Critical Infrastructure Summit
Virtual Summit November 17 - 18, 2022
Letter from the Chair,

Critical Infrastructure is where security hits home- we are so dependent on our infrastructure for so many facets of our daily lives. Critical functions of our societal dependencies such as water, power, transportation and financial services all are a part of critical infrastructure, and last year we saw first-hand through the Colonial Pipeline incident the strength of this dependency.

The importance of critical infrastructure is also reflected in the Presidential Decision Directive 63, where the President called for the establishment of a program to address the need for protection of its critical infrastructures. This directive calls for representatives of the private sector, to ensure that the interests of critical infrastructure operators and owners are represented in the development and implementation of infrastructure assurance plans.

We are excited to announce the launch of the ISMG Critical Infrastructure Summit, which will be taking place November 17th and 18th, marking the start of Infrastructure Security Month.

Our summit will bring the top industry thought leaders together to talk about the best strategies for keeping sectors secure. Our expert group of speakers will take this one step further by providing true, tangible takeaways for optimal cyber resiliency for you and your organization.

We’re honored that you have taken the time to join us for this pivotal event, so that you can configure, maintain and sustain your systems for both cyber and, ultimately, the nation’s security.

Grant Schneider, Senior Director for Cybersecurity Services, Venable LLP and Former U.S. federal CISO
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Craig Barrett
VP Cybersecurity
Kinder Morgan, Inc.
Craig Barrett is an experienced critical infrastructure executive with a demonstrated history of working in the information technology and services industry. Craig is skilled in cybersecurity, IT/OT network architecture, firewalls, network Engineering, IT/OT network security, and various operating systems. Craig...
Chris Carter
Information Security Analyst
Port of Vancouver, USA
Chris Carter joined the Port of Vancouver USA in May 2015 and now serves in the role of Information Security Analyst. His responsibilities include establishing and maintaining secure information technology networks and supporting the port’s IT infrastructure. Chris also provides...
Jerry Cochran
Deputy CIO – Cybersecurity & DigitalOps
Pacific Northwest National Laboratory
Cochran serves as Pacific Northwest National Laboratory’s deputy chief information officer and division director of the Cybersecurity and DigitalOps Division, Computing and IT Directorate. He oversees cybersecurity, the office of the CISO, enterprise IT engineering and operations. Cochran also leads...
Tom Field
SVP of Editorial
ISMG
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world,...
Puesh Kumar
Director, Office of Cybersecurity, Energy Security, and Emergency Response
U.S. DOE
Kumar leads DOE’s mission to address cyber, physical, and natural hazards and threats to the U.S. energy infrastructure. Kumar has over 15 years of experience in grid modernization, cybersecurity, and emergency response within the energy sector. Most recently, Kumar was...
Cherilyn Pascoe
Senior Technology Policy Advisor
National Institute of Standards and Technology (NIST)
Cherilyn Pascoe is Senior Technology Policy Advisor at the National Institute of Standards and Technology (NIST), U.S. Department of Commerce. She advises NIST leadership on technology policy and strategy, including cybersecurity, privacy, and artificial intelligence. She also leads the NIST...
Armando Seay
Founder
Maryland Innovation & Security Institute
Armando Seay is a Co-founder and Director for the Maryland Innovation and Security Institute (MISI). Armando is also a Director and Technical Program Director for MISI’s DreamPort cyber solutions accelerator. Armando leads the critical infrastructure cybersecurity team, tech outreach and...
Virgina Wright
Energy-Cyber Portfolio Manager
Idaho National Laboratory
Virginia “Ginger” Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s Cybercore division within its National and Homeland Security directorate. She leads programs focused on cybersecurity and resilience of critical infrastructure for DOE, DARPA and other government agencies...
Charles T. Blackmore
Marine Transportation Specialist (Cyber)
United States Coast Guard
Charles Blackmore currently serves as a Marine Transportation System Specialist – Cyber at the US Coast Guard’s Office of Port & Facility Compliance where he is responsible for the development of guidance, doctrine, and policy used throughout the Marine Transportation...
Roger Caslow
CISO
Hampton Roads Sanitation District
Roger Caslow has worked in the security field for over 20 years. He has insider threat/counterintelligence, ICS, physical, operational, and cybersecurity expertise. He is proficient at working with cross-functional teams in developing and building technical, governance, compliance, and risk assessment...
Erik Decker
VP & CISO
Intermountain Healthcare
Erik Decker is the Vice President and Chief Information Security Officer for Intermountain Healthcare, a multi-state integrated delivery network based in Salt Lake City, Utah. Erik has 22 years of experience within Information Technology, with 15 years focused on Information...
Howard Grimes
CEO
Cybersecurity Manufacturing Innovation Institute (CyManII)
Dr. Howard Grimes is a noted research scientist and author with 25 years of success in directing complex university and National Laboratory research programs and entrepreneurial start-up initiatives. Currently, Dr. Grimes serves as the Chief Executive Officer for the Cybersecurity...
Mike Manrod
CISO
Grand Canyon Education, Inc.
Mike presently serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. Previous experiences include serving as...
David Pollino
Former CISO
PNC Bank
Pollino is an experienced security and risk executive with over 25 years of experience in information security, fraud prevention and risk management. He has focused on financial services for 20 years and was the CISO of Bank of the West...
Paris Stringfellow
Director of Sustainability
Cybersecurity Manufacturing Innovation Institute (CyManII)
Dr. Paris Stringfellow is the Director of Sustainability for the Cybersecurity Manufacturing Innovation Institute (CyManII). She leads the TrustWorks-aaS division and is responsible for providing translative education and services to US manufacturers. She holds a PhD in Industrial Engineering and...
Mara Winn
Deputy Director, Preparedness, Policy and Risk Analysis
CESER, U.S. DOE
Mara Winn is the Deputy Director for the Preparedness, Policy, and Risk Analysis (PPRA) division of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER). In this role, Winn leads the division in supporting energy sector security and resilience...
Manny Cancel
SVP and CEO
E-ISAC
Cancel became NERC senior vice president and chief executive officer of the Electricity Information Sharing and Analysis Center (E-ISAC) in January 2020. He is responsible for the management and oversight of the E-ISAC and leads security operations and information sharing,...
Elvis Chan
Asst. Special Agent in Charge San Francisco Division, Cyber Branch
FBI
Chan manages a squad responsible for investigating national security cyber matters. He is a decorated agent who is recognized within the Intelligence Community as a cyberterrorism expert. SSA Chan was the lead agent on significant cyber investigations and managed joint...
Anna Delaney
Director, ISMG Productions
ISMG
Steve King
Managing Director, Cybersecurity Marketing Advisory Services
CyberTheory
Steve King has served in senior leadership roles in technology development and deployment for the past 25 years. He is an author, lecturer and serial startup founder, including three successful exits in cybersecurity, and served for six years as the...
Nick Parham, JD
Marine Transportation System Cybersecurity Coordinator
United States Coast Guard Atlantic Area Command
Mr. Nick Parham currently serves as the Marine Transportation System (MTS) Cybersecurity Coordinator responsible for development and execution of Coast Guard cybersecurity regulations and policies impacting MTS stakeholders operating in the Atlantic Area. The area of responsibility encompasses all inland...
Grant Schneider
Senior Director for Cybersecurity Services
Venable LLP and Former U.S. federal CISO
Schneider is the senior director for Cybersecurity Services at Venable LLP. Prior to Venable, Schneider served as the U.S. federal CISO, the U.S. deputy federal CISO and as senior director for Cybersecurity Policy on the White House National Security Council....
Errol Weiss
CSO
Health Information Sharing and Analysis Center
Errol Weiss joined Health-ISAC in April 2019 as its first Chief Security Officer and created a threat intelligence analysis center in Titusville, Florida that provides members with meaningful and actionable threat intelligence relevant for IT and infosec professionals in the...
Marianne McGee
Executive Editor
ISMG Corp
View Agenda
NIST Cybersecurity Framework 2.0: Latest Updates Unpacked
Cherilyn Pascoe, Senior Technology Policy Advisor, National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology is updating the Cybersecurity Framework to keep pace with the evolving cybersecurity risks, standards, and technology landscape.  The NIST Cybersecurity Framework, originally developed for critical infrastructure sectors, is now viewed as foundational to securing organizations of all sectors and sizes around the world.  Join this session to learn about the update process, including areas of focus, for the Cybersecurity Framework 2.0, as well as share your feedback about the use and potential improvements to the Framework.

