For more information on our events policy, see https://isaca-gwdc.org/event-policies/
- This event has passed.
2022 Annual Meeting
June 15 @ 8:30 am - 4:30 pm EDTGWDC Members - $25; Non-Members - $50
The ISACA® GWDC Annual Meeting is the Chapter’s premium event for the year. The AGM provides training and networking opportunities for all attendees and the opportunity for GWDC members to learn about the Chapter’s health, achievements, plans, and other important matters. Presentations and panels focus on emerging technologies, risk vectors, mitigation strategies, and governance trends. Topics are aimed equally at participants focused on the Government and Private sectors. All our sessions are designed to increase your understanding of current topics and hone your professional skills by learning directly from leading practitioner in their fields.
For 2022, we have a great program at a great venue since we are again at a point where in-person events are possible. For the convenience of all our members, we will make the Chapter’s business session, the Annual General Meeting (AGM) of the Membership, available to them on-line.
There are many expensive conferences available that cover similar topics, but you do not need to overpay for a premium event with excellent presenters. The ISACA GWDC is excited to continue offering great presenter-topic lineups at always-reasonable prices. Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don't forget to follow ISACA GWDC on LinkedIn, Twitter, and Facebook for the latest news and information from ISACA GWDC, ISACA, and the audit, governance, and security profession.
A networking social immediately follows the Annual Meeting at the same location. No separate registration is required.
The GWDC Annual Meeting is being held in-person this year. Please use the link below to register for the full-day, in-person conference.
Registration has bee extended to June 14, 2022 at 6PM.
We've listened to feedback from membership who have expressed interest in attending the annual meeting but could not commit to an entire day for the conference. We are pleased to offer the business session of the meeting, the Annual General Meeting (AGM) of the Membership, free to all GWDC members on Zoom. During this session, the Chapter President will cover changes to GWDC Bylaws, introduction of new GWDC Officers, and presentation of the 2022 V. Lee Conyers Award.
The AGM Zoom will be held from 10:15 AM to 11:00 AM. The Zoom is only available to GWDC members who cannot attend the conference. The Zoom does not include the conference presentations.
Please note: Only one registration is required. If you attend in-person, you do not need to separately register for the AGM.
Who Should Attend?
IT advisory and audit professionals serving the Government and Private sectors, particularly practitioners credentialed in technology risk management, governance, audit, cloud, architecture, cybersecurity, and privacy. No knowledge prerequisites.
Up to 7 hours of Continuing Professional Education (CPE) credit can be earned for this event. See the CPE Information section below for additional information.
The Annual Meeting will be held at the:
Hyatt Regency Washington on Capitol Hill
400 New Jersey Avenue
NW Washington D.C. 20001
Parking and Metro
Metro: The nearest Metro station is Union Station.
Parking: Parking is available at the hotel and in various adjacent parking garages. Street parking is very limited.
Agenda and Presenters
8:15 AM - 8:25 AM – Opening Remarks
8:30 AM - 9:20 AM – Session 1: Making Your Job Easier and Your Organization More Secure
Is cybersecurity a linear stable system or a complex dynamic and adversarial system? This session draws upon a century’s worth of proven and practical methods – much funded by the U.S. government – in war and peace. These methods come from critical, systems, and industrial strength/design disciplines. The same methods that have powered American innovation -- railroad system, telephone system, automobile assembly lines, WWI logistics, aviation safety, consumer electronics, Covid logistics, and kinetic warfare. Unlocking that “profound knowledge” will lead us to greater security with far less time and effort.
This session is presented by:
Brian Barnier, Decision Analyst and Co-Founder CyberTheory Institute
9:25 AM- 10:15 AM – Session 2: Fireside chat – Innovating in government with critical thinking, systems thinking and design thinking
Innovation brings us products and experiences that delight and amaze us. In government, wide ranging applications of critical, systems and design thinking are innovating from military special forces to Education to FBI to DHS to FEMA to National Institutes of Health to NASA to Labor to Veterans Health Affairs to NIST to NTSB to CSB to EPA to Agriculture to CDC to CISA. Yet of the innovative thinking in so many agencies – including cyber security and warfare -- why are agencies rarely successful in delivering such initiatives? What are the barriers and how can those barriers to removed or at least lowered? Join in our conversation to advance cybersecurity in government and improve your own career satisfaction and work-life balance.
