03 Dec SI 2019 CISO Summit Highlights
The SI 2019 CISO Summit sponsored by Deloitte was held October 24 & 25. Co-hosts CHRISTUS VP and CISO Fernando Blanco and BayCare VP and CISO Thien Lam welcomed 21 chief cybersecurity officers and other healthcare IT security executives from across the country to the CISO Summit convened at the Hyatt Regency on the beautiful San Antonio River Walk.
Deloitte’s Raj Mehta kicked off the two-day meeting with a “Cyber Breakout Room” exercise that used an escape-room type game to foster deeper security awareness. Participants were dared to solve seven challenges within 20 minutes focused around unlocking a laptop infected with ransomware. Seven security executive volunteers did it in eight minutes, breaking the previous Deloitte record of 11 minutes! The world record-setting game participants included Ron Mehring, Michael Erickson, Alex Ludwinek, Mike Czumak III, Tom August, Preston Jennings and Scott Dresen.
To wrap up the afternoon session, the group tackled “Next-Generation Cybersecurity: Trends and Issues,” exploring the challenges and complexities in the context of healthcare trends such as consumerism, interoperable data and the cloud. Discussion focused on the characteristics of healthcare transformation in the context of:
- Agility;
- Increasing complexity of eco-system & alliances;
- Explosion of connected devices, wearables, IoT & medical devices;
- User-friendliness of cyber-risk prevention tactics;
- Digital privacy in an era of data sharing; and
- Artificial intelligence-related cyber-risk management considerations.
“It’s all about data” Click to see full-size.
On Day 2, CHRISTUS’ Fernando Blanco introduced case study presentations focused on next-level technical architecture:
- Memorial Sloan Kettering Cancer Center’s AWS Hybrid Cloud Architecture Design, presented by Mike Czumak, VP & CISO, MSKCC
- Cloud Security and O365, presented by Preston Jennings, EVP Information Security & CISO, Trinity Health
On cloud, virtual and remote monitoring:
- Texas Health Resource’s Continuous Monitoring, Event Triage & Reporting, presented by Ron Mehring, VP Technology and Security & CISO, THR
- Trinity’s Threat Intelligence Investments/Results, presented by Preston Jennings, CISO, Trinity Health
On board and executive management reporting:
- Strategic Business Risk/Cyber Controls, presented by Tom August, VP & CISO, John Muir Health
- Offshore Exception Tracking/Reporting, presented by Fernando Blanco, CHRISTUS Health
On future business-model infrastructure:
- Business Model Evolution, presented by Mike Gomez, VP & CISO, Bon Secours Mercy Health
- Workforce of the Future, presented by Michael Erickson, CISO, Baptist Health
Fernando Blanco, Thien Lam, and SI Executive Director Janet Guptill wrapped up the 2019 SI CISO Summit by summarizing the sessions, placing them in the context of the ongoing healthcare cybersecurity conversation nationally and globally, and then inviting everyone to the 2020 SI CISO Summit to be hosted by Baptist Health in Louisville in May 2020.
[td_block_text_with_title custom_title=”Summit Attendees”]
Thomas August
VP and CISO, John Muir Health
Vice President and Chief Information Security Officer | John Muir Health Tom August (CISSP, CPHIMS) is an award-winning CISO and respected industry leader with over 25 years of experience in Information Security, IT Auditing and Risk Management. Tom has made...
Fernando Blanco
VP and CISO, CHRISTUS Health
Fernando Blanco is Vice President and Chief Information Security Officer at CHRISTUS Health, one of the nation’s largest Catholic healthcare delivery system. He is responsible for the Cybersecurity program supporting CHRISTUS Health’s delivery network across four states, in four countries...
Chris Convey
VP and CISO, Sharp HealthCare
VP and CISO at Sharp HealthCare Chris has extensive leadership experience in information and technology risk, cyber security, IT operations and cloud technologies. Before his current role at Sharp, Chris was CIO and CISO at Millennium Health where he led...
Michael Czumak, III
VP and CISO, Memorial Sloan Kettering Cancer Center
VP and CISO at Memorial Sloan Kettering Cancer Center I have over 11 years experience in IT and Information Security. My primary role is developing and leading an application security and penetration testing program, performing hands-on testing of a variety...
Scott D. Dresen, MBA, FACHE, FHIMSS, CISSP, CISM
SVP, Information Security & CISO, Corewell Health
Scott D. Dresen, MBA, FACHE, FHIMSS, CISSP, CISM is the chief information security officer of Corewell Health—formed by the coming together of Beaumont Health and Spectrum Health in 2022. As the chief information security officer, Scott is accountable as the...
Michael Erickson, MBA
CISO, Baptist Health
Michael Erickson is chief information security officer (CISO) for Baptist Health. In this role, which he has held since Nov. 1, 2016, he works in collaboration with the system’s clinical, information technology and compliance departments, serving as a member of...