Cherilyn Pascoe
  • 09:00 AM
  • 09:29 AM
Why It’s Essential to Operationalize a Cybersecurity Framework for Critical Infrastructure
Steve King, Managing Director, Cybersecurity Marketing Advisory Services, CyberTheory
Grant Schneider, Senior Director for Cybersecurity Services, Venable LLP and Former U.S. federal CISO
Roger Caslow, CISO, Hampton Roads Sanitation District

There are many options to choose from when selecting a framework for your cybersecurity program and typically your choice comes down to your industry vertical. We will have a discussion on the most commonly used enterprise level frameworks, what is needed to adopt them and how they provide benefit to your organization. Our expert panel will:

  • Evaluate some of the best practices for structural alignment with capabilities and solutions, and which security controls are needed for audit
  • Analyze how to align IT with OT, as well as the overarching organizational strategy needs and roadmaps
  • Discuss ways to not only support governance structure internally, but also ensure regulation and other external requirements are met
Steve King
Grant Schneider
Roger Caslow
  • 09:30 AM
  • 10:04 AM
Collaborative Cyber Defense: Just a Promise or a Practical Reality?
Howard Grimes, CEO, Cybersecurity Manufacturing Innovation Institute (CyManII)
Jerry Cochran, Deputy CIO – Cybersecurity & DigitalOps, Pacific Northwest National Laboratory
Paris Stringfellow, Director of Sustainability, Cybersecurity Manufacturing Innovation Institute (CyManII)

Cyber defense is increasingly becoming more important to the federal government’s overarching administrative agenda. There is an important need from the various organizations (CISA, DOE CESER, etc.), to incentivize the transition from collaboration, to cooperation within these distinct entities.
This panel will cover these strategies and will:

  • Discuss ways to collaborate across public/private as well as intra- and inter-sector entities to thwart and stay ahead of adversaries targeting critical infrastructures
  • Debate whether or not the 20-year evolution of cyber information/threat sharing is still working, and, if not, how can it be improved
  • Assess the opportunities for mutual aid and defense from the government to various sectors
Howard Grimes
Jerry Cochran
Paris Stringfellow
  • 10:00 AM
  • 10:29 AM
Editorial Interview

In this interview Kiersten Todt cites important cyber engagement efforts between government and industry.  Joint Cyber Defense Collaborative (JCDC) has enabled the sharing of important cyber information between government and industry stating that the “To see the JCDC in real life be effective in industry-government work in what happened with Logj4 Shell and then with the Russian invasion of Ukraine … made a difference.”

