Day 1- Wednesday, September 13th

11:00 AM - 11:40 AM Welcome Brunch & Registration

11:45 AM - 12:00 PM Sponsor Orientation

11:45 AM - 12:00 PM Delegate Orientation

12:00 PM - 12:15 PM Ice Breaker

Opening Keynote

12:15 PM - 12:30 PM Chairperson’s Opening Remarks

Fred Kwong, CISO, Delta Dental


Fred Kwong

Delta Dental

12:30 PM - 1:10 PM Third-Party Risk Assessment in the Era of the Breach

Omar Khawaja, VP, Chief Information Security Officer, Highmark Health
Fruitful vendor partnerships are increasingly critical to the ever-changing enterprise, and in this session, Omar Khawaja shares essential tactics for ensuring your third-party partners are up to the challenge of true, trusted security.

Robust vendor vetting and management are key when any services are outsourced. As the cyber security executive, this adds the responsibility of proactively identifying risks, as well as verifying and overseeing that business partners and suppliers meet regulatory and compliance requirements throughout the life of the relationship.

This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:

•Considerations for access inside the defensive perimeter
•Featuring compliance requirements in RFPs
•Codifying security assessments in the procurement process
•Access technologies for vendor identification, validation and data encryption
•Measuring and monitoring compliance over time


Omar Khawaja

VP, Chief Information Security Officer
Highmark Health

Plenary Session

1:10 PM - 1:40 PM Building and Energizing Your Cyber Security Pipeline: Addressing the Heightened Skills Gap

Bill Dafnis, Associate Dean of Technology, School of Business and Technology, Capella University
Major industry trends fueled by the Internet and coupled by the innovation and exponential growth in the healthcare and information technology domains have surpassed Orwell’s fictional depictions. It is understood that that hackers do not discriminate on the basis of gender and therefore new tactics must be constructed to build and inform a new cybersecurity workforce and pipeline. Solving complex problems, understanding and applying legal and regulatory issues, building or contributing to new or emerging innovation and related attributes unique to cybersecurity are however not unique to ones gender. Most alarmingly, as human capital continues to grow in the STEM fields, gender imbalance in emerging fields continues to dominate. This presentation will address these imbalances as we have now reached a sourcing inflection point where the triangulation of technology, behavioral and social aspects of cybersecurity require an institutional shift.

Actionable take-away’s:

1.Think longer term. Frame your job descriptions beyond technical jargon.

2.Promote and grow from within. Your best talent may be in the next cubicle.

3.Broaden your talent search. Seek out other disciplines beyond the computing domains.

4.Represent the population. Build models that create and empower cross-functional teams of women and underserved populations


Bill Dafnis

Associate Dean of Technology, School of Business and Technology
Capella University


1:40 PM - 2:10 PM Healthcare and Public Health Sector Cyberdependencies

Alexander Reniers, Cyber Analyst, U.S. Department of Homeland Security
Given the high value of medical data on the black market, healthcare is a prime target of hackers and cyber criminals especially with the increased dependence on electronic health records and transmission of proprietary data digitally. Healthcare faces a number of cybersecurity challenges ranging from legacy systems to cyber workforce gaps. The consequences from a successful breach range from economic loss to death.


Alexander Reniers

Cyber Analyst
U.S. Department of Homeland Security

2:15 PM - 2:45 PM Business Meeting

2:15 PM - 2:45 PM Networking Break

2:45 PM - 3:15 PM Business Meeting

2:45 PM - 3:15 PM Networking Break

3:15 PM - 3:45 PM Business Meeting

3:15 PM - 3:45 PM Networking Break

Master Class

3:50 PM - 4:35 PM Best Practices and Future Direction of Security Awareness Training

Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4
Reported numbers may fluctuate from industry study to industry study, but they all agree on one thing: cybercriminals are successfully and consistently exploiting human nature to accomplish their goals. Employees are often the last line of defense between a sophisticated cyber-scam and your systems, data, and customers.

Healthcare information systems have proven to be an especially attractive target for cybercriminals. These systems are a virtual trove of identity-related data, payment information, and even intellectual property. It’s no surprise that criminals will seek the most effective methods, such as ransomware, to make a quick buck by holding systems hostage. While prudent security leaders know that security awareness and training is key to strengthening their ‘human firewall’ –they often don’t know where to start.

This session will provide practical advice to help healthcare organizations leverage effective security awareness and behavior management practices to strengthen their human firewall.

• Practical security awareness and behavior management tips
• Outlining how and where tools are helpful
• Emerging industry trends
• How to create a “human firewall”


Perry Carpenter

Chief Evangelist and Strategy Officer

Master Class

3:50 PM - 4:35 PM Leverage and Protect Your Investments in Cybersecurity to Expand Beyond Compliance into Endpoint Visibility and Control

Chris Covell, CIO, Absolute Software
This session, guided in part by attendee participation, will explore how to effectively utilize the cyber security solution stack required to move security past compliance and into protection of your assets and data. Participants will also discuss the challenges of implementing a complete security solution and ensuring investments are delivering as promised.
Participants will leave with the following take-aways from this session:

  • Confidence in communication strategies with stakeholders ranging from executives to board members to explain the necessity of comprehensive cybersecurity solutions and the return on investment they can expect.

  • Understanding of the importance of clear visibility into the complete environment, including potential dark endpoints that can be accessed to retrieve data, so as not to be lulled into a false sense of safety.

  • Awareness of the need to leverage and protect investments in cybersecurity solution stacks.


Chris Covell

Absolute Software

4:40 PM - 5:10 PM Business Meeting

3:10 PM - 3:40 PM Business Meeting

Roundtable 1

5:45 PM - 6:30 PM Empowering Employees to Combat Phishing, Ransomware and Other Social Attacks

Walter Ray, CISO, Augusta University Medical Center


Walter Ray

Augusta University Medical Center

Roundtable 2

5:45 PM - 6:30 PM Improving Medical Device Security

Heath Renfrow, CISO, United States Army Medicine


Heath Renfrow

United States Army Medicine

Roundtable 3

5:45 PM - 6:30 PM Examining the Security Risks in Vendor Services and Relationships

Fred Kwong, CISO, Delta Dental

Fred Kwong

Delta Dental

6:30 PM - 6:30 PM Networking Cocktail Discussion

Sponsored by: SentinelOne