Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

Healthcare Lightning Summit

  • Wednesday, May 19, 2021 at 11:00 AM EST (2021-05-19 15:00:00 UTC)
  • Doc Blackburn, Lance Spitzner, Jason Tugman, Ryan Chapman, Samara Williams, Greg Porter

You can now attend the webcast using your mobile device!



The targeting and theft of sensitive health information continues to be a challenge. Increased regulation combined with a dynamic threat landscape requires health care leaders to have a clear understanding of relevant legislation and how to measurably defend patient data and related systems. This Lightning Summit aims to provide a quick readout from leading experts and support you with practical advice for stopping even the most advanced attacks that may target your health care organization.

Talks include:

Overview and Intro - Doc Blackburn @DocBlackburn

Recruiting & Retaining Cybersecurity Talent in Healthcare Organizations, Samara Williams, Manager - Threat Operations, Cardinal Health

Applying Cyber Hygiene to Defend Health Care Data and Systems, Greg Porter, Founder, Allegheny Digital

Healthcare and the Human Risk - Lance Spitzner @lspitzner

Improving the Cybersecurity Control Handshake Between Medical Device Manufacturers and Hospital Networks - Jason Tugman @JasonTugman,

Ransomware Defense 101: A Simple Action Plan - Ryan Chapman

Building a Healthcare Security & Compliance Program - DJ McArthur @djmca5280

Proper Past Password Policies Prevent Potential Present Panicking: Preventing Password Spraying and Credential Stuffing Attacks Against 1FA Services - Jeff McJunkin @jeffmcjunkin

Speaker Bios

Doc Blackburn

Starting in the year 2000, Doc ran a successful IT consulting, hosting, and design firm for 10 years until he found his passion was in IT security and compliance. His well-rounded IT experience includes hardware, software, network design, project management, administration, programming, systems security, and compliance frameworks. He has vast experience at various levels of information technology from technical support/help desk positions to security leadership roles.

He has been heavily involved in the technical design and implementation of NIH approved FISMA compliant information systems. His current work has focused on HIPAA, FERPA, PCI DSS, GDPR, and FISMA compliant systems with an emphasis on IT risk management in enterprise environments. Doc maintains over a dozen IT and security certifications along with a Bachelor's degree from the University of Arizona in 2002. He currently leads the Risk and Compliance efforts for the University of Colorado Denver | Anschutz Medical Campus.

Lance Spitzner

Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture and awareness training and is a SANS Senior Instructor. He helped pioneer the fields of deception and cyber intelligence with his creation of honeynets and founding of The Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries, and helped over 350 organizations build awareness programs to manage their human risk. He is also on the Board of Advisors for Attivo Networks. Lance is the author and an instructor for MGT433: Managing Human Risk: Mature Security Awareness Programs, and MGT521: Leading Cybersecurity Change: Building A Security-Based Culture, and built the SANS Security Awareness business unit from the ground up over the past 10 years. With the catalyst of COVID-19, Lance created multiple resources for securing humans from home, from those working remotely for the first time or managing newly remote teams, to children learning and playing online. Read more about Lance here.

Jason Tugman

Jason Tugman is a medical device cybersecurity consultant and is a self-described cyber-policy wonk. He has contributed to multiple national and international cybersecurity standards for the healthcare, electric, and oil/gas sectors. Jason has presented at SANS ICS Summit, U.S. Post Office HQ, MITRE, NIST, and FDA, but his most requested talk is about his days working on the Oprah Winfrey Show “What Oprah and Beyonce’ Can Teach You About Password Security.” Jason holds his CISSP and CRISC and is a veteran of the United States Marine Corps.

Ryan Chapman

Ryan Chapman, Principal Incident Response Consultant for the BlackBerry Security Services Team, is an IR consultant with roots in SOC and CIRT work. He handles incidents requiring network activity analysis; researching host and network IOCs; hunting through log aggregation utilities; sifting through packet captures; analyzing malware; and performing host and network forensics. Ryan is also the lead organizer for CactusCon, teaches FOR610 for SANS, and is writing a new ransomware-based course for SANS. He also spends time with his family and plays plenty of Street Fighter. Hadouken!

Samara Williams

Samara grew up in a blended family in South Texas. Throughout most of her childhood and a couple of years in college she played basketball, it was her life. Soon she would move on from basketball tunnel vision and grow an affinity for technology. After completing a degree in Information Technology with a specialization in Cybersecurity, Samara moved from South Texas to Central Ohio to pursue a Cybersecurity career. Currently, Samara is a Manager of Threat Operations at Cardinal Health, focused on proactive action and defense-in-depth improvement. She specializes in threat intelligence, vulnerability management, technical risk communications as well as program design and development.

Samara is passionate about relationship building, public speaking, giving back to the community, and encouraging women and minorities in STEM. This passion lends itself to the various extra curriculars that she is involved in such as: Treasurer of the International Consortium of Minority Cybersecurity Professionals - Columbus Chapter (ICMCP-CBUS), Founding member of the EmpoWE-R Women of InfoSec, and volunteer mentor for Franklin County Children Services. When she is not working and/or volunteering, you will find her at a metro park, binge-watching a Netflix/Hulu series, or cooking a family meal. Samara has aspirations to be a fearless and innovative leader who inspires others to find their purpose. TEDx Columbus:

Greg Porter

Greg Porter has both led and delivered comprehensive assessment activities that monitor, test, and audit the effectiveness of information system security controls. For the past several years, he has assisted organizations across the health care spectrum, ranging from integrated health care providers and community hospitals, to biotech and pharmaceutical based organizations. Greg is also the founder of Allegheny Digital, an information security consultancy specializing in enterprise risk management, incident response, and threat monitoring. Greg graduated from the University of Pittsburgh, received his master\'s degrees from Carnegie Mellon University, and holds a number of professional certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.