Archive

Jim Mirochnik is a certified PMP, QSA, ISO 27001 Auditor. Jim is a Board Member of The DoCRA Council and a contributing author of the CIS RAM (Center of Internet Security Risk Assessment Method). He is an innovative business leader with over 25 years of technology and management consulting experience. Jim holds a double-concentration MBA in Finance and Marketing from the University of Chicago Booth School of Business. He has architected and been accountable for large-scale technology programs exceeding $100 Million in budget.

SPEAKING ENGAGEMENTS

CAMP IT:  The New SEC Cyber Security Rule – What EVERY Company Needs to Do Now! October 3, 2023

Compliance Week: Five Deliverables Every Security Team Needs to Survive, Thrive and Comply with the new SEC Cybersecurity Rule Aug. 15, 2023  |  Recording of Presentation

RSA CONFERENCE 2022: A Proven Methodology to Secure the Budget You Need in a Transforming World  June 7, 2022  |  Recording of Presentation

RSA CONFERENCE 2020: Securing the Budget You Need! Translating Security Risks to Business Impacts.  Feb. 28, 2020 – Friday, San Francisco

CAMP IT CONFERENCE: IT Leadership & Digital Transformation Strategies  How to Secure the Budget You Truly Need – Translating Technology Costs to Business Impact

CAMP IT CONFERENCE: Enterprise Risk / Security Management  The Industry Risk Assessment Dilemma and the Solution

With a background in cyber security, networking, application development, audit, project management, and consulting, Terry has a unique skill set in providing strategic advice to clients. Terry is a Board Member of The DoCRA Council and a contributing author of the CIS Risk Assessment Method (RAM). Terry is a CISSP, CISA, PCI QSA, and ISO 27001 Auditor with over 25 years of experience in IT and Security Consulting. He Graduated from the University of Wisconsin with a B.S. in Computer Science.

SPEAKING ENGAGEMENTS

ISACA North Texas: Things You Can Do Now To Survive A Breach.| December 15, 2023

ISACA Chicago Convergence 2023: Complying with the new SEC Cybersecurity Rule – Five Deliverables Every Cybersecurity Team Needs to Survive, Thrive.| Septmber 27-28, 2023

Midwest Cyber Security Alliance (MCSA): Cyber Insurance Readiness: Preparing For Your Next Renewal | June 14, 2022

ISSA – Milwaukee: Cyber Attacks, Data Breaches, Russia – Ukraine Conflict, Ransomware Prevention, Cyber Insurance Readiness, Updates on Privacy and Security Regulations, Proposed legislation (SEC proposed Rules for CyberSecurity Risk Management), Updates on Security Standards (PCI DSS v4, CIS RAM v2.1), Industry Trends (threats that have led to notifiable breaches) | May 10, 2022

Wisconsin Health Information Management Association (WHIMA): Take Cybercare:  Practicing Duty of Care to Protect Patient Data and Manage Risk | May 12, 2022

Midwest Cyber Security Alliance (MCSA): You’re Expected to Know and Disclose the Foreseeable Cybersecurity Threats that Face Your Organization and Reasonably Defend Against Them: How Do You Do This? | Nov 16, 2021

(ISC)² Silicon Valley Chapter: The 8 Questions a Judge Will Ask You After a Data Breach  | Nov 9, 2021

SecureWorld Remote Sessions  Data Privacy Hardship? Data Privacy Experts Field the Tough Questions

Midwest Cyber Security Alliance (MCSA) They Know You Can’t Get to 100% Compliance … and That’s Okay (HIPAA, CCPA/CPRA, GDPR, 23 NYCRR Part 500, CMMC, PCI, FISMA, FERPA)

BDO Alliance USA BRN “Managing Cyber Risk with the Remote Workforce”

Infragard SuperCon
Getting to Reasonable – What regulators and judges want to see from every organization

Infragard
Duty of Care Risk Analysis, defining “Reasonable Security”

(ISC)² Security Congress
The Questions a Judge Will Ask You After a Data Breach – What is Reasonable?

American Health Lawyers Association (AHLA)
Webinar: Duty of Care Risk Analysis (DoCRA) “Adopting Duty of Care Risk Analysis to Drive GRC”

CAMP IT Conference
Duty of Care Risk Analysis: “Getting consensus from legal, information security, and executive management.”

ISSA (Information Systems Security Association)
Duty of Care Risk Analysis: “Getting consensus from legal, information security, and executive management.”

The University of Wisconsin E-Business Consortium
Duty of Care Risk Analysis (DoCRA)

Health Management Academy
Risk Analysis 2.0, Health Care Data Security in the Age of Risk

Midwest Cyber Security Alliance (MCSA)
Duty of Care Risk Analysis: Leveraging the New Risk Assessment Method to Reduce Liability
The California Consumer Privacy Act (CCPA): Applicability, Requirements, and Practical Tips on Compliance

David is a PMP and ISO 27001 Auditor with has over 20 years of information technology experience with 10 years in information security-related fields. He is a partner and COO of HALOCK Security Labs and a Board Member of The DoCRA Council. David is a contributing author of the CIS Risk Assessment Method (RAM).  David is responsible for leading complex engagements, performing risk assessments, policy development, risk and audit methodology creation, and security awareness training. David has a Bachelor of Arts in Cognitive Science from Northwestern University.

