Tuesday Workshop Session 1

What Are You Doing to Get Ready for a Cyber Attack? Hopefully a Cyber Breach Exercise


Regina Phelps, EMSS

Regina Phelps

Businesses and organizations defend against unending attempts to steal their computer data or damage their systems. Few, however, have serious plans for how they will respond to the impact of an actual breach – and few stress–test those plans. Such exercises force real–time decision–making and actions in much the same way that a fire drill does, but cyber incidents are infinitely more complicated.

This workshop shows business continuity planners, crisis managers, and their IT counterparts how to stage a cyber breach exercise that will test preparedness, surface unconsidered circumstances, and sharpen the responsiveness of everyone from top executives to line technologists.

Attend this session and learn how to go about developing a realistic cyber exercise that will challenge the incident crisis management team, the technology staff, and the business units. Leave this workshop with a draft of a cyber tabletop exercise under your arm, feeling better prepared (and perhaps a bit more paranoid).

Topics covered:

  • What you need to consider when designing a cyber exercise.
  • Who you should involve in the planning.
  • What you should include in your exercise plan.
  • How to challenge everyone, not just the techies.


About Regina Phelps
Regina Phelps is an internationally recognized thought leader in the field of emergency management, pandemic, and contingency planning, consultation, training, and speaking services to clients on four continents. Phelps’ niche includes incident management team development, pandemic planning, emergency operations center (EOC) design, and the development of emergency exercises for large global companies. A partial client list includes Whole Foods Market, Visa, the World Bank, American Express, Northern Trust, Triton, IFC, Duke University, Stanford University, the California Institute of Technology, IMF, Bank of Canada, and International Paper.


Tuesday Workshop Session 2

Business Continuity Outside The Box


Ron LaPedis, Micro Focus
Laura Mosley, Southern Wine & Spirits of America

Ron LaPedisLaura Mosley BCI Certified

This workshop will take novices from 0–60 and enhance the knowledge and understanding of even the most seasoned professionals. Novices will leave this session with a firm basis for getting started in your new job and everyone will walk away with specific actions to improve your organization’s response. This workshop will help you extend your skills dealing with cyber incidents and in creating working relationships with fire, law enforcement, and other public sector professionals.

Multiple exercises and handouts will be included, and seasoned pros are encouraged to mentor the more junior attendees while everyone increases their knowledge by adding to their own toolbox. This peer–to–peer format will benefit significantly from well–prepared attendees who bring their program challenges and questions to the workshop. Attendees will all leave with new tools, thoughts and concepts to apply to their “Business Continuity Toolbox.”

Some of the topics covered:

Potential topics:

  • A self–assessment of where your organization is today
  • The six phases of building a business continuity plan
  • Recovery: RTC, RPC, RTO, and RPO – What do they mean and why are they important?
  • Supply chain considerations
  • Communications – the key to successful deployment
  • Cyber and BCP: why aren’t they talking to each other?


About Ron LaPedis
Ron LaPedis, AFBCI, sales enablement specialist at Micro Focus. He has lead or participated in the design of dozens of business continuity plans and secure networks, around the world.

About Laura Mosley
Laura Mosley is the business continuity program manager for Southern Wine & Spirits of America.


Tuesday Workshop Session 3

Workplace Violence: 10 Steps to Reduce Your Risk


David Smith, PWI

David Smith

Far too often, there is misunderstanding about what organizations can or should do to reduce and manage the risk of violence in the workplace. The good news is that much can be done to reduce the risk. Research on workplace violence has shown that warning signs and detectable inappropriate behaviors usually precede acts of violence.

This workshop will prepare participants to recognize the basic danger signals, enabling them to provide intervention or seek assistance before problems escalate. Participants will receive proven methods to combat the rising tide of workplace violence and proactive steps that can dramatically reduce the risk of litigation and future legal claims.


About David Smith
David A. Smith, founder of Professional Workplace Interaction, Inc., (PWI) is an author and highly experienced dynamic speaker. Smith has extensive experience in executive management, field operations, product launch and financial management at the corporate and small business levels. He has conducted extensive leadership, behavioral risk management, business continuity and disaster planning training for the insurance industry, corporations, private businesses, university personnel, and government agencies across the United States and Canada.


Tuesday Workshop Session 4

How To Negotiate During a Crisis– Tactics and Strategies


Jack Healey Firestorm

Jack Healey

When a crisis occurs, ultimately you will find yourself in the middle of negotiations. Whether for facilities, supplies or concessions from key suppliers, having obtained formal training in the area of crisis negotiations will benefit you and your organization. BANTA – “Best Alternative to a Negogiated Agreement, includes; How to handle emotionally charged negotiations; How to diffuse a hostile counterpart, and how to conduct multi–dimensional negotiations. This workshop will use role playing, video and informational outlines. Participants will learn proven methods developed by negotiation professionals. Who should attend? Anyone who anticipates being part of multi– dimensional negotiations as a result of a crisis or disaster and needs to be prepared.


About Jack Healey
Jack Healey, CPA, CFF, CFE, managing director business crisis practice, Firestorm.


Tuesday Workshop Session 5

Assessing Residual Risk in Your BCM Program


Michael Herrera, MHA

Michael Herrera

You have addressed compliance but do you know where your greatest residual risk (RR) lies in you program? Residual risk is defined as the risk remaining after all mitigating actions have been taken into consideration.

In this workshop, we cover the steps to assessing residual risk in your BCM program at a recovery plan level. We will address management risk appetite, plan mitigating controls. weightings and calculation of the residual risk in your recovery plans and whether its within or outside management’s tolerance. The results of this assessment give you the opportunity to identify where your greatest exposures exist as well as where you may have over planned. Its time to know where your greatest risks lie and where you can rest easy.


About Michael Herrera
Michael Herrera is the chief executive officer of MHA. In his role, Herrera provides global leadership to the entire set of industry practices and horizontal capabilities within MHA.


Tuesday Workshop Session 6

BIA for Financial & Healthcare: How to Leverage Differences


Joe Layman, Molina Healthcare
Susan Zielan, CoreLogic, Inc.

Joe LaymanSusan Zielan

In this workshop, presenters will share their experiences on how they leveraged the overlap and differences between the healthcare and financial industries to simplify their BIA processes. They will share some take home tools and outline how they overcame the challenges and concerns of similar yet different compliance and regulatory requirements to focus on the basics addressing people, processes, downtime, and criticality.

This workshop will address various strategies, including relocation vs. workload transfer, that make sense for your industry and program.

The presenters will also compare and contrast OCC and FFIEC as well as state, federal, and local laws and guidelines using a streamlined approach that is highly successful with business unit leadership and subject matter experts.

The final part of the session provides an example of how participants can adapt the process to their industry to add value for their business units and their business continuity program.


About Joe Layman
Joe Layman is the director, business continuity management for Molina Healthcare and oversees the business continuity ream. His background spans across the primary functions of business continuity management; emergency management, and disaster recovery. He has a BS in business Administration, a Masters in Information Services and has numerous certifications in business continuity / disaster recovery, OSHA, ICS. Layman serves on the board of directors for the Orange County Association of Contingency Planners (ACP).

About Susan Zielan
Susan Zielan, CBCP, is the business continuity manager for CoreLogic, Inc.

About Tuesday Workshop Sessions

Tuesday Workshop Sessions are held on Tuesday September 20, 2015, 3:00 - 5:30 p.m.

These interactive sessions allow attendees to explore topics in-depth. Choose one session. Sessions are rated according to experience levels.