For more information on our events policy, see https://isaca-gwdc.org/event-policies/
- This event has passed.
Annual Cybersecurity Conference 2019
October 24, 2019 @ 8:00 am - 4:30 pm EDTGWDC Member - $105, Other ISACA Member - $135, Non-ISACA Member: $150
Information and data security threats continue to headline everyday on organizational and personal breaches. ISACA-GWDC Chapter invites you to engage with our speakers to increase awareness and efforts to minimize and prevent cyber security threats; so we can guide and help focus our organization on securing cyber infrastructure.
Register to hear from 7 cybersecurity experts working on security policies and governance; collaborative technologies from mobile devices and social media to virtualization and cloud computing.
Save the Date!
WHAT ATTENDS HAD TO SAY, 2018 CYBERSECURITY CONFERENCE
“This was one of the best ISACA meetings I have ever attended.”
“Excellent meeting. Well done. Excellent speakers. Mr. Wilson was exceptional.”
“Keep up the good work!”
1. Cloud Security - Presented by Eric Simmon, National Institute of Standards and Technology
Eric Simmon, Cyber Infrastructure Group subject matter expert at the National Institute of Standards and Technology (NIST), will be discussing the Cybersecurity considerations on the following publications he co-authored: NIST Special Publication (SP) 500-307 (Cloud Computing Service Metrics Descriptions), ISO/IEC 19086-1 (Cloud Computing - Service Level Agreement Framework – Overview and Concepts), ISO/IEC 19086-2 (Cloud Computing - Service Level Agreement Framework – Metric Model) and NIST SP 500-322 (Evaluation of Cloud Computing Services Based on NIST SP 800-145).
2. Tackling security in the world of containers and hybrid cloud - Presented by Lucy Kerner, Red Hat
Security teams are increasingly finding it challenging to keep up with the changing risks, compliance requirements, tools, and architectural changes introduced by new technologies - such as containers, kubernetes, software-defined infrastructure, and cloud technologies. As traditional infrastructure evolves to a mix of bare metal, virtual, cloud, and container environments, how can you maintain security, governance, compliance and reduce risk amid this growing complexity? Traditional perimeter-based network security does not work in this new world of containers and hybrid cloud. Security teams must rethink their approach to security in this new world with automation and DevSecOps, where security is built-in, continuously addressed, and continuously monitored across the entire application lifecycle, infrastructure lifecycle, and supply chain.
In this session, we'll discuss some prescriptive steps you can take to tackle security successfully in the world of containers and hybrid cloud. Specifically, we’ll:
• Discuss how developers, operators, and security teams can improve security and compliance and achieve DevSecOps across a hybrid environment through automation, standardization, everything-as-code, and automated security compliance.
• Share DevSecOps lessons learned, including best practices, techniques, and tools that can be used to improve security while reducing the workload of security professionals, developers, operators, and managers.
3. Cybersecurity and Prosilience - Presented by Sallie Sweeney, KPMG
Our adversaries hold the “upper hand.” There aren’t enough qualified cyber individuals and resources to successfully protect the enterprise. Organizations are constantly playing “catch-up,” and reactive responses do not adequately address the threat. The playing field needs to change by evolving defense from reactive to proactive resilience: Prosilience. Prosilience is “cyber resilience with consciousness of environment self-awareness and the capacity to evolve automatically”. Prosilience Reference Architecture incorporates new disruptive techniques in concert with preemptive threat intelligence to build the foundation for intelligent automation and cyber convergence. Prosilience delivers a powerful, cyber resilient enterprise that facilitates optimal mission outcomes.
4. Artificial Intelligence and Social Engineering – Presented by Deric Palmer, United States Army
The advancement in Artificial Intelligence, Machine Learning and Deep Learning presents new challenges to law enforcement and cybersecurity professionals. Social engineers can use AI to create convincing catphishing accounts, news articles, videos, and synthetic voice to enhance their social engineering tactics. Nefarious actors can use AI to create permutations of malware to bypass anti-virus software. This new development will be challenging for cybersecurity professionals as this has become a new emerging threat to users and network defenses.
