FIRST DO NO HARM: THE MANTRA FOR NEW CYBER REGULATION
The traditional regulatory model – when applied to cybersecurity – is actually
The traditional regulatory model – when applied to cybersecurity – is actually
By Charlie Mitchell / March 13, 2023 Federal agencies should be required to
The new National Cybersecurity Strategy released last week calls for intensified federal
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.
Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.
John Frazzini is CEO of Secure Systems Innovation Corporation and brings a background of cybercrime investigations, cyber threat intelligence, artificial intelligence-based security applications, and cyber-attack simulation technology in his experience as a cyber-risk innovator. Prior to SSIC, he served with the U.S. Service Electronic Crimes Task Force and as an investigator for the U.S. Senate Committee on Homeland Security and Governmental Affairs: Permanent Subcommittee on Investigations. He is also a senior fellow alumnus of the GW Center for Cyber and Homeland Security at the George Washington University in Washington, D.C.
Robert Vescio is recognized globally as the leading innovator and visionary of Categorial Outcome Analysis, an emerging leading approach for cyber risk decisioning. He is the Chief Analytics Officer for Secure Systems Innovation Corporation (SSIC) and is the inventor and patent holder for several patents for X-Analytics, SSIC’s state-of-the-art cyber risk decisioning application. In his role, Robert continues to drive innovation in cyber risk decisioning solutions to enable organizations to make better cyber risk decisions using the power of data science and analytics.
Tim McKnight is Head, Global Security Unit in the Global Finance & Administration at SAP SE. Prior to SAP, he was Chief Information Security Officer for Thomson Reuters and GE. He has served in various IT Security leadership roles at Northrop Grumman, BAE Systems and Cisco Systems. Tim began his career at the Federal Bureau of Investigation as lead investigator of all National Infrastructure Protection Center matters, including high-tech crimes, corporate espionage, foreign counterintelligence and telecommunications fraud. In addition to his membership on the ISA Board, he is also a member of the Board of Advisors for Amazon Web Services (AWS), ClearSky Security and Tenable.
Niall P. Brennan is the Global Security Liaison Officer at SAP. In this capacity, he leads relationships with government security services, legislative and regulatory bodies, public-private partnerships, non-governmental organizations, and industry trade councils to address issues related to industry security and resilience, threat mitigation, reputation management, regulatory compliance, and legislative advocacy. He has over 30 years of experience in a variety of legal, advisory, security, and investigative roles in both the public and private sectors.
An attorney by education and training, Niall began his professional life as a commercial litigator in private practice. In 1996, he joined the FBI, where he spent 22-years in multiple operational and managerial capacities across all investigative and investigative support programs, including transnational organized crime, counterterrorism, counterintelligence, cyber and intelligence. In his last position with the FBI, Niall led the office in the U.S. Embassy in Paris, France for over 5 years. He retired from the FBI in 2018 and joined PwC as a Director in the Cybersecurity & Privacy practice where he led client engagements focused on cyber incident response and mitigation, resiliency-building and organizational transformation.
Elena Kvochko, Chief Trust Officer, SAP
Elena currently serves as Chief Trust Officer at SAP. Her team spans four continents, 30+ countries and supports 450.000 SAP customers on matters regarding privacy and security of SAP applications and platforms.
Prior to this position, she served as Senior Vice-President and Technology Executive focusing on global security at Bank of America. Previously, she worked as a divisional Chief Information Officer at Barclays Bank in New York. Her focus was on delivering the highest degree of privacy and security of all customers and employees globally.
She served as an affiliate fellow at Harvard Law School. She was part of the G7 Women in Business. Her published work appeared in Forbes, Harvard Business Review, featured in the Wall Street Journal, the White House cybersecurity report, The New York Times, and multiple industry media.
She has invented patent-pending technologies in cybersecurity, privacy, and secure financial technologies (with 30+ pending patents named a top inventor at Bank of America). Elena serves as Adjunct Professor at Cornell University.
