Kevin Barnard believes resiliency is one of the most important functions of an organization because it influences all aspects of the business and is one of the most dynamic roles one can have.
Barnard, senior director in the chief innovation office at ServiceNow, helps customers strategize and build the workflow-driven Connected Enterprise. In his role, he crafts enablement materials and provides C-level guidance to organizations seeking to improve agility, visibility, and resiliency.
Before joining ServiceNow, Barnard was senior director of digital operations at GE Capital, a U.S. government-regulated financial institution where he led IT disaster recovery and IT service management. Reporting directly to the CTO, he transitioned resiliency from an IT-led conversation to a line of business-driven priority and used ServiceNow to manage various regulatory and compliance processes.
Barnard has been a hands-on practitioner with 20 years of experience in a variety of IT and senior leadership roles. He has worked in his current position at ServiceNow for three years.
Three traits – innovative, inclusive, and leading — help define him as a valued employee in the business continuity/disaster recovery profession.
He fell into the BC/DR profession “organically” and most enjoys “focusing on the value of the work” in the profession.
“It’s important work that is too often ignored,” he said, “with potentially devastating consequences. It also doesn’t hurt motivation to have regulators downstairs, as has happened to me a few times throughout my career.”
He plans to share his expertise with attendees during his Breakout Track 6 session at DRJ Spring 2021 on March 31 from 4:15-5 p.m.
His presentation is titled “You Survived COVID-19, But Are You Ready for What Comes Next?”
According to Barnard, San Francisco was shattered by a magnitude 7.9 earthquake in 1906, but it wasn’t the earthquake which destroyed the city. Instead, it was a devastating fire sparked by residents eager to use their stovetops again. The point is, it is not always the initial disaster which harms people but instead a poor response in its aftermath.
Barnard said many organizations occupy a similar position. Though most survived the initial shock of COVID-19, their subsequent processes and systems are still neither secure, resilient, not compliant. Businesses lack a cross-functional lens to facilitate enterprise-wide crisis management. As a result, organizations are vulnerable but unaware of it.
During his presentation, Barnard will highlight those vulnerabilities and offer a path forward in which business continuity and resiliency shift from reactive recovery to proactive, business-aligned scenario planning.
Barnard will use his time leading IT disaster recovery, business continuity, and crisis management at GE Capital to offer actionable tips to ensure resiliency is a C-level priority; understand and prioritize critical assets, processes, and capabilities across the organization; and shift risk and resiliency from IT to line of the business-driven.
“The big idea,” said Barnard, “is in a volatile world, disasters can occur at any time. Our disaster response strategies must reflect that via improved visibility and agility.”
Barnard said he will offer a path forward in which business continuity and resiliency shift from reactive recovery to proactive, business-aligned scenario planning.
ServiceNow is headquartered in Santa Clara with offices located throughout the world. The company has more than 13,000 employees and is growing each day due to the power of the Now Platform, which has become the standard for workflow-designed experiences and connects people, functions, and systems within a single foundation which delivers enterprise-wide digital workflows.
When he’s not working, Barnard teaches yin yoga and power yoga in the Hartford, Conn., area. He is a 200-hour Yoga Alliance Registered Yoga instructor and is certified in mindful yoga therapy for trauma and PTSD survivors. Previously, he worked as a journalist before joining the BC/DR profession.
John Beattie, FBCI, is principal consultant with Sungard Availability Services. Sungard is headquartered in Pennsylvania and has more than 1 million square feet of data centers in the U.S. and Europe. The company’s suite of production and recovery solutions deliver the resilience essentials businesses need to be available, safe, and agile.
He was self-inspired to choose the business continuity/disaster recovery field because “developing ‘under duress’ business strategies has been fascinating, while building compliance ‘check-the-box’ plans not so much.”
Beattie, who is innovative, tenacious, and focused, has held his current position for the past 12 years and been in BC/DR for a total of 18 years.
“As a consultant, I have the luxury of working across many industries which has added to the ‘fun,’” he said.
Beattie is set to co-present with Michael Shandrowski at DRJ Spring 2021 on March 30 from 12-12:45 p.m. as part of Breakout Track 3.
The pair’s presentation is titled “The Changing Face of Disaster Recovery: Are You Prepared to Recover Cyber-Compromised Data?”
According to the presenters, the face of disaster recovery is changing, and the culprit is a threat that has become increasingly common among businesses: cyberattacks and ransomware. Leading analysts say ransomware attacks have surged to become the second-leading cause of IT outages. Now that the U.S. Department of Treasury’s Office of Foreign Assets Control has issued an advisory highlighting sanctions risks for ransom payments to certain entities, investing in protecting one’s data is more important than ever before.
“Even if you have preventive controls in place to safeguard your critical data from these attacks,” said Beattie, “you need to take precautions to recover your data in the event it’s corrupted or encrypted.”
Unfortunately, traditional DR plans likely will not cut it. Recovering compromised data following a successful cyberattack is a different recovery use case and, therefore, requires a unique recovery strategy, plan, and enabling capabilities.
During this session, Beattie and Shandrowski will show attendees how to put this strategy into place by examining the changing threat landscape and highlighting key differences between DR and data recovery.
“We’ll also break down best practices for compromised data risk management, exploring everything from identifying your vital data assets (i.e., the data that absolutely must be recoverable) and the investments needed to protect them, to detecting and responding to attacks and recovering your compromised data,” said Beattie.
He said, “By understanding the differences between DR and data recovery and implementing proper CDRM, you’ll be ready to recover compromised data if you fall victim to a cyberattack.”
Attendees will gain information on how both BC/DR plans and programs need to be recalibrated for this top threat to businesses of all kinds. Without doing so, the chances of them being of value during this special “recovery case” are minimal.
Although this will be Beattie’s first time to present at a DRJ conference, he’s no stranger to presenting at large and international conferences.
“I have not attended a DRJ conference in more than 10 years, so it’s great to be back,” he said.
Beattie, CTPRP, works with companies to reduce organizational risk by establishing new BC and DR programs or transforming existing ones to improve effectiveness and address cyber-compromised data recovery.
Before working at Sungard, Beattie worked for News Corporation for five years as global director of business continuity and for 15 years at Ernst & Young as senior manager and did management consulting.
During his years of experience, Beattie has directed departments of more than 40 people and managed global projects with budgets up to $30 million.
He has a bachelor’s degree in industrial engineering and a master’s degree in computer and information science. He is also a fellow with the Business Continuity Institute. He holds a professional membership in ACP and volunteers for Red Cross’ global “mapping” project.
Shandrowski is a principal consultant at Sungard Availability Services and guides organizations in the evolution of their BC/DR programs within an everchanging threat landscape. He has experience in all phases of availability risk management.
Tim Booth chose to work in the business continuity and disaster recovery profession because of the uniqueness of the work and the ability to be knowledgeable about multiple areas of the business.
Booth has been senior risk manager for Fidelity Investments for the past seven years. Over the years, he has fluctuated between operations and BCP roles for about 20 years.
He will co-present at DRJ Spring 2021 on March 31 during Breakout Track 5 with Heather Brouder, director of Fidelity Investments Business Continuity Center of Excellence.
The duo’s presentation, “Increasing Resiliency Through Effective Communications,” is designed to help build and refine a team’s communication plans.
“We will define who should be on your lists, how to communicate with them, and tools to consider,” said Booth.
The pair want their attendees to understand the importance of having an established communication program that is scenario agnostic and well tested.
“Whether your business continuity plan is many years in the making or you are just developing initial thoughts, it is important to consider how you communicate with your employees,” said Booth. “The COVID-19 pandemic has introduced new challenges that require effective communications.”
