Day 2- Thursday, September 14th

7:30 AM - 8:10 AM Networking Breakfast

Opening Keynote

8:10 AM - 8:50 AM Model Driven Security: Security Professionals Need to Learn Data Science

Jim Routh, Chief Security Officer , Aetna
Over two years ago Jim Routh hired a highly talented chief data scientist and asked him to pull together data from multiple sources in a big data environment to better understand where to allocate scarce resources. While he was building out the infrastructure an interesting thing happened, Jim noticed multiple implementations of machine learning applied to frontline security controls having significant success with very few problems. He subsequently realized that model driven security had arrived except it was being deployed at the frontline of online security controls instead of the backend according to the original plan. This likely represents the evolution of the security professional to data scientist. Jim will discuss the talent management implications of model driven security.


Jim Routh

Chief Security Officer

Plenary Session

8:55 AM - 9:25 AM Are You Sick of Digital Transformation? Here’s How to Cure it - - or at Least Make it Work for Security & Privacy

David Finn, Health Information Technology Officer , Symantec
Every healthcare organization’s IT department is busy chasing its tail around some number of “digital transformation” projects. This is happening even while breaches increase, ransomware expands and more projects are initiated with the same people doing the work. If healthcare wants to transform itself with digitalization and automation - - it better start with security, since everything else is about information and information technology.

Key Take Aways:

•Shortcomings in organizational culture are the biggest barriers to “digital transformation” or success in the digital age

•While risks must be understood and managed, healthcare as an industry must become less risk averse and be able to better calculate risks - - whether in security strategy or population health processes

•Siloed mind-sets and a failure to instil accountability in the right place have long tormented healthcare, but this cannot continue if we want to make healthcare secure and truly transform the industry in terms of automation, digitization, IoT, remote care and all the promise of information and information technology


David Finn

Health Information Technology Officer

9:30 AM - 10:00 AM Business Meeting

10:00 AM - 10:30 AM Business Meeting

10:30 AM - 10:45 AM Networking Break

BrainWeave B

10:45 AM - 11:30 AM The Bus Factor: Future-Proof your SOC

Rishi Bhargava, Co-Founder & VP Marketing, Demisto
Will your hard-earned security posture survive if you get hit by a bus?

Keeping up with the challenges of alert fatigue, a shortage of skilled staff, and lack of documented security processes is difficult enough. But how would your security posture stack up if you suddenly died?

This so-called bus factor is something every SOC team should consider, as they must constantly modify and improve their response to attacks, even in worse-case scenarios.

Attend this discussion to learn how Flatiron (a healthcare technology and services company focused on accelerating cancer research) mitigates their security risk via knowledge management within a security orchestration platform.

By implementing a consistent and documented incident management process, all knowledge acquired is kept within the product for future reference. Flatiron eliminates uncertainty and empowers their workforce with security answers that every analyst can now access. Having such a “force multiplier” effect helps the healthcare company retain talent, reduce burnout, and mitigate the all-important bus factor.

Benefits from implementing a comprehensive security orchestration platform include:

•An overall hardened security posture,
•Enhanced analyst productivity (from Tier 1-3), and
•Future-proofed security operations


Rishi Bhargava

Co-Founder & VP Marketing

Master Class B

10:45 AM - 11:30 AM Threats in a Connected Healthcare World

Rob Bathurst, Managing Director for Healthcare and Life Sciences, Cylance Inc.
Cybersecurity in the healthcare industry is often fraught with technological misunderstanding and a lack of institutional knowledge about organizational attack surfaces. Attackers use this misunderstanding to find intrusion avenues that may not be protected via already deployed enterprise security solutions.
This talk will cover an overview of healthcare security risks, threats, attack avenues and approaches for defending patients, their records and your systems.


Rob Bathurst

Managing Director for Healthcare and Life Sciences
Cylance Inc.


11:35 AM - 12:05 PM Rise of Ransomware Attacks

The variety and volume of ransomware and malware attacks continues to increase. Ransomware, which is malicious software that encrypts the infected computer files and keeps the owner from accessing them until a fee is paid, is becoming more targeted and expensive to the enterprise. Beyond ransomware, what will be the next source of attacks and network infections?

In this session examine:

•Strains of ransomware and how they are infecting networks
•Effective mitigation strategies
•Incident response, what to do if infected

Ignite Session

12:05 PM - 12:35 PM Cyber Security in Healthcare

Three Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!

