2017 Summer Conference

August 4th, 2017 –  (ISC)2 East Bay Summer Conference

Cyber Health, Privacy, and Automation

111 Lindbergh Ave F, Livermore, CA 94551

Sponsor Venue – (Thank You Allgress)


This one-day security track includes 8 speakers and three guided product events offering 10 CPE for full attendance. (ISC)2 Chapter events facilitate lively discussion and opportunities to extend the presenter wisdom to our real needs in keeping Bay Area companies both competitive and safe. Please learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook

Registration is now CLOSED

(This 1-day event counts towards 10 hours Continuing Professional Education.)



  • Security Lessons for Implementing the HITRUST Framework
  • Examining HIPAA – HITECH Title 45 C.F.R. § 164
  • What is specifically meant by breach notification rule
  • What are the regulatory nuts and bolts of cyber health?
  • How are political trends working for or against us?


  • What is the current state of privacy rule
  • How might technology influence or change what we chose to remain private


  • What are technology limitations based on the security rule?
  • Tools that monitor
  • Process Automation
  • Robots
  • What is the price of automation?
  • How will automation and robotics affect the future of cyber and human health?

8:00 AM – 8:40 AM Registration to 5:45 PM Closing Remarks and Raffle 5:30 – 6:30 PM Speaker Reception

Please make sure to bring a government issued photo id (Driver license or CA ID card etc.) to gain access to the conference room.

*If you are experiencing hardship and wish to attend, please have proof of (ISC)2 membership or ISACA membership and reach out to *Director Education & Career Development – Jing Zhang-Lee, or *Conference Director – Robin Basham

Perhaps we can use your support for the conference or we can find a sponsor for your day.  Seats are limited, so please act quickly.  Once we are full we can’t take walk-ins.


(ISC)2 is happy to accept member ID from its partner professional organizations:


  • Early Bird Member* $90
  • Early Bird Non-Member* $100
  • Student $45

Registration after August 1st

  • Member $125
  • Affiliate-Member $125

Speaker Bar
8:55 AM (ISC)2 East Bay Chapter Greetings from the board, a few housekeeping rules and our ritual 30-minute stretch – CyberHealth Kickoff with Robin, Tom, and Lokesh  The (ISC)2 East Bay Board
1-1 Pacific Dental Featuring Information Security Director for world’s leading Dental Support Organization Nemi George

Nemi George, MBCS, ITIL, CISA, CISM,

Director of Information Security (Information Technology) at PDS

Topic: “Why Your Dentist Can’t Migrate Off Windows XP”


Nemi is a top Enterprise Mobility & Information Security professional with 15+ years of experience working for innovative enterprises like Virgin Media UK, Carphone Warehouse Networks UK, Vodafone UK and Vodafone Group Enterprise where he was responsible for Vodafone’s Global Managed Mobility; Compliance, Security & Risk (CSR) practice. In the last 5 years, he has built security/IT operations teams across multiple countries and is able to balance core security principles against strategic and business objectives, offering an entrepreneurship approach to security. He is CISACISMC|CISO and ITIL certified and, even though he has been a senior leader for a long time, he always makes sure to keep his knowledge fresh through hands-on practice. He has taken several products through market certifications such as ISO 27001, ISO 22301, UK CESG IL3 Certification and HITRUST/HIPAA. Nemi is currently Director of Information Security at Pacific Dental Services, based out of Irvine, California  


More About Nemi George: In addition to being the Director of Information Security at Pacific Dental, Nemi serves as an Executive Consultant (vCISO) helping businesses strike the right balance between managing Information Security risks and the cyclical approach to implementing additional security controls leading to an increasingly complex and sometimes unmanageable IT environment but rather to focus on developing an intelligent and adaptable risk-based security ecosystem that ensures security is embedded into the business fabric and that it becomes a shared responsibility, understood and supported by the entire business leading to a ‘security aware culture’ that strives for operational maturity.

