CypherCon 2024

Healthcare presents softer targets, high value data, increased urgency to pay when patient records cannot be accessed and biomedical devices are taken offline!

Troy Stairwalt

Abstract:

Healthcare presents softer targets, high value data, increased urgency to pay when patient records cannot be accessed and biomedical devices are taken offline!

Latest statistics indicate that patient care capabilities not only plummet, but Mortality rates increase roughly 26-28% as the result of widespread ransomware attack at a hospital. No way to recover from losing human Life!

PHI Personal Health Information currently commands 50-100 times the value of our financial data on the dark web.
Margins are slim 1.5-3%, costs are rising, revenues are flat..

Healthcare has at least a Decade of cyber maturity to catch up and lacks necessary budget and expertise!

Troy Stairwalt

Cybersecurity consultant, cat-lover

With more than 25 years of information security experience, his expertise ranges from Cybersecurity Strategy, Program management, Information Security analysis and engineering, risk assessment and architecture to cyber forensic investigations. Looking for ways to empower others and give back by sharing his knowledge, Stairwalt spent several years volunteering with international experts to write, review and revise CISM and the CRISC certification exam questions, answers and plausible distractors to help the next generation of experts remain current with industry best practices. Stairwalt was also asked to provide mentorship for SANS 504 course, Hacker Techniques, Exploits and Incident Handling. In addition, Stairwalt began teaching Information Systems Security and Audit and Control courses, 554 & 454 courses respectively at University of Akron in January of 2022.

Graduating with honors, Stairwalt obtained his master’s degree in Business Administration (MBA). His credentials include Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Insider Threat Program Manager (ITPM), Certified Information Systems (CISA), Certified Cloud Security Professional (CCSP) and GIAC Certified Incident Handler (GCIH).

Motivated individual with strong strategic, leadership and technical expertise implementing and operating security solutions in heuristic IT environments with 20 years’ specializing in Enterprise Information Security Architecture, Insider Threat mitigation, Cyber Forensic investigations , information security engineering, incident response, vulnerability assessments, security operations, audit – regulatory response and IT risk management. Successfully managed Information Security Unit comprised of 24 direct reports for fortune 300 full line insurance Corporation for 5+ years.  Managed Cyber Forensic Unit for fortune 100 financial services company.  Proven ability to establish strong working rapports and manage relationships to help achieve business objectives.  Leveraged ISO 27002, NIST standards, CobIT and ITIL frameworks to successfully establish policies, standards, and controls required to implement and manage an Information Security program for fortune 100 financial services firm.  Managed the associated risk and successfully demonstrated adherence to Industry standards and regulatory mandates including FFIEC, NYDFS, PCI, NACHA, HIPAA, GLBA, NAIC – MAR ,SOX, etc. for both insurance and financial services industries.