For more information on our events policy, see

Loading Events

« All Events

  • This event has passed.

Cloud Security Conference

October 25, 2018 @ 8:00 am - 4:30 pm EDT

GWDC Member - $105, Other ISACA Member - $135, Non-ISACA Member: $150


Cloud security is an ever-growing concern as more and more organizations migrate their information to the cloud. It is estimated that cloud customers will be responsible for 95% of cloud security failures by 2022. This conference will enable participants to learn what is new and innovative in cloud computing, how to plan a cloud-first strategy, and how to build a cloud roadmap. Attendees will also enjoy networking opportunities while learning new trends in cloud computing.

The conference will cover the following topics

               -  Microsoft Azure Security

               -  Application container management using Microservices, kubernetes, containers 

               -  Cloud Security Architecture Tool (CSAT)

               -  Leveraging a Risk Management approach to securing the cloud

               -  Cloud integration

               -  Cloud managed services

               -  DevOps, digital process automation, and more


Reserve your seat by registering right now!


Going Cloud Native: Digital Modernization Approaches with Next Generation Emerging Technologies
For many organizations, digital modernization often equates to simply moving infrastructure and workloads from on-premise data centers to the cloud. Yet this approach often misses out on key opportunities to take advantage of cloud services to dramatically improve the customer experience. This session provides insights into how organizations can take advantage of cloud-based, next generation services and platforms—such as voice, blockchain and artificial intelligence—during the modernization process


Cloud Computing Past, Present and Future
Cloud has become an essential tool in companies technology toolkit. This session will look back at cloud implementations and discuss what has worked and what hasn’t. It will examine if the gains that were promised by the implementation of cloud have been realized. It will look at the current cloud native deployments and discuss how it is impacting application development. It will also look into the future and predict the changes to the cloud ecosystem and how you should prepare for this in your future roadmap.


Understanding Azure Security
This session will discuss how Microsoft is working with the Industry in establishing clear security and privacy requirements and then how we are consistently meeting these requirements. Azure meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS. Rigorous third-party audits, such as those done by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate.

This session will focus on making your Azure, on-prem, and other cloud workloads complaint with your Agency’s security standards.


Cloud Security Architecture Tool (CSAT) - Leveraging CSF to Architect a FISMA-Compliant Cloud Solution
Security and privacy controls in a cloud ecosystem are distinct parts of a complex risk assessment equation that cloud consumers need to resolve despite the lack of visibility into the implementation of the cloud offerings. NIST proposes a framework that provides cloud consumers with a multidisciplinary, risk-based approach to building trustworthy cloud-based systems by facilitating transparency and traceability.


Cloud Security Demystified: A Risk Management Approach to Securing Cloud
Understanding and managing the layers of cloud security can be an overwhelming talk. This session explores the facets of cloud security architecture through the risk management lens. The audience will follow each phase of the NIST 800-37 risk management framework and understand how it can be used to assess, manage, control, and monitor cloud security using multiple security control frameworks.


Cloud Computing – It’s not Just Technology

Understanding that Cloud Computing is fundamentally not a technology evolution (or even a technology revolution) and viewing the cloud through a legacy lens is often the first step in not realizing the benefits cloud computing may offer. This session will provide insight into the non-technical aspects of cloud computing and how they impact successful cloud adoption.


Who should attend?

  • Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to cybersecurity initiatives.
  • Anyone that is already or anyone interested in getting involved with the ISACA CSX program.



Hall Yancey_EY

Yancey Hall

Senior Manager, Ernst & Young

Yancey Hall is a senior manager at EY, specializing in digital transformation for public and private sector organizations. Over the past 20 years, Yancey has led program and product development across the digital ecosystem involving cloud and mobile transformation, application development, digital strategy, organizational change, emerging technology and other areas. He has contributed to several EY thought pieces on topics such as digital transformation and AI. He is a seasoned journalist and has published in National Geographic magazine, The Economist and other publications. Yancey holds a BS in Business from UNC Chapel Hill and a MA in English from N.C. State University.

Instructor Sushila Nair

Sushila Nair

NTT DATA Senior Director, Security Portfolio

Sushila Nair is on the board of the GWDC, the Greater Washington, D.C. Chapter of ISACA and plays an active role in supporting best practices and skills development within the cybersecurity community.

Sushila has worked as a Chief Information Security Officer for ten years and has twenty years’ experience in computing infrastructure, business and security. Sushila has consulted in many diverse areas including telecommunications, risk analysis, credit card fraud, and has served as a legal expert witness. She has worked with the insurance industry in Europe and America on methods of underwriting e-risk insurance based on ISO27001.

She has published numerous articles in the computing press on risk and security, and has spoken at Segurinfo, CACS, CSX, Techmentor, FinSec and many other global technical events on diverse subjects ranging from managing risk to designing security baselines.

