
3rd Party Risk Management
Managing technology risk from vendor, third-party, and in the supply chain.
Managing technology risk from vendor, third-party, and in the supply chain.

Joey Johnson
CISO, Premise Health
Johnson, CISO of Premise Health, Brentwood, Tenn., has more than 15 years of cybersecurity experience. Premise Health was formed as a result of the merger of Take Care Employer Solutions - a former subsidiary of Walgreen Co. - and CHS Health Services. Johnson formerly served as chief security officer for the U.S. Department of Commerce - Office of Computer Services, and held various security and network architecture roles leading the design and implementation of complex enterprise networks for airports, hospitals, universities and federal agencies.

Mitch Parker
CISO, Indiana University Health System
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and others.

Ryan Davis
CISO, Veracode
Ryan Davis currently serves as the Chief Information Security Officer for Vearcode. He is responsible for ensuring the security and compliance of thousands of assets in a highly scalable SasS environment. Davis has more than 15 years of experience in information technology and security in various industries. Prior to joining Veracode, Davis supported a number of different Department of Defense customers at MIT Lincoln Laboratory in various Information Assurance roles.

Mark Sangster
Vice President and Industry Security Strategist, eSentire
Mark Sangster currently serves as eSentire's Vice President and Industry Security Strategist. As a member of the LegalSec Council with the International Legal Technology Association (ILTA), he is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations. In addition to his passion for cybersecurity, Sangster's 20-year sales and marketing career was established with industry giants like Intel Corporation, BlackBerry, and Cisco Systems. His experience unites a strong technical aptitude and an intuitive understanding of regulatory agencies. During his time at BlackBerry, Sangster worked on the first secure devices for government agencies. Since then, he has continued to build mutually beneficial relationships with regulatory agencies in key sectors.

Cris Ewell
CSO and CPO, NRC Health
Ewell, PhD, is CISO at University of Washington Medicine. Previously, he was CISO of Seattle Children's Hospital. Before that, he served as the director of information security operations at the University of Washington, chief security officer for PEMCO Corp. and chief technology officer for Breakwater Security.

Todd Carroll
CISO and VP of Cyber Operations, CybelAngel
Todd M. Carroll currently serves as the CISO and VP of Cyber Operations, North America for CybelAngel. He joined the Paris-based company in January 2019 as part of CybelAngel's expansion into U.S. markets. Carroll retired from the FBI in December 2018 as the Deputy Special Agent in Charge of the Chicago Division. Carroll entered duty with the FBI in 1998 and was assigned to the Washington D.C. Field Office working Counterterrorism matters. He was a Supervisory Special Agent (SSA) with the Critical Incident Response Group/Rapid Deployment Logistics Unit from 2003-2004. From 2006 to 2011, he was assigned as the SSA over the Cyber program in the Chicago Division developing the FBI's intrusion capabilities.

J A Chowdary
Adviser-Information Technology, Govt. of Tamil Nadu, and Chairman, Blockchain Standards Committee
Jakkampudi Adiseshaiah Chowdary, popularly known as JA played an important role in developing the industry in the states of Karnataka, Andhra Pradesh and Tamil Nadu in the 1990s, in his capacity as the founding Director of the Board of Software Technologies Parks of India (STPI) at Bangalore, Hyderabad and Chennai,. He was one of the key architects of the Hi-Tech City & Cyberabad in Hyderabad, and also played a major role in founding the IIIT at Hyderabad. He was one of the key personalities instrumental in bringing about an IT revolution in Hyderabad. He is a well-networked IT man and also one among the trusted deputies of Chief Minister N. Chandrababu Naidu. His prime focus as IT Advisor to the Government of Andhra Pradesh, is to mobilise investments, create IT ecosystem, and provide more jobs. Chowdary is roping the IT industry in India and in the U.S. to kick-start IT initiatives in Amaravati, the proposed capital of Andhra Pradesh. He will also serve as ex-officio Secretary to the Government in the Chief Minister's Office. His role includes advising and assisting the government in bringing in investments, generating employment, and encouraging innovation and start-up activities. Chowdary started his career at ISRO as a scientist where he was involved in designing telemetry test equipment and telemetry sub systems for Bhaskara, Rohini, and Aryabhatta, India's premier satellites. He then worked at BHEL, where he was instrumental in developing mechanisms that facilitate monitoring of pollution levels online and process control instruments for BHEL power stations.