Additionally, he said severe weather and other potential impacts still exist. The next business interruption may be just around the corner, and the time to start effective communications is now.
This will be Booth’s first presentation at a DRJ conference. He was scheduled to present at DRJ Spring 2020, but his trip was cancelled due to the COVID-19 outbreak.
As a conference attendee himself, Booth said professionals from all industries and levels of experience benefit from any of the breakout sessions.
“I have also learned about other industries outside of financial services and about some of the regulations and restrictions they must consider when building their plans,” he said.
Booth said he’s looking forward to presenting at the spring conference but also enjoys attending workshops and networking.
He said the BC/DR industry is “an industry that professionals shy away from, but on the contrary, there is a lot of great talent in this profession.”
Booth said his motivation in a sometimes-challenging profession is “the understanding that my work as a planner can be utilized at a moment’s notice so being prepared is crucial.”
His favorite aspect of working in BC/DR is getting to know various business lines and understanding their unique needs.
Booth has been in the financial services industry for his entire career. He has worked for more than 30 years at Fidelity Investments which includes customer facing, supervising, and managing teams in a multi-site capacity. He has managed multi-site groups and numerous business continuity events including technical and weather- and pandemic-related events.
He is a Certified Business Continuity Professional and earned a bachelor’s degree from Ohio State University. His professional memberships include the Business Continuity Institute, Disaster Recovery Institute, and Continuity Planners of Ohio.
In addition, Booth is an elder and deacon at Madeira Presbyterian Church. He and his wife Denise have two children, James and Elizabeth. They enjoy entertaining good friends at their home.
Previously, Booth worked in India for three months as part of a work rotation program.
Mark Carroll has 30 years of progressive disaster recovery to business continuity/disaster recovery experience across IT and risk dimensions. He is senior vice president, business risk officer, for Income Research + Management.
IR+M, a privately-owned, independent, fixed income investment management firm with 185 employees, serves institutional and private clients. The firm’s investment philosophy and process are based on their belief that careful security selection and active risk management provide superior results over the long-term. By combining the capacity and technology of a larger firm with the culture and nimbleness of a boutique firm, employees strive to provide exceptional service for their clients and a rewarding experience for their employees.
“IR+M is dedicated to delivering superior investment results and exceptional client service to help those who entrust us with their money achieve their investment goals,” said Carroll. “We aim to do this while providing a challenging, collegial, and rewarding workplace and giving back to our community.”
Carroll is a teacher and trainer. He focuses on details and has deep and diverse business experience. He has a strong work ethic. He’s been working since he was in high school and college when he ran an elevator in a local department store.
He has held his current position for the past 10 years. His current role evolved into head of IT at various organizations. Then he became more interested in risk management and recovery than core IT delivery.
A team of Department of Defense professionals introduced Carroll to the IT environment while he was in college working as an intern at a DOD datacenter, his initial entry into backup/recovery. He made a formal move into business continuity when he worked with Sungard on an initiative as head of IT operations.
Carroll said he’s always taken “the viewpoint that I want to effect change to address need, looking for my ‘fingerprints’ in the result, not my face. My motivation is in bringing the business forward via that change.”
He said his favorite aspect of working in BC/DR is exposure to all aspects of the business operation and all levels of organizational personnel.
One thing Carroll feels is misunderstood in the BC/DR profession is the scope of the overall program, both what is included and excluded in ensuring that the business can both withstand and recover, summed up in the word “resilience.”
“Often key elements are not brought forward which create a level of risk,” he said. “Conversely, key elements which need to reside within the functional organization are often ‘transferred’ to BC/DR or business risk within the organization, which is not viable.”
Carroll will share his expertise at DRJ Spring 2021 with his presentation “Feels Like Time to Test the Partnership.”
According to Carroll, interacting with a salesperson in times like these is something many people try their best to avoid.
“It’s pretty easy to engage the provider and place the order when everything is going well, but mix in real life perils and consternation and the dialogue advances to a whole new level,” he said.
Carroll will co-present this Breakout Track 5 session with Steve O’Neal of Agility/Rentsys on March 31 from 12-12:45 p.m.
The pair want their session participants to understand that business needs evolve, and vendor relationships need to be solid enough to adapt.
Although Carroll has attended and presented at numerous previous DRJ conferences, he learned that while there are unique issues based on situations and the individual businesses, there is often commonality in the needs and approach that can be leveraged. Often the vendor community is a tremendous resource for this.
Carroll’s favorite part of DRJ conferences is interacting with peers in the profession, mainly to gain new insights and ideas.
Over the years, Carroll has gained more than four decades of experience in IT and risk management, starting with his experience with the DOD at age 18. He has held leadership positions at multiple Fortune 500 corporations.
His previous work experience includes head of IT at JPStevens; director of IT for North America/Western Europe, global director, and global director of business continuity for Gillette; and viced president of business continuity for Fidelity.
Carroll has a master’s degree in finance from Babson College and a bachelor’s degree in economics and bachelor’s degree in political science from Boston College. His professional certifications include FBCI, MBCP, CISSP, CISA, PMP, CGEIT, RIMS-CRMP, OCEG, GRCP, OCEG, GRCA, Lean 6 Sigma Green Belt, Claritas CFA, and CPIM. His professional memberships include ISACA, RIMS, ISC2, APICS, and OCEG.
When he isn’t working, Carroll is chair of IR+M’s volunteer action committee. His favorite place to spend downtime is at New Smyrna Beach, Fla., about an hour east of Orlando.
O’Neal is an enterprise relationship manager for Denver, Colo.-based Agility Recovery, where he is responsible for consulting and implementing industry-leading recovery solutions for various businesses that have experienced disasters.
Selma Coutinho says 2020 will be the year no one will ever forget, including professionals in business continuity, crisis management, and security.
“None of us expected a crisis like this for nine-plus months and considering that our whole supply chain would be impacted at the same time,” Coutinho said. “Black swan? Maybe.”
She said one thing is true: business continuity management is “on spot and will evolve (for good).”
“We will need to change old biases to be prepared to deal with new challenges that will come with the emerging technologies such as IoT, automations, cybersecurity, among others,” she said.
According to Coutinho, all crises bring opportunities.
“It is up to us to seize it,” she said. “COVID accelerated the digital transformation of companies, which will require from BC and CM practitioners’ new strategies, ideas, and innovations as what we have so far, will not be enough in this new normal.”
Coutinho will present “BCM after COVID: Changes, Challenges, and Opportunities” on the first day of DRJ Spring 2021 on Monday, March 29. She will share strategies with attendees from 4:15-5 p.m. EST at Session 4 of the Breakout Track 2.
“I hope attendees can start to change their mind and see that we have several opportunities that came from the COVID crisis,” she said, “but to pursue it, we will need to change our mind first.”
Coutinho said business continuity and disaster recovery will evolve and depends on the professionals.
“This is our momentum if we would like to change the companies’ view about BC/DR and gives the right focus to these disciplines,” she said.
Coutinho is director of security operations and business continuity management at Ericsson Inc., one of the leading providers of information and communication technology to service providers.
“We enable the full value of connectivity by creating game-changing technology and services that are easy to use, adopt, and scale, making our customers successful in a fully connected world,” she said.
Ericsson is a Swedish multinational company located in more than 100 countries. Its vision and purpose are to “empower an intelligent, sustainable, and connected world.”
Coutinho has been with Ericsson for 16 years in business continuity management, information security, and security operations areas. She has been working in her current position for nearly two years. Ten of her years of work experience have been in a leadership position.
“Ericsson was the company that gave me the chance to learn during an internship and my first job,” she said. “Over time, the company has invested in me, giving me the chance to progress in my career and at the same time to know different cultures.”
