Cloud Conference 2025

Date and Time

The conference will be held on September 25, 2025 from 8:30 am to 12:30 pm.

Add this event to your calendar using the Add to Calendar link at the bottom of the page.

Virtual Event

The conference will be held using Zoom.

Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.

Pricing

The fee for GWDC Members is $10 for the conference.
The fee for all other registrants is $30 for the conference.

To become a member and take advantage of the member rate for our events, among other benefits, join ISACA and select the Greater Washington D.C. Chapter as your local chapter.

Event Policies

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details.

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services.
All complaints should be submitted through the Registration Contact Form.

Stopping Breaches Before They Start with AI-Powered Cloud Security

Presenter: Carley Simon (Microsoft)

This session will explore how artificial intelligence and automation are transforming cloud security and what that means for cyber and IT auditors. We will dive into real-world breach scenarios, such as privilege escalation and lateral movement in hybrid cloud environments, and show how AI can be used to detect misconfigurations, flag anomalous behavior, and enforce compliance at scale. Attendees will walk away with a framework for auditing AI-augmented cloud environments, including key questions to ask, controls to validate, and red flags to watch for in environments using tools like Microsoft Defender for Cloud, Purview, and Entra Permissions Management.

AI-Powered Enterprise Security Risk Posture Management (ESRPM) in the Cloud: From Compliance to Continuous Digital Trust

Presenter: Lalit Ahluwalia (DigitalXForce & XForce Galaxy)

As cloud adoption accelerates, enterprises face unprecedented complexity in securing multi-cloud environments while meeting compliance demands. Traditional GRC tools are static and reactive, leaving organizations vulnerable to evolving threats and regulatory gaps. This session will explore how AI-powered Enterprise Security Risk Posture Management (ESRPM) transforms cloud security and compliance into a real-time, automated, and outcome-driven discipline.

Attendees will learn how to:

• Continuously map cloud assets to risks and controls
• Automate compliance testing and evidence collection
• Quantify security posture in business terms
• Establish digital trust through AI-driven risk intelligence/li>

This session is ideal for CISOs, cloud security leaders, and risk executives seeking to shift from compliance checklists to measurable cyber resilience.

The Cloud Changes Everything: Why Your Compliance Strategy Doesn’t

Presenters: Terrence Williams (SANS)

Stop fighting the cloud with on-premises thinking. While your organization burns budget on third party tools and platforms designed for data centers, AWS, Azure, and Google Cloud offer services that can be strategically automated for continuous compliance that costs fractions of traditional tools—yet most enterprises don’t know these capabilities exist.

This session explores the compliance revolution happening in plain sight: native cloud services that automatically enforce NIST controls, AI that predicts violations before they occur, and abstraction layers that eliminate vendor lock-in across multi-cloud environments. We’ll talk about whether continuous compliance automation can replace periodic audits and examine what happens when you treat compliance as code instead of paperwork.

The cloud isn’t just different infrastructure—it’s a fundamentally different approach to security and governance. While third-party vendors exploit knowledge gaps with expensive “cloud-washing” of legacy tools, cloud providers deliver genuine innovation through services you’re already paying for. Join us as we explore what’s possible when you leverage the cloud’s native intelligence instead of fighting against it.

Above the Clouds: Navigating Audit & Compliance in Cloud Services

Presenter: John Heath (KPMG)

The presentation will cover basics of cloud computing types, service delivery models, and how an auditor’s consideration of logical access controls, program change management controls, and other controls may be influenced by an entity’s use of a cloud service provider to host its systems.

Carley Simon
Senior Data Security Solutions Engineer & Microsoft Federal

Carley Salmon is a Senior Data Security Solutions Engineer at Microsoft Federal, where she empowers Department of Defense customers to meet stringent data security and compliance requirements. With a deep understanding of regulatory frameworks and Microsoft’s security portfolio, Carley delivers technical demonstrations and strategic guidance that help defense organizations navigate complex cybersecurity landscapes. Her work is grounded in real-world experience, having served as a Team Chief and founding assessor at the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), where she led assessments aligned to DFARS Clause 252.204-7012 and NIST SP 800-171.