Jaymin Desai
Offering Manager, OneTrust
Desai serves as the Offering Manager at OneTrust VendorpediaTM - part of the largest and most widely used technology platform to operationalize third-party risk, security, and privacy management. In his role, Desai is responsible for driving the development and delivery OneTrust's third party risk management product as well as driving the refinement of the toolset and offerings. He works with clients to centralize their vendor information across business units, assess risks based on use cases and relevant standards like CSA, CAIQ, SIG, GDPR and CCPA while also monitoring threats to seamlessly mitigate vendor risks throughout the engagement lifecycle. Desai takes a customer-based approach to product development and derives the majority of his backlog from customer feedback and direction.


Ted Augustinos
Partner, Locke Lord LLP
Ted Augustinos is a partner of Locke Lord LLP, an international law firm in the US, UK and Asia. He serves as a member of the Steering Committee of the firm's Privacy & Cybersecurity Group, and leads the group's Incident Response Team and its NY DFS Cybersecurity Initiative. Augustinos is also Managing Partner of the firm's Hartford office. He has counselled clients in numerous industries, including financial services, healthcare, insurance, defense, retail, public utilities, professional services, and education. He advises business enterprises ranging from global corporations to small startups, and nonprofit organizations, including large, national organizations and small local charities, on their privacy and data security obligations. Augustinos provides advice on collection, use and sharing of information, and breach preparedness and response.
Tackling Vendor Risk Management Challenges
Phil Curran - Cooper University Health , Mark Eggleston - Health Partners Plans , Brian Lancaster - University of Nebraska Medical Center , Mitch Parker - Indiana University Health System , Steven W. Teppler - Mandelbaum Salsburg P.C. • •
Start this Session
Phil Curran
Chief Information Assurance Officer and Chief Privacy Officer, Cooper University Health
As the Chief Information Assurance and Privacy Officer at Cooper University Health Care in Camden NJ, Phil Curran is responsible for managing governance and regulatory compliance, risk assessment and management, threat intelligence and vulnerability assessment, privacy and security investigations, business continuity, and awareness and training. He has served on the Health Information Trust Alliance (HITRUST) task force to integrate privacy controls in the Common Security Framework and the development of the ISC2 Health Care Information Security and Privacy Practitioner. Phil serves on the Executive Committee for Secure World - Philadelphia and the Philadelphia and New Jersey Chapters of the CISO Executive Network. He has spoken on Information Security and Privacy issues at Secure World and HIMSS Privacy and Security.

Mark Eggleston
VP, CISO and CPO, Health Partners Plans
Eggleston is vice president, CISO and chief privacy officer at Health Partners Plans, a Philadelphia-based HMO. He leads the maturation of various security technologies and privacy initiatives and manages a business continuity and disaster recovery program. Eggleston started his professional career serving as a program manager and psychotherapist at a hospital serving children and adolescents. Later, he helped develop a HIPAA privacy and security compliance program for a geographically dispersed healthcare provider organization and later at a local health plan, before moving to his current role.

Brian Lancaster
VP of IT and CIO, University of Nebraska Medical Center
Brian Lancaster currently serves as Vice President of IT and CIO at the University of Nebraska Medical Center. A healthcare technology executive with over 20 years of experience, he provides vision, direction, coordination and oversight of the delivery of the highest quality information technology to the enterprise. Technology that is critical to deliver upon Nebraska Medicine and UNMC's shared mission statement to lead the world in transforming lives to create a healthy future for all individuals and communities through premier educational programs, innovative research and extraordinary patient care. Lancaster joined Nebraska Medicine in 2015 and during his tenure at Nebraska Medicine, he has lead the enterprise's technology strategy to achieve HIMSS Level 7 in 2015, as well as led the organization to be awarded the 2017 Most Wired award and the 2017 HIMSS Enterprise Davies award. Prior to joining Nebraska Medicine, he was employed by Cerner Corporation where he was the executive over the product and business strategies for Cerner's Electronic Medical Record and Population Health product lines. Lancaster is a recognized innovator with 7 inventions awarded patents and an additional 12 inventions awaiting patent approval.

