Joe Ruffini, has presented at hundreds of national and international, government and private sector conferences and seminars. His presentations are tailored to each specific host organization’s theme and objective. Whether the keynote speaker or one among many, Joe’s energy and passion is infectious from the start, keeping his audiences awake, entertained, and engaged.  Joe remains at each venue in order to be accessible to anyone who wishes to engage in post-presentation, sidebar conversations. Due to high demand, we ask that clients request Joe’s services at least sixty days prior to the scheduled presentation.

“Vigilance not Paranoia” 

Awareness – Training – Education – Solutions

Lt. Colonel Joseph Ruffini, USA (Ret.) brings more than 25 yrs of experience from a broad array of fields including infrastructure security, counter-terrorist operations, risk management, and more to the private and civil sectors. Ruffini authored When Terror Comes to Main Street, an informative, straightforward, hard-hitting book for everyday people that boils down his lifetime of knowledge and operational experience into one all-inclusive read. His book, Osama Bin Laden: His Death and the Future of Al Qaeda and the Islamist Jihad, discusses what happened the day Bin Laden was caught, why people should care, and what this means for the world moving forward.

Formerly an Army lieutenant colonel charged with defending the United States and Canada against cyber intrusions, international terrorist plots, and nuclear, biological, and chemical attacks, Ruffini is currently an executive strategic information operations consultant supporting US Strategic Command, the Interagency, and the National Security Council, and US Central Command in Qatar and Iraq.

Ruffini is a featured government, corporate, and personal security theorist, keynote speaker, and subject matter expert. His role in infrastructure security, counter-terrorist operations, operations security, information warfare and operations, command and operations, logistics management, training and education, and risk management combine to form a motivating “how-to” management presentation.



In this presentation, terrorism expert Joe Ruffini discusses the 20th anniversary of 9/11.

“A three-phased terror attack was uncovered and thwarted by Philippine police in 1995.  Part of this exposed plan was to crash a plane into CIA headquarters in Langley, Virginia. United States intelligence and law enforcement communities, as well as our nation’s leadership, knew since 1995 that it was not a question of IF planes would attack us, but WHEN.

This presentation is non-partisan.  Joe presents the undeniable facts leading up to 9/11 and explains that the “we let it happen” blame is shared equally by both administrations.

This presentation stresses the need for us to keep informed, ask questions, demand answers, and hold our leaders accountable.  Joe stresses vigilance, not paranoia.”

Attendees will leave this program with a realization of what each of us can do as Americans.

For more detailed information on this program, and how you can bring Joe in to your organization to speak, please contact CBA Speakers Bureau at 480.330.3918



A peek at what this program will cover . . .

Cyber security is the protection of computer systems, networks, their hardware, software and firmware components, as well as information and data, from unauthorized alteration, damage, disclosure, or destruction.  Cyber security is all about establishing and maintaining the Confidentiality, Integrity and Availability of our information systems.

Confidentiality ensures that information and data is protected from unauthorized access and viewing. Integrity means that information and data is reliable and correct, and safeguarded against tampering or alteration.  Availability guarantees that only authorized users have access to the information and data and it is accessible when needed.

Cyber security is particularly critical to health care organizations. The Health Insurance Portability and Accountability Act (HIPAA) establishes strict standards for preventing unauthorized access to/disclosure of Personally Identifiable Information (PII) and Protected Health Information (PHI). Penalties for non-compliance can be steep.

One of today’s most damaging cyber threats is that of a ransomware attack. Ransomware is a type of malicious software cyber criminals employ to block access to a business’s information and data files.  The digital extortionists encrypt the files on the targeted information system(s) and hold them hostage until the demanded ransom is paid. Even after the ransom is paid, there is no guarantee that the criminals will honor their end of the bargain and release control of the hostage information systems.

In May 2021, the largest gasoline pipeline in the U.S. – the Colonial Pipeline – was crippled after cybercriminals successfully conducted a ransomware attack, shutting down the pipeline and holding it hostage until a ransom of $5 million was paid. There are ways to avoid ever becoming a ransomware victim.  They involve independent back-up systems and/or migration to the cloud.

The National Institute of Standards and Technology (NIST) Special Publication  800-53, Revision 5 “Security and Privacy Controls for Information Systems and Organizations” is the cyber security “how to” standard setter.  It establishes 20 “families” of security controls, with subset controls numbering in the hundreds.  For many hospitals and medical facilities, the price tag associated with establishing compliance with all of NIST’s security controls is cost prohibitive. This is why assessments, along with cost benefit analysis, are smart cyber security program start-up activities.

Cyber security for hospitals and other medical facilities/organizations requires  affordable, doable assessment, mitigation, and incident response/disaster recovery planning.  It also requires education and training to build cyber security awareness and achieve “buy-in” from all members of the health care team.

Business Continuity/Recovery Planning

A peek at what this program will cover . . .

Business Continuity and Disaster Recovery (BC & DR) go hand-in-hand in establishing and maintaining resiliency needed to carry on in the face of adversity. The new millennium is characterized by increasing numbers of man-made and natural events that can, best case, bring an unprepared business Enterprise to its knees and, worst case, result in its demise.  Tornados out of season, significant increases in massive forest fires fanned by global warming, international and domestic terrorist attacks, active shooter events, ransomware cyber attacks – it is a dangerous world. Businesses must plan for the worst and hope for the best. It is all about vigilance, NOT paranoia.

Business continuity ensures an organization’s ability to maintain essential, day-to-day functions and operations after a major, interruptive event occurs. Disaster recovery enables that same organization to return to normalcy as rapidly as possible, minimizing downtime and financial loss.

The business continuity and disaster recovery planning process is best begun with an informal, cooperative “meeting of the minds.”  Coffee cup in hand, feet-up-on-the-desk discussions are a great way to begin sorting out who would do what, how and when if faced with a bad situation.  A lot of questions must be asked and answered: How will we account for our people? If we need additional people in the interim, where can we get them? What if our facility becomes uninhabitable.  From where will we work? Home?  Another location? If our automated information systems go down, where will we get our contact information for contractors?  Vendors?  If we need to purchase recovery items such as computers, office space, supplies, etc. do we have vendors identified who can support us?

Step 01 – one is to ask all of the right questions.

Step 02 – come up with all of the initial, “first cut” answers.

Step 03 – draft a plan.

Step 04 – conduct a tabletop exercise to shake out the draft plan, identify the weaknesses, and fix them.

Step 05 – involves creating a BD/DR plan given the results/lessons learned from the tabletop exercise.

Step 06 – the plan is circulated among senior managers and leaders to solicit their feedback/support.

Step 07 – the plan is finalized.

Step 08 – the plan is distributed and briefed to all employees.

Step 09 – the plan is exercised to make sure it will work.

Step 10 – the plan is adjusted based upon the realities of the exercise results.

And finally, the plan is reviewed annually or as circumstances dictate.