Summit Speaker Bios
Our three Keynote speakers are professionals of renown, whose current insights will undoubtedly influence the direction of information security as we all move forward in our efforts to understand and implement best practices in our challenging field.
Howard A. Schmidt, who will deliver the Summit’s Opening Keynote, is the former Senior Director for CyberSecurity for the Obama Administration, has had a distinguished career spanning more than 40 years in defense, law enforcement, and corporate security. He is an expert in the areas of computer security, cybercrime, critical infrastructure protection and business risks related to cyber security. He has long been a leader in the creation of public and private partnerships and information-sharing initiatives.
Mr. Schmidt previously served as the President and CEO of the Information Security Forum, a nonprofit international consortium that conducts research and develops best practices in information security, risk management and critical infrastructure protection. He has held executive roles in the private sector including Vice President and Chief Information Security Officer at eBay Inc. and Chief Security Officer (CSO) for Microsoft Corporation. Mr. Schmidt’s government service has included assignments at the White House, the Federal Bureau of Investigation and the Air Force Office of Special Investigations (AFOSI).
At the White House, he was appointed as the Vice Chair of the President’s Critical Infrastructure Protection Board and Special Advisor for Cyberspace Security. He served as Chief Security Strategist for the United States CERT Partners Program for the National Cyber Security Division. Mr. Schmidt also was a supervisory special agent and director of the AFOSI Computer Forensics Lab and Computer Crime and Information Warfare Division. Prior to that, he led the computer forensics team for the FBI at the National Drug Intelligence Center.
His military career includes active duty tours with the U.S. Air Force, service in the Arizona Air National Guard as a computer/communications specialist and in the U.S. Army Reserves as a Special Agent, Criminal Investigation Division where, until his retirement from the reserves, he served with the computer crime investigations unit. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime. Before working at the FBI, Mr. Schmidt was with the Chandler, Arizona Police Department.
Mr. Schmidt has held leadership roles in various non-profit professional organizations including the Information Systems Security Association, (ISC)2 and was the co-founder and first president of the Information Technology Information Sharing and Analysis Center. In 2005 , Mr. Schmidt was appointed by the Secretary of Commerce to the Information Security Privacy Advisory Board. He has received numerous awards and recognitions from government and private industry including the CSO Magazine “Compass Award”, Baseline Magazine’s “The 50 Most Influential People in Business IT” as well as the Federal 100 Award to name just a few.
Mr. Schmidt holds a bachelor’s degree in business administration and a master’s degree in organizational management from the University of Phoenix and holds an Honorary Doctorate in Humane Letters. He is a Certified Information Systems Security Professional and a Certified Secure Software Lifecycle Professional. Mr. Schmidt is a Professor of Research at Idaho State University, Adjunct Professor at Georgia Tech, Information Security Center, and Adjunct Distinguished Fellow with Carnegie Mellon’s CyLab and a Distinguished Fellow of the Ponemon Privacy Institute.
Ira Winkler, who will deliver the Lunchtime Keynote, is CISSP is President of the Internet Security Advisors Group. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards.
Ira is also author of the riveting, entertaining, and educational books, Spies Among Us and Zen and the Art of Information Security. He is also a columnist for ComputerWorld and writes for several other industry publications.
Mr. Winkler began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst. He moved onto support other US and overseas government military and intelligence agencies. After leaving government service, he went on to serve as President of the Internet Security Advisors Group, Chief Security Strategist at HP Consulting, and Director of Technology of the National Computer Security Association. He was also on the Graduate and Undergraduate faculties of the Johns Hopkins University and the University of Maryland.
Mr. Winkler has also written the book Corporate Espionage, which has been described as the bible of the Information Security field, and the bestselling Through the Eyes of the Enemy. Both books address the threats that companies face protecting their information. He has also written hundreds of professional and trade articles. He has been featured and frequently appears on TV on every continent. He has also been featured in magazines and newspapers including Forbes, USA Today, Wall Street Journal, San Francisco Chronicle, Washington Post, Planet Internet, and Business 2.0.
General Session Attendees
Aaron Turner, who will deliver the Closing Keynote and particpate in the BYOD Panel, is a recognized expert in mobile security and information protection. He is currently the president of IntegriCell, a mobile risk management consultancy. Prior to IntegriCell, Aaron was the co-founder and CEO of RFinity, a mobile security technology startup formed as the result of research conducted at the U.S. Department of Energy’s Idaho National Laboratory (INL). While at INL, he collaborated with a team of information security experts to design the world’s first large-scale testing effort to evaluate how critical infrastructure has become dependent on computing systems and the resulting vulnerabilities that those dependencies cause.
Aaron’s focus on critical infrastructure and technology began while working for over seven years at Microsoft in many of the company’s security divisions. Significant projects that Aaron worked on while at Microsoft included creating and deploying the company’s first global information security readiness curriculum, facilitating interactions between Microsoft technologists and US Law Enforcement, participating in the resolution of global-scale security incidents such as Code Red, Slammer and Blaster, and working with security experts in more than 25 countries around the world to develop information security programs.
Expertise: Mobile Security, Information Protection, Governance, Risk & Compliance
General Session and Healthcare HITECH Attendees
This special panel will bring together four leading CISOs to share their experiences and wisdom in describing the challenges faced by those on the frontline when it comes to ensuring the security of sensitive information. You won’t want to miss hearing from these security leaders as they talk about how they partner with their C-suite peers to meet business demands, strategically communicate to other departments, and work security into the software development life-cycle (SDLC).
