Agenda – 2017 Spring Summit

Time Monday, May 8th
12:00 PM – 1:00 PM New Member/First Time Attendee Luncheon
12:00 PM – 6:00 PM Registration
1:00 PM – 2:00 PM Committee Meetings
2:00 PM – 3:45 PM Member Meeting
4:00 PM – 5:00 PM
Grand Rounds – Coalfire
Grand Rounds – Risk Recon
Grand Rounds – Cisco
Grand Rounds – Veriphyr
5:15 PM – 6:15 PM Welcome Reception – Sponsored by IMMUNIO, Inc. & Cobalt
6:30 PM – 9:00 PM Board Dine Arounds – Sponsored by Agari
6:30 PM – 9:00 PM Attendee Dine Arounds – Sponsored by Arxan Technologies, Prevalent, Secure Works, Skycure and Veracode, Inc.
9:00 PM – 11:00 PM Hospitality Suite – Sponsored by Accenture
Time Tuesday, May 9th
6:45 AM – 7:30 AM Breakfast
7:45 AM – 8:30 AM Opening Remarks
8:30 AM – 8:40 AM Keynote Introduction – Sponsored by OKTA
8:40 AM – 9:25 AM Keynote: Driving the Conversation: A Look at the Future of Healthcare in America
Mark McClellan, M.D.
9:25 AM – 9:55 AM Securonix: Solving Healthcare’s Security Crisis with Behavior Analytics
Michael Lipinski, Securonix
9:55 AM – 10:25 AM Networking Break – Sponsored by Bandura Systems
10:25 AM – 11:25 AM
Grand Rounds – Acalvio
Grand Rounds – Security Risk Advisors
Grand Rounds – ThinAir
Grand Rounds – Blue Cedar
11:25 AM – 11:35 AM Transition Break
11:35 AM – 12:05 PM
IBM: Transform Threat Intelligence Into Prevention In Minutes
Paul Griswold, IBM
Kaiser Permanente: Leveraging Threat Intelligence to Support Secure Technology Use in Patient Care
James Goddard, Kaiser Permanente; Dr. Eric Liederman, MD, Permanente Medical Group
Allergan: Do You Still Need AV?
Chris Rose, Allergan
Eli Lilly & Company: Managing Successful Pen Tests for Medical Devices – for Manufacturers and Providers
Chris Reed, Eli Lilly & Company
12:05 PM – 12:45 PM Lunch – Sponsored by Netskope
12:45 PM – 1:15 PM
Skycure: The 3 Critical Steps to Protect Your Enterprise from Mobile Threats
Jim Routh, Aetna; Adi Sharabani, Skycure
MedStar Health: Bolstering Cyber Security and Reducing Risk Through Contracting
Aaron Heath, Medical University of South Carolina; John Rasmussen, MedStar Health
Pfizer: Crowdsourcing Cybersecurity Analytics Development
William Barnes, Pfizer
DigiCert: Cybersecurity Hygiene for Connected Medical Device Security
Mike Nelson, DigiCert
1:15 PM – 1:30 PM Transition Break
1:30 PM – 2:00 PM
Attivo Networks: Deception for Early Detection and Empowered Incident Response
Carolyn Crandall, Attivo Networks
HHS: HHS Coordinated Approach to Healthcare Cyber Security
Thad Odderstol, HHS; Maggie Amato, US Department of Health and Human Services; Rose-Marie Nsahlai, US Department of Health and Human Services; Leo Scanlon, US Department of Health and Human Services; Vik Sinha, US Department of Health and Human Services
Aetna: Mobile DevOps: Securing Application Signing and Distribution
Salil Jain, Aetna; Jay Marehalli, Aetna
Baxter Healthcare: Cybersecurity Considerations in Postmarket Surveillance
Pavel Slavin, Baxter Healthcare; Ashley Woyak, Baxter Healthcare
2:00 PM – 2:15 PM Transition Break
2:15 PM – 3:15 PM
Deloitte: Advanced Cyber Reconnaissance and Analytics Supporting Health Care Clients in the Public and Private Sector
Eric Dull, Deloitte; Bari Faudree, Deloitte
Kaiser Permanente: Our Journey of Building a Cyber Security Architecture Practice for a 50 Billion Dollar Company @ Scale
Kapil Assudani, Kaiser Permanente
Pfizer: Integrated Incident Management
Brian Coleman, Pfizer
Mayo Clinic: Setting Up Your Own Medical Device Security Program
Debra Bruemmer, Mayo Clinic; LeahAnn Clemens, Mayo Clinic
3:15 PM – 3:45 PM Networking Break
3:45 PM – 4:15 PM
Perch Security: How Your Organization Can Leverage NH-ISAC Intelligence to Detect, and Participate, Automatically
Aharon Chernin, Perch Security
Preempt: How to Build a Real-Time Insider Threat Program with UBA
Ajit Sancheti, Preempt
Allergan: Acquisition Risks and Threat
Michael Towers, Allergan
Johnson & Johnson/Abbott: Post Market Management from a Medical Device Manufacturer Perspective
Colin Morgan, Johnson & Johnson; Chris Tyberg, Abbott
4:15 PM – 4:30 PM Transition Break
4:30 PM – 5:00 PM Gurucul: Risk-Based Step-Up Authentication from Behavior Analytics
Nathan Harris, Aetna; Brian Heemsoth, Aetna
6:00 PM – 9:00 PM Beach Event
9:00 PM – 11:00 PM Hospitality Suite – Sponsored by Guidepoint Security
Time Wednesday, May 10th
7:00 AM – 8:00 AM Breakfast & Panel – Sponsored by EY and EWF
8:00 AM – 8:15 AM Opening Remarks
8:15 AM – 8:45 AM EY: From Bitcoin to Secure Health Care Information: How Blockhains are Rebooting the IT Security World
Paul Brody, EY; Dan Gietl, EY
8:45 AM – 9:15 AM Networking Break
9:15 AM – 10:15 AM
Grand Rounds – Anomali
Grand Rounds – Fireglass
Grand Rounds – SecureWorks
Grand Rounds – Adlumin, Inc.