Coutinho chose a career in business continuity and disaster recovery because it gives professionals the end-to-end perspective of a company. She believes not all professions offer this same perspective.
“I see BC/DR as an enabler to other security disciplines (when we understand what we are trying to protect),” she said, “and it is easier to identify the best measure to protect what is important to the company.”
She said in the country where she started her career in BC/DR, the focus is on banks and far from other industries.
“Because of that,” she said, “I usually try inspiring myself with BCI, DRJ, and other BC/DR bodies related to this profession.”
Coutinho said she is perseverant, pragmatic, and self-motivated. She believes in BCM and the many benefits it can bring to business.
“This is what motivates me,” she said.
During her years working in the BC/DR profession, Coutinho has gained visibility as well as experience in preparing and executing exercises. She also values networking.
Coutinho, MBCI, CBCP, CISSP, has a master’s of business administration with an emphasis in IT management. She is a member of the DRJ Editorial Board and the North Texas chapter of ACP. She is also a contributor of the DRJ Glossary and Career Development Streams.
She moved from Brazil to the U.S. with the goal of participating in events like DRJ’s conferences and contributing to BC/DR and security professions. She lives with her two Shih Tzus in McKinney, Texas.
Coutinho enjoys being at home but also loves to travel to different places, especially beaches.
Steven Haynes’ father started working in the business continuity/disaster recovery profession in the 1990s. When Haynes entered the military, he naturally moved to risk mitigation and planning. Once he exited the service, he served as a risk management consultant.
“And my love of all things ‘risk’ was born,” he said.
has been in the business continuity/disaster recovery profession for 15 years.
Haynes said his father and Drs. David McEntire, Alex Greer, Tristan Wu, and Haley Murphy were his inspiration to join the business continuity/disaster recovery profession.
“My kids and their friends deserve a safer, more resilient world,” said Haynes. “I see every meeting, planning session, and tabletop as an opportunity to position resources for maximum effects.”
He said it’s not known when something terrible will happen in one’s community, but when it does, “I never want to be in a situation where I could have done something to reduce the loss, but I did nothing.”
Haynes said he loves the methodological challenges of risk analysis and “what mattered yesterday might not matter today.”
Haynes, director of risk and insurance, is assistant professor of practice at The University of Texas at Dallas. He began his role as director of the risk and insurance program in August 2020.
UT Dallas, a top-tier research facility with 29,000 students, is located in Richardson, Texas.
Haynes will be presenting at DRJ Spring 2021 for the first time. His Breakout Track 5 session, set for March 31 from 12-12:45 p.m., is titled “Advanced Business Impact Analysis.”
According to Haynes, the idea is that BC professionals can effectively detect and mitigate all types of risks with surveys, loss history records, and performance metrics.
“We use historical data to predict the likelihood of future events,” he said, “but our environment is continuously changing. Never mind the inherent dependency on technology and our inability to decipher between the signal and the noise.”
So what does this mean? Organizations have an overreliance on traditional quantitative models, which is blindly leading them to failure.
“There must be a balance between quantitative analysis and qualitative interpretation to manage all risks,” said Haynes.
During his presentation, Haynes will introduce participants to the traditional business impact analysis tools and their strengths and weaknesses. Then he will teach attendees about the resiliency-based BIA and how this assessment will help increase the overall effectiveness of planners, BC programs, and tabletop designs.
Haynes will share his experiences with BIAs and walk participants through real-world examples.
“This is a session aimed at individuals looking to improve their BIA tools and BC programs,” he said. “All participants will walk away with a better understanding of planning versus response.”
Haynes’ goal is to challenge attendees’ BIA models and “look at the beauty of simplicity for planning and mitigating purposes.”
Before becoming a professor, Haynes served as a business continuity planner for Lennox International, Inc. He also worked in loss control and risk for analysis roles for insurance companies, government, and privately held organizations.
He led the USS Blue Ridge’s anti-terrorism division and has a bachelor’s in emergency management, master’s degree in organizational management, and a doctoral degree in fire and emergency management. He is a member of the Society of Risk Analysis. He has worked in 38 countries and 46 U.S. states.
Haynes is married to his best friend, and they have two children. He is a musician for FUMC Allen. When he’s not working, he enjoys traveling to Boulder, Colo.
Versatile, collaborative, and open to improvement. These traits perfectly describe Mark Hoffman, founder and president of Anesis Consulting Group, Inc.
He and wife Cheryl own and operate the boutique consulting firm based in Barrie, Ontario. The firm is located about 90 minutes north of Toronto.
Hoffman handles the customer facing consulting work while wife Cheryl takes care of back-office administration.
The firm focuses on business continuity, crisis management, and operational resiliency consulting for clients globally. These consulting engagements typically involve building or improving BCM programs, developing cyber response protocols, crisis management plans, program governance, and more.
In addition, Hoffman teaches two courses through PreparedFx: “Principles of Effective Cyber Response” and a course which prepares organizations for ISO 22301 certification.
The business’s mission is to provide world-class consulting services in a collaborative manner; injecting thought-leadership and subject matter expertise to meet the needs of the customer, following good practices and industry standards; and building relationships with clients by working with integrity and providing value to their organization.
The couple formed Anesis Consulting Group in June 2005.
Hoffman has been working in the business continuity/disaster recovery profession for nearly 25 years.
“I feel like it chose me,” he said. “I had been doing IT leadership work and seemed to always drift toward preparing for worst-case scenarios by defining disaster recovery solutions.”
He was a lead for multiple clients on the Y2K preparation. Coming out of that experience, he was hooked.
“My focus stayed on DR for several years but then expanded to business continuity and then to crisis management,” he said. “I feel like I have found what I was built to do.”
Hoffman said he understands enough about the profession to know the work he does adds value. He has one client currently who doesn’t get it.
“They don’t understand what I’m bringing to the table,” he said, “but that doesn’t change the reality of what I’m doing and I understand that. My motivation is based on me doing the best job that I can and leaving a legacy of excellence.”
Hoffman said he gets a rush when there is a major incident or crisis, and he enjoys taking a leadership role and helping teams navigate the crisis. In addition, he loves speaking and teaching on various topics.
One topic he feels is commonly misunderstood in BC/DR is IT professionals tend to think that a redundant local deployment, or clustered servers, is the same as having a disaster recovery solution.
“This irritates me,” he said.
Hoffman will share his years of experience in the BC/DR field at the upcoming DRJ Spring 2021 on March 30 from 4:15-5 p.m. His presentation, titled “Cyber Response: Anticipating Your Business Response to a Crisis,” will be part of Breakout Track 4.
This session will examine how organizations can benefit from anticipating critical components of their response protocol including key decisions which need to be made, communication requirements, navigating the privacy and legal landscape, cyber insurance requirements, and risk assessments that utilize BCM data to support their response.
Hoffman said companies have treated cybersecurity for years as a risk that IT could solve alone.
“I want people to understand BCM’s role in cyber response and how important it is to make sure business continuity and crisis management are included in the response,” he said.
This session at DRJ Spring 2021 will be Hoffman’s first time to present at the conference.
Hoffman is looking forward to sharing his expertise with DRJ attendees.
He has worked with large clients including IBM, American Express, and Air Canada, along with medium-sized companies and small organizations.
“I build and improve BCM programs,” he said. “I write plans. I lead exercises. I am just finishing a course that will make me a certified ISO 22301 lead auditor. I write, I do podcasts and webinars, and I love speaking at conferences.”
As the co-owner of his consulting practice, Hoffman said he tends to work in the role of trusted advisor with his clients and becomes part of their crisis management or leadership team. His favorite role is that of crisis support where he plays “second fiddle” to the crisis lead to guide him or her on how to navigate through the crisis.
