For more information on our events policy, see https://isaca-gwdc.org/event-policies/
- This event has passed.
Annual General Meeting 2019
June 13, 2019 @ 8:00 am - 5:00 pm EDTGWDC Member - $100, Other ISACA Member - $130, Non-ISACA Member: $145
IT audit, assurance, governance, security, and privacy are constantly transforming. To keep up with the ever changing environment and learn what’s next, join your colleagues at ISACA-GWDC 2019 Annual Meeting. Gain fresh ideas and approaches while earning 8 CPE hours. You will gain new knowledge and viewpoints to advance your career.
The 2019 Annual Conference is designed to educate IT practitioners who want to learn about key NIST cybersecurity publications and the development of new publications addressing systems security engineering and cyber resiliency; threat to operational technology (OT) - the Intersection of IT and OT; SOC/SSAE-18 controls assessment; practical tips for how security practitioners should engage with lawyers; and, critical attributes leaders must demonstrate to ensure their people follow them; different styles of leadership and when to use them, just to mention a few.
There are a number of expensive training courses out there - online and classroom - that cover cybersecurity, cloud computing, and privacy, to mention a few. Don't overpay! ISACA GWDC is excited to continue to offer our great lineup of speakers and topics related to the public and private sector communities at always reasonable prices.
Come join the ISACA-GWDC for our one-day Annual Conference and training event covering a variety of hot topics relevant to current trends, and associated challenges in cyber-security, cloud computing, Privacy, etc.
1. Next Generation NIST Security and Privacy Standards and Guidelines: 2019 and Beyond | Dr. Ron Ross, Fellow at National Institute of Standards and Technology
FISMA Vision 2020 includes a complete renovation of key NIST cybersecurity publications and the development of new publications addressing systems security engineering and cyber resiliency. This presentation will provide a deep dive into planned or completed NIST publication updates including FIPS 199, FIPS 200, NIST SP 800-37, SP 800-53, SP 800-53A, SP 800-53B, SP 800-60, SP 800-171, and SP 800-160 (Volume 2). It will also cover planned privacy and supply chain integration into the suite of FISMA publications.
2. Operational Technology (OT): A Lurking Threat to your IT Networks | Parham Eftekhari, Executive Director, Institute for Critical Infrastructure Technology (ICIT)
The digitization of operational technology (OT) and procurement of network-connected OT by various business units creates ‘shadow networks’ within an organization’s ecosystem, meaning IT and security professionals have an increasing obligation to understand how vulnerabilities to OT can be exploited by adversaries, how OT/IT convergence can increase the risk posture of an organization, and what steps must be taken to mitigate the risk. During this panel, leading OT and cybersecurity experts will explore these topics and leave audience members with actionable insights on how to understand and mitigate the IT/OT convergence risk within their organizations.
- Melody L. Balcet, CISSP, CISM, Director of the Global Cybersecurity Program, The AES Corporation
- Don Maclean, ICIT Fellow & Chief Security Strategist, DLT
- Wayne Dixon, ICIT Contributor & Director, OT and Industrial Solutions, Forescout
3. Practical Tips for How Security Practitioners Should Engage with Lawyers | Kirk Nahra, ICIT Fellow & Partner, WilmerHale
Information security is becoming increasingly regulated. This means that virtually all companies in virtually all industries – large and small and around the world – need to ensure that they are developing appropriate information security programs and meeting the increasing array of data security compliance obligations. For better or worse, this means that data security professionals need to learn how to work with lawyers. Lawyers and information security professionals often speak different languages, and approach these issues from different perspectives. This session will focus on teaching information security professionals how best how to work with company lawyers - to understand their approach to legal and compliance obligations, and to develop an understanding of how the developing law of information security impacts how an information security professional should approach his or her job, for the benefit of protecting the company.