Jim Halpert, an attorney at DLA Piper, has extensive experience helping clients on the full range of data risk issues domestically and internationally and across most sectors. He is rated as a Legal 500 “Hall of Fame” practitioner, as a Tier 1 lawyer by Chambers & Partners and as a BTI “client service all-star”. He has helped draft almost all the state privacy, security and breach notice laws enacted over the past 15 years, the National Association of Corporate Directors Cyber Risk Handbook, and two major US federal privacy laws. He advises clients regarding compliance, crisis management, corporate governance, and risk management strategies relating to transnational, federal and state security and privacy regulation, industry best practices and self-regulatory initiatives. He has helped clients through more than 600 cybersecurity incidents, including several of the most high-profile breaches in the world, and has helped over a hundred clients shape their preventive cybersecurity and privacy programs.
Andrew Cotton is a Partner and Americas Cybersecurity Leader for EY in which role he has responsibility for cross-service line, cross-channel evaluation and refinement of EY’s cybersecurity strategy and tactical operating plans. He has more than 25 years of industry experience serving EY’s largest global technology clients in the San Francisco Bay Area. Andrew has previously served on the Firm’s Partner Advisory Council and as the Americas Software Sector Leader, at which time he developed the firm’s technical guidance in that area. He has a Master of Arts degree from Oxford University.
Jeannie Pumphrey has a diverse background of building cross functional teams, developing and managing risk management programs while delivering results within highly matrix global organizations. She is currently the head of Third-Party and Change Risk Management at MUFG Union Bank, N.A., a U.S Army veteran, a 30-year executive in Supply Chain Management, Third Party Risk and a Six Sigma Black Belt.
Lisa Humbert, Operational Risk Management Officer for the Americas, MUFG Americas is responsible for Operational Risk Management across the Americas. She has built and manages the second line of defense team and industry leading framework to deliver an enterprise-wide Operational Risk Management (ORM) program and services. Previously, Lisa served as Executive Vice President, Chief Information Risk Officer at BNY Mellon and Managing Director, Global Head of IT Risk Management and Business Continuity at Credit Suisse and Citigroup.
Greg Montana is the Corporate Executive Vice President, and Chief Risk Officer for FIS Global. Previously he worked at Bank of America as senior vice president and senior operational risk executive; PayPal, as senior director of global risk operations; and Lloyds Banking Group as director of operational, credit and compliance risk. Montana holds a master’s degree in business administration from the Wharton School of the University of Pennsylvania and received a bachelor’s degree from Boston College. Montana was an adjunct professor of risk management at Flagler College in St. Augustine for seven fall semesters (2013 – 2019) and received the Risk Management Association’s (RMA’s) Special Service Award in October 2012, the same year he joined FIS. He has also authored four articles in the RMA Journal.
Gary McAlum is the Senior Vice President and Chief Security Officer at USAA. Prior to USAA, he served in the US Air Force for 25 years in a variety of staff and leadership positions within the information technology career field including telecommunications, deployable and satellite communications, network operations, and information security and with the front line of cyberspace operations for the Department of Defense. He holds a bachelor’s degree in Mathematics from The Citadel, a master’s degree in Management Information Systems from the University of Arizona, and a master’s degree in national resource strategy from the Industrial College of the Armed Forces. In addition, he is Certified Information Systems Security Professional (CISSP) and a Certified Fraud Examiner (CFE).
J.R. Williamson is the Senior Vice President and Chief Information Security Officer for Leidos. Previously, he held positions at Northrop Grumman, serving as the Corporate CIO, Deputy Chief Information Security Officer, Chief Engineer, Chief Technologist, Director of the Enterprise OneNGC Program Office, and Executive Director of IT Infrastructure and Enterprise Services Operations. Prior to Northrop Grumman, Mr. Williamson served a 4-year stint as a civilian working for Headquarters, United States Marine Corps in the Special Services unit. Mr. Williamson holds a bachelor’s degree in decision sciences and information management from George Mason University and a master’s in information systems from Virginia Tech.
Anthony Shapella is the Director for Enterprise Risk Management, Liability and Financial Lines at AIG. Previously he worked at Towers Watson as a General Management Consultant and as a credit analyst at Susquehanna Bank. He has a master’s degree in strategic management from the Fox School of Business at Temple University and a bachelor’s degree in business administration and finance from Mount St. Mary’s University.
Lou DeSorbo is the Senior Vice President and Chief Information Security and Risk Officer for Centene Corporation. Previously, he served in a variety of leadership roles with Deloitte, Booz Allen Hamilton, the Joint Task Force – Global Network Operations (now U.S. Cyber Command) and Northrop Grumman and in the US Air Force. He holds an MBA from Colorado State University and a B.S. in Electronics Management from Southern Illinois University.
