BEGIN:VCALENDAR VERSION:2.0 PRODID:-//ISACA Greater Washington, D.C. Chapter - ECPv6.16.4.1//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:ISACA Greater Washington, D.C. Chapter X-ORIGINAL-URL:https://isaca-gwdc.org X-WR-CALDESC:Events for ISACA Greater Washington, D.C. Chapter REFRESH-INTERVAL;VALUE=DURATION:PT1H X-Robots-Tag:noindex X-PUBLISHED-TTL:PT1H BEGIN:VTIMEZONE TZID:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20210314T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20211107T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20220313T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20221106T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20230312T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20231105T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20240310T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20241103T060000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID=America/New_York:20231007T083000 DTEND;TZID=America/New_York:20231007T170000 DTSTAMP:20240911T150804Z CREATED:20230906T163131Z LAST-MODIFIED:20240911T150804Z UID:30856-1696667400-1696698000@isaca-gwdc.org SUMMARY:CET Cloud Fundamentals Review Course: An ISACA CommunITy Giveback Event DESCRIPTION:The GWDC will be hosting a one-day virtual CET cloud fundamentals course for CommunITy Day. Earn CPEs whilst giving someone in our community a better life. All proceeds from the CET training will go to scholarships managed by One In Tech\, an ISACA Foundation. The training starts at $30 but any amount that you provide will go to helping someone in our community. Let’s help someone have a better life while learning all about the cloud. \nIndividuals with little to zero years’ experience in cloud and those seeking to increase their knowledge and skills in Emerging Technology Topics should attend this event.  It’s also intended for anyone preparing for the CET Cloud fundamentals certificate exam. \n  \nCourse Payment and Registration \nThis course is being presented as part of ISACA’s CommunITy Day\, which provides offers an opportunity to celebrate our purpose as digital trust professionals by enabling the positive potential of people. When ISACA Members\, families and friends spend a few hours one day a year giving back to their local communities\, we can truly change the world! \nPayment and registration for this course will be through One In Tech\, through the link below. A minimum donation of $30 is needed to attend the course; however\, if you would like to contribute more\, there is an opportunity to do so.  You can read about the donations that will go to OneInTech here. You can request donations to go to scholarships for universities in your area by specifying the ISACA chapter that you belong to on the donations page.  \nTo learn more about One In Tech\, an ISACA Foundation\, visit their website at https://oneintech.org/. \nRegistration confirmation emails will be sent about a week after registration.  Course details will be by the instructor prior to the event. \nRegistration closes on October 6 @ 3PM.  \n  \nRegister Today! \n  \nAgenda \nModule 1 – Cloud Computing Models \n\nCloud Components\nCloud Service Implementation Considerations\nCloud Deployment Models\nModule 2-Cloud Service Models\n\n\nSoftware as a Service\nPlatform as a Service\nSolution Stacks\nInfrastructure as a Service\n\nModule 3-Cloud Governance \n\nBusiness Drivers to Cloud \nRisks Associated with cloud solutions\nCloud Vendor Selection and Management\nPortability of Services\n\nModule 4-Cloud Service supports \n\nDistinguish between service implementation and support in the cloud\nDescribe the testing and validation requirements for post-cloud implementation\nArticulate the special role that configuration management plays in cloud computing\nIdentify resource management challenges with cloud computing implementations\n\n  \nCET Cloud Fundamentals Certificate Exam \nThe exam will be offered via Computer-Based Testing (CBT). \nRegistration for the exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CET Cloud Fundamentals Certificate and Exam Registration \n  \nExam Preparation \nFor students who wish to take the CET- Cloud fundamentals exam\, it is highly recommended that the prospective candidates should purchase the official study guide and labs here as the exam includes hands on elements. \n  \nInstructor \n\n \n\n\nSushila Nair\n Vice President – North American Cybersecurity Practice at Capgemini\nCISSP\, GIAC GSTRT\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair is Capgemini’s Vice President\, North American Cybersecurity practice. Capgemini is a global leader in providing secure digital transformation for our clients. Sushila