The ISACA® GWDC Annual Meeting is the Chapter’s premium event for the year. The AGM provides training and networking opportunities for all attendees and the opportunity for GWDC members to learn about the Chapter’s health, achievements, plans, and other important matters. Presentations and panels focus on emerging technologies, risk vectors, mitigation strategies, and governance trends. Topics are aimed equally at participants focused on the Government and Private sectors. All our sessions are designed to increase your understanding of current topics and hone your professional skills by learning directly from leading practitioner in their fields.
This is an in-person event that will be held at the Hilton McLean Tysons Corner. IT executives, management and operations staff, risk management leaders and professionals, IT auditors, cybersecurity professionals, students or anyone interested in learning more about this topic should attend this event.
For the convenience of all our members, we will make the Chapter’s business session, the Annual General Meeting (AGM) of the Membership, available to them on-line.
After the Annual Meeting there will be a networking event in the same venue. A separate RSVP is required for this event.
If your organization is interested in being a sponsor for this event, please contact Adnan Sijercic, Outreach Director, for details on sponsorship opportunities. (Go to the Contact Us page select “Sponsorship” under “I have a question about”)
Through a robust Scholarship Program, ISACA’s Foundation One In Tech provides academic awards through a collaborative model offering US-Based Academic Scholarships and International Academic Scholarships. Within those categories, we provide awards in partnership with ISACA Chapters, corporations, academic institutes, and other non-profits. The Chapters are the most powerful in impacting their own cities and communities.
ISACA has approximately 220 chapters around the world, representing nearly 165 countries. ISACA chapters are uniquely positioned to build the workforce on a global scope. In addition, corporations are also positioned to build the future workforce that will meet the increasing need for cyber professionals. Together with ISACA’s Foundation, Chapters can have maximized impact through the Academic Scholarship Program. This presentation outlines the specifics of this powerful collaborative effort.
The banking crisis has unearthed deep structural shortcomings in both risk governance and lack of adequate regulatory supervision by the financial authorities. The impact, influence and content of technological advances in banking makes it so that today’s banking is no longer your grandfather’s bank. Advanced payment systems, the ubiquity of social media and new communication means, and everyone having a smart phone in their pockets have all come to us so fast that regulators are having challenges keeping up. At the same time, innovative bank executives, left unchecked have found ways of increasing their own compensation at the expense of creating systemic risks and costing the public. Our systems of safety and soundness, including the role of bank board of directors is in question once again. Who is in charge of looking after the interests of customers, stakeholders, the public at large, and the community the organization operates within? Should we count on the CEO, the Board, the Internal Auditors, the External Independent Auditors, or the Regulatory Agencies? It turns out that all of these parties failed. How can effective Risk Governance be one such solution to help alleviate these failures in the future?
12:10 PM – 12:40 PM
Lunch and Annual Membership Meeting
(Zoom is only available to GWDC members who cannot attend the conference)
Driving organizational change is hard but when you’re trying to change how a company thinks about risk…Well sometimes that’s a bridge too far. The bigger the organization, the bigger the bridge that needs to be painted. In this discussion we’ll look at how risk management can be optimized and performed to maximize outcomes for even the largest of organizations. We’ll talk about what “painting the bridge” means, and discuss suggestions for how to measure success when the bridge always seems to keep getting longer while you’re driving down it!
We have been developing and practicing cybersecurity for over 60 years. However, despite that history, we still face massive failures and losses. Every year, there seems to be dozens of new companies and products, yet none really solve the problems, which seem to multiply at a faster rate than the solutions available. Perhaps we have been making some incorrect assumptions about the nature of the problem — and the parties involved.
In this talk, I will discuss some insights gathered from 45 years in the field as both a practitioner and educator. In particular, I will discuss some of the missteps and misconceptions that have contributed to our problems, not least of which is the canard “The user is the weakest link.” With a shift in how we think about our goals and approaches we may be able to make more progress in defending our systems.
