Upcoming Chapter Events

Below are upcoming chapter conferences, seminars, review courses, and other events.  Prior chapter events can also be viewed.

For information on our event policies, see https://isaca-gwdc.org/event-policies/.

Loading Events

« All Events

  • This event has passed.

2024 Annual FISMA and Risk Management Framework Panel Discussion

April 18 @ 2:45 pm - 5:00 pm EDT

To protect federal information and systems, the Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies to develop, document, and implement information security programs. The 2024 Annual FISMA Conference provides a useful update to IT Auditors and the Federal IT community on the current landscape and efforts to comply with FISMA.

Come hear perspectives from senior federal executives who play key roles in FISMA compliance efforts in this year’s Federal Information Security Modernization Act of 2014 (FISMA) and Risk Management Framework (RMF) Panel Discussion. During this session, you will learn about recent changes to the FISMA metrics, and the opportunities and challenges agencies face in complying with FISMA.

IT advisory or audit professionals that serve or support the Public Sector should attend this event.

Registration closes on April 17, 2023 @ 2pm.   This is a free virtual event for GWDC Members.

Register Today!


Event Sponsor


Gold Sponsor

Sikich LLP, a professional services firm of more than 100 partners, 1,400 employees, and 17 offices across the U.S. As a professional information technology (IT) firm, Sikich provides client-tailored IT support, managed security, and numerous other expert IT services. As a full-service provider for government agencies and contractors, we provide financial management and assurance services to support a wide range of federal and commercial clients, including:

  • Assist the U.S. Defense Industrial Base (DIB) sector in enhancing its cybersecurity posture within the multi-tier supply chain to ensure compliance with Cybersecurity Maturity Model Certification (CMMC) requirements.
  • Conduct CFO Act engagements on behalf of more than three dozen federal CFOs and Offices of Inspectors General (OIGs) in the Executive and Legislative Branches.
  • Conduct FISMA audits and other custom IT and cybersecurity performance audits. Our testing includes evaluations of access controls, configuration and change management, systems development life cycle including audits of Agile and Waterfall implementations, disaster recovery and contingency planning, and overall governance and security frameworks.

The ISACA Greater Washington D.C. Chapter is proud to have Sikich as the sponsor for this annual event.



2:45 PM – 2:55 PM

Opening Remarks

3:00 PM – 4:50 PM

Panel Discussion: 2024 Annual FISMA and Risk Management Framework



  • Steven Hernandez
    Chief Information Security Officer, and Director of Information Assurance Services @ U.S. Department of Education

  • Jennifer Franks
    Director, Center for Enhanced Cybersecurity @ US Government Accountability Office (GAO)

  • Victoria Yan Pillitteri
    Federal Information Security Modernization Act (FISMA) Implementation Project Lead @ National Institute of Standards and Technology (NIST)

4:55 PM – 5:00 PM

Closing Remarks



Partner @ Sikich LLP

Sarah Mirzakhani, CISA, is a partner with over 20 years of experience in information technology audit/information assurance and information security solutions. Sarah serves federal agencies with varying, complex IT systems and environments. Her experience includes leading information technology internal control reviews and security audits, such as the Federal Information Security Modernization Act (FISMA) and overseeing vulnerability assessments and penetration testing.

Sarah is also skilled in conducting and leading system and organization controls/SSAE18 audits and readiness assessments, regulatory compliance reviews, and system implementation reviews for not-for-profit, commercial, and governmental entities. She has extensive knowledge of the National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS), and Office of Management and Budget (OMB).

She provides services in areas, such as IT and Cybersecurity Audits, FISMA Audit Services, and Performance Audits.

Sarah holds a Bachelor of Science in Business Administration, Management Information Systems, West Virginia University, and is a Certified Information Systems Auditor (CISA). She is affiliated with the Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA).



