Season 3 Episode 8: The Trifecta for critical national infrastructure - IT,OT and regulation
08/30/21 • 25 min
In this episode, we’re bringing to you a discussion around critical national infrastructure with our host Kristen and her guests Chantel and Sandy. With OT technologies taking prime spot in news headlines with the recent ransomware attacks, our guests provide their insight on the different threat vectors that OT face with components of critical national infrastructure being exposed to the internet. Sandy and Chantel talk about how IT and OT can come together and how regulatory bodies are responding to tackle the external adversaries that are exploiting the gaps in the dynamics of IT/OT and Cloud.
Guests:
Chantel Haswell
Chantel Haswell, PMP, is a Deloitte Advisory Manager within the Cyber Risk Services practice within the East Region. Chantel has over 15 years of experience in the Energy industry, with a focus on the Power and Utilities sector. In particular, Chantel has significant experience in regulatory reliability and compliance standards, including NERC Order 693 and Critical Infrastructure Protection (CIP). Broadly, her activities have included Project Management, Cyber Policy development, Cyber metrics reporting, Compliance Training development and implementation, and overall Compliance program support and internal controls implementation. Most recently, Chantel supported a large Cloud Service Provider (CSP) by performing analysis of the implications of Power & Utility customers hosting NERC CIP assets on the cloud.
Sandy Bacik
Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.
Host:
Kristen Wilbur, CPA, CISSP, CCSK, CISA, ISO 27001 Lead Auditor, is a Director at Schellman & Company LLC, with over 10 years of experience in providing IT attestation and compliance services. Kristen has evaluated risk and controls for Global 1000, Fortune 500, and regional companies during the course of her career with a strong focus in the technology sector. Kristen currently leads the New York City practice at Schellman where she specializes in SOC 1, SOC 2, ISO 27001, and HIPAA reporting. In her portfolio she also oversees large scale engagements that include assessments around FedRAMP, HITRUST, and Privacy.
In this episode, we’re bringing to you a discussion around critical national infrastructure with our host Kristen and her guests Chantel and Sandy. With OT technologies taking prime spot in news headlines with the recent ransomware attacks, our guests provide their insight on the different threat vectors that OT face with components of critical national infrastructure being exposed to the internet. Sandy and Chantel talk about how IT and OT can come together and how regulatory bodies are responding to tackle the external adversaries that are exploiting the gaps in the dynamics of IT/OT and Cloud.
Guests:
Chantel Haswell
Chantel Haswell, PMP, is a Deloitte Advisory Manager within the Cyber Risk Services practice within the East Region. Chantel has over 15 years of experience in the Energy industry, with a focus on the Power and Utilities sector. In particular, Chantel has significant experience in regulatory reliability and compliance standards, including NERC Order 693 and Critical Infrastructure Protection (CIP). Broadly, her activities have included Project Management, Cyber Policy development, Cyber metrics reporting, Compliance Training development and implementation, and overall Compliance program support and internal controls implementation. Most recently, Chantel supported a large Cloud Service Provider (CSP) by performing analysis of the implications of Power & Utility customers hosting NERC CIP assets on the cloud.
Sandy Bacik
Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.
Host:
Kristen Wilbur, CPA, CISSP, CCSK, CISA, ISO 27001 Lead Auditor, is a Director at Schellman & Company LLC, with over 10 years of experience in providing IT attestation and compliance services. Kristen has evaluated risk and controls for Global 1000, Fortune 500, and regional companies during the course of her career with a strong focus in the technology sector. Kristen currently leads the New York City practice at Schellman where she specializes in SOC 1, SOC 2, ISO 27001, and HIPAA reporting. In her portfolio she also oversees large scale engagements that include assessments around FedRAMP, HITRUST, and Privacy.
Previous Episode
Season 3 Episode 7: A Day in My Life: Healthcare AI Customer Success Director
In this episode of the Next Exec podcast, Ashley sits down with Christa White, Vice President of Customer Success and Services at Protenus, a healthcare compliance analytics platform that empowers health systems to monitor patient privacy and drug diversion through artificial intelligence. Christa shares her journey to Customer Success, the importance of her role and a customer friendly view of the in depth analytics that build trust, uncover patient risk, and identity potential theft and misuse of controlled substances in healthcare organizations.
