The Future of Cybersecurity

CISO Think Tank

February 23, 2022 - New York, NY

c-vision logo blk

Speakers

Jordan Tannenbaum MD
CIO/CMIO
Saint Peter's Healthcare System

Think Tank Speaker

Jordan Tannenbaum, MD, MBA, MPH, PgC Healthcare Informatics is Vice President/Chief Information Officer and Chief Medical Officer and a CHIME Certified Healthcare Chief Information Officer (CHCIO). Saint Peter’s Healthcare System, sponsored by the Roman Catholic Diocese of Metuchen, is the parent company of Saint Peter’s University Hospital, a 478-bed acute-care teaching hospital and acute care children’s hospital; Saint Peter’s Physician Associates, a network of primary and specialty care physicians; Saint Peter’s Foundation, the fundraising arm of the healthcare system; and Saint Peter’s Health & Management Services Corporation, which focuses on the wide group of the system’s non-hospital related healthcare services, including the CARES Surgicenter. Saint Peter’s University Hospital, received its sixth consecutive designation as a Magnet® hospital for nursing excellence by the American Nurses Credentialing Center in 2020, is a state-designated children’s hospital and a regional perinatal center, and is a regional specialist in diabetes, gastroenterology, head and neck surgery, oncology, orthopedics, and women’s services. The Children’s Hospital at Saint Peter’s University Hospital provides families with access to a full range of pediatric specialties, including a nationally recognized Level III Neonatal Intensive Care Unit, pediatric surgery and orthopedic surgery featuring innovative anterior scoliosis correction.
Todd Gordon
CISO
EisnerAmper

Think Tank Speaker

EisnerAmper clients are based in the U.S., or comprised of U.S. business interests of foreign entities. To serve domestically-based clients with interests in financial services opportunities overseas, Eisner Amper offers the resources of offices in the UK, Israel, India and  EisnerAmper Global, with offices in the Cayman Islands, Singapore, and Ireland; as well as the services of Allinial Global. Todd, leads the information security team and is an experienced, detail-oriented, and innovative professional with proven performance in information security, enterprise-level systems administration, and project management.
Ariel Weintraub
CISO
MassMutual

Think Tank Speaker

Ariel Weintraub is the Head of Enterprise Cyber Security at MassMutual. Ariel joined MassMutual in the fall of 2019 as the Head of Security Operations & Engineering, responsible for the Global Security Operations Center, Security Engineering, Security Intelligence and Identity & Access Management (IAM). Prior to joining MassMutual, Ariel served as Senior Director of Data & Access Security within Cybersecurity Operations at TIAA where she led a three-year business transformation program to position IAM as a digital business enabler. Before working at TIAA, Ariel was Global Head of Vulnerability Management at BNY Mellon and was part of the Threat & Vulnerability Management practice at PricewaterhouseCoopers (PwC). Ariel holds a Master of Science in Cybersecurity from New York University (NYU) Tandon School of Engineering and a Bachelor of Science in Business Administration from the University of Southern California (USC) Marshall School of Business. Ariel has a passion for empowering women, especially the next generation of female cybersecurity leaders, and for tackling the cybersecurity workforce shortage. To help address these important issues, she serves on the Board for the Executive Women’s Forum (EWF) and the ISACA One in Tech Foundation, which is focused on building a digital world that is safe, secure and accessible for all. Most recently, Ariel also joined the FS-ISAC Board of Directors on which she is furthering her other passion for maximizing the value of threat intelligence sharing across the financial services sector.
Cindy Cullen
Global Director of Information Security
NDegrees

Think Tank Speaker

A cyber security professional well versed in Product/Application Security, Cloud Security, Enterprise Security Architecture (ESA), Risk Management, Identity & Access Management, Software Design, Data Security, Mobile Security, Project Management, Compliance and Large Scale Integration. A known international speaker and leader in the cyber security space with an extensive background in managing local cyber security associations and mentoring talent. Solid reputation for innovation, versatility excellent leadership and communications skills with a proven ability to analyze, prioritize, and implement complex and highly impactful programs.
Johnny Wong
Senior Director, Solutions Architecture
Veracode

Think Tank Speaker

Johnny Wong is the Sr. Director of Solutions Architecture Veracode. He oversees the East technical sales team for Strategic, Enterprise, and Channel regions. Johnny has been in security his entire career. The first part of his career, he was focused on identity and access management.  Johnny started his career as a software developer and after nearly five years of creating insecure code, he was offered an opportunity to not be a software developer and to join the world of pre-sales.