General Session Attendees
Roland Cloutier , CSO of ADP, brings one of the world’s largest providers of business outsourcing solutions a wealth of global protection and security leadership experience, including the management of strategic converged security and business protection programs.
Roland has functional and operational responsibility for ADP’s cyber, information protection, risk, workforce protection, crisis management, and investigative security operations worldwide. Automatic Data Processing, Inc. (NASDAQ: ADP), with nearly $10 billion in revenues and about 570,000 clients, is one of the world’s largest providers of business outsourcing solutions including payroll services, global tax management, and people management technology solutions.
Prior to ADP, Mr. Cloutier served as Vice President and CSO of EMC, where he spearheaded protection of the company’s worldwide business across both the commercial and government sectors.
Mr. Cloutier has held executive security management roles at consulting and managed security service organizations and has more than nine years’ experience in federal law enforcement.
Roland is active in industry development and serves on several private advisory boards, and is ADP’s board representative for the National Cyber Security Alliance Council.
Although Roland is a globetrotting Corporate Security Executive by day, Roland and his wife spend much of their non-work time supporting their daughters’ competitive equestrian pursuits including managing their small equine farm in western New Jersey.
As a United States Air force veteran himself, Roland knows the importance of serving your country and supporting those who have made many sacrifices to ensure our way of life. Roland volunteers for veterans organizations such as the American Legion, The100 Nights of Remembrance, and serves as ADP’s Executive Sponsor for the ADP National Employee Veteran Council.
Todd Friedman is a versatile leader with over twenty years of experience in Information Security and IT management. He currently leads global Information Security for Mattel, the worldwide leader in the design, manufacture and marketing of toys and family products.
Todd has spent over twenty years in information technology, previously in the insurance and entertainment industries, where he led numerous functions, including infrastructure planning and management, systems integration, PMO, project management, governance, compliance, and for the past decade, information security.
Prior to joining Mattel in 2012, Todd was SVP / CISO of Universal Music Group, the world largest music company.
A native of Los Angeles, he holds an MBA degree from UCLA and a BA degree from UCSD in History, with minors in Psychology and Biology. Todd has the following certifications: CISSP, CISM, CRISC and CIPP.
Prior to his current appointment, Mr. Greenberg was the Information Security Officer for the LA County Department of Health Services. Other previous positions include Director of Surveillance and Information Systems, Chief of Security Operations, Director of IT, and Project Manager for various companies/agencies in the private and public sectors.
Richard brings over 25 years of management experience and has been a strategic and thought leader in IT and Information Security for both the private and public sectors. His Project Management, Security Management and Operations, and Policy and Compliance experience has helped shape his broad perspective on creating and implementing Information Security Programs in organizations.
Richard was recently honored as a Fellow of ISSA International. In addition, he was recently selected as a nominee for the 2012 (ISC)2 Americas Information Security Leadership Award in the Senior Information Security Professional category. He is actively involved in the Information Security community, serving on the Board of the Los Angeles Chapter of ISSA and is the President of OWASP Los Angeles. Richard has served as a member of ISSA International Conference Committees, and was a co-chair of the ISSA LA Security Summit as well as the OWASP AppSec USA conference in Anaheim.
Richard has worked diligently to bring together the InfoSec organizations to enhance their collaboration efforts, to help reach new and existing members. He is also a Security Evangelist, helping to spread the word about secure application development and general security awareness.
Richard is a published author, and has spoken on Information Security individually and on panels, most recently at the 2012 HIMSS (Healthcare Information and Management Systems Society) HITECH/Security Forum in Los Angeles.
Kevin Rigney is the Chief Information Security Officer for Petco Animal Supplies, Inc. headquartered in San Diego, CA. His Information Security role involves the development, implementation and monitoring of the Information Security Program. The goal of the program is to protect customer information, employee information and company proprietary information. Additionally, he is responsible for overall IT Security & Compliance for the business.
Kevin is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and a Certified Information Systems Auditor (CISA). He also serves as the Naval Reserves Commander Third Fleet Executive Officer, Joint Forces Maritime Component Command, supporting the Active Component of the Pacific Fleet. He resides in Encinitas, CA.
Previously, Warzala was SVP, Global Head of IT Risk Management at Aon, where he developed and led a global organization with programs covering risk management, information security, IT compliance and privacy, continuity services, and information management.
Warzala began his IT career with GE Aerospace. During his GE career he transitioned from technical infrastructure roles to senior management positions in telecommunications, architecture, application development, and information security.
Warzala received his MBA from Xavier University and BS degree from Utica College of Syracuse University.
SPECIAL LUNCHEON GUEST
Andrea Hoy, will join Luncheon Keynote Ira Winkler as they will speak together during the General Session Luncheon. Andrea received her initiation into the information security community when her hard work and dedication earned her the role of Assistant Venue Manager/Supervisor at the 1984 Summer Olympics in Los Angeles, California. This position exposed her to the information security field and ignited a passion that has made Andrea, arguably, one of the leading women in her profession. She has not only served as an advisor to the Pentagon, but in 1991 she received the Security Education Manager’s Award, presented to her by a representative from the Pentagon, acknowledging her work in applying Continuous Process Improvements to the implementation of information security resulting in cost savings for both industry and Government. She has been involved in numerous committees in Washington, D.C., to establish national and international information security policies. Internationally she has assisted companies to establish policies and procedures that comply with the European Union Privacy Directive, the Data Protection Act and the Wet Bescherming Persoonsgegevens (WBP) Dutch Personal Data Protection Act, 2000.
