For more information on our events policy, see https://isaca-gwdc.org/event-policies/
- This event has passed.
Public Cloud: The Good, The Risks, The Audit
September 17, 2020 @ 8:30 am - 12:00 pm EDTGWDC Members: FREE, Non-GWDC Member: $60
The global public cloud computing market is set to exceed $330 billion in 2020. Federal Agencies are rapidly accelerating the adoption of cloud-based services. Our speakers will highlight the latest trends and audit techniques.
This conference will enable participants to learn about the latest trends in cloud computing. Learn from leaders in the public and private sector as they share to you their insights from cloud implementation to its security.
Cloud Security Alliance (CSA) is co-hosting the event and will provide an expert panel to discuss cybersecurity concerns.
Why You're Losing the Cyber Battle and How Embracing the Cloud Will Help You Fight Back
Presented by: Matt Soseman
Join us as Matt Soseman a Cyber Security Architect from Microsoft discusses the issues that we are facing today with cloud with a visit at where we have been, what the blockers are, and where we are going. He'll dive into how cloud migration isn't the issue, but how to use public cloud to protect/detect/respond to cyber threats while maintaining (even increasing) compliance. Learn how public cloud fights cyber attacks on your behalf, and helps you comply with the law of the land but most importantly how it can transform your business. Adoption of cloud is important, but how you get there is through aligning to business outcomes to reach the vision.
Cloud Cyber Security Panel
A panel of cyber security experts will discuss the Cloud Security Alliance (CSA) publication: “Top Threats to Cloud Computing The Egregious 11.” The panel will include two CSA representatives, Bob Gourley and Dr. Mari Spina. The third member is Sushila Nair, Vice President, Security Portfolio, NTT DATA. Misconfiguration, access control, account hijacking, and other threats will be discussed in depth given the current environment. There will be a Q&A period for attendees to ask questions.
- Dr. Mari Spina; Research Committee Chair, Cloud Security Alliance
- Bob Gourley; Co-founder and Chief Technology Officer, OODA LLC
- Sushila, Nair, Vice President, Security Portfolio, NTT DATA
- Scott Vachal; Client Executive, Soter Cloud Solutions
Auditing the Cloud
Presenter: Loren Schwartz
The Federal Government agencies are rapidly moving to the Cloud. This presents the auditor with new challenges to accurately audit their systems. Also, working with federal agencies requires what most consider a second language. During this presentation Mr. Schwartz will sort through the jargon and alphabet soup of Cloud environments including CSP, IaaS, SaaS, AWS, PaaS, FedRamp, DaaS, JAB, DBaaS, and help guide you through an approach to auditing your agencies adoption of a cloud service provider. As we discuss potential audit approaches, we will consider the nature of the cloud service and the roles and responsibilities of the cloud provider and the procuring agency.
Who should attend?
MEET THE PRESENTERS
Senior Security Architect, Microsoft
Matt Soseman is a Senior Security Architect based in San Diego, CA working with Microsoft partners and their customers to help them realize the business opportunity in Cyber Security and how to lower risk and increase posture that leads to new business outcomes. Matt has held multiple roles within Microsoft over the last 10 years in areas of Partner Marketing and Microsoft Consulting Services focused on delivering Cyber Security, Compliance, and Enterprise Mobility solutions to enterprises across both public and private sector. Prior to Microsoft, Matt delivered world class mobility consulting and training to Fortune 50 customers and government agencies at BlackBerry and built business transforming Unified Communications solutions at Sprint.
Co-founder and Chief Technology Officer, OODA LLC
Bob Gourley is the co-founder and Chief Technology Officer (CTO) of the Cybersecurity and Artificial Intelligence consultancy OODA LLC. OODA is the publisher of CTOvision.com and OODALoop.com.
Bob previously founded Crucial Point LLC, a technology research and advisory firm.
Bob’s first career was as a naval intelligence officer, which included operational tours in Europe and Asia. Bob was the first Director of Intelligence (J2) at DoD’s cyber defense organization JTF-CND.
Following retirement from the Navy Bob was an executive with TRW and Northrop Grumman, and then returned to government service as the Chief Technology Officer (CTO) of the Defense Intelligence Agency (DIA).
Bob was named one of the top 25 most influential CTOs in the globe by Infoworld. He was selected for AFCEAs award for meritorious service to the intelligence community, and was named by Washingtonian as one of DC’s “Tech Titans.” Bob was named one of the “Top 25 Most Fascinating Communicators in Government IT” by the Gov2.0 community GovFresh.