Prior to moving to the USA, Nemi worked with Vodafone for over 9 years in a number of roles ranging from Technical Product Architecture & Design, Technical Consultancy, Information Security, Technology Security & Infrastructure Operations and more recently globally responsible for the Compliance Security & Risk as well as the Managed Mobility Operations function in Vodafone Group Enterprise effectively acting as the CTSO for Vodafone’s Global Enterprise Business, with responsibility for securing Vodafone Enterprise assets and those of its customers (hosted, on – premise, and cloud) services and the operation of these services by ensuring their continued availability. Nemi served in this position for over 3 years before moving to the USA.

Nemi is a member of the ISACA Orange County and was a keen contributor to the Security industry and profession, speaking at a number of events around the USA, UK, and Europe.

1-1 Session Description: The obvious fix is far harder than you think. What are the most creative and effective ways to change the things we can with the wisdom to know the difference?  What should we demand from our vendors? What should we demand of ourselves?

PacificDentalAbout Pacific Dental Services – a leading Dental Support Organization (DSO) providing Enterprise IT (Application, Core IT Infrastructure, Information Security, Business Services and other Administrative Services such as Billing, Payroll, Data Management) to over 540 Dental Practices across the USA allowing Dentists to focus on patients, providing industry leading Dentistry. http://www.pacificdentalservices.com

1-2 MedeAnalytics Featuring Analytics – Patient Data Eric Svetcov

Eric Svetcov,

CSO, CPO MedeAnalytics

Topic: “Is the Patient Dead or Just on Life Support?

Eric Svetcov, Information Security Leader with International Experience and Deep Cloud Computing Knowledge, is the CISO for MedeAnalytics Inc. As an Information Security (CSO/CISO) and IT Leader with deep Cloud Computing experience (Led the first global Cloud Computing Company (Salesforce) through ISO 27001 Certification and did it again with MedeAnalytics), Eric brings deep International Experience – Europe, Middle East, North America, APAC, and ANZ to the problems facing global scale medical crisis and security requirements.  EricSvetcov
More about Eric Svetcov: His prior Big 4 Experience, as Sr. Manager at KPMG – Risk Advisory Services/IT Advisory, and Cloud Computing and Information Security thought leadership support his pragmatic approach as a trainer and speaker at conferences in the United States, Europe, ANZ, and ASEAN, and of course right here in California. Published and Quoted in leading IT and Information Security magazines in the United States and Asia/Pacific we will surely gain a few more Svetcov gems today.  Eric is a Board Member (and former Chair) of the American Board of Cybersecurity and Information Assurance (ABCIA), as well as a former Board Member – ISACA (Auckland Chapter).

1-2 Session Description: Where we are and where we’re supposed to be heading, plus suggestions for how we get there

  • InfoSec Reality
  • Managing Expectations
  • No Breaches/No Security Incidents
  • No Outages
  • No Impact to Solution Innovation
  • No Impact to Solution Delivery
  • No Cost
  • Puppies and Bunny Rabbits for Everyone

medanalyticsAbout MedeAnylitics: MedeAnalytics provides evidence-based insights to solve a real problem that plagues health care – how to use the immense amount of patient data collected along the care continuum to deliver cost – effective care and promote a healthier population. The platform delivers intelligence that helps healthcare organizations detect their greatest areas of risk and identify opportunities to improve their financial health. It empowers providers and health plans to collaborate and use data to strengthen their operations and improve the quality of care. MedeAnalytics’ cloud-based tools have been used to analyze more than 21 billion patient encounters in the United States and the United Kingdom, providing better care to more than 30 million patients and better business for 900 healthcare organizations. For more information, visit www.medeanalytics.com.

1-3 CyberArk Featuring Identity Access Management – Everywhere Barak Feldman

Barak Feldman

Topic: “Privileged Account Risks and Where to Find Them – Accelerate Results: Bridging Security and DevOps”

Barak Feldman is a National Director at CyberArk. He works with Fortune 500 organizations and federal agencies to help them develop long-term cyber security strategies built on privileged account security best practices. He brings deep technical and business experience to his role, with a focus on areas such as regulatory compliance, policy management, access management and proactive risk mitigation techniques.