Johnny received a BS in computer Engineering from Tufts University. He and his family reside in Boston and he has no plans to ever leave because of the Boston Celtics! He loves to travel specifically to find and eat at the best restaurants across the world. At this point, the only animal he hasn’t eaten are the endangered or extinct ones.

Ivan Durbak
CIO
Bronx Lebanon Hospital Center

Think Tank Speaker

Ivan Durbak is CIO at Bronx-Lebanon Hospital Center. In this role he leads an IT organization that supports the Bronx-Lebanon Hospital Center community, including two major hospitals, two nursing homes, a large emergency room and a large clinic ambulatory environment that sees nearly one million patients a year
Adam Healy
CSO
BlockFi

Think Tank Speaker

Adam Healy has 20 years of technology and security experience having held senior roles at Intercontinental Exchange’s Bakkt subsidiary, Palantir Technologies, Microsoft, and the U.S. Intelligence Community. He’s been responsible for leading the implementation of numerous strategic cybersecurity, physical security, and technology initiatives within the U.S. government, as well as enabling enterprise data efforts at several Fortune 100 companies. Currently, Adam serves as BlockFi’s chief security officer overseeing a cross-functional team of over 100 employees and contractors responsible for an array of functions including cybersecurity, fraud, physical security, corporate information technology services, cloud engineering and SRE, and data science and machine learning. Skills: Cybersecurity | Information Security | Project Management | Leadership | Penetration Testing | Network Security | IT Operations | Vendor Management | Consulting | Enterprise Architecture | National Security | Bitcoin | Blockchain | ISO 27001 | NIST CSF | FIPS | Threat Modeling | Team Building | SDLC | Incident Response | Security Operations | ITIL | CISSP-ISSAP | PMP | PCI DSS | HIPAA | SOC 1 | SOC 2 | P&L | Insider Threat | Custody | Digital Assets | Multiple-Party Computation | MPC | Cryptocurrencies | Cryptographic Systems | FedRAMP | Physical Security | Insider Threat | CCSS | Digital Assets
Michael Gross
Manager, Cybersecurity Intelligence
Cleveland Clinic

Think Tank Speaker

Information Technology: Successful professional with extensive experience in networking technologies, server platforms, operating systems, programming languages and mainframe applications. Problem Management: More than four years of advanced network, mainframe and server troubleshooting and support. Proven success in situation and change management for high impacting issues. Good understanding of general problem management methodologies, Six Sigma, ITIL and Process Ownership. Team Management: Managed several individuals (both internal employees and contractors) with responsibility for oversight of successful Disaster Recovery/Business Continuity tests. Ability to motivate as well as delegate in order to execute on stated goals. Professional Skills: Excellent work ethic, interpersonal skills & relationship building, multi-tasking, and communication management. Demonstrated eagerness to learn and take on challenging tasks. Specialties: Advanced Network Troubleshooting, End to End System Troubleshooting, Disaster Recovery Planning and Design, Business Continutiy Planning, Solution Development
Tim Swope
CISO
Catholic Health System

Think Tank Speaker

Mr. Swope brings over 20 years of experience in IT Project Management, BI Solutions Development, IT Security, IT Controls (CoBIT, SOX 404/MAR, etc) IT Risk Management, and HealthCare Compliance, to both the public and private sectors. His focus is on identifying gaps relating to key IT security processes and the implementation of IS Security and Risk Management programs to Health Care, Pharmaceutical and various commercial clients. Has a proven track record of delivering the following: • Interpreting and applying 21 CFR Part 11, GLP, GMP, GCP, and QSR regulations • MDM and Data Governance • Identity Access Management • HIPAA Risk Assessments and GAP analysis • Information Assurance Program Management - SCRUM, AGILE, SDLC, Six Sigma • Implemented large security, risk and compliance initiatives of SOX-404 IT, HIPAA/HITECH, including security policies, procedures and controls. • "Big Data", Data Management and Health Care Data Analytics • Federal Information Security Management Act (FISMA) Compliance Reviews • Implemented the security standards - 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule He has supported these Information Assurance and IS Security initiatives for organizations that include: Excellus BCBS, Medimmune/Astra Zeneca, ENDO Pharmaceuticals, Novo Nordisk, Daiichi-Sankyo Solutions, Catalent Pharma Solutions, Johnson and Johnson, District of Columbia Government office of the Chief Financial Officer, District of Columbia Water and Sewer Authority, City of Richmond, Virginia Department of Public Utilities, Virginia State Department of Health, and the Kentucky Department of Health Services, as well as the U.S. Department of Labor.
Ganesh Pai
Founder & CEO
Uptycs