4 & 5. Fair to Greatness | Shawn Fair, CEO Fair Consulting Group
The Five Critical Attributes Leaders Must Demonstrate To Ensure Their People Follow Them
The three different styles of leadership and when to use them (autocratic leadership, democratic leadership, and free reign leadership)
The importance of having a vision for your team:
1. what is vision
2. what a vision is not
3. what a vision does
4. the benefits of visions
Dynamic stories and videos are associated with this topic.
6. Hybrid Multi-Cloud | Thomas McCreary and Fred Maymir-Ducharme, PhD, IBM
Industry and government enterprises are going through a major IT infrastructure transformations. Major financial, technical and operational drivers clearly point to a hybrid, multi-cloud future. But there are challenges worth noting and managing in order to avoid the struggles we've seen industry and the government endure as they migrate to and attempt to manage multiple hybrid cloud platforms - often from multiple vendors and with limited interoperability. This briefing will provide an overview of a variety of migration strategies into hybrid multi-cloud environments, risks to manage, and key technologies to consider for the next phase of your cloud journey.
7. SOC/SSAE18 Controls Assessment | Tom Patterson, CPA, CISA, CGEIT, and CRISC, Cotton & Company, LLP
This session will explore and present underlying information about Service Organization Control (SOC) attestations and standards and principles relevant to IT and financial auditors who might be engaged to perform either an integrated audits of a public company under SOX404 and PCAOB regulations, or engaged with service organizations that provide other IT services and when a Trust Services engagement (under TSP100) might be most applicable.
8. You Have Security - We Need Your Help! | Mary Ellen Seale, CISSP, CEO The National Cybersecurity Society (NCSS)
Small businesses account for a large proportion of the U.S. economy, yet they are particularly vulnerable to the risks posed by cybersecurity threats. With 30.2 million firms employing over 58.9 million people, small businesses account for 99% of businesses in the United States. (SBA Office of Advocacy, 2018)
The National Cybersecurity Society (NCSS), a national nonprofit organization, was established to educate small businesses on IT security best practices and advise them on the type of products and services they need to protect themselves.
As a community based organization, the NCSS represents the best of the cybersecurity community - we are a community of technologists, security professionals, companies, and educators who are passionate about ensuring each American has the ability to conduct business online safely and securely.
Many small businesses currently do not understand their cyber risk; know how to protect themselves; have access to security or IT professionals; nor know how to implement cyber safe practices. The NCSS provides educational events; tools and resources; provides technical expertise, reports cyber incidents as an ISAO; and has an assessment tool that assesses cyber risk. The NCSS helps small businesses - at all stages on their cybersecurity journey.
What we hope to do with this talk is to spread the word about the work we are doing; solicit volunteers to join; and find quality vendors that service the small business community.
Who should attend?
MEET THE PRESENTERS
Dr. Ron Ross
Fellow, National Institute of Standards and Technology (NIST)
Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include information security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. His current publications include Federal Information Processing Standards (FIPS) 199 (security categorization), FIPS 200 (security requirements), and NIST Special Publication (SP) 800-39 (enterprise risk management), SP 800-53 (security and privacy controls), SP 800-53A (security assessment), SP 800- 37 (Risk Management Framework), SP 800-30 (risk assessment), SP 800-160 (systems security engineering), and SP 800-171 (security requirements for nonfederal systems and organizations). Dr. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for the development of the Unified Information Security Framework for the federal government and its contractors.
Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. He has also lectured at many universities and colleges across the country including the Massachusetts Institute of Technology, Dartmouth College, Stanford University, the George Washington University, and the Naval Postgraduate School. A graduate of the United States Military Academy at West Point, Dr. Ross served in many leadership and technical positions during his twenty-year career in the United States Army. While assigned to the National Security Agency, Dr. Ross received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a four-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Presidential Rank Award. He has also received the Department of Commerce Gold and Silver Medal Awards and has been inducted into the Information Systems Security Association Hall of Fame and given its highest honor of Distinguished Fellow. In addition, Dr. Ross has been inducted into the National Cyber Security Hall of Fame.