Steven Hernandez
Chief Information Security Officer, and Director of Information Assurance Services @ U.S. Department of Education

Steven Hernandez is an information assurance executive serving the past twenty years in a variety of contexts and missions. His rich background includes law enforcement, financial, education, healthcare, credentialing, heavy manufacturing, non-profits, and governments at the federal, state, and local levels. Steven’s experience ranges from the board room to leading tactical, day-to-day security operations as well as leading broad security initiatives such as the US government’s Zero Trust Architecture approach across large and complex organizations.

Presently he is the Chief Information Security Officer and Director of Information Assurance Services at the U.S. Department of Education. Steven also serves as the co-chair of the US Government Federal CISO Council and Government Chair of the ACT-IAC Cybersecurity Community of Interest. Prior to his position at Education, he held a variety of roles at the Office of Inspector General, US Department of Health and Human Services including CTO, CIO, CISO, Senior Official for Privacy and Chief Services Engineering Officer. He is an inaugural member of the United States Scholarship for Service Hall of Fame and an ardent supporter of the next generation of cybersecurity professionals through his teaching work as an Honorary Professor, Affiliate Faculty, and guest lecturer at over a dozen Institutions of higher education.

Jennifer Franks
Director, Center for Enhanced Cybersecurity @ US Government Accountability Office (GAO)

Jennifer Franks directs the Center for Enhanced Cybersecurity within GAO’s Information Technology and Cybersecurity team. She oversees reviews that primarily focus on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality, integrity, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices. In addition, she leads reviews in the areas of IT management and operations, financial management, healthcare and public health IT, data protection, and privacy.

Jennifer joined GAO in 2006. She is a Diversity Champion who leads efforts to increase inclusiveness at GAO. Since 2012, she has facilitated numerous agency Diversity, Equity, Inclusion, and Accessibility (DEIA) courses, and holds facilitator certifications in “Engaging in Bold, Inclusive Conversations” and “Green Dot Bystander Intervention” training.

Jennifer earned a master’s degree in information security policy and management from Carnegie Mellon University and earned a bachelor’s degree in computer information systems from Hampton University.

Victoria Yan Pillitteri

Victoria Yan Pillitteri
Federal Information Security Modernization Act (FISMA) Implementation Project Lead @ NIST

Victoria Yan Pillitteri is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and also leads the Federal Information Security Modernization Act (FISMA) Implementation Project, supervising a team of technical and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing cybersecurity risk in the federal government, and associated stakeholder outreach and public-private coordination/collaboration efforts. She serves as the lead of the Joint Task Force working group, a partnership with Department of Defense, the Intelligence Community and Civilian Agencies to develop a unified security framework to protect USG from cyberattacks and is co-chair of the Federal Cybersecurity and Privacy Professionals Forum hosted NIST.

She previously worked on development of the Cybersecurity Framework and Privacy Framework, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs, served on the board of directors of the Smart Grid Interoperability Panel, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security, including SP 800-12, 800-37, 800-53, 800-82, 800-171, 800-171A, 800-171B, 800-137A, 1108 and IR 7628.

Victoria holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, completed the Key Executive Leadership Program at American University, and is a Certified Information Systems Security Professional (CISSP). She has completed a Senior Executive Service Candidate Development Program (SES CDP) and is SES certified.


Virtual Meeting Information

  • This event will be presented through Zoom.
  • Prior to the event, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.
  • Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
  • The ISACA Greater Washington, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.


Event Questions and Policies

Registration Questions

If you have any registration questions about this event, please contact the chapter using the Registration Contact Form.

If you have CPE questions after the event has concluded, please contact the chapter using the CPE Contact Form.


Cancellation and Refund Policy

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.

If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.


Complaint Policy

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form.


CPE Information

Earn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org


CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.


Learning Objective

After attending this event, attendees will learn about recent changes to the FISMA metrics and the opportunities and challenges agencies face in complying with FISMA.


CPE-Related Details

  • Prerequisites: None
  • Advance Preparation: None
  • Program Knowledge Level: Basic
  • Delivery Method:  Group Internet Based
  • Field of Study:  Information Technology – Technical


April 18
2:45 pm - 5:00 pm EDT
Event Category:
Event Tags:
, , ,


Virtual Event


Avneet Sabharwal