2019 Summit Agenda

Monday, September 30

9:00 am - 5:00 pm LS-ISAO Annual Member Gathering (By Invitation)
10:00 am - 3:00 pm Energy Roundtable (By Invitation)
12:00 - 5:30 pm Complimentary Golf Outing Hosted by King & Union & Recorded Future (Registration Required) *LS-ISAO members have a 2pm start
7:00 - 9:00 pm Summit Kickoff Reception (Open to All Registrants)


Tuesday, October 1

7:00 - 8:30 am Breakfast & Registration
8:30 - 9:00 am Opening Remarks

9:00 - 10:00 am

Keynote: How Adversaries are Weaponizing Data - The Honorable Mike Rogers
10:00 - 10:20 am Morning Networking Break
10:20 - 11:05 am Mechanical Backdoors in Cold War Encryption Machines - Marc Sachs, Pattern Computer
Are Your Vendors/Subcontractors Putting You at Risk of “Selling” Data in Violation of the CCPA - Hunter Ferguson, Stoel Rives LLP
The 6Ds of Cybersecurity Exponentiation - Rick Howard, Palo Alto Networks
11:05 - 11:15 am Transition Break
11:15 - 11:45 am
Sponsor Presentations
Third-Party Cyber Risk Management - A Critical Ingredient for A Healthy Ecosystem - Scott Schneider, CyberGRX and Jon Ehret, BlueCross BlueShield of Western NY
Default to Disclosure: How Disclosing Vulnerabilities can Build Trust - Reed Loden, HackerOne
The Threat Intelligence Cycle & What it Should Mean for Security Ops - Todd Weller, Bandura Cyber
11:45 - 11:50 am Transition Break
11:50 am - 12:20 pm
Sponsor Presentations
TPRM Framework Exploring Risk Appetite and Cybersecurity Continuous Monitoring - Charlie Miller, Shared Assessments and Rocco Grillo, Alvarez & Marsal
Leveraging Collaboration and Threat Sharing Across Organizational and Cross-sector Boundaries to Enable Rapid, Actionable Threat Intelligence - Peter Prizio, King & Union and Glenn Wong, Recorded Future
Real-time Secure Collaboration, Actionable Intelligence, and Iterative Feedback Loop to Achieve Uniform Minimum Standards Across the Entire Supply Chain - Tripp Hardy, Reprivata
12:20 - 1:30 pm Lunch, RiskRecon Session: Challenging Tradition - A Panel Debate Between Traditional and Future School Third-Party Risk Management- Kelly White, RiskRecon; Bryan Inagaki, Cybersecurity Risk Management and Solutions, Thermo Fisher Scientific; Bob Wilkinson, Cyber Marathon Solutions
1:30 - 2:15 pm Understanding and Responding to the Activist Threat to Enterprise - Travis Moran, Welund North America
The Evolution of Third Party Risk Programs: What Stage Is Your Program At? - Jon Ehret, BlueCross BlueShield of Western NY
Critical Infrastructure Protection in the Age of Hybrid Attacks - Brian Harrell, DHS
2:15 - 2:30 pm Transition Break
2:30 - 3:15 pm Protecting the Global Telecommunications Supply Chain: USG-led Actions to Counter the Threat from Huawei and ZTE - Andy Keiser, Navigators Global
Leveraging Contractual Frameworks to Manage Supply Chain Risk - David Batz, Edison Electric Institute
What Can Cybersecurity Data Actually Tell Us? - Jack Jones, FAIR Institute
3:15 - 3:30 pm Afternoon Networking Break
3:30 - 4:15 pm Verizon Insider Report - Out of Sight Should Never Be Out of Mind - John Grim, Verizon
Assets – Risks – Controls – Oh My! Structuring an Enterprise-Wide Security Program - Jacob Maenner and Erin Holloway, Exelon
How CVS Health/Aetna Enforces Endpoint Encryption on Third-Party Devices - Jason Zellmer, CVS Health/Aetna and Ebba Blitz, AlertSec
4:15 - 4:30 pm Transition Break
4:30 - 5:15 pm Managing Third-Party Risk in an Era of Great Power Competition - Melissa S. Hersh, Hersh Consulting LLC
Building a Better 3rd Party Risk Questionnaire - Bruce Potter, Expel
From Ongoing Monitoring to Ongoing Action: Transforming Your Monitoring to Reduce Risks - Jill Czerwinski, Crowe LLP
5:15 - 6:15 pm Sponsor Area Happy Hour
6:15 - 8:15 pm Dinner and Networking Party - Hosted by RiskRecon


Wednesday, October 2

8:00 - 9:00 am Breakfast and Registration
9:00 - 9:15 am Opening Remarks
9:15 - 10:15 am Keynote: Future of Third Party Governance - Jim Routh, MassMutual
10:15 - 10:30 am Morning Networking Break
10:30 - 11:15 am Business and the Beast: How to Keep Your Security Program from Falling Behind the Business You’re Supposed to Protect - Bryan Inagaki, Thermo Fisher Scientific
The Customer Security Questionnaire Process – A Comprehensive Approach - Matthew McMahon, Siemens Healthineers
Lessons from M&A Cyber Due Diligence and How to Leverage Them for Supply Chain Risk - Matthew Welling and Kate Growley, Crowell and Moring LLP
11:15 - 11:25 am Transition Break
11:25 - 11:55 am
Sponsor Presentations
Managing CTI: Why One Size Doesn't Fit All - Joost van Hest, EclecticIQ
Quantifying and Mitigating Supply Chain Risk - John Loveland, Verizon
Pillars of a Third Party Risk Program - Jill Morganwalp and Haddis Tafari, E*Trade
11:55 am - 12:00 pm Transition Break
12:00 - 1:15 pm Lunch, Valimail Presentation: The Tenets of Cybersecurity: It’s Time to Demand Transparency and Accountability – Tim Leow, Valimail
1:15 - 2:00 pm Third-Party Vendor Risk Management: Best Practices & Lessons Learned - Bernie McGuinness, Formerly Campbell's Soup
Integrating Your TPRM Program Into The Procurement Process - Julie Gaiaschi, Third Party Risk Association
Designing and Tailoring a Business-Balanced Third-Party Security Program - Douglas White, Delta Dental of NJ and CT
2:00 - 2:15 pm Transition Break
2:15 - 3:00 pm Designing and Implementing a Successful Third-Party DR Program - Amera McCoy, CME Group
Beyond Vendors: Addressing Non-Traditional Arrangements & New Technologies - Rhonda Cook, SEI Investments

Bug Bounty Programs: Ins and Outs to Squash Vulnerabilities - Errol Weiss - H-ISAC; Faye Francy - Automotive ISAC; Scott Algeier - IT-ISAC; Josh Dembling - Intel; Jeff Troy - Aviation ISAC

3:00 - 3:10 pm Transition Break
3:10 - 3:55 pm Creating a Successful TPRM Program - Vince Fitzpatrick and Natasha Coulter, Christiana Care Health System
Critical Infrastructure and Private Sector Cyber Threats: The Need for Collective Defense in the Modern Era - Jamil Jaffer, GMU National Security Institute
Strategies for Government/Private Sector Partnerships to Increase National Security - Rita Bush, ODNI
4:30 - 5:30 pm Evening Gathering at Coton & Rye Bar


Thursday, October 3

8:00 am - 5:00 pm Third-Party Risk Certification Class (Registration Required/Additional Fee)