Think Tank Speaker

Ganesh Pai is Founder & CEO of Uptycs. He was previously Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue, a leading provider of content delivery solutions to service providers (acquired by Akamai). Prior to Verivue, he was Principal Architect for NetDevices (acquired by Alcatel-Lucent). Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. He is a Boston-based entrepreneur and technologist and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.
Martin Howard
CIO
Avesis

Think Tank Speaker

Avēsis is part of the Guardian Life Insurance Company of America, a Fortune 250 global financial services and insurance company. As a Guardian company, Avēsis offers vision and dental care providers, and cost-effective benefit programs. Martin is a technology leader with a gift for utilizing IT to drive business transformation and profitable growth. Whether in a start-up or public company environment, he provides strong operational leadership to deliver secure, high-performing, scalable and cost-effective information platforms. He excels in the design and delivery of analytic platforms that drive operational improvement and strategic growth. Martin has consistently delivered on-time, on-budget IT solutions that spur organization-wide transformation while reducing cost. In diverse organizations he has recruited and led high-performing lean IT teams. He prioritizes strategic planning with attention to data science, analytics, emerging technologies, business process and cost optimization.
Lena Smart
CISO
MongoDB

Think Tank Speaker

MongoDB is one of the most popular NoSQL databases in the world. It is an open-source platform that provides the querying and indexing capabilities of a NoSQL database. Lena joined MongoDB with more than 20 years of cyber security experience. Before joining MongoDB, she was the Global Chief Information Security Officer for the international fintech company, Tradeweb, where she was responsible for all aspects of cybersecurity. She also served as CIO and Chief Security Officer for the New York Power Authority, the largest state power organization in the country, where she was responsible for physical and cyber security. She also has previously served as a Sector Chief with FBI InfraGard. Lena is a founding partner of Cybersecurity at MIT Sloan, formerly the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, which allows security leaders in academia and the private sector to collaborate on tackling the most challenging security issues.
David Cass
CISO
Law and Forensics

Think Tank Speaker

David Cass is a senior partner at Law & Forensics LLC where he leads the Cryptocurrency and Digital Banking Practice and is a member of the Cyber Security and Forensics Practice. He has extensive experience in financial services regulation, cryptocurrency, digital assets, blockchain, cloud, and digital banking. He most recently served as a lead regulator for the Federal Reserve Bank of New York where he was a member of the Large Institution Supervision Committee (LISCC). Prior to this appointment, David was the CISO & Global Partner of IBM’s Cloud Security Service Unit where he was responsible for its security practices, processes, and policies. He has been an active contributor of the FS-ISAC and the European Banking Federation on Cloud Compliance and Security for financial services firms and has worked closely with US and international regulators. He was part of the team that introduced the first financial services blockchain initiative utilizing public cloud supported by 10 major international banks. Previously, he served as SVP & CISO for Elsevier where he led an organization of experienced legal, risk, and security professionals who provided data protection, privacy, security, and risk management guidance on a global basis. He also served as Elsevier’s HIPAA officer. David has an MSE from the University of Pennsylvania, and an MBA from MIT. He is a frequent speaker at high-profile conferences and served on a public corporation’s Board of Directors. He also is an editorial board member for The Journal of Law & Cyber Warfare and serves as a board member for the UCLA Extension Silicon Beach Innovation Lab. He is a faculty member for the non-profit Global Cyber Institute, and an adjunct faculty member for Harvard and at the Rutgers Law School. He is a member of the New York City Cyber Critical Services & Infrastructure team organized by the NYPD and the office of the NY District Attorney. In his free time, David is a volunteer firefighter & Swiftwater Rescue Technician.
Johnny Wong
Senior Director, Solutions Architecture
Veracode

