Business-Focused
Business Focused
Healthcare organizations, businesses, and local governments are all common targets of online crime. Our programs bring business leaders from across industries together to collaborate with our students and faculty on timely solutions to cyber and national security concerns.
Podcasts
The Uber Case
Eclipz CISO and The Cybersecurity Vault video podcast host Matthew Rosenquist, and Kevin Powers, founding director of the M.S. in Cybersecurity Policy and Governance program, dissect the recent conviction of the Uber CISO.
Events
Cyber and National Security Programs Webinar Series 2023-2024
Cybersecurity Policy & Artificial Intelligence (AI): Frameworks, Enterprise Risk Management, and a Pathway Forward
October 11, 2023
Co-Hosted with Boston College ITS
Every day the headlines announce how Artificial Intelligence (AI) will impact and change all aspects of business in the coming years, especially as it relates to the cybersecurity regulatory, governance, risk management, and compliance landscape. On top of that, as noted by Forbes, cyber-criminals are using AI to conduct sophisticated attacks on organizations, as “AI and Cybercrime Unleash a New Era of Menacing Threats” (e.g., deepfakes, ransomware, business email compromise, supply chain attacks, fraudulent transactions, etc.). According to IBM Security, the average cost of a data breach in the United States is $9.48 million, which is more than double the average global figure. For most organizations, the stakes can be even higher, as they will have to defend their data privacy and security AI policies and practices in enforcement actions brought by the varying federal, state, and international regulators, as well as in class action and shareholder derivative lawsuits.
What to do?
In our webinar, we will cover the latest updates on AI security and privacy regulations and frameworks, as well as the compliance and mitigation strategies that can help U.S. companies navigate the tangled legal web and develop an effective GRC program by using a risk-based approach to cybersecurity to not only successfully protect their business operations, non-public sensitive data, and bottom lines, but also respond to, mitigate, and recover from a data breach.
Welcoming:
Mike Bourque
Vice President & CIO, ITS
Boston College
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Panelists:
Phil Aldrich
Chief Operating Officer, Verterim
Adjunct Faculty, CPG Program
Etay Maor
Senior Director, Security Strategy, Cato Networks
Adjunct Faculty, CPG Program
Thom Shola
Chief Risk Officer, Northern Bank
Adjunct Faculty, CPG Program
ReadySetCyber: "Schools are Prime Targets for Cyber-Attacks - Can We Do Better?"
October 2023
Moderator:
Darren Mott
FBI Special Agent (ret.) - the “The CyBUr Guy"
Panelists:
Professor Kevin R. Powers, J.D., Boston College
Professor Randall Trzeciak, Carnegie Mellon
Evan Rice, GuideStar
Heath Spencer, TraitWare
Cyber and National Security Programs Webinar Series 2021-2022
Cybersecurity: How to “Manage” Cybersecurity Managed Services
Tuesday, March 29, 2022
It is estimated that there will be 3.5 million cybersecurity job openings in 2025 and, by some estimates, the global cybersecurity workforce needs to grow at 145 percent each year simply to keep pace with the demand for skilled talent. All of this while each day there is a headline grabbing news piece involving another cyber-attack resulting in the theft of digital information (e.g., sensitive and private personal data, intellectual property, trade secrets, financial information, classified and confidential materials) or the disruption of government and business functions).
To address this urgent issue, many private and government entities are looking to cybersecurity “managed services” to bridge the skills gap and to assist them with their cybersecurity postures. However, with all of the services and products currently offered in the market, what is best for you and your organization will vary depending on your unique circumstances and cyber-risks. What to do?
In our webinar, we will identify, differentiate, and discuss the varying managed services offered (e.g., MSSP, MDP, SIEM, vCISO, incident response, cloud security, etc.) and provide practical insights, guidance, and best practices for organizations as they look to managed service providers to assist them in designing and developing a robust cybersecurity and data privacy program to protect their business operations and their customers’ data.