02:20 PM – 02:30 PM
02:30 PM – 03:20 PM
Automotive Cybersecurity & Data Management Platform for Connected Vehicles
The Automotive industry is rapidly expanding into a vast smart mobility ecosystem, introducing new levels of cyber sophistication and attack vectors.
Haim Kantor, Upstream’s VP North America will discuss strategies to detect and mitigate critical automotive cyber security risks and vulnerabilities to help automotive and smart mobility stakeholders ensure trust and safety.
Key topics and takeaways:
Gain insight into the latest automotive and smart mobility cybersecurity trends
Deep dive into the new threat actors, motivations and impact
Learn about increases in API-related incidents and the rise in EV charging infrastructure cyber attacks
Get a glimpse into the threats lurking in the deep and dark web
Everyone will agree that we seek to deliver value in our work efforts, but seldom do we explicitly define what we mean by “value”. This in turn leads to an inability to explicitly manage value delivery. This session will provide a universally valid and actionable definition of value, explain how every attendee has a role in value delivery, and discuss overcoming of impediments to the delivery of maximum value.
04:10 PM – 05:00 PM
How to lead, brand and network as an introverted cybersecurity pro: differentiate yourself, make an impact and drive change without changing your personality
The presentation educates introverted techies and entrepreneurs to:
Understand why introverts are critical for advancing cybersecurity today and tomorrow.
Be seen, heard, and respected as an introvert. Learn how to transmute introversion from a limitation into a superpower.
Dispel myths and biases about introverts vs. extroverts and, how it affects leadership, driving change, self-promotion, branding, and networking.
Develop connections and build relationships that serve you and others.
Overcome fears and blocks so you can lead diverse, high performing teams and drive org change.
Learn how to invite and apply diverse perspectives to achieve outcomes, even those you may disagree with.
Practical tips for different types of interactions – how to prepare (before and after). From 1:1s, small group meetings (15-20 people), executive committees, happy hours to formal events or conferences (15+ people).
Clemon Joseph Project Delivery Manager @ Deloitte CDFM
Mr. Clemon Joseph currently serves as a Project Delivery Manager at Deloitte with over 17 years of professional experience. He is an Information Technology (IT) and financial audit readiness leader with experience providing cross-functional support to both private and public sector clients. He serves as a technology consultant with the ability to lead teams to assess internal controls of business processes and to deliver training on emerging technologies that adds value to organizations.
Virginia “Ginger” Spitzer Executive Director @ One In Tech, an ISACA Foundation
Virginia “Ginger” Spitzer joined One In Tech, an ISACA Foundation in November 2019 as the Foundation’s inaugural Executive Director. With a focus of building ISACA’s new Foundation, One In Tech, Ginger launched the start-up phase of the Foundation that engages members, chapters, organizations and other nonprofits, corporations, and the public in supporting the Foundation’s mission. As part of ISACA’s leadership team, Ginger ensured the Foundation’s work aligned within the strong culture and community of ISACA and offers innovative, relevant global programming. OIT works to building trust, care, confidence, and career engagement in the digital space for students, educators, professionals, and businesses.
Ginger brings 25-plus years of non-profit leadership experience in fundraising; foundation start-ups; program development, operational strategies, and innovative collaborative models. Much of her extensive career experience has focused on missions working toward equity, equality, access, and awareness within underserved communities. She has specialized in areas of youth development, education, and social justice and has led organizations with local, national, and global service.
Building ISACA’s Foundation One In Tech through ISACA chapter and membership engagement is the key focus for Ginger’s work in 2023 and beyond.
Masood S. Aziz Head of Enterprise Risk Management (former) @ BlockFi Inc.
Masood is a risk management leader, adviser & guide to executives and board of directors. He has been a Chief Risk Officer, and Head of Risk Management for PIMCO’s Investment Operations, when Bill Gross (the “Kind of Bonds”) & Mohamed El-Erianthe managed over $1.9 billion aum and run the world’s largest fixed-income investment management firm. Head of Enterprise Risk Management at BlockFi, the leading blockchain & Digital Asset fintech. Head of Operational Risk & Compliance at State Street, the world’s largest custody bank.