Kiersten Todt is Chief of Staff at CISA.

  • 10:30 AM
  • 10:44 AM
Regulating and Being Regulated: Public-Private Partnerships at the Ports
Nick Parham, JD, Marine Transportation System Cybersecurity Coordinator, United States Coast Guard Atlantic Area Command
Chris Carter, Information Security Analyst, Port of Vancouver, USA
Charles T. Blackmore, Marine Transportation Specialist (Cyber), United States Coast Guard

In the wake of the terrorist attacks from September 11, the Maritime Transportation Security Act (MTSA) was implemented across the commercial shipping industry in the United States. With the rise and evolving threat of cybersecurity attacks during the past decade, the Coast Guard has worked with public and private partnerships at America's ports to leverage the MTSA and enhance cybersecurity mitigation and resiliency at these ports. The industries operating in America's ports are critical components of multiple supply chains and often fall into multiple critical infrastructure categories. 

Key takeaways include actionable insights to:  

  • Leverage existing partnerships within ports to address cybersecurity vulnerabilities
  • Take action within an existing regulatory framework to address cybersecurity vulnerabilities
  • Facilitate information sharing and analysis to bridge the public/private communication gap
Nick Parham, JD
Chris Carter
Charles T. Blackmore
  • 10:45 AM
  • 11:16 AM
Election Security: What Did We Learn From the Mid-term Elections?
Elvis Chan, Asst. Special Agent in Charge San Francisco Division, Cyber Branch, FBI

Since 2016, election security has emerged as one of the newest and most urgent aspects of critical infrastructure protection. And Elvis Chan of the FBI's San Francisco office has been at the forefront of assessing and mitigating election security threats. In this session, Chan will:

  • Address the latest threats to election integrity
  • Explain the stepped-up effort of the U.S. government in general and FBI in particular
  • Describe the shifting cyber threat landscape post-Russia's invasion of Ukraine
Elvis Chan
  • 11:15 AM
  • 11:44 AM
Health Sector Progress: Collaborations and Public Partnerships
Erik Decker, VP & CISO, Intermountain Healthcare
Errol Weiss, CSO, Health Information Sharing and Analysis Center

Healthcare is among the most targeted critical infrastructure sectors. How are healthcare sector entities - and their CISOs and security teams - working with their peers, industry competitors, government agencies and information sharing organizations to help fend off the rising cyberthreats striking from so many different directions?  This session will:

  • Spotlight Information sharing and other collaborative healthcare sector cybersecurity efforts – where progress is being made
  • Identify cybersecurity resources for the private and public health sectors, and what else is still much needed
  • Explore ways healthcare organizations and their security leadership can become more proactive in addressing sector cyber threats and risks
Erik Decker
Errol Weiss
  • 11:45 AM
  • 12:14 PM
CEB Profile in Leadership

In this interview Mex Martinot discusses the future of IT and OT convergence in the energy sector.  He also addresses how the threat landscape is set to evolve and the protective measures that must be taken, accordingly. Listen and learn people, process and technology best practices that will safeguard IT and OT environments. 

Mex Martinot is Vice President and Global Head of Industrial Cybersecurity at Siemens Energy and a CyberEdBoard member. 

  • 12:15 PM
  • 12:29 PM
Lessons Relearned From the Russian Invasion of Ukraine, the Cybersecurity Threat Reality and Defense
Mike Manrod, CISO, Grand Canyon Education, Inc.
Armando Seay, Founder, Maryland Innovation & Security Institute
Roger Caslow, CISO, Hampton Roads Sanitation District

Since the late 90’s, our critical infrastructure has been under documented attack from various APTs, groups affiliated with nation states to include Russia. Russia’s directed cyber-attacks on the Ukraine are well documented, as is the intended blast radius to include the US and allies, which has been ramped up since the February 2022 invasion of the Ukraine. So how do we defend our critical infrastructure from this now and into the future? Our cybersecurity advice has not changed, merely has evolved to associate advice given for IT to also include OT and IoT basic hygienic solutions. Expect to learn key practices from our session, in which our panel of experts will:

  • Discuss incident response plans that can proactively defend your organization against a number of potential threats
  • Assess the best strategies to build a defensible architecture, and ensure network security is properly monitored in the process
  • Look at the most effective vulnerability and patch management testing methods
Mike Manrod
Armando Seay
Roger Caslow
  • 12:30 PM
  • 01:09 PM
Energy Sector: Drill Down Insights for Preemption and Resilience
Manny Cancel, SVP and CEO, E-ISAC
Mara Winn, Deputy Director, Preparedness, Policy and Risk Analysis, CESER, U.S. DOE

The energy sector puts significant resources into building systems that are resilient. These efforts have traditionally been focused on capacity building and preparing for potential natural disasters. The challenge of resilience changes when preparing for and recovering from a cyber-attack that may not be limited to a particular geographic area.  This discussion will:

