Kevin Powers – Strategic Advisor for CyberSaint; Boston College Law School Assistant Professor at Boston College

Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent. Kevin regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.

Padraic O’Reilly – Chief Product Officer & Co-Founder at CyberSaint

Padraic O’Reilly is Chief Product Officer and Co-Founder at CyberSaint, where he leads product innovation and development. His experience as a Harvard-trained economist, IT risk and compliance consultant, and his rapid exposure to Cybersecurity led him to seek out CISOs, CIOs, and Boards of Directors at global organizations to pursue the answer to the question – how can cyber be managed, measured, and understood like any other business function? Padraic’s current activity spans working directly with organizations from public agencies to private companies across the globe to understand how to measure cyber risk, especially amidst the global pandemic which is fueling massive digital transformation projects around the world. Padraic was a key member of the group providing feedback on the NIST Cybersecurity Framework during its development, and is an expert in regulatory standards both in security and privacy, including the NIST Risk Management and NIST Privacy Frameworks. An expert in Artificial Intelligence (AI) and economic modeling, Padraic works with members of the Global 500 to research and deploy risk quantification, risk intelligence gathering, and risk reporting and communication strategies. Padraic also holds a patent entitled, “System And Method for Monitoring And Grading A Cybersecurity Framework” which has inspired much of his work on cohesive IT and cyber risk management approaches.

Ben Carr

CISO at Qualys

Jason Albuquerque

Chief Operating Officer at Envision Technologies

Matt Alderman

Executive Director at CyberRisk Alliance

Ben Carr

CISO at Qualys

Jason Albuquerque

Chief Operating Officer at Envision Technologies

Matt Alderman

Executive Director at CyberRisk Alliance

1. What Did Your Board of Directors Know, and When Did They Know It? – In the SolarWinds lawsuit, the more significant issue is really not that the Board allegedly knew about the risks; it’s that they reportedly knew and then did nothing to prevent or mitigate it. In 2021, the role of the Board has shifted to limiting the damage of these attacks and ensuring those risks are accounted for by their organization. What the Board needs from its CISO is clear communication on what projects you have in place and how they relate to existing and potential threats.
2. Four Things Your CISO Wants Your Board to Know – Here are four things your CISO wants your board to know.

   1. In Order to Adequately Protect an Organization, Your Cybersecurity Budget Should be More Than 1% of Your Overall IT Spend
   2. It’s Impossible to Provide Metrics on how Many Advanced Persistent Threats You’ve Blocked in the Past Month
   3. Building a Culture of Cybersecurity as a Top-down Strategy is Imperative
   4. Align Your Cybersecurity Strategy to an Acceptable Framework that Demonstrates Maturity Over Time

3. 4 in 10 Organizations Do Not Employ a CISO: Report – Organizations across the world have experienced swift changes in their business operations during the new normal. In particular, the adoption of the distributed work environment became a challenge for many companies, resulting in the rise of cyberattack risks. Several enterprises have increased their cybersecurity budgets to deal with new cybersecurity challenges. As the struggle of mitigating cyberthreats seems to surge, some organizations are wary about hiring security professionals. A recent analysis from cybersecurity solutions provider Navisite revealed that over 45% of organizations don’t employ a Chief Information Security Officer (CISO). Of this group, 58% think their company should hire a CISO.
4. The CIO’s role in strengthening information security – If you’re a CIO charged with maximizing security outcomes, while at the same time ensuring projects are implemented and everything “just works,” focus on strengthening your relationships with those who can help you. Security is about buy-in, and it’s especially important for those who don’t fully understand it.
5. 5 New Rules for Leading a Hybrid Team – Here’s how leaders can build great teams, even when those teams aren’t together in-person all the time.

   1. Make work purpose driven.
   2. Trust your people more than feels comfortable.
   3. Learn in the small moments. Send people — and yourself — nudges.
   4. Provide clarity. Be more decisive than feels comfortable.
   5. Include everyone. Take a long hard look in the mirror.

6. Creating a culture of cybersecurity – Think about cybersecurity not as an IT issue, but as a senior executive and leadership issue. Cybersecurity and cyber protection are often thought of as reactive measures, but organizations need to start seeing cyber protection as a way of planning. Similar to financial planning, cybersecurity should be incorporated as a part of everyday business. It’s not an add-on; it should be embedded in the organization, or “embedded endurance strategy”.