

CMS Security Control Oversight & Update Training
(CSCOUT)
January 28-30, 2025
Myrtle Beach, South Carolina
​​
The CMS CSCOUT Meeting will convene as scheduled.
We look forward to seeing you in Myrtle Beach.

Todd Fitzgerald
CISSP,CISA,CISM,CIPM,CIPP/US,CIPP/E,CIPP/C,CGEIT,CRISC,PMP, and ITILv3 certified. (HITRUST and ISO27000 Certifications earned, not maintained)
Title: Cybersecurity Leadership Author, CISO Compass & The Privacy Leader Compass
​
Todd Fitzgerald promotes CISO/CPO leadership via the SCMedia CISO STORIES weekly podcast, advisory board participation, and international speaking engagements. Todd serves as VP, Cybersecurity Strategy, Cybersecurity Collaborative. Todd authored 5 books, including #1 New Release (2024) Privacy Leader Compass: A Comprehensive Roadmap for Building and Leading Practical Privacy Programs, and #1 Best-selling (2019-2023) and 2020 CANON Cybersecurity Hall of Fame book, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. Named 2016–17 Chicago CISO of the Year, Todd’s senior leadership positions include Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, Wellpoint/National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.
ABSTRACT:
Presentation Title: “Hackers Want Your Data, Lawyers Want Your Job”
​
CISOs have been in the hot seat lately, as evidenced by charges levied by the U.S. Securities and Exchange Commission in October 2023 against Solarwinds and CISO Tim Brown for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities”, in that he overstated the cybersecurity practices and understated or failed to disclose known risks.
In May 2023, Joe Sullivan, Former CISO for Uber was sentenced to three years’ probation and ordered to pay a fine of $50,000 USD, after being found guilty of two felonies, one for obstructing justice by not revealing the breach to the FTC and another for misprision (concealing a felony from authorities).
This session will discuss the current state of the CISO, these cases and their implications, the approaches the CISO should take to avoid prosecution, and the insights from the CISOs. The presenter has had one on one interviews with both the CISO from SolarWinds, as well as the Former CISO from Uber (after the conviction) and can share these perspectives. The session will be interactive as we discuss these cases, as well as the security program itself, and where else the CISO may become liable in the future.