Jeffrey C. Brown is the Vice President and Chief Information Security Officer at Raytheon Technologies. Previously, he held numerous operational and staff positions within the Air Force and industry. He holds a Computer Science degree from the U.S. Air Force Academy, a master’s degree in computer science from the University of California at Berkeley, and a master’s degree in National Security Strategy from National Defense University. He is a contributing author to the ISA’s Cybersecurity Social Contract Handbook (2016).
Mike Gordon is the Chief Information Security Officer for Lockheed Martin Corporation. He is serving his tenth year on Board of Directors for the Defense Information Security Exchange (DSIE) and the National Defense Information Sharing and Analysis Center (ND ISAC), as well as Chairman of the Defense Industrial Base Sector Coordinating Council (DIB SCC) for the protection of critical national infrastructures. He holds an undergraduate degree in Engineering Physics and Masters in Technical Management from Embry-Riddle Aeronautical University as well an MBA and Master of Information Assurance degree from the University of Dallas.
Michael Higgins is the vice president of information security and chief information security officer for L3Harris Technologies. He holds a bachelor’s degree in engineering from the State University of New York at Stony Brook.
Josh Higgins is the Senior Director of Policy and Communications at the Internet Security Alliance, Previously, he was a journalist for Inside Cybersecurity. He holds a bachelor’s degree in Communication and Political Science from Virginia Tech.
Ryan Boulais is the Chief Information Security Officer at AES, serving in this role since February 2020.
Prior to joining AES, Ryan was the VP of Shared Security Services for Thomson Reuters globally for three years. His areas of focus were Identity and Access Management, Security Platforms, Data Loss Prevention and Compliance/Vendor Risk Management.
Ryan was with GE for 5+ years culminating in the VP of Global Security Operations role providing leadership and direction for all cyber security incidents across the company’s 9 businesses, 300K+ employees, and infrastructure both on premise and in Cloud environments.
He also worked for companies such as Northrop Grumman IT-TASC and Scitor performing cost and risk analysis on US Intelligence Community Systems. He spent several years in the US Army as a Military Intelligence and Civil Affairs Officer, with assignments in Germany and the US, and military operational deployments in the Balkans and Baghdad, Iraq.
Ryan holds a Master of Engineering degree from the University of Virginia and a Bachelor of Science degree from the United States Military Academy at West Point.
Kenneth Huh is the manager of the complete life cycle of cybersecurity risks for BNY Mellon. Prior to joining BNY Mellon, Huh was an advisor on information security strategies to Fortune 500 companies, Top 5 U.S. banks, and the U.S. Government. He holds a bachelor’s degree in business administration from James Madison University.
Andy Kirkland is the Chief Information Security Officer for Starbucks Coffee Company. He has 20 years of experience working in information security and FDA regulatory environments. He holds a bachelor’s degree in business and mathematics from Adrian College.
Richard Spearman joined Vodafone as Group Corporate Security Director in March 2015. Richard has responsibility for security across Vodafone’s global operations and his role gives him unique insight into the threats, challenges and opportunities posed by developments in technology, public policy, changing legal frameworks, and shifting societal attitudes. Richard joined Vodafone after twenty-five years in the Foreign and Commonwealth Office and five years working with NGOs. Richard has lived and worked in South Africa, Pakistan, Gambia, Turkey, France and most recently the US.
Yingzhou “Carter” Zheng is a research assistant at Internet Security Alliance. He has a master’s degree in global security from the New York University Center for Global Affairs.
Alexander T. Green is a staff editor for the Georgetown Journal of Law and Public Policy and is Vice President of the Corporate and Financial Law Organization. He holds a Juris Doctor from Georgetown Law.
Jamison Gardner is a member the Georgetown Journal of Law and Public Policy and the First-Generation Student Union. He has a Juris Doctor from Georgetown Law.
Tarun Krishnakumar is a private practice attorney. Previously, he was litigation counsel for the High Court of Delhi, Supreme Court of India and an associate of technology and regulatory affairs at Shardul Amarchand Mangaldas and Co. He has a Master of Law in national security from Georgetown Law and a Bachelor of law and arts from National Law School of India University.