Mitch Parker
CISO, Indiana University Health System
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and others.

Steven Teppler
Attorney; Bitcoin/Blockchain Expert, Mandelbaum Salsburg P.C.
Teppler has practiced law since 1981 and now leads the firm's electronic discovery and technology based litigation practice. His practice focus is on electronic discovery, including production, preservation, and spoliation matters, and he advises clients about risk, liability, and compliance issues unique to information governance. His experience includes litigation matters, both against and on behalf of Fortune 500 companies, as well as probate and family law disputes where electronic discovery is critically implicated. Nationally, Teppler is the Co-Chair of the American Bar Association's IoT Committee, a member of the Seventh Circuit Court of Appeals Electronic Discovery Pilot Program, a founder and co-chair of the American Bar Association's IoT National Institute as well as the American Bar Association's National Institute on Electronic Discovery and Information Governance, and a contributing author of the ANSI X9F4 trusted timestamp guideline standards for the financial industry. Steven holds six patents in the field of content authentication and is the founder and CEO of a content authentication provider.

Kelly White
CEO and Co-Founder, RiskRecon
Kelly White is the CEO and co-founder of RiskRecon, provider of the world's most advanced cybersecurity risk rating solutions. Kelly has held various enterprise security roles, including CISO and Director of Information Security for Zions Bancorporation. He was also a senior security consultant with CyberTrust and Ernst & Young. Kelly is a frequent contributor to the security community, speaking at conferences such as Cybercrime Prevention Summit, United Security Conference, RSA Conference, and eFraud Global Forum. Kelly is a founding member of the RSA eFraud Global conference board.

Joe Mitchell
Senior Manager - Sales Engineering, BitSight
Joe Mitchell has over 15 years of security, support, QA, and technical sales experience.
He is currently Senior Manager - Sales Engineering at BitSight Technologies running the global sales engineering team.
Previous to BitSight he was with Q1 Labs the maker of the leading SIEM - QRadar, which was acquired by IBM in 2011.

Marshall Toburen
Risk Management Strategist, RSA
Marshall Toburen is a Risk Management Strategist with RSA Archer specializing in Enterprise, Operational, and Third Party Risk Management. He has 30 years of experience in financial services including roles as Enterprise Risk Manager, Operational Risk manager, Information Security Officer, Chief Audit Executive, and Assistant Controller. His credentials include: M.A. in Economics, Univ of Missouri; B.A.s in Economics & Political Science, Baker Univ; & holds CIA, CISA, & CBA certifications (non-practicing).

Kelly White
CEO and Co-Founder, RiskRecon
Kelly White is the CEO and co-founder of RiskRecon, provider of the world's most advanced cybersecurity risk rating solutions. Kelly has held various enterprise security roles, including CISO and Director of Information Security for Zions Bancorporation. He was also a senior security consultant with CyberTrust and Ernst & Young. Kelly is a frequent contributor to the security community, speaking at conferences such as Cybercrime Prevention Summit, United Security Conference, RSA Conference, and eFraud Global Forum. Kelly is a founding member of the RSA eFraud Global conference board.

Sam Kassoumeh
COO and Co-Founder, SecurityScorecard
Kassoumeh is the COO and co-founder of SecurityScorecard. With 10 years of exerience leading security teams, he formerly was head of security and compliance at Gilt and led global security at Federal-Mogul.
Session Contributors
former Dir. of Incident Response, Expedia; Principal Consultant, Public Sector Cyber Security Contracting Services
Read BioTeam Lead - IT & Operations Risk, Federal Deposit Insurance Corporation (FDIC)
Read BioAdviser-Information Technology, Govt. of Tamil Nadu, and Chairman, Blockchain Standards Committee
Read BioTechnology and Privacy Group, co-chairs the firm's Privacy & Security Task Force, Alston & Bird
Read BioFormer Investigator, New York State Police; President, AML Training Academy & Advisory
Read BioChief Information Assurance Officer and Chief Privacy Officer, Cooper University Health
Read Bio