She has been consulted by various media outlets and conferences with speaking engagements and interviews on cutting edge security and compliance issues and uses these opportunities to further the growth of ISSA, by mentioning membership opportunities. Andrea’s commitment to education has driven her to create a nationwide “Chief Information Security Officer (CISO) Bootcamp,” which addresses best practices of security management and assists those that are given the “title” without the compensation and control to gain the positioning they deserve. Andrea’s leadership positions in information security and business continuity includes companies such as Fluor, Rockwell International, Boeing, McDonnell Douglas, Litton, and consulting to such as Pacific Life, Genentech, Hamni Bank, and East West Bank. She was the first Virtual CISO to help companies that could not afford a full time CISO, but wanted the knowledge base, with the personalization and commitment to their company.
Andrea has served as a Presidential Advisor, elected Director and now Vice President to ISSA International. She served eight terms as President of ISSA Orange County, where she had successfully tripled the membership in the first two years in office. Prior to that she served as Vice President and Program Director of the ISSA OC Chapter. Also at the international level, she volunteered with the first CISO Executive Forum Task Force. The CISO Executive Forum is now in its eighth year+ was established to bring together ISSA members that are CISOs, to give them an opportunity to network, share ideas, and improve upon their skills in this much needed executive role. She has represented the United States as a diplomat to China on eDiscovery and forensics.
Andrea has been Co-Chair and Chairperson of the ISSA SoCAL Symposium for over 7 years and continues to share the lessons learned to help other chapters establish much needed funds for their meetings, training, and educational opportunities for their members.
She served on the Technical Advisory Board for RSA for 4 years, advised the International Board of Directors for PointSec/ProtectData of Sweden, as well as Board of Advisors for Encentuate, a global security identity management and provisioning company, leading to its successful acquisition by IBM in 2008. She served on the Board of Advisors for the Association of Women in Technology (AWT) and would like to use some of the experiences she has to further ISSA International as the infosecurity professionals’ association.
Andrea received a Masters of Business Administration from Pepperdine University in Malibu, California. Prior to that, she graduated Magna Cum Laude and was entered into the honor society of Beta Gamma Sigma (the Phi Beta Kappa of the School of Business).
LAW ENFORCEMENT PANEL
General Session Attendees
Marc Beaart has served with the Los Angeles County District Attorney’s Office for fifteen years. Currently, he is the Assistant Head Deputy of the High Tech Crime Division. Prior to his current assignment, he served in various sex crime assignments. His notable prosecutions include the “Koreatown Rapist”, “Union Station Rapist”, priest sex abuse cases and a special circumstance serial murder trial. He graduated from California State University, Northridge and Whittier Law School.
His work at EFF includes arguing before the Fifth Circuit Court of Appeals on the legality of warrantless cell phone tracking, testifying before the California state legislature on proposed electronic privacy legislation and filing numerous amicus briefs before federal and state courts throughout the country. In addition to writing about privacy on EFF’s blog, he’s written op-eds for the New York Times and Wired.
Before joining EFF Hanni worked as a federal public defender in San Diego where he tried numerous jury and bench trials and argued and won multiple times before the Ninth Circuit Court of Appeals.
Hanni graduated from the University of California, Berkeley with a degree in political science and an honors degree in history. He received his law degree with distinction from Pacific McGeorge School of Law, where he was elected to the Order of Barristers for his excellence in written and oral advocacy.
John (Jack) Furay is a Special Agent and an Electronic Crimes Special Agent- Electronic Crimes Investigation and Computer Forensics (ECSAP-CF) and Critical Systems Protection Program Special Agent (CSP) with the United States Secret Service and has served in this capacity since 1998. He presently serves on the United States Secret Service’s Electronic Crimes Task Force, Los Angeles Field Office and is detailed to the Beverly Hills Police Department’s High Tech Crimes Unit and Computer Forensics Lab.
As part of his ongoing training as a Special Agent and Computer Forensic Special Agent, I have received in excess of 1700 hours of training regarding criminal investigations, criminal computer forensic investigations, electronic crimes and undercover on-line investigations, legal training, and electronic crimes investigative training pertaining to on-line fraud schemes, network intrusions and attacks, child pornography investigations, domestic terrorism investigations, homicides, narcotics, fraud, real estate fraud, counterfeiting, bank fraud, credit card fraud, identity theft and a host of other State and Federal felonies.
He has also received extensive training in the area of Critical Systems Protection of national and domestic infrastructure and Supervisory Control and Data Acquisition Systems (SCADA) and have worked on programs and projects in this field.
His criminal investigative training classes and electronic crime and computer forensic training classes have been provided by Federal, State, and Local law enforcement agencies and departments, the United States Military, private industry, and universities.
Jack has conducted several hundred criminal investigations, computer forensic investigations, and cyber crime investigations in Federal, State, and Local law enforcement agency investigations.
As a featured lecturer and presenter, he has spoken at numerous Private Sector and Law Enforcement Conferences, Law Enforcement Training Symposiums, and Law Enforcement Academies both within the United States and Overseas.
In addition to the various criminal investigative and protective assignments to which he has been assigned in the United States Secret Service, he has served and is serving on multiple Law Enforcement Task Force and Electronic Crime Task Force Operations and Assignments with numerous Federal, State, and Local Law Enforcement Agencies. He has also been assigned to various United States Secret Service Headquarters projects pertaining to Electronic Crimes, Cyber Security, and Electronic Crimes Computer Forensics. Additionally, he has also served and presently is serving as a Liaison Special Agent to various law enforcement departments and agencies within the Los Angeles City and County region.
