Sponsorship Opportunities – 2017 Spring Summit

Posted by: Greyson Schwing      Date: January 02, 2017

Please find sponsorship opportunities for the NH-ISAC 2017 Masters of Deception Summit outlined below. Visit the registration page to secure the desired sponsorship level and click the graphic below to view the 2017 NH-ISAC Spring Sponsor Prospectus. Sponsor registration is open.


Platinum Sponsor: Sold Out

  • $35,000
  • 30 Minute General Session Speaking Slot: Requires Presentation Submission & Approval
  • 5 Full Conference Passes Maximum: Includes Speaker(s)
  • Exhibit Space: Electrical & 6′ x 30″ Table Included
  • Attendee Lists: Pre-event email (Title/Company Opt-in Only) & On-site hard copy (Title/Company/Name Opt-in Only)
  • 1/2 Page Ad (7.5″W x 4.75″H) in Conference Brochure
  • Logo/Description on Conference Website & Signage
  • AV Coverage
  • Limited Board Room Access to Host Meetings (Based on Availability)


Grand Rounds Sponsor: Sold Out

    • $15,000
    • Service/Product Presentation Opportunity
    • 3 Full Conference Passes Maximum
    • Exhibit Space: Electrical & 6′ x 30″ Table Included
    • Attendee Lists: Pre-event email (Title/Company Opt-in Only) & On-site hard copy (Title/Company/Name Opt-in Only)
    • Logo/Description on Conference Website & Signage
    • AV Coverage


Silver Sponsor: Sold Out

  • $10,000
  • 2 Full Conference Passes Maximum
  • Exhibit Space: Electrical & 6′ x 30″ Table Included
  • Attendee Lists: Pre-event email (Title/Company Opt-in Only) & On-site hard copy (Title/Company/Name Opt-in Only)
  • Logo/Description on Conference Website & Signage


Gold A Sponsor: Sold Out

  • $25,000
  • 60 Minute Concurrent Session Slot: Requires Presentation Submission & Approval
  • 4 Full Conference Passes Maximum: Includes Speaker(s)
  • Exhibit Space: Electrical & 6′ x 30″ Table Included
  • Attendee Lists: Pre-event email (Title/Company Opt-in Only) & On-site hard copy (Title/Company/Name Opt-in Only)
  • 1/4 Page (3.75″W x 4.75″H) Ad in Conference Brochure
  • Logo/Description on Conference Website & Signage
  • AV Coverage


Gold B Sponsor: Sold Out

  • $12,500
  • 30 Minute Concurrent Session Slot: Requires Presentation Submission & Approval
  • 2 Full Conference Passes Maximum: Includes Speaker(s)
  • Exhibit Space: Electrical & 6′ x 30″ Table Included
  • Attendee Lists: Pre-event email (Title/Company Opt-in Only) & On-site hard copy (Title/Company/Name Opt-in Only)
  • 1/4 Page (3.75″W x 4.75″H) Ad in Conference Brochure
  • Logo/Description on Conference Website & Signage
  • AV Coverage


Full Pass: 10 out of 10 Available

  • $5,000
  • 1 Full Conference Pass Maximum (only sponsors with 1 attendee pass as part of their sponsorship can add 1 extra Full Pass; sponsors with 2 or more passes are not eligible for Full Passes; any attempt to manipulate passes for additional sponsor attendees could result in a penalty of organization exclusion from future NH-ISAC Summits.)
  • Attendee Lists: Pre-event email (Title/Company Opt-in Only) & On-site hardcopy (Title/Company/Name Opt-in Only)


Please see the vendor prospectus for additional sponsorship opportunities.







Current Sponsors – 2017 Spring Summit

Posted by: Greyson Schwing      Date: January 02, 2017

Thank You to Our Current Sponsors!




EY Advisory combines a wealth of consulting capabilities — strategy, customer, finance, IT, supply chain, people advisory, program management and risk — with a complete understanding of a client’s most complex issues and opportunities, such as digital disruption, innovation, analytics, cybersecurity, risk and transformation. Visit ey.com to learn more.

Gurucul is changing the way enterprises protect themselves against insider threats, account compromise and data exfiltration on-premises and in the cloud. The company’s user behavior analytics and identity access intelligence technology uses machine learning anomaly detection and predictive risk-scoring algorithms to reduce the attack surface for accounts, unnecessary access rights and privileges, and to identify, predict and prevent breaches. Gurucul technology is used globally by organizations to detect insider threats, cyber fraud, IP theft, external attacks and more. The company is based in Los Angeles. To learn more, visit http://www.gurucul.com/ and follow us on LinkedIn and Twitter.

Prevalent is the leader in third-party risk management and cyber threat intelligence, helping global organizations manage and monitor the security threats and risks associated with third and fourth-party vendors. With the release of Prevalent Synapse™, organizations now have a purpose-built, unified platform that reduces both risk and cost in a shared assessment model, leveraging standardized content, automation, and threat intelligence.

For more information regarding Prevalent, please visit www.prevalent.net

Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built, advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account and system behavior, Securonix is able to detect the most advanced insider threats, data security and fraud attacks automatically and accurately. Globally, customers are using Securonix to address the most basic and complex needs around advanced persistent threat detection and monitoring, high privileged activity monitoring, enterprise and web fraud detection, application risk monitoring and access risk management. For more information visit www.securonix.com.




