2024 May **Full Day** PAID Training Session

When: May 01, 2024 - 0830-1630
Where: Paramount Venue In-Person - Zoom Virtual [Please register here for both in-person and virtual sessions. Zoom information will be sent to you once we receive payment]
Registration: Website
ISACA-RTC Members - $100 (Log in using your chapter credentials to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $125
All Others: $150
CPEs: Upto 8
Handouts: Will Be Uploaded When available

Session  - Annual Day with G Mark


CISO Mindmap: The CISO Mindmap is Rafeeq Rehman's tour de force that enumerates the myriad responsibilities of a modern CISO. This presentation will examine the major elements of an InfoSec Professional's responsibilities, examine the recent updates and themes for 2024, and how to incorporate this wisdom in your career to improve your knowledge and value to your organization.

Presenting to the Board: With recent SEC rulings and governance initiatives, security leaders are going to be called more frequently to present to the board and executive teams. This presentation will offer templates for effective high-level communication, tips on what information to include (and NOT to include) and walk through a sample briefing of how to discuss a major security breach.

Ransom-where? We spend a lot of time trying to present ransomware, but in spite of our best efforts, it still happens. A lot. Small businesses, medical establishments, and local governments are becoming a frequent target because they often lack the resources of a large corporation. Learn what you can do with very little money to protect (or increase the protection) of your organization.

Faking out the Bad Guys: The core functions of the NIST Cybersecurity Framework are identify, protect, detect, respond, and recover. The problem is protective controls fail (otherwise we wouldn't need any other function) and detection is often time late (Ponemon says 207 days to detect a breach.) There is a better way. We'll explore how deploying non-production resources can provide low-noise, high-fidelity detection early and often, putting the odds back on our favor.

Generative AI and Security: Advances in generative AI (e.g., ChatGPT) seem to be happening weekly. But AI poses three distinct hazards for security professionals: weaponized for nefarious activity, malicious targeting of corporate AI systems, and unintended consequences for both inputs and outputs (e.g., a programmer who uploaded proprietary source code to ChatGPT made it public.) We'll explore ways to protect ourselves in this brave, new world.

Cyberwarfare In Battle: What Have We Learned So Far? It's now been nearly two years, and the war in Ukraine has led to numerous innovations, both on and off the battlefield. What does the future hold for development and deployment of cyber weapons? Unlike old tanks that can be refurbished, Windows 95 exploits have no modern usefulness. Yet innovations on both sides continue to break new ground in the conduct of modern conflict. We'll examine a number of these and look at how this might become part of a future national strategy.

Single Vendor Security: Organizations have dozens, often hundreds, of vendors present in their environment; many of which are used for cybersecurity. But is there a single vendor that could protect the enterprise? Surprisingly (or not), Microsoft comes the closest. We'll examine a strategic array of Redmond-based solutions that you may already be paying for that can increase your security posture without damaging your budget.

Speaker: G. Mark Hardy, CISM, CISA, CISSP

G. Mark Hardy is founder and president of National Security Corporation, providing cyber security expertise to government, military, and commercial clients for over 35 years.  A retired U.S. Navy Captain, he was entrusted with nine command tours throughout his career.  A co-host of the CISO Tradecraft podcast, Mr. Hardy has presented at hundreds of events world-wide providing thought leadership over a range of security fields.  A graduate of Northwestern University, he holds a BS in computer science, a BA in mathematics, a master's in business administration, a master's in strategic studies, and holds the CISM, CISSP, GSLC, and CISA certifications.



ISACA Volunteer Opportunities

Please take a look at the ISACA Internattional global volunteer opportunities page and apply and share new opportunities to get involved. ISACA is seeking a wide variety of volunteers. The application close dates all differ so apply ASAP. 

Some opportunities are only visible to members or certification-holders, so please be sure to log in to view all opportunities for you. Here is a sample of what we're currently seeking to fill:

  • Risk Scenarios Development Task Force
  • EU Advocacy Task Force
  • Journal Readership Feedback Interviews
  • CISM Questions, Answers, Explanations Manual (QAE) Item Writer (CISM required)
  • Chapter Award Reviewer (2022 Awards)
  • Journal Article Reviewer (membership required)
  • ISACA Global Achievement & Hall of Fame nomination reviewer
  • CISM QAE Manual Quality Assurance Team (CISM required)
  • Internal Control Objectives for Sarbanes-Oxley Book & Figure Reviewers
  • Open Source Video Bites
  • SheLeadsTech Ambassadors
  • EVOLVE: Emerging Tech Conference Speaker Submissions (due 11 June)