Jack possesses the following academic degrees: Doctorate Public Administration 1998 – Published Dissertation on file with the University of Michigan (UMI); Juris Doctorate in Law with Honors, 1996; Master’s Degree in History with Honors, 1997; Bachelor’s Degree, Summa Cum Laude and other Honors (Summa Cum Laude), 1991.
Jason Smolanoff is a Vice President in Stroz Friedberg’s Business Intelligence and Investigations practice based out of the firm’s Los Angeles office. Mr. Smolanoff is responsible for creating and managing novel cyber security solutions and responding to cyber related incidents for Fortune 500 companies, law firms, and cleared defense contractors.
Prior to joining Stroz Friedberg, Mr. Smolanoff served as a Supervisory Special Agent in the Federal Bureau of Investigation’s (FBI) Los Angeles Field Office where he oversaw the day-to-day operations of a Cyber National Security squad comprised of special agents and intelligence analysts. Mr. Smolanoff managed and responded to all aspects of complex cyber national security investigations with a nexus to counterintelligence and counterterrorism. Previously, Mr. Smolanoff was the supervisor of an embedded FBI criminal cyber squad at the Electronic Crimes Task Force in Los Angeles.
Mr. Smolanoff investigated and supported the prosecution of the two largest phishing and intellectual property right investigations in history, Operation Phish Phry and Operation Summer Solstice, respectively. For these notable accomplishments, he was awarded the 58th Attorney General’s Award for Distinguished Service and the 56th Attorney General’s Award for Excellence in Law Enforcement by the Department of Justice. Additionally in 2011, Mr. Smolanoff was recognized for his contributions to a significant cyber counterintelligence investigation for which he received the National Counterintelligence Award for Outstanding Cyber Investigation by the Office of the Director of National Intelligence.
In 2011, Mr. Smolanoff completed a long-term assignment with the FBI in Afghanistan as the lead mentor for twenty-five Afghan investigators assigned to two Organized Crime Units at the Major Crimes Task Force. His dedication and extensive accomplishments during this assignment earned him the United States Intelligence Community’s Joint Duty Certification.
Before entering the FBI, Mr. Smolanoff was a physical chemist employed by a major semi-conductor equipment manufacturer. In this role, he was responsible for managing client engagements pertaining to the wiring fabrication of semi-conductor chips. His innovative leadership and solutions earned him two United States Patents.
Mr. Smolanoff is a frequent thought leadership speaker and an accomplished author with several articles published in scientific journals. Mr. Smolanoff received his M.S. in Chemical Physics from State University of New York at Stony Brook and his B.S. in Chemistry from State University of New York at New Paltz.
Moderator: Joe McCray is an Air Force Veteran and has been in security for over 10 years. Joe has been involved in over 150 very high level pentesting assessments and has some major hacking accomplishments that he can share with his classes. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after speaking experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is the founder and CEO of http://strategicsec.com an IT Security consulting firm that provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis.
BEYOND REACTIVE SECURITY – DETECT, RESPOND, RESTORE: FASTER
General Session Attendees
Rafal Los, Principal Strategist, Strategic Security Services, at HP Enterprise Security Services, brings a pragmatic approach to enterprise security. Combining over a decade of technical, consulting and management skills in Information Security, he uses his extensive experience to help organizations defend themselves more intelligently. He is an advocate for focus on sound security fundamentals and for the principles of “right defenses, right place, right reason”. He is also a contributor to open standards and organizations – volunteering his time to groups such as OWASP and the Cloud Security Alliance. His blog, Following the White Rabbit, is his unique perspective on the various aspects of enterprise security, emerging technologies, and current events and can be found at http://hp.com/go/white-rabbit.
Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization’s security and risk-management strategy internally and externally. Rafal prides himself on being able to add a ‘tint of corporate realism’ to information security.
Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.
OWASP TOP TEN – RISK, MOBILE CONTROLS, PROACTIVE RISKS
General Session Attendees
Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.
EXPLOIT DEVELOPMENT FOR MERE MORTALS
General Session Attendees
Joe McCray, founder and CEO of http://strategicsec.com. Joe will also moderate the Law Enforcement Panel. Please see above for bio info.
In addition to the opportunity to learn from our Opening and Closing Keynote Speakers, Howard Schmidt and Aaron Turner, HITECH Summit attendees will learn from these highly regarded professionals as well.
HERE COMES an OCR INVESTIGATION-WHAT YOU NEED TO KNOW
Yun-kyung (Peggy) Lee is Supervisory Equal Opportunity Specialist with the HHS Office for Civil Rights. She has been an investigator with this Office of the U.S Department of Health and Human Services since 2003. Ms. Lee is also the Security Rule Leader for Region IX. Ms. Lee investigates and recommends resolution of complaints alleging discrimination in the provision of health or social services based on race, color, national origin, disability, or age, and of complaints alleging violations of the HIPPA Privacy and Security Rules and the HITECH Breach Notification Rule that address health information privacy rights. Ms. Lee began her career as a New York attorney in both private practice and as a staff attorney at MFY Legal Services – Mental Health Law Project. Upon arriving in California, Ms. Lee was a staff attorney at Neighborhood Legal Services – Health Consumer Center prior to joining OCR. Ms. Lee is a graduate of Cornell University and Pace Law School.