Think Tank Speaker

Johnny Wong is the Sr. Director of Solutions Architecture Veracode. He oversees the East technical sales team for Strategic, Enterprise, and Channel regions. Johnny has been in security his entire career. The first part of his career, he was focused on identity and access management. Johnny started his career as a software developer and after nearly five years of creating insecure code, he was offered an opportunity to not be a software developer and to join the world of pre-sales. Johnny received a BS in computer Engineering from Tufts University. He and his family reside in Boston and he has no plans to ever leave because of the Boston Celtics! He loves to travel specifically to find and eat at the best restaurants across the world. At this point, the only animal he hasn’t eaten are the endangered or extinct ones.
Anthony Gonzalez
VP & CISO
QBE North America

Think Tank Speaker

Visionary, results and solutions-driven professional with 20+ years of experience in progressively responsible Cyber Security and IT leadership roles in the financial services, insurance, pharmaceutical, biotechnology, consumer goods,and chemical manufacturing industries. Adept in building and leading global Cyber Security, IT technical and support functions. Creative, resourceful problem solver with a track record of success in delivering cost-effective and value-added services to his customers. Additional experience in industrial engineering and process improvement. Specialties: Areas of expertise include: Cyber Security, Network Security,Application Security, Infrastructure Management and Security Incident Management, Disaster Recovery, Forensic Investigations, Operations Management, Financial Management, Project/Portfolio Management, Policy/Procedure Development, Budget Preparation, Strategic Planning, Process Design/Implementation, Risk Mitigation, Enterprise Architecture, IT Governance, Manufacturing/Laboratory Automation, Organizational Design, Vendor Audits, System, Start-Up Operations, Sarbanes-Oxley (SOX), Talent Development/Mentoring, International Team Management, and Regulatory Compliance
February 23, 2022

Attend this event

Not available on February 23, 2022?
View other dates for the Think Tank

Agenda

All times Eastern Time
12:00 PM-12:30 PM
Welcome & Registration

12:30 PM-1:25 PM
Keynote Panel
Keynote Panel: Security Controls: Measuring Efficacy for the Business Growth

The industry is spending record amounts on cybersecurity tooling, but somehow CISOs still are at times left scrambling to respond to the vulnerabilities like Log4j. Assuming that these types of critical and far-reaching events are inevitable, how can CISOs further improve their organization’s preparedness for future cyberattacks?

This panel will discuss potential strategies for determining the critical security controls - both technology and behavioral - that can minimize cyber-risks and give the organization the competitive advantage to grow and innovate. We will explore frameworks for measuring the efficacy of cybersecurity investments, and KPIs that show the board the investment is safeguarding the company's digital infrastructure for the long term.

Chris Williamson
SVP Information Systems and Security
Myriad Genetics
Ganesh Pai
Founder & CEO
Uptycs
Ganesh Pai is Founder & CEO of Uptycs. He was previously Chief Architect, Carrier Products & Strategy for Akamai Technologies, a leading provider of content delivery network services. Prior to Akamai, Ganesh was Founder & VP Systems Architecture of Verivue, a leading provider of content delivery solutions to service providers (acquired by Akamai). Prior to Verivue, he was Principal Architect for NetDevices (acquired by Alcatel-Lucent). Prior to NetDevices, Ganesh served as Engineering Manager and Software Architect for Sonus Networks. He is a Boston-based entrepreneur and technologist and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.
John Whiting
Global CSO
DDB Worldwide (An Omnicom Co.)
Anthony Gonzalez
VP & CISO
QBE North America
Visionary, results and solutions-driven professional with 20+ years of experience in progressively responsible Cyber Security and IT leadership roles in the financial services, insurance, pharmaceutical, biotechnology, consumer goods,and chemical manufacturing industries. Adept in building and leading global Cyber Security, IT technical and support functions. Creative, resourceful problem solver with a track record of success in delivering cost-effective and value-added services to his customers. Additional experience in industrial engineering and process improvement. Specialties: Areas of expertise include: Cyber Security, Network Security,Application Security, Infrastructure Management and Security Incident Management, Disaster Recovery, Forensic Investigations, Operations Management, Financial Management, Project/Portfolio Management, Policy/Procedure Development, Budget Preparation, Strategic Planning, Process Design/Implementation, Risk Mitigation, Enterprise Architecture, IT Governance, Manufacturing/Laboratory Automation, Organizational Design, Vendor Audits, System, Start-Up Operations, Sarbanes-Oxley (SOX), Talent Development/Mentoring, International Team Management, and Regulatory Compliance

