CyberCONNECT 2019 connects complex cybersecurity challenges with real-world solutions.

Presented by Sword & Shield

March 6, 2019

Portland PacWest Center
Schwabe Williamson & Wyatt
1211 SW Fifth Avenue, Suite 1900
Portland, OR 97204

Event Sponsors:

Register Now! It’s Free!

Click on each session below to view additional information:

Registration and Continental Breakfast

Enterprise Risk Assessment – A Case Study

This session will feature practical, real-life examples of organizations that have recently completed enterprise assessment engagements. The following areas will be examined during this session with respect to risk assessments:

  • Background and profile of the assessed organization
  • The assessed organization’s core infosec and compliance issues and challenges prior to the assessment
  • How the assessment was delivered (approach, methodology, assessor, etc.)
  • Results and findings of the assessment 
  • The assessed organization’s response to the findings and remediation action steps
  • The assessed organization’s post remediation security and compliance posture
  • Lessons learned by assessed organization

Key lessons and takeaways for attendees to consider will also be addressed. 

Speaker Profile

Sean Hoar has extensive experience managing responses to data breaches and working with cyber insurance carriers.  As chair of the national Data Privacy & Cybersecurity Practice at Lewis Brisbois Bisgaard & Smith LLP, he manages a national breach response team and personally manages responses to data breaches on a daily basis. He also counsels businesses on best practices in information privacy and data security. This includes incident response planning and employee/executive training on network security awareness. He served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon, where he was the point of contact for the FBI, Secret Service and Homeland Security in system intrusions and other digital crime emergencies. Sean also taught courses in cybercrime and privacy law at the University of Oregon School of Law and the Lewis & Clark Law School, and he serves as executive director of the Financial Crimes & Digital Evidence Foundation.  Sean holds the Certified Information Systems Security Professional (CISSP), the Global Information Security Professional (GISP) and the Certified Information Privacy Professional/United States (CIPP/US) credentials.

Risk Mitigation – Threat & Theory, Risk & Reality

Do we really do all we can, or better yet, everything we can afford when mitigating risks? What investments are the best value to protect your organization against threats known and unknown? What else can we do? We plan based on mitigating as many vulnerabilities as we can with what we know. But what about those we don’t know? We employ the use of tools that allow us to learn and adapt. We share knowledge to benefit everyone as a whole. Most importantly we build security concepts into everything an organization does. Security professionals do this instinctively, even in their personal lives, but we must figure out how to get everyone on that same page. Security is all too often the least supported, most disregarded, and loathed aspect of any organization that can have the biggest impact to its success or failure.

Key Topics:

  • Appreciating what you know, but more importantly, acknowledge what you don’t…
  • Planning for the worst. Prepare for the rest.
  • Approaching security “holistically”. What does that mean?
  • Understanding the high value and low cost of a framework
  • Answering the question, “Does security include improving organizational processes like streamlining, simplifying, and lean operations?”
  • Making security a priority.
  • Getting “Buy-in” from everyone… the decision makers all the way to the interns.

Speaker Profile

Corey McReynolds is the Director and Managing Consultant of Enterprise Solutions with Sword & Shield Enterprise Security. Corey graduated Carson-Newman University with Bachelor of Arts in communications. He then started his career with the United States Army where he worked on numerous war-time operations as a Military Intelligence asset. He was Honorably Discharged as a Military Intelligence Officer from the United States Army Intelligence Center of Excellence at Fort Huachuca. He then transitioned to supporting security operations at a Department of Energy research and development facility, where he rebuilt the facility’s security operations procedures and manual. During this time, he began working on additional technical degrees where he acquired three in Information Technology, Programming, and Network Security & Forensics. Corey simultaneously earned all six of the Committee on National Security Systems (CNSS) Certifications, meeting requirements for both the National Security Agency (NSA) and U.S. Department of Homeland Security (DHS). During this period Corey transitioned into a Senior Systems Engineer/Solutions Architect position for a data storage company. He designed and deployed four data centers capable of handling 500+ petabytes of combined data storage. After completion of the degrees Corey was offered a position at Sword & Shield Enterprise Security where he enjoys serving clients and solving problems with creative solutions.

