READY OR NOT, HERE THEY COME: Cyber Threats

San Diego — Hacks, breaches, viruses, dark web, data theft, malicious software: It seems the concept of cybersecurity has now entered the mainstream and the vocabulary alone could send any reasonably stable person down a dark hole to hide. But our region has a growing number of cyber warriors who are mounting new protocols and creating new systems to protect us at our most vulnerable levels.

On April 6 the San Diego Business Journal will host a roundtable of experts in several fields who will examine what businesses large and small need to do to keep current on defenses and how to recover after a lethal attack. Here is a snapshot of the panelists and just a few of the topics that will be highlighted.

Moderator

Kenneth D. Slaght

Co-Chair & President San Diego Cyber Center of Excellence

Retired Rear Adm. Kenneth D. Slaght is the co-chair and president of the San Diego Cyber Center Of Excellence, which is a public-private partnership established to coordinate and enhance the effectiveness and synergy of the regional cyber initiative. Previously, Slaght served as the vice president and general manager, Navy/Marine Corps Services Sector, General Dynamics Information Technology, responsible for providing IT services to the Navy and Marine Corps. Prior to that, he was the commander of the Space and Naval Warfare Systems Command, responsible for providing information technology and space systems for naval and joint services.

Expert Advisor Panel

Eric Basu

CEO Sentek Global Inc.

Eric Basu is a serial entrepreneur in several industries, but he is primarily focused on technology and cybersecurity. He launched Sentek Global out of his home in 2001 with the goal of providing innovative technology solutions for the Department of Defense. Basu was also the founder and president of Global Entertainment Security, a company that leveraged technology solutions to combat intellectual property piracy in the entertainment industry.

TOPIC: Recent trends with cyber attacks in the hospitality industry

The hospitality industry has become an increasingly common target of cybercriminals in the last couple of years. Attacks have evolved from cybercriminals stealing credit card numbers to suspected nation states infiltrating the routers of high-end luxury hotels to infect the laptops of traveling business executives. The most Hollywood-like recent attack involved locking down all of the electronic guest room doors in a hotel until the hotel paid a ransom. The confluence of targets of value in the hospitality industry will likely result in increased numbers and types of attacks in the next few years.

Stephen Cobb

Senior Security Researcher ESET North America

Stephen Cobb has been researching computer security and data privacy for 25 years, advising companies, consumers, and government agencies on the protection of sensitive data and systems. Cobb has been a Certified Information Systems Security Professional (CISSP) since 1996 and currently leads a San Diego-based research team for security software maker ESET. He also is working on a master’s degree in criminology at the University of Leicester in England.

TOPIC: The cybersecurity skills gap

More than 80 percent of companies say that a lack of qualified applicants to fill cybersecurity positions is a problem, and this skills gap is leading to breaches. Everyone needs to be aware of this problem and support efforts to address it, efforts that also represent opportunities for

San Diego.

Gary Hayslip

Until recently, Gary Hayslip was the chief information security officer for the City of San Diego where he advised the city’s leadership (mayor, City Council, and more than 40 city departments and agencies) on protecting city government information resources. He oversaw citywide cybersecurity strategy and the enterprise cybersecurity program, cyber operations, compliance and risk assessment services.

TOPIC: Do San Diego businesses have any unique challenges?

I do think because of the unique technology clusters we have located here in San Diego we are an attractive target. We are the second-largest city in California and the eighth-largest city in the U.S. Plus, we have DoD, telecom, biotech and a growing cyber/IoT startup scene. Couple that with major research universities and there is a bull’s eye on the region.

James Mapes

CISO & Director of Cybersecurity Practice TB Consulting

Jim Mapes has more than 25 years of experience in information technology. He brings a unique matrix of experience leading information security programs and operations as well as direct experience performing forensic investigations, risk analysis, and providing thought leadership as both an executive and subject matter expert. He is a known expert in federal regulations, industry regulations, ISO 27000, and corporate compliance programs as well as risk management and mitigation.

TOPIC: It seems that cyber attacks are in the news daily. Is “prediction” of an attack ever possible?

Prediction is possible but only if there is an efficient process for monitoring and rapid cybersecurity response. Success and failure lie but moments apart from one another during an attack. The more warning and preparation time a business has, the faster and more effective its response, which in turn will dramatically increase a business’s chances of containing and preventing a cyberbreach.

Chris Orlando

Co-founder & CSMO ScaleMatrix Inc.

Chris Orlando serves as chief sales and marketing officer of ScaleMatrix Inc. Orlando is a hosting and colocation industry veteran who joined the ScaleMatrix team after holding senior leadership positions within a variety of successful colocation and complex hosting providers throughout the Southwest. Orlando was responsible for opening the company in late 2004 and successfully led it through its acquisition just four years later. Under his direction,

ScaleMatrix has garnered a client list that includes Oprah Winfrey (HARPO), Tony Robbins, Rush Limbaugh, Clear Channel, Cox Communications, ProFlowers, and Intuit.

TOPIC: Compliance

Mature compliance practices can provide a strong foundation for your journey to delivering effective cybersecurity. You are only as strong as your weakest link, so starting from the ground up can be an effective approach.

Justine M. Phillips

Attorney – Cyber & Employment Sheppard, Mullin, Richter & Hampton LLP

Justine Phillips takes a holistic approach to assist clients on everyday issues related to electronically stored information including: cyber risk management and mitigation; eWorkforce policies; compliance with data regulations; retention/destruction policies and protocols; information-security and data privacy; crisis management and forensic investigations for data breaches; business email compromises; electronic discovery; and social-media issues. She co-authored the California section of a 50-state survey on data privacy laws titled “Survey of California Employment Privacy Law,” MLRC Employment Survey, 2014.Phillips also founded the Women in eDiscovery San Diego chapter and frequently publishes and speaks on cyber-related issues.

TOPIC: Embracing a growth cyber

mindset

Companies with a fixed cyber mindset believe complying with fixed regulatory requirements (PCI, HIPAA and state consumer disclosure laws) will protect them from cyber attacks. They spend their time documenting their intelligence or compliance instead of developing processes and evolving their information security programs. On the other hand, a company with a growth cyber mindset understands the threat landscape is constantly evolving and so, too, must their policies, protocols, and approach. In addition to investing resources in technology and regulatory compliance, they also educate and empower all employees to protect company assets from cyber vulnerabilities, which has the net effect of actually reducing risk.

Guest Remarks

Brad Lunn

Corporate Director ESET Foundation

Brad Lunn is a corporate director for the ESET Foundation, the charitable arm of the global cybersecurity firm ESET North America, and an executive at General Atomics Aeronautical Systems Inc. He speaks nationally on a variety of subjects including cybersecurity, corporate governance and high-stakes project management. Lunn was a founding member of the Defense Security Information Exchange addressing aerospace and defense critical infrastructure threats, at both classified and unclassified levels.