“I often report to senior executives and I’m keen to understand their business requirements, goals, and objectives and how that should translate to the BCM program,” he said.
Hoffman, MBCI, CBCP, is a member of BCI and DRI. During 2020, he spent about 10% of his work schedule promoting and advancing the BC/DR industry through action and by speaking and writing. He formed a peer group early in 2020 to put together a return-to-office checklist. The plan was to develop a document which could be shared freely to provide planners with guidance when they built their back-to-work strategy. Those sessions not only produced a thorough checklist, but that work also kicked off a series of articles, webinars, and volunteer work which impacted several organizations.
In addition, Hoffman provided pro-bono services to a small company near him who was struggling with COVID-related practices and procedures.
When Hoffman isn’t working in the BC/DR profession, he can be found on the golf course. He recently shot his second hole-in-one on par 4.
Pandemics, floods, earthquakes, hurricanes, ice storms, tornados, and terrorist incidents.
Ashley Goosman, a business continuity and crisis management manager for Liberty Mutual Insurance, has worked through many high-profile crisis incidents and helps employees respond to and prepare for business interruptions. Her job is to provide a safe environment for all employees and enable Liberty’s global operations to run successfully or recover from disruptions. She has international experience administering Liberty’s business continuity program.
She has served with the American Red Cross’s Sept. 11 recovery program and as director of emergency management services for the Massachusetts Department of Mental Health before joining Liberty Mutual in 2012 as a business continuity project manager.
Goosman will share her expertise with DRJ Spring 2021 attendees during her “COVID-19 and Next Normal for Business Continuity” presentation on Thursday, April 1 as part of the Breakout Track 7.
During her presentation, Goosman plans to share an overview of Liberty Mutual’s approach to responding to COVID-19 and discuss the global impact of the pandemic, the “new normal,” and share her thoughts about the future of business continuity.
Since 2017, Goosman has supported the global business continuity crisis management team to lead response and recovery activities for multiple major events. She is a leader in crisis management development within the organization.
In addition, she is a member of the Massachusetts Operation Helping Hand advance team at the Mass Military Reservation for Hurricane Katrina response to support New Orleans residents airlifted by FEMA. She also served as an adjunct senior instructor for healthcare administrators and taught a graduate-level course on terrorism and disasters for seven years.
Currently, Goosman maintains the blog disasterempire.com as a way to give back and a source for disaster resilience knowledge and analysis.
She is a master business continuity professional certified by DRI International and a member of the Business Continuity Institute.
Goosman, NIMS, ICS, HAZMAT, HERT, FEMA/COOP, is a certified SAMHSA crisis-counseling trainer. She enjoys life on Cape Cod with her husband Jon, family, friends and rescue Greyhound Della.
Detail-oriented, patient, and responsive are three traits which make Kyle Grasso a successful senior enterprise account executive at Rave Mobile Safety.
Rave Mobile Safety, located in Framingham, Mass., employs more than 150 people across North America and is the leading provider of critical communication and collaboration technology used to help save lives, manage crisis incidents, and increase resiliency. From catastrophe disasters to everyday emergencies, the company’s solutions enable critical data sharing, mass notification, and emergency response coordination.
According to Grasso, Rave Mobile Safety provides the leading critical communication and collaboration platform trusted to help save lives.
“Rave connects millions to those trusted to protect them, by providing innovative solutions to prepare better, respond faster, and communicate more effectively during emergencies,” he said.
Grasso has been employed with Rave for five years.
“I enjoy working at Rave because what we offer our clients is the ability to help respond and react more efficiently during and after critical events,” he said.
Grasso was inspired to join the BC/DR profession because he wanted to offer a solution to help keep people safe and businesses running efficiently. He is also passionate about the work his company does.
“The solutions we offer have real-time effects on the day in, day out of the organizations we service,” said Grasso.
One thing he most enjoys about working in the BC/DR profession is the conversations with professionals and being able to discuss what concerns they have and what role communication plays in that.
“Having systems in place is important,” he said, “but without the ability to communicate, whether that be to specific groups/teams or the entire organization, puts you at a severe disadvantage.”
Grasso will speak on the topic of communication at the upcoming DRJ Spring 2021. His session titled “Navigating Critical Communications in the New Workplace Landscape” will be part of March 30’s Breakout Track 4 from 4:15-5 p.m.
According to Grasso, the workplace has been forever changed by COVID-19. Whether employees are operating remotely, transitioning back to the workplace, or traveling to and from different locations, keeping everyone protected and informed is more crucial than ever.
“How can those in charge of employee safety evolve their critical communication strategy to account for these new factors” is one question Grasso will answer during his presentation.
In addition, he will share strategies and solutions businesses need to proactively address common communication and safety gaps. He’ll also explore the roadblocks and unexpected communication challenges which may arise during emergencies such as severe weather, an active assailant, or a long-term crisis such as the coronavirus.
Those who attend Grasso’s session will learn best practices to ensure every employee is safe and informed, regardless of their location.
Grasso earned a bachelor’s degree in business administration. He is passionate about empowering large and small organizations to improve safety and operational efficiency through communication and collaboration.
He is an avid sports fan and basketball player. His favorite place is anywhere near the water, whether it’s a lake or ocean.
Dr. Al Marcella
Dr. Al Marcella will share his experience of almost 40 years in the business continuity and disaster recovery profession with attendees of DRJ Spring 2021.
Marcella is president and CEO of Business Automation Consultants, LLC. He started the independent consulting practice in St. Louis in 1984.
BAC, LLC provides complete information technology audit support in areas such as cyber forensics, e-discovery, and associated litigation support; business continuity, contingency plan and incident management development and audit, site security reviews and evaluations; training and seminar presentation for all levels of IT, financial, and operational audit function; and application system life cycle analysis and development support for financial, insurance, health services, and manufacturing corporations.
Marcella said BAC, LLC is an IT and management consulting firm dedicated to providing IT security assessments and audit and training services to its clientele across the globe.
“We strive to educate our clients on the risks and security issues associated with information technology to help them establish and implement safe and secure informational infrastructures that are fully protected from internal and external threats,” he said. “Our efforts help our clients better understand the technology at hand so that it can be utilized to its fullest.”
Marcella’s presentation at DRJ Spring 2021 is titled “Cybersecurity: What’s Keeping Management Awake Tonight!” His session is part of Solutions Track 2 on Thursday, April 1 from 10-10:45 a.m.
According to Marcella, cybersecurity refers to the people, products, and processes which protect electronic data from those with malicious intent. This presentation will provide participants with an insight into the technologies that may wreak havoc throughout an organization’s operating environment. The discussion will focus on cybersecurity exposures and associated attacks which are commonly perpetrated against organizations and individuals.
Session participants will receive proactive internal control recommendations, designed to mitigate the associated risks and security exposures brought by threat actors which seek to wreak havoc and disrupt business operations.
One thing Marcella wants attendees to take away from his session is a greater awareness of the risks within broader IT operations and how proactive business resiliency and IT cybersecurity programs can “work together and together can contribute to a more functionally efficient and secure enterprise.”
Marcella has been involved in assessing, auditing, and writing about business resiliency planning in government and public/private sectors for nearly four decades.
“I am involved in IT audit and security consulting, as part of these services and through years of risk assessment and analysis, BC/DR if often examined as part of our audit engagements,” he said.
He enjoys seeing the light “turn on” or what he experiences that ah-ha moment from executive management when he feels a true sense of accomplishment after helping someone and “moving the needle in the right direction.”
He said everyone in the profession – and likely not many – are cognizant or realize the necessity of having a “Plan B, C, or even D.”
“Getting someone to that realization always makes my day,” he said.
Marcella’s honesty, reliability, and enthusiasm help define him as a professional in the BC/DR profession.