has most recently served as the Vice President for cybersecurity offers at NTT Data Services and has held the role of a CISO for 10 years. Sushila has over 30 years of experience in computing infrastructure\, business and security risk analysis\, preventing credit card fraud\, and served as a legal expert witness. Sushila has been featured in global technical events including RSA\, Segurinfo and ISACA’s global conferences\, co-authored books and is regularly quoted in the press. She plays an active role in supporting best practices and skills development within the cybersecurity community through her work with ISACA and CSA. \nSushila is part of the ISACA global emerging trends working group and vice president of ISACA Greater Washington\, D.C. Chapter. Sushila Nair was named by IT Security Guru as one of the Most Inspiring Women in Cyber 2022! \n \n\n  \nVirtual Meeting Information \n\nGroup Internet-Based. Zoom link delivered with registration.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 8 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\nLearning Objective: After completing the course\, students will be prepared to sit for the CET exam.\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/communityday-2023/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/09/cet_cloud_2023.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20231002T144500 DTEND;TZID=America/New_York:20231002T164500 DTSTAMP:20231003T122315Z CREATED:20230827T152204Z LAST-MODIFIED:20231003T122315Z UID:30782-1696257900-1696265100@isaca-gwdc.org SUMMARY:Proposed Changes to GAO’s FISCAM Panel Discussion DESCRIPTION:On July 20\, 2023\, GAO issued an exposure draft of the revised Federal Information System Controls Audit Manual (FISCAM). FISCAM presents a methodology for assessing the design\, implementation\, and operating effectiveness of information system (IS) controls. GAO first issued FISCAM in 1999 and last issued a revision in 2009. GAO is requesting comments on the exposure draft from federal\, state\, and local government officials; managers and auditors at all levels of government; professional organizations; public interest groups; and other interested parties. When issued in final form\, this revision will supersede the February 2009 revision. \nThis panel discussion will provide attendees with an opportunity to learn more about the proposed revisions and ask questions before the comment period ends (comments due no later than October 18\, 2023).  IT advisory or audit professionals that serve or support the Public Sector should attend this event. \nRegistration closes on October 1\, 2023 @ 12pm.   This is a free virtual event. \nRegister Today! \n  \nEvent Sponsor \nThe ISACA Greater Washington D.C. Chapter is proud to have Cotton\, A Sikich Company as the sponsor for this event.  \n \nFounded in 1981\, Cotton is a certified public accounting firm headquartered in historic Old Town Alexandria\, Virginia. Cotton has focused our practice on providing services predominantly for governmental agencies and programs\, and we have continued to expand both our client base and our range of services. Today\, Cotton provides a full range of audit\, accounting\, IT\, and management consulting services. In 2022\, Cotton was acquired by Sikich LLP\, a global company specializing in technology-enabled professional services. With more than 1\,500 employees\, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies and ranks as one of the largest CPA firms in the United States. From corporations and not-for-profits to state and local governments and federal agencies\, Sikich clients utilize a broad spectrum of services and products to help them improve performance and achieve long-term\, strategic goals. \n  \nAgenda \n\n2:45 PM – 2:55 PM \n\n\nOpening Remarks \n\n\n3:00 PM – 4:40 PM \n\n\nPresentation: 2023 FISCAM Exposure Draft\, follow-up with Q&A \nModerator: \n\n Loren Schwartz\nCPA\, CISA\, CISSP\nPartner\, Cotton\, A Sikich Company\n\nPanelists: \n\n Robert Dacey\nJD\, CPA\, CGFM\nChief Accountant\, GAO\n Nicole McGuire Burkart\nCPA\, CGFM\nAssistant Director\, GAO\n\n\n\n4:40 PM – 4:45 PM \n\n\nClosing Remarks \n\n  \nModerator \n\n \n\n\nLoren Schwartz\nPartner\, Cotton\, A Sikich Company \nCPA\, CISA\, CISSP \nLoren Schwartz joined Cotton in May 2002 and was elected a partner in April 2003. Loren has more than 25 years of diversified information system audit\, financial and operational audit\, privacy\, and risk management consulting experience. He directs many of the firm’s major information technology reviews and audits. \nLoren’s experience includes directing and participating in a wide range of system reviews\, Federal Information Security