10:15 AM – 10:20 AM Transition Break
10:20 AM – 11:20 AM
Live List Server – Making Wise Choices
Chris Rose, Allergan
Live List Server – Advanced Threat Defense Framework
Michael Towers, Allergan
Live List Server – Wickedly Smart or Highly Disciplined
Robert Smith, University of California
Live List Server – Android Security Testing
Mark Willis, Aetna
11:20 AM – 11:30 AM Transition Break
11:30 AM – 12:30 PM
Flashpoint: Threats to Healthcare: From Intelligence to Incident Response
Vitali Kremez, Flashpoint; Tarik Rahmanovic, Blue Cross Blue Shield Association; Michael Slavick, Kaiser Permanente
Horizon Blue Cross Blue Shield: Panel Discussion: Healthcare Identity and Authentication Challenges
Alan Leung, Horizon Blue Cross Blue Shield; Mollie Shields Uehling, Safe Biopharma; Peter Alterman, Safe Biopharma; Michael Towers, Allergan; Jay Marehalli, Aetna; Kurt Lieber, Aetna
Wellmark Inc: Combating Complex Threat Actors and Malware Using Virtual Technologies and Non-Persistent Environments
Andrew Neller, Wellmark Inc.
NH-ISAC/MDISS/FDA: Medical Device Security Town Hall
Denise Anderson, NH-ISAC; Dr. Dale Nordenberg, MDISS; Dr. Suzanne Schwartz, FDA
12:30 PM – 1:15 PM Lunch – Sponsored by Digital Shadows
1:15 PM – 1:45 PM Prevalent: A Smarter Approach to Third-Party Vendor Risk for the Healthcare Industry
Jonathan Dambrot, Prevalent
1:45 PM – 2:00 PM Transition Break
2:00 PM – 2:30 PM
Veriphyr: Detecting Impermissible Use of Patient Data
Alan Norquist, Veriphyr; John Vastano, PhD, Veriphyr
Aetna: The Next Tectonic Shift in Identity & Access Management: User Behavioral Analytics & Identity Data Analytics
Kurt Lieber, Aetna
Allergan: To SAP or Not to SAP – Bringing Cyber and ERP Security Together
Michael Towers, Allergan
Booz Allen Hamilton: Security by Design: The Only Option for Medical Devices
Chris Poulin, Booz Allen Hamilton
2:30 PM – 2:45 PM Transition Break
2:45 PM – 3:15 PM
Genomic and Netskope: A Journey to Safe Cloud Service Enablement
Mario Puras, Netskope; Craig Guinasso, Genomic Health
Pfizer: Cybersecurity Beyond Compliance to Enable Business Solutions
Cheryl Flannery, Pfizer; Keith Lichtenwalner, Pfizer
Abbott: Changing the Paradigm for Malicious Cyber Actors – New Strategy for Defending US Critical Infrastructure
Ronald Banks, Abbot
Texas Health Resources: Cyber Risk Stratification, Medical Devices and the Healthcare Delivery System Architecture
Ron Mehring, Texas Health Resources
3:15 PM – 3:30 PM Transition Break
3:30 PM – 4:00 PM
Weblife: What CISOs Need to Know About GDPR Requirements
David Melnick, Weblife; Spencer Mott, Amgen
Smiths Medical: Create a Cyber War Game Capability to Enhance Effective Intelligence
Bill Hagestad, Smiths Medical; Mike Seeberger, Boston Scientific
Partners HealthCare: Life Lessons From an Identity and Access Management Solution Implementation
Jigar Kadakia, Partners HealthCare
Symantec: Medical Device Security – Making it Work
Axel Wirth, Symantec
4:00 PM – 4:15 PM Transition Break
4:15 PM – 4:45 PM
SecurityScorecard: Healthcare’s Most Dangerous Security Risk Vectors
Sam Kassoumeh, SecurityScorecard
Global Cyber Alliance: DMARC: Making Email More Secure
Mirza Shehzad, Global Cyber Alliance
American Cancer Society: Supply Chain Security Risk Management
James Baird, American Cancer Society
Medtronic: Advancing Secure by Design to Mobile Health Applications
Tara Larson, Medtronic
4:45 PM – 5:15 PM Closing Remarks & Wrap Up
7:30 PM – 10:00 PM Indiana Jones Epic Stunt Theater

 *Subject to Change