  • Address practices that ensure energy resilience in the digital age
  • Identify systems and processes required to mitigate risk across the industry
  • Provide insights on how energy companies can work better with others across the value chain to improve cybersecurity
Manny Cancel
Mara Winn
  • 01:00 PM
  • 01:30 PM
The State of Critical Infrastructure Resilience
Grant Schneider, Senior Director for Cybersecurity Services, Venable LLP and Former U.S. federal CISO
Jerry Cochran, Deputy CIO – Cybersecurity & DigitalOps, Pacific Northwest National Laboratory
Virgina Wright, Energy-Cyber Portfolio Manager, Idaho National Laboratory
Puesh Kumar, Director, Office of Cybersecurity, Energy Security, and Emergency Response, U.S. DOE

If you talk to the energy sector, they will weave resilience into their cybersecurity discussions. For example, the electric, oil and gas, transportation, water and telecommunications sectors will look at cyber differently than health or financial sectors. Generally, the water, electric, and oil and gas sectors have more similarities and interdependencies than any other Critical Infrastructure sector combined. Our panel will shed light on some of the most effective cross-sector resilience strategies and will:

  • Discuss the best ways to adopt a framework and best communications and operational methods to achieve this
  • Analyze the performance of scenario-based risk assessments to inform business continuity and emergency response plans that enable effective resourcing
  • Assess the broader regulatory and operational requirements that guide these critical business decisions
Grant Schneider
Jerry Cochran
Virgina Wright
Puesh Kumar
  • 01:30 PM
  • 02:09 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, November 18th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Letter from the Chair,

Critical Infrastructure is where security hits home- we are so dependent on our infrastructure for so many facets of our daily lives. Critical functions of our societal dependencies such as water, power, transportation and financial services all are a part of critical infrastructure, and last year we saw first-hand through the Colonial Pipeline incident the strength of this dependency.

The importance of critical infrastructure is also reflected in the Presidential Decision Directive 63, where the President called for the establishment of a program to address the need for protection of its critical infrastructures. This directive calls for representatives of the private sector, to ensure that the interests of critical infrastructure operators and owners are represented in the development and implementation of infrastructure assurance plans.

We are excited to announce the launch of the ISMG Critical Infrastructure Summit, which will be taking place November 17th and 18th, marking the start of Infrastructure Security Month.

Our summit will bring the top industry thought leaders together to talk about the best strategies for keeping sectors secure. Our expert group of speakers will take this one step further by providing true, tangible takeaways for optimal cyber resiliency for you and your organization.

We’re honored that you have taken the time to join us for this pivotal event, so that you can configure, maintain and sustain your systems for both cyber and, ultimately, the nation’s security.