Dr. Ross has received numerous private sector cybersecurity awards including the Partnership for Public Service Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Applied Computer Security Associates Distinguished Practitioner Award, Government Computer News Government Executive of the Year Award, Vanguard Chairman’s Award, Government Technology Research Alliance Award, InformationWeek’s Government CIO 50 Award, Billington Cybersecurity Leadership Award, ISACA National Capital Area Conyers Award, ISACA Joseph J. Wasserman Award, Symantec Cyber 7 Award, SC Magazine’s Cyber Security Luminaries, (ISC) 2 Inaugural Lynn F. McNulty Tribute Award, 1105 Media Gov30 Award, and three-time Top 10 Influencers in Government IT Security. During his military career, Dr. Ross served as a White House aide and a senior technical advisor to the Department of the Army. He is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.
Executive Director, Institute for Critical Infrastructure Technology (ICIT)
Parham Eftekhari is the Executive Director of ICIT, the nation's leading cybersecurity Think Tank. Combining 16 years of technology experience with a lifelong passion for leadership and community engagement, Parham is privileged to advise executives at some of the world's top public and private sector organizations, build strategic alliances, and create thought leadership programs focused on national security, cybersecurity, and digital transformation. He leads the development and execution of ICIT's content strategy, which includes its Fellows Program, research publications, and executive briefings, and regularly engages with the media on ICIT's behalf. During his career, Parham has contributed to over a dozen publications, developed curriculum for events that have educated thousands of professionals, and has delivered or organized dozens of briefings at institutions including TEDx, Congress, the World Bank, RSA, C-SPAN, and ICIT. Parham is a recipient of the 2017 (ISC)2 Government Information Security Leadership Award - Most Valuable Industry Partner, a graduate from the University of Wisconsin Madison's School of Business, and is fluent in French and Farsi.
Melody L. Balcet, CISSP, CISM
Director of the Global Cybersecurity Program, The AES Corporation
Melody L. Balcet, is the Director of the Global Cybersecurity Program at The AES Corporation, a US-based Fortune 200 Energy company operating in 15 countries. In this role, she reports to the Global Chief Information Security Officer providing programmatic oversight of AES’ global cybersecurity implementation. Previously, she spent over eleven years with IBM's Public Sector Cybersecurity and Biometrics service area leading its Defense and Intelligence Cybersecurity business and served government clients at Defense and Civilian agencies, most recently as an advisor on DoD-wide FISMA and cybersecurity performance measurement under the DoD Deputy Chief Information Officer for Cybersecurity. In 2018, she finished her term as President of the ISACA Greater Washington, D.C. Chapter with over 10 years on its Board of Directors and volunteers with a number of non-profit organizations. Ms. Balcet holds an M.A. with Merit from the University of Manchester, Institute of Development Policy and Management (IDPM) and a B.A. from The College of William and Mary. She actively holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications. Ms. Balcet co-authored a chapter in “Protecting Our Future: Educating a Cybersecurity Workforce” and regularly speaks on GRC, FISMA, cybersecurity measurement, workforce, and leadership topics.
ICIT Fellow & Chief Security Strategist, DLT
Don Maclean, is serving as the Chief Cyber Security Technologist at DLT. Don is responsible for formulating and executing DLT’s cyber security portfolio strategy. Within the cyber security community, Don is a leader and mentor, frequently participating in programs such as the DoS Cyber Online Learning sessions and serving as an active member of the Cloud Security Alliance.
ICIT Contributor & Director, Global Director, OT and Industrial Solutions Forescout Technologies, OT Business Unit
As Global Director for OT and Industrial Solutions at Forescout Technologies, Wayne leads an engineering team responsible for developing technology solutions to address the business needs of Forescout’s OT and Industrial customer base.
Common solution areas include cyber-resiliency, regulatory compliance, audit compliance, plus general cyber-risk reduction, and are offered as Forescout delivered, OEM delivered, Technology Partner delivered, or System Integrator delivered packages.