Deloitte Risk and Financial Advisory helps organizations turn critical and complex business issues into opportunities for growth, resilience and long-term advantage. Our market-leading teams help our clients manage strategic, financial, operational, technological, and regulatory risk to enhance enterprise value, while our experience in mergers and acquisitions, fraud, litigation and reorganizations helps clients emerge stronger and more resilient.

Flashpoint delivers Business Risk Intelligence (BRI) to empower business units and functions across organizations to make better decisions and mitigate risk. The company’s unique Deep & Dark Web data, expertise, and technology enable our customers to glean intelligence that informs risk and protects their ability to operate. Fortune 500 and government customers utilize Flashpoint’s intelligence across the enterprise, including bolstering cybersecurity, confronting fraud, detecting insider threats, enhancing physical security, assessing M&A opportunites, and addressing vendor risk and suplly chain integrity. For corporations with limited experience availing themselves of Deep & Dark Web intelligence, Flashpoint has tailored offering that deliver comprehensive reporting and monitoring on their behalf. Flashpoint backed by Greycroft Partners, TechOperators, K2 Intelligence, Jump Capital, Leaders Fund, Bloomberg Beta, and Cisco Investments. For more information visit www.flashpoint-intel.com or follow us on Twitter at @FlashpointIntel.




Global Cyber Alliance
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org.

Netskope is the leader in cloud security. Trusted by the world’s largest companies, Netskope’s cloud-scale security platform enables security professionals to understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work. Netskope – security evolved.

SecurityScorecard provides the most accurate rating of security risk for any organization worldwide. The proprietary SaaS platform helps enterprises gain operational command of the security posture for themselves and across all of their partners and vendors. It provides continuous, non-intrusive monitoring for any organization including 3rd and 4th parties. The platform offers a breadth and depth of critical data points not available from any other service provider in a broad range of risk categories.

Skycure offers the most complete, accurate and effective mobile threat defense solution, delivering unparalleled depth of threat intelligence to predict, detect and protect against the broadest range of threats. Skycure’s predictive technology uses a layered approach that leverages massive crowd-sourced threat intelligence, in additional to both device- and server- based analysis.

Weblife helps organizations solve the security, privacy, and regulatory challenges associated with employee web use. Weblife uses advanced threat isolation to eliminate the risk of web-based malware, providing employees an anonymous and secure environment in which to conduct personal and high risk web browsing. The Weblife service is fully cloud-based and simple to deploy, manage, and support. It requires no software and works with any modern web browser. Weblife is used by some of the world’s largest global organizations to eliminate the risk of web-based malware and easily comply with growing global privacy regulations such as the EU’s General Data Protection Regulation (GDPR.) Weblife is a privately held company based in Los Angeles, CA.

Preempt protects organizations from insider threats by responding in real-time to suspicious behavior in order to stop malicious threats and validate legitimate activities. Preempt’s adaptive and policy-based approach ensures that proper level of response is used based on the type of severity of threat. This proactive approach allows organizations to eliminate their insider threat problem and maintain business continuity without engaging already overwhelmed security teams. The company is headquartered in San Francisco, CA. Learn more about us at www.preempt.com.

Veriphyr detects impermissible use of ePHI by employees without the false positives of rule-based approaches. When two employees access a co-worker’s medical data, Veriphyr reliably detects which employee’s access is not permissible and which employee is doing their job. Even employees in the same department with the same titles. Even if the employees access the patient data only once.

Attivo Networks
Attivo Networks®, the leader in deception technology, provides accurate in-network threat detection, analysis, and accelerated response to advanced, credential, insider, and ransomware attacks. The ThreatMatrix™ Deception and Response Platform provides continuous visibility and efficient threat management for user networks, data centers, cloud, branch, IoT, ICS-SCADA, and POS environments. Camouflage dynamic deception sets high-interaction traps to misdirect and lure attackers into revealing themselves. The solution’s advanced attack analysis and lateral movement tracking automate investigation, deliver evidence-based alerts, and in-depth forensic reports. Incident response is simplified with ThreatOps™ playbooks and 3rd party integrations for automated attack block, quarantine, and threat hunting. www.attivonetworks.com

IBM is a global organization that delivers an integrated system of analytics, real-time defenses and proven experts, so our clients can make strategic decisions about how to safeguard their business. Like an immune system, IBM solutions provides an integrated and comprehensive approach to prevent and repair the damage attacks can impose on your enterprise’s security.


Perch Security


Booz Allen Hamilton
Booz Allen provides end-to-end cyber security services to healthcare and life sciences companies and civil and government agencies, including those involved in regulating and providing health technology and services. The unique position of operating within the entire U.S. National Health community enables us to bridge government cyber tradecraft to the private health sector.




Security Risk Advisors
We deliver cybersecurity services to industry-leading, global companies. Our approach emphasizes training and knowledge transfer to help you build confidence in your cybersecurity controls. We bring specialized skills that are hard to find – deep security testing, independent advice, engineering capability with emerging security controls, threat modeling, and compliance program development.

Fireglass allows users to click with confidence from any device by eliminating malware and phishing from web and email without an endpoint agent. Organizations protected by Fireglass maximize user productivity while solving the operational overhead and complexity of web gateways through Fireglass’ True Isolation™ technology, where all web traffic is executed remotely and does not reach endpoints. Deployed at Fortune 500 companies, Fireglass was founded by network security leaders and military intelligence veterans and is backed by world-class investors including Lightspeed Venture Partners and Norwest Venture Partners.

