Kirk Nahra - Partner, Cochair, Cybersecurity and Privacy Practice, WilmerHale
Matthew Scholl - Chief of the Computer Security Division in the Information Technology Laboratory, National Institute of Standards and Technology (NIST)
Matthew Murray - Adjunct Professor, Columbia School of International and Public Relations
Cory Simpson - Executive Vice President, Resolute Strategic Services
Parham Eftekhari - Executive Vice President, CISO Communities, Cybersecurity Collaborative
Jen Easterly - Director, CISA
Tom Scurrah - VP, Cybersecurity Programs and Content, Cybersecurity Collaborative
Scott Scheferman - Principal Strategist, Eclypsium
Alex Bazhaniuk - Co-Founder & CTO, Eclypsium
Jesse Michael - Principal Researcher, Eclypsium
Benjamin Kastan - Associate General Counsel for Cybersecurity, National Security Agency
Jere Miles - Assistant Director, Operational Technology and Cyber Division, Homeland Security Investigations (HSI)
Michael Orlando - Acting Director, National Counterintelligence and Security Center (NCSC), ODNI
Glenn Gerstell - Former General Counsel, NSA
Lead by Tom Scurrah - VP, Cybersecurity Programs and Content, Cybersecurity Collaborative
Operational Technology is the hardware and software that, through monitoring and control, detects or changes a state, respectively, within industrial equipment. Operational technology can alter the chemical composition and volume of liquids in various processes, such as oil refinement and water treatment. Therefore, these technologies must be protected from nation-state and other security threats from the Internet. However, many of the security controls applied to information technology have not been implemented in OT environments, frustrating and concerning CISOs.
Security metrics can drive improvements to the cybersecurity program, monitor risks and controls effectiveness, and convey security posture to the Boardroom. However, many companies struggle identifying which metrics will be most effective and which graphic representations will be most useful.
The security of internally developed and acquired software is a continuing challenge for most enterprises. Pressures to develop or acquire more application functionality in shorter time periods have driven organizations to agile development and containerization methodologies and to relying on open-source code. These decisions have impacted the way security is addressed within the Systems Development Lifecycle (SDLC) and in testing (e.g., code reviews, and vulnerability scans).
Monitoring the computing environment for potential compromises is a key component of an information security program. Traditionally, the Security Operations Center (SOC) has been the monitoring organization and Security Information and Event Management (SIEM) systems have been used to analyze logs for indicators of compromise. Today, SOCs are facing challenges with staffing and demands for additional capabilities, like threat monitoring. Unable to build their own SOCs, companies rely on using Managed Security Service Providers (MSSPs), who may overlook indicators of compromise because of the challenges of monitoring multiple companies.
Incident Management, which includes response plans and playbooks, has been a foundational control of a cybersecurity program. However, in recent years, as entities recognize the increasing likelihood of being attacked, incident management has become an even more critical component of the cybersecurity program. Board members and regulators are inquiring about the robustness of the incident response plan to address not only potential breaches, but also third party and critical software vulnerabilities.
Over the years, security has evolved as a primary topic in the Boardroom. This evolution has posed three challenges to CISOs: (1) educating Board members of basic security principles; (2) defining and gaining acceptance of Board member security responsibilities; and (3) communicating the entity’s security posture to Board members. Please join us for a scoping meeting, during which we will hear your concerns, proposed discussion topics, and desired deliverables for our upcoming Security and the Boardroom Task Force. Open to all task force eligible members!
Although organizations recognize the importance of security awareness as a key component of their cybersecurity programs, creating engaging and effective training for employees has been a challenge, especially in an era of ransomware and constant social engineering attacks. This Task Force led by Tom Scurrah aims to address these challenges and develop an executive guide to security awareness.
This Task Force led by Cybersecurity Collaborative's own Tom Scurrah is focused facilitating a series of knowledge sharing sessions and developing resources addressing third and fourth party incident response
This Task Force led by Cybersecurity Collaborative's own Tom Scurrah is focused facilitating a series of knowledge sharing sessions and developing resources addressing the threat of ransomware.
Lead by Robert Pingel - Senior Manager of Technical Security Strategy, Rockwell Automation
This Task Force, requested and led by Rockwell Automation In response to the Solarwinds incident will tackle how to develop and deploy software securely.
Lead by Daryl Haegley - Director, Mission Assurance & Cyber Deterrence, DOD
This Task Force is focused on Cloud Security in the context of security controls, handling costs and other hidden fees, tools, frameworks and supporting success.
Lead by Jerry Davis - Former CISO, NASA
This Task force is focused on Third Party Risk for enterprise level organizations in the context of contracting, assessing, health monitoring and new solutions.
This Task Force is focused on Asset Management in the context of identifying categories, ranking risk, defining asset health and engaging stakeholders.