With 10 years of operational experience and 10 years of consulting experience, Wayne specializes in providing solutions that are effective, adoptable, measurable, and most importantly, demonstrate positive return on investment for the business.
ICIT Fellow & Partner, WilmerHale
Kirk Nahra is a partner with WilmerHale in Washington, D.C., where he co-chairs the firm’s Cybersecurity and Privacy Practice. Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally. He also advocates for clients experiencing privacy and security breaches, and represents clients in contract and deal matters, enforcement actions, regulatory investigations and related litigation.
Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other health care industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data. During his decades of experience, Mr. Nahra has developed compliance programs, drafted privacy and information security policies, negotiated agreements involving health data, responded to health incidents and defended clients against government investigations.
Mr. Nahra also has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards; has investigated and litigated potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs.
A leader in the privacy bar, Mr. Nahra has been involved in developing the privacy legal field for 20 years. As a founding member and longtime board member of the International Association of Privacy Professionals, he helped establish the organization’s Privacy Bar Section and their first and most popular certification for Certified Information Privacy Professionals. He has taught privacy issues at several law schools, including serving as an adjunct professor at the Washington College of Law at American University and at Case Western Reserve University. In addition, he currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology. He actively shares his privacy insights through numerous speeches and articles, and on social media.
CEO, Fair Consulting Group
Shawn Fair is the CEO of Fair Consulting Group. He is a training expert and prominent motivational speaker in the areas of leadership, consultative sales, vision, time mastery, coaching and business development. With over 22 years of experience in business positions ranging from sales, to vice president of sales and marketing, he has mastered the art of speaking with power and passion. His teachings are a result of the insight he has acquired over the years. Shawn has a strong passion for helping people accomplish their goals and objectives. As a result, he has been able to impact countless lives across the United States and Canada, both in the areas of business and personal growth. He has a unique ability to engage, motivate, and inspire leaders at every stage of their careers. Shawn is the founder and developer of one of the largest non-profit sports and fitness programs, for young athletes between the ages of 8-18, in the State of Michigan. Shawn has been able to impact over 1 million people through his programs, keynotes and presentations. He has helped countless people reach their highest potential within their family, work and social lives. His presentations encourage the understanding that change is essential. Shawn is on the business advisory board for the University of Phoenix and has been an inspiration for employees working for companies such as IMAAC, USAA, and Farmers Insurance. He has delivered a number of award winning presentations, some of the most noted are at the Rio Grand Hotel Casino in Las Vegas and the Sound Board Room in the Motor City Casino, Detroit, MI.
You can find some of Shawn’s keynote discussions on platforms such as Fox 2 News (Detroit, Dallas, Philadelphia, and Memphis), National Clothes Line, Franchising.com, WFTC TV, MY 29 and the Oakland Township Patch.
Technical Director, IBM Federal
Thomas McCreary (Primary Author) has worked in the Defense Industry for over 30 years. Tom is a Technical Director in IBM's Federal CTO Office, and has a rich professional history across the Defense Industry.
Fred Maymir-Ducharme, PhD
Executive Architect, IBM Federal
Dr. Maymir-Ducharme (co-author) is an Executive Architect at IBM Federal CTO Office, with a focus on applying commercial and state of the art technology to modernize government systems. Fred is also a liaison to IBM Research (8 Labs World-wide: Almaden, Austin, China, Haifa, India, Tokyo, Watson & Zurich), leading efforts in Advanced Analytics, Smarter Planet, Mobile Computing, Cloud Computing, Cyber Security, and Biometrics. Prior to IBM, Fred spent several years as a Lead Systems Engineer at AT&T Bell Labs (5ESS) during the early 1980’s. As Chief Engineer and Program Manager on several large DoD programs (i.e., with Grumman, Unisys, Loral and Lockheed Martin), he led and managed a variety of complex military systems (e.g., C4ISR, Logistics, Transportation, SATCOM and INFOSEC). Fred also led several applied research and development (R&D) teams and Corporate strategic planning initiatives for LM, Grumman & Unisys. As program manager and chief architect of the USAF CARDS Partnerships Program and Chief Technologist on STI, he developed, applied and extended various product line engineering and software architectures technologies. Dr. Maymir-Ducharme is a Lockheed Martin Certified Systems Architect an IBM Senior Consultant IT Architect, and an Open Group Distinguished Certified Architect.