Chris Cronin is an ISO 27001 Auditor and has over 15 years of experience helping organizations with policy design, security controls, audit, risk assessment and information security management systems within a cohesive risk management process. Chris is Chair of The DoCRA Council and the principal author of CIS Risk Assessment Method (RAM). Chris is also a member of The Sedona Conference, Data Security and Privacy Liability – Working Group 11 (WG11).

He is a frequent speaker and presenter at information security conferences and events. Chris earned his Masters of Arts from Case Western Reserve University.

SPEAKING & PANELIST ENGAGEMENTS

SGS Certification Solutions: Meeting New Regulations Adopted by the SEC in 2023 | Thursday, September 28, 2023 2:00 PM Eastern Daylight Time

Archive360 Podcast: What is “Reasonable Data Security”? 

MER Conference: Defining “Reasonable Security Measures” When it Comes to Data Protection | Wed May 11, 11:00 AM – 12:00 PM EDT / 10:00 AM – 11:00 AM CDT 

Cleveland-Marshall College of Law – Cleveland State University: 2022 Cybersecurity and Privacy Protection Conference | May 19-20, 2022

Center for Internet Security, Inc. (CIS®) Podcast: Conceptualizing Reasonableness for Risk Analysis

RIMS 2022: The Questions a Judge Will Ask You After a Data Breach | April 11, 2022

Center for Internet Security, Inc. (CIS®): CIS Risk Assessment Method (RAM) v2.1 for Implementation Group 2 (IG2) Workshop | Tuesday, February 8, 2022 | 2:00 p.m. EST

Midwest Cyber Security Alliance (MCSA): You’re Expected to Know and Disclose the Foreseeable Cybersecurity Threats that Face Your Organization and Reasonably Defend Against Them: How Do You Do This? | Nov 16, 2021

The Center for Internet Security, Inc. (CIS®): CIS Risk Assessment Method (RAM) v2.0 Webinar | Nov 17, 2021

RSA Conference 2021: Forecasting Threats is Way Easier Than You Think | May 18, 2021

RSA Conference 2021: Your Breached Controls May Have Been Reasonable After All | May 19, 2021

National Foundation for Judicial Excellence (NFJE) 2020 Annual Judicial Symposium Law in the New Age: How Automation and Artificial Intelligence Will Change Judging in Substance and Procedure  |  Judging Efforts to Protect Personal Information: What Test Should Apply? | Oct. 15, 2020

Cyber Security Summit: Denver Threat Forecasting – Using Open Source Data to Foresee Your Next Breach | Sep 10, 2020

Cyber Security Summit: Chicago CMMC and CCPA. Using Duty of Care Risk to Comply With New Challenges | Sep 1, 2020

Cyber Risk Podcast Can DoCRA Duty of Care Risk Analysis tell you if your cybersecurity controls reasonable? | Aug 4, 2020

Federal Trade Commission Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule | July 13, 2020

NetDiligence Cyber Risk Summit 2020  What is Reasonable Cyber Security? | July 7, 2020

The Sedona Conference Online Meeting for Draft Commentary on Proactive Privacy and Data Security Governance | June 24, 2020

CyberNext Summit 2019 – KuppingerCole Analysts  The Questions A Judge Asks You After a Data Breach | Gallery

CUNA (Credit Union National Association) Technology Council Conference  The Questions a Judge Will Ask You After a Data Breach – A Panel Discussion

Cyber Security Summit: Chicago 2019 Reasonable Security in the Age of Risk | Gallery

ITAC: W3 The Cycle of Cybersecurity  Integrating Cyberdefense into your Risk Decision-Making Process

Cleveland-Marshall’s Cybersecurity and Privacy Protection Conference Cyber Risk Management (or How to Comply with Everything)

Compliance Week Webinar The Questions A Judge Asks You After a Data Breach

NIST Cybersecurity Risk Management Conference 2018  Evaluating “Reasonable” Cyber Risk Using the Center for Internet Security Risk Assessment Method

CIS RAM ((Center for Internet Security Risk Assessment Method) Workshop Live & Webinar

Cyber Security Summit: Chicago 2018 CIS RAM: This Math will Save You

CIS Controls v7 Launch | Gallery

Ryan is a PMP, CISSP, and CISA and leads the penetration test practice for HALOCK Security Labs. He has conducted thousands of assessments for companies of all sizes across many industries. Ryan has over 25 years of practical experience within the information security field, the majority in professional services.

In his position as the Practice Lead for Engineering and Investigations with HALOCK, Erik leads a team of highly skilled Security Engineers and Forensic Analysts whose primary focus is the analysis, architecture, deployment, and management of effective security solutions, and Incident Response and Forensic Services.

Erik’s extensive IT and Security experience includes, product evaluations, engineering of solutions, leading complex deployments, project and program management, and development of security strategies for global customers.

Erik graduated from Loyola University of Chicago with a Bachelor of Science in Biology.