Cynthia Marcotte Stamer has more than 25 years of experience advising and representing a wide range domestic and multinational business and government organizations and their leaders develop and use workforce, internal controls, technology and other strategies, processes and tools to manage legal, operational and other risks, to enhance business and operational effectiveness, to reengineer people, processes and culture, and address other risk management and operational needs. She has worked extensively with public and private health care, technology, financial services, insurance, defense, retail and other business and governmental organizations to resolve issues relating to privacy and data security, investigations and enforcement, and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
A recognized thought leader on privacy, data security, and other matters, Ms. Stamer publishes, speaks and conducts training on these and other leadership, risk management and compliance matters. Ms. Stamer’s insights have been quoted in The Wall Street Journal, Business Insurance, the Dallas Morning News, Spencer Publications, and a host of other publications. Her “Personal Identity Theft Training Online Training Program For CIOs” has been included as part of the curriculum of the University of Dallas Information Management Graduate Program.
Ms. Stamer also regularly publishes and speaks for a wide range of organizations including the American Bar Association, the Bureau of National Affairs (BNA), Aspen Publishers, Spencer Publications, ISSA, and HIMSS, the American Electronics Association (AEA), the Institute of Internal Auditors, Business Institutes and a multitude of others. She is the author of hundreds of other publications and workshops including “Privacy & Securities Standards-A Brief Nutshell,” “Privacy Invasions of Medical Care-An Emerging Perspective,” the E-Health Business and Transactional Law Chapter on Other Liability-Tort and Regulatory;” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA;” “Personal Identity Management Legal Demands and Technology Solutions;” “Tailoring A Records Management Plan And Process To Meet Your Legal And Operational Needs;” “Brokers & Insurers Identity Theft and Privacy Perils;” “HR’s Role In Personal Identity Theft & Cyber Crime Prevention;” “Protecting & Using Patient Data In Disease Management Opportunities, Liabilities And Prescriptions;” “Why Your Business Needs A Cybercrime Prevention and Compliance Program;” “Leveraging Your Enterprise Digital Identity Management Investments and Breaking though the Identity Management Buzz;” “When Your Employee’s Private Life Becomes Your Business;” and hundreds of other works.
In addition to her work as Managing Shareholder, Cynthia Marcotte Stamer, P.C, Ms. Stamer is also Executive Director, Coalition For Responsible Health Care Policy/Project COPE: Coalition on Patient Empowerment as well as Managing Editor, Solutions Law Press, Inc.
HEALTHCARE ROUND TABLE LUNCHEON
Moderator: Sriram Bharadwaj (Sri) has over 20 years of Information Management Systems experience in multiple industries including healthcare. He is currently COO, Business Strategix Inc and is an industry consultant on health information exchanges. Sri in the past has been a healthcare technology leader and most recently Associate Vice President, IT Molina Healthcaree and has expertise in Applications Development, Enterprise-wide IT Infrastructure and Operations. Sri has been an integral part of the healthcare payer/rpovider community having been a senior IT leader in PacifiCare (now United Health Group) and Molina Healthcare focusing on implementing solutions to meet core regulatory requirements such as HIPAA and Sarbanes Oxley. Sri is well known for his process knowledge delivering performance improvements in multiple industries during his long tenure with Deloitte in various parts of the Americas, Asia Pacific and EMEA region. Sri also has expertise building products for customers through his earlier involvement with SAP AG (an ERP vendor). Sri is a Chartered Global Management Accountant (FCGMA)(U.K), Professional, Academy of Healthcare Management (PAHM), a Six Sigma BlackBelt (ASQ) and a CISSP. Sri is a Committee member for the CIO Healthcare Summits and has delivered many presentations on Healthcare regulations and compliance at various conferences.
PANEL DISCUSSION: MANAGING YOUR BUSINESS ASSOCIATES
This panel will share their knowledge and techniques in this often-challenging area.
Tom August , CISSP is the Director of Information Security at Sharp HealthCare and serves on the leadership Board of Directors for the National Health Information Sharing & Analysis Center (NH-ISAC). Tom has 20 years of IT auditing, management consulting and information security leadership experience and is a co-author of The CISO Handbook.
Michelle Caswell is a Healthcare Compliance Consultant for Sword & Shield Enterprise Security. Michelle has more than 12 years of experience in the healthcare field. Prior to law school, Michelle worked in healthcare marketing for the largest pediatric cardiology group in Georgia. While in law school, Michelle was the research assistant for her health law professor. She graduated at the top of her class and received the Justice Leah Ward Sears Award for Pro Bono Service, an honor bestowed upon the graduating student with the most pro bono hours dedicated to public service. During law school and upon graduation, Michelle worked as a Health Insurance Portability and Accountability Act (HIPAA) investigator for the U.S. Office for Civil Rights (OCR) where she ensured covered entities were in compliance, conducted complaint investigations and educated covered entities on how to comply with the HIPAA Privacy, Security, and Breach Notification Rules. She received her Bachelor of Science from the University of Tennessee and her Juris Doctorate from Atlanta’s John Marshall Law School. Michelle is a licensed attorney in Georgia and provides in-house counsel services to Sword & Shield. She is a frequent speaker on healthcare compliance and security.
