• New Training Session Sign In Process

    We will be beta testing a barcode based sign in process (replacing the physical sign-in sheets) for our monthly training sessions. The barcode that will be used for the sign-in is at the bottom of the registration confirmation email. You can use your cell phone or a paper print out of the registration confirmation email to sign in. This will enable us to track attendance better and also enable uploading of session CPEs directly to ISACA International.

If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2018 September - Session A: Full Day Sessions

When: September 5, 2018 - 0800-1600
Where: Brier Creek Country Club
RegistrationWebsite
CPEs: Up to 8
Handouts: Will Be Uploaded When available

Session A

Time: Breakfast 7am to 8am ; Meeting 8am to 4pm
Lunch: 11:30 to 1pm
Note: Box lunch can be purchased from Brier Creek Country Club
Cost: Members - $75, Sister Organizations - $100, Non-members $125

MORNING SESSIONS:

SESSION I : Identifying The Inherent Risk of Your Third-Party Vendors: Determining Where to Concentrate Your Resources

Abstract: Companies are doing more business than ever with the help of outside vendors, suppliers, and partners. More information is being trusted with these outside entities than ever. Everyone agrees that a company needs to ensure that their partners are treating all data as if it were its own and protected it from disclosure. But remember, transference of duties does not equal transference of responsibility. We cannot deeply assess each of our third-party vendors; we do not have the time or the resources; today more than ever it is important to understand the inherent risk of conducting a business process outside of your organization – the higher the inherent risk, the more due diligence.

Speaker: Chad Peterson, Director, Third Party Risk Management – Service Delivery, Optiv
Chad Peterson brings more than twenty (20) years of technical and leadership experience to his current role. As a Director within our Third Party Risk Management Practice, Mr. Peterson works closely with clients and account teams in the area of Risk Management. A subject matter expert in information assurance, Mr. Peterson’s has an extensive background in Regulatory Adherence, Compliance and Security Training, Network and Systems Security, Business Impact Analysis, Policy Reviews, IT Audit, and Risk Assessments. Prior to joining Optiv Security in 2012, Mr. Peterson spent many years in the Healthcare Industry where he held positions such as HIPAA Security Officer, Information Security Manager, Health Information Technology Director, and Security Auditor. Mr. Peterson holds a Master’s Degree in Information Technology with a Specialization in Information Security, and has earned certifications in the areas of Security (CISSP), Audit (CISA), Compliance and Risk (CHC, CRISC), and IT Framework (ITIL-F). Chad was formally on the Board of Directors of the West Florida Chapter of ISACA and is actively involved in ISSA, AHIA, and HIMSS.

SESSION II: The Modern State of Insecurity

Online security is in a constant state of flux; we face threats today that are entirely new to those we dealt with only a year or two ago. Yet at the same time, we’re still dealing with the same fundamental threats we were decades ago with the likes of SQL injection and ransomware dating as far back as the 80’s. This dichotomy also plays out in the sophistication of attacks we’re seeing today with news headlines announcing nation state backed espionage with equal regularity to Amazon S3 buckets exposing everything to the public due to simple configuration errors.

In this talk, you’ll see how these threats are evolving and which are the ones we need to be especially conscious of in the modern era. It looks at real world examples of both current and emerging threats and talks about actionable steps we need to take as an industry to stem the flow of data breaches and other malicious activity. The Modern State of Insecurity is a scary yet necessary lesson on how we’re still getting security wrong today.

Speaker: Justin Wilkins, Varonis

Justin Wilkins is currently the Manager of Systems Engineering for the Mid-Atlantic at Varonis, where he helps organizations secure, manage and govern their unstructured data. He has over six years of experience in data security and governance in both the federal and commercial space. Prior to joining Varonis, he held engineering roles at Philips Healthcare, GE Aviation, and Bloomberg LP. His background as an aerospace engineer provides him with a deep understanding of the technical challenges with data security and the ability to develop creative solutions to solve complex problems. He earned a B.S.E. in Mechanical & Aerospace Engineering from Case Western Reserve University and currently resides in Washington, D.C. He enjoys studying foreign languages, traveling, spending time with family, surfing and playing soccer.

SESSION III: Losing the Cyber Security Battle? Win the War with Well Managed Identity

Abstract: Identity has long been deemed the new perimeter, but this approach doesn’t seem to be working. Despite increased spending on identity programs, organizations are still being breached at a record level. The majority of successful hacks are using compromised credentials. How can you protect your organization from a breach, while meeting expanding compliance mandates? In this session you’ll learn why identity is quickly becoming the language of security.

Speaker: Chris Smith, Optiv

AFTERNOON SESSIONS

SESSION IV: Overcoming Political Barriers in Moving to the Cloud

Abstract: "Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the eleventh hour after applications have been built is not likely to be ideal either for development or production based workloads in the Cloud. This session offers: Factors to consider when making software design choices. Tips on weaving security best practices into the SDLC without impeding the velocity of AppDev· Benefits of architecting applications hand in hand between AppDev and Security teams.

Speaker: Joe Vakkadan, Global Practice Manager, Cloud Security, Optiv

Joe Vadakkan brings more than 18 years of technical and information security leadership experience to his current role. As a Global Practice Leader, Cloud Security at Optiv. Vadakkan provides C-Suite and Engineering teams advisory services to define cloud security strategy, roadmaps and manages a division of cloud security experts who specialize in Microsoft Azure, Google Cloud Platform & Amazon web services which are embedded for implementation of secure cloud with the plan, build and run methodology to meet client’s security objective.

SESSION IV: Insider Threat: Turtles, Trust and The Future of Cybersecurity

Abstract: Faith in our institutions is collapsing, and GDPR is at the door. What would cybersecurity look like if we started from scratch, right now, in our hybrid, interdependent world?  It would focus relentlessly on data. Learn how a data-centric security approach can reduce risk, increase efficiency and re-engineer trust in a society where faith has been shaken by unstoppable breaches. Objectives:
• Learn about an approach to data protection that starts with data, not threats
• Discover how classification, analytics, labels, and remediation fit together
• Gain insights into applying data-centric security to new regulations like GDPR

Speaker: Patrick Lynch, Varonis

Patrick Lynch has helped dozens of organizations in the Carolinas to better understand and protect their critical data. A risk assessment specialist, he focuses on educating Varonis customers on how to plan and implement sustainable data security policies affordably and efficiently.  

SESSION V: GDPR

Patrick Lynch and Justin Wilkins

Abstract: to be provided soon
Speaker: to be provided soon