Anomali delivers earlier detection and identification of adversaries in your organizations network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.

Acalvio Technologies
Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter. The solutions are anchored on patented innovations in Deception and Data Science. This enables a DevOps approach to ATD, enabling ease of deployment, monitoring and management. Acalvio enriches its threat intelligence by data obtained from internal and partner ecosystems, enabling customers to benefit from defense in depth, reduce false positives, and derive actionable intelligence for remediation.

RiskRecon brings greater transparency, accountability and productivity to your third-party risk management process. Our SaaS platform delivers frequent, comprehensive and actionable security performance measurements and management tools. Unlike alternative providers, we originate our own information by directly measuring the ever-changing attack surface area of any organization. www.riskrecon.com


SecureWorks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.

Adlumin Inc.
Adlumin is revolutionizing that way corporations secure sensitive data and intellectual property while achieving their compliance objectives. These tenants of business are routinely under attack by insider and outsider threats using rogue accounts, credential theft, and identity-based attacks to subvert defenses, damaging your reputation and bottom line. Organizations like yours simply can’t wait weeks to get the answers you need. You need real time detection and flexible options. Adlumin provides real time visibility and analysis into every identity within the enterprises – even across the largest networks – using machine learning and industry expertise from the world’s finest investigators and the U.S. Intelligence Community. Futhermore, using confirmation technology, Adlumin goes beyond detection and is capable of confirming anomalies as malicious. Adlumin significantly reduces HIPAA compliance costs, satisfies multiple NIST/SANS (CIS) critical security control requirements, and enhances your privileged account access management strategy. To see Adlumin in action, visit www.adlumin.com, call (571)334-4777 or email info@adlumin.com.

As cybersecurity risk management and compliance experts, Coalfire delivers cybersecurity advice, assessments, testing, and implementation support to IT and security departments, executives, and corporate directors of leading enterprises and public sector organizations. By addressing each organization’s specific challenges, we’re able to develop a long-term strategy that improves our clients’ overall cyber risk profiles. Armed with our trusted insights, clients can get to market faster with the security to succeed. Coalfire has offices throughout the United States and Europe.

ThinAir provides 360 degree visibility into all interactions with organization’s most important assets – its data. Whether malicious insider or malware or human error caused the data loss, ThinAir enables you to assess the scope and source of the leak within seconds. See everything. Protect what matters.

Blue Cedar
Blue Cedar helps enterprises and software vendors secure access to mobile data by injecting security directly into mobile apps. By securing individual apps, not the device, organizations can easily secure and deploy apps to any user on any endpoint device. It’s transparent to users, non-invasive to privacy, and provides policy controls that encrypt data-at-rest and data-in-transit.

Veriphyr detects impermissible use of ePHI by employees without the false positives of rule-based approaches. When two employees access a co-worker’s medical data, Veriphyr reliably detects which employee’s access is not permissible and which employee is doing their job. Even employees in the same department with the same titles. Even if the employees access the patient data only once.

Cisco® Cloud Security helps you adopt the cloud with confidence and better manage security for the way the world works today. It protects users against threats anywhere they access the Internet and secures your data and applications in the cloud. Cisco Cloud Security provides an effective security platform that is open, automated, and simple to use.



Digital Shadows
Digital Shadows provides insight into an organization’s external digital risks and the threat actors targeting them. Digital Shadows SearchLight™ combines scalable data analytics with human analysts to monitor for risks beyond the boundary identifying cyber threats, data leakage and reputation risks, creating an up-to-the minute view of an organization and digital risks requiring mitigation.

Bitglass’ Cloud Access Security Broker (CASB) solution provides enterprises with end-to-end data protection from the cloud to the device. It deploys in minutes and works with any cloud app on any device. Bitglass protects data on mobile devices without the hassles of MDM and enables enterprises to enforce corporate data security policies across apps like Office 365, Salesforce, and Exchange. Bitglass, based in Silicon Valley with European headquarters in Amsterdam, was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud connect and protects employees of many of the world’s largest enterprises. It also securely connect enterprises to their partners, suppliers and customers. With deep integrations to over 5,000 apps, the Okta Identity Cloud enables simple and secure access from any device.

Resilient, an IBM Company
IBM Resilient’s mission is to help organizations thrive in the face of any cyberattack or business crisis. The industry’s leading Incident Response Platform (IRP) empowers security teams to analyze, respond to, and mitigate incidents faster, more intelligently, and more efficiently. The Resilient IRP is the industry’s only complete IR orchestration and automation platform, enabling teams to integrate and align people, processes, and technologies into a single incident response hub. With Resilient, security teams can have best-in-class response capabilities. IBM Resilient has more than 150 global customers, including 50 of the Fortune 500, and hundreds of partners globally. Learn more at www.resilientsystems.com.

Veracode, Inc.
Veracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market – without compromising security. Learn more at www.veracode.com.

