Julie Bernard

Julie is a principal with Deloitte Risk & Financial Advisory and is the insurance sector leader for the Cyber Risk Services at Deloitte & Touche LLP. She has more than 20 years of experience serving the world’s top financial institutions at the intersection between business process and information technology. With an extensive background in security strategy, privacy, consumer authentication, fraud prevention, and threat management, she helps clients be more secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and technology complexity. She is a past board member of the Executive Women’s Forum and currently sits on the Advisory Board for the Financial Services Information Sharing and Analysis Center (FS-ISAC). She earned her BA in Music and Business Administration at Westminster College and an MBA in Finance at Rensselaer Polytechnic Institute.

Bio posted May 2022

      Wendy Perchick

      SVP, Strategic Planning and Innovation, Memorial Sloan Kettering Cancer Center
      See LinkedIn

      Perchick

          Teresa Tonthat

          Teresa Tonthat is a goal-driven senior business leader and currently serves as Vice President of Information Services at Texas Children’s Hospital, the largest pediatric hospital in the nation. She also serves as the Chief Information Security Officer and leads a team of over 230 technologists, implementing initiatives that foster team collaboration, innovation, and continuous service quality. Tonthat is an active member of an executive council that defines the system strategy for over 17,000 employees and physicians, and she collaborates with system leadership to deliver a portfolio of enterprise technologies that enable key business strategies. She is also responsible for maintaining a robust digital foundation, facilitating ongoing availability, reliability and security.

          Prior to joining Texas Children’s Hospital, Tonthat held multiple senior leadership roles in information technology and internal audit for one of the largest multinational oil and gas corporations, with global operations in more than 70 countries. She obtained a Bachelor of Science in Management Information Systems from Louisiana State University and a Master of Business Administration from The University of Houston.

          Bio posted May 2022

              Larry Lidz

              Larry Lidz is the CISO for Cisco’s CX Cloud. Over the past year and a half, he has built a team that covers all aspects of cloud security, from DevSecOps to compliance, while pioneering new approaches like automation and one of Cisco’s few bug bounty programs. The organization he leads protects and secures the front door to customers, one that is becoming increasingly critical to how Cisco delivers its as-a-service offerings.

              Larry brings over 25 years of experience in Information Security, with practical experience communicating complex security issues to a wide variety of business, customer, C-suite, and Board audiences. He leads with the belief that security is a cornerstone of good business, not adjacent to it, and is a champion for hiring diverse talent to combat the growing cybersecurity threats facing today’s world.

              Prior to joining Cisco, Larry served as the SVP & Global CISO for CNA Insurance, where he globalized and improved the security function, including implementing an effective security and IT assurance program, driving an exercise-based business resiliency program, innovating a multi-vendor SOC solution and regularly briefing the Board. He holds a BS from the University of Chicago and an MS from Northwestern University.

              Bio posted May 2022
                  Raj Mehta

                  Raj Mehta

                  Summary

                  Raj is a Partner with Deloitte Advisory’s Cyber Risk Services.  Raj currently leads the Cyber Security Practice within the Healthcare Provider space across the US. Raj has over twenty-three (23) years of experience in the field of information governance, security, privacy, risk management and compliance within the Healthcare space. His experience includes performing risk assessments, as well as assessing, developing, and implementing strategies and solutions associated with information security and privacy matters, including:

                  • Assisting clients with developing their cyber security strategy and defining actionable roadmaps.
                  • Assisting clients with Executive reporting and Board Communication on Cyber Security.
                  • Conducting IT risk assessments and assisting internal audit departments in planning and conducting IT audits.
                  • Compliance Management Strategy and processes leveraging integrated security & privacy frameworks (example sources include HIPAA, PCI DSS, HITRUST, NIST, ISO 27002, etc.
                  • Implementing GRC solutions such as Archer and developing risk dashboards for identified target audiences (converting security metrics into meaningful information).
                  • Developing strategy, processes, and tools integration for managing cyber security against advanced threats (SOC operations, implementation of SIEM, DLP, etc.).