“There’s never a dull moment,” he said. “The challenge of looking beyond the now and anticipating what the next will be and how to assist organizations in being prepared for whatever is to come next makes this a fulfilling and rewarding career.”
Marcella feels a common misunderstanding in the profession is that many think BC/DR professionals “can leap tall buildings in a single bound.”
“But even the best in the profession have to take a running start,” he said.
Although Marcella is looking forward to presenting at DRJ Spring 2021, he recalls his first DRJ conference as a standout to him.
“My first conference was most memorable as it was DRJ’s very first conference many, many moons ago,” he said. “It has been wonderful to see how DRJ has grown over the years.”
He has enjoyed seeing DRJ’s growth over the years, from the conferences to DRJ’s publication to multiple other projects.
Marcella said he has been most pleased with how willing other BC/DR professionals are to share their experiences, assist with problems, and provide insight and support to others in the field “all without expecting anything in return.”
Over the years, Marcella has gained experience working in corporate 100 and 500 companies in the areas of finance, manufacturing, and insurance as well as in programming, IT audit, risk management, and security. He has spent a total of 37 years managing and running his own consultancy practice.
Marcella, CISM, CISA, earned a doctoral degree in business administration with an emphasis in technology, MBA in finance, and bachelor degrees in management and systems management. In addition, he is a member of the Information Systems Audit and Control Association.
In his free time, Marcella works with local feral cat rehabilitation outreach groups and fosters abandoned senior dogs until they are placed in their forever homes. He is an avid photographer and has had several of his images published. He has had several articles published on astro photography. He especially enjoys photographing the aurora borealis high above the Arctic circle.
“To this point in my professional career, I have traveled to and have had the pleasure of experiencing the unique wonders and cultures of 70 foreign countries,” he said.
Marcella’s favorite place when he’s not working is “behind a camera lens, at -40F in the Arctic photographing the aurora.”
Eric J. McNulty
The mission, the chance to make things better when things appear to be at their worst, and the intense comradery among this professional group motivate Eric J. McNulty to work in business continuity/disaster recovery.
The positive impact that this work and this profession have on individuals, organizations, and communities are why McNulty originally chose the BC/DR profession.
He has been with the program for 13 years and associate director for 5 at the National Preparedness Leadership Initiative (NPLI) at Harvard.
The NPLI is a small but mighty group of academics and practitioners teaching crisis leadership. It is a joint program of the Harvard T.H. Chan School of Public Health and the Center for Public Leadership at the Harvard Kennedy School of Government.
“Our work is to ‘improve the capacity and capability of crisis leaders’ across the country and around the world,” said McNulty. “We bring together academic inquiry with field experience to craft pragmatic curricula and training programs. Our values are integrity, inclusivity, teamwork, and excellence.”
McNulty said the mission focus is the people he gets to work with and teach.
He’ll be teaching and making connections with attendees during his General Session 8 presentation at the upcoming DRJ Spring 2021 conference.
McNulty will co-present with Dr. Steve Goldman, course director, MIT executive education, crisis management, and business resiliency.
The pair’s presentation, “Leading for Resilience: New Challenges and Opportunities,” will take place April 1 from 3-4 p.m.
According to McNulty, in these unprecedented times, business continuity teams are being tested as never before. Leaders face multiple simultaneous threat scenarios, requiring they keep themselves and their teams stronger, longer. Their effectiveness is dependent upon the ability to create a culture of resilience as much as on any specific skill set.
In this interactive session, McNulty and Goldman will draw from decades of experience and share pragmatic approaches to building organizational capacity and capability to successfully navigate turbulence: accurate anticipation, nimble pivots, and trust-based relationships.
The presenters want their attendees to take away an understanding of all of the channels and tools they have to build resilience in themselves, their teams, and their organizations.
This will be McNulty’s fourth presentation at a DRJ conference. His first conference stands out because it was not a virtual event.
“I had many opportunities to see people I otherwise don’t get to see as well as meet new ones,” he said. “Relationships are key in this business, and DRJ is a great place to build them.”
One thing McNulty learned as an attendee himself at a previous DRJ conference was “the deep connections that emergency managers can have with their communities and how that opens opportunities.”
Besides learning, McNulty thoroughly enjoys presenting and networking at DRJ conferences.
McNulty’s various experiences help him to better understand stakeholders and how to serve them. He had an early career in corporate communications and marketing. The second phase of his career started with running a global conference business for Harvard Business Publishing, followed by more recent academic-related work at the NPLI.
“I have run business units of various sizes and been an entrepreneur,” he said. “I have a lot of experience leading across organizational boundaries.”
McNulty has a master’s degree in leadership from Lesley University. He writes and speaks on leading through crisis and change. He speaks to audiences globally about leading in fast-moving, unpredictable circumstances. He is the co-author of the book “You’re It: Crisis, Change, and How to Lead When It Matters Most.”
When he’s not working, he is a volunteer board member of the Massachusetts for Elephants organization and enjoys the outdoors by hiking, birding, and exploring.
Goldman is an internationally recognized expert and consultant in business continuity, crisis management, disaster recovery, and crisis communications. He has more than 30 years of experience across many aspects of business continuity.
“The BC profession serendipitously chose me!”
Megan Murphy said it was 2002 when she was a junior analyst at the Bank of Canada. It was after 9/11 and Y2K and there was much business continuity work to do, including setting up an alternate site. The senior security analysts were busy doing physical security and information security. As the junior analyst and newest team member, she was tasked with the business continuity work.
“Before working at the Bank of Canada, I had not heard of business continuity at all,” said Murphy.
Since then, Murphy hasn’t looked back. She has worked for more than 20 years in incident management, corporate security, and project management with Government of Canada federal agencies. She holds a master’s degree in political science, an advanced certificate in project management, and is a Project Management Professional.
Currently Murphy has worked as manager of security operations for the Office of the Superintendent of Financial Institutions since June 2019.
OSFI is an independent agency of the Government of Canada that regulates and supervises Canadian banks, insurance companies, and private pension plans to determine whether they are in good financial condition. OSFI employs about 800 people in offices located in Ottawa, Montreal, Toronto, and Vancouver.
Murphy said very early in her career she might have found business continuity a “thankless profession on some days, in that it was sometimes seen as extra work, and its value to an organization was not always understood.”
She said, “It required a lot of explaining, rationalization, and negotiation to complete enterprise-wide tasks involving a diverse set of stakeholders like a Business Impact Analysis.”
However, in the last 10 to 15 years in the financial and government sectors, Murphy has found that the business continuity profile has risen significantly with more buy-in, support, and resources.
Now, Murphy said her favorite part about working in the BC profession is working with such a diverse stakeholder group from across the enterprise.
“Working with executives, IT, business, operations, HR, communications, finance, security, facilities, etc. has expanded my network greatly but also helped me to grow and hone my listening skills to try to understand their points of view and perspectives,” said Murphy, “and to understand and to try to reconcile the intricate web of their mutually overlapping and sometimes opposing requirements.”
Murphy and Regina Phelps, of EMS Solutions Inc., will present “Incident Command System – Best Practices in Crisis Management” at DRJ Spring 2021 during Breakout Track 2 on March 29 from 4:15-5 p.m.
The pair will discuss the Incident Command System (ICS), how it was developed, and why it should be used; the eight hallmarks of ICS; journey to change an organization and converting to ICS; practical applications for any organization; and lessons learned and suggestions for implementation.
The duo will demonstrate how ICS can solve problems of departmental silos and program fragmentation which often occurs in any organization and streamline communication and decision-making.
“ICS is not one-size-fits-all,” said Murphy. “It is customizable and to make ICS work well, you need to ensure that it fits the culture and structure of your organization.”
