Assembly Recap: Transformational CISO & CISO Healthcare

  • By Elizabeth Radziul
  • in
  • on February 26, 2021

Cybersecurity leaders have been brought to the forefront of their organizations in the wake of ongoing disruption, which is why we were excited to host our Transformational CISO & CISO Healthcare Virtual Assembly this week. It was an engaging two days filled with interactive workshops and keynotes, C-Suite networking, and peer-to-peer problem solving on the most pertinent topics within cybersecurity today.

In case you missed it…

What We Learned From Our Keynote Speakers

sujeet bambawale

Sujeet Bambawale, CISO at 7-Eleven, started off this two day event with an engaging Keynote on what’s ahead in cybersecurity. Threat intelligence is on the rise, paving the way for attack simulations in order to meet increasing expectations. This will allow security teams to test efficacy in real-time against the latest threats. Sujeet also touched on a subject that proved to be a theme throughout the remainder of the Assembly: rapidly changing talent pipelines and the importance of diversity of experience and background within cybersecurity teams.

keynote panelOur day two Opening Keynote Panel was led by Diana Burley, Vice Provost for Research at American University, and featured panelists Ann Hines, Business Information Security Officer, Principal, USAA; Shefali Mookencherry, CISO, Edward-Elmhurst Healthcare; Brian Mork, CISO, Westinghouse Electric Company; and Devin Shirley, CISO, Arkansas Blue Cross Blue Shield. The panel focused on rethinking data governance frameworks in the midst of constant disruption. Shared insights included the need for more stringent asset management, building trust with vendors and maintaining control over subcontractors, and adequately training staff on security in a remote setting. Our panelists also noted that remote work is not new, but the scale at which it is currently implemented is, which means that security must be part of the overall workplace culture.

Chris Leach from Cisco led an interactive discussion on what it means to be a CISO for change. The CISO is responsible for managing security, but security is a team effort. That’s why CISOs need to act as thought leaders and involve other leaders within the organization in order to lead valuable change. CISOs are often viewed as the “no” people, but with the right collaboration, they can be the force behind change.

Engaging C-Suite Discussions

Tim Rohrbaugh, Chief Information Security Officer at JetBlue Airways Corporation discussed the Kaizen approach to security program improvement. This approach focuses on incremental, measurable change to threat actors’ cost, value proposition, or address motivations. The incremental change prevents the fear associated with long term change, and Threat-Informed Defense speeds up response times to quickly changing threats.  The concept’s ultimate goal is to improve visibility in order to eventually automate response.

jetblue

Next up, Jim Rutt, Chief Information Officer and Chief Information Security Officer, Dana Foundation led a discussion on a risk management approach to allocating budget. He notes that while risk cannot be completely eliminated, it can be reduced as much as possible to an acceptable level with proper qualitative and quantitative analysis. Risk mitigation can feel like a daunting task, but basic risk formulas can help give you a better understanding of your situation.

Robert Pace from Invitation Homes addressed the big threat: endpoint security. He stresses the importance of going back to the basics and determining the right “tools of choice” within your organization. Discussions on configuration, strategy, budget, and reporting are essential before new technology is introduced, but also for existing systems that need enhancement. 

Ed Harris from Mauser Packaging led an interactive session on becoming a 2.0 CISO. His advice is to use four simple tools. First, hiring smart people allows your team creates a strong team capable of bringing new ideas and value. Second, creating visibility is key because identifying anomalies requires understanding your baseline. Next, personal R&D teams can utilize think tanks and resources to problem-solve and stay on top of new developments in cybersecurity. Finally, it is important for CISOs to not just understand security and information system language, but also business language in order to make decisions on behalf of the business and move up in their organization. 

For the final session of the Assembly, Benjamin Corll CISO at Coats addresses automation’s role in cybersecurity. Automation can be useful in reducing alert fatigue, filling the gaps where there is a lack of resources, and creating the consistency that the human element lacks. While there is still room for growth and improvement in automation, the only way to progress is to start implementing it. 

Insights From Our Solution Providers

Sophos

Our partners at Sophos led the discussion on targeted ransomware. The best way to combat these targeted attacks is to understand how they are conducted by hackers. The key is to keep your guard up and be on the lookout for attacks that take place when the organization is most vulnerable.

Abnormal Security

Roman Tobe from Abnormal Security gave us the intel of Vendor Account Compromise, including how hackers gain access to accounts and how to stop them. It is important for organizations to understand common communication practices in order to more easily detect anomalies and stop them before they wreak havoc on vendor accounts. 