                  Professional Activities

                  • Raj has assisted in development of the CyberRX 2.0 playbook for HITRUST that can be leveraged for conducting table top exercises related to cyber security incidents within Healthcare environments.
                  • Assisted in the planning, designing, and execution of a cyber war game for 12 health plans in the CyberRX:HP HITRUST initiative.
                  • Raj has been a President of the Houston Chapter of the Information Systems Audit and Control Association.
                  • Raj has been an instructor at the University of Texas (Austin) in lecturing computer audit and security.
                  • Raj has given a number of presentations to organizations such as AHIA, ISACA, IIA, HFMA, as well as at the annual HITRUST conference.

                  Example Experience

                  • Assisted one of the nation’s top 10 Children’s Hospitals in assessing HIPAA security and privacy compliance as well as developing a cyber security strategy. Currently supporting remediation efforts.
                  • Conducted IT audits over several years for a Children’s Hospital.
                  • Assisted six large Health institutions with Meaningful Use Risk Analysis for security and privacy requirements. EHR environments included Cerner, EPIC, eCW, etc.
                  • Assisted a very large catholic based Health Care system with implementing and conducting compliance assessments leveraging the HITRUST framework.
                  • Developed an information security strategy and implementation roadmap for improving information security controls and compliance management for several large Health systems.
                  • Developed third-party risk assessment process for a large University System as well as Health Providers.
                  • Assisted a public sector client with FISMA (Federal Information Security Management Act) compliance – from performing the initial assessment, building a compliance roadmap, to implementation of tools and processes (e.g., Identity & Access Management, Data Leakage Prevention, Incident Response Process, etc.).
                  • Developed a vendor risk management strategy and process related to information security risk management.
                  • Development of the governance structure as well as the content for IT policies, procedures, and standards.
                  • Development of Security Awareness and Training Program
                  • Data privacy readiness assessments and building roadmaps for risk.

                  Raj Mehta

                  Partner

                  Houston Office

                  Tel:  713.982.2955

                  e-mail: rmehta@deloitte.com

                   

                  Specialization

                  Information & Technology Risk Management

                  Enterprise Security Strategy

                  Information & Technology Governance, Risk and Compliance

                   

                  Education

                  MBA (MIS), University of Houston

                  BS in Accounting, University of New Orleans

                   

                  Certifications

                  Certified Information Privacy Professional (CIPP)

                  Certified Information Systems Security Professional (CISSP)

                  Certified Public Accountant (CPA) – Licensed in State of Texas

                  Certified Information Systems Auditor (CISA)

                  Health Care Information Security & Privacy Practitioner (HCISPP)

                  HITRUST (Health Information Trust Alliance) CSF (Common Security Framework) Assessor

                  Mehta

                  SI 2021 CISO Virtual Summit – December 7

                  CISO Affinity Group | Event Managed Security Services and what others are doing Evolving hacking/threat techniques and counter actions/protections Sharing ...
                  Read More

                  SI 2021 CISO Virtual Summit – Strategic Security: Facing Off Against Threats

                  Join us at Scottsdale Institute’s 2021 CISO Virtual Summit for cyber security, remote workforce, risk mitigation and more topics—all alongside ...
                  Read More

                  SI 2020 CISO Virtual Summit: Enterprise Risk Management

                  The Scottsdale Institute virtually convened 29 Chief Information Security Officers (CISOs) and related senior executives from 24 member organizations for ...
                  Read More

                  SI 2019 CISO Summit Highlights

                  The SI 2019 CISO Summit sponsored by Deloitte was held October 24 & 25. Co-hosts CHRISTUS VP and CISO Fernando ...
                  Read More

                  SI 2019 CISO Summit – Cybersecurity Impact of Cloud/Virtual/Mobility

                  The 2019 SI CISO Summit sponsored by Deloitte was held October 24 & 25. Co-hosts CHRISTUS VP and CISO Fernando ...
                  Read More