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Guest Speakers:
Jay Pasteris
CIO & CISO
GreenPages Technology Solutions
Jennifer McLarnon
Security Consulting Senior Manager
Accenture (former CIO, Boston College High School)
Cybersecurity: The Role of Venture Capital & Trends for 2022 and Beyond
Tuesday, January 25, 2022
We have seen a significant increase in cybercrime and headlines filled with attacks that have stolen digital information or caused the disruption of government, business, and supply-chain functions. It has been devastating in many regards, but we have also seen a new, unprecedented age of innovation. Venture capital funding has poured into cybersecurity companies at a record pace, helping drive the next generation of cybersecurity technologies to combat today’s threats and narrow the talent shortage gap.In our webinar, our guest expert, who invests in and advises late-stage and growth companies, will discuss the role of the VC (from “soup to nuts”) in cybersecurity and data privacy as well as various trends for 2022 and beyond.
Guest Speaker:
John Cordo
Principal
NightDragon
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Managing Cybersecurity Risk: You are the Target – How to Protect Your Organization Against Social Engineering Attacks
Tuesday, November 16, 2021
The vast majority of cybercrimes contain an element of social engineering (e.g., business email compromise, phishing, spear phishing, whaling, vishing, SMiShing, pretexting, etc.). In fact, it is estimated that 98% of cyberattacks are launched through social engineering. Every day the headlines broadcast another cyber-attack on an organization resulting in the theft of digital information (e.g., sensitive personal or healthcare information; intellectual property; trade secrets; and confidential business, financial and legal information) or the disruption of government and business functions. According to IBM Security, the average cost of a data breach in the United States is $8.64 million, which is more than double the average global figure. For most organizations, the stakes can be even higher, as they will have to defend their data privacy and protection policies and practices in enforcement actions brought by the varying federal, state, and international regulators as well as in class action and shareholder derivative lawsuits. What to do?
In our webinar, we will cover social engineering, focusing first on the cyber-threat actors, the threat vectors, and the varying methodologies used to conduct a social engineering attack. While using practical examples, our panel of experts will then discuss: how a social engineering attack can unfold; the key research and data on such attacks; security community preparedness; and how organizations can protect their business operations and sensitive data from social engineering attacks through recognized, industry best practices.
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Panelists:
Karen Kukoda
Vice President, Strategic Partnerships
SafeGuard Cyber
Jennifer McLarnon
Security Consulting Senior Manager
Accenture
Amanda Tucker, CRCM, CAMS, CICA
Chief Risk and Compliance Officer
Atlantic Bay Mortgage
Managing Cybersecurity Risk: Designing and Implementing an Effective Governance, Risk, and Compliance (GRC) Program
Tuesday, October 19, 2021
Every day the headlines broadcast another cyber-attack on an organization resulting in the theft of digital information (e.g., sensitive personal or healthcare information; intellectual property; trade secrets; and confidential business, financial and legal information) or the disruption of government and business functions. According to IBM Security, the average cost of a data breach in the United States is $8.64 million, which is more than double the average global figure. For most organizations, the stakes can be even higher, as they will have to defend their data privacy and protection policies and practices in enforcement actions brought by the varying federal, state, and international regulators as well as in class action and shareholder derivative lawsuits. What to do?
In our webinar, we will cover the latest updates on security and privacy regulations, as well as the compliance and mitigation strategies that can help U.S. companies navigate the tangled legal web and develop an effective GRC program by using a risk-based approach to cybersecurity to not only successfully respond to, mitigate and recover from a data breach, but also to protect their bottom lines.