Modernization Act (FISMA) audits\, financial statement audits\, process re-engineering improvement projects\, and audits of internal management controls of automated information systems. He has directed projects with clients ranging in size from start-up entrepreneurial organizations to Fortune 500 organizations. His industry experience includes both commercial and governmental clients. He also has conducted speaking engagements for well-known industry organizations on a variety of Information Technology (IT) -related topics. \nLoren holds a Bachelor of Science degree in Accounting from Virginia Polytechnic Institute and State University. He is a Certified Public Accountant (CPA)\, a Certified Information Systems Security Professional (CISSP)\, and a Certified Information Systems Auditor (CISA). He is an active member of the American Institute of Certified Public Accountants (AICPA) and the ISACA Greater Washington D.C. Chapter \n\n  \nPanelists \n\n \n\n\nRobert Dacey\nChief Accountant\, GAO\nJD\, CPA\, CGFM\n \nMr. Dacey is Chief Accountant for the United States Government Accountability Office (GAO) and a member of the Federal Accounting Standards Advisory Board. Mr. Dacey has provided leadership for significant GAO efforts in financial accounting and auditing\, as well as audits and testimony related to information security\, homeland security\, and other information technology areas. He previously served as a member of the AICPA Auditing Standards Board and the International Public Sector Accounting Standards Board\, and as Chair of the AGA’s CEAR Board. Mr. Dacey is a CPA and CGFM. He received a B.B.A.\, magna cum laude\, from the University of Cincinnati and a J.D. from the George Mason University School of Law. \n\n\n \n\n\nNicole McGuire Burkart\nAssistant Director\, GAO\nCPA\, CGFM\n \nMs. Burkart is an Assistant Director in GAO’s Financial Management and Assurance team. She leads the information system controls assessments performed in connection with multiple GAO financial audits. She is also involved in the maintenance of GAO’s audit methodologies and led the recent efforts to revise FISCAM. Ms. Burkart served on the AICPA Attestation Standards Task force to clarify the attestation standards\, supporting the issuance of SSAE No. 18 and SAS No. 130. Ms. Burkart is also an alumnus of the AICPA’s second annual Leadership Academy\, Class of 2010. Ms. Burkart is a CPA and CGFM. She received a Bachelor of Science degree\, summa cum laude\, from Elmira College. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will obtain an understanding of (1) the major proposed changes to FISCAM\, (2) the impact of such changes on IS controls assessments\, and (3) the timeframe for public exposure and next steps. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/fiscam-panel-discussion/ LOCATION:Virtual Event CATEGORIES:Panels ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/08/fiscam_panel_2023.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230928T083000 DTEND;TZID=America/New_York:20230928T123000 DTSTAMP:20230927T230806Z CREATED:20230917T140643Z LAST-MODIFIED:20230927T230806Z UID:30895-1695889800-1695904200@isaca-gwdc.org SUMMARY:Cloud Security 2023 Conference DESCRIPTION:The GWDC is proud to partner with the DC Chapter of the Cloud Security Alliance to host its annual cloud conference\, Cloud Security 2023. This virtual conference is part of our monthly conference series. \nCloud security and enablement professionals\, IT advisory or audit professionals\, business executives\, cybersecurity professionals\, students or professionals interested in learning more about cloud security should attend this conference. \nRegistration closes on September 27\, 2023 @ 12pm.  \nRegister Today! \n  \nEvent Partner \nThe GWDC is proud to have the DC Chapter of the Cloud Security Alliance as a partner for this event.  For more information on the CSA DC Chapter\, please visit their website at https://cloudsecurityalliance-dc.org/home. \n \n  \nAgenda \n\n08:30 AM – 09:30 AM \n\n\nWho’s Vulnerable in YOUR IT Supply Chain? \nPresenter: David Barnscome (Microsoft) \n“Compromise one to compromise many.” More and more frequently\, nation-state attackers leverage the trusted relationships in an organization’s IT supply chain to achieve compromise of downstream targets. How can you take steps to protect against this type of activity? \nIn this discussion\, we’ll look at some interesting examples of how supply chain compromise has been achieved\, and what it eventually led to. More importantly\, we’ll talk about how you can assess your IT suppliers so that you can have confidence that they are taking the right steps to protect your organization’s