More About CyberArk: CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the world’s leading companies — including more than 45% of the Fortune 100 companies — to protect their highest value information assets, infrastructure, and applications. For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArk’s security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey and the U.K.

1-3 Session Description: Accelerate Results: Privileged Account Risks and Where to Find Them – Accelerate Results: Bridging Security and DevOps examines dynamic DevOps environments.


Where it’s imperative to maintain speed and agility without compromising secrets used by privileged admin users, CI/CD tools, homegrown applications, and infrastructure – protect the pipeline and integrity of resulting products. This session will discuss:

  • The migration of the traditional and static data center to automation in the Cloud and DevOps world
  • Identifying privileged account-related vulnerabilities across the DevOps pipeline
  • Achieving DevOps goals without obstructing the CI/CD workflow
  • Detecting and mitigating anomalies and potential threats in real-time against secrets and applying remediation before irreparable damage is done
  • Maintaining compliance and reducing risk in this new Cloud and automation frontier
1- 4 Sponsoring Organization Featuring IT Transformation and Security Architecture Nick Yoo
Nick Yoo,

Chief Security Officer at BMC Software

Topic: “Cybersecurity Roadmap: Global Healthcare Security Architecture”

Nick H. Yoo, Chief Security Officer at BMC Software,  worked as Chief Security Architect for a global healthcare IT company responsible for the enterprise security architecture and key cybersecurity initiatives such as identity and access management, cloud security and application security. Previously, Yoo was VP of IT Engineering at Samsung SDS, responsible for software engineering standards, methodology and frameworks to enhance developers’ productivity and software security. Yoo also worked at global consulting companies such as Ernst & Young, CSC, and EDS, and has over 25 years of IT experience. Yoo is an active member of professional organizational groups such as Bay Area APT Response, ISSA, ISACA, and OWASP. He holds numerous professional certifications including CISM and CISSP and has a BBA and Master in cybersecurity.


1- 4 Session Description: Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.

BMCAbout BMC: BMC is a global leader in software solutions that help IT transform traditional businesses into digital enterprises for the ultimate competitive advantage. Our Digital Enterprise Management set of IT solutions is designed to make digital business fast, seamless, and optimized. From mainframe to mobile to the cloud and beyond, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide intuitive user experiences with optimized performance, cost, compliance, and productivity. BMC solutions serve more than 10,000 customers worldwide including 82 percent of the Fortune 500.

1-5 Sponsoring Organization Secure Operations vs Security Operations Melody Pereira
Melody Pereira, CISSP, CISM, CISA, CRISC,

AVP Information Security Officer, Professional Speaker, and Advisor

Topic: “Stop Supporting Security Dysfunction:  Secure Operations vs Security Operations


Ms. Pereira is a highly accomplished executive with a solid background in information security management, information management, technology risk, and cybersecurity.  She has implemented Information/Cyber Security and Risk Management programs in dynamic industries such as banking, securities, electronic payments, insurance, and resort management. Ms. Pereira has had full responsibility for multi-million dollar Information Systems Security programs and budgets, developing multi-year security and risk management strategies and executing complex projects on time and on budget.

 Melody 145x

More about Melody Pereira: As an influencer and innovator, she has applied her expertise in risk analysis, governance, and mitigation, information security policy development, IT auditing and compliance, and incident response oversight to multiple industries. Ms. Pereira has successfully managed penetration testing, change management processes, and disaster recovery planning. She has exhibited strong problem-solving skills and the ability to quickly gather information, assess risk, build requirements, set risk-based priorities, and implement action plans.

1-5 Session Description: Operations are responsible for the implementation of security controls.  We, the Security Professionals are a bridge to real-time information and coordinate with IT so they can get out in front of what they have to manage 365 days a year.

