satisfaction and boost sales. Gaps remain in supply chain cyber security even as digitalization accelerates. By doing so, companies are left vulnerable to the growing risk of a cyber-attack. There are no shortage of stories illustrating the dangers of lax cyber security, with the biggest attacks able to utterly paralyze an operation and cause millions in losses. Despite this obvious danger, efforts to improve cyber security are progressing slowly. Future risks to the supply chain will involve software, cloud-based infrastructures, and hyper-converged products, rather than simply hardware. Even after many years of experience, capable CISOs find they may not be equipped to overcome the cybersecurity concerns that arise from building control contractors.


2:15 PM-2:30 PM

Networking Break


2:30 PM-3:25 PM

Keynote Panel: Being Effective…. Securely

In the post pandemic era, remote employment is the new status quo. Employers are forced to implement and improve the digital workplace by providing productivity tools and accessibility to company resources. In this session, we will share case studies of successful digital workplace implementations, including how to deal with the inherent security risks of expanded accessibility to company resources. In this session you will learn from real working examples the keys to implementing a successful digital workplace including how to evaluate the potential ROI from the different security strategies available.

In partnership with:
Entrust

3:25 PM-3:40 PM

Networking Break


3:40 PM-4:05 PM

Disruptor: Guarding the Doors: Navigating Risk From Third-Party Code

Open source libraries are widely leveraged by developers. In fact, 97 percent of the typical Java application is made up of open source libraries. But nearly 80 percent of developers never update third-party libraries after including them in codebase.

What does this mean for your applications? There is a good chance that your third-party libraries have undetected vulnerabilities. Scary, right?

The good news is that when alerted to vulnerabilities in open source libraries, developers tend to act quickly. This is especially true when developers understand how the vulnerability could impact their application.

Join us as we review our annual study on open source libraries, State of Software Security (SOSS) v12: Open Source Edition. We will explore the most popular open source libraries, how libraries are evaluated and selected, and how to eliminate risk by fixing vulnerabilities.

In partnership with:
Veracode

4:10 PM-5:05 PM

Panel: Human Security Engineering

90%+ of all losses result from attacks targeting users, honest users. A common solution to user error is awareness, but we need to fix the system that facilitated the creation of the error, the action, and the results, which means not just stopping errors but also accidents and malice. In this session we will share a model of Human Security Engineering identifying the optimal suite of countermeasures, and work through user targeting attacks to experience implementing the model. This talk will also look at a comprehensive strategy to address the insider threat, whether it results from malicious or well-meaning insiders, while detailing HSE and providing the resources required for attendees to follow up and consider how they can implement HSE to better mitigate their own insider threats.


5:05 PM-5:15 PM

Raffle & Closing Remarks


5:15 PM-6:30 PM

Cocktail Hour