data estate. \n\n\n09:30 AM – 10:30 AM \n\n\nThreat Intelligence Integration \nPresenter: George Alves (Defense Acquisition University) \nGeorge Alves discusses how being “threat informed” is critical in the execution of your Zero Trust capabilities and activities whether on-prem or in the cloud. From the Zero Trust Capability Roadmap: this capability requires integration of threat intelligence information and streams about identities\, motivations\, characteristics\, as well as tactics\, techniques\, and procedures (TTPs). This capability will assist Cyber Defenders be more proactive rather than reactive. \n\n\n10:30 AM – 11:30 PM \n\n\nCloud Adversarial Vectors\, Exploits\, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration \nPresenter: Dr. Mari J. Spina (CSA DC Chapter and MITRE) \nCloud security practitioners agree there’s a need for comprehensive threat-informed security guidance to address system assessment\, secure design\, cyber analytics\, and threat mitigation. Due to the rapid development of cloud technologies and service offerings\, it is also necessary to develop a forward-looking adversary perspective that identifies emerging cloud service risks along with detailed detections and mitigations for practitioners to implement. The Cloud Security Alliance (CSA) and the MITRE Corporation have established the Cloud Adversarial\, Vectors\, Exploits\, and Threats (CAVEaT™) collaboration to bring relevant content to the cloud security practitioner. This research explores today’s available frameworks with relevance to cloud systems and proposes a course of action to advance the state of the art in threat-informed security by collaborating with cloud service providers (CSPs)\, international security researchers\, and key subject matter experts. \n\n\n11:30 AM – 12:30 PM \n\n\nContinuous Compliance – Security Assessments the Cloud-Native Way \nPresenter: Michael Wasielewski (Capgemini) \nSecurity assessments for cloud environments have and continue to evolve at a dramatic rate. Just a few years ago security standards for cloud environments were difficult to understand and even more difficult to audit against. Since then\, cloud service providers and their partners have built tools to simplify auditability for their customers and auditors alike; but the pace of change in and of modern cloud environments still vexes many traditional assessment practices. In this talk\, we’ll cover how the next generation of audit tools are adopting a continuous compliance approach for evaluating cloud environments in near-real time\, and how to think differently about what artifacts can demonstrate real risk management as opposed to point in time theater. By the end of the session you’ll better understand how to approach security assessments for modern cloud environments. \n\n  \nPresenters \n\n    \n\n\nDavid Barnscome\nGlobal Partner Solutions Architect for Security\, Compliance\, and Identity @ Microsoft \nDavid is a Global Partner Solutions Architect for Security\, Compliance\, and Identity at Microsoft. In this role\, David is responsible for training and supporting Microsoft partners on the latest security compliance and identity solutions\, including Microsoft 365\, Azure and Windows. \n  \n\n\n \n\n\nGeorge Alves\nProfessor\, Enterprise Cybersecurity @ Defense Acquisition University (DAU)\nCISSP\, CEH \nGeorge Alves has over 35 years of DOD and Acquisition experience. Currently he is a Defense Acquisition University (DAU) Cybersecurity Professor. He holds a Master of Science in Cybersecurity along with various professional certifications such as CISSP and CEH. Before coming to DAU\, he served as the Information Systems Security Manager (ISSM) at the Office of the Comptroller of the Currency under Department of Treasury overseeing IT/Cyber acquisitions and compliance throughout several platforms to include public and private cloud environments. He is a former Navy Civilian of 10 years to include being the Deputy CIO for Cybersecurity at Naval Sea Systems Command HQ in Washington Navy Yard\, DC. There he oversaw the entire NAVSEA enterprise comprised of over 2000 operational\, developmental\, and RDT&E networks\, systems\, and applications both on-premise and in cloud environments. He had a team of almost 40 civilians and contractors to include the first NAVSEA Cyber Scientific & Technical Intelligence Liaison Officer (STILO) in a position he created to integrate intelligence within Cybersecurity. He also spent two years as an Army civilian supporting the Program Manager of DOD Biometrics as the Cybersecurity Lead under the Program Executive Office Intelligence Electronic Warfare and Sensors (PEO IEW&S). There he was involved in the early