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Panelists:
Phil Aldrich
Director
Enterprise Risk Management & Governance, Risk, and Compliance
Dell EMC
Padraic O'Reilly
Co-Founder and Chief Product Officer
CyberSaint
Cybersecurity Risk Management: Ransomware Planning, Response, Mitigation, and Recovery
September 16, 2021
Each day there is a headline grabbing news piece involving another ransomware attack resulting in the theft of digital information (e.g., sensitive and private personal data, intellectual property, trade secrets, financial information, classified and confidential materials) or the disruption of government and business functions. Nation-states, terrorists, hacktivists, and cyber-criminals are relentless. Companies are told "it's not a matter of if, but when" they will be attacked by ransomware and held hostage until they pay millions to “maybe” get their network systems running again and data back. Compounding that, federal and state regulators are stepping in with new requirements and hefty fines and penalties, mandating companies in all sectors to address cybersecurity with little, if any, real guidance on how to do so. What to do?
In our webinar, we will discuss how organizations can develop an effective cyber-risk management strategy, based on “lessons learned” and industry best practices, to not only plan for, but measure their readiness, to successfully respond to, mitigate, and recover from a ransomware attack to protect their business operations, customer and employee sensitive personal data, and other confidential and proprietary information.
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Panelists:
Doug Domin
Supervisory Special Agent
Criminal Cyber Squad (CY-2)
Federal Bureau of Investigation (FBI), Boston Division
Simon Taylor
CEO & Founder
HYCU, Inc.
(Backed by Bain Capital Ventures)
Cyber and National Security Programs Webinar Series 2020-2021
Cyber Deception: Addressing the Demand Side of Cybersecurity
May 12, 2021
Over the last 40 years, traditional computer security has not properly examined cyberspace as an economic model, the security of which is driven by forces of supply and demand. To date, cyber defenders have focused only on limiting supply (or decreasing the availability) of intellectual property, financial data, and other cyber resources by improving cyber protections. Our adversaries know that collecting data via cyber methods (versus collection via HUMINT or SIGINT) is a cheap, risk adverse, and resilient approach.
What to do? In our webinar, we discussed the need to instead focus on our adversaries’ demand signal, with the goal of decreasing demand. Cyber deception is one of the few approaches that can effectively drive down the ROI of cyber collection programs. As such, we discussed, among other things: the current issues preventing CTI programs from expanding their focus; shifting traditional INFOSEC thinking and paradigms; establishing cyber deception operations; and sharing among a coalition of the willing, so that organizations can not only protect their data, but also their business from today’s cyber-threats.
Host:
Professor Kevin R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program, Boston College
Moderator:
Doug Domin
Supervisory Special Agent
Federal Bureau of Investigation Boston Division - Cyber Crime Program
Panelists:
Dr. Stanley Barr, Ph.D.
Senior Principal Cyber Researcher
MITRE Corporation
J.R. Manes
Global Head of Cyber Intel & Threat Analysis Cybersecurity
HSBC Holdings PLC
The Intersection of Cyber & National Security: Practical Tips to Protect Your Organization
April 22, 2021
Organizations are faced with unrelenting threats from Nation-states, terrorists, hacktivists, and cyber-criminals seeking to steal their digital information (e.g., sensitive PII, intellectual property, trade secrets, financial information, classified and confidential materials) or disrupt government and business functions.
What to do? In our webinar, we will discuss the current cyber-threats to organizations and our critical infrastructure, the role of the U.S. Attorney’s Office, pertinent cyber and national security laws (e.g., CFAA, CFIUS, FCPA, OFAC advisories, etc.), and how organizations can protect their sensitive data and networks from cyber-attacks, as well as successfully navigate the complex legal and regulatory landscape to avoid civil and criminal liability.
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program, Boston College
Guest Speakers:
Mackenzie Queenin
Assistant U.S. Attorney
Securities, Financial, and Cyber Fraud Unit
U.S. Attorney’s Office, District of Massachusetts
Professor Joanna Baltes, J.D., L.L.M
Curriculum Coordinator
MS in Cybersecurity Policy & Governance Program, Boston College
(former Chief of Staff to FBI Deputy Director, former Federal Prosecutor, and former Counsel to the Assistant U.S. Attorney General for the National Security Division)
Healthcare Cybersecurity: Protecting Sensitive Data, Research, and Patients while Navigating the Regulatory Landscape
Boston College Healthcare Administration and Cybersecurity Programs Joint Webinar
March 25, 2021
Each day nation-states, terrorists, hacktivists, and cyber-criminals are targeting healthcare organizations to steal sensitive patient data, intellectual property, and research and/or to disrupt their business operations. COVID-19 has only amplified these threats and caused more challenges for healthcare organizations due to changes in HIPAA and other healthcare compliance requirements.