This session is presented by:
Brian Barnier, Decision Analyst and Co-Founder CyberTheory Institute
Mark A. Forman, Executive Vice President, Enterprise Optimization Dynamic Integrated Services LLC and Former Administrator, Office of E-Government, OMB
10:15 AM - 11:00 AM – AGM Session: Annual General Meeting of the Chapter Membership
The Chapter President will give an update on the chapter’s Strategy, Goals, Financials, Membership and key milestones. Also, the President will provide changes to GWDC Bylaws, recognizing the current board of directors and an introduction of new GWDC Officers. In the end there will be a presentation of the Chapter Awards.
This session is presented by:
Alok Kakker, ISACA Greater Washington D.C. Chapter President
11:05 AM - 11:55 AM – Session 3: K-12 Cybersecurity Overview
Understanding the school system, the data used and protected and Cybersecurity challenges and overview.
This session is presented by:
VJ Rao, CISO Fairfax County Public Schools (FCPS)
12:00 PM - 1:00 PM – Lunch
1:00 PM - 1:50 PM – Session 4: The Power of Collaboration to Improve Safety and Productivity
Many potentially hazardous industries involve systems that consist of a complex array of coupled and interconnected subsystems that must work together effectively in order for the entire system to perform successfully. One of the major challenges in improving safety and reliability in such systems is that, because the subsystems are coupled, changes in any one subsystem can affect some or all of the other subsystems, often in ways that are not linear or predictable, which can generate unintended consequences. “System Think” refers to an awareness of the impacts throughout a complex dynamic system of changes in any of its subsystems.
The commercial aviation industry is using a voluntary government/industry collaborative approach known as CAST, the Commercial Aviation Safety Team, to accomplish System Think – bringing all of the key participants of the industry to the table together to work collaboratively to identify and address potential airline operational safety risks.
The CAST collaborative approach has been enormously successful. When the previously declining fatal accident rate had begun to “plateau” in the early 1990s, at a rate that many safety experts thought could not be improved much, CAST generated a reduction of more than 80% in the rate in less than 10 years. CAST outcomes were not only much more effective and efficient than regulations, they were implemented much more rapidly, with everyone in fundamental agreement, and most significantly, the focus was on improving safety rather than obtaining mere regulatory compliance.
The result was that the US airline industry suffered only one passenger fatality in nearly ten years. CAST also demonstrated that, contrary to conventional wisdom that safety improvements usually hurt productivity, safety improvements that result from a collaborative approach can simultaneously improve productivity and reduce cost. Improving productivity and reducing cost are important because safety improvements that hurt the bottom line are not generally sustainable. This presentation shows two commercial aviation examples of successful collaboration and one example of inadequate collaboration.
Although one size may not fit all, in theory the CAST success story should be transferable to help improve safety and reliability not only in other potentially hazardous industries, but also in professional disciplines that target intentional wrongdoing, such as cybersecurity.
This session is presented by:
Christopher A. Hart, Hart Solutions LLC and former Chairman of the National Transportation Safety Board
1:50 PM – 2:10 PM – Break
2:10 PM - 3:00 PM – Session 5: Driving Innovation to Strengthen Oversight Capacity
As technologies advance at a rapid pace, it is paramount for the oversight community to understand key IT accountability challenges while also looking for ways to adapt new IT capabilities. The Innovation Lab at the Government Accountability Office is addressing this duality in a systematic and sustainable way that enable GAO to better serve evidence-based policy making.
This session is presented by:
Taka Ariga, Chief Data Scientist and Director of Innovation Lab, U.S. Government Accountability Office
3:05 PM – 3:55 PM – Session 6: NIST Security and Privacy Standards and Guidelines – 2022 Update
NIST continues to update and issue new key cybersecurity and privacy publications addressing risk management, assessment, systems security engineering and cyber resiliency. This presentation will provide a deep dive into recent NIST publication updates, new and ongoing efforts such as the Cybersecurity Framework update, the Artificial Intelligence Risk Management Framework, as well as cover what’s ahead for NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations.
4:00 PM - 4:15 PM - Closing Remarks
Networking mixer immediately follows the close of the Annual Meeting
Brian Barnier is head of decision science and analytics at ValueBridge Advisors, co-founder of CyberTheory Institute, and co-founder of Think.Design.Cyber. Brian pioneered life-like scenario analysis, industrial-strength design thinking and organization transformation in cybersecurity and a leader in systems thinking and math in cyber, authored 200+ cybersecurity articles, and has received prestigious honors that include the 2021 Joseph J. Wasserman Award from ISACA NYM and the 2015 V. Lee Conyers Award from ISACA GWDC. He also participated in the creation of ISACA’s Risk IT and COBIT5.