Grant Schneider, Senior Director for Cybersecurity Services, Venable LLP and Former U.S. federal CISO
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Craig Barrett
VP Cybersecurity
Kinder Morgan, Inc.
Craig Barrett is an experienced critical infrastructure executive with a demonstrated history of working in the information technology and services industry. Craig is skilled in cybersecurity, IT/OT network architecture, firewalls, network Engineering, IT/OT network security, and various operating systems. Craig...
Chris Carter
Information Security Analyst
Port of Vancouver, USA
Chris Carter joined the Port of Vancouver USA in May 2015 and now serves in the role of Information Security Analyst. His responsibilities include establishing and maintaining secure information technology networks and supporting the port’s IT infrastructure. Chris also provides...
Jerry Cochran
Deputy CIO – Cybersecurity & DigitalOps
Pacific Northwest National Laboratory
Cochran serves as Pacific Northwest National Laboratory’s deputy chief information officer and division director of the Cybersecurity and DigitalOps Division, Computing and IT Directorate. He oversees cybersecurity, the office of the CISO, enterprise IT engineering and operations. Cochran also leads...
Tom Field
SVP of Editorial
ISMG
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world,...
Puesh Kumar
Director, Office of Cybersecurity, Energy Security, and Emergency Response
U.S. DOE
Kumar leads DOE’s mission to address cyber, physical, and natural hazards and threats to the U.S. energy infrastructure. Kumar has over 15 years of experience in grid modernization, cybersecurity, and emergency response within the energy sector. Most recently, Kumar was...
Cherilyn Pascoe
Senior Technology Policy Advisor
National Institute of Standards and Technology (NIST)
Cherilyn Pascoe is Senior Technology Policy Advisor at the National Institute of Standards and Technology (NIST), U.S. Department of Commerce. She advises NIST leadership on technology policy and strategy, including cybersecurity, privacy, and artificial intelligence. She also leads the NIST...
Armando Seay
Founder
Maryland Innovation & Security Institute
Armando Seay is a Co-founder and Director for the Maryland Innovation and Security Institute (MISI). Armando is also a Director and Technical Program Director for MISI’s DreamPort cyber solutions accelerator. Armando leads the critical infrastructure cybersecurity team, tech outreach and...
Virgina Wright
Energy-Cyber Portfolio Manager
Idaho National Laboratory
Virginia “Ginger” Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s Cybercore division within its National and Homeland Security directorate. She leads programs focused on cybersecurity and resilience of critical infrastructure for DOE, DARPA and other government agencies...
Charles T. Blackmore
Marine Transportation Specialist (Cyber)
United States Coast Guard
Charles Blackmore currently serves as a Marine Transportation System Specialist – Cyber at the US Coast Guard’s Office of Port & Facility Compliance where he is responsible for the development of guidance, doctrine, and policy used throughout the Marine Transportation...
Roger Caslow
CISO
Hampton Roads Sanitation District
Roger Caslow has worked in the security field for over 20 years. He has insider threat/counterintelligence, ICS, physical, operational, and cybersecurity expertise. He is proficient at working with cross-functional teams in developing and building technical, governance, compliance, and risk assessment...
Erik Decker
VP & CISO
Intermountain Healthcare
Erik Decker is the Vice President and Chief Information Security Officer for Intermountain Healthcare, a multi-state integrated delivery network based in Salt Lake City, Utah. Erik has 22 years of experience within Information Technology, with 15 years focused on Information...
Howard Grimes
CEO
Cybersecurity Manufacturing Innovation Institute (CyManII)
Dr. Howard Grimes is a noted research scientist and author with 25 years of success in directing complex university and National Laboratory research programs and entrepreneurial start-up initiatives. Currently, Dr. Grimes serves as the Chief Executive Officer for the Cybersecurity...
Mike Manrod
CISO
Grand Canyon Education, Inc.
Mike presently serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. Previous experiences include serving as...
David Pollino
Former CISO
PNC Bank
Pollino is an experienced security and risk executive with over 25 years of experience in information security, fraud prevention and risk management. He has focused on financial services for 20 years and was the CISO of Bank of the West...
Paris Stringfellow
Director of Sustainability
Cybersecurity Manufacturing Innovation Institute (CyManII)
Dr. Paris Stringfellow is the Director of Sustainability for the Cybersecurity Manufacturing Innovation Institute (CyManII). She leads the TrustWorks-aaS division and is responsible for providing translative education and services to US manufacturers. She holds a PhD in Industrial Engineering and...
Mara Winn
Deputy Director, Preparedness, Policy and Risk Analysis
CESER, U.S. DOE
Mara Winn is the Deputy Director for the Preparedness, Policy, and Risk Analysis (PPRA) division of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER). In this role, Winn leads the division in supporting energy sector security and resilience...
Manny Cancel
SVP and CEO
E-ISAC
Cancel became NERC senior vice president and chief executive officer of the Electricity Information Sharing and Analysis Center (E-ISAC) in January 2020. He is responsible for the management and oversight of the E-ISAC and leads security operations and information sharing,...
Elvis Chan
Asst. Special Agent in Charge San Francisco Division, Cyber Branch
FBI
Chan manages a squad responsible for investigating national security cyber matters. He is a decorated agent who is recognized within the Intelligence Community as a cyberterrorism expert. SSA Chan was the lead agent on significant cyber investigations and managed joint...
Anna Delaney
Director, ISMG Productions
ISMG
Steve King
Managing Director, Cybersecurity Marketing Advisory Services
CyberTheory
Steve King has served in senior leadership roles in technology development and deployment for the past 25 years. He is an author, lecturer and serial startup founder, including three successful exits in cybersecurity, and served for six years as the...
Nick Parham, JD
Marine Transportation System Cybersecurity Coordinator
United States Coast Guard Atlantic Area Command
Mr. Nick Parham currently serves as the Marine Transportation System (MTS) Cybersecurity Coordinator responsible for development and execution of Coast Guard cybersecurity regulations and policies impacting MTS stakeholders operating in the Atlantic Area. The area of responsibility encompasses all inland...
Grant Schneider
Senior Director for Cybersecurity Services
Venable LLP and Former U.S. federal CISO
Schneider is the senior director for Cybersecurity Services at Venable LLP. Prior to Venable, Schneider served as the U.S. federal CISO, the U.S. deputy federal CISO and as senior director for Cybersecurity Policy on the White House National Security Council....
Errol Weiss
CSO
Health Information Sharing and Analysis Center
Errol Weiss joined Health-ISAC in April 2019 as its first Chief Security Officer and created a threat intelligence analysis center in Titusville, Florida that provides members with meaningful and actionable threat intelligence relevant for IT and infosec professionals in the...
Marianne McGee
Executive Editor
ISMG Corp

View Agenda
NIST Cybersecurity Framework 2.0: Latest Updates Unpacked
Cherilyn Pascoe, Senior Technology Policy Advisor, National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology is updating the Cybersecurity Framework to keep pace with the evolving cybersecurity risks, standards, and technology landscape.  The NIST Cybersecurity Framework, originally developed for critical infrastructure sectors, is now viewed as foundational to securing organizations of all sectors and sizes around the world.  Join this session to learn about the update process, including areas of focus, for the Cybersecurity Framework 2.0, as well as share your feedback about the use and potential improvements to the Framework.