In our webinar, we will: discuss the varying updates and proposed changes to HIPAA and other laws affecting healthcare security and privacy; provide practical guidance for healthcare organizations to efficiently and cost effectively comply with such regulatory requirements; and outline best practices to not only protect your data and systems, but also successfully respond to, mitigate, and recover from a cyber-attack.
Welcoming:
Joni R. Beshansky, MPH, LP.D.
Director
Master of Healthcare Administration Program
Boston College
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program
Boston College
Guest Speakers:
Scott Lashway
Managing Partner, Boston Office
Co-Chair, Data Privacy & Security Practice Group
Manatt, Phelps, & Phillips, LLP
Tim Stettheimer, Ph.D.
Vice President, Education
College of Healthcare Information Management Executives (CHIME)
Adjunct Professor, Boston College
Cybersecurity: Making the Business Case for Enterprise Investment and Buy-in
February 3, 2021
Business organizations are faced with not only cyber-threats from Nation-states, terrorists, hacktivists, and cyber-criminals but also a multitude of burdensome cybersecurity requirements from Federal and State regulators to protect their digital information. With every new technology and business trend (e.g., cloud, IoT, AI, work from home, tele-health) comes the question of "how are we going to secure our data and networks?"
In our webinar, we will get "back to basics," focusing on risk management, cyber hygiene, mitigation, and resiliency by discussing how to effectively make the business case for investment in cybersecurity, including technologies, processes, and people (e.g., from the Board and senior executives to the business units to administrative and support staff), and develop and implement data security and privacy programs to protect your data and business from today’s cyber-threats.
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program, Boston College
Guest Speakers:
Thom Shola
Senior Vice President & IT Cyber Security Officer
Global Wealth & Asset Management
John Hancock Retirement Plan Services
Professor Joanna Baltes, J.D., L.L.M
Curriculum Coordinator
MS in Cybersecurity Policy & Governance Program
Boston College
(Former Chief of Staff to FBI Deputy Director)
View the slides of this presentation in PDF.
*If you need to download the free Adobe Acrobat Reader software, you can find it here.
Cybersecurity: Building Secure Technologies from IoT to Smart-Cities
December 2, 2020
Cities are becoming “smart” through digital transformation efforts in order to increase economic growth, enhance citizen and government engagement, improve the quality of life for citizens (e.g., transportation, public utilities, safety, equality, employment), and reduce negative environmental impact, among many other benefits. In our webinar, we discussed how cities and communities can, by using IoT-enabled frameworks and other best practices, develop programs to effectively address the cybersecurity issues faced by cities and communities looking to become “smart.”
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program, Boston College
Guest Speaker:
Bill Corrigan
Expert Associate Partner
McKinsey & Company
View the slides of this presentation in PDF.
*If you need to download the free Adobe Acrobat Reader software, you can find it here.
Cybersecurity Incident Response: Preparing for and Navigating a Data Breach
October 20, 2020
In our webinar, we discussed how to develop an effective incident response plan, based on “lessons learned” and industry best practices, and how to successfully respond to, mitigate, and recover from a data breach.
Moderator:
Professor Kevin R. Powers, J.D.
Founder and Director, MS in Cybersecurity Policy & Governance Program, Boston College
Guest Speakers:
Diana Kelley, Board of Governors Member, Women in CyberSecurity (WiCyS)(Former Microsoft Cybersecurity Field CTO and IBM Global Executive Security Advisor)
Etay Maor, Chief Security Officer, IntSights
Cybersecurity: Threats and Mitigation Strategies in the Age of COVID-19
August 24, 2020
Cyber-criminals are always looking for ways to take advantage of any situation and COVID-19 is no exception.