Nicole Darden Ford - Global CISO, Rockwell Automation
Michelle Amanti - Network Analyst, DuPage County, Illinois
Cory Johnson - Director of Cybersecurity, 2U
Paul Bivian - Director of Information Security, Kirkland and Ellis
Tiffanee Watkins - Incident Management, One Main Financial
Benjamin Corll - VP, Cybersecurity and Data Protection, COATS
Sydney Klein - CISDO, Bristol Myers Squibb
Roland Cloutier - Executive Committee Advisor,
Renee Guttmann - Executive Committee Advisor,
John Germain - CISO, Duck Creek Technologies
Robert Wood - CISO, Centers for Medicare and Medicaid Services
Robert Pingel - Senior Manager of Technical Security Strategy, Rockwell Automation
Andres Andreu - Senior Vice President, Cybersecurity, 2U
Arlan McMillan - CISO, Kirkland & Ellis LLP
Mitchell Greenfield - Director, Core Security Architecture, Humana
Tim Callahan - SVP, GLOBAL CISO, Aflac
Devon Bryan - Global CISO, Carnival Corporation
Ron Ross - Fellow, NIST
Rita Reynolds - CIO, NACo
Sheldon Cuffie - CISO, American Family Insurance
Andy Fiumefreddo - Enterprise IT Third-Party Cyber Risk Manager, American Family Insurance
Karen Evans - Former CIO, Department of Homeland Security
Jill Aitoro - Editor In Chief, SC Media
Jerry Davis - Former CISO, NASA
Todd Fitzgerald - V.P. of Cybersecurity Strategy, Cybersecurity Collaborative
Matthew Stiak - Director, Cyber Risk Management, Delta Dental Insurance of California
Dawn Cappelli - Executive Committee Advisor,
Meredith Harper - Vice President & CISO, Eli Lilly and Company
Christopher Zell - Executive Committee Advisor,
Bryan Hurd - Vice President, Aon Cyber Solutions
VJ Viswanathan - Founding Partner , CYFORIX
Jami Hughes - CISO, Progressive Lending
Rich Rushing - CISO, Motorola Mobility
Marc Varner - Corporate VP & Global CISO, Lowe’s Companies, Inc.
David Estlick - CISO, Chipotle
Shawn Tuma - Co-Chair, Data Privacy & Cybersecurity Practice , Spencer Fane, LLP
Sam Curry - Chief Security Officer, Cybereason
Richard Rushing - CISO, Motorola Mobility
Philip Agcaoili - ,
Rebecca Herold - CEO, Privacy and Security Brainiacs SaaS Services
Adel Melek - Global Vice Chair, Risk Advisory at Deloitte LLP
Wayman Cummings - VP, Global head of security operations, Unisys Corporation
Grant Sewell - Director of Security , AHEAD
Richard Clarke - CEO & Chairman, Good Harbor Security Risk Management
Benny Lakunishok - CEO, Zero Networks
Jack Jones - Chief Risk Scientist, RiskLens
Kevin Richards - President, Secure Systems Innovation Corporation
John Iatonna - CISO, Spencer Stuart
Scott King - VP/VISO, Encore Capital Group
Steve Orrin - Federal CTO, Intel Group
Samantha Thomas - Former CPO/CSO , Govt
Dawn-Marie Hutchinson - CISO, BAR
Leon Ravenna - CISO, KAR Global
Jim Routh - Board Member, Jimmer Advisory Services LLC
Candy Alexander - CISO/International President of ISSA, NeuEon/ISSA
Chris Apgar - CEO & President, Apgar & Associates, LLC
Richard Kaufmann - VP – CISO, Amedisys
Mark Burnette - Shareholder-in-Charge, LBMC Information Security
Ricardo Lafosse - Kraftheinz, Kraftheinz
William Miaoulis - CISO , Auburn University
Allison Miller - CISO and VP of Trust, Reddit
Charles Cresson Wood - Attorney & Management Consultant, InfoSecurity Infrastructure, Inc.
Todd Inskeep - Founder, Incovate Solutions
Steven Lentz - Cloud Security Director, Striim
Kathy Wang - CISO, Very Good Security
Sam Monasteri - VP, Global Cyber Security, ACCO Brands
Kevin Novak - Interim CISO, University of Chicago Medical Center
Melanie Ensign - Founder and CEO, Discernible Inc
Rachel Tobac - Hacker, CEO, SocialProof Security
James Christiansen - CSO VP, Cloud Security Transformation, Netskope
Jonathan Nguyen-Duy - Vice President, Field CISO Team, Fortinet
David Nolan - VP, Information Security, Aaron's
Kerissa Varma - CISO, Old Mutual Limited
Frank Johnson - VP Cyber Sales & Marketing, Seculore Solutions
Kevin Morrison - Managing Director & CISO, Alaska Air Group
Glenn Kapetansky - CSO & Technology Capability Lead, Trexin Consulting
Steve Durbin - Chief Executive, ISF Ltd
Phil Attfield - CEO, Sequitur Labs, Inc
Dan Lohrmann - Chief Security Officer & Chief Strategist, Security Mentor, Inc.
Mark Weatherford - CISO, AlertEnterprise
Alexander Niejelow - Senior Vice President, Cybersecurity Coordination & Advocacy, Mastercard
Ira Winkler - CISSP & CISO, Skyline Technology Systems
Jim Reavis - CEO, Cloud Security Alliance
Will Lin - Managing Director & Co-Founder, ForegePoint Capital
Erik Decker - AVP & CISO, Intermountain Healthcare
Edward Marchewka - Founder, CHICAGO Metrics
Tatu Ylonen - Founder, SSH Communications Security
Michael Daugherty - CEO, LabMD
Tony Sager - Senior Vice President & Chief Evangelist, Center for Internet Security
Petri Kuivala - CISO, NXP Semiconductors
Lee Parrish - CEO, Novel Security
Mauro Israel - CISO Corporate, BIOOOS
Paul Hypki - CISO, Children's Minnesota
Steve Katz - Founder & CEO, Security Risk Solutions, LLC
Robert Bigman - Cyber Security Consultant, 2BSecureLLC
Marci McCarthy - CEO & President, T.E.N. Inc.
Valerie Lyons - COO, BH Consulting/Dublin City University
Ari Schwartz - Managing Director, Cybersecurity at Venable
Mischel Kwon - CEO, W@tchTower, LLC