1:30 PM-2:15 PM
Fireside Chat: Technology Supply Chain

Many large enterprises in today’s fiercely competitive climate look toward optimizing its supply chain to increase business scale and agility. By harnessing a combination of technologies like artificial intelligence, machine learning, and predictive analytics, companies can automate and create new customer experiences that increase satisfaction and boost sales. Gaps remain in supply chain cyber security even as digitalization accelerates. By doing so, companies are left vulnerable to the growing risk of a cyber-attack. There are no shortage of stories illustrating the dangers of lax cyber security, with the biggest attacks able to utterly paralyze an operation and cause millions in losses. Despite this obvious danger, efforts to improve cyber security are progressing slowly. Future risks to the supply chain will involve software, cloud-based infrastructures, and hyper-converged products, rather than simply hardware. Even after many years of experience, capable CISOs find they may not be equipped to overcome the cybersecurity concerns that arise from building control contractors.

Panelists
Ariel Weintraub
CISO
MassMutual
Ariel Weintraub is the Head of Enterprise Cyber Security at MassMutual. Ariel joined MassMutual in the fall of 2019 as the Head of Security Operations & Engineering, responsible for the Global Security Operations Center, Security Engineering, Security Intelligence and Identity & Access Management (IAM). Prior to joining MassMutual, Ariel served as Senior Director of Data & Access Security within Cybersecurity Operations at TIAA where she led a three-year business transformation program to position IAM as a digital business enabler. Before working at TIAA, Ariel was Global Head of Vulnerability Management at BNY Mellon and was part of the Threat & Vulnerability Management practice at PricewaterhouseCoopers (PwC). Ariel holds a Master of Science in Cybersecurity from New York University (NYU) Tandon School of Engineering and a Bachelor of Science in Business Administration from the University of Southern California (USC) Marshall School of Business. Ariel has a passion for empowering women, especially the next generation of female cybersecurity leaders, and for tackling the cybersecurity workforce shortage. To help address these important issues, she serves on the Board for the Executive Women’s Forum (EWF) and the ISACA One in Tech Foundation, which is focused on building a digital world that is safe, secure and accessible for all. Most recently, Ariel also joined the FS-ISAC Board of Directors on which she is furthering her other passion for maximizing the value of threat intelligence sharing across the financial services sector.
Adam Healy
CSO
BlockFi
Adam Healy has 20 years of technology and security experience having held senior roles at Intercontinental Exchange’s Bakkt subsidiary, Palantir Technologies, Microsoft, and the U.S. Intelligence Community. He’s been responsible for leading the implementation of numerous strategic cybersecurity, physical security, and technology initiatives within the U.S. government, as well as enabling enterprise data efforts at several Fortune 100 companies. Currently, Adam serves as BlockFi’s chief security officer overseeing a cross-functional team of over 100 employees and contractors responsible for an array of functions including cybersecurity, fraud, physical security, corporate information technology services, cloud engineering and SRE, and data science and machine learning. Skills: Cybersecurity | Information Security | Project Management | Leadership | Penetration Testing | Network Security | IT Operations | Vendor Management | Consulting | Enterprise Architecture | National Security | Bitcoin | Blockchain | ISO 27001 | NIST CSF | FIPS | Threat Modeling | Team Building | SDLC | Incident Response | Security Operations | ITIL | CISSP-ISSAP | PMP | PCI DSS | HIPAA | SOC 1 | SOC 2 | P&L | Insider Threat | Custody | Digital Assets | Multiple-Party Computation | MPC | Cryptocurrencies | Cryptographic Systems | FedRAMP | Physical Security | Insider Threat | CCSS | Digital Assets

2:15 PM-2:30 PM
Networking Break

2:30 PM-3:25 PM
Keynote Panel: Being Effective…. Securely

In the post pandemic era, remote employment is the new status quo. Employers are forced to implement and improve the digital workplace by providing productivity tools and accessibility to company resources. In this session, we will share case studies of successful digital workplace implementations, including how to deal with the inherent security risks of expanded accessibility to company resources. In this session you will learn from real working examples the keys to implementing a successful digital workplace including how to evaluate the potential ROI from the different security strategies available.