Jennifer Papp, R.D., is the Privacy Officer for the Los Angeles County Department of Health Services (DHS), which is the second largest health system in the United States and provides health services to approximately 700,000 unique patients annually. Jennifer oversees the Department’s Privacy and Security Compliance Program and guides the Facility Privacy and Information Security Coordinators to ensure compliance with State and Federal privacy and security laws. Under her management, DHS has enhanced its compliance program through policy development, risk identification, and implementation of a multi-faceted privacy and security education and training curriculum.
Jennifer has more than 25 years of healthcare management and clinical experience. She began her professional career in Clinical Nutrition Management as a Registered Dietitian in both the private and public sector. Prior to her appointment to her current position, she served as Quality Management Administrator and the HIPAA Compliance Officer at a large public hospital.
Throughout her career she has built alliances through strong relationships with management,direct patient care providers and front line workforce members through trust and a hands-on approach to tackling the dynamic challenges facing compliance professionals and healthcare organizations.
Jennifer received her Bachelor of Science from California State University in Los Angeles and continues to maintain her dietetic registration
Maria C. Suarez is the Information Security Officer at the University of Southern California including all campuses across 8 international locations spanning across 4 continents as well as the Keck Medical Center (Keck Hospital of USC, USC Norris Cancer Hospital, USC Care Medical Group Inc., and all clinics and outpatient satellites).
Previously, she was the Information Security Officer at the City of Hope Research and National Cancer Center in Duarte, California, responsible for expanding the Information Security Program at the enterprise level.
She was recognized as one of Computer World’s Premier 100 IT Professionals in January 2005 for her thought-leadership in laptop encryption, audit trails, and, managing vendor security risk.Maria’s award-winning experience in the field of Information Technology has evolved within the higher education, healthcare and financial services industries. She is characterized as a leader bridging business and information technology specializing in information security, risk management, data privacy and regulatory compliance.
Maria’s professional contributions have been applied at Fortune 32 and Fortune 500 healthcare insurance companies as well as a major hospital system within the NYC area.
Her technical training stemmed from her years as programmer analyst with one of the “Big Four” public accounting firms where she gained experience in multiple technical platforms and more importantly the need for attention to the people and processes supporting technologies.
She has held leadership positions as Director of Information Security Strategy, and Policy, Security Assurance Officer, Privacy Officer and Director of Internet/Intranet Technologies. It is from this latter role’s focus on e-business portal development where Maria’s concern with the confidentiality of sensitive information grew exponentially.
She has an MBA in Computer Information Systems from St. John’s University in NYC, with an undergraduate degree in Mathematics from the City University of New York. She is a certified information security professional (CISSP), a certified information security manager (CISM), a certified information systems auditor (CISA), and, certified in the governance of enterprise IT (CGEIT).
Moderator: Katherine Waldron, is the Chief Operating Officer for the National Healthcare Information Sharing and Analysis Center (www.nhisac.org). The NH-ISASC is nationally recognized by the DHS, HHS and the National Council of ISACs – the non-profit organization is focused on information sharing and threat and vulnerability monitoring for the nation’s healthcare and public health sector.
Her most recent involvement with Regulatory Training Games includes her work as Co-founder and CEO for Gamxing, Inc. (www.gamxing.com). Gamxing provides patent pending regulatory training games for a variety of industry sectors, including HIPAA, HITECH and best practices games for healthcare personnel at all levels and across all healthcare organizations.
Her prior experience includes:
- Waldron and Associates, MOWB: Founder and CEO
- Sprint: Vice President Wholesale Services, Executive Assistant Program, Marketing Manager
- Nortel Networks: Marketing Manager
- Phillips Publishing: Senior Editor/Reporter
Community involvement includes Board positions and appointments with various organizations and non-profits including American Cancer Society, Boys and Girls Club and Cystic Fibrosis Foundation.
Security associations and memberships include HIMSS, Cyber Cluster Working Group of San Diego and Securing our E-Cities.
Katherine Waldron has earned the following degrees: MBA, Palm Beach Atlantic University; BA, University of Virginia
Mobile devices continue to make significant inroads in the business world, and with the rapid growth of personal devices, there is virtually no stopping employees from using their own technology (in at least a limited capacity) at work. As technology and controls leapfrog each other every year, come and discuss the core questions that continue to need to be addressed in order to keep your organization’ data secure.
Healthcare HITECH Session Attendees and an option for General Session Attendees as well
KJ Grinde is currently responsible for managing the day-to-day operations of the Office of the CISO at Edwards Lifesciences, , and for the strategic development and implementation of new program elements and tools intended to enhance the global information security and compliance program.
Mr. Grinde has been a technology professional for 25 years including 20 years of information security practice experience working in the financial services, healthcare, government, telecommunications and high-tech industries. Kj is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Information Systems Auditor (CISA).
Henry Jenkins is a seasoned leader in technology, information security and risk management with almost 20 years in highly regulated industries. Currently he services as Director, Information Services for Huntington Memorial Hospital, a mid-market health care organization in the greater Los Angeles area providing excellence in care to the community. He is responsible for IT strategy and execution, information security and data management/analytics.
Prior to his current position, he served as CIO for a startup diversified financial services firm and the CTO of the commercial banking and trust division of a Fortune 500 organization.
Jenkins holds an undergraduate degree from Biola University, a Masters in Management Science from California State University Fullerton and an MBA from University of California Irvine – The Paul Merage School of Business.
Moderator: Edward Pagett is an accomplished leader and has more than 20 years of experience in information security and risk management. He currently leads the information security and risk management program for Lender Processing Services, Inc. where he deﬁnes and executes the strategy for information security and risk management, business continuity and vendor risk management. LPS provides mortgage loan processing, as well as mortgage-related information products and outsourcing services for ﬁnancial institutions, mortgage lenders and real estate professionals.
