For more information on our events policy, see

Loading Events

« All Events

  • This event has passed.

IT Audit in Civilian & DoD environment

February 22, 2018 @ 7:30 am - 4:30 pm EST

GWDC Member: $95, Other ISACA Members $120, Non-ISACA Member: $140


The ISACA Greater Washington, D.C. chapter IT audit event attracts the best and brightest with its content-rich and thought-provoking sessions that delve into some of the biggest challenges facing IT audit and security professionals. The conference will include dynamic, timely topics that help you address challenges and learn innovative solutions within the IT audit arena. Speakers will cover information security, risk management utilizing frameworks like NIST Cybersecurity, RMF and FISMA to protect information, operations and assets against natural or man-made threats. IT audit both in civilian and DOD environments will be discussed, as well as upcoming changes to the way Federal agencies, implement IT systems, communicate cyber threats, manage resources, lower operational costs, expand and protect access, and manage evolving cyber threats.


A Vulnerability Geek’s View of Auditing, Assessing, and Inspecting

Communications Security, Computer Security, Information Security, Information
Assurance, Information Operations, Cyber Security: through a 35-year career at the National Security Agency, and now with the non-profit Center for Internet Security, Tony has spent 40+ years in the business of finding, making sense of, and managing vulnerabilities in devices, systems, and operations.
Although he’s never been an auditor, or even played one on TV, Tony has worked with countless IGs, auditors, and security assessment teams to help translate the “negative knowledge” of flaws into positive defensive action for individual enterprises. Through this lens, he will offer some highlights, some low points, and other observations of the role of audit in cyberdefense for the system as a whole. And he will also describe about how these lessons have been embedded into the model of the Center for Internet Security and its work with the auditors who support it.


  • Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to cybersecurity initiatives.
  • Anyone that is already or anyone interested in getting involved with the ISACA CSX program

Agenda for IT Audit



Tony Sager

Senior Vice President & Chief Evangelist, Center for Internet Security

Education / Certifications / Credentials

Tony Sager is a Senior Vice President and Chief Evangelist for CIS (The Center
for Internet Security). In this role, he leads the development of the CIS Controls,
a worldwide consensus project to find and support technical best practices in
cybersecurity. Sager also serves as the Director of the SANS Innovation Center,
a subsidiary of The SANS Institute.
Sager retired from the National Security Agency (NSA) after 34 years as an
Information Assurance professional. He started his career in the Communications
Security (COMSEC) Intern Program, and worked as a mathematical cryptographer
and a software vulnerability analyst. In 2001, Sager led the release of NSA security
guidance to the public. He also expanded the NSA’s role in the development
of open standards for security.
Sager holds a B.A. in Mathematics from Western Maryland College and an
M.S. in Computer Science from The Johns Hopkins University. He is also a civilian
graduate of the U.S. Army Signal Officer Basic Course and the National Security
Leadership Course.


Brett Waldman

JHU-APL, Integrated Adaptive Cyber Defense (IACD)


Mr. Waldman is Assistant Program Manager – Defensive Cyber Technologies Portfolio at The Johns Hopkins University Applied Physics Laboratory. In his current role he is focused on strategies for increasing the speed and scale of cyber defense through security orchestration, automation and information sharing as part of the Integrated Adaptive Cyber Defense (IACD) initiative. He is a cyber security and technology leader adept in tying strategies to business goals with 20+ years of engineering and operations experience in commercial, private and federal markets.  Mr. Waldman has a Bachelor’s degree from State University of New York at Buffalo, a Master’s degree from Rensselaer Polytechnic Institute, and is a Certified Information Security Professional (CISSP) and Architect (ISSAP).


Tony Hubbard

Principal, KPMG Cybersecurity Practice


Tony Hubbard has 26 years of experience supporting federal IT audit and cybersecurity initiatives. Tony leads several KPMG federal IT audit and cybersecurity efforts, including support for federal entities such as the Departments of Defense, Energy, Health and Human Services, Homeland Security, and Veterans Affairs. Tony’s teams provide a range of IT audit and cybersecurity services to federal entities, including identity access management, training, strategy, Risk Management Framework (RMF) support, and IT audits in accordance with the Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST) guidance, and Federal Information System
Controls Audit Manual (FISCAM). Tony has authored many professional articles, appeared on several media outlets, and frequently speaks at professional events on IT audit and cybersecurity challenges and opportunities. Tony has a Bachelor’s degree from Shepherd University, and is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).


Jason Gould

Director, KPMG Risk Consulting


Jason Gould has over 11 years of experience supporting federal IT audit and cybersecurity initiatives. Jason manages several KPMG federal IT audit efforts, including support for federal entities such as the Departments of Defense, Justice, and Homeland Security. Jason’s teams provide a range of IT audit and cybersecurity services to federal entities, including cybersecurity maturity and gap assessments, and IT audits in accordance with the Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST) guidance, Intelligence Community Directives (ICD) guidance, and Federal Information System Controls Audit Manual (FISCAM) methodology.  Jason has a Bachelor’s degree from Shippensburg University, a Master’s degree from James Madison University, and is a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), and a Project Management Professional (PMP).