                  An Introduction to Emerging Healthcare Technologies

                  Geoff Lougheed, Principal, Raj Mehta, Partner, and Chris Shudes, Principal, Deloitte Consulting, LLP.  Emerging technology trends can seem both elusive ...
                  Read More

                  SI 2018 CISO Summit

                  The Scottsdale Institute 2018 Chief Information Security Officers Summit convened fifteen CISOs from prominent healthcare systems across the country in ...
                  Read More

                  Cybersecurity of the Medical Internet of Things: FDA Postmarket Cybersecurity Guidance Update

                  Russell L. Jones, Partner, Raj Mehta, Partner, Deloitte Consulting, LLP, and Phillip M. Englert, National Director Technology Operations - Physical ...
                  Read More

                  SI 2017 CISO Summit

                  "Best Practice Standards in Cybersecurity Risk Management" The Scottsdale Institute 2017 Chief Information Security Officers Fall Summit brought together 13 ...
                  Read More
                      Michael Czumak

                      Michael Czumak, III

                      VP and CISO at Memorial Sloan Kettering Cancer Center

                      I have over 11 years experience in IT and Information Security. My primary role is developing and leading an application security and penetration testing program, performing hands-on testing of a variety of systems, devices, and applications (web, desktop and mobile applications, medical devices, etc).

                      My primary areas of interest and core competencies are application security, penetration testing, and Windows OS security and I spend the majority of my free time researching these and related topics. Please visit my website to see more of my research interests: http://www.securitysift.com.

                      Published Exploits: http://www.exploit-db.com/author/?a=6450

                      Other Published Advisories/CVEs: http://osvdb.org/creditees/11091-mike-czumak

                      Regular Hands-on Experience with:
                      – Pentesting suites / tools (Kali, Metasploit, Burpsuite, Nmap, Sqlmap, etc)
                      – Debugging / Reversing / Binary Analysis (Immunity, WinDbg, IDA Pro, JPEXS, etc)
                      – Programming / Scripting languages (C/C++, Assembly, Python, Perl, Ruby, PHP, Javascript)
                      – Web / Database Platforms (IIS, Apache, MS-SQL, MySQL, Oracle, Sybase, etc)
                      – Other: Vulnerability Scanners, DLP, Network analysis, etc

                      Recognized by multiple organizations for security contributions including: Microsoft, Apple, Adobe, PayPal, Ebay, Sony, and Etsy

                      Practical Professional Certifications: OSCE, OSCP

                      Other certifications: CISSP, CISM, CNSS 4012, Six Sigma Green Belt, CompTIA Security+/Network+/A+/Project+

                       

                      Updated November 2018

                          Ryan Smith

                          Ryan Smith  is the Chief Operations Officer at Graphite Health, a software company that’s intent on digitally transforming healthcare to create a healthier world for all.

                          Ryan has been involved with Information Technology for over 25 years.  Prior to Graphite, Ryan was VP and Chief Information Officer at  Intermountain Healthcare, a leading integrated delivery system widely recognized as a leader in clinical quality improvement and efficient healthcare delivery. He was previously SVP and Executive Advisor at Health Catalyst, consulting healthcare provider and payer organizations on digital, consumer, and data strategies. Prior to Catalyst, he was SVP and CIO at Banner Health, one of the nation’s largest not-for-profit healthcare systems. Ryan spent his first 19 years professionally in various IT and digital business leadership roles at Intermountain Healthcare.

                          Ryan has significant interest in the use of information technology to increase patient care quality and lower the costs of care.  He is experienced in information technology planning, design, development, deployment and operation, as well as policy development for HIT related issues.