Cherilyn Pascoe
  • 09:00 AM
  • 09:29 AM
Why It’s Essential to Operationalize a Cybersecurity Framework for Critical Infrastructure
Steve King, Managing Director, Cybersecurity Marketing Advisory Services, CyberTheory
Grant Schneider, Senior Director for Cybersecurity Services, Venable LLP and Former U.S. federal CISO
Roger Caslow, CISO, Hampton Roads Sanitation District

There are many options to choose from when selecting a framework for your cybersecurity program and typically your choice comes down to your industry vertical. We will have a discussion on the most commonly used enterprise level frameworks, what is needed to adopt them and how they provide benefit to your organization. Our expert panel will:

  • Evaluate some of the best practices for structural alignment with capabilities and solutions, and which security controls are needed for audit
  • Analyze how to align IT with OT, as well as the overarching organizational strategy needs and roadmaps
  • Discuss ways to not only support governance structure internally, but also ensure regulation and other external requirements are met
Steve King
Grant Schneider
Roger Caslow
  • 09:30 AM
  • 10:04 AM
Collaborative Cyber Defense: Just a Promise or a Practical Reality?
Howard Grimes, CEO, Cybersecurity Manufacturing Innovation Institute (CyManII)
Jerry Cochran, Deputy CIO – Cybersecurity & DigitalOps, Pacific Northwest National Laboratory
Paris Stringfellow, Director of Sustainability, Cybersecurity Manufacturing Innovation Institute (CyManII)

Cyber defense is increasingly becoming more important to the federal government’s overarching administrative agenda. There is an important need from the various organizations (CISA, DOE CESER, etc.), to incentivize the transition from collaboration, to cooperation within these distinct entities.
This panel will cover these strategies and will:

  • Discuss ways to collaborate across public/private as well as intra- and inter-sector entities to thwart and stay ahead of adversaries targeting critical infrastructures
  • Debate whether or not the 20-year evolution of cyber information/threat sharing is still working, and, if not, how can it be improved
  • Assess the opportunities for mutual aid and defense from the government to various sectors
Howard Grimes
Jerry Cochran
Paris Stringfellow
  • 10:00 AM
  • 10:29 AM
Editorial Interview

In this interview Kiersten Todt cites important cyber engagement efforts between government and industry.  Joint Cyber Defense Collaborative (JCDC) has enabled the sharing of important cyber information between government and industry stating that the “To see the JCDC in real life be effective in industry-government work in what happened with Logj4 Shell and then with the Russian invasion of Ukraine … made a difference.”

Kiersten Todt is Chief of Staff at CISA.

  • 10:30 AM
  • 10:44 AM
Regulating and Being Regulated: Public-Private Partnerships at the Ports
Nick Parham, JD, Marine Transportation System Cybersecurity Coordinator, United States Coast Guard Atlantic Area Command
Chris Carter, Information Security Analyst, Port of Vancouver, USA
Charles T. Blackmore, Marine Transportation Specialist (Cyber), United States Coast Guard

In the wake of the terrorist attacks from September 11, the Maritime Transportation Security Act (MTSA) was implemented across the commercial shipping industry in the United States. With the rise and evolving threat of cybersecurity attacks during the past decade, the Coast Guard has worked with public and private partnerships at America's ports to leverage the MTSA and enhance cybersecurity mitigation and resiliency at these ports. The industries operating in America's ports are critical components of multiple supply chains and often fall into multiple critical infrastructure categories. 

Key takeaways include actionable insights to:  

  • Leverage existing partnerships within ports to address cybersecurity vulnerabilities
  • Take action within an existing regulatory framework to address cybersecurity vulnerabilities
  • Facilitate information sharing and analysis to bridge the public/private communication gap
Nick Parham, JD
Chris Carter
Charles T. Blackmore
  • 10:45 AM
  • 11:16 AM
Election Security: What Did We Learn From the Mid-term Elections?
Elvis Chan, Asst. Special Agent in Charge San Francisco Division, Cyber Branch, FBI

Since 2016, election security has emerged as one of the newest and most urgent aspects of critical infrastructure protection. And Elvis Chan of the FBI's San Francisco office has been at the forefront of assessing and mitigating election security threats. In this session, Chan will:

  • Address the latest threats to election integrity
  • Explain the stepped-up effort of the U.S. government in general and FBI in particular
  • Describe the shifting cyber threat landscape post-Russia's invasion of Ukraine
Elvis Chan
  • 11:15 AM
  • 11:44 AM
Health Sector Progress: Collaborations and Public Partnerships
Erik Decker, VP & CISO, Intermountain Healthcare
Errol Weiss, CSO, Health Information Sharing and Analysis Center

Healthcare is among the most targeted critical infrastructure sectors. How are healthcare sector entities - and their CISOs and security teams - working with their peers, industry competitors, government agencies and information sharing organizations to help fend off the rising cyberthreats striking from so many different directions?  This session will:

  • Spotlight Information sharing and other collaborative healthcare sector cybersecurity efforts – where progress is being made
  • Identify cybersecurity resources for the private and public health sectors, and what else is still much needed
  • Explore ways healthcare organizations and their security leadership can become more proactive in addressing sector cyber threats and risks
Erik Decker
Errol Weiss
  • 11:45 AM
  • 12:14 PM
CEB Profile in Leadership

In this interview Mex Martinot discusses the future of IT and OT convergence in the energy sector.  He also addresses how the threat landscape is set to evolve and the protective measures that must be taken, accordingly. Listen and learn people, process and technology best practices that will safeguard IT and OT environments. 

Mex Martinot is Vice President and Global Head of Industrial Cybersecurity at Siemens Energy and a CyberEdBoard member. 