This will be Murphy’s first time to present at a DRJ conference. She recalled attending DRJ Fall 2011 in San Diego when she heard speaker and author Daniel Pink. She had never heard of him so she wrote his name down in the margins of her notes. Later when his book came out, she quickly read it in only a few days.
“The way that Pink explains motivation as being intrinsic and divided into autonomy, mastery, and purpose was a transformational concept for me,” she said, “and continues to influence me to this day how I approach my own motivation and how I lead my team.”
As an attendee at a DRJ conference, Murphy’s favorite part was networking and learning about the challenges and opportunities that other organizations were facing as well as forecasting upcoming trends and getting a better, more strategic sense of where the BC industry was heading.
Murphy’s role at OSFI is leading the security operations initiatives including the incident management and BC program, personnel security, physical security, contract security, and information security. She is involved with the inclusion network at OSFI and an active committee member of the Unconscious Bias employee resource group.
While at the Bank of Canada, she was the leader of a popular employee resource group which focused on starting a mindfulness movement in the workplace.
Murphy lives in Ottawa, Canada, with her husband and two school-aged children. Her favorite place to be when she was not at work pre-COVID was at the spin or yoga studio. Currently her favorite place to be is out on her bright pink bicycle exploring Ottawa’s beauty on its many recreational trails in the summer and in the winter at her Nordic ski club on her cross-country skis. She also enjoys walking nature trails in a nearby conservation area with her children and feeding the chickadees.
Phelps is an internationally recognized thought leader in the field of emergency management, pandemic, and contingency planning. Since 1982, she has provided consultation, training and speaking services to clients on five continents.
Lynnda Nelson is passionate in educating others about organizational resilience and is a life-long learner. She believes that seeking new knowledge is an essential part to who she is. She also leads the study of resilience globally and dedicates a significant amount of time to this effort.
She is one of the founders of ICOR, a global nonprofit education and credentialing organization focused on resilience. ICOR’s mission is to build resilient communities one organization at a time and to build more resilient organizations one leader at a time.
“We strive to empower individuals with the knowledge necessary to increase the resilience of the organization they work for and within the communities they reside,” said Nelson.
She has been president of the organization since 2005.
“We educate, we credential, we lead,” she said. “We participate globally in learning how individuals, organizations, and communities can become more resilient.”
Nelson chose business continuity one aspect of her profession because it relates and contributes to building more resilient organizations.
“I moved into the education profession in my early college years when my studies to be a nurse failed when I realized I didn’t like hospitals or sick people,” she said. “As a woman in college in the 1980s, careers in nursing and education were generally where we ended up.”
Nelson believes learning is the basis and cornerstone of all behavior. She has a master’s degree in education and originally began her career as a high school teacher. She briefly entered the business continuity profession as a consultant in 2000 and then moved to educating others about business continuity best practices and standards.
One thing Nelson enjoys is working on international standards to document a standardized methodology for business continuity and then teaching others.
In the past, Nelson has especially enjoyed networking and sharing about ICOR’s education and credentialing programs in the exhibit hall.
Nelson will share her expertise with DRJ Spring 2021 attendees during her March 31 Breakout Track 5 session from 12-12:45 p.m.
During her session, titled “ICOR Measuring Your Organization’s Alignment to ISO 22301:2019,” Nelson will share with participants how the international community published best practices and requirements for a business continuity management system back in 2012 and updated and improved these requirements in 2019.
“If your organization has not aligned its business continuity ‘program’ to international requirements, it is time,” she said.
For attendees who are looking for top management support, they will no longer need to fight this battle with securing and continuing to engage top management once they have a business continuity management “system” in place.
“It’s time to understand how a management system is different from a ‘program’ and what you need to do to ensure you are providing the best information on top management about your business continuity capabilities,” she said.
Participants who attend this presentation will first learn about management systems in general, about ISo 22301, and the changes to ISO 22301 and its 2019 version.
Nelson, one of the authors of ISO 22301 2012 and 2019, represents one of the experts in the U.S.
This presentation is the perfect opportunity for attendees to learn from someone who has been “down in the trenches” and understands not just what is required but why it is required and what each requirement looks like.
Nelson, founder and president of ICOR, manages ICOR’s education and credentialing programs. She is an expert on international standards for business continuity management systems, crisis management and communications, and community resilience.
Steve O’Neal has been in the business continuity/disaster recovery profession for 25 years. Before he first started working in the profession, he did not even know it existed. But it was a good fit for him based upon the direction of business at the time.
He has now worked for more than two decades in BC/DR and enjoys witnessing everyday people “picking up the pieces after an event, and the knowledge that critical services they depend upon were supported by direct contributions I have made to improve response.”
O’Neal is enterprise relations manager at Agility Recovery. The company provides disaster response software and hardware to plan, prepare, and manage a disaster incident affecting any size organization. There are more than 100 people across multiple locations throughout the U.S. supporting ongoing disaster testing and declaration events.
The business’s mission is to provide quick and well-coordinated disaster response as a result of being a planned partner to mitigate effects of disaster impact on an organization.
O’Neal has worked for seven years as an account executive at Agility Recovery. He is responsive, resourceful, and a clear communicator as an enterprise relations manager.
One of his favorite things about working in the BC/DR industry is the passionate people he has worked with in the profession across all markets and company sizes.
He something he feels is commonly misunderstood in the profession is underestimating its importance until an event happens.
“Management doesn’t understand that a good BC plan can open up organizations that work in silos and don’t work well together during day-to-day production, much less a disaster,” he said.
O’Neal will present “Feels Like Time to Test the Partnership” with Mark Carroll of Income Research, a seasoned risk/BC professional who has held numerous positions at multiple Fortune 500 corporations.
The presentation takes place March 31 from 12-12:45 p.m. during the Breakout Track 5 session.
“Interacting with your salesperson in times like these is something many people try their best to avoid,” said O’Neal. “It’s pretty easy to engage the provider and place the order when everything is going well, but mix in real life perils and consternation and the dialogue advances to a whole new level.”
He said professionals need to understand that “business needs evolve and vendor relationships need to be solid enough to adapt.”
O’Neal has presented at more than 20 DRJ conferences. He has particularly enjoyed it when there has been “full audience participation to debate the topic.”
Through his presentations at DRJ conferences, O’Neal has learned how networking is a critical need in the profession.
“Nobody knows it all,” he said, “and realizing that there are people with specialties in various markets and solutions will help you get through an event.”
His favorite part of DRJ conferences is networking to hear the stories related to particular topics or concepts believed to be important to the group.
O’Neal works for Denver-based Agility Recovery where he is responsible for consulting and implementing industry-leading recovery solutions for various businesses which have experienced disasters.
He has earned various technical certifications including an A+ teaching certificate and also obtained a degree in computer science. He is also CSC chief of the local FBI Infragard and vice chairman of the local LEPC. In addition, he has assisted the Red Cross Disaster Action Team for local disaster events.
O’Neal resides in College Station, Texas, with his wife and two teenage sons. He enjoys mountain biking, sailing, and aviation. He has been an Arabic linguist at USMC for the past seven years.
Patrick Potter is a “jack of all trades” and is always willing to jump in to help with whatever is needed. He also has a “start-up mentality,” which means he likes to be innovative and act quickly. He’s also loyal to his organization and treats it like family.
These qualities, combined with Potter’s more than three decades of experience in the business continuity/disaster recovery profession, provide Potter with plenty of expertise to share with attendees at the upcoming DRJ Spring 2021.
Potter, risk strategist, has been with Archer for nine years in roles of pre-sales, product management, and marketing. He started working in BC/DR at American Express more than 25 years ago.
Archer is a global integrated risk management company that provides software, services, and support to organizations worldwide to help them better manage risk in a changing world.
