If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2020 Fall GRITSS Full Day Training Session

When: September 2, 2020 - 8:00AM-4:30PM
Where: Online
Registration: Registration Links Below - Registration is separate for each of the morning and afternoon sessions.
Cost:  ISACA-RTC Members -  $20 per session
CPEs: Up to 7

(Log in to see files available for download)

Links to stream sessions:

Morning Session:

Session I Morning

Registration Link: Morning Session Registration

8:00am Welcome
8:15 – 9:15am KeyNote - Ramses Gallego Topic: The Future of NOW or Change….as a constant.

If there is something constant in the universe, that’s speed of light. And change. Change is a constant in today’s world. We are living through times where the present is leaving us... every single second. These are times where present is already past and the need to adapt and adopt new and emerging technologies has become instrumental for success. Organizations are being pressed with time-to-market issues while, in reality, they should a have time-to-value perspective. In an epoch where technology is pervasive and you can hardly find businesses that do not depend on technology, we have to face change as one critical variable in the planning of enterprise strategy. Because we have something crystal clear: that the future...is going to change. We have to capture the present realizing that it has already become past and that the next business iteration has already happened, whether we like it or not.

By attending this session, the attendee will enhance her/his perception on the importance of time when designing, planning and executing a business strategy. The difference between strategy and tactics will be mentioned as well as the need of adapting to change in a world with no secrets, no barriers, no frontiers. The attendee will gain a deeper understanding on the issues of adaptability, trustability and reliability and, more importantly, will discover that we are living in the future. The Future of NOW.

9:15-9:20am Break / Change over Speaker

9:20-10:15am John Eades  Topic: The Leadership Skills Every Professional Should Master

10:15 -10:20am Break / Change over Speaker

10:20-11:30am Rob Valdez Topic: Auditing Artificial Intelligence

Advances in artificial intelligence continue to make headlines, and enterprise adoption of artificial intelligence solutions is on the rise. Assurance professionals, organizational managers, and regulators find themselves faced with the task of understanding and evaluating these solutions. How can we approach this task effectively? What new risk is presented by AI solutions? This presentation provides an overview of how existing practices can be adapted or modified in order to audit and evaluate the effectiveness of artificial intelligence solutions.
Learning Objectives
After attending this presentation, participants will:
• Understand concepts in artificial intelligence
• Describe the adaptation of existing assurance practices for auditing artificial intelligence
• Identify where modification of existing assurance practices may be necessary
• Recognize issues and obstacles for auditing and evaluating artificial intelligence

Registration Link: Morning Session Registration

Session II Afternoon

Registration Link: Afternoon Session Registration

1:00pm Welcome to the Afternoon Session

1:15– 2:10pm Chris Romeo (Security Journey) - Topic: 10 Truths about Docker and Kubernetes security

Are Docker and Kubernetes part of the way that your organization executes modern web applications? Do you have a grasp of the security architecture for both? These tools provide many security features, but they are not enabled by default. In this session, we’ll review the state of security for Docker and Kubernetes and explore ten truths about applying security. You’ll gain an appreciation for the security architecture for both, and experience truths such as “containers are not VMs, VMs are not
containers”, “Docker and Kubernetes are not security products”, and “Containers need vulnerability scanning”.

2:10 – 2:15pm Break / Change over Speaker

2:15 – 3:10pm Stephen Bish Topic: $1,000,000 Global Ransomware Lockdown: Chronicles of a Rapid Responder

Ransomware is one of the most devastating cyber-attack methods that exists today, and these attacks are seemingly getting more difficult to prevent and recover from. Does your organization have a plan for when the lights go out, data and systems become unavailable, the phones stop working, or the manufacturing floor comes to a crashing halt? Join the Schneider Downs cybersecurity team as they share a real world experience of a massive ransomware attack that shut down a global business operation for many weeks. The Schneider Downs team will provide a stunning first-hand account of the realities of a well-coordinated and crafted ransomware attack from an international threat actor that has eluded law enforcement for many years.
This presentation will:
·       Give the audience an inside look at how a ransomware attack really works
·       Analyze the tactics, techniques and methods used by the threat actors
·       Discuss controls that could have prevented or detected the malicious actions
·       Provide accounts of lessons learned by those experiencing their first incident
·       Discuss the benefits of proper planning and coordination with law enforcement resources

3:10 – 3:15pm Break / Change over Speaker

3:15 – 4:10pm KeyNote & Close - Ramses Gallego Topic: Quantum Computing: a Re-Evolution

Quantum Computing modifies many of things we take for granted in businesses today. The way we create and keep secret is challenged and quantum technologies disrupt different vertical, many sectors. Built on the theory of quantum physics, if quantum computers would exist they would represent a gigantic leap in computing power and the way we use technology. But do they exist and what can we do with them? There are massive investments around the world in this discipline and, in the very same way that the space race and the fight for nuclear power have been instrumental in recent decades, we are experiencing now not an era of changes but the change of an era. By attending this session attendees will understand the actual situation of quantum technologies and what they mean for organizations, the challenges we will encounter and, most importantly, the impact it has on the way we govern the Enterprise IT. Since quantum computing is not an evolution. It’s a Re-Evolution.

Registration Link: Afternoon Session Registration

Speaker Bios

John Eades, CEO, LearnLoft

John Eades is the CEO of LearnLoft, a leadership development company that exists to turn managers into leaders and create healthier places to work.

He was named one of LinkedIn's Top Voices in Management & Leadership where his weekly leadership newsletter has over 125k subscribers. He is the author of, Building the Best: 8 Proven Leadership Principles to Elevate Others to Success, and he is also the host of the Follow My Lead Podcast and a new show, Lead Your Best. His work has been highlighted on Inc. CNBC Money, and more.