5. Lessons Learned from the Cyber Audit Trail – Presented by Nick Marinos, Government Accountability Office, and Phil Moore, Kearney & Company
Since 1997, GAO has designated cybersecurity as a government-wide high-risk area. This discussion will highlight recent trends in cybersecurity and offer observations from federal government auditors on lessons learned when undergoing a cyber security based audit. The discussion will focus on each phase of the audit, to include the pre-audit, planning, testing, and reporting phases.
6. Understanding Vulnerability Scanning for Auditors – Presented by Eric Palmer, Mathematica
Vulnerability scanning is an important function for securing your organization but is your process effective? How do you know if you don’t understand how it works? How can you make any recommendations to improve the process if you don’t understand the constraints? This session will walk through the vulnerability scanning process using a common scanning tool as an example - Nessus. In addition to showing how the tool works, we will cover risks associated with the process in plain-language that auditors can relay to stakeholders.
7. Verizon Data Breach Investigations Report – Presented by Samuel Junkin, Verizon
The newest edition Verizon’s Data Breach Investigations Report (DBIR) is built from analysis of 41,686 security incidents, including 2,013 confirmed data breaches. Data sets for the report were collected from 73 different sources, spanning 86 countries, and including publicly-disclosed security incidents, cases provided by the Verizon Threat Research Advisory Center (VTRAC) investigators. We’ll walk through some of the major findings and provide an insightful perspective of today’s security threat actors and their methods of compromise.
Who should attend?
MEET THE PRESENTERS
Cyber Infrastructure Group Subject Matter Expert, National Institute of Standards and Technology (NIST)
Eric Simmon is a senior scientist in the Cyber Infrastructure Group at the National Institute of Standards of Technology. He graduated magna cum laude from Worcester, Polytechnic Institute (Worcester, MA) with an electrical engineering degree in 1989. He currently leads the NIST cloud computing SLA and metrics efforts, is chair of the NIST Cloud Computing Services Public Working Group and is project editor for the ISO/IEC 19086-2 “Service Level Agreement (SLA) framework and terminology - Metrics” standard. In addition to cloud computing Mr. Simmon also leads NIST efforts on IoT standards and architecture with a focus on complex systems, composition, and interoperability.
Senior Principal Security Global Technical Evangelist & Strategist, Red Hat
Lucy Kerner leads the technical and go-to-market strategy & thought leadership for security across the entire Red Hat portfolio globally. In addition, she helps create and presents security related technical content to the field, customers, partners, analysts, and press and has spoken at numerous internal and external events, including security conferences, and is a Red Hat Summit Top Presenter. Prior to this role, she was a Senior Cloud Solutions Architect for the North America Public Sector team at Red Hat. Lucy has over 15 years of professional experience as both a software and hardware development engineer and a pre-sales solutions architect, where she worked on various aspects of cybersecurity. Prior to joining Red Hat, she worked at IBM as both a Mainframe microprocessor design engineer and a pre-sales solutions architect for IBM x86 servers. She has also interned at Apple, Cadence, Lockheed Martin, and MITRE, where she worked on both software and hardware development. Lucy graduated from Carnegie Mellon University with a Master of Science (M.S.) and Bachelor of Science (B.S.) in Electrical and Computer Engineering and a Minor in Spanish.
KPMG Cybersecurity Director
With 23 years of experience in the technology industry, Ms. Sweeney is a published author, and a regular keynote, industry speaker, panelist and moderator for events such as the 2019 Association of Government Accountants Financial Systems Summit (AGA FSS), the 2019 Academy Health DataPalooza, and the 2018 CMS CISO Cybersecurity Forum. She received her Bachelor of Arts from Randolph-Macon Woman’s College and is a CISM, CISSP-ISSMP, and PMP. She is a regular invited panelist as such events as Howard County’s Tech Council Cyber Executive Leadership forums, and for the University of Maryland Baltimore County (UMBC) Cyber Incubator. She regularly mentors high school girls about the opportunities in cyber to promote diversity in the cyber industry, as well as cross connect the girls to cyber partnership opportunities with other local high school programs. Ms. Sweeney was an award Nominee for the 2018 Women’s Society of Cyberjutsu, for three categories: Cyber Educator, Cyber Mentor, and Cyber Advocate.