Panelists
Ivan Durbak
CIO
Bronx Lebanon Hospital Center
Ivan Durbak is CIO at Bronx-Lebanon Hospital Center. In this role he leads an IT organization that supports the Bronx-Lebanon Hospital Center community, including two major hospitals, two nursing homes, a large emergency room and a large clinic ambulatory environment that sees nearly one million patients a year
Martin Howard
CIO
Avesis
Avēsis is part of the Guardian Life Insurance Company of America, a Fortune 250 global financial services and insurance company. As a Guardian company, Avēsis offers vision and dental care providers, and cost-effective benefit programs. Martin is a technology leader with a gift for utilizing IT to drive business transformation and profitable growth. Whether in a start-up or public company environment, he provides strong operational leadership to deliver secure, high-performing, scalable and cost-effective information platforms. He excels in the design and delivery of analytic platforms that drive operational improvement and strategic growth. Martin has consistently delivered on-time, on-budget IT solutions that spur organization-wide transformation while reducing cost. In diverse organizations he has recruited and led high-performing lean IT teams. He prioritizes strategic planning with attention to data science, analytics, emerging technologies, business process and cost optimization.
Cindy Cullen
Global Director of Information Security
NDegrees
A cyber security professional well versed in Product/Application Security, Cloud Security, Enterprise Security Architecture (ESA), Risk Management, Identity & Access Management, Software Design, Data Security, Mobile Security, Project Management, Compliance and Large Scale Integration. A known international speaker and leader in the cyber security space with an extensive background in managing local cyber security associations and mentoring talent. Solid reputation for innovation, versatility excellent leadership and communications skills with a proven ability to analyze, prioritize, and implement complex and highly impactful programs.
Lena Smart
CISO
MongoDB
MongoDB is one of the most popular NoSQL databases in the world. It is an open-source platform that provides the querying and indexing capabilities of a NoSQL database. Lena joined MongoDB with more than 20 years of cyber security experience. Before joining MongoDB, she was the Global Chief Information Security Officer for the international fintech company, Tradeweb, where she was responsible for all aspects of cybersecurity. She also served as CIO and Chief Security Officer for the New York Power Authority, the largest state power organization in the country, where she was responsible for physical and cyber security. She also has previously served as a Sector Chief with FBI InfraGard. Lena is a founding partner of Cybersecurity at MIT Sloan, formerly the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, which allows security leaders in academia and the private sector to collaborate on tackling the most challenging security issues.

In partnership with

3:25 PM-3:40 PM
Networking Break

3:40 PM-4:05 PM
Disruptor: Guarding the Doors: Navigating Risk From Third-Party Code

Open source libraries are widely leveraged by developers. In fact, 97 percent of the typical Java application is made up of open source libraries. But nearly 80 percent of developers never update third-party libraries after including them in codebase.

What does this mean for your applications? There is a good chance that your third-party libraries have undetected vulnerabilities. Scary, right?

The good news is that when alerted to vulnerabilities in open source libraries, developers tend to act quickly. This is especially true when developers understand how the vulnerability could impact their application.

Join us as we review our annual study on open source libraries, State of Software Security (SOSS) v12: Open Source Edition. We will explore the most popular open source libraries, how libraries are evaluated and selected, and how to eliminate risk by fixing vulnerabilities.


In partnership with

4:10 PM-5:05 PM
Panel: Human Security Engineering

90%+ of all losses result from attacks targeting users, honest users. A common solution to user error is awareness, but we need to fix the system that facilitated the creation of the error, the action, and the results, which means not just stopping errors but also accidents and malice. In this session we will share a model of Human Security Engineering identifying the optimal suite of countermeasures, and work through user targeting attacks to experience implementing the model. This talk will also look at a comprehensive strategy to address the insider threat, whether it results from malicious or well-meaning insiders, while detailing HSE and providing the resources required for attendees to follow up and consider how they can implement HSE to better mitigate their own insider threats.