At Nokia/Lucent Bell Labs & AT&T he led teams to 9 patents – 6 heavily used during COVID. At AT&T he led a groundbreaking internal security initiative to enable new product sales. At IBM he launched the first secure distributed messaging software, created the “security as a process” solution team.
Brian is the author of The Operational Risk Handbook(Harriman House, Great Britain, 2011), a contributor to Risk Management in Finance (Wiley, 2009) and Risk and Performance Management: A Guide for Government Decision Makers (Wiley, 2014). He teaches a graduate seminar in decision science and data analytics at City University of New York and is a guest cybersecurity lecturer.
Mark A. Forman
Executive Vice President, Enterprise Optimization Dynamic Integrated Services LLC, CVE verified Service-Disabled Veteran-Owned Small Business
Former Administrator, Office of E-Government, OMB
Mr. Forman leads the Enterprise Optimization Services practice, working with U.S. federal government clients to improve their mission outcomes through innovations related to organizational and digital transformation approaches. He has been recognized for modernizing government and improving customer focus through his work spanning a variety of government and industry positions. His team addresses core agency performance challenges in defining modernization initiatives, taking advantage of technologies to simplify business processes and turning data insights into actions that achieve better results. With certifications in Business Transformation, Prosci Change Management, and Objectives and Key Results (OKR) Coaching, he and his team ensure solutions address holistic, end-to-end organizational needs including IT, process simplification, change management, human capital, and strategy.
Mr. Forman has a long record of results in government management reforms, spanning a variety of government and industry positions. Mark Forman is an accomplished Executive with more than 30 years of professional work experience, including a Presidential appointment to be the first U.S. Administrator for E-Government and Information Technology, the Federal Government’s Chief Information Officer As a government executive, he managed and led more than 2000 people working on 25 large multi-agency Presidential initiatives relating interactions between the federal government and businesses, federal and state governments, federal government and individuals, and shared services across agencies. As an industry executive, he built and led teams of consultants and program delivery for governments around the world while working at IBM, Unisys, KPMG, and SAIC. Mr. Forman excels at team building to define and achieve strategic programs and transformation initiatives.
Mr. Forman is a former fellow of the National Academy of Public Administration and CIO Sage. He is a member of the Industry Advisory Council’s Presidential Transition team. He has given well over 100 speeches on federal IT management, E-Government, business transformation and information technology to a wide variety of industry groups and government officials from around the world. Mr. Forman has testified before the U.S. Congress, Australia Senate, and several State Houses on information policy and management reform issues. He is a frequent guest on radio, television, and social media interviews related to government modernization, and published numerous papers and articles on government reform. Mr. Forman is also served on the Social Security Administration Advisory Board IT Panel reviewing SSA Modernization and the NASA IT Advisory Board reviewing NASA IT governance.
VJ Rao currently oversees information security for Fairfax County Public Schools. He also served as the Chief Information Security Officer for the 2016 and 2020 Presidential and Vice-Presidential Debates and has over 20 years of experience as a cybersecurity leader.
Mr. Kakker leads a team of highly skilled and experienced SME’s across Cyber Security, Technology Integration, Risk Management, Critical Infrastructure Security, and Program management. Mr. Kakker has 22+ years of Governance, Corporate Compliance, Technology Risk Management, Project Management and IT Implementations experience. Mr. Kakker is C-suite consultant and SME on PCI DSS, COBIT, ITIL and SSAE16 SOC engagements. In his capacity as current President and long-time Board of Directors member, Mr. Kakker contributed to making ISACA GWDC the largest ISACA Chapter world-wide, earning innovation and excellence awards, and communicating the ISACA Values to the IT and audit communities in the Washington DC metropolitan region.
Christopher A. Hart is the founder of Hart Solutions LLP, which specializes in improving safety in a variety of contexts, including the safety of automation in motor vehicles, workplace safety, and process safety in potentially hazardous industries.
Mr. Hart is also Chairman of the Washington Metrorail Safety Commission, a three-jurisdictional agency (MD, VA, DC) that was created in 2019 to oversee the safety of the Washington area subway system. In addition, in 2019 he was asked by the Federal Aviation Administration to lead the Joint Authorities Technical Review that was created bring together the certification authorities of 10 countries, as well as NASA, to review the robustness of the FAA certification of the flight control systems of the Boeing 737 MAX and make recommendations as needed to improve the certification process. Also, in 2021 he was asked to join the Board of the Joint Commission on Accreditation of Healthcare Organizations, the non-government organization that accredits hospitals, to help improve healthcare safety. He was also invited in 2021 to be on the FAA Management Advisory Council. After an Uber test vehicle struck and killed a pedestrian in Tempe, AZ, in 2018, and Uber terminated such tests on public streets, Mr. Hart was included in the team of experts that Uber engaged to recommend how to safely resume street testing, which it has done.