Palo Alto Network

Bruce Hembree from Palo Alto Networks noted that while people take time off, cyber threats are constant. That’s why Palo Alto Networks assesses organizations dynamically and in real time, and automatically respond to active threats. An automation funnel is used in order to handle a large volume of alerts and avoid major incidents.

Fortinet

Troy Ament and Jay Mervis from Fortinet led a workshop on evolving threats within healthcare. Between increased virtual visits and the rise of AI and Machine Learning, there is no doubt that digital innovation is causing an increase in cyber threats. That is why it is important for leaders to integrate network solutions with security policies. 

BeyondTrust

Chris Hills from BeyondTrust explains how you can switch from a reactive to a preventative approach to endpoint security. As threats continue to evolve, endpoints are becoming more complex, which leaves companies needing to do more with less. Furthermore, the “new normal” has created a perfect storm for privilege abuse. Because of this, organizations need complete endpoint security that acts as an ecosystem, not a single solution. One key part of creating a secure ecosystem is removing admin rights from the end user and giving them just enough privileges to do their job.

Qualys

Jeremy Briglia from Qualys notes that it is important to create an automated system without increasing associated risks. Continuous risk assessment can help ensure risks do not slip through the cracks. Asset inventory, vulnerability and configuration assessment, patch management, and threat risk and prioritization are essential to mitigating these risks. 

And the Winner of The Millennium Mission Prize is…

Mario Memmo

The Millennium Alliance will donate $1,000 on behalf of Mario Memmo to the charity of his choice. Mario won this award as a part of The Millennium Alliance’s new initiative, Millennium Mission, in which we donate to charities such as AdoptAClassroom.org, Feeding America, The Miracle Walk, the U.S. Coronavirus Emergency Response, and others on behalf of the most engaged attendee for each event. We are excited to make a donation in Mario Memmo’s name!

Don’t miss out on the next Transformational CISO Assembly! Join us on April 27th for our Transformational CISO Assembly & CISO Financial Services Virtual Assembly. Go here to RSVP.

Leave a Reply

PUBLISHED BY Elizabeth Radziul

View all posts by Elizabeth Radziul

Related Posts

CISO

Botnet Attacks on the Rise: Companies to Invest Heavily in API Security

Recently, companies are beginning to shift to the use of the cloud and expose functionality via Application Programming Interfaces (APIs). Cybercriminals have been taking this new exposed entry to their advantage as new technologies often lack the proper security. With APIs becoming more commonly used in companies, cybercriminals have been using Botnets to carry out […]

CMO , Retail

How Businesses Can Begin to Change the Conversation

Contributed by [24]7.ai Over the years, we’ve spoken with countless businesses across multiple industries. And every time we strike up a conversation, we ask a lot of questions, because we’re constantly on the lookout for new ways we can use technology to improve the customer experience. During these conversations, however, we began to notice a […]

CISO

Cybersecurity Leader, John Felker, Keynotes Our August Assembly!

On August 17th, The Millennium Alliance Transformational CISO Virtual Assembly kicks off with a keynote address from John Felker, Former Assistant Director for Integrated Operations, Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security. Felker is a proven innovator in the cybersecurity space and is notably recognized for his work leading the […]

#MillenniumLive , Healthcare

#MillenniumLive The COVID-19 Shift to Telehealth

Our thought leader, Michele Chulick, the former President & CEO of Wyoming Medical Center, talks about her career journey, leading the successful affiliation between WMC and Banner Health, and the challenges leading a major health system during the pandemic in this weeks #MillenniumLive. Chulick touches on the rapid shift from in-person healthcare to telehealth during […]

Lovin’ Digital Diary?

Premium content to our readers interested in all things business.

Check Us Out!

Millennium Membership offers Fortune 1000 C-Level executives, leading public sector/government officials, and thought leaders across a variety of disciplines unique and exclusive opportunities to meet their peers, understand industry developments, and receive introductions to new technology and service advancements to help grow their career and overall company value.

About Millenium Alliance Next

About Digital Diary

Created to provide premium content to our readers interested in all things business.

Launched in 2017, Digital Diary was created to provide premium content to our readers interested in all things business. With our blogs catered to deliver the top news stories, trends, and interviews from across all industries.

Read all story Next

Millennium Alliance Membership

Learn More Next

What does it mean to be a Millennium Member? In the midst of the constant disruption across all industries, our members are given the tools they need to digitally transform their organizations and become the best leaders they can be. Millennium Members are provided the exclusive opportunity to attend our 40+ intimate in person and virtual Assemblies, take part in industry-leading Executive Education sessions conducted by the nation’s leading academic institutions, business leaders, and technology providers and receive industry leading content through our Digital Diary Platform as well as the rapidly growing #MillenniumLive Podcast Series.