  • How can I make people do their job?
  • What’s the root operational cause?
  • What can we do to provide something to the folks in IT that they don’t have? (context, context, context)
  • Comparing the customer impact to control failure in financial arena v. healthcare
  • What tools or resources help to structure the risk/security professional in a health care context.  We are actually talking about the real life risk, where people could die.  Where the impacts are the most important and what are the sources of information that give this challenge the most support.
1- 6 Medigram Mobile Intelligence for Healthcare Sherri Douville
Sherri Douville,

CEO, Medigram

Topic: “Industry 4.0 Leader: What YOU Need to Know To Unlock the Mobile & IoT Gold Rush”

Sherri Douville is CEO and board member for Medigram, an intelligent mobile enterprise solution for healthcare. She brings over a decade in healthcare consulting, product development, sales, marketing, and entrepreneurial experience to her leadership at Medigram. Medigram’s mission is to save lives through mobile, contextual information. Sherri serves as a frequent moderator and panel coach at Health IT conferences. Prior to this, she founded a healthcare technology consulting practice.  

Sherri Douville

More About Sherri Douville: As CEO for Medigram, Sherri has successfully planned and executed the development, design, and build of the enterprise grade version platform, Medigram 2.0, which is based on an independent, secure and scalable database. Sherri has experience in over a dozen disease states from over 9 years in clinical sales at Johnson & Johnson where she participated in the management development program, won a number of awards, and was recognized as an industry leader by a division of McGraw-Hill. Sherri now serves on the Board of HIMSS Northern California where she served as Co-Chair for the 2017 Innovation conference, is Co-Chair for all program panels, and contributes to the newsletter. She is an advisory board member for the National Bundled Payment Collaborative, serves as a member of Santa Clara University’s Board of Fellows, and as Co-Chair of the mentoring team at TiE’s (The Indus Entrepreneur) youth entrepreneurship program. She earned her BS degree in Combined Sciences from Santa Clara University and three IoT and data analytics certificates through MIT.

1-6 Session Description: Never have the cybersecurity stakes been higher for healthcare organizations. On May 12, 2017, hospitals in 74 countries including the U.S. were attacked by ransomware that shut hospitals down. The Royal London hospital was forced to stop serving new trauma and stroke patients and the London Barts Heart Center had to stop taking heart attack patients. Cancer patients were sent home without treatment, patient visits to physician offices were canceled, and pharmacies were unable to provide medications. Just prior, several U.S. agencies had submitted a report to the U.S. Congress in April 2017 with several mobile security findings and recommendations. In their abstract, they pointed out that “Mobile threats require a security approach that differs substantially from the protections developed for desktop workstations.” Mobile represents significant business opportunities through its ecosystem brings an increased range and number of attack options. In this discussion, Medigram CEO Sherri Douville will present a personal mobile security leadership framework that you can adopt, modify, and improve for yourself which was learned through coaching from top Health IT and security executive mentors over the last years. Sherri will cover the nuts and bolts of the mobile security landscape and how to explain its importance and opportunity. Other topics covered will include earning a seat at the table as a partner to clinical leadership, educating and becoming a resource to your board of directors, and persuading others with business value to drive results.


About Medigram, Inc., Mobile Intelligence For Healthcare, www.medigram.comFollow Medigram on LinkedIn: Medigram provides a secure, cloud-based mobile communication platform to connect healthcare professionals. Healthcare organizations around the country are replacing outdated legacy technologies with Medigram to improve clinical efficiency and reduce compliance risk.

1- 7 Securonix Security Engineering Aarji Khan
Aarji Khan
VP of MarketingTopic: “Where are current attacks coming from? Hint: They’re a lot closer than you think”

Aarij joins Securonix as VP of Marketing, bringing a deep understanding of the security market and buyer combined with over 15 years of marketing leadership at high growth, innovative security vendors.
More About Aarij Khan: Previously, Aarij led marketing efforts at RiskIQ where he was responsible for product marketing, analyst and public relations strategy, channel marketing, field marketing, and growth. Before that, he led product and solution marketing at Tenable Network Security and ThreatMetrix. Earlier, Aarij spent over 4 years at ArcSight/HP where he was instrumental in the rapid adoption of ArcSight SIEM products, and ArcSight’s recognition as a leader in the Gartner Magic Quadrant for SIEM for 4 years in a row.Aarij holds a Bachelor of Science in computer engineering from Cornell University, a Master of Science in Economics from the Catholic University of Leuven (Belgium), and a Master of Business Administration from Cornell’s Johnson Graduate School of Management.

