2019 January Training Session

2019 January Training Session

When: January  9, 2019 - 1:00 PM -4:00 PM
Where: RTP HQ
Registration: Website
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35
All Others: $50
CPEs: Upto 3
Handouts: Will Be Uploaded When available

Session I: Providing comprehensive Cybersecurity coverage using NIST CSF and OWASP (1:00-2:30)

Cyber Security is a hot topic across all industries in the 21st century.  While many training options exist, seldom do they provide a defined method for building, implementing, and maintaining a cyber security audit testing program.  This training will discuss how to achieve comprehensive cyber security coverage across an enterprise, while still providing coverage for the core cyber functions within the information security processes of an organization.  We will also include information on how to integrate the NIST Cyber Security Framework and OWASP risks into your coverage model.

Speaker: Garth Stewart, Cyber and Information Security Audit Director assisted by Plyush Gidwani, Cyber and Information Security Risk Specialist BB&T

Since joining BB&T in 2007, Garth has served in the roles of Internal Auditor, Senior Internal Auditor, Audit Project Manager, and is currently the IT Audit Manager for the Cyber and Information Security Audit team.  He has served as the Auditor-in-Charge on numerous audit engagements across the IT environment for BB&T.  These audits include Desktop Deployment, Database Solutions, Data Warehouse, and many others.  Garth has also led the Sarbanes-Oxley 404 IT testing.  In his role as an IT Audit Manager, Garth has built a team of seven highly-qualified individuals with extensive IT Infrastructure, Cybersecurity, and Information Security knowledge.  His team has successfully executed on numerous audits, while still completing interim Sarbanes-Oxley compliance testing in a timely manner.

Garth has performed many roles during his 20 year career as an IT professional in the financial, public utilities, and asset management industries.  He was a partner in Asset Brokers International (ABI) where he negotiated contracts and performed risk mitigation work for RBC Centura Bank and SAS Institute’s main campus in Cary, NC.  He ensured compliance with regulatory requirements related to secure data destruction and proper disposal of off-lease and end-of-lifecycle IT hardware.  Garth also held a position as a lead technician for Accounting Machine Systems, Inc.  This role encompassed performing and managing numerous branch installations and conversions to include: network equipment configuration, server and desktop installation, printer installation and configuration, and on-site support during branch training for RBC Bank in Florida, Alabama, Georgia, South Carolina, North Carolina, and Virginia.  Garth left BB&T for less than a year and served as a Senior IT Auditor at Progress Energy in Raleigh, NC.  During this role, he led and performed testing for highly technical audits to include compliance with the North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC-CIP) standards, and he managed the Sarbanes-Oxley General Computer/Application Control testing.

Piyush joined BB&T in May 2017 as a Cyber & Information Security Risk Specialist.  He will provide guidance and expertise within Audit Services related to cyber and information security risk management and controls. Prior to joining BB&T, he worked with the Federal Reserve Bank of Chicago as a Sr. Network Security Design Engineer for five years.  He also worked with the Federal Reserve Bank of Richmond for one year as a Sr. Network Design Engineer designing controls and solutions for Advance Persistence Threat, and for the Northrop Grumman defense company as a Sr. Capacity Planning Engineer for over two years, among other positions/companies.  He has over 15 years of experience in the technology and information security disciplines.

Session II: Time Management

We all have the same amount of time.  Sometimes we jump in and get projects done without delaying the start or noticing how much time passes. Sometimes we watch deadlines blow past us. Having spent a lot of time studying time management from some of the greatest experts (Stephen Covey, Tony Robbins, Zig Ziglar, Brian Tracy) Ben will share some of their great wisdom. He will also show that time management is as much about lists, checklists and organization as it is about knowing yourself and your personal motivation and your personal “hang ups”.

Speaker: Ben Hunter, Bernard Robinson & Company

Ben Hunter is a Risk Advisory Manager at Bernard Robinson & Co.  He began his career at RSM, the 5th largest public accounting firm in the US, spent 3 years in industry and moved back to public accounting at BRC in Nov of 2017.  He specializes in Cybersecurity and Information Technology Audits and Assessments.