                          Ryan has served as a Board Member of Health Current, Arizona’s statewide health information exchange, and has served on numerous industry advisory boards. He is a member of HIMSS and CHIME and is a frequent speaker on Health Information Technology strategy, innovation, analytics, standards, and policy.  He has a passion for the power of HIT for transforming the healthcare industry within the United States and for health improvement worldwide.

                          Ryan received a degree in Computer Science from the University of Utah and later a Masters of IT Management from Western Governors University.

                          Bio Updated May 2022

                              Erik Decker

                              Erik Decker is the Assistant Vice President – Chief Information Security Officer at Intermountain Healthcare. Previously Erik was the Chief Security and Privacy Officer for the University of Chicago Medicine, where he was responsible for its Cybersecurity, Identity and Access Management and Privacy Program. Erik has over 25 years of experience within Information Technology, primarily focused on Information Security. The majority of his career has been focused on Academic Medical Centers, where he established two information security programs and an identity and access management program.

                              He is currently Co-Leading a Department of Health and Human Services (HHS) task group of more than 250 industry and government experts across the country for implementing the Cybersecurity Act of 2015, 405D legislation within the Healthcare sector. The publication was released in December 2018, titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” aka HICP, which establishes a national healthcare cybersecurity standard for small, medium and large sized healthcare organizations. Additionally, he led the development of the Health Industry Cybersecurity Tactical Crisis Response guide (HIC-TCR) under the same working group. He is also a member of the Executive Council of the Healthcare Sector Coordinating Council’s Joint Cybersecurity Work, which is a public-private workgroup formed under the National Infrastructure Protection Plan.

                              Erik has been awarded the HotTopics.HT 2020 GLOBAL CISO 100, 2019 ISE® North America Executive: Academic/Public Sector and the 2017 Chicago CISO of the Year. In 2018 he served as an expert witness to the House Committee on Energy and Commerce, Subcommittee on Health.

                              Erik earned his Masters of Science in Information Technology from Loyola University in Chicago and Bachelors degree of the University of Illinois in Champaign/Urbana in Cell and Structural Biology.

                              Bio updated December 2020
                              Decker

                              WEBINAR | Stronger Together: Why Industry Alignment is the Only Means to Mitigate Healthcare Cybersecurity Risk

                              Erik Decker, AVP & CISO, Intermountain Healthcare, and Ed Gaudet, CEO, Censinet. Cyber attacks. Data breaches. Ransomware incidents. All these ...
                              Read More

                              SI 2021 CISO Virtual Summit – Strategic Security: Facing Off Against Threats

                              Join us at Scottsdale Institute’s 2021 CISO Virtual Summit for cyber security, remote workforce, risk mitigation and more topics—all alongside ...
                              Read More

                              SI 2020 CISO Virtual Summit: Enterprise Risk Management

                              The Scottsdale Institute virtually convened 29 Chief Information Security Officers (CISOs) and related senior executives from 24 member organizations for ...
                              Read More

                              SI 2018 CISO Summit

                              The Scottsdale Institute 2018 Chief Information Security Officers Summit convened fifteen CISOs from prominent healthcare systems across the country in ...
                              Read More

                              Managing Cyber Threats and Protecting Patients: An HHS and Industry-led Response

                              Erik Decker, Chief Information Security & Privacy Officer, University of Chicago Medicine, and Julie Chua, Risk Management Branch Chief, HHS ...
                              Read More

                              Advisors

                              Jordan Asher Peter A. L. Bonis Peter Bonis Paul T. Browne Paul Browne Michelle Conger Carrie Damon Erik Decker S ...
                              Read More

                              SI 2017 CISO Summit

                              "Best Practice Standards in Cybersecurity Risk Management" The Scottsdale Institute 2017 Chief Information Security Officers Fall Summit brought together 13 ...
                              Read More

                              SI 2016 CIO/CISO Summit

                              "Cybersecurity as a 'Team Sport': Governance, Organization, Strategy and Tactics" The 2016 Scottsdale Institute Chief Information Officer/Chief Information Security Officer ...
                              Read More