An Army veteran and former Blackhawk helicopter pilot, Carley brings a unique dual perspective as both a warfighter and technologist. Her leadership in the USANG and her hands-on experience in cybersecurity assessments inform her mission-driven approach to securing sensitive information. Carley’s passion for data protection and her commitment to national defense make her a compelling voice in the federal cybersecurity community.

Lalit Ahluwalia
CEO & Founder DigitalXForce & XForce Galaxy

Lalit Ahluwalia is an award-winning cybersecurity executive, and entrepreneur with over two decades of experience driving global security, risk management, and digital trust transformation. He is the CEO & Founder of “DigitalXForce” and “XForce Galaxy”, his dream ventures committed to redefine the future of cybersecurity.

Lalit is an industry thought leader, keynote speaker, and pioneer in AI-powered Enterprise Security Risk Posture Management (ESRPM) and automated GRC solutions. He has led the North America Security practice for Accenture, Global Cybersecurity practice at Wipro, and diverse portfolio of security initiatives for Deloitte and PwC.

Lalit has been recognized at North Texas Top 500 Business Leaders by DCEO and awarded the 40 Under 40 by Business Journals and CIO-CTO – Excellence in Cyber Security award by Dallas Magazine for his contributions in the Cyber Security field.

Terrence Williams
Certified Instructor @ SANS

With a trident of expertise in Digital Forensics and Incident Response (DFIR), Computer Science, and Cloud Environments, Terrence approaches each class with the resounding belief that if individuals are not making those around them better, then what are they doing? As an instructor, Terrence’s commitment is to ensure that every encounter leaves individuals better equipped and empowered than before. This philosophy underscores his teaching approach, emphasizing the transformative power of cybersecurity and the boundless possibilities that emerge with the right mindset.

Terrence’s journey into cybersecurity wasn’t a deliberate choice; instead, it was a path he navigated as a Marine. He found his roots and thrived in the ever-evolving game of chess that is cybersecurity. The constant challenge to stay ahead, the perpetual growth, and the desire to continuously learn are the driving forces behind Terrence’s commitment to this career.

Beyond the technical realm, Terrence’s interests and hobbies are as diverse as the winds that blow. Engaging in community efforts, whether through international travel, exploring new restaurants, or discovering that hidden bourbon bar, he finds joy in connecting with people from all walks of life. Coming from a background that limited his exposure to the world, Terrence now embraces every opportunity to learn about it.

John Heath
Director, Audit, Technology Assurance @ KPMG LLP

John Heath is a Technology Assurance – Audit Director in KPMG’s Federal practice, bringing over 20 years of expertise in audit and advisory services to the Federal Government, commercial organizations, and not-for-profit entities. His career has been predominantly centered on IT support for financial statement audits and System and Organization Control (SOC) examinations. From 2009 to 2011, John expanded his global experience by delivering audit services for KPMG’s Swiss member firm in Geneva, Switzerland.

Beyond his client-facing responsibilities, John supports various firm initiatives:

• National Training Facilitator: Leading training initiatives to enhance team capabilities.
• Recruitment Support: Actively involved in recruiting top talent.
• Technology Implementation Leader: Spearheading the rollout of Alteryx Designer for the Federal Technology Assurance – Audit practice.
• Quality Reviewer: Serving as a reviewer for the firm’s quality review program.
• Career Advisory Leader: Previously Chaired the Career Advisory Board, and recently joined the Executive Advisory Council for his alma mater’s business school.

John holds a Bachelor of Science in Information Systems Management and International Business, and a Bachelor of Arts in French from Salisbury University, class of 2005.

Poll Questions

Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls.

CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.

Learning Objective

After attending this event, attendees will learn about current and future trends in the cloud security space.

CPE-Related Details

• Prerequisites: None
• Advance Preparation: None
• Program Knowledge Level: Basic
• Delivery Method:  Group Internet Based
• Field of Study:  Information Technology – Technical