1-7 Session Description: Hacking into a corporate network is hard. Hacking into high value targets is HARDER! Hackers know this, and have a found a new way in – one that is easier to compromise and much closer to the crown jewels they are after. This session will explore the mechanisms used for cyber attacks, and how to find and stop them.

About Securonix:
Securonix radically transforms enterprise security with actionable intelligence. Our purpose-built security analytics platforms mine, enrich, analyze, score and visualize data into actionable intelligence on the highest risk threats to organizations. Using signature-less anomaly detection techniques, Securonix detects data security, insider threat and fraud attacks automatically and accurately.http://www.securonix.com

1- 8 NCC Group Strategy and the Future Vic Bhatia
Vic Bhatia

Regional Director with NCC Group

Topic: “The Use of Artificial Intelligence in Healthcare: What Does It Mean for Security?”

Vic brings C | CISO leadership experience and board-level management skills in information security, enterprise risk management, business continuity, compliance and governance to our (ISC)2 community about AI and Healthcare. He is familiar working with companies where “security fatigue” has set in – where executives are questioning their own vision, value-add, execution, and ROI for security. Vic acts as a trusted advisor to the board and CISO, coaching to “right-size”, align and fix under-performing security programs.

A frequent speaker at various conferences and seminars, he is also the author of the upcoming book “CISO Essentials: Your First 90 Days”. He can be reached at Vic@VicBhatia.com


1-8 Session Description: This talk will give an overview of current advances in artificial intelligence and machine learning in the field of healthcare. The possible impacts on security from these advances will then be discussed.


About NCC Group

NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value, and reputation against the ever-evolving threat landscape. Headquartered in the United Kingdom, NCC Group is a publicly traded company with over 35 offices across the world, employing more than 2000 people that are trusted advisors to over 15,000 clients worldwide.

1- 9 Sponsoring Organization Kaiser Health Care Risk and Transformation Michelle Nix
Michelle Nix MHA

Vice President, Technology Risk and Compliance at Kaiser Permanente

Topic: “Practical Transformation of the Modern Security Leader

Michelle Nix, Vice President for Technology Risk and Compliance within the Technology Risk Office at Kaiser Permanente, is a highly accomplished change leader with 18 years of experience in quality, risk management and information security in the healthcare technology space. Informed by an innate aversion to status quo processes that are wrought with inefficiencies, Michelle has led several multi-year large-scale transformation initiatives. By working closely with key stakeholders across Kaiser, Michelle and her team have successfully transformed previously siloed IT compliance, technology risk controls and monitoring capabilities into integrated, value-based functions. Prior to joining Kaiser, Michelle held IT leadership roles at McKesson Corporation, Paypal, and Juniper Networks.  MichelleNix
More About Michelle Nix: A highly sought-after speaker and contributor on the topic of leading change, Michelle has been featured in Inc. Magazine and keynoted on several stages including the Argyle Forum, MetricStream, and Executive Women’s Forum. In 2008, after seven years of service, she concluded her work as co- chair of the California Office of Health Information Integrity (CalOHII) Privacy Steering Committee. In 2011, Michelle received the Executive Women’s Forum and CSO Magazine’s “Women of Influence Award” for Corporate Practitioner.

Michelle holds a Masters in Healthcare Administration from Golden Gate University and a Bachelor of Biology and Biopsychology from University of California at Santa Barbara.

