Oregon Cybersecurity Summit
February 24, 2016 | Salem, Oregon
Download materials from the Oregon Cybersecurity Collaboration session, tailored for information technology (IT) and policy leaders in government.
During the session, speakers provided insights into the current reality of cybersecurity, discussed lessons learned on improving resiliency and response, and offered insights into building integrated cybersecurity programs.
Attendees collaborated on the pressing issues public sector agencies face and discussed ways to incorporate industry best practices given diverse responsibilities and resources.
Meet our speakers
George Chamberlin, Supervisory Special Agent (SSA), Federal Bureau of Investigation (FBI)
SSA George Chamberlin leads the Cyber Program and the Oregon Cyber Task Force for the FBI, Portland Field Office. He investigated transnational organized crime for the FBI from 1999-2005 and has investigated criminal computer intrusions and cyber national security matters since 2006. SSA Chamberlin served as a Cyber Terrorism Threat manager at the National Cyber Investigative Joint Task Force (NCIJTF) in Washington DC and recently returned from a three-year overseas assignment in Asia.
Bari Faudree, Director, Cyber Risk Services, Deloitte & Touche LLP
Bari is a director in our Health Care and Public Sector Industry practice in the Cyber Risk Services market offering. He serves as the National Cyber Risk Services leader for Health Plans and National State Sector leader for the implementation of the Health Insurance Exchanges (HIX) and Integration Eligibility (IE) systems as a part of Health Reform and the Affordable Care Act. He has more than 24 years of experience in cyber program and strategy consulting including cyber strategy, security systems integration, data protection security and privacy compliance program development and implementation, cyber risk/threat assessments, war gaming and incident response, cyber security threat solutions and services.
Michael Juergens, Principal, Advisory, Deloitte & Touche LLP
Michael is the managing principal for Information Technology Internal Audit (IT IA) at Deloitte & Touche LLP, which is widely recognized as a leading provider of internal audit services among Fortune 1000 companies. Michael is responsible for developing and executing Deloitte’s IT IA marketplace strategy, which focuses on helping clients evolve their approach to delivering high-value IT IA services that help to mitigate emerging technology risks.
Alex Pettit, Chief Information Officer (CIO), State of Oregon
As State CIO, Alex works in the Department of Administrative Services and is responsible for policy, information and telecommunication systems for state agencies. Previously, Alex was the first CIO for the State of Oklahoma, serving from April 2010 until January 2014.
Stefan Richards, Chief Information Security Officer (CISO), State of Oregon
Stefan leads the Enterprise Security Office under the Office of the State CIO, providing security leadership and enterprise security operations across Oregon State government. His responsibilities include driving state-wide information security policy, procedures and standards, coordinating State security efforts with federal & local resources, including FBI, DHS, & military, managing state-level security compliance programs, and heading the security operations of the State data center, serving over 100+ agencies, boards & commissions.
Mike Wyatt, Director, Cyber Risk Services, Deloitte & Touche LLP
Mike is a national competency director in Deloitte & Touche LLP’s Cyber Risk Services practice and leads the US Identity & Access Management (IAM) practice. He is a recognized leader in public sector cybersecurity and privacy approaches with a deep focus on incident response, breach remediation, and statewide security risk assessments and statewide security program development. Michael is the lead partner for the State of South Carolina, the lead risk services partner for the State of Colorado, and leads the State of Texas Cyber Risk Services practices.
- 7:30 a.m. — Registration and continental breakfast
- 8:00 a.m. — Welcome and introductory remarks – Alex Pettit, Oregon CIO
- 8:30 a.m. — Overview of State cybersecurity strategic vision – Stefan Richards, Oregon CISO
- 9:00 a.m. — Q & A with Alex & Stefan
- 9:15 a.m. — Table discussions on cyber risks
- 9:30 a.m. — Cyber-attacks in the public sector (Federal and State) – George Chamberlin, FBI
- 10:15 a.m. — Break
- 10:30 a.m. — Managing the complexity of cyber risks – Mike Wyatt, Deloitte & Touche LLP
- 11:15 a.m. — Panel discussion with Q&A – Facilitator, Bari Faudree, Deloitte & Touche LLP
- 11:55 a.m. — Closing comments – Alex Pettit
Explore Deloitte insights on cybersecurity and reference materials
- Anticipate, sense, and respond
Connected government and the Internet of Things
Like companies, government agencies are striving to deliver quality services in increasingly complex environments. And the public sector is also looking at ways to apply Internet of Things technology to find new value for citizens, aiming to enhance capabilities, streamline processes, and engage partners.
- Where insights lead
Cybersecurity and the roll of internal audit: An urgent call to action
Internal audit has a critical role in helping organizations in the ongoing battle of managing cyber threats, both by providing an independent assessment of existing and needed controls, and helping the audit committee and board understand and address the diverse risks of the digital world.
- Changing the game on cyber risk
The imperative to be secure, vigilant, and resilient
Given that you cannot prevent all cyber incidents, the traditional discipline of security, isolated from a more comprehensive risk-based approach, is not enough to protect you. Through the lens of what’s most important to your organization, you must invest in cost-justified security controls to protect your most important assets, but you must focus equal—in some cases greater—effort on gaining more insight into threats, and responding more effectively to reduce their impact. Through an ongoing program to become secure, vigilant, and resilient, you can be more confident in your ability to reap the value of your strategic investments.
- Anticipating the unexpected
Be ready with simulated cyber threat war games
To prepare for a cyber-attack, many organizations have traditionally taken a monolithic, compliance-oriented approach to security that is focused on evaluating technology controls. Organizations should seek to understand where threats are coming from and foster a resilient environment that is able to operate “business as usual” in the event a security incident occurs. Those who recognize the need for vigilance and resilience with security are investing in emerging areas, such as cyber threat war gaming.
- The Cybersecurity workforce: States’ needs and opportunities by National Governors Association
Under any cybersecurity strategy, a state will need a cyber workforce with a wide array of skills, from proficiency in higher-order information science to risk assessment to behavioral sciences and a variety of less demanding skills, such as those necessary to reinforce the practice of cyber hygiene day in and day out. Read more to understand NGA’s perspective on state cyber workforce strategies.
- Cyberthreats take aim at individuals and roles in organizations via Risk & Compliance Journal, from the Wall Street Journal
Individuals with access to privileged information—such as chief financial officers, heads of HR, and other senior leadership and boards of directors across enterprises—are increasingly the target of cyberattacks, not just their organizations. Read more on key emerging trends in cyber threats and some of the challenges organizations are facing.
For additional information, please contact
Director | Deloitte & Touche LLP
+1 317 656 2425
Principal | Deloitte & Touche LLP
+1 408 704 4481
Director | Deloitte & Touche LLP
+1 503 727 5401
Principal | Deloitte Consulting LLP
+1 916 288 3748
Director | Deloitte & Touche LLP
+1 512 226 4171