Special Agent, United States Army Criminal Investigation Command – Major Cybercrime Unit
Deric Palmer is a Special Agent (SA) with the Major Cybercrime Unit, U.S. Army Criminal Investigation Command (USACIDC), who oversees the Digital Identity/Protection Management and Cyber Threat Investigations for some of the most senior personnel in the DoD and U.S. Army. SA Palmer has over 16 years of law enforcement experience, beginning with his military career in the United States Marine Corps as a Criminal Investigator, a Marine Special Agent with the Naval Criminal Investigative Service (NCIS), and now with USACIDC. SA Palmer holds a BS in Criminal Justice Administration from Park University, a graduate degree in Digital Forensics and Cyber Investigations from the University of Maryland University College (UMUC), and is currently pursuing a MBA from UMUC. SA Palmer holds Information Technology industry certifications from CompTIA, is a certified computer forensics examiner, and is a certified Social Engineer
Director, Information Technology and Cybersecurity, Government Accountability Office
Nick Marinos is a Director in GAO’s Information Technology and Cybersecurity team. He leads audit teams that perform government-wide and agency-specific reviews in the areas of cybersecurity, critical infrastructure, privacy, and data protection across all major federal agencies. Mr. Marinos also leads GAO’s ongoing evaluation of the systems readiness and cybersecurity issues in preparation for the 2020 Census. During his career at GAO, Nick has led major reviews of the cybersecurity of air traffic controls systems at the Federal Aviation Administration; information technology management challenges at the Library of Congress and Copyright Office; data protection practices at the Centers for Medicare and Medicaid Services (CMS) and Federal Student Aid (FSA) office; the response by Equifax and federal agencies’ to the 2017 data breach; as well as a variety of reviews focused on the cybersecurity of critical infrastructure, including within the oil and gas pipeline and financial services sectors; among many others. Recently, Mr. Marinos’ team published a GAO Report to Congressional Requesters entitled “Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges.”
Partner, Kearney & Company
Mr. Moore has over 18 years of experience in helping federal agencies understand risks associated with their IT security and controls environment. As the Kearney IT Audit Practice Leader, Mr. Moore is highly involved in go to market strategies, business development efforts, and proposal management. Some of his specific experience includes:
- Helping federal agencies mature their IT security posture as it relates to NIST, FISMA, and FISCAM standards and guidance.
- Leading projects over the following areas:
- Federal Information Security Management Act (FISMA) Audits and assessment
- Office of Management and Budget (OMB) A-123 Appendix A assessment
- System and Organization Controls (SOC) Statement on Standards for Attestation Engagements (SSAE) No. 18 audits over federal hosting centers and applications.
- FISCAM based IT audits in support of CFO Act financial statement audits.
Eric Palmer, CISA, CRISC, CISSP, CIA, has been managing and conducting IT audits for over 13 years. Despite that, he can still be a pretty nice guy. At Mathematica, where he works, Eric helps manage IT security risk for new technologies and mature internal IT security practices. With experience in government, financial services, healthcare, and consulting, Eric helps with initiatives such as the Cloud Security Alliance’s IoT working group and volunteers with local professional association chapters such as GWDC. Eric has also contributed to the CISA, CRISC, and CIA certification exams as an exam writer and as part of the group selecting questions for the CISA exam.
Professional Services Associate Director, Verizon
Sam is the Professional Services Associate Director, for Governance, Risk, and Compliance (GRC) at Verizon. He manages a global team focused on measuring both performance and maturity of client security programs. His responsibilities include leading teams that span the federal government, operational technology environments, regulatory compliance, and data loss prevention.
ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.
Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.
Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact Marvin Muhumuza, Programs Director, to discuss your needs, as soon as possible. We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.
SPONSOR THIS EVENT
Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: N/A
- Delivery Method: Live in person event
GWDC Members: $105
Other ISACA Members: $135
Register by October 23!
We encourage early registration, as some events sell out.
To register, click the green "Click to Register" button in the "Details" section below.
If you are unable to attend an event, you can cancel your registration. All cancellations must be received by October 23. A $15 cancellation fee is charged.
To cancel, log into the My Registration page linked in your confirmation e-mail and click the UNREGISTER link.
Kenneth joined ISACA in 2013 and presently serves as the GWDC Communications Director. He holds the CISM, CISA, PMP, CIPP/G, and AWS CCP.