Noel Nazario instructor for the CISM Spring Review 2021

Noel Narazio

President, Elfsec LLC


Noel A. Nazario is President of Elfsec LLC, a technology consulting firm focused on the management of cyber security risk to support business growth and mission success. Noel brings broad experience in technology, management, risk mitigation, and stakeholder engagement. His passions are improving the accessibility of cyber security technology, managing technology risks to enable business goals, and mentoring future technology leaders. Noel started his cyber security career as an Electronics Engineer for the National Institute of Standards and Technology (NIST) Computer Security Division, where he pioneered work in Security Labels, Data Categorization, Assurance Levels, and Public Key Infrastructure. He moved on to positions at KPMG, Ernst & Young, and Grant Thornton, where he held Senior Associate, Manager, Senior Manager, and Director positions serving clients in all branches of the U.S. Federal Government and various industries. Noel earned a Master’s degree in Computer Science from the Johns Hopkins University, a Bachelor’s degree in Computer Engineering from the University of Puerto Rico, and holds a Certified Information Security Manager (CISM) designation. He has held multiple volunteer positions in professional and leadership development organizations.


John Hamilton

FedRAMP Program Manager of Operations

John Hamilton is the Program Manager of Operations for FedRAMP. In this role, he works to ensure effective day-to-day operations of the FedRAMP PMO’s Readiness Assessment review process, public-facing website, customer mailbox, and secure repository. He also coordinates with FedRAMP’s Joint Authorization Board (JAB) and independent assessor accreditation body (A2LA) to ensure provisionally authorized cloud service providers (CSPs) and third party assessment organizations (3PAOs) meet FedRAMP performance standards and guidelines.

John previously worked for Accenture Federal Services and Booz Allen Hamilton where he served as a trusted cybersecurity advisor for the Federal Government. He provided leadership, strategy, and information assurance expertise to multiple federal agencies to obtain, maintain, and enhance compliance with mandated IT policies. His extensive experience in working to improve program efficiencies and understanding of systems engineering design approaches facilitated the enterprise-wide implementation of the Department of Labor’s Public Key Infrastructure (PKI) and the Department of Defense’s secure mobility strategy.

Frabrizo Papi

Fabrizio Papi

Internal Auditor, Inter-American Development Bank Group


Fabrizio Papi has more than ten years of experience in providing assurance and advisory services across international multilateral organizations.  Fabrizio’s expertise includes IT and process auditing, cybersecurity, and data analytics. He’s passionate about emerging business technologies and promoting awareness on the topic. Fabrizio is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Project Management Professional (PMP), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI) and holds an MBA from the University of the Potomac.


Dwayne Baker

Senior Manager in the Risk Transformation practice of EY


Dwayne Baker is a Senior Manager in the Risk Transformation practice of EY, focusing on advising clients on how to enhance the efficiency and value of their information risk management and information security programs. He has more 10 years of experience delivering IT risk management, GRC technology enablement (RSA Archer), IT audit and data analytics. He has helped more than a dozen Fortune 100 companies improve their GRC programs. Mr. Baker received a B.A. in Economics and M.S. in Accounting from North Carolina State University; he is a Certified Information Systems Auditor (CISA), and Certified Information Privacy Professional (CIPP).

Leo Nguyen

Leo Nguyen

Senior Manager in the Advisory Services practice of EY


Leo Nguyen is a Senior Manager in the Advisory Services practice of EY, focusing on assisting clients to build out and/or improve their end-to-end risk & compliance programs. He has over 14 years of experience in various areas of Risk; leading engagements around governance and risk management, assurance, information security (Cyber), financial audit integration, audit readiness and regulatory compliance. Mr. Nguyen has assisted numerous Fortune 100 companies and large public sector organizations achieve better understanding, transparency and effectiveness in their risk & compliance programs. He received a B.S. in Computer Information Systems from James Madison University and is a veteran of the U.S. Air Force. Mr. Nguyen is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Information Privacy Professional/Government (CIPP/G).


Special Instructions

ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.


Conference presentations are posted to the Presentations Library when permission is received from the presenter and their organization. In some cases, permission is not received.


Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: N/A
  • Delivery Method: In Person


February 22, 2018
7:30 am - 4:30 pm EST
GWDC Member: $95, Other ISACA Members $120, Non-ISACA Member: $140


Mohammad Khan


Holiday Inn Rosslyn @ Key Bridge
1900 North Fort Myer Drive
Arlington, VA 22209 United States
+ Google Map
Please do not contact the venue directly regarding this event.