Julie is a principal with Deloitte Risk & Financial Advisory and is the insurance sector leader for the Cyber Risk Services at Deloitte & Touche LLP. She has more than 20 years of experience serving the world’s top financial institutions at the intersection between business process and information technology. With an extensive background in security strategy, privacy, consumer authentication, fraud prevention, and threat management, she helps clients be more secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and technology complexity. She is a past board member of the Executive Women’s Forum and currently sits on the Advisory Board for the Financial Services Information Sharing and Analysis Center (FS-ISAC). She earned her BA in Music and Business Administration at Westminster College and an MBA in Finance at Rensselaer Polytechnic Institute.

Bio posted May 2022

SVP, Strategic Planning and Innovation, Memorial Sloan Kettering Cancer Center
See LinkedIn

Teresa Tonthat is a goal-driven senior business leader and currently serves as Vice President of Information Services at Texas Children’s Hospital, the largest pediatric hospital in the nation. She also serves as the Chief Information Security Officer and leads a team of over 230 technologists, implementing initiatives that foster team collaboration, innovation, and continuous service quality. Tonthat is an active member of an executive council that defines the system strategy for over 17,000 employees and physicians, and she collaborates with system leadership to deliver a portfolio of enterprise technologies that enable key business strategies. She is also responsible for maintaining a robust digital foundation, facilitating ongoing availability, reliability and security.

Prior to joining Texas Children’s Hospital, Tonthat held multiple senior leadership roles in information technology and internal audit for one of the largest multinational oil and gas corporations, with global operations in more than 70 countries. She obtained a Bachelor of Science in Management Information Systems from Louisiana State University and a Master of Business Administration from The University of Houston.

Bio posted May 2022

Larry Lidz is the CISO for Cisco’s CX Cloud. Over the past year and a half, he has built a team that covers all aspects of cloud security, from DevSecOps to compliance, while pioneering new approaches like automation and one of Cisco’s few bug bounty programs. The organization he leads protects and secures the front door to customers, one that is becoming increasingly critical to how Cisco delivers its as-a-service offerings.

Larry brings over 25 years of experience in Information Security, with practical experience communicating complex security issues to a wide variety of business, customer, C-suite, and Board audiences. He leads with the belief that security is a cornerstone of good business, not adjacent to it, and is a champion for hiring diverse talent to combat the growing cybersecurity threats facing today’s world.

Prior to joining Cisco, Larry served as the SVP & Global CISO for CNA Insurance, where he globalized and improved the security function, including implementing an effective security and IT assurance program, driving an exercise-based business resiliency program, innovating a multi-vendor SOC solution and regularly briefing the Board. He holds a BS from the University of Chicago and an MS from Northwestern University.

Bio posted May 2022

Summary

Raj is a Partner with Deloitte Advisory’s Cyber Risk Services.  Raj currently leads the Cyber Security Practice within the Healthcare Provider space across the US. Raj has over twenty-three (23) years of experience in the field of information governance, security, privacy, risk management and compliance within the Healthcare space. His experience includes performing risk assessments, as well as assessing, developing, and implementing strategies and solutions associated with information security and privacy matters, including:

• Assisting clients with developing their cyber security strategy and defining actionable roadmaps.
• Assisting clients with Executive reporting and Board Communication on Cyber Security.
• Conducting IT risk assessments and assisting internal audit departments in planning and conducting IT audits.
• Compliance Management Strategy and processes leveraging integrated security & privacy frameworks (example sources include HIPAA, PCI DSS, HITRUST, NIST, ISO 27002, etc.
• Implementing GRC solutions such as Archer and developing risk dashboards for identified target audiences (converting security metrics into meaningful information).
• Developing strategy, processes, and tools integration for managing cyber security against advanced threats (SOC operations, implementation of SIEM, DLP, etc.).

Professional Activities

• Raj has assisted in development of the CyberRX 2.0 playbook for HITRUST that can be leveraged for conducting table top exercises related to cyber security incidents within Healthcare environments.
• Assisted in the planning, designing, and execution of a cyber war game for 12 health plans in the CyberRX:HP HITRUST initiative.
• Raj has been a President of the Houston Chapter of the Information Systems Audit and Control Association.
• Raj has been an instructor at the University of Texas (Austin) in lecturing computer audit and security.
• Raj has given a number of presentations to organizations such as AHIA, ISACA, IIA, HFMA, as well as at the annual HITRUST conference.

Example Experience

• Assisted one of the nation’s top 10 Children’s Hospitals in assessing HIPAA security and privacy compliance as well as developing a cyber security strategy. Currently supporting remediation efforts.
• Conducted IT audits over several years for a Children’s Hospital.
• Assisted six large Health institutions with Meaningful Use Risk Analysis for security and privacy requirements. EHR environments included Cerner, EPIC, eCW, etc.
• Assisted a very large catholic based Health Care system with implementing and conducting compliance assessments leveraging the HITRUST framework.
• Developed an information security strategy and implementation roadmap for improving information security controls and compliance management for several large Health systems.
• Developed third-party risk assessment process for a large University System as well as Health Providers.
• Assisted a public sector client with FISMA (Federal Information Security Management Act) compliance – from performing the initial assessment, building a compliance roadmap, to implementation of tools and processes (e.g., Identity & Access Management, Data Leakage Prevention, Incident Response Process, etc.).
• Developed a vendor risk management strategy and process related to information security risk management.
• Development of the governance structure as well as the content for IT policies, procedures, and standards.
• Development of Security Awareness and Training Program
• Data privacy readiness assessments and building roadmaps for risk.