Mr. Pagett also holds multiple industry certiﬁcations including CISA, CISM, CRISC, & CISSP and earned his Bachelor’s in Information and Computer Science from the University of California at Irvine.
Aaron Turner, Information Security, Regulatory Compliance & Risk Management, IANS, will deliver the Summit’s Closing Keynote and serve on the BYOD Panel as well. Please see above for bio info.
James Christiansen is Chief Risk Officer of RiskyData, an information security and privacy solutions corporation focused providing clients with scalable and cost effective tools and services to manage their Information Risk. Prior to joining RiskyData, James was Chief Information Risk Officer for Evantix and CSO for Experian Americas. James had the overall responsibility for information security providing strategic direction and vision across Experian business units.
James joined Experian after serving as Chief Information Security Officer for General Motors where his responsibilities included worldwide implementation of security plan for the largest financial (GMAC) and the largest manufacturing corporation in the world. Prior to joining GM he was SVP and Division Head of Information Security for Visa International, responsible for their worldwide information security program.
James has been featured in the New York Times as one of the leaders in information security. He has an MBA in International Management, BS in Business Management and is the author of the “Internet Survival Series”, contributing author of “CISO Essentials” and numerous industry papers. James has been chair for the IT Fraud Summit, and co-chair of the ANSI study of the impact of security breaches on healthcare, a prominent speaker for prestigious events such as the Business Round Table, Research Board, American Bar Association, American Banker, RSA, BankInfoSecurity, ISSA and MIS Training Institute.
James has more than 25 years of experience in information security, systems management, including network and operating systems management, application development and design and now meeting the significant challenge of providing risk management solutions for RiskyData.
This session, which begins with the opening Keynote from Howard Schmidt, is intended for business leaders, including CEOs, COOs, CFOs, Managing Partners, other decision makers & trusted advisors with top-level management responsibility for information security and compliance and for information privacy laws and regulations. In addition to the opportunity to learn from our Opening Keynote Speaker, Howard Schmidt, Executive Forum participants will learn from these highly regarded professionals as well.
AFTER THE BREACH: SECURITY WEAKNESSES & LESSONS LEARNED
James Aquilina, Executive Managing Director, Stroz Friedberg, serves as part of the Executive Management team, leads the firm’s Digital Forensics practice, and oversees the Los Angeles, San Francisco and Seattle offices. He supervises numerous digital forensic, Internet investigative and electronic discovery assignments for government agencies, major law firms, and corporate management and information systems departments in criminal, civil, regulatory and internal corporate matters, including matters involving data breach, e-forgery, wiping, mass deletion and other forms of spoliation, leaks of confidential information, computer-enabled theft of trade secrets, and illegal electronic surveillance. He has served as a special master, a neutral expert, and has been appointed by courts to supervise the forensic examination of digital evidence. Mr. Aquilina also has led the development of the firm’s Online Fraud and Abuse practice, regularly consulting on the technical and strategic aspects of initiatives to protect computer networks from spyware and other invasive software, malware and malicious code, online fraud, and other forms of illicit Internet activity. His deep knowledge of botnets, distributed denial of service attacks, and other automated cyber-intrusions enables him to provide companies with advice and solutions to tackle incidents of computer fraud and abuse and bolster their infrastructure protection.
Prior to joining Stroz Friedberg, Mr. Aquilina was an Assistant U.S. Attorney (AUSA) in the Criminal Division of the U.S. Attorney’s Office for the Central District of California, where he most recently served in the Cyber and Intellectual Property Crimes Section. He also served as a member of the Los Angeles Electronic Crimes Task Force and as chair of the Computer Intrusion Working Group, an inter-agency cyber-crime response organization. As an AUSA, Mr. Aquilina conducted and supervised investigations and prosecutions of computer intrusions, extortionate denial of service attacks, computer and Internet fraud, criminal copyright infringement, theft of trade secrets, and other abuses involving the theft and use of personal identity. Among his notable cyber cases, Mr. Aquilina brought the first U.S. prosecution of malicious botnet activity against a prolific member of the “botmaster underground” who sold his armies of infected computers for the purpose of launching attacks and spamming and used his botnets to generate income from the surreptitious installation of adware; tried to jury conviction the first criminal copyright infringement case involving the use of digital camcording equipment; supervised the government’s continuing prosecution of Operation Cyberslam, an international intrusion investigation involving the use of hired hackers to launch computer attacks against online business competitors; and oversaw the collection and analysis of electronic evidence relating to the prosecution of a local terrorist cell operating in Los Angeles.
During his tenure at the U.S. Attorney’s Office, Mr. Aquilina also served in the Major Frauds and Terrorism/Organized Crime Sections, where he investigated and tried numerous complex cases, including: a major corruption trial against an IRS Revenue Officer and public accountants; a fraud prosecution against the French bank Credit Lyonnais in connection with the rehabilitation and liquidation of the now defunct insurer Executive Life; and an extortion and kidnapping trial against an Armenian organized crime ring. In the wake of the September 11, 2001 attacks, Mr. Aquilina helped establish and run the Legal Section of the FBI’s Emergency Operations Center.
Before public service, Mr. Aquilina was an associate at the law firm Richards, Spears, Kibbe & Orbe in New York, where he focused on white collar defense work in federal and state criminal and regulatory matters.