DigiCert addresses the security challenges of the Internet of Things with automated identity and encryption solutions for connected devices. Whether choosing the cloud or on-premise, we support your certificate-based deployments at any scale for mutual authentication, access control, data encryption, data integrity, secure boot, patch management and IP protection. A trusted certificate provider for the Global 2000, DigiCert supports SSL/TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management platform, CertCentral®. The company has been recognized with dozens of awards for its enterprise-grade management platform, fast and knowledgeable customer support, and market-leading growth. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

Synopsys offers the most comprehensive solution for integrating security and quality into the SDLC and supply chain. Whether you’re well-versed in software security or just starting out, we provide the tools you need to ensure the integrity of the applications that power your business. Our holistic approach to software security combines best-in-breed products, industry-leading experts, and a broad portfolio of managed and professional services that work together to improve the accuracy of findings, speed up the delivery of results, and provide solutions for addressing unique application security challenges. We don’t stop when the test is over. Our experts also provide remediation guidance, program design services, and training that empower you to build and maintain secure software. For more information go to www.synopsys.com/software.

OASIS is a nonprofit consortium, home to STIX and TAXII standards for threat intelligence sharing and the CSAF standard for automated cyber vulnerabilities disclosure. OASIS organizes the Borderless Cyber conference, 21-22 June, NYC. Stop by our table for a chance to win a free conference pass. NH-ISAC members receive $100 discount when registering for Borderless Cyber with the code NH-ISAC.

Mimecast (NASDAQ: MIME) makes business email and data safer for 24,900 customers and their millions of employees worldwide. Founded in 2003, the company’s next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management.

Agari protects the inboxes of the world’s largest organizations from the #1 cyber security threat of advanced email attacks including phishing and business email compromise. URL: www.agari.com

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian intelligence networkds, allowing it to see and protect against the most advanced threats. For additional information, please visit www.symantec.com/healthcare.

Menlo Security
Menlo Security protects organizations against cyber attacks from the Web, email and other critical threat vectors. The company’s patented Isolation Platform isolates all content and eliminates malware in the cloud, providing users with a completely transparent and safe experience without the need to deploy and update software to their endpoints. Menlo Security products can be deployed in the public or private cloud and are trusted by some of the world’s largest enterprises, including Fortune 500 companies and financial services institutions. Company headquarters are in Menlo Park, California. For more information, please visit www.menlosecurity.com or @menlosecurity.




Bandura is a cybersecurity company that enables organizations to control their exposure to the internet. Our users are able to leverage Bandura technology in conjunction with their existing security infrastructure to simplify the deployment and enforcement of their vast threat intelligence repositories, eliminating large amounts of threatening infrastructure from being able to interact with their environment. The Bandura PoliWall can deploy 100 MILLION malicious IP’s or CIDR blocks in line and likewise automate activities such as ACL’s to eliminate traffic from threatening countries with a click.

Booz Allen Hamilton
Booz Allen provides end-to-end cyber security services to healthcare and life sciences companies and civil and government agencies, including those involved in regulating and providing health technology and services. The unique position of operating within the entire U.S. National Health community enables us to bridge government cyber tradecraft to the private health sector.

Cobalt’s hacker-powered application security solution transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. Fueled by our global talent pool of trusted ethical hackers, Cobalt’s SaaS crowdsourced pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Hundreds of organizations now benefit from high quality pen test findings, faster remediation times, and higher ROI for their pen test budget. Visit www.cobalt.io to learn how Cobalt is securing apps at the speed of business.

GuidePoint Security
GuidePoint Security provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Learn more at: http://guidepointsecurity.com.

IMMUNIO is a pioneer in runtime application self-protection (RASP) providing a cutting edge technology platform for real-time, instantaneous and automatic detection of an protection against security vulnerabilities for web applications. Our mission is to align security with the speed of application development easily, efficiently and effectively for the enterprise. To learn more about IMMUNIO please visit www.immun.io.

Pindrop is the pioneer in voice fraud prevention and authentication. Pindrop provides enterprise solutions to reduce fraud losses and authentication expense for some of the largest call centers in the world. Pindrop’s patented PhoneprintingTM technology can identify, locate and authenticate phone devices uniquely just from the call audio thereby detecting fraudulent calls as well as verifying legitimate callers. Pindrop has been selected by the world’s largest banks, insurers, brokerages and retailers, detecting over 80% of fraud, even for attackers never seen before. Pindrop’s solutions are allowing customers to reduce call time and improve their customers’ experience even while reducing fraud losses. Pindrop was founded in 2011 and is venture backed by Andreessen Horowitz, Citi Ventures, Felicis Ventures, CapitalG, GV and IVP.

Phantom is the first community-powered security automation and orchestration platform. It integrates your existing security technologies, providing a layer of connective tissue between them. The Phantom platform helps you work smarter by automating repetitive tasks, effectively force multiplying your team’s efforts and allowing them to focus their attention on mission-critical decisions. It also helps you respond faster and reduce dwell times with automated detection, investigation, and response. Using Phantom helps you strengthen your defenses by integrating your entire security infrastructure together so that each part is actively participating in your defense strategy. For more information visit: https://phantom.us/


Arxan Technologies



Presentations – 2017 Spring Summit

Posted by: Greyson Schwing      Date: January 02, 2017

      The NH-ISAC 2017 Spring Summit Call for Presentations is Now Closed!


Deadline for submission was Wednesday, February 1st, 2017 at 12:00 PM Eastern Standard Time. Submissions received after this date and time will not be considered.

Please direct all presentation questions to nhisac@nhisac.org.

