2022 Cybersecurity Conference

The ISACA Greater Washington DC (GWDC) is proud to host the 2022 Cybersecurity conference. This seminar is part of our monthly sessions and is centered around the various important Cybersecurity topics such as, Zero Trust, Ransomware, Hunting threats in Active Directory and Auditing Cybersecurity.

Business leaders and managers, executives, technologists, professionals,  and students, interested in staying current in the field of cybersecurity should attend this conference.

Registration closed on October 12, 2022 @ 5pm. Participants can use the link below to access CPE Certificates, feedback survey, and presentations. Instructions on how to access these resources are located on the Access Your CPE Certificate page.

View Registration Site

 

Conference Details

Agenda

8:30 – 9:30 Implement Zero Trust Principles in your Architecture

Presenter: Adam Hesch (Amazon Web Services)

Zero trust has become a new industry buzzword, but how do you actually implement it in your existing architecture today? In this session, discover common architectural patterns for applications deployed on AWS and see how you can implement zero trust principles within them to improve your security outcomes. These examples will draw from common zero trust use cases (user, device, and system authentication and authorization) and technologies (software defined networks, micro-segmentation, policy enforcement points, visibility, and orchestration) to bring zero trust into your existing and future environments.

 

9:30 – 10:30 Threat Hunting with Windows Event Forwarding & MITRE ATTACK Framework

Presenter: Gurvinder Singh

In this talk, you will gain an overview of using Windows Event Forwarding (WEF) for incident detection, with configuration and management workflows guidance. The talk will also provide an introduction to the MITRE ATT&CK Framework.

 

10:30 – 11:30 Bringing Active Directory back from Hell

Presenter: Guido Grillenmeier

This session will cover what it’s like when your first gate of protection has already been broken through and you are trying to survive. The intruders are already in your network and have even compromised your Active Directory forest. It’s the story from a real-live IR-situation of how we recovered a middle-east company from an in-progress cyber-attack, after their AD was already fully compromised.

 

11:30 – 12:30 Cybersecurity for Internal Auditors

Presenter: Doug Murray & Raj Sawhney (Focal Point Data Risk)

In this presentation Doug Murray and Raj Sawhney provide IT Auditors and other IT Risk professionals guidance on how to conduct an effective Cybersecurity Audit. The IT Audit’s perspective as well as the CISO’s perspective is offered, giving the attendees an opportunity to drive collaboration at their respective organizations. Tangible takeaways include how to apply the methodologies for Cybersecurity, lessons learned from prior Cybersecurity reviews and the common pitfalls to avoid. The presentation is relevant for IT Risk professionals with limited knowledge of Cybersecurity or those with many years of experience looking to improve from practical experience.

 

Presenters

Adam Hesch
Principal Solutions Architect, Amazon Web Services

Adam is a Principal Solutions Architect supporting Federal Systems Integrators and Department of Defense customers with their migration to the cloud. He has spent the last year and a half working with federal customers on how to begin their Zero Trust journey on AWS and is currently the lead for the “Zero Trust Liftoff” team within AWS focused on helping customers meet federal zero trust related executive orders.

 

Gurvinder Singh
Cyber Security & Privacy Leader
CISSP, CISA, ITIL v3

Gurvinder Singh is a Cybrary Instructor with Global Fortune 500 and 21 years of diversified industry experience. Gurvinder understands best practices, information security architecture, risk management, compliance, policy issues, business continuity, disaster recovery, privacy, governance, prevention, and countermeasure. Gurvinder has successfully communicated, advised and managed global, corporate-wide security issues and improved business processes.

 

Guido Grillenmeier
Chief Technologist @ Semperis

Guido Grillenmeier is the Chief Technologist of Semperis. Based in Germany, Guido has been a Microsoft MVP for Directory Services for 12 years. He spent 20+ years at HP/HPE as Chief Engineer. A frequent presenter at technology conferences and contributor to technical journals, Guido is the co-author of Microsoft Windows Security Fundamentals. He’s helped various customers secure their Active Directory environments and supported their transition to Windows 10/m365 and Azure cloud services.

 

Doug Murray
Chief Information Security Officer (CISO), Global Cybersecurity, Privacy and IT Audit Leader
CISSP, CISM, CISA, CRISC, CDPSE

An experienced, driven, and accomplished Chief Information Security Officer and Leader, with a wealth of experience while working for high-profile companies. Has extensive experience in information security, data privacy, IT risk, and business continuity, and is experienced in balancing strategic and execution requirements of enterprise information security programs which ensure confidentiality, integrity, and availability of data. A proven track record of success in transforming and maturing global information security organizations.

 

Raj Sawhney
Managing Director, IT and Internal Audit, Cybersecurity and Business Process @ Focal Point Data Risk
MSA, MBA, CISA, CFE, CCSIC, CDPSE, CIST, CIMP, CRISC, CEH, CISSP

Raj Sawhney is a Managing Director in Focal Point Data Risk’s IT Audit and Advisory practice providing a variety of advisory solutions to companies in the Southern California region. Raj has led Internal Audit, IT Audit and Cybersecurity engagements for large multi-national corporations utilizing a variety of industry best practices and domain specific guidance. Raj has Big-4 experience with KPMG and Deloitte Consulting, and his international audit experience spans Germany, China, Singapore and India. Raj also brings a tremendous breadth and depth of IT Audit experience, including SAP, Oracle, NetSuite, Mainframe, AS400, PeopleSoft, FiServ, Unix, Linux, AWS and other cloud hosted applications. Raj has guided management in the remediation of significant issues around business process and I.T. including development of impactful audit reports, SOX compliance and SOC certification programs. Raj is a regular speaker at audit & security conferences and completed his Masters in Computer Science and his M.B.A in Finance from UC Irvine. Raj also holds a CISA (Information Systems), CRISC (Risk and Controls), CIST (Information Security), CDPSE (Data Privacy), CCSK (Cloud security), CFE (Financial Fraud), and recently became a certified Cybersecurity Auditor.

 

Additional Details

Virtual Event Information

• This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.
• Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
• Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
• The ISACA Greater Washington, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls

 

Registration Questions

If you have any registration questions about this event, please contact the chapter using the Registration Contact Form.

If you have CPE questions after the event has concluded, please contact the chapter using the CPE Contact Form.

 

Cancellation and Refund Policy

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.

If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.

 

Complaint Policy

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form.

 

CPE Information

Earn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org

 

CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.

 

CPE-Related Details

• Learning Objective: After this conference, attendees will have a better understanding of current trends in cybersecurity such as Zero Trust, Ransomware, Identify hidden threats in Active Directory and risk and controls around cybersecurity.
• Prerequisites: None
• Advance Preparation: None
• Program Knowledge Level: Basic
• Delivery Method:  Group Internet Based
• Field of Study:  Information Technology – Technical