Rameses Gallego, Security, Risk & Governance International Director, Micro Focus


With a background education in Business Administration (MBA) and Law, Ramsés is a +22 years security professional with deep expertise in the Risk Management and Governance areas. Ramsés is now Security, Risk and Governance International Director with Micro Focus where he defines the vision and mission, purpose and promise of the company in that arena. He also ensures the proper execution of the department. He has previously been Strategist & Evangelist at the Office of the CTO in Symantec. Before, he was at Dell Security and CA Technologies for 5 and 8 years respectively, he was Regional Manager for SurfControl in Spain and Portugal, and also Chief Strategy Officer of the Security and Risk Management practice at Entelgy. Ramsés served for three years in ISACA’s CISM and CGEIT Certification Committees and also in the the Guidance & Practices Committee for three years from where deliverables are created for the community. He is honored to have been the Chair for ISACA’s ISRM Conference and part of the Program Committee for the events SecureCloud 2010 and 2012. He is now Immediate Past President at the ISACA Barcelona Chapter and played an instrumental role in the Planning Committee that prepared first-ever ISACA's World Congress in Washington, June 2011. He has also been part of the ISACA's CISM PATF Task Force. Ramsés believes that a revolution (rather than an evolution) is needed when considering the move from technology to enterprise risk and that the cloud dimension offers incredible opportunities for businesses today. Ramsés thinks that Governance is essential to facilitate innovation in this changing business environment and holds many certifications that combine different knowledge areas and broaden his vision on technology within the marketplace. Ramsés is a CISM (Certified Information Security Manager), CGEIT (Certified in the Governance of the Enterprise IT) and a CISSP (Certified Information Systems Security Professional). He is the proud owner of the SCPM (Stanford Certified Project Manager) from Stanford University, California, one of the first experts with the CCSK (Certificate of Cloud Security Knowledge) and also an ITIL and COBIT Foundations certified professional. He develops results-oriented, business-focused, people-driven projects due to his Six Sigma Black Belt accreditation. An internationally recognized public speaker, has visited +25 different countries in the past 12 months and has been awarded 'Best Speaker' many times. He received the John Kuyers Award for Best Speaker/Conference Contributor in June 2013. He has been named 'Privacy by Design Ambassador' by the Government of Ontario, Canada and is proud of being Past International VP for ISACA's Board of Directors. He teaches in different universities on Digital Transformation, Change and is visiting professor in the Master of Cybersecurity for IE Business School. Ramsés is also Executive Vice President of the Quantum World Association and he feels honored of having had the US flag flown on his honor in The Capitol on November the 1st, 2013. He lives in Barcelona, Spain, with his wonderful wife and his two loved kids.

Chris Romeo, CEO & Co-Founder, Security Journey

Chris Romeo is CEO and co-founder of Security Journey, where he builds security culture influencing education. Chris is a sought after industry speaker and trainer, featured at RSA Conference, OWASP Global AppSec, and ISC2 Security Congress. His passion is to bring security culture change to all organizations large and small by creating and designing gamified security programs. Chris was the Chief Security Advocate at Cisco for five years. He empowered engineers to shift security left in all products at Cisco and led the creation of Cisco's security belt program. Chris has twenty-three years of security experience, holding positions across the gamut, including application security, security engineering, and incident response. Chris holds the CISSP and CSSLP certifications. For more information, see https://www.linkedin.com/in/securityjourney/

Rob Valdez, Director of Cybersecurity & Automation, Kaufman Rossin

Roberto Valdez, CPA, CISA, CISM is the Director of Cybersecurity & Automation for Kaufman Rossin. He performs advisory and assurance engagements that include robotic process automation and digital strategies; SOC 1, 2, and 3 audits; IT risk assessments; phishing simulations; and engagements addressing compliance with requirements under HIPAA, FINRA, FFIEC, and SOX 404. President of ISACA South Florida, Rob is a motivated advocate for building trust in technology through community development and education. He is an adjunct professor with Florida Atlantic University, and he has been featured in the Wall Street Journal, TechRepublic, the South Florida Business Journal, Healthcare Business, and other publications.

Stephen Bish, Senior Cybersecurity Analyst, Schneider Downs

Stephen is a senior member of the Schneider Downs cybersecurity team with a background in Digital Forensics and Network Security Administration. His current areas of focus are Penetration Testing, both network and physical based, and he is often the Schneider Downs Cybersecurity Team’s “tip of the spear” for our Incident Response service delivery. This year alone Stephen has helped Schneider Downs clients navigate the complexity of two of the largest ransomware cases that local federal authorities have seen, both of them involved ransomware demands that exceeded one million dollars. In his down time you can find Stephen in the Schneider Downs cyber lab building custom exploits, out and about pwn’ing client servers, picking locks or climbing over barbed wire fences.
Stephen is well-experienced in the delivery of the following services to industries that include government, manufacturing, higher education, medical, retail, nonprofit, insurance, automotive, financial and professional services:
∙ Digital Forensics / Incident Response
∙ Penetration Testing
∙ Purple Team Assessments
∙ Cybersecurity Maturity Assessments (NIST Framework)
∙ Sensitive Data Discovery Evaluations (PII)
∙ Data Security Compliance Audits (PCI, HIPAA, FERPA, GDPR)

Stephen earned an IT Security Forensics degree from PTC and is a Certified Ethical Hacker (CEH). He is an avid public speaker and takes pride in providing each client with meaningful and actionable cybersecurity guidance.