Special Events – 2017 Spring Summit

Posted by: Greyson Schwing      Date: January 02, 2017

Click here to register for the Summit Grand Finale: Indiana Jones Epic Stunt Theater – Cairo Dinner Show at Hollywood Studios

Click Here to Register!

Rather than race to the airport, we welcome all attendees to join us the evening of Wednesday, May 10th for our Grand Finale. Your Summit investment would not be complete without a great networking send off. Who else to host such an event, but Indiana Jones!

Indiana enters the ruins of a temple, dodging spears and blow darts as he seeks the golden idol. A dangerous series of life-threatening surprises are liable to doom our hero, but soon Indy has the treasure in his grasp.

In a flash, the set parts to reveal a street event in a Cairo bazaar. In the center of it all, a feast fit for a sultan awaits, right in the middle of the stage! All guests are invited to leave their seats from Scene I, and walk down on to the stage to be seated for dinner! As you dine on the stage, a DJ and Belly Dancer entertain you. With the conclusion of the lavish and elegant banquet scene, there’s one more shot to capture: the grand finale! This thrilling event is the perfect closer to the Masters of Deception Summit.

Please visit the registration desk prior to 5:00pm on the day of the event to pick up your wristband to attend this event. You may walk or take the boat to the Guest Relations Booth in front of Disney’s Hollywood Studios at 7:00pm to be escorted to the theater. After the closing event is over, guests may walk or take the boat back to the hotel; a bus will be available after 10:30pm. Transportation will not be provided.

Register here for the Spouse/Partner Event – Keys to the Kingdom Tour

While your spouse/partner is busy at the conference, you should have some fun too! No better place to find it than Disney World! Disney’s Keys to the Kingdom tour offers an in-depth 5 hour tour of Disney’s most magical park: Magic Kingdom. Learn the in-and-outs of Disney’s great park while seeing several backstage areas regular tourists are not able to see.

Be sure to wear comfortable shoes on Tuesday, May 9th’s expedition that begins at the Town Square Theater. This tour is only available to spouses/partners of NH-ISAC 2017 Spring attendees and has three different start times: 8:30am, 9:00am, and 9:30am. Participants must be at least 16 years of age and have a valid ID. You better hurry to reserve your tickets, because this magical experience will fill up quickly!

New Member & First-Time Attendee Lunch

Join us for our inaugural New Member/First-Time Attendee Luncheon on Monday, May 8th from noon to 1PM. Come meet members of the Board, NH-ISAC Staff and each other in a small setting before the big conference kick off.

Dine Arounds

Sponsor: Veracode, Inc.
Location: Todd’s English Bluezoo
Date: Monday, May 8, 2017 | 6:30 – 9:00PM
Join Veracode for an evening of relaxed networking and industry insights at Bluezoo, where celebrity chef Todd English combines the freshest seafood with coastal cuisines from around the world in an unforgettable setting. Please email Dakota at ddeno@prodevmeetings.com by Monday, May 1, 2017 of your intent to attend this event

Sponsor: Skycure
Location: Shula’s Steak House
Date: Monday, May 8, 2017 | 7:30 – 9:00PM
Come enjoy a delicious meal and great conversation, while networking with your fellow healthcare and mobile security peers. Please email events@skycure.com of your intent to attend this event. We will continue to accept RSVPs on site.

Tuesday Evening Beach Event


All attendees are welcome to join us Tuesday, May 9th after the conference day ends when we’ll head over to the Swan and Dolphin’s White Sand Beach. Enjoy food, drink, games, and the company of your industry peers! No registration necessary.

Disney World Tickets

Walt Disney World Theme Park Ticket prices have changed.

Although the prices changed, we are pleased to be able to provide you with a “Grace Period” if you would like to purchase your Disney tickets at 2016 prices until Saturday, March 11, 2017 at 4:00 PM EST.  After this date, our new ticket offers and pricing will go into effect.

Attendees of the 2017 Spring Summit, as well as those friends and family members that are traveling with them, are able to individually purchase specially priced Disney Meeting & Convention Tickets here or by calling 404-566-5600. Plus, these tickets are good for pre and post conference stays, too!

These tickets offer pre-arrival savings of 10% on Disney’s Full-Multi-Day (2 days or longer) Tickets and include one (1) complimentary admission to an additional Disney Experience at any one (1) of the following (additional details are listed on the web site):

  • Disney’s Typhoon Lagoon Water Park
  • Disney’s Blizzard Beach Water Park
  • Disney’s Winter Summerland or Disney’s Fantasia Gardens Miniature Golf Courses (before 4 p.m.)
  • Greens Fees for one round of golf at Disney’s Oak Trail Golf Course, our 9-hole walking course

*The site also contains our partial-day tickets, which are exclusive to the meetings market.