Dr. Mari Spina
Research Committee Chair, Cloud Security Alliance DC
Dr. Mari Spina is a Member of the Board of Directors for the Cloud Security Alliance DC Chapter and Chair of the Chapter's Research Committee. She joined The MITRE Corporation in 2014 and has been supporting a multitude of MITRE Federal sponsors including DoD and the IC in the area of Cloud Security. At MITRE, she is a Principle Cybersecurity Engineer, leads the Cloud Security Capability Area, and teaches Cloud Security for the MITRE Institute. She has also taught Information and Cloud Technology courses for the George Washington University. Before joining MITRE, she worked for an array of government engineering firms including Hughes Aircraft, SAIC, ManTech, NJVC, and DMI since 1988 where she provided IT systems engineering to a variety of Federal agency missions including those of the Intelligence Community and the DoD. Mari holds a D.Sc. in Engineering Management from the George Washington University, a MSEE from the University of Southern California, and a BSME from California State University Northridge. She is also PMI PMP and ISC2 CISSP, ISSEP, and CCSP certified.
Vice President, Security Portfolio, NTT DATA
Sushila Nair is on the board of the GWDC, the Greater Washington, D.C. Chapter of ISACA and plays an active role in supporting best practices and skills development within the cybersecurity community. Sushila has worked as a Chief Information Security Officer for ten years and has twenty years’ experience in computing infrastructure, business and security. Sushila has consulted in many diverse areas including telecommunications, risk analysis, credit card fraud, and has served as a legal expert witness. She has worked with the insurance industry in Europe and America on methods of underwriting e-risk insurance based on ISO27001. She has published numerous articles in the computing press on risk and security, and has spoken at Segurinfo, CACS, TechMentor, FinSec and many other global technical events on diverse subjects ranging from managing risk to designing security baselines.
Client Executive, Soter Cloud Solutions
Scott Vachal applies his more than 30 years of financial, managerial, and cyber security experience to assist mid-sized companies transition to the cloud environment. Financial analysis has been a primary thread through his career. Mr. Vachal consulted for such companies as AT&T, Dun & Bradstreet, after obtaining his MBA in Quantitative Studies and Masters in Management of Secure Information Systems. Mr. Vachal created, built, and sold Meridian Cyber Defense, which provided IT and cyber security support to the SMB market. He currently is a Client Executive for Soter Cloud Solutions.
Cotton & Company, LLP - Information Assurance Partner, CPA, CISSP, CISA
Loren Schwartz joined Cotton & Company in May 2002 and was elected a partner in April 2003. Loren has more than 20 years of diversified information system audit, financial and operational audit, privacy, and risk management consulting experience. He directs many of the firm’s major information technology reviews and audits.
Loren’s experience includes directing and participating in a wide range of system reviews, Federal Information Security Management Act (FISMA) audits, financial statement audits, process re-engineering improvement projects, and audits of internal management controls of automated information systems. He has directed projects with clients ranging in size from start-up entrepreneurial organizations to Fortune 500 organizations. His industry experience includes both commercial and governmental clients. He also has conducted speaking engagements for well-known industry organizations on a variety of Information Technology (IT) -related topics.
Loren holds a Bachelor of Science degree in Accounting from Virginia Polytechnic Institute and State University. He is a Certified Public Accountant (CPA), a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA). He is an active member of the following professional organizations, including:
- American Institute of Certified Public Accountants (AICPA)
- Information System Audit and Control Association (ISACA) (Washington, DC Chapter)
He also is a Board Member at Ronald McDonald House Charities® of Greater Washington, DC. Mr. Schwartz resides in Northern Virginia with his wife and three children. He enjoys spending time with his family and traveling.
Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.
If you are unable to attend this event, you can cancel your registration. To receive a refund, all cancellations must be received by September 15, 2020. A $15 cancellation fee is charged.
To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.
SPONSOR THIS EVENT
Earn up to 2 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. In order to receive CPE credits, participants must respond to all questions in Zoom. Failure to respond to questions in may result in the attendee not being granted CPE credits. Zoom display names must reconcile with the Cvent registration. Participants are responsible to configuring their Zoom application prior to the event. Phone participants will not be entitled to CPE credits. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey by September 30, 2020. Attendees must be present the full day to receive full CPE credit.
- Prerequisites and Advance Preparation: Install and configure Zoom to ensure that the Zoom handle exactly reconciles with the Cvent registration name, and that responses to the poll questions can be performed.
- Program Knowledge Level: N/A
- Delivery Method: Group-based online