Jerryselfie (3)

Jerry Rhoads

Cloud Solutions Architect, Microsoft

Jerry Rhoads is a Cloud Solutions Architect with Microsoft. Jerry has over 20 years IT experience in the areas of Software Development, IT Security and Cloud.

Michaela_Iorga (1)

Dr. Michaela Iorga

Senior Security Technical Lead for Cloud Computing, NIST

Dr. Michaela Iorga is the Senior Security Technical Lead for Cloud Computing with the National Institute of Standards and Technology (NIST) and the Co-chair of NIST Cloud Computing Security and Cloud Computing Forensic Science Working Groups.  Michaela is a recognized expert in cloud computing, information security risk assessment, information assurance and ad-hoc mobile networks. In her role at NIST, she works with industry, academia, and other government stakeholders to develop and disseminate vendor-neutral cybersecurity standards and guidelines that meet national priorities. Dr. Iorga’s current work includes the development of security, privacy and forensic specifications and guidelines that support the widespread adoption of cloud and IoT technology.

Mike Torres

Michael Torres

Professor of Information Technology and Cybersecurity at NOVA

Michael Torres is a Professor of Information Technology and Cybersecurity at Northern Virginia Community College-Cybersecurity Center of Excellence. Michael has over 20 years of experience as an IT strategist and architect in the areas of Infrastructure, Cloud, Cybersecurity, Cyber Workforce Development, and Organizational Development. Michael holds over 20 industry certifications and is currently a GWU doctoral candidate in Human and Organizational Learning with a research focus in Federal Cyber Policy. He was recently recognized for his efforts in and contributions to technology innovation as the award winner of the 2018 Leadership Center for Excellence - 40 Under 40; 2018 AFFIRM - Leadership in Technology Innovation; and 2018 Government Innovation Award (Public Sector)

Sarah Fahden

Sarah Fahden

Chief Executive Officer,, LLC

Sarah Fahden is currently the Chief Executive Officer of her new startup company, LLC.  Formerly, she was the Chief of the Identity, Records and National Security Division within the Office of Information Technology (OIT) at United States Citizenship and Immigration Services (USCIS). In this role, Ms. Fahden was responsible for managing the all USCIS applications and staff associated with the Records, Identity, Verification, and Fraud Detection and National Security portfolios. Ms. Fahden has more than 20 years of experience working within the Information Technology (IT) field, mostly specializing in IT Security and agile software development. Some of her most notable accomplishments at USCIS specifically, include standing up a successful Ongoing Authorization Program, which included Continuous Monitoring for all of USCIS; modernizing the E-Verify and SAVE applications in the cloud; as well as, building new data driven, machine learning approaches to managing, organizing and cleansing USCIS data at an enterprise level in order to produce more accurate responses to queries. Ms. Fahden is best known for implementing very forward-leaning technological solutions using Devops/agile/open source/cloud approaches, in addition to forward leaning acquisition strategies.

Screen Shot 2018-10-14 at 2.42.39 AM

Thom Arnsperger

Principal Engineer Infrastructure Engineer

Thom Arnsperger was the Team Lead and principal Subject Matter Expert supporting
the Army’s Cloud Computing adoption efforts; as well as original member of GSA’s
Cloud Center of Excellence working group. He is a retired USAF pilot and program
director with over 25 years of experience as an IT strategist, program manager, and
enterprise architect; he is an adjunct professor at George Mason University, a past
instructor with the FEAC Institute, a licensed (Virginia) Certified Public Accountant, and
a Certified Enterprise Architect. He recently rejoined a not-for-profit company as a
Principal Engineer Infrastructure Engineer and his current focus is on managing the
infrastructure in a Hybrid Cloud Environment.


Special Instructions

ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.

Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.

Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact Marvin Muhumuza,  Programs Director, to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.


If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.


Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: N/A
  • Delivery Method: Live in person event




GWDC Members: $105

Other ISACA Members: $135

Non-Members: $150

» Become an ISACA Member


Register by October 23!

We encourage early registration, as some events sell out.  

To register, click the green "Click to Register" button in the "Details" section below.



If you are unable to attend an event, you can cancel your registration. All cancellations must be received by October 23. A $15 cancellation fee is charged.

To cancel, log into the My Registration page linked in your confirmation e-mail and click the UNREGISTER link.


October 25, 2018
8:00 am - 4:30 pm EDT
GWDC Member - $105, Other ISACA Member - $135, Non-ISACA Member: $150
Event Category:
Event Tags:
, , , , , ,


Holiday Inn Rosslyn @ Key Bridge
1900 North Fort Myer Drive
Arlington, VA 22209 United States
+ Google Map
Please do not contact the venue directly regarding this event.