Agenda – 2017 Spring Summit

Posted by: Greyson Schwing      Date: January 02, 2017
Time Monday, May 8th
12:00 PM – 1:00 PM New Member/First Time Attendee Luncheon
12:00 PM – 6:00 PM Registration
1:00 PM – 2:00 PM Committee Meetings
2:00 PM – 3:45 PM Member Meeting
4:00 PM – 5:00 PM
Grand Rounds – Coalfire
Grand Rounds – Risk Recon
Grand Rounds – Cisco
Grand Rounds – Veriphyr
5:15 PM – 6:15 PM Welcome Reception – Sponsored by IMMUNIO, Inc. & Cobalt
6:30 PM – 9:00 PM Board Dine Arounds – Sponsored by Agari
6:30 PM – 9:00 PM Attendee Dine Arounds – Sponsored by Arxan Technologies, Prevalent, Secure Works, Skycure and Veracode, Inc.
9:00 PM – 11:00 PM Hospitality Suite – Sponsored by Accenture
Time Tuesday, May 9th
6:45 AM – 7:30 AM Breakfast
7:45 AM – 8:30 AM Opening Remarks
8:30 AM – 8:40 AM Keynote Introduction – Sponsored by OKTA
8:40 AM – 9:25 AM Keynote: Driving the Conversation: A Look at the Future of Healthcare in America
Mark McClellan, M.D.
9:25 AM – 9:55 AM Securonix: Solving Healthcare’s Security Crisis with Behavior Analytics
Michael Lipinski, Securonix
9:55 AM – 10:25 AM Networking Break – Sponsored by Bandura Systems
10:25 AM – 11:25 AM
Grand Rounds – Acalvio
Grand Rounds – Security Risk Advisors
Grand Rounds – ThinAir
Grand Rounds – Blue Cedar
11:25 AM – 11:35 AM Transition Break
11:35 AM – 12:05 PM
IBM: Transform Threat Intelligence Into Prevention In Minutes
Paul Griswold, IBM
Kaiser Permanente: Leveraging Threat Intelligence to Support Secure Technology Use in Patient Care
James Goddard, Kaiser Permanente; Dr. Eric Liederman, MD, Permanente Medical Group
Allergan: Do You Still Need AV?
Chris Rose, Allergan
Eli Lilly & Company: Managing Successful Pen Tests for Medical Devices – for Manufacturers and Providers
Chris Reed, Eli Lilly & Company
12:05 PM – 12:45 PM Lunch – Sponsored by Netskope
12:45 PM – 1:15 PM
Skycure: The 3 Critical Steps to Protect Your Enterprise from Mobile Threats
Jim Routh, Aetna; Adi Sharabani, Skycure
MedStar Health: Bolstering Cyber Security and Reducing Risk Through Contracting
Aaron Heath, Medical University of South Carolina; John Rasmussen, MedStar Health
Pfizer: Crowdsourcing Cybersecurity Analytics Development
William Barnes, Pfizer
DigiCert: Cybersecurity Hygiene for Connected Medical Device Security
Mike Nelson, DigiCert
1:15 PM – 1:30 PM Transition Break
1:30 PM – 2:00 PM
Attivo Networks: Deception for Early Detection and Empowered Incident Response
Carolyn Crandall, Attivo Networks
HHS: HHS Coordinated Approach to Healthcare Cyber Security
Thad Odderstol, HHS; Maggie Amato, US Department of Health and Human Services; Rose-Marie Nsahlai, US Department of Health and Human Services; Leo Scanlon, US Department of Health and Human Services; Vik Sinha, US Department of Health and Human Services
Aetna: Mobile DevOps: Securing Application Signing and Distribution
Salil Jain, Aetna; Jay Marehalli, Aetna
Baxter Healthcare: Cybersecurity Considerations in Postmarket Surveillance
Pavel Slavin, Baxter Healthcare; Ashley Woyak, Baxter Healthcare
2:00 PM – 2:15 PM Transition Break
2:15 PM – 3:15 PM
Deloitte: Advanced Cyber Reconnaissance and Analytics Supporting Health Care Clients in the Public and Private Sector
Eric Dull, Deloitte; Bari Faudree, Deloitte
Kaiser Permanente: Our Journey of Building a Cyber Security Architecture Practice for a 50 Billion Dollar Company @ Scale
Kapil Assudani, Kaiser Permanente
Pfizer: Integrated Incident Management
Brian Coleman, Pfizer
Mayo Clinic: Setting Up Your Own Medical Device Security Program
Debra Bruemmer, Mayo Clinic; LeahAnn Clemens, Mayo Clinic
3:15 PM – 3:45 PM Networking Break
3:45 PM – 4:15 PM
Perch Security: How Your Organization Can Leverage NH-ISAC Intelligence to Detect, and Participate, Automatically
Aharon Chernin, Perch Security
Preempt: How to Build a Real-Time Insider Threat Program with UBA
Ajit Sancheti, Preempt
Allergan: Acquisition Risks and Threat
Michael Towers, Allergan
Johnson & Johnson/Abbott: Post Market Management from a Medical Device Manufacturer Perspective
Colin Morgan, Johnson & Johnson; Chris Tyberg, Abbott
4:15 PM – 4:30 PM Transition Break