Panelists
Todd Gordon
CISO
EisnerAmper
EisnerAmper clients are based in the U.S., or comprised of U.S. business interests of foreign entities. To serve domestically-based clients with interests in financial services opportunities overseas, Eisner Amper offers the resources of offices in the UK, Israel, India and  EisnerAmper Global, with offices in the Cayman Islands, Singapore, and Ireland; as well as the services of Allinial Global. Todd, leads the information security team and is an experienced, detail-oriented, and innovative professional with proven performance in information security, enterprise-level systems administration, and project management.
Jordan Tannenbaum MD
CIO/CMIO
Saint Peter's Healthcare System
Jordan Tannenbaum, MD, MBA, MPH, PgC Healthcare Informatics is Vice President/Chief Information Officer and Chief Medical Officer and a CHIME Certified Healthcare Chief Information Officer (CHCIO). Saint Peter’s Healthcare System, sponsored by the Roman Catholic Diocese of Metuchen, is the parent company of Saint Peter’s University Hospital, a 478-bed acute-care teaching hospital and acute care children’s hospital; Saint Peter’s Physician Associates, a network of primary and specialty care physicians; Saint Peter’s Foundation, the fundraising arm of the healthcare system; and Saint Peter’s Health & Management Services Corporation, which focuses on the wide group of the system’s non-hospital related healthcare services, including the CARES Surgicenter. Saint Peter’s University Hospital, received its sixth consecutive designation as a Magnet® hospital for nursing excellence by the American Nurses Credentialing Center in 2020, is a state-designated children’s hospital and a regional perinatal center, and is a regional specialist in diabetes, gastroenterology, head and neck surgery, oncology, orthopedics, and women’s services. The Children’s Hospital at Saint Peter’s University Hospital provides families with access to a full range of pediatric specialties, including a nationally recognized Level III Neonatal Intensive Care Unit, pediatric surgery and orthopedic surgery featuring innovative anterior scoliosis correction.
Tim Swope
CISO
Catholic Health System
Mr. Swope brings over 20 years of experience in IT Project Management, BI Solutions Development, IT Security, IT Controls (CoBIT, SOX 404/MAR, etc) IT Risk Management, and HealthCare Compliance, to both the public and private sectors. His focus is on identifying gaps relating to key IT security processes and the implementation of IS Security and Risk Management programs to Health Care, Pharmaceutical and various commercial clients. Has a proven track record of delivering the following: • Interpreting and applying 21 CFR Part 11, GLP, GMP, GCP, and QSR regulations • MDM and Data Governance • Identity Access Management • HIPAA Risk Assessments and GAP analysis • Information Assurance Program Management - SCRUM, AGILE, SDLC, Six Sigma • Implemented large security, risk and compliance initiatives of SOX-404 IT, HIPAA/HITECH, including security policies, procedures and controls. • "Big Data", Data Management and Health Care Data Analytics • Federal Information Security Management Act (FISMA) Compliance Reviews • Implemented the security standards - 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule He has supported these Information Assurance and IS Security initiatives for organizations that include: Excellus BCBS, Medimmune/Astra Zeneca, ENDO Pharmaceuticals, Novo Nordisk, Daiichi-Sankyo Solutions, Catalent Pharma Solutions, Johnson and Johnson, District of Columbia Government office of the Chief Financial Officer, District of Columbia Water and Sewer Authority, City of Richmond, Virginia Department of Public Utilities, Virginia State Department of Health, and the Kentucky Department of Health Services, as well as the U.S. Department of Labor.
Michael Gross
Manager, Cybersecurity Intelligence
Cleveland Clinic
Information Technology: Successful professional with extensive experience in networking technologies, server platforms, operating systems, programming languages and mainframe applications. Problem Management: More than four years of advanced network, mainframe and server troubleshooting and support. Proven success in situation and change management for high impacting issues. Good understanding of general problem management methodologies, Six Sigma, ITIL and Process Ownership. Team Management: Managed several individuals (both internal employees and contractors) with responsibility for oversight of successful Disaster Recovery/Business Continuity tests. Ability to motivate as well as delegate in order to execute on stated goals. Professional Skills: Excellent work ethic, interpersonal skills & relationship building, multi-tasking, and communication management. Demonstrated eagerness to learn and take on challenging tasks. Specialties: Advanced Network Troubleshooting, End to End System Troubleshooting, Disaster Recovery Planning and Design, Business Continutiy Planning, Solution Development
Amit Basu
CISO/CIO
International Seaways

5:05 PM-5:15 PM
Raffle & Closing Remarks

5:15 PM-6:30 PM
Cocktail Hour