Privacy Compliancy – GDPR and Beyond

The General Data Protection Regulation (GDPR) regulations and requirements went into effect on May 25, 2018. This European Union (EU) regulation, intended to give people more control over their personal data and protect that information from risk, applies to any organization that conducts business in the EU. This panel session will address what all organizations can learn from GDPR (regardless if compliance to it is a requirement or not), how GDPR aligns with other data and information security compliance frameworks such NIST, HIPAA, ISO, ITIL, and PCI, and practical steps that organizations can take to address GDPR compliance requirements.  

Moderator Profile

Matt Beland is the CEO of Smooth Sailing Solutions, Inc. He’s an industry-leading IT and security professional with 20 years of experience in the field. One of his main roles has been that of education and awareness, delivering presentations and training dozens of times per year. His experience and talents are particularly effective in helping get past the jargon and overhyped sales nonsense common in information security.  Matt sails boats.

Panelist Profiles

Mike Griffin is the Director, Information Security for Janrain, Inc. Mike is responsible for running Janrain’s information security program. Before joining Janrain, Mike developed and led the Security & Compliance programs for Circle K North America, FEI Company, Columbia Sportswear, and Harry and David.  Mike’s 23 years of experience also includes roles in Security and IT with Spirit Horse Vineyards, Tyco International and PremierWest Bank. During his career Mike has been active in professional organizations, including ISACA and ISSA, where he’s held the position of vice president of the Portland Oregon Chapter. Mike holds a Bachelor of Science in IT Security from Western Governors University and various certifications including CISSP and CISM.


Sean Hoar has extensive experience managing responses to data breaches and working with cyber insurance carriers.  As chair of the national Data Privacy & Cybersecurity Practice at Lewis Brisbois Bisgaard & Smith LLP, he manages a national breach response team and personally manages responses to data breaches on a daily basis. He also counsels businesses on best practices in information privacy and data security.  This includes incident response planning and employee/executive training on network security awareness.  He served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon, where he was the point of contact for the FBI, Secret Service and Homeland Security in system intrusions and other digital crime emergencies. He also taught courses in cybercrime and privacy law at the University of Oregon School of Law and the Lewis & Clark Law School, and he serves an executive director of the Financial Crimes & Digital Evidence Foundation. Sean holds the Certified Information Systems Security Professional (CISSP), the Global Information Security Professional (GISP) and the Certified Information Privacy Professional/United States (CIPP/US) credentials.


Amy Grant, CIPP/E, is Senior Corporate Counsel at Tripwire, Inc. Amy is the (newly-retired) Senior Corporate Counsel for Tripwire, a leader in foundational cybersecurity solutions for enterprise and industrial organizations. She has over 30 years of experience in working with technology companies at the intersection of emerging technologies and emerging laws.  In her five years at Tripwire she worked closely with the InfoSec and Security Incident Response teams to prepare for and respond to security, privacy and compliance challenges.


Xavier Clark, J.D., CIPP-US, attorney with Schawbe Williamson & Wyatt. Xavier brings unique experience working at the intersection of legal issues and the technology industry. Proficient in most commonly used regulatory frameworks, Xavier leverages his prior in-house experience focusing on privacy, security and commercial contracting for companies in the technology and healthcare industries. He enjoys helping clients understand and comply with their obligation for the proper handling and use of data in day-to-day business operations.

Management Accepts the Risk: A Tabletop Exercise in Risk Management

Everybody talks about risk management, especially when it comes to complying with regulatory requirements. In this session, we’ll explore what it’s actually like to make choices in a risk management context – and potentially suffer the consequences. An interactive role-playing session, this will require you to bring your critical thinking skills and appetite for risk – and maybe a blessing from Lady Luck.