Fred Maymir-Ducharme completed his BS in Computer Science (CS) at the University of Southern California (USC) and his PhD in CS at the Illinois Institute of Technology (IIT). Fred has over 80 publications in the engineering field, and has chaired numerous conference / workshop program committees and technical. Fred served on the Federal Advisory Board on Ada in the early 90’s and was a subject matter expert for the OSD Software Reuse Initiative (SRI) Program Management Office (PMO). Fred was an adjunct professor at IIT, teaching graduate CS courses in the 80’s and is currently an adjunct professor at UMUC, where he periodically teaches graduate computer science classes.
Tom Patterson, CPA, CISA, CGEIT, and CRISC
Senior Manager, Cotton & Company, LLP
Tom Patterson is a Senior Manager in the Information Assurance practice of Cotton & Company LLP. Prior to joining Cotton & Company, Tom was a senior director with NTT DATA Services, where he orchestrated efforts to capture new IT managed services contracts with Federal civilian agencies. Tom holds CPA, CISA, CGEIT, and CRISC and an inactive CGFM designation. Prior to NTT, Tom worked for 8 years with IBM, where he was an Associate Partner focused on delivering IT security engagements to large IBM managed IT services accounts, before taking on a Complex Solutions Executive role with IBM Security. Tom is a Past President of ISACA-GWDC, a Past Vice-President, and former Treasurer and Board Member. Tom currently provides volunteer support to the Information Management Technical Assurance (IMTA) committee of the American Institute of CPAs (AIPCA), and was a member engaged in developing the Trust Services Principles, the Service Organization Control (SOC) 2 and SOC 3 Attestation Standard (TSP100 and AT101), and lately has been engaged with a team in re-writing the 2009 Generally Accepted Privacy Principles (GAPP) framework to re-align the core privacy principles with recently enacted data privacy legislation in the US (California) and European Union (GDPR). Tom has also assisted large Federal agencies and regulators in enhancing their audit and examination guidelines, and spent 13 years in Big 4 accounting firms where he led IT risk advisory, enterprise risk services, and internal controls advisory services practices, helped re-design audit and control testing methodologies to comply with SOX 404, and provided CISA preparation training to firm staff and ISACA chapters in the US and Europe before moving to Europe for 3 years to lead the IT audit function of a global public company and the annual SOX 404 management self-assessment program.
Mary Ellen Seale, CISSP
CEO, The National Cybersecurity Society (NCSS)
Mary Ellen Seale is a leader in national cybersecurity strategy and cyber operations – and has held several executive level positions with the federal government. She retired with nearly 31 years of federal service, and continues her public service by contributing to the cybersecurity needs of the small business community. As Founder and CEO of the National Cybersecurity Society, a national nonprofit organization, she is leading efforts to assist small businesses obtain needed cybersecurity protection capabilities and services.
Previously she was Deputy Director, Cybersecurity Coordination, Department Homeland Security, (DHS), Executive Director of Modernization, Federal Communications Commission, Deputy Director, National Cybersecurity Center/DHS, and Chief of Administrative Operations, DHS Headquarters.
Ms. Seale received an undergraduate degree for the University of Georgia and master of business administration (finance) from the American University and is a Certified Information Systems Security Professional.
ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.
Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.
Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible. We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.
If you are unable to attend this event, you can cancel your registration. To receive a refund, all cancellations must be received by June 10, 2019. A $15 cancellation fee is charged.
To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.
SPONSOR THIS EVENT
Earn up to 8 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey by June 24, 2019. Attendees must be present the full day to receive full CPE credit.
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: N/A
- Delivery Method: Live in person event