“BC/DR is more than an area of a business,” said Potter. “It’s a vital part of keeping a business up and running. Resiliency, as I’d rather refer to it, also applies to people personally, to society, and the world at large.”
He said, “It’s not only a profession, but a value.”
According to Potter, the profession is “evolving and getting better.”
One thing he most enjoys about the BC/DR profession is helping companies to improve their capabilities.
Potter plans to present “The Best Offense is a Good Defense – How Resiliency Drives Innovation and ROI” during the Breakout Track 6 session on March 31 at DRJ’s upcoming spring conference. The session takes place from 4:15-5 p.m.
“The adage ‘the best defense is a good offense’ is attributed to many, including Machiavelli, Sun Tzu, and George Washington,” said Potter. “It has been applied as a reference in sports, board games, and warfare.”
Potter said this saying means “to take advantage of your opponent by being prepared, focusing on the basics, looking for opportunities, and taking them.”
During the session, Potter will use the concept to apply to operational resiliency, which is the ability for an organization to bounce back after a disruption, to bend but not break.
“Most look at resiliency as a good defense,” he said, “and that played out in 2020 as many organizations were disrupted which prompted them to begin building resiliency.”
But Potter said professionals should view building resiliency as a business strategy – to help drive innovation, to increase speed time to market, or to become stronger financially.
Attendees will learn how building resiliency often results in a positive ROI over the short- and long-term. They’ll also acquire five ways to build resiliency to enable their organization to not only come out of disruption but emerge more quickly in better financial shape, more agile, and ready to capitalize on opportunities which present themselves during and after a crisis.
Potter wants those who attend his presentation to learn that “resiliency is more than a checklist activity. It’s absolutely vital for all business to be resilient to the disruptions that can and will occur and that people should be resilient for the same reasons.”
DRJ Spring 2021 is not the first conference Potter will attend. In fact, he has presented at many previous conferences and said each has been a great experience. Although he misses the in-person meetings and interaction, he’s looking forward to the upcoming virtual experience and networking, his favorite part of the conference.
Potter, CPA, CBCP, CISA, has more than 30 years of experience leading risk management, operational resiliency, compliance, internal audit, third-party management, strategic planning, and process improvement in both practitioner and consulting roles. He has developed a unique perspective working with analysts, partners, and customers spanning many industries including financial services, healthcare, government, energy, education, travel, and hospitality. He is a subject matter expert for Archer where he provides strategic input into the development of the Archer Suite and works with customers on best practices.
He has professional memberships in IIA, DRI, and ISACA and has a master’s degree in international business. He has traveled globally for work and at one time lived in Chile and spoke fluent Spanish.
He enjoys volunteering at his church and within his community. When he’s not working, Potter enjoys spending time with his family, working out, and hiking.
Michael S. Quam
Michael S. Quam is motivated to find the needle in the haystack. He seeks – and potentially finds – gaps for which no one else searched. He is innovative and accountable collaborator with more than a decade of experience in the business continuity/disaster recovery profession.
Quam is senior manager in business continuity management for Micron Technology. Micron is headquartered in Boise, Idaho, and has more than 60,000 team members worldwide. The company uses technology in order to create solutions for improving life for all.
“Our mission is to transform the way the world uses information to enrich life for all,” he said. “Our core values are people, innovation, tenacity, collaboration, and customer focus.”
Quam has worked for four years in his current position and in the BC/DR field for 14 years. He recently hired someone he ran into in Afghanistan and convinced that person to join the BC/DR profession.
One of his favorite things – besides recruiting other professionals to join the field – is “when things ‘click’ after you’ve been connecting the dots for days, months, or even years.”
According to Quam, one misconception in BC/DR is how people tend to focus on the plan as the output, but there are several outputs that each have unique value:
BIA – This teaches stakeholders to think about SPOF and gaps. It is an exercise and it’s important the stakeholders are actively engaged.
Risk analysis – This has to be gathered in a detailed fashion to ensure it’s understood with monitoring mechanisms, escalation criteria, and proper impact planning.
Exercise – This is a chance to convince your stakeholders that your process works. If it’s done “half-ass,” then you might as well throw away the plan.
He will co-present at DRJ Spring 2021 with John McCarthy, who served with Quam in Afghanistan and was a risk analyst and BCP planner.
Their Breakout Track 7 session – set for April 1 from 12-12:45 p.m. – is titled “Lessons Learned: Crisis Management in Afghanistan.”
This presentation will take attendees through the process of setting up an SOC in Afghanistan with crisis management as its core process. This helps to define the importance of separating CM from BCP and how it works in the most dynamic country on the planet.
“CM and BCP are two very distinct programs and separate goals, objectives, and methods,” said Quam. “In order to be successful in CM, you need to shed all the nuances of typical BCP to meet the needs of the operational and environment around you.”
He said, “This presentation will discuss my take-away that I then took back to Micron to improve your CM process for a Fortune 500 company.”
Quam was a presenter at a DRJ conference in 2018.
“These conferences are memorable because most of the year we spend in a bubble, not knowing the direction of our outside peers,” he said. “This conference gives us a chance to benchmark and understand the BCM world around us.”
Something Quam learned at a previous conference was how once a standard has been aligned such as ISO 22301, one can deviate to try different things. However, when something does not work, it’s also important to go back to the core and start again from there.
Quam’s favorite part of DRJ conferences is the feedback from participants. He enjoys both the criticism and encouragement because they help him connect and grow as a professional.
Before working at Micron, Quam served for 17 years in the U.S. Army and U.S. Army Reserves. He started out as a helicopter mechanic for the Apache helicopter. He wanted to be a pilot but was unable to do so because of his eyesight so he joined the BCM world in the military. He was fortunate to deploy to Afghanistan four times in support of this profession.
Quam will be speaking about his fourth deployment at the upcoming DRJ conference. He was able to co-chair the Afghanistan Security Operations Center and develop a crisis management process to allow fast, flat, and accurate flow of information during a crisis. At Micron, he started as the BCP program manager. He was then promoted to run both BCP and CM due to his experience. Currently, he manages BCP, CM, and DR teams worldwide.
He has been an officer in the military since 2006. He has served in command as an advisor, SOC director, and various other leadership positions. Currently, he is managing a worldwide team of BCM professionals for Micron.
Quam has a bachelor’s degree in educational psychology and a master’s degree in teaching in the area of mathematics. In addition, he has a professional membership in CBCI.
When he’s not working, Quam enjoys spending time with his wife and four children where they live in Dubuque, Iowa. His favorite place is on his family’s acreage, in the middle of the grove, staring up at the trees.
He also volunteers at the Diversity and Inclusion Council and a multicultural center in Iowa.
Dr. Jo Robertson
Dr. Jo Robertson started her career as a journalist on the top-rated prime-time newscast in the country. It seemed like a logical choice to jump to the other side of the fence to work with companies to help them better understand what the media was going to say about them if they were in a crisis. Most importantly, Robertson teaches them how to stay out of crises in the first place.
With 20 years of experience keeping companies out of crisis, Robertson has plenty of experience working in the business continuity/disaster recovery field.
“When I teach crisis management classes or give seminars, I enjoy seeing heads nod as the concepts start making sense and are getting internalized,” she said.
Robertson said one common misunderstanding in BC/DR is challenging best practice.
“There’s too much repetition of old outdated information that’s no longer relevant,” she said. “If you are new to the profession, it’s up to you to challenge ‘what has always been.’”
She said professionals should ask to see the data when someone claims something is ‘best practice’ because there just isn’t data to support many of these cardinal rules any longer.
This is something Robertson plans to address during her Solutions Track 1 session on March 30 from 10-10:45 a.m. at DRJ Spring 2021.