stages of acquisition supporting the designs\, engineers\, deployment\, and sustainment of enterprise biometric solutions in multiple operating environments enabling identity dominance on the battlefield and across the Department of Defense to include migrating tactical systems into the cloud. He is also a proud veteran retiring after 20 years of Navy active-duty service. Some of his assignments includes serving as the Automated Data Processing Division Officer onboard the USS NASSAU\, and as a Computer Network Defense Leading Chief Petty Officer within Joint Forces Command where he stood up a Global Command\, Control\, Communications\, Computers\, and Intelligence (C4I) Coordination Center after the 9/11 attack. \n\n\n \n\n\nDr. Mari J. Spina\nCloud Security Alliance-DC Chapter Research Committee Chair\nPrincipal Cybersecurity Engineer @ the MITRE Corp\nPMP\, CISSP\, ISSEP\, CCSP \nDr. Mari J. Spina is the Cloud Security Alliance-DC Chapter Reasearch Committee Chair. In this capacity\, she has been leading the charge to develop critical research to advance the state of practice in cloud security for highly regulated industries represented by the CSA-DC Chapter membership. Dr. Spina is also a Principal Cybersecurity Engineer at the MITRE Corp. supporting a multitude of MITRE Federal sponsors including DoD and the IC in the area of Cloud Security. At MITRE\, she leads the Cloud Security Capability Area\, and teaches Cloud Security for the MITRE Institute. She has taught many Information Technology courses for the George Washington University schools of engineering and business. Before joining MITRE\, she worked for government engineering firms including Hughes Aircraft\, SAIC\, ManTech\, NJVC\, and DMI since 1988 where she provided IT systems engineering to a variety of Federal agency missions including those of the Intelligence Community and the DoD. Mari holds a D.Sc. in Engineering Management from the George Washington University\, a MSEE from the University of Southern California\, and a BSME from California State University Northridge. She is also PMI PMP and ISC2 CISSP\, ISSEP\, CCSP certified. \n\n\n \n\n\nMichael Wasielewski\nCapgemini \nMoving from outside of Washington D.C. in the US\, Michael moved to Paris joining Capgemini in December of 2021. Responsible for global cloud security and next-gen secure architecture portfolio development\, Michael brings a robust background ranging from Network Operations and Engineering\, running global Information Security teams and modernizing enterprises through their cloud and workplace journeys\, and executing as a global Cloud Security specialist. When not playing video games with his two kids or struggling to learn French\, Michael wishes he could play more golf or do some more skydiving. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about recent topics in the Cloud Security space. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2023-cloud-security-conference/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/09/cloud_2023.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230831T083000 DTEND;TZID=America/New_York:20230831T123000 DTSTAMP:20230814T121341Z CREATED:20230814T140007Z LAST-MODIFIED:20230814T121341Z UID:30741-1693470600-1693485000@isaca-gwdc.org SUMMARY:2023 IT Fraud Virtual Conference with the ACFE DESCRIPTION:Incidents of information technology being maliciously exploited reduce confidence and trust in the attacked organization’s security and operations. Cybersecurity Ventures estimates global cybercrime to cost $10.5 trillion annually by 2025. Join the Washington Metropolitan Chapter of the Association of Certified Fraud Examiners and ISACA Greater Washington DC chapter for their 2023 IT Fraud Virtual Conference.  Fraud and cybersecurity professionals\, IT advisory or audit professionals\, Business executives\, students or professionals interested in learning more about IT fraud should attend this event. \nTopics and presenters for this event are: \n\n Cyber Risk and Financial Stability\nChris Wilson; Wilson Consulting\n Framework for Managing Improper Payments in Emergency Assistance Programs\nSarah Garcia\, Johana Ayers\, and Daniel Flavin; United States Government Accountability Office\n Anti Money Laundering Compliance Considerations in a Digital World\nGregory Schwarz; Guidehouse\n Securities Fraud\nJames Park; UCLA School of Law\n\nAdvance registration is required. This event is free for GWDC members using the discount code that was provided via email.  If you did not receive the discount code\, please contact using the Registration Contact Form.  \nFor additional information\, including registration links\, please visit the ACFE website linked below.   \nRegister Today! \n  \nEvent Questions and Policies \nRegistration Questions \nIf you did not receive the email with the discount code for the event\, please contact us using the Registration Contact Form. \nAll other questions regarding the event\, registration\, and CPEs should be directed to the Washington Metropolitan Chapter of the ACFE. \n  \nCPEs  \nCPEs for this event will be issued by the Washington Metropolitan Chapter of the ACFE. URL:https://isaca-gwdc.org/event/it-fraud-conference-with-acfe/ LOCATION:Virtual Event CATEGORIES:Conferences ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230817T173000 DTEND;TZID=America/New_York:20230817T203000 DTSTAMP:20230729T013425Z CREATED:20230725T171912Z LAST-MODIFIED:20230729T013425Z UID:30708-1692293400-1692304200@isaca-gwdc.org SUMMARY:Summer Social Event with ISSA on EU-US Data Privacy Framework DESCRIPTION:The GWDC and Information Systems Security Association (ISSA) chapters from Northern Virginia\, D.C.\, and Central Maryland have restarted our annual social event. This is a hybrid event\, with the in-person session to be held at Marymount University Ballston Center campus in Arlington.  The event will be held on August 17\, 2023 @ 5:30 PM. \nThis year\, the social will include a presentation on the EU-US Data Privacy Framework by Linda V. Priebe\, partner at the D.C. office of Culhane Meadows PLLC. \nAdvance registration is required and closes on August 14\, 2023.  \nFor additional information\, including registration links\, please visit the ISSA-NOVA website linked below.   \nRegister Today! \n  \nHost Organizations \nThis event is proud to be hosted by the following organizations: \n \n \n  \nEvent Questions and Policies \nRegistration Questions \nQuestions regarding the event\, registration\, and CPEs should be directed to ISSA-NOVA. \n  \nCPE Information \nAny CPEs for this event will be issued by ISSA-NOVA.  Per ISSA-NOVA: \nPlease remember to sign-in at the check-in area (if attending in person) or through the attendance link (if attending online) on the day of the chapter meeting. There you can request a CPE/PDU certificate. URL:https://isaca-gwdc.org/event/summer-social-2023/ LOCATION:Marymount University – Ballston Center Campus\, 1000 Glebe Road\, Arlington\, VA\, 22203\, United States CATEGORIES:Social Events ORGANIZER;CN="Adnan Sijercic":MAILTO:outreach@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230817T083000 DTEND;TZID=America/New_York:20230817T123000 DTSTAMP:20240911T155506Z CREATED:20230715T153157Z LAST-MODIFIED:20240911T155506Z UID:30682-1692261000-1692275400@isaca-gwdc.org SUMMARY:Summer Seminar - IT Modernization DESCRIPTION:Join us for an exciting virtual summer seminar for an exciting event hosted by Guidehouse and the ISACA GWDC chapter focusing on the ever-relevant topic of IT modernization. This event brings together industry experts and government speakers to deliver insightful presentations on various aspects of IT modernization\, including its benefits\, challenges\, and risks as well as providing valuable insights to overcoming potential obstacles. \nAll information security program managers\, cybersecurity managers and professionals\, IT audit professionals\, business executives\, students and professionals interested in exploring the latest trends\, strategies\, and best practices in implementing and managing IT modernization initiatives should attend this event. \nRegistration closes on August 16\, 2023 @ 8pm.   This is a free virtual event. \nRegister Today! \n  \nEvent Sponsor \nThe GWDC is once again pleased to partner with our Platinum Sponsor Guidehouse on another series of summer seminars. \n \n  \nAgenda \n\n08:30 AM – 09:30 AM \n\n\nZero Knowledge Proofs in Blockchain \nPresenter: Remo Nyffenegger (University of Basel) \nA zero-knowledge proof is a cryptographic technique that enables one party (the prover) to demonstrate to another party (the verifier) that a certain statement is true without revealing any additional information about the statement itself. This concept has diverse applications\, particularly in fields like blockchain technology. Within blockchains\, zero-knowledge proofs address two critical dimensions: privacy and scalability. They empower confidential transaction verification by shielding sensitive data. Moreover\, these proofs enhance scalability through succinct verification\, allowing blockchains to process more transactions efficiently without compromising security. \nIn this presentation by Remo Nyffenegger\, we will discover how zero-knowledge proofs possess extensive applicability while providing utility in secure authentication\, upholding voting integrity\, and validating digital identities. \n\n\n09:30 