  • 12:15 PM
  • 12:29 PM
Lessons Relearned From the Russian Invasion of Ukraine, the Cybersecurity Threat Reality and Defense
Mike Manrod, CISO, Grand Canyon Education, Inc.
Armando Seay, Founder, Maryland Innovation & Security Institute
Roger Caslow, CISO, Hampton Roads Sanitation District

Since the late 90’s, our critical infrastructure has been under documented attack from various APTs, groups affiliated with nation states to include Russia. Russia’s directed cyber-attacks on the Ukraine are well documented, as is the intended blast radius to include the US and allies, which has been ramped up since the February 2022 invasion of the Ukraine. So how do we defend our critical infrastructure from this now and into the future? Our cybersecurity advice has not changed, merely has evolved to associate advice given for IT to also include OT and IoT basic hygienic solutions. Expect to learn key practices from our session, in which our panel of experts will:

  • Discuss incident response plans that can proactively defend your organization against a number of potential threats
  • Assess the best strategies to build a defensible architecture, and ensure network security is properly monitored in the process
  • Look at the most effective vulnerability and patch management testing methods
Mike Manrod
Armando Seay
Roger Caslow
  • 12:30 PM
  • 01:09 PM
Energy Sector: Drill Down Insights for Preemption and Resilience
Manny Cancel, SVP and CEO, E-ISAC
Mara Winn, Deputy Director, Preparedness, Policy and Risk Analysis, CESER, U.S. DOE

The energy sector puts significant resources into building systems that are resilient. These efforts have traditionally been focused on capacity building and preparing for potential natural disasters. The challenge of resilience changes when preparing for and recovering from a cyber-attack that may not be limited to a particular geographic area.  This discussion will:

  • Address practices that ensure energy resilience in the digital age
  • Identify systems and processes required to mitigate risk across the industry
  • Provide insights on how energy companies can work better with others across the value chain to improve cybersecurity
Manny Cancel
Mara Winn
  • 01:00 PM
  • 01:30 PM
The State of Critical Infrastructure Resilience
Grant Schneider, Senior Director for Cybersecurity Services, Venable LLP and Former U.S. federal CISO
Jerry Cochran, Deputy CIO – Cybersecurity & DigitalOps, Pacific Northwest National Laboratory
Virgina Wright, Energy-Cyber Portfolio Manager, Idaho National Laboratory
Puesh Kumar, Director, Office of Cybersecurity, Energy Security, and Emergency Response, U.S. DOE

If you talk to the energy sector, they will weave resilience into their cybersecurity discussions. For example, the electric, oil and gas, transportation, water and telecommunications sectors will look at cyber differently than health or financial sectors. Generally, the water, electric, and oil and gas sectors have more similarities and interdependencies than any other Critical Infrastructure sector combined. Our panel will shed light on some of the most effective cross-sector resilience strategies and will:

  • Discuss the best ways to adopt a framework and best communications and operational methods to achieve this
  • Analyze the performance of scenario-based risk assessments to inform business continuity and emergency response plans that enable effective resourcing
  • Assess the broader regulatory and operational requirements that guide these critical business decisions
Grant Schneider
Jerry Cochran
Virgina Wright
Puesh Kumar
  • 01:30 PM
  • 02:09 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, November 18th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Speaker Interviews