Mr. Aquilina served as a law clerk to the Honorable Irma E. Gonzalez, U.S. District Judge, Southern District of California. He received his B.A. magna cum laude from Georgetown University, and his J.D. from the University of California, Berkeley School of Law, where he was a Richard Erskine Academic Fellow and served as an Articles Editor and Executive Committee Member of the California Law Review.
He currently serves as an Honorary Council Member on cyber-law issues for the International Council of E-Commerce Consultants (EC-Council), the organization that provides the CEH (Certified Ethical Hacker) and CHFI (Certified Hacking Forensic Investigator) certifications to leading security industry professionals worldwide. Mr. Aquilina is a member of Working Group 1 of the Sedona Conference, the International Association of Privacy Professionals, the Southern California Honey Net Project, the Los Angeles Criminal Justice Inn of Court, and the Los Angeles County Bar Association. He also serves on the Board of Directors of the Constitutional Rights Foundation, a non-profit educational organization dedicated to providing young people with access to and understanding of law and the legal process.
Mr. Aquilina is co-author of the widely acclaimed books, Malware Forensics: Investigating and Analyzing Malicious Code, and Malware Forensics Windows Field Guide, both published by Syngress Publishing, Elsevier Science & Technology Books, which detail the complete process of responding to the malicious code incidents victimizing private and public networks worldwide.
EVOLVING LEGAL OBLIGATIONS
Michael A. Gold is a partner of Jeffer Mangels Butler & Mitchell LLP in Los Angeles. His practice involves both corporate counseling and transactions and litigation matters. His clients range from early stage companies backed by private equity funds to major national companies.
Michael advises companies and their owners, executives and directors in business control and governance disputes, shareholder controversies, business reorganizations, internal investigations, corporate compliance programs, competitionand trade secret matters and “business divorces.” Michael is the co-author of “Winding Down Strategic Alliances andCollaborations,” published in the spring 2012 edition of the California Business Law Practitioner, a publication of the California Continuing Education of the Bar.
Michael is co-chair of the Firm’s Privacy, Information Management and Data Protection Group. He is also a founder and co-chair of the Firm’s Discovery Technology Group™, one of the first such practice groups in a major law firm. Michael counsels clients in a wide variety of matters, including the development of computer-based information retention systems, forensic investigations of computer systems, computer and internet privacy matters and breach issues and e-discovery. He is a co-author of the Bloomberg BNA Portfolio “Records Retention for Enterprise Knowledge Management,” published in 2007 and updated in 2012.
THE CURRENT STATE OF CYBERCRIME
Bill Lewis is currently the Assistant Director in Charge for the FBI’s Los Angeles Field Office. Mr. Lewis entered on duty as a special agent with the FBI in August 1988, and was assigned to the Omaha Division’s Lincoln Resident Agency. In February 1991, Mr. Lewis was transferred to the Atlanta Division, where he worked domestic terrorism and drug matters. He was promoted to supervisory special agent (SSA) in Atlanta in September 1997, with responsibilities including management of the 1996 Centennial Olympic Park bombing investigation. He was subsequently assigned to supervise the Eric Rudolph fugitive investigation, and he spent over one year coordinating that effort in Andrews, North Carolina.
In November 1999, Mr. Lewis was assigned as an SSA in the Violent Crimes/Fugitive Unit within the Criminal Investigative Division at FBI Headquarters. He was designated the unit chief of the FBI’s Transfer Unit in December 2000.
Mr. Lewis was assigned as assistant special agent in charge (ASAC) of the Mobile Division in August 2004. As ASAC, he had oversight responsibilities for the FBI’s counterintelligence, counterterrorism, and intelligence programs there. From April to October 2008, he was the Counterterrorism Division’s on-scene commander in Iraq and from January 2009 to January 2012, he served as legal attaché for the FBI in Baghdad, Iraq. From February 2010 to April 2011, Mr. Lewis served as the Criminal SAC in Los Angeles. From April 2011 to October 2012, he served as the FBI’s Deputy Assistant Director of Human Resources in Washington D.C. Director Robert S. Mueller, III in October 2012, appointed Mr. Lewis as Assistant Director in Charge for the FBI’s Los Angeles Field Office.
KEY STRATEGIES FOR MANAGING CYBER SECURITY
Stan Stahl, Ph.D., is President of both Citadel Information Group and the Los Angeles Chapter, Information Systems Security Association. He is a knowledgeable, articulate, high-energy speaker with the rare gift of being able to describe the complexities of information systems security in a way that makes sense to real-world non-technical business professionals.
Foreseeing the computer crime tsunami that was to come, Stan co-founded Citadel Information Group in 2002. An information security management services firm, Citadel delivers Information Peace of Mind ® to business and the not-for-profit community.
Stan has been President of the Los Angeles Chapter of the Information Systems Security Association since 2008 and is the architect of its Community Outreach Program. Recognizing that It Takes the Village to Secure the Village SM, the program stimulates necessary collaboration between Los Angeles business and community leaders, technical IT professionals. law enforcement and the information security community.
An information security pioneer, Stan has secured teleconferencing at the White House, Top Secret databases inside Cheyenne Mountain, the communications network controlling our nuclear weapons arsenal and other very high-threat high-risk information security challenges.
A frequent speaker and writer on cyber security, Stan is a former Mathematics Professor with a Ph.D. in Mathematics from The University of Michigan. He was recently appointed to the Industry Advisory Board of the Information Technology Program at USC’s Viterbi School of Engineering.