Shared Assessments’ 14th Annual Summit began with a welcome from Catherine A. Allen, Founder, Chairman and Interim CEO. 2021 is the 25th anniversary of the Santa Fe Group – both the Santa Fe Group and Shared Assessments remain firmly rooted in experience and connection, taking a community-based approach to solving for and sharing best practices for professionals in the security and risk industries.
This past year, Shared Assessments brought together communities of risk professionals for information sharing and best practices through Online On-Demand Certification Courses, Tool Developments, and Webinar Programming, past and future.
In response to the need for corporate boards to manage risks, Santa Fe Group launched The Board Risk Committee, a new non-profit peer exchange for corporate board directors. The Board Risk Committee aims to keep board directors abreast of emerging risk issues and governance best practices through educational materials, events and publications including the Board Risk Report.
Within Shared Assessments and across the risk and security fields, this past year has emphasized connection. How do we as professionals connect with each other? How do we connect with our vendors to find risk assurance? How do we connect with the global economy? Summit 2021 seeks to answer these questions.
Lifetime Achievement Award
Shared Assessments celebrated Joyce Brocaglia, CEO of Alta Associates, for her contributions to the fields of security and risk. Brocaglia earned the Lifetime Achievement Award through her notable work as a consistent champion of women in the security industry, including founding the Executive Women’s Forum.
The Big Breach
Melissa Hathaway, President of Hathaway Global Strategies and Former Cybersecurity Adviser to Presidents Obama and George W. Bush, spoke to the ”what”, “when” and most importantly the “so what” of the Solarwinds attack which came to light in December 2020. Hathaway emphasized both the sophistication of the attack and the weakness of cybersecurity practices within the 18,000+ organizations impacted by the attack. Hathaway presented questions to ask of software provider vendors, recommending penetration testing and code testing, as well as a developing a responsible cadence for fixing vulnerabilities.
Jim Routh, former recipient of the Shared Assessments’ Lifetime Achievement Award, hosted the CISO Panel as moderator, nodding to the previous session by asking CISOS to comment on the impact of the Solarwinds Attack.
Quotable and notable CISOs involved with the panel included Edna Conway (VP, Chief Security and Risk Officer, Azure, Microsoft), Erinmichelle Perri (CISO, New York TImes) and Dawn Cappelli (VP of Global Security & CISO, Rockwell Automation).
The CISOs discussed how to look at our organizations holistically – internally and across our third party ecosystem, broadening our thinking on the supply chain and integrating real-time monitoring as a best practice. The idea of a more universal system of understanding organizations’ risk posture and security standing was also discussed.
Moderated by Nasser Fattah, Executive Adviser of RiskLogix LLC and Chair of Shared Assessments’ Steering Committee, this panel addressed nearly all the topics introduced in Summit 2021 Day 1. As the threat landscape drives TPRM concerns, there is the need to understand and get more insight into the ecosystem. Enterprise risk management systems and strategically applied continuously monitoring are especially important.
Victoria Yan Pilliterri of NIST lent her regulatory perspective to the panel. Ron Bradley, Governance, Risk & Compliance Leader at Bradley Consulting, spoke from a manufacturing perspective. Michelle Evaul, Managing Director of TPRM at BlackRock, contributed her depth of experience.
Moderated by Atul Vashistha, Chairman of Supply Wisdom, this panel explored how and why ESG should be top of mind for corporate boards today. From climate change, social justice, sustainability to diversity, equity and inclusion issues, this panel addressed what boards and third party risk executives should be discussing.
Vashsistha reviewed the Top 5 Global risks in terms of likelihood of occurrence, pointing out that all are ESG related: extreme weather, climate action failure, human environmental damage, infectious disease and biodiversity loss. Vashista also touched on Biden’s executive orders around climate crisis, supply chains and SEC examination priorities focusing on climate-related risks.
Diane T. Ashley, CEO of DTA Diversity Counts, pointed out that recruiting from a diverse body of people will enable a greater range of capability and thought. Ken Bruder, Co-Founder and COO of The Climate Board, described an increasing need for environmental metrics to be reported to boards. And, Ivan PooranPabon, Global Senior Risk Manager of Guardian LIfe, urged the importance of following through on all points mentioned in the panel – don’t just say it, do it!
Summit sponsors KPMG and OneTrust both presented compelling case studies on efficiencies in risk. Both organizations focused on practical ways to implement automation to ongoing TPRM practices.
As Summit sessions ended, attendees departed to various breakout sessions including:
- Simplifying and Implementing the Usability of the Tools Breakout Session
- Virtual Assessments – The New Reality Breakout Session
- Managing the TPRM Workforce – Diversity, Equity and Inclusion (DEI) Breakout Session
- Continuous Monitoring Breakout Session