Raj Mehta

Partner

Houston Office

Tel:  713.982.2955

e-mail: rmehta@deloitte.com

Specialization

Information & Technology Risk Management

Enterprise Security Strategy

Information & Technology Governance, Risk and Compliance

Education

MBA (MIS), University of Houston

BS in Accounting, University of New Orleans

Certifications

Certified Information Privacy Professional (CIPP)

Certified Information Systems Security Professional (CISSP)

Certified Public Accountant (CPA) – Licensed in State of Texas

Certified Information Systems Auditor (CISA)

Health Care Information Security & Privacy Practitioner (HCISPP)

HITRUST (Health Information Trust Alliance) CSF (Common Security Framework) Assessor

VP and CISO at Memorial Sloan Kettering Cancer Center

I have over 11 years experience in IT and Information Security. My primary role is developing and leading an application security and penetration testing program, performing hands-on testing of a variety of systems, devices, and applications (web, desktop and mobile applications, medical devices, etc).

My primary areas of interest and core competencies are application security, penetration testing, and Windows OS security and I spend the majority of my free time researching these and related topics. Please visit my website to see more of my research interests: http://www.securitysift.com.

Published Exploits: http://www.exploit-db.com/author/?a=6450

Other Published Advisories/CVEs: http://osvdb.org/creditees/11091-mike-czumak

Regular Hands-on Experience with:
– Pentesting suites / tools (Kali, Metasploit, Burpsuite, Nmap, Sqlmap, etc)
– Debugging / Reversing / Binary Analysis (Immunity, WinDbg, IDA Pro, JPEXS, etc)
– Programming / Scripting languages (C/C++, Assembly, Python, Perl, Ruby, PHP, Javascript)
– Web / Database Platforms (IIS, Apache, MS-SQL, MySQL, Oracle, Sybase, etc)
– Other: Vulnerability Scanners, DLP, Network analysis, etc

Recognized by multiple organizations for security contributions including: Microsoft, Apple, Adobe, PayPal, Ebay, Sony, and Etsy

Practical Professional Certifications: OSCE, OSCP

Other certifications: CISSP, CISM, CNSS 4012, Six Sigma Green Belt, CompTIA Security+/Network+/A+/Project+

Updated November 2018

Ryan Smith  is the Chief Operations Officer at Graphite Health, a software company that’s intent on digitally transforming healthcare to create a healthier world for all.

Ryan has been involved with Information Technology for over 25 years.  Prior to Graphite, Ryan was VP and Chief Information Officer at  Intermountain Healthcare, a leading integrated delivery system widely recognized as a leader in clinical quality improvement and efficient healthcare delivery. He was previously SVP and Executive Advisor at Health Catalyst, consulting healthcare provider and payer organizations on digital, consumer, and data strategies. Prior to Catalyst, he was SVP and CIO at Banner Health, one of the nation’s largest not-for-profit healthcare systems. Ryan spent his first 19 years professionally in various IT and digital business leadership roles at Intermountain Healthcare.

Ryan has significant interest in the use of information technology to increase patient care quality and lower the costs of care.  He is experienced in information technology planning, design, development, deployment and operation, as well as policy development for HIT related issues.

Ryan has served as a Board Member of Health Current, Arizona’s statewide health information exchange, and has served on numerous industry advisory boards. He is a member of HIMSS and CHIME and is a frequent speaker on Health Information Technology strategy, innovation, analytics, standards, and policy.  He has a passion for the power of HIT for transforming the healthcare industry within the United States and for health improvement worldwide.

Ryan received a degree in Computer Science from the University of Utah and later a Masters of IT Management from Western Governors University.

Bio Updated May 2022

Erik Decker is the Assistant Vice President – Chief Information Security Officer at Intermountain Healthcare. Previously Erik was the Chief Security and Privacy Officer for the University of Chicago Medicine, where he was responsible for its Cybersecurity, Identity and Access Management and Privacy Program. Erik has over 25 years of experience within Information Technology, primarily focused on Information Security. The majority of his career has been focused on Academic Medical Centers, where he established two information security programs and an identity and access management program.

He is currently Co-Leading a Department of Health and Human Services (HHS) task group of more than 250 industry and government experts across the country for implementing the Cybersecurity Act of 2015, 405D legislation within the Healthcare sector. The publication was released in December 2018, titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” aka HICP, which establishes a national healthcare cybersecurity standard for small, medium and large sized healthcare organizations. Additionally, he led the development of the Health Industry Cybersecurity Tactical Crisis Response guide (HIC-TCR) under the same working group. He is also a member of the Executive Council of the Healthcare Sector Coordinating Council’s Joint Cybersecurity Work, which is a public-private workgroup formed under the National Infrastructure Protection Plan.

Erik has been awarded the HotTopics.HT 2020 GLOBAL CISO 100, 2019 ISE® North America Executive: Academic/Public Sector and the 2017 Chicago CISO of the Year. In 2018 he served as an expert witness to the House Committee on Energy and Commerce, Subcommittee on Health.

Erik earned his Masters of Science in Information Technology from Loyola University in Chicago and Bachelors degree of the University of Illinois in Champaign/Urbana in Cell and Structural Biology.

Bio updated December 2020