In working with boards and the C-Suite, Masood has been a leading expert in establishing the risk governance infrastructure, including the board and executive level risk and audit committees. He has helped align and integrate risk management within organizational strategies, and to assure execution, and profitability. He has defined & established the risk appetite both at the corporate & operational levels, created committee charters and led the implementation of policy & procedures, and risk cultures firm-wide.
Masood was head of service & solution delivery at the Big-4 KPMG & BearingPoint consulting firms, and run his own consulting firm to support C-Suite & board risk management and operational effectiveness. He has led complex client initiatives, and managed teams of experts to lead solutions helping clients optimize financial and operational information, to create growth and profitability, to manage risk capital, and address regulatory challenges.
Masood is an expert in creating and implementing risk systems and technology, including along blockchain technology solutions. He has led projects to implement systems such as Chase Cooper, Wolters Kluwer, QRM, BondEdge, Kamakura Risk Manager (KRM). Masood has also created, designed and implemented an in-house, proprietary, risk analytics, simulation and reporting system.
Masood is a member of the Directors and Chief Risk Officer Group (DCRO), and on the risk leadership group at the Professional Risk Managers’ International Association (PRMIA). He is a frequent speaker and lecturer, including on TV & radio, and has published articles and books. He has an MBA from Thunderbird School of Global Management, a Bachelor of Science degree from Southern Illinois University and has obtained the French Baccalaureat from Paris, France.
Anthony Johnson Managing Partner @ Delve Risk
Anthony Johnson is a Managing Partner at Delve Risk, where he leads a practice focused on driving technology and risk management transformation on behalf of their clients. He brings extensive technical and executive leadership experience to the practice while also serving as a technology advisor to a number of software solution providers. Anthony is a graduate of Indiana University, where he received a Masters of Business Administration (MBA) and of Regis University where he received a BS in Computer Information Systems.
Throughout his career, Anthony has led some of the largest Cybersecurity programs in the world as the Chief Information Security Officer, dealing with highly complex multi-national regulatory requirements and ever evolving sophisticated threats. He has driven dramatic program transformations across hundreds of people, with budgets in the hundreds of millions of dollars; emphasizing the expansion of analytics, secure from the start architecture, incident response and cloud first security approaches to shatter expectations of what is possible with “classic corporate teams”. He leads with a people first mentality and is a coach to existing CISO’s around the world, helping to translate complicated technology issues into actionable strategic plans that align with the corporate and Board objectives.
Anthony is a global speaker on the topic of cyber security and enterprise risk, an active technology evangelist/advisor to emerging and startup companies and has multiple patents in progress related to both risk management and blockchain.
Prior to joining Delve Risk, he served as the Global CISO and Managing Director for multiple Fortune 100 companies, including Fannie Mae ($120bn) and the Corporate & Investment Bank (CIB) at J.P. Morgan Chase & Company ($35bn).
His other passions include advancing the discussion on diversity and inclusion in the workforce and creating channels for disadvantaged youth to enter the technology field. He lives in the Washington D.C. metropolitan area with his wife and daughter.
Eugene H. Spafford Professor of Computer Sciences @ Purdue University
Eugene H. Spafford is a professor of Computer Sciences at Purdue University. He is also the founder and Executive Director Emeritus of the Center for Education and Research in Information Assurance and Security. He has been working in computing as a student, researcher, consultant, and professor for 45 years. Some of his work is at the foundation of current security practice, including intrusion detection, incident response, firewalls, integrity management, and forensic investigation. His most recent work has been in cyber security policy, forensics, and future threats. He has also been a pioneer in education, including starting and heading the oldest degree-granting cybersecurity program.
Dr. Spafford has been recognized with significant honors from various organizations. These include being elected as a Fellow of the American Academy of Arts and Sciences (AAA&S), and the Association for the Advancement of Science (AAAS); a Life Fellow of the ACM, the IEEE, and the (ISC)^2; a Life Distinguished Fellow of the ISSA; and a member of the Cyber Security Hall of Fame — the only person to ever hold all these distinctions.
