Thursday, October 30, 10:00 AM - 11:00 AM 

Click here to register

Discover more exciting UC CAM events and contests by clicking here!

Overview

Deep within the labyrinth of UCSF’s digital defenses, where GPUs and CPUs howl and hard drives hum their eldritch songs, the specter of compliance, once manifested as mere phantasmal checkboxes, became something more; an omnipresent horror - a thousand-eyed beast whose regulatory tentacles could reach into every database, every network packet, and every line of code, waiting to drag the non-compliant into the depths of audit despair. Like a many-headed hydra, UC’s IS-3 policy intertwined with countless regulatory beasts and security frameworks, each demanding their pound of flesh from the academic medical center’s soul. The Data Security Compliance team gazed into the abyss of costly consultants, whose gilded promises threatened to drain the institution’s lifeblood, and chose instead to confront the demons themselves.

Armed with ServiceNow IRM, a digital blade forged in silicon fires, and the Cybersecurity Risk Foundation’s mystical mapping tools, these brave warriors began their dark crusade. They wove UC policies into the fabric of external frameworks, binding them with threads of NIST standards to seal the shadowy rifts where policies dared not tread. From their arcane labors emerged a forbidden library - a grimoire of common controls that whispered secrets of power over multiple regulations and frameworks. Even the lost souls of internal policies, once wandering aimlessly beyond the pale of cybersecurity’s light, found their place in this unhallowed concordance.

ServiceNow IRM transformed into a sanctum sanctorum, a repository of arcane knowledge where these controls took root and flourished in the darkness. But the true transformation came in the form of an ancient text - the risk registry - inscribed with a language of standardized risks and normalized data. Like a phoenix rising from the ashes of fragmented methodologies, this living document became both shield and sword, transforming a costly curse into an immortal bulwark against the chaos that eternally threatens to consume all digital domains.

Speakers

Lee Zelyck, UCSF Senior Data Security Compliance Analyst; Mary Morshed, UCSF Data Security Compliance Director; Cynthia Howell, Data Security Compliance Analyst; Sean Patterson, Interim Manager, UCSF IT Security Risk Management

Biographies

Cynthia Howell is a Data Security Compliance Analyst at UCSF, where she returned to the organization in June 2025. With nearly two decades of experience in the field of cybersecurity, Cynthia has built a career specializing in safeguarding sensitive information and fortifying network systems against security threats. Between stints at UCSF, Cynthia was a Sr. Network Security Analyst and a Sr. Information Security Analyst at SFSU. She holds several information security technical and professional certifications.

Mary Morshed is the UCSF Director of Data Security Compliance. Mary joined UCSF Health in November 2022.  She previously served 16+ years in the role of Chief Information Security and Privacy Officer for various state of California entities, CSU, and Sacramento Municipal Utility District (SMUD).  She has over 33 years of experience in the field of information security and also currently holds several industry security, privacy, and healthcare professional certifications. 

Lee Zelyck is a cybersecurity professional with 20 years of experience. He joined UCSF Health in November 2023 as a Senior Data Security Compliance Analyst. Prior to joining UCSF, Lee worked as a consultant to cloud providers and clients in various industries, including oil, gas, and government. For the past 5 years, Lee has worked in cybersecurity operations for academic healthcare providers and holds several information security technical and professional certifications.

Sean Patterson is a Senior IT Risk Analyst at UCSF, where he leads the IT Security Risk Management program and a team of analysts. With more than three decades of IT experience, Sean has driven technology and risk transformations across higher education, healthcare, hospitality, and Fortune 500 companies. Known for his collaborative leadership and ability to turn complex challenges into successful outcomes, Sean is focused on building practical, sustainable processes that reduce risk, support compliance, and help UCSF adopt technology with greater confidence.