Day 2- Thursday, September 14th

7:30 AM - 8:10 AM Networking Breakfast

Opening Keynote

8:10 AM - 8:50 AM Model Driven Security: Security Professionals Need to Learn Data Science

Jim Routh, Chief Security Officer , Aetna
Over two years ago Jim Routh hired a highly talented chief data scientist and asked him to pull together data from multiple sources in a big data environment to better understand where to allocate scarce resources. While he was building out the infrastructure an interesting thing happened, Jim noticed multiple implementations of machine learning applied to frontline security controls having significant success with very few problems. He subsequently realized that model driven security had arrived except it was being deployed at the frontline of online security controls instead of the backend according to the original plan. This likely represents the evolution of the security professional to data scientist. Jim will discuss the talent management implications of model driven security.


Jim Routh

Chief Security Officer

Plenary Session

8:55 AM - 9:25 AM Strengthening Data Center Security

In this interactive session discuss the unique attributes of data centers within healthcare (including common security needs of all data centers). The session will explore healthcare specific compliance requirements, articulating requirements to third parties and encryption.

In this session:
•Evaluating models for hosting
•Navigating benefits and risks of data center solutions
•Analyzing the data center’s role with the expanding end points in need of protection

9:30 AM - 10:00 AM Business Meeting

10:00 AM - 10:30 AM Business Meeting

10:30 AM - 10:45 AM Networking Break

BrainWeave B

10:45 AM - 11:30 AM Empowering Security through the Cloud

The cloud offers economic, competitive and collaborative benefits to the healthcare industry. But the sensitive and regulated data kept by healthcare organizations requires heightened security measure. In this session, discuss the challenges and benefits of moving to the cloud. Look at how the changing threat landscape creates risks to traditional security practices.

Examine current security trends affecting healthcare and approaches to protecting healthcare data:
•Prioritizing and overcoming challenges to the cloud
•Embracing the cloud with full visibility while managing shadow IT
•Identifying gaps and ensuring regulatory compliance through the cloud

Master Class B

10:45 AM - 11:30 AM Threats in a Connected Healthcare World

Cybersecurity in the healthcare industry is often fraught with technological misunderstanding and a lack of institutional knowledge about organizational attack surfaces. Attackers use this misunderstanding to find intrusion avenues that may not be protected via already deployed enterprise security solutions.
This talk will cover and overview of healthcare security risks, threats, attack avenues and approaches for defending patients, their records and your systems.

Ignite Session

11:35 AM - 12:05 PM Cyber Security in Healthcare

3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!

Topics Include:
•Facing fears across new frontiers to solve old issues; examine new security and storage paradigms for healthcare to combat real threats
•Sending it to the clouds: potential healthcare data security issues
•Empowering employees against phishing and ransomware attacks

12:05 PM - 1:05 PM Networking Lunch

Roundtable Discussions

Roundtable 1

1:05 PM - 2:10 PM Attack Vectors: what’s seen, strategies and ways to uniformly package the information for sharing

Roundtable 2

1:05 PM - 2:10 PM Innovating Email Security: A Common Gateway to Your Networks

Roundtable 3

1:05 PM - 2:10 PM Navigating the Legislative World: Discuss How Does It Shapes Security With Recent Proposed Changes To Healthcare Reform

2:10 PM - 2:40 PM Business Meeting

2:40 PM - 3:10 PM Business Meeting

BrainWeave C

3:15 PM - 4:00 PM Embracing Security Automation in the Cloud

Traditionally software developers write code and operations put the changes to code into place. Developers are deploying code continually and quickly with new tools.

DevOps is a working style that allows extremely fast code deployment, utilizing an integrated approach that joins agile development and operations together. DevOps has a vital role in enterprise security with its ability to change approaches to security. DevOps and centralized security policies offer the opportunity to automate and streamline the manual tasks needed to configure systems and apps. promise to automate and orchestrate many of the manual tasks required to configure servers, systems, and apps. In this session see how the cloud enables the enterprise to fully embrace security automation within infrastructure and account security with methodologies such as automating incident response remediation, deployments and instance isolation (such as sand boxes and holding zones).

•The evolving role of automation in security mitigation
•Scalable cloud security architecture utilizing DevOps
•Team use of innovative vulnerability management tools

MasterClass C

3:15 PM - 4:00 PM Improving Data Protection to Secure Health Information and Meet Regulatory Compliance

Appropriate data protection strategies and solutions within the enterprise ensure healthcare organizations can share data securely internally and externally including administration of privileged users and compliance with monitoring and reporting regulations. Access to health care data is essential to the delivery of quality care.

In this session:
•Effectively managing the treasure trove of healthcare data
•Utilizing people, processes and technology to detect attacks and protect people
•Building a culture of compliance to instil solid cyber hygiene

4:00 PM - 4:15 PM Networking Break

4:15 PM - 4:45 PM Business Meeting

4:45 PM - 5:15 PM Business Meeting

5:15 PM - 6:00 PM Quantifying Cyber Risk Valuation to Communicate and Mitigate Exposure to the Enterprise

John Sapp, CISO, Orthofix, Inc.
Translating technical data and metrics into a business risk context, which is understood by the C-Suite and Board of Directors is an important task of the Chief Information Security Officer. In this session, explore how cyber risk valuation provides a snapshot in time of your potential risk, which fuels proactive efforts to minimize and reduce exposure based on the risk appetite of the organization.

•Making informed and risk-based decisions through IT risk analytics
•Estimating the true cost of a potential cyber breach
•Examining how cyber risk forecasts fall short
•Quantifying the value of cybersecurity investments to produce an easily articulated analytical perspective


John Sapp

Orthofix, Inc.

5:15 PM - 6:00 PM Developing a Security Culture within Healthcare

Corporate culture comes up frequently in conversation. In this session, examine the effect of culture on cyber security. Corporate culture rather than technology may be what saves healthcare in the event of an attack. Take a deeper look at making security a team sport and play to your organization’s strengths.

•Developing intuitive security awareness
•Fitting the security program into existing culture
•Building diversity into your security team

6:00 PM - 6:00 PM Networking Cocktail Reception