Attendees will be able to collaborate with their peers seated at their table (team) during this tabletop exercise. Each table will represent a separate organization and roles will be assigned for each person (C-suite, CEO, COO, Sales and Marketing, CIO, CISO, etc.). Scenarios will be introduced for each table to address and the teams will work together to outline the situation, discuss options, and make decisions within a time limit. Choices will cost or gain resource tokens, risk tokens, etc.

There should be time for about five different scenarios explored during this exercise. A reward will be presented to the top-scoring table or tables based on total resource tokens earned. A discussion about lessons learned and takeaways will be held at the end of the session.

Speaker Profile

Matt Beland is the CEO of Smooth Sailing Solutions, Inc. He’s an industry-leading IT and security professional with 20 years of experience in the field. One of his main roles has been that of education and awareness, delivering presentations and training dozens of times per year. His experience and talents are particularly effective in helping get past the jargon and overhyped sales nonsense common in information security. Matt sails boats.

Practitioners’ Spotlight

This panel session will feature three professionals who have unique backgrounds, represent three different organizations and industries, and practice three different specializations within the cyber security and compliance sphere. What all three have in common – they have significant influence within their organizations for managing corporate risk and privacy. They are also passionate about implementing cyber security and compliance best practices, specifically with respect to risk management and privacy matters.

During this session, these practitioners will share the key cyber security / compliance issues and challenges they are addressing relating to risk management & privacy, along with the current cyber security / compliance landscape within their industry. They will also share how their background, experience and expertise in cyber security / compliance have impacted their approach, philosophy and responsibilities within their organizations.

Panelist Profiles

Cheri Lowe, Director IT Transformation & Operations at Volt Information Sciences
(Profile coming soon)


Lisa Nicholson is CISO at PortlandLabs, a company that develops and leads concrete5, a PHP- and MySQL-based Content Management System (CMS) that powers hundreds of thousands of websites. PortlandLabs also provides hosting, support and maintenance for mission-critical websites around the world. One of Lisa’s current initiatives at Portland Labs is building a security program capable of passing FedRAMP certification. Prior to PortlandLabs, Lisa was a CISO at Janrain. Her responsibilities at Janrain included developing Janrain’s cyber resiliency, security incident management and Governance, Risk and Compliance (GRC). She also matrixed to the product team as the product security owner integral to ensuring privacy and security by design. Lisa started her cyber career as an aerospace engineering officer in the Canadian military, which allowed her to arrange security for stealth fighters, presidential and royal visits, NATO crypto codes, secure video conference links (in the days before Facetime!) and more.


Cate Gomez is the Senior Compliance Analyst & Privacy Officer for Oregon Anesthesiology Group, P.C. (OAG). OAG is the Pacific Northwest’s premier physician-owned anesthesia practice, whose anesthesiologists provide anesthesia care and services to patients in hospitals, surgery centers, and office-based practices. Cate has been with OAG for 3 years, focusing her efforts on policy and procedure development, compliance education, and auditing all aspects of OAG’s HIPAA and compliance programs.

Cate has worked in healthcare compliance for 18 years, including working for Fairfax Neonatal Associates in Fairfax, Virginia, as their Compliance and Privacy Officer, and for both Oregon Health & Science University and Legacy Health System in their respective HIPAA compliance programs. Cate holds certifications through the Health Care Compliance Association in both Healthcare Privacy and Healthcare Compliance and received her Master of Public Administration in Health Policy and Management from New York University.

Moderator Profile

Bowe Hoy is the Vice President of Sales for Sword & Shield Enterprise Security. Bowe has extensive experience helping organizations solve complex cybersecurity and compliance challenges with strategic services and solutions. He has been an active member of cybersecurity professional organizations in the Portland area for a number of years, including ISACA and ISSA. He has served in various leadership roles with the ISSA Portland chapter including vice president and president.

Closing/Raffle Drawings and Prizes