4:30 PM – 5:00 PM Gurucul: Risk-Based Step-Up Authentication from Behavior Analytics
Nathan Harris, Aetna; Brian Heemsoth, Aetna
6:00 PM – 9:00 PM Beach Event
9:00 PM – 11:00 PM Hospitality Suite – Sponsored by Guidepoint Security
Time Wednesday, May 10th
7:00 AM – 8:00 AM Breakfast & Panel – Sponsored by EY and EWF
8:00 AM – 8:15 AM Opening Remarks
8:15 AM – 8:45 AM EY: From Bitcoin to Secure Health Care Information: How Blockhains are Rebooting the IT Security World
Paul Brody, EY; Dan Gietl, EY
8:45 AM – 9:15 AM Networking Break
9:15 AM – 10:15 AM
Grand Rounds – Anomali
Grand Rounds – Fireglass
Grand Rounds – SecureWorks
Grand Rounds – Adlumin, Inc.
10:15 AM – 10:20 AM Transition Break
10:20 AM – 11:20 AM
Live List Server – Making Wise Choices
Chris Rose, Allergan
Live List Server – Advanced Threat Defense Framework
Michael Towers, Allergan
Live List Server – Wickedly Smart or Highly Disciplined
Robert Smith, University of California
Live List Server – Android Security Testing
Mark Willis, Aetna
11:20 AM – 11:30 AM Transition Break
11:30 AM – 12:30 PM
Flashpoint: Threats to Healthcare: From Intelligence to Incident Response
Vitali Kremez, Flashpoint; Tarik Rahmanovic, Blue Cross Blue Shield Association; Michael Slavick, Kaiser Permanente
Horizon Blue Cross Blue Shield: Panel Discussion: Healthcare Identity and Authentication Challenges
Alan Leung, Horizon Blue Cross Blue Shield; Mollie Shields Uehling, Safe Biopharma; Peter Alterman, Safe Biopharma; Michael Towers, Allergan; Jay Marehalli, Aetna; Kurt Lieber, Aetna
Wellmark Inc: Combating Complex Threat Actors and Malware Using Virtual Technologies and Non-Persistent Environments
Andrew Neller, Wellmark Inc.
NH-ISAC/MDISS/FDA: Medical Device Security Town Hall
Denise Anderson, NH-ISAC; Dr. Dale Nordenberg, MDISS; Dr. Suzanne Schwartz, FDA
12:30 PM – 1:15 PM Lunch – Sponsored by Digital Shadows
1:15 PM – 1:45 PM Prevalent: A Smarter Approach to Third-Party Vendor Risk for the Healthcare Industry
Jonathan Dambrot, Prevalent
1:45 PM – 2:00 PM Transition Break
2:00 PM – 2:30 PM
Veriphyr: Detecting Impermissible Use of Patient Data
Alan Norquist, Veriphyr; John Vastano, PhD, Veriphyr
Aetna: The Next Tectonic Shift in Identity & Access Management: User Behavioral Analytics & Identity Data Analytics
Kurt Lieber, Aetna
Allergan: To SAP or Not to SAP – Bringing Cyber and ERP Security Together
Michael Towers, Allergan
Booz Allen Hamilton: Security by Design: The Only Option for Medical Devices
Chris Poulin, Booz Allen Hamilton
2:30 PM – 2:45 PM Transition Break
2:45 PM – 3:15 PM
Genomic and Netskope: A Journey to Safe Cloud Service Enablement
Mario Puras, Netskope; Craig Guinasso, Genomic Health
Pfizer: Cybersecurity Beyond Compliance to Enable Business Solutions
Cheryl Flannery, Pfizer; Keith Lichtenwalner, Pfizer
Abbott: Changing the Paradigm for Malicious Cyber Actors – New Strategy for Defending US Critical Infrastructure
Ronald Banks, Abbot
Texas Health Resources: Cyber Risk Stratification, Medical Devices and the Healthcare Delivery System Architecture
Ron Mehring, Texas Health Resources
3:15 PM – 3:30 PM Transition Break
3:30 PM – 4:00 PM
Weblife: What CISOs Need to Know About GDPR Requirements
David Melnick, Weblife; Spencer Mott, Amgen
Smiths Medical: Create a Cyber War Game Capability to Enhance Effective Intelligence
Bill Hagestad, Smiths Medical; Mike Seeberger, Boston Scientific
Partners HealthCare: Life Lessons From an Identity and Access Management Solution Implementation
Jigar Kadakia, Partners HealthCare
Symantec: Medical Device Security – Making it Work
Axel Wirth, Symantec
4:00 PM – 4:15 PM Transition Break
4:15 PM – 4:45 PM
SecurityScorecard: Healthcare’s Most Dangerous Security Risk Vectors
Sam Kassoumeh, SecurityScorecard
Global Cyber Alliance: DMARC: Making Email More Secure
Mirza Shehzad, Global Cyber Alliance
American Cancer Society: Supply Chain Security Risk Management
James Baird, American Cancer Society
Medtronic: Advancing Secure by Design to Mobile Health Applications
Tara Larson, Medtronic
4:45 PM – 5:15 PM Closing Remarks & Wrap Up
7:30 PM – 10:00 PM Indiana Jones Epic Stunt Theater