Speakers:
Professor Kevin R. Powers, J.D.
Founder and Director, MS in Cybersecurity Policy & Governance Program, Boston College
Doug Domin
Special Agent, Criminal Cyber Squad (CY-2), Federal Bureau of Investigation, Boston Division
Cyber Attack and Incident Response Simulation
IBM Security: Cyber Attack and Incident Response Simulation
Each Fall and Spring Semester
Table-top Exercises at IBM’s Cyber Range, Cambridge, Massachusetts
Boston Conference on Cyber Security (BCCS)
Boston Conference on Cyber Security
Annually
For six years Boston College and the Federal Bureau of Investigation have hosted the Boston Conference on Cyber Security, a one-day event featuring compelling lectures and panel discussions from international leaders in the disciplines of emerging technologies, operations and enforcement, and real-life cyber and national security concerns. At a time of growing concern about the vulnerability of our nation’s information systems, this conference provides an opportunity for leaders in cybersecurity from the academic, analytic, operations, research, corporate, and law enforcement arenas to come together and coordinate their efforts, creating a more secure cyber-space.
Learn more and watch the video recordings of the most recent BCCS
Georgetown Foretell Forecaster (Remote Volunteer Opportunity)
In collaboration with the Center for Security and Emerging Technology (CSET) at Georgetown University, our students provide a community of forecasters to predict trends in AI and emerging technology that will inform their policy recommendations. This is a unique opportunity to learn more about crowd forecasting and to shape the future of emerging tech policy. The most active and accurate participants will be eligible to win rewards and prizes!
All participants will have access to forecasting data that can be used for their own research purposes. This project has the potential to shape emerging tech policy for years to come and we (the CPG Program) are part of the project/team in kicking this off. If you are interested in participating, please use your "bc.edu" email address and not your affiliation with the BC Cyber Program.
You can learn more and register to become a forecaster.
The CPG Program LinkedIn Group
A professional group for Boston College students, faculty, alumni (undergraduate, graduate, and law) and friends and supporters of our Cybersecurity and National Security Programs at BC and BC Law who are interested in networking (e.g., posting of jobs and internships, industry and government events, etc.) with each other and collaborating on the varying cybersecurity issues faced by industry and governments.
ISACA CPG Student Group
With over 140,000 members worldwide, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems.
Our ISACA CPG Student Group is BC’s local chapter of ISACA New England, focusing on connecting students with opportunities in cybersecurity, information systems and technology, computer science, and business management, among others. Also, as a member of the Group you will have access to varying trainings and certifications offered by ISACA at discounted rates. For more information, please contact our Student Group President, Alison Hiatt at hiatta@bc.edu.
Fulbright Ireland-USA TechImpact Cybersecurity Scholar Program at Boston College
Fulbright TechImpact Scholar Awards are research grants for Irish citizens, or E.U. citizens resident in the ROI for 3+ years, to complete short-term, non-commercial projects and research in the U.S. These Awards are open to Professionals (no PhD required) and early career researchers with PhD conferred since 2015. They are designed to respond to the potential and pace of Information and Communications Technologies (ICT).
Kevin R. Powers, J.D.
Founder and Director, M.S. Cybersecurity Policy and Governance, Boston College
Assistant Professor of the Practice, Boston College Law School & Carroll School of Management
Kevin is the founder and Director of the M.S. in Cybersecurity Policy and Governance Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. With over 20 years of combined law enforcement, military, national security, business, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the General Counsel for an international software company based in Seattle, Washington. Along with his teaching at Boston College, Kevin is a Research Affiliate at the MIT Sloan School of Management and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent. Kevin also is a Senior Cybersecurity Advisor for Manatt, serves as a Trustee for the Board of Boston College High School, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.