Critical Infrastructure Security Summit Preview - Grant Schneider on Water, Power and Financial Services
Critical Infrastructure Security Summit Preview - Grant Schneider on Water, Power and Financial Services
Critical Infrastructure Security Summit Preview - Grant Schneider on Water, Power and Financial Services
Cryptocurrency's significant year with landmark arrests, an executive order, and outrageous fraud schemes.
Cryptocurrency's significant year with landmark arrests, an executive order, and outrageous fraud schemes.
Cryptocurrency's significant year with landmark arrests, an executive order, and outrageous fraud schemes.
Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient Care After a Cyberattack
Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient Care After a Cyberattack
Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient Care After a...
Transforming an Organization's Security Culture - CISO Bobby Ford on Building a New Cybersecurity Operating Model
Transforming an Organization's Security Culture - CISO Bobby Ford on Building a New Cybersecurity Operating Model
Transforming an Organization's Security Culture - CISO Bobby Ford on Building a New Cybersecurity...
Profiles in Leadership: Rob Hornbuckle, CISO, Allegiant - Beyond Security, More Than Business: Where is CISO Role Headed?
Profiles in Leadership: Rob Hornbuckle, CISO, Allegiant - Beyond Security, More Than Business: Where is CISO Role Headed?
Profiles in Leadership: Rob Hornbuckle, CISO, Allegiant - Beyond Security, More Than Business: Where...
Profiles in Leadership: Selim Aissi, IMT (Ellie Mae) - Perspectives on the CISO Relationship With the Board
Profiles in Leadership: Selim Aissi, IMT (Ellie Mae) - Perspectives on the CISO Relationship With the Board
Profiles in Leadership: Selim Aissi, IMT (Ellie Mae) - Perspectives on the CISO Relationship...
UK Cyber Security Council to Tackle Education, Standards - Dr. Claudia Natanson Describes Vision of U.K.’s New Self-Regulatory Body
UK Cyber Security Council to Tackle Education, Standards - Dr. Claudia Natanson Describes Vision of U.K.’s New Self-Regulatory Body
UK Cyber Security Council to Tackle Education, Standards - Dr. Claudia Natanson Describes Vision...
Data Risk Governance: The BISO's Perspective - Patrick Benoit of CBRE on Necessary Ingredients for a Mature Program
Data Risk Governance: The BISO's Perspective - Patrick Benoit of CBRE on Necessary Ingredients for a Mature Program
Data Risk Governance: The BISO's Perspective - Patrick Benoit of CBRE on Necessary Ingredients...
CISO Spotlight: Troels Oerting, World Economic Forum - Veteran Cybersecurity Leader on Evolution of Threats, Technology and Leadership
CISO Spotlight: Troels Oerting, World Economic Forum - Veteran Cybersecurity Leader on Evolution of Threats, Technology and Leadership
CISO Spotlight: Troels Oerting, World Economic Forum - Veteran Cybersecurity Leader on Evolution of...
Driving Healthcare Innovation With a Security Mindset - ChristianaCare CISO Anahi Santiago on Securing Hospitals Without Borders
Driving Healthcare Innovation With a Security Mindset - ChristianaCare CISO Anahi Santiago on Securing Hospitals Without Borders
Driving Healthcare Innovation With a Security Mindset - ChristianaCare CISO Anahi Santiago on Securing...
Touhill: What It Takes to Be Resilient - Ex-Federal CISO Starts New Role as Head of SEI’s CERT Division
Touhill: What It Takes to Be Resilient - Ex-Federal CISO Starts New Role as Head of SEI’s CERT Division
Touhill: What It Takes to Be Resilient - Ex-Federal CISO Starts New Role as...
Art Coviello: 'It's a Roaring '20s for Technology' - RSA's Former CEO on State of the Industry and Technologies to Watch
Art Coviello: 'It's a Roaring '20s for Technology' - RSA's Former CEO on State of the Industry and Technologies to Watch
Art Coviello: 'It's a Roaring '20s for Technology' - RSA's Former CEO on State...
Election Security: Lessons Learned from 2020 - FBI's Elvis Chan on Why This Was 'Most Secure Election of My Career'
Election Security: Lessons Learned from 2020 - FBI's Elvis Chan on Why This Was 'Most Secure Election of My Career'
Election Security: Lessons Learned from 2020 - FBI's Elvis Chan on Why This Was...
CISO Spotlight: Marene Allison, Johnson & Johnson - Reflections on Seismic Change in 2020 and Opportunities in the Year Ahead
CISO Spotlight: Marene Allison, Johnson & Johnson - Reflections on Seismic Change in 2020 and Opportunities in the Year Ahead
CISO Spotlight: Marene Allison, Johnson & Johnson - Reflections on Seismic Change in 2020...
Do You Need a Human OS Upgrade? - CISO of World Health Organization on Multilayered Defense Strategies
Do You Need a Human OS Upgrade? - CISO of World Health Organization on Multilayered Defense Strategies
Do You Need a Human OS Upgrade? - CISO of World Health Organization on...
Ariel Weintraub Takes Charge of Cybersecurity at MassMutual - New Head of Enterprise Cybersecurity Succeeds CISO Jim Routh
Ariel Weintraub Takes Charge of Cybersecurity at MassMutual - New Head of Enterprise Cybersecurity Succeeds CISO Jim Routh
Ariel Weintraub Takes Charge of Cybersecurity at MassMutual - New Head of Enterprise Cybersecurity...
Zero Trust': An Outdated Model? - Cyjax CISO Ian Thornton-Trump Offers a Critique
Zero Trust': An Outdated Model? - Cyjax CISO Ian Thornton-Trump Offers a Critique
Zero Trust': An Outdated Model? - Cyjax CISO Ian Thornton-Trump Offers a Critique
Zero Trust: 'What Are You Trying to Protect?' - Father of Zero Trust, John Kindervag, on How Conversation, Industry Have Evolved
Zero Trust: 'What Are You Trying to Protect?' - Father of Zero Trust, John Kindervag, on How Conversation, Industry Have Evolved
Zero Trust: 'What Are You Trying to Protect?' - Father of Zero Trust, John...
Better Identity Coalition: A Project Update - Jeremy Grant, Coalition Coordinator, Discusses Identity Management Progress
Better Identity Coalition: A Project Update - Jeremy Grant, Coalition Coordinator, Discusses Identity Management Progress
Better Identity Coalition: A Project Update - Jeremy Grant, Coalition Coordinator, Discusses Identity Management...
Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta on Applying CIAM Techniques
Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta on Applying CIAM Techniques
Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta on Applying CIAM...
Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain Security Is Broken, and It’s Time for a Change’
Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain Security Is Broken, and It’s Time for a Change’
Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain Security Is...
The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on Redefining IAM for Remote Workforce
The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on Redefining IAM for Remote Workforce
The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on Redefining IAM...
NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls Attention to Fundamental Need for Better DevSecOps
NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls Attention to Fundamental Need for Better DevSecOps
NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls Attention...

November 17 - 18, 2022

Critical Infrastructure Summit

© 2023 Information Security Media Group, Corp.
Privacy & GDPR Statement  |  CCPA: Do Not Sell My Personal Data
Summits Engage Roundtables Faculty About Contact Us