Among many other activities, he is vice-chair of ACM Publications Ethics & Plagiarism Committee, is editor-in-chief of the journal Computers & Security, serves on the Board of Directors of the Computing Research Association, and as a member of the National Security Advisory Board for Sandia Laboratories. More information may be found at https://spaf.cerias.purdue.edu/narrate.html.
Haim Kantor Vice President, North America @ Upstream Security
Haim leads Upstream’s North America team and business. Haim is an executive Sales and Marketing professional with more than 20 years of experience, with an unbroken record of success leading sales and marketing strategies to increase revenue. Prior to joining Upstream, Haim led sales for companies such as Driivz, Netcracker Technology, Amdocs and Comverse.
Douglas W. Webster Principal @ TFC Consulting CGEIT
He is a retired Air Force officer with a subsequent quarter century both working in and consulting to the federal government. He has served as Director of Risk Management at USAID and Deputy Director of the DoD Business Transformation Agency. As a Senate-confirmed Presidential appointee, he has served as CFO of both the Department of Labor and the Department of Education.
He is pioneer in Enterprise Risk Management in the federal government, having introduced the topic to the White House in 2008, established the first federal interest group in ERM that same year, led the founding of the founding of the Association for Federal Enterprise Risk Management (AFERM) in 2011, and developed and taught the inaugural ERM course for George Washington University.
Dr. Webster has co-authored or co-edited four books, including Chasing Change: Building Organizational Capacity in a Turbulent Environment (2009), Managing Risk and Performance: A Guide for Government Decision Makers (2014), and Value Based Management in Government (2020). He is an elected Fellow of the National Academy of Public Administration, and holds the ISACA CGEIT certification.
Prachee Kale CEO/Co-founder @ Think.Design.Cyber
Executive Fellow @ CyberTheory Institute
Prachee Kale helps introverted techies and entrepreneurs become high impact leaders by transforming their introversion into a superpower that drives change and creates networks that generate returns. Her unique service offerings bust the blocks, myths and biases of branding, leadership and networking as introverts vs. extroverts. She has combined her personal experiences and a successful 17-year corporate career in 1) business strategy, 2) technology & cybersecurity, 3) equity & inclusion and, 4) executive coaching to develop her four-step method so her clients have a clear path to transform their fears, blocks and limits into accelerants.
She is the CEO/Co-founder of Think.Design.Cyber (https://www.thinkdesigncyber.com/), TDC LeadersHub (https://www.tdcleadershub.com/) and a Founding Executive Fellow at CyberTheory Institute. Prachee has a Masters Degree in Bioinformatics from George Washington University where she helped her introvert classmates defend their theses, wrote distributed computing code, experimented on HIV viruses, and did PCR tests (yep, those).
Prachee speaks on topics of empowering introverts, cybersecurity and gender diversity at global conferences, summits, and podcasts. She makes meaningful connections with her audience and leaves them with a positive growth mindset, actionable steps and impact they remember.
When she’s not working, Prachee loves to solo travel, sail, host dinners. She is a total foodie and will surely whip up something delicious whenever you visit!
Fun facts: Prachee loves boats but is afraid of swimming in open waters, she was once called a ‘pit-bull’ and ‘passionate’ woman during the same meeting! And, her sister is a total introvert but a successful Bollywood movie director.
Hilton McLean Tysons Corner 7920 Jones Branch Drive
McLean, Virginia 22102
If you have CPE questions after the event has concluded, please contact the chapter using the CPE Contact Form.
Cancellation and Refund Policy
Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.
If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.
The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form.
Earn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org
CPE Distribution and Evaluation Survey
CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.
Learning Objective: After this event, attendees will increase their understanding of current topics and honed their professional skills by learning directly from leading practitioner in their fields.
Advance Preparation: None
Program Knowledge Level: Basic
Delivery Method: Live, in-person
Field of Study: Information Technology – Technical