Robertson’s presentation, titled “Gray Rhinos and Risk Assessments,” will discuss how the COVID-19 pandemic was not a “black swan” – a catastrophic event that came out of the blue that no one saw coming – but was actually a “gray rhino” that had long been predicted but leadership everywhere overlooked it.
“As we move forward from the pandemic to new challenges,” said Robertson, “how do we better ensure we’ve got our eyes open so the next crisis doesn’t hit us unaware?”
Robertson said gray rhinos are high-likelihood-high-impact risks but “we fool ourselves into believing that although they are high-impact risks, they are low-likelihood of happening this year and can be pushed into the moderate risk category for mitigation down the road.”
Fine-tuning the way professionals look at this will require a change of perspective and a new methodology, including reconfiguring the way people do their risk assessments to re-weight them differently.
“Why as risk managers do we insist on the outdated strategy of rating the y-axis, or likelihood, on equal footing with the x-axis, or impact?” Robertson asked. “If we decrease the importance of the likelihood axis and increase the significance of the impact axis, our gray rhinos become red rhinos, clearly in need of mitigation.”
This concept and methodology were first published in DRJ’s Fall 2020 edition and is quickly gaining traction across the industry.
Now, Robertson is encouraging attendees to join her session on March 30 to learn more about how to see an organization’s gray rhinos.
“I’ll show you how to see gray rhinos and plan for them effectively in your organization,” said Robertson.
DRJ Spring 2020 is not the only conference at which Robertson will be presenting. She also presented at DRJ Fall 2020 with “The NEW Rules of Crisis Leadership.”
Robertson loves to interact with those who are attending her sessions, and the back-and-forth discussion always makes the material so much more tangible.
As global director of emergency preparedness for Capital One, Robertson was responsible for orchestrating the creation of a coordinated universal emergency preparedness program and the leadership of 2,500 life safety team members. As director of crisis preparedness for Arkema, she rebuilt and re-energized crisis preparedness initiatives and acted as a trusted advisor to C-Suite executives for France’s leading chemicals producer. At Deloitte Services, she led the national crisis management program for more than 100 offices. As vice president for Marsh Crisis Consulting, she delivered crisis communications planning, media training, real-time support, and complex crisis management exercises for Fortune 500 clients.
Robertson spent the first half of her career as a TV journalist and was responsible for news stories which initiated change at the highest levels of government, including a reversal of policy at the Pentagon.
She has a doctoral degree in crisis management from George Washington University, a master’s degree in journalism from American University, and a bachelor’s degree in communications from Pennsylvania State University.
Robertson is author of “Executing Crisis: A C-Suite Crisis Leadership Survival Guide.”
Roger Stearns’ passion for the job, motivation, collaboration, and versatility are four qualities which make him an extremely valuable employee.
Stearns, a certified FBCI, has worked in a variety of BCM and risk roles and industries for 35 years. He currently works for Philips as a senior global business continuity manager.
Philips was founded in Eindhoven, a city in the province of North Brabant in the south Netherlands, a well-known technology and design hub and the birthplace of Philips electronics. Philips is a multinational company which develops and delivers a full-life cycle of devices and systems for the full spectrum of healthcare.
At Philips, the goal is to make the world a healthier and more sustainable through innovation with the goal of improving the lives of 3 billion people a year by 2030.
Stearns said like many other business continuity/disaster recovery professionals, the profession chose him or “it just developed over the years.”
He said he says focused and motivated in a sometimes-thankless profession.
“Being minimized at times does not stop the critical need and focus of BCM, or crisis management,” he said.
Stearns’ favorite part of BC/DR is working with people and knowing how the company is organization.
“In large companies, no one person gets to see the vision of creation, raw materials in through customer support in the end as one solid stream,” he said. “They only see their part and maybe the parallel parts.”
He added that “BCM planning is not a spot in time or a checklist activity. BCM is a living, evolving process and must be updated, validated, and publicized to all employees.”
Stearns is planning to present at DRJ Spring 2021 on March 30 from 4:15-5 p.m. His Breakout Track 4 session, titled “An Operational Business Resilience Ecosystem,” will show attendees how the next risk is just around the corner, even while they’re still managing their current crisis.
He will share about one company’s journey to develop and deploy a global business continuity program and how it has evolved into an operational business resilience ecosystem. He will also discuss using an integrated and collaborative approach to break down silos to achieve real-time insights for better-informed decision-making.
Stearns will co-present with Rob van den Eijnden, BCM lead for Philips. The pair will provide practical insights, examples, and learnings of the company’s journey during their session.
Frank Trovato is research director at Info-Tech Research Group, the world’s fastest-growing information technology research and advisory company.
Info-Tech Research Group serves more than 40,000 IT professionals in the U.S., Canada, and around the world. The company provides best-practice research, tools, templates, training materials, and step-by-step methodologies proven to accelerate projects. The advisory services include meetings with IT research analysts, workshops and consulting to help organizations complete critical projects and optimize IT operations. They partner closely with their clients to understand their challenges and right-size the solution.
The company also provides data-driven diagnostic reports that enable IT leaders to objectively measure success and identify areas to improve across a range of topics from IT-business alignment to security governance and management.
Trovato has worked for nearly a decade in the business continuity/disaster recovery profession and five years as a research director.
He chose BC/DR because the complexity, variability, and usefulness of the profession appealed to him.
“Developing BC/DR plans and improving overall resilience is critical yet it can also be the most complex project you take on since it touches all aspects of your organization,” Trovato said. “It’s satisfying helping clients navigate this complexity and boil this down to the core actions that need to be taken, turning a complex project into a straightforward step-by-step process.”
“The profession is more than filling in a template,” he said. “It’s about understanding what enables an organization to function and using that knowledge to ensure resilience for critical processes and dependencies.”
Trovato will present “Three Common Mistakes in Ransomware Security Planning” on April 1 from 10-10:45 a.m. as part of DRJ Spring 2021’s Solutions Track 2.
According to Trovato, when large organizations such as such as Garmin, City of Baltimore, or Travelex are crippled for days or weeks due to a ransomware attack, it’s a reminder that even organizations that should have a mature security profile are making mistakes in ransomware readiness and response planning.
Trovato’s session will cover three overarching common mistakes made by organizations: failure to position risk in business terms to get appropriate funding; not going deep enough in testing ransomware readiness; and inadequate DR planning that does not account for a ransomware threat that could infect your backups and DR site.
“Most ransomware attacks take advantage of known vulnerabilities,” he said. “The root cause is often a failure to either fully understand those gaps or get buy-in for specific actions to close those gaps.”
Trovato said security and continuity professionals need to translate the general mandate to be resilient into specific actions to achieve that goal.
Over the years, Trovato has presented at four previous DRJ conferences. He said 2019 was the most memorable because of the size of the audience.
“My sessions have always been well-received by the audience, with a good percentage taking the time to talk to me after the session, and that was amplified by the size of the audience in this case,” he said.
It was also memorable because this was a joint presentation with two of his colleagues. They also visited Disneyland one evening and had a blast.
“That was my first visit to Disneyland as my colleagues convinced me to finally take advantage of the close proximity to the conference,” he said.
Trovato said that he has also learned “a ton over the years at DRJ conferences, from best practices for crisis management to the range of capabilities offered by various BCM software solutions.” He said these sessions have also helped affirm the approaches he takes to BC/DR planning.
Away from work, Trovato is an avid sports fan. His favorite team is the Toronto Maple Leafs.
“Every fall I envision a Stanley Cup parade in June, only to be disappointed in mid-May,” he said. “But there’s always next year!”
Trovato is married with two adult children. In addition to spending time with his family, he also enjoys gardening and maintaining his aquarium.