Ben began his cybersecurity career in the US Marine Corps.  After his service, Ben went to UNC Greensboro and earned his Master of Science in Accounting.  After becoming a Certified Public Accountant (CPA), he continued his cybersecurity and IT Audit training by obtaining the ISACA certifications: Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC).  Ben also obtained the AICPA Certified Information Technology Professional (CITP) and is a Certified Fraud Examiner (CFE). 

At BRC, Ben is leading the Cybersecurity Risk and IT Audit consulting practice. Ben has years of experience performing Cybersecurity Risk and Control Assessments, HIPAA Audits, Phishing/Ransomware awareness and security training, Business Continuity Planning / Disaster Recovery (BCP/DR) planning and testing, IT Internal Audits, Sarbanes-Oxley (SOX) Control Testing, Systems Vulnerability Scanning Assessments, and System and Organization Control reports (SOC).  He speaks at a variety of organizations, including rotary clubs, professional organizations, universities and CPE events. 

Ben is a member of the AICPA, the NCACPA, the ACFE, and ISACA.

Ben’s unique perspective into the financial and information technology worlds allows him to communicate the technology risks in clear language for the decision makers.

 For more information and to register for the training session, please visit the ISACA RTC website.



2018 December Training All Day Paid Session

When: December 5, 2018 - 0800-1600
Where: Brier Creek Country Club
CPEs: Up to 8
Handouts: Will Be Uploaded When available

Time: Breakfast 7am to 8am ; Meeting 8am to 4pm
Lunch: 11:30 to 1pm
Note: Box lunch can be purchased from Brier Creek Country Club
Cost: Members - $75, Sister Organizations - $100, Non-members $125

CPEs: Upto 8

Handouts: Will Be Uploaded When available

Risky Business: What is Risk Management and Why Does It Matter?

Humans are constantly considering risk, even when we don’t realize it. Risk management is our response to the possibility of suffering harm or something going wrong…and things go wrong all the time! Car accidents, stolen wallets, unexpected bad weather, burnt dinners. The list could go on and on. We are programmed to manage risk. So how does risk management translate into business?

During this training, Joseph Kirkpatrick will discuss the critical risks in today’s threat landscape and how to mitigate those risks through risk assessments, cybersecurity best practices, and information security audits. Kirkpatrick will also spend some time discussing the hot topic of GDPR and how that regulation has impacted the US. Attendees will learn valuable insights from Kirkpatrick’s unique perspective as an auditor, industry expert, and president of an auditing firm.

I. What is Risk?

  1. Critical risks in today’s threat landscape (cybersecurity)
  2. What assets/data are at risk

II. Ways to Mitigate Risk

  1. Risk Assessment/Risk Analysis – How you should be conducting one
  2. HIPAA – History, the 3 Rules, unique case study
  3. HITRUST – History, how it’s different from HIPAA, how it’s adapting to multiple industries
  4. The SOC Suite – SOC 1, SOC 2, SOC for Cybersecurity
  5. PCI – History, how it’s adapting to new payment technologies
  6. Cybersecurity – Methodologies and best practices, unique case study

III. Hot Topic: Privacy

  1. GDPR
  2. US State Laws

About Joseph Kirkpatrick

As President of KirkpatrickPrice, Joseph Kirkpatrick has spent over a decade developing the firm into the industry leader it is today. KirkpatrickPrice specializes in thorough and efficient multi-audit delivery, founded with innovation and integrity. In fact, KirkpatrickPrice was the first authorized company to provide multiple audits into one streamlined process through Joseph’s visionary tool, the Online Audit Manager. Under his leadership, KirkpatrickPrice has delivered thousands of audit reports and information security engagements to clients of all sizes worldwide, strengthening their information security and compliance controls.

Joseph enjoys educating, empowering, and inspiring clients by navigating them through the complex maze of compliance and regulatory requirements. Joseph is a CPA with over 25 years of experience in information technology and holds a BA in Organizational Communication. He also holds CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance.


For more information and to register for the training session, please visit the ISACA RTC website.