2019 Summit Agenda

Monday, September 30

9:00 am - 5:00 pm Ransomware Cyber Range Exercise (Registration Required/Additional Fee)
9:00 am - 5:00 pm LS-ISAO Annual Member Gathering (By Invitation)
10:00 am - 3:00 pm Energy Roundtable (By Invitation)
12:00 - 5:30 pm Complimentary Golf Outing Hosted by King & Union (Registration Required)
7:00 - 9:00 pm Summit Kickoff Reception (Open to All Registrants)


Tuesday, October 1

7:00 - 8:30 am Breakfast & Registration
8:30 - 9:00 am Opening Remarks

9:00 - 10:00 am

Keynote: How Adversaries are Weaponizing Data - The Honorable Mike Rogers
10:00 - 10:20 am Morning Networking Break
10:20 - 11:05 am Mechanical Backdoors in Cold War Encryption Machines - Marc Sachs, Pattern Computer
Are Your Vendors/Subcontractors Putting You at Risk of “Selling” Data in Violation of the CCPA - Hunter Ferguson, Stoel Rives LLP
The 6Ds of Cybersecurity Exponentiation - Rick Howard, Palo Alto Networks
11:05 - 11:15 am Transition Break
11:15 - 11:45 am
Sponsor Presentations
Third-Party Cyber Risk Management - A Critical Ingrediant for A Healthy Ecosystem - Scott Schneider CyberGRX
HackerOne Presentation
The Threat Intelligence Cycle & What it Should Mean for Security Ops - Todd Weller, Bandura Cyber and Ken Towne, GRF
11:45 - 11:50 am Transition Break
11:50 am - 12:20 pm
Sponsor Presentations
Shared Assessments Presentation
King & Union Presentation
Reprivata Presentation
12:20 - 1:30 pm Keynote, Lunch
1:30 - 2:15 pm Understanding and Responding to the Activist Threat to Enterprise - Travis Moran, Welund North America
The Evolution of Third Party Risk Programs: What Stage Is Your Program At? - Jon Ehret, BlueCross BlueShield of Western NY
Critical Infrastructure Protection in the Age of Hybrid Attacks - Brian Harrell, DHS
2:15 - 2:30 pm Transition Break
2:30 - 3:15 pm Protecting the Global Telecommunications Supply Chain: USG-led Actions to Counter the Threat from Huawei and ZTE - Andy Keiser, Navigators Global
Leveraging Contractual Frameworks to Manage Supply Chain Risk - Dave Batz, Edison Electric Institute
What Can Cybersecurity Data Actually Tell Us? - Jack Jones, FAIR Institute
3:15 - 3:30 pm Afternoon Networking Break
3:30 - 4:15 pm Critical Infrastructure and Private Sector Cyber Threats: The Need for Collective Defense in the Modern Era - Jamil Jaffer, National Security Institute
Assets – Risks – Controls – Oh My! Structuring an Enterprise-Wide Security Program - Jacob Maenner, Exelon
NCCOE: An Industry-Led Collaborative Approach to Cybersecurity - Susan Prince, NIST/NCCOE
4:15 - 4:30 pm Transition Break
4:30 - 5:15 pm Managing Third-Party Risk in an Era of Great Power Competition - Melissa S. Hersh, Hersh Consulting LLP
Building a Better 3rd Party Risk Questionnaire - Bruce Potter, Expel
From Ongoing Monitoring to Ongoing Action: Transforming Your Monitoring to Reduce Risks - Jill Czerwinski, Crowe LLP
5:15 - 6:15 pm Vendor Area Happy Hour
6:15 - 8:15 pm Dinner and Networking Party


Wednesday, October 2

8:00 - 9:00 am Breakfast and Registration
9:00 - 9:15 am Opening Remarks
9:15 - 10:15 am Keynote: Future of Third Party Governance - Jim Routh, MassMutual
10:15 - 10:30 am Morning Networking Break
10:30 - 11:15 am Pillars of a Third Party Risk Program - Jill Morganwalp and Haddis Tafari, E*TRADE
The Customer Security Questionnaire Process – A Comprehensive Approach - Matthew McMahon, Siemens Healthineers
Lessons from M&A Cyber Due Diligence and How to Leverage Them for Supply Chain Risk - Matthew Wellling and Kate Growley, Crowell and Moring LLP
11:15 - 11:25 am Transition Break
11:25 - 11:55 am
Sponsor Presentations
TBA
TBA
TBA
11:55 am - 12:00 pm Transition Break
12:00 - 12:30 pm
Sponsor Presentations
TBA
TBA
TBA
12:30 - 1:55 pm Keynote, Lunch, Raffle, and Transition
1:55 - 2:40 pm Third-Party Vendor Risk Management: Best Practices & Lessons Learned - Bernie McGuinness, Campbell's Soup
Integrating Your TPRM Program Into The Procurement Process - Julie Gaiaschi, Wellmark BCBS
How CVS Health/Aetna Enforces Endpoint Encryption on Third-Party Devices - Jason Zellmer, CVS Health/Aetna and Ebba Blitz, AlertSec
2:40 - 2:50 pm Transition Break
2:50 - 3:35 pm Designing and Implementing a Successful Third-Party DR Program - Amera McCoy, CME Group
Bug Bounty Programs: Ins and Outs to Squash Vulnerabilities - Denise Anderson - H-ISAC; Faye Francy - Automotive ISAC, and Scott Algeier - IT-ISAC
Beyond Vendors: Addressing Non-Traditional Arrangements & New Technologies - Rhonda Cook, SEI Investments
3:35 - 3:45 pm Transition Break
3:45 - 4:30 pm Creating a Successful TPRM Program - Vince Fitzpatrick, Christiana Care Health System
Verizon Insider Report - Out of Sight Should Never Be Out of Mind - John Grim, Verizon
Strategies for Government/Private Sector Partnerships to Increase National Security - Rita Bush, ODNI
4:30 - 5:30 pm Evening Gathering at Coton & Rye Bar


Thursday, October 3

8:00 am - 5:00 pm Third-Party Risk Certification Class (Registration Required/Additional Fee)