Guest:
Christa White is the VP, Customer Success and Services at Protenus. She has been a member of the Protenus team since October 2016. In her time at Protenus, she has grown the Customer Success division from a team of one to a team of six Customer Success Managers (CSMs) and six professional services consultants. Her role involves collaborating across the revenue, product, and technical operations teams to streamline and optimize the customer journey, and crafting meaningful customer relationship management initiatives. She is also the community manager for the Protenus PANDAS (People and Analytics) user group, which hosts quarterly webinars and an annual conference with over 250 compliance professionals at the top healthcare organizations across the country.
Prior to Protenus, Christa gained experience in leadership, customer engagement, training, and support for software platforms. She spent eight years at Booz Allen Hamilton as a Senior Technologist. Her experience there ranged from managing a support/training team for thousands of global users to developing and delivering precision technical documentation for DoD clients. Christa holds an MBA from the combined University of Baltimore/Towson University program. She received her BS in Applied Mathematics with a minor in Economics from Loyola University Maryland.
Host:
Ashley McArthur-Dean is a Senior Consultant at Deloitte the Risk & Financial Advisory practice with a focus in Cyber Data Privacy. She has over ten years of experience in the healthcare industry including privacy monitoring, data governance and project execution. She has experience and knowledge in HIPAA Security and Privacy Rules, compliance, information security, data analytics, risk management and privacy regulations. She previously led the planning and execution of training, workflow, and operational readiness during mergers & acquisitions, supported enterprise-wide compliance and privacy initiatives including audit readiness, program maturity, and access / process controls. Ashley has provided services to clients in the commercial, healthcare, and life sciences industries.
Ashley has the Project Management Professional (PMP) certification, is OneTrust Certified, and has her Masters in Business Administration.
Next Episode
Season 3 Episode 9: A Day in the Life: Medical Device Insights from a Senior Director
In this episode, Ashley chats with Inhel, a Senior Director of Information Security Engineering at BD, one of the largest global medical technology companies in the world. With privacy in healthcare at the forefront of current events, our guests delve into the nuances of the medical device industry. Inhel also provides actionable advice about career transitions, navigating the workplace, and other lessons learned from her experiences in the field.
Guest:
Inhel Rekik is the Sr Director of Information Security Engineering at BD, a global medical technology company that is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. She currently leads all information security engineering initiatives for Enterprise IT, BD products, manufacturing/OT and R&D. Before joining BD, Inhel was the Director of Health Technology Security at MedStar Health where she founded the program of medical device security, IoMT and IoT security.
Prior to moving into information security, Inhel held various roles of Healthcare Technology Management in HDOs. Inhel is CISM certified. Inhel pursued her education in Canada where she received her Bachelor’s degree in Computer Engineering from Laval University and her Master’s degree in Biomedical engineering from Polytechnic School of Montreal. Inhel is an active member of HISAC Medical Device Security Information Sharing Advisory Committee, MDIC (Medical Device Innovation Consortium) and EWF (Executive Women Forum). Awards include Intelligent Health Association (IHA) Grand Award and (IHA) Improving Patient Care and Health Delivery Award.
Host:
Ashley Baich is a Cybersecurity Consulting Analyst at Accenture with experience in many disciplines of cybersecurity. Her analytical background in marketing, communications, technology and business development inform her mindful but competitive approach.
Ashley is fueled by her desire to bridge the communication between IT Professionals and Business Executives. She considers herself a ‘forever student’, eager to continue to build her academic foundation to be innovative and forward thinking in the world of cybersecurity. She is in the process of earning her MBA in information security and is an active participant in the EWF, currently as a co-lead for the Rising Leader Forum.
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/nextexec-ewf-230951/season-3-episode-8-the-trifecta-for-critical-national-infrastructure-i-26027324"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to season 3 episode 8: the trifecta for critical national infrastructure - it,ot and regulation on goodpods" style="width: 225px" /> </a>
Copy