 *Subject to Change

Keynote – 2017 Spring Summit

Posted by: Greyson Schwing      Date: January 02, 2017

Mark McClellan, MD, PhD

Mark McClellan, MD, PhD, is the Robert J. Margolis Professor of Business, Medicine, and Policy, and director of the Duke-Margolis Center for Health Policy at Duke University.

McClellan is a doctor and an economist whose work has addressed a wide range of strategies and policy reforms to improve health care, including payment reforms to promote better outcomes and lower costs, methods for development and use of real-world evidence, and approaches for more effective drug and device innovation. McClellan is a former administrator of the Centers for Medicare & Medicaid Services (CMS) and former commissioner of the U.S. Food and Drug Administration (FDA), where he developed and implemented major reforms in health policy.

McClellan has served as a member of the President’s Council of Economic Advisors and as Deputy Assistant Secretary of the Treasury for Economic Policy. He was also a senior fellow at the Brookings Institution and a professor of economics and medicine at Stanford University where he directed the Program on Health Outcomes Research.


Registration – 2017 Spring Summit

Posted by: Greyson Schwing      Date: January 02, 2017

Registration is now open – click here!



If you’re purchasing an event or exhibit booth when registering, select “Sponsor”

If you’re attending the Summit on behalf of the sponsors, select “Sponsor Representative Attendee”

Who should attend?

Chief Information Officers (CIO)

Chief Technology Officers (CTO)

Chief Information Security Officers (CISO)

Cyber Security Professionals

Security Architects/Risk Managers

Compliance Professionals

Attendee Restrictions

Attendance is restricted to Healthcare supply chain and services firms, relevant academic and public sector entities, as well as relevant stakeholder representative associations (e,g, AHIP, AMA, AHA, ACRO, PhRMA). Examiners and those responsible for informing public policy are not eligible to attend. If you have questions regarding eligibility contact: nhisac@nhisac.org.

Membership Fee # Of Free Member Attendees
$50,000 6
$25,000 3
$15,000 2
$5,000 & $10,000 1
Early bird member pricing is $300 through March 31, 2017.

Effective April 1, 2017 member price is $595. Additional members of the same firm receive a discounted rate of $325. Five or more additional members of the same firm receive a discounted rate of $292.50.

Guest Restrictions

Guest registration for the conference may include spouse, family members, and significant others but does not apply to colleagues or other practitioners in the health services community. Guests are not eligible to attend sessions but are authorized for meals and networking events.

Sponsor Restrictions

Only sponsors with one attendee pass as part of their sponsorship can add one extra Full Pass. Sponsors with two or more passes as part of their sponsorship are not eligible for additional conference passes. Any attempt to manipulate passes for additional sponsor attendees could result in a penalty of organization exclusion from future NH-ISAC Summits.


Attendee Cancellations: Only cancellations made before April 21st will receive a full refund less a $50 processing fee. Cancellations made after April 21st will not be refunded.

Sponsor Cancellations: Cancellations are strongly discouraged due to the impact on Summit programming and will only be considered on a case by case scenario.

Terms and Conditions: Completion of registration serves as an agreement between NH-ISAC and your company. An authorized agent of your company acknowledges and accepts these terms and conditions by completing the website registration and specifying the desired registration level.

Accepted Payments

  • Creditcard1
  • Creditcard2
  • Creditcard3

Hotel Information – 2017 Spring Summit

Posted by: Greyson Schwing      Date: January 02, 2017

Walt Disney World Swan and Dolphin
1500 Epcot Resorts Blvd.
Lake Buena Vista, FL 32830
T : 407-934-4000

Single/Double Occupancy Room Rate: $219.00 plus 12.5% state/local taxes and $25 resort fee per room per day.

To make reservations over the phone, please call 888-828-8850 and mention the group name “NH-ISAC 2017 Spring Summit” to receive the negotiated conference room rate. Reservations must be made on or before the cut-off date of Friday, April 14, 2017 to be eligible for the group rate. To book online, click here.

Registered guests staying at the hotel are eligible to receive the discounted self parking rate of $12.00 plus taxes, per vehicle, per day.

For any difficulties encountered in making your reservation, please e-mail nhisac@prodevmeetings.com.

NH-ISAC 2017 Spring Summit – Orlando

Posted by: Greyson Schwing      Date: January 02, 2017
  • May 8, 2017 – May 10, 2017
  • Walt Disney World Swan & Dolphin Resort
  • 1500 Epcot Resorts Boulevard, Orlando, Florida, 32830, United States

Healthcare continues to be the target of malicious and clever social engineering attacks gained through the behavior of inattentive or non-compliant employees. 3rd party risk mitigation has become a significant issue as vendors become key players in the Healthcare Security supply chain. We need to address this additional risk as we grow the offering for our patients with the services we provide.

Every day thousands of Wi-Fi seeking smart phones and iPads enter our healthcare ecosphere…capable of being compromised in some form.

We Talk. We Share. We Network. Join us to network with the best practitioners, who are also your peers in Healthcare Security.

Can a security team gain traction while battling with other departments for IT budgets? If there is a breach who gets blamed? Is not having enough resources an acceptable alibi? A constant theme is juggling needs with budgets and corporate strategies. Beyond the obvious need to share and increase the resiliency of our sector, there is also the day to day business issues we need to deal with constantly.

Presenters will offer new ideas and strategies to potentially bolster resiliency of your organization’s cyberhood.

Topics will include:

  • Application Security Lifecycle Challenges
  • Medical Device Security Issues & Challenges
  • Endpoint Resilience/Analytics/Innovations
  • Cyber Intelligence Innovations (Teams, Techniques, Tools)
  • Incident Response & Breach Lessons
  • Cloud Security Challenges & Solutions
  • Operationalizing Advanced Security Capabilities
  • Deception Technologies
  • Isolation Technologies
  • Behavioral Analytics Lessons Learned
  • Security Scaling Issues & Innovations
  • Supply Chain Risk & Risk Management
  • Compliance / Regulatory Landscape
  • Convergence (of Physical/Cyber Security)
  • Business Resilience
  • Data Protection
  • Awareness & Training
  • Workforce Management
  • Mobile & BYOD