Topics Include:

•Reduce Risk and Improve Patient Care with a New Approach to Cyber and IT Security- Speaker Steve Leatherman, Managing Director, Healthcare at BlackRidge Technology

•Sending it to the clouds: potential healthcare data security issues

•Empowering employees against phishing and ransomware attacks

12:35 PM - 1:35 PM Networking Lunch

1:35 PM - 2:40 PM Four Most Dangerous Security Holes in Your Mobility Policy

Thomas Moore, Sales Director for South Central , Skycure
Hackers are finding new ways to steal data and infiltrate healthcare organizations daily. A number of trends are driving the need for mobile threat defense, including the ubiquity of mobile devices among doctors, nurses and patients, BYOD, and the rise of cyber attacks. Attend this roundtable session to discuss the best practices on how to avoid mobile attacks and secure both BYO and corporate-owned devices. The session will also include a live interactive demo of an ethical hack in which the discussion leader will hack any iOS or android device in less than 60 seconds. Dare to participate?


Thomas Moore

Sales Director for South Central

1:35 PM - 2:40 PM Hardening Cloud Security while Speeding Up Operations

Richard Eisenberg, VP of Client Development , Cloudvisory


Richard Eisenberg

VP of Client Development

1:35 PM - 2:40 PM Navigating the Legislative World: Discuss How Does It Shapes Security With Recent Proposed Changes To Healthcare Reform

2:40 PM - 3:10 PM Business Meeting

3:10 PM - 3:40 PM Business Meeting

BrainWeave C

3:45 PM - 4:30 PM The Rise of Cybercrime as a Service: Which Threats Should We Address First?

Kevin Flynn, Director of Worldwide Product Marketing, Skybox Security
This session will cover what's been driving the shift to distributed cybercrime, how to align your vulnerability management with real-world threat behavior, and what intelligence and tools are needed. Monetarily motivated attacks are by far the most prevalent cyber threats to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. By understanding the commercialization of attack tools and services - particularly the vulnerabilities they use, re-use and share - vulnerability management can focus on the small subset of vulnerabilities that are exploited in the wild and packaged in distributed crimeware. This threat-centric approach improves vulnerability prioritization and focuses remediation on the relatively small number of exploitable vulnerabilities, greatly reducing risk through efficient, intelligent processes.
In this session:

•What's been driving the shift to distributed cybercrime

•How to align vulnerability management with real-world threat behavior

•The intelligence and tools needed


Kevin Flynn

Director of Worldwide Product Marketing
Skybox Security

MasterClass C

3:45 PM - 4:30 PM NextGen Endpoint Defense and What You Need to Know

Explore a fundamentally different approach to Endpoint Protection: Real-time protection against advanced threats driven by machine learning and intelligent automation.

This session covers why the endpoint is at the center of almost every breach and according to the trends that fact will not change. In the end executives should be armed with the information to move forward (or not) with a "Next Gen" endpoint solution.

In this session:

•Explore the current state of endpoint defense software why those approaches are sinking faster then the titanic

•Review quick debunking of the magic that is machine learning

•Explore the different approaches and categories of "Next Gen" endpoint defense

4:30 PM - 4:45 PM Networking Break

4:45 PM - 5:15 PM Business Meeting

5:15 PM - 5:45 PM Business Meeting

5:45 PM - 6:30 PM Quantifying Cyber Risk Valuation to Communicate and Mitigate Exposure to the Enterprise

John Sapp, CISO, Orthofix, Inc.
Translating technical data and metrics into a business risk context, which is understood by the C-Suite and Board of Directors is an important task of the Chief Information Security Officer. In this session, explore how cyber risk valuation provides a snapshot in time of your potential risk, which fuels proactive efforts to minimize and reduce exposure based on the risk appetite of the organization.

•Making informed and risk-based decisions through IT risk analytics
•Estimating the true cost of a potential cyber breach
•Examining how cyber risk forecasts fall short
•Quantifying the value of cybersecurity investments to produce an easily articulated analytical perspective


John Sapp

Orthofix, Inc.

5:45 PM - 6:30 PM Developing a Security Culture within Healthcare

Cliff Donothan, Sr. Director Information Security, Experian Health
Corporate culture comes up frequently in conversation. In this session, examine the effect of culture on cyber security. Corporate culture rather than technology may be what saves healthcare in the event of an attack. Take a deeper look at making security a team sport and play to your organization’s strengths.

•Developing intuitive security awareness
•Fitting the security program into existing culture
•Building diversity into your security team


Cliff Donothan

Sr. Director Information Security
Experian Health

6:30 PM - 6:30 PM Networking Cocktail Reception