2019 January Training Session
When: January 9, 2019 - 1:00 PM -4:00 PM
Where: RTP HQ
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $35
All Others: $50
CPEs: Up to 3
Session I: Providing comprehensive Cybersecurity coverage using NIST CSF and OWASP (1:00-2:30)
Cyber Security is a hot topic across all industries in the 21st century. While many training options exist, seldom do they provide a defined method for building, implementing, and maintaining a cyber security audit testing program. This training will discuss how to achieve comprehensive cyber security coverage across an enterprise, while still providing coverage for the core cyber functions within the information security processes of an organization. We will also include information on how to integrate the NIST Cyber Security Framework and OWASP risks into your coverage model.
Speaker: Garth Stewart, Cyber and Information Security Audit Director assisted by Plyush Gidwani, Cyber and Information Security Risk Specialist BB&T
Since joining BB&T in 2007, Garth has served in the roles of Internal Auditor, Senior Internal Auditor, Audit Project Manager, and is currently the IT Audit Manager for the Cyber and Information Security Audit team. He has served as the Auditor-in-Charge on numerous audit engagements across the IT environment for BB&T. These audits include Desktop Deployment, Database Solutions, Data Warehouse, and many others. Garth has also led the Sarbanes-Oxley 404 IT testing. In his role as an IT Audit Manager, Garth has built a team of seven highly-qualified individuals with extensive IT Infrastructure, Cybersecurity, and Information Security knowledge. His team has successfully executed on numerous audits, while still completing interim Sarbanes-Oxley compliance testing in a timely manner.
Garth has performed many roles during his 20 year career as an IT professional in the financial, public utilities, and asset management industries. He was a partner in Asset Brokers International (ABI) where he negotiated contracts and performed risk mitigation work for RBC Centura Bank and SAS Institute’s main campus in Cary, NC. He ensured compliance with regulatory requirements related to secure data destruction and proper disposal of off-lease and end-of-lifecycle IT hardware. Garth also held a position as a lead technician for Accounting Machine Systems, Inc. This role encompassed performing and managing numerous branch installations and conversions to include: network equipment configuration, server and desktop installation, printer installation and configuration, and on-site support during branch training for RBC Bank in Florida, Alabama, Georgia, South Carolina, North Carolina, and Virginia. Garth left BB&T for less than a year and served as a Senior IT Auditor at Progress Energy in Raleigh, NC. During this role, he led and performed testing for highly technical audits to include compliance with the North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC-CIP) standards, and he managed the Sarbanes-Oxley General Computer/Application Control testing.
Piyush joined BB&T in May 2017 as a Cyber & Information Security Risk Specialist. He will provide guidance and expertise within Audit Services related to cyber and information security risk management and controls. Prior to joining BB&T, he worked with the Federal Reserve Bank of Chicago as a Sr. Network Security Design Engineer for five years. He also worked with the Federal Reserve Bank of Richmond for one year as a Sr. Network Design Engineer designing controls and solutions for Advance Persistence Threat, and for the Northrop Grumman defense company as a Sr. Capacity Planning Engineer for over two years, among other positions/companies. He has over 15 years of experience in the technology and information security disciplines.
Session II: Time Management
We all have the same amount of time. Sometimes we jump in and get projects done without delaying the start or noticing how much time passes. Sometimes we watch deadlines blow past us. Having spent a lot of time studying time management from some of the greatest experts (Stephen Covey, Tony Robbins, Zig Ziglar, Brian Tracy) Ben will share some of their great wisdom. He will also show that time management is as much about lists, checklists and organization as it is about knowing yourself and your personal motivation and your personal “hang ups”.
Speaker: Ben Hunter, Bernard Robinson & Company
Ben Hunter is a Risk Advisory Manager at Bernard Robinson & Co. He began his career at RSM, the 5th largest public accounting firm in the US, spent 3 years in industry and moved back to public accounting at BRC in Nov of 2017. He specializes in Cybersecurity and Information Technology Audits and Assessments.
Ben began his cybersecurity career in the US Marine Corps. After his service, Ben went to UNC Greensboro and earned his Master of Science in Accounting. After becoming a Certified Public Accountant (CPA), he continued his cybersecurity and IT Audit training by obtaining the ISACA certifications: Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC). Ben also obtained the AICPA Certified Information Technology Professional (CITP) and is a Certified Fraud Examiner (CFE).
At BRC, Ben is leading the Cybersecurity Risk and IT Audit consulting practice. Ben has years of experience performing Cybersecurity Risk and Control Assessments, HIPAA Audits, Phishing/Ransomware awareness and security training, Business Continuity Planning / Disaster Recovery (BCP/DR) planning and testing, IT Internal Audits, Sarbanes-Oxley (SOX) Control Testing, Systems Vulnerability Scanning Assessments, and System and Organization Control reports (SOC). He speaks at a variety of organizations, including rotary clubs, professional organizations, universities and CPE events.
Ben is a member of the AICPA, the NCACPA, the ACFE, and ISACA.
Ben’s unique perspective into the financial and information technology worlds allows him to communicate the technology risks in clear language for the decision makers.
For more information and to register for the training session, please visit the ISACA RTC website.