From 2009 until 2018 Mr. Hart was Chairman, Vice Chairman, and a Member of the National Transportation Safety Board (NTSB), having been nominated by President Obama and confirmed by the Senate. The NTSB investigates major transportation accidents in all modes of transportation, determines the probable causes of the accidents, and makes recommendations to prevent recurrences. He was previously a Member of the NTSB in 1990, having been nominated by (the first) President Bush.
Mr. Hart has a law degree from Harvard Law School and a Master’s Degree and a Bachelor’s Degree (magna cum laude) in Aerospace Engineering from Princeton University. He is a member of the District of Columbia Bar and the Lawyer-Pilots Bar Association, and he is a pilot with commercial, multi-engine, and instrument ratings as well as a Cessna Citation SIC Type Rating.
Taka is the first Chief Data Scientist appointed by the Comptroller General of the United States for the Government Accountability Office. He also leads GAO’s Innovation Lab in driving problem-centric experiments across oversight, insight, and foresight work through data science and emerging technologies. As a member of the federal Senior Executive Service, Taka is responsible for working with GAO stakeholders to adopt prospective views on impacts of emerging capabilities such as AI, cloud computing, blockchains, RPA, extended reality, and IoT.
Taka is a seasoned data science executive with over 22 years of experience helping private and public sector organizations make sense of hidden correlations, behaviors, relationships, patterns, and anomalies. He is passionate about fostering a data-informed culture, using data science as a catalyst to address complex regulatory, risk, operational, and business intelligence challenges.
Taka is natively fluent in both Japanese and Mandarin Chinese. In his spare time, he is also a serious classical chamber musician and a competitive tennis player.
Victoria Yan Pillitteri is a senior computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the team lead of the Federal Information Security Modernization Act (FISMA) Implementation Project. She supervises a team of technical research and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing information security risk in the federal government, and associated stakeholder outreach and public-private coordination/collaboration efforts. In addition to her role as supervisor, she leads a research portfolio focused on security and privacy risk management, and frequently hosts and speaks at conferences and workshops on these topics.
Ms. Pillitteri previously worked on the Cybersecurity Framework, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs, served on the board of directors of the Smart Grid Interoperability Panel, served as Chair of the Federal Computer Security Managers’ Forum, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security, including SP 800-12, 800-37, 800-53, 800-82, 800-171, 800-171A, 800-171B, 800-137A, 1108 and IR 7628.
Victoria holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, and is a Certified Information Systems Security Professional (CISSP).
Cherilyn Pascoe is Senior Technology Policy Advisor at the National Institute of Standards and Technology (NIST), U.S. Department of Commerce. She advises NIST leadership on technology policy and strategy, including cybersecurity, privacy, and artificial intelligence. She also leads the NIST Cybersecurity Framework program and is active in the NIST AI Risk Management Framework development. Prior to joining NIST, she served more than a decade in staff leadership roles on the U.S. Senate Committee on Commerce, Science, and Transportation working for former Senator Hutchison (R-TX), Senator Thune (R-SD), and current Ranking Member Wicker (R-MS). Most recently, she served as Deputy Policy Director managing the Committee’s Space and Science Subcommittee, which has legislative and oversight jurisdiction over science, technology, standards, and civil space policy. During her time on the Hill, she led efforts to develop and advance several notable pieces of legislation, including the U.S. Innovation and Competition Act, the AV Start Act, as well as three surface transportation reauthorization laws and ten cybersecurity laws. Pascoe received her M.A. in International Science and Technology Policy from the George Washington University and her B.S. Chem. with Highest Honors in Chemistry from the University of Michigan.
If you have any registration questions about this event, please contact the chapter using the Registration Contact Form.
If you have CPE questions after the event has concluded, please contact the chapter using the CPE Contact Form.
Any presentations made available by the presenters will be emailed to the event participants.
Cancellation and Refund Policy
Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.
If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.
The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form.
Earn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org
CPE Distribution and Evaluation Survey
CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit.
- Learning Objective: After completing this conference, students will have a better understanding of latest trends and current topics affecting IT audit, assurance, compliance, security, and risk management.
- Prerequisites: None
- Advance Preparation: None
- Program Knowledge Level: Basic
- Delivery Method: Live, in-person
- Field of Study: Specialized Knowledge - Information Technology