Michael Gomez
VP and CISO, Bon Secours Mercy Health
VP, Chief Information Security Officer | Bon Secours Mercy Health Michael Gomez is VP, CISO for Bon Secours Mercy Health. In this role, he is responsible for technical security control environment and risk oversight across 7 states, 43 hospitals, 1,000 points...
Todd Greene
VP and Enterprise CISO, Atrium Health
Todd is the Vice President & Enterprise CISO for Atrium Health, which now includes Wake Forest Baptist Health. Todd has been with Atrium Health for more than 21 years and started his career as a member of the server team...
Kevin Hamel, CISM
VP IT Ops & Technical Platforms & CISO, Hartford HealthCare
Kevin has nearly 25 years of experience and proven leadership in cybersecurity and IT management in the financial and healthcare sectors. Prior to joining Baystate Health, Kevin was the Chief Information Security Officer for COCC, a managed IT services provider...
James L. Hanson
Regional Information Security Officer, Avera Health
Regional Information Security Officer | Avera James L. Hanson (Jim) has over 30 years of senior management experience in the healthcare, insurance and financial services sectors. His career has spanned organizations from Fortune 500 companies to information security start-ups. In...
Todd Hill
Director, Information Security & Deputy CISO, Baptist Health
Todd Hill is a member of Baptist Health’s cyber security leadership team. He is responsible for the implementation and management of Baptist’s enterprise security architecture, threat detection & response, and vulnerability management capabilities. Hill joined Baptist in March 2015 as...
Preston Jennings
EVP, Information Security and CISO, Trinity Health
Preston Jennings is the EVP, Information Security and Chief Information Security Officer for Trinity Health, a $16.3 B healthcare provider with 120,000 employees, operating in 22 states. Preston joined Trinity Health in 2016 from PricewaterhouseCoopers, where he was the CISO...
Thien Lam
VP and CISO, BayCare Health System
Mr. Lam joined BayCare in 2011. Mr. Lam brings strong focus on the strategic implementation of the organization’s vision for robust protection via BayCare's information security program which includes IT risk, business resiliency and PCI compliance. He is an avid speaker...
Mark Lantzy
CIO, IU Health
SVP & CIO, Indiana University Health President, IU Health Plans Mark Lantzy is the senior vice president and chief information officer at Indiana University Health, Indiana’s leading healthcare system. He is responsible for overseeing information services, including strategic planning, operations...
Alex Ludwinek
Director of Cyber Risk Management and IAM, Memorial Hermann Health System
Alex Ludwinek is the Director of Cyber Risk Management and IAM at Memorial Hermann Health System. In this role Alex leads governance, risk and compliance efforts along with the automated management of user accounts and access. Prior to his current...
Kathryn McClellan, CHCIO
SVP and CIO, Froedtert Health Inc.
An outstanding senior level executive with over 20 years' experience in nursing, healthcare operations and information technology that spans the provider, vendor and consulting sectors. She has vast experience in operations management, strategic planning, process redesign, information system design/implementation and...
Ron Mehring MBA, CISSP
CISO, VP of Technology & Security, Texas Health Resources
Ron Mehring serves as the Chief Information Security Officer and Vice President of Technology & Security for Texas Health Resources, one of the largest faith-based, nonprofit health care delivery systems in the United States. The system's primary service area includes...
Brad Sanford
CISO, Emory University, Emory Healthcare
Chief Information Security Officer | Emory University and Emory Healthcare Brad Sanford currently serves as the Chief Information Security Officer for Emory University where he has overarching information security responsibilities for both Emory University and Emory Healthcare. Brad has over 25...
Pavel Slavin
VP and CISO, Froedtert & Medical College of Wisconsin
Pavel Slavin, vice president and chief information security officer for Froedtert Health, oversees the enterprise security/cybersecurity strategy to protect the health system’s information assets. With the health care sector increasingly the target of cyber threats, innovative cybersecurity technology helps the...
Paul VanAmerongen
VP and CISO, UW Health
Paul VanAmerongen joined UW Health as Vice President and Chief Information Security Officer in February 2017. In this role, Paul develops and leads the strategic vision for UW Health’s enterprise information security program. Prior to joining UW Health, Paul served...
Not pictured: Barry Beckett, VP and CISO, Houston Methodist[/td_block_text_with_title]
[td_block_text_with_title custom_title=”Sponsors”]
Raj Mehta
Partner, Deloitte
Summary Raj is a Partner with Deloitte Advisory’s Cyber Risk Services. Raj currently leads the Cyber Security Practice within the Healthcare Provider space across the US. Raj has over twenty-three (23) years of experience in the field of information governance,...
Anant Sethi
Advisory Manager, Deloitte
Anant Sethi is a Manager with Deloitte Advisory’s Cyber Risk Services, specializing in the health care industry. He has more than 9 years of experience in designing and executing cyber security and governance initiatives. His expertise includes development and maintenance...
Not pictured: Anand Dedhia, Manager, Deloitte[/td_block_text_with_title]
Sorry, the comment form is closed at this time.