1-9 Session Description: A pragmatic approach to transformational, inspirational leadership is required to drive impact for your stakeholders while engaging your people. A balanced and transformative set of elements tied to people, process, and technology will be required to succeed. This discussion will provide new approaches you can put to use every day as you pave the path for the strategic realization of a better tomorrow.  Are you ready to transform?

Kaiser-Permanente-Logo.pngAbout Kaiser Permanente: Kaiser Permanente is committed to helping shape the future of health care. We are recognized as one of America’s leading health care providers and not-for-profit health plans. Founded in 1945, our mission is to provide high-quality, affordable health care services and to improve the health of our members and the communities we serve. We serve 11.8 million members in eight states and the District of Columbia. Care for members and patients is focused on their total health and guided by their personal physicians, specialists, and a team of caregivers. Our expert and caring medical teams are empowered and supported by industry-leading technology advances and tools for health promotion, disease prevention, state-of-the-art care delivery and world-class chronic disease management. http://kp.org

Recap and Reception Sponsoring Organizations Featuring Panel Members

How Can Our Vendors Help Us?  Moderator: Robin Basham, CEO EnterpriseGRC


Seclore, Platinum Sponsor, live demonstration data-centric security

SECLORE Data Centric Risks will be the topic of an upcoming training.  As a 2017 Platinum sponsor, we will enjoy this opportunity to look at securing the data at its source and look forward to our upcoming night of dedicated fine and granular data-centric access control.

Seclore’s Enterprise Digital Rights Management solution enables organizations to control the usage of files wherever they go, both within and outside of organizations’ boundaries. The ability to remotely enforce and audit who can do what with a file (view, edit, copy, screen capture, print, run macros), from which device and when empowers organizations to embrace BYOD, Cloud services, Enterprise File Sync and Share (EFSS) and external collaboration with confidence. Featuring dozens of pre-built connectors for leading enterprise applications (EFSS, DLP, ECM, ERP, and email), Seclore automates the protection of documents as they are downloaded, discovered, and shared to ensure rapid adoption. Seclore was recently recognized by Frost & Sullivan with a Growth Excellence Award, by Deloitte as one of the ‘50 Fastest Growing Technology Companies,’ and by Gartner as a ‘Cool Vendor,’ due to innovations in browser-based access to protected documents. With over 4 million users across 420 companies in 22 countries, Seclore is helping organizations achieve their data security, governance, and compliance objectives. http://www.seclore.com/


Event Sponsor, and Host

While you’re here explore the world’s best GRC leveraging the Amazon Marketplace and native cloud application ready Health Care savvy governance program management.

Allgress enables enterprise risk, security, and compliance professionals the ability to effectively manage their risk posture. By utilizing advanced visualization, automation, streamlined workflows, and the integration of existing data feeds, Allgress reduces the complexity and cost of risk management. Unlike other risk management solutions, Allgress customers derive value in days rather than months. For more information, visit www.allgress.com Contact us at info@allgress.com or 925.579.0002

Closing Remarks  Speaker Reception to Follow (ISC)2 East Bay Board Members
Seclore Securonix Your company logo could be right here!
Your company logo could be right here!
ISC2 is Wicked Serious Security

How to become a member: Please directly contact our Chapter President – Lokesh Sisodiya and fill out the membership form https://isc2-eastbay-chapter.org/membership/ 

EnterpriseGRC Solutions


(This 1-day event counts towards 10 hours of Continuing Professional Education or 10 CPEs.)

Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of the Summer Conference, we acknowledge, Nathan Chung, Atul Kumar, Gordon Shevlin, Vic Bhatia and others as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated.

Yours Sincerely,

Robin Basham, Conference Director

The (ISC)2 East Bay Chapter Board of Directors

President – Lokesh Sisodiya
Vice President – Tom Rogers
Treasurer and Finance Director – Gary DyLina
Director Membership – Ashish Gupta
Director Technical Operations – Lee Neely
Director Education & Career Development – Jing Zhang-Lee
Conference Director – Robin Basham

(ISC)2 East Bay Chapter Summer Conference
(ISC)2 East Bay Chapter Summer Conference