AM – 10:30 AM \n\n\nTransformative Technologies: RPA\, Low-Code\, AI/ML \nPresenters: Ranyah Salous and Shelly Turner (Guidehouse) \nAs transformative technologies are reshaping the IT landscape\, they provide invaluable insights into harnessing their potential to streamline processes\, enhance efficiency\, and drive innovation. Join us for an engaging discussion that will unveil the cutting-edge technologies such Robotic Process Automation (RPA)\, Low-Code development\, Artificial Intelligence/Machine Learning (AI/ML) and other related technologies. \nIn this presentation by Shelly and Ranyah\, we will discover how these dynamic tools converge to empower organizations to achieve agility and modernization. \n\n\n10:30 AM – 11:30 PM \n\n\nAI-Guided Depression Management \nPresenter: Dr. Farrokh Alemi (George Mason University) \nMost patients with major depression do not benefit from their first treatment and have to go through repeated trials of medications to find a treatment that works for them. Over the years\, there have been multiple attempts to help clinicians provide a more optimal depression treatment. Neither the guidelines nor the decision aids have changed clinical practice by much or improved outcomes for patients. Our proposed generative AI system bridges this gap in service. The system has two components: patient-facing collection of medical history and a non-generative advice system. \nIn this presentation\, Dr. Farrokh Alemi will explain how this novel\, goal-based\, example-driven\, dialogue management system is likely to improve patient engagement; increase shared decision making between patient and their clinicians; and in the process lead to changes in prescription patterns and patient outcomes. \n\n\n11:30 AM – 12:30 PM \n\n\nProtecting Supply Chain Integrity and Data Privacy \nPresenter: Rodney Snyder (Guidehouse) \nAs the cyber warfare landscape continues to evolve\, IT modernization becomes the cornerstone of mitigating supply chain risks and reducing potential liabilities. The modern digital landscape has brought forth a cyber guerilla warfare that threatens the integrity of supply chains and data privacy across organizations. With ever more and increasingly sophisticated cyberattacks increasing the risk\, data compromise becomes a more frequent grim reality. Organizations must take proactive steps to implement robust cyber risk-mitigation and liability-reduction strategies within their supply chains. \nIn this presentation\, Rodney Snyder will touch on how IT modernization and supply chain risk management can help organizations navigate complexities and become resilient. \n\n  \nPresenters \n\n \n\n\nRemo Nyffenegger\nEconomist @ University of Basel \nRemo Nyffenegger is an economist and researcher at the University of Basel in Switzerland. He conducts research on traditional economic topics as well as on blockchains and their underlying technology. In this role\, he investigates the utilization of zero-knowledge proofs within the realm of blockchains and other areas.  \nRecently\, he authored an article on this subject\, featured in the Federal Reserve Bank of St. Louis Review. \n\n\n \n\n\nRanyah Salous\nDirector @ Guidehouse \nRanyah Salous is a Director at Guidehouse with the Advanced Analytics and Intelligent Automation team and has over 11 years of professional IT experience. In her time leading Advanced Analytics and Intelligent Automation initiatives\, she has worked with clients across segments around the globe to establish an enterprise approach to Intelligent Automation\, Data Analytics\, Data Visualization\, AI/ML\, and Low-code implementation including the establishment of strategic goals\, program governance\, change management\, and continuing the evolution of automation technology. Ms. Salous has provided value to organizations by leading efforts to automate manual tasks\, increase process efficiencies\, and free-up resources to work on higher-value initiatives. In addition to automation and application delivery\, Ms. Salous has worked with agencies and organizations to lead and establish the mission and vision for low-code solutions across the enterprise by standing up Robotic Process Automation and Data Analytics Centers of Excellence. \n\n\n \n\n\nShelly Turner\nDirector @ Guidehouse \nMs. Turner has 20 years’ experience with managing information technology projects\, including information system implementations. She has led projects to implement enterprise resource planning (ERP) systems\, low code/no code governance\, risk\, and compliance (GRC) solutions\, robotic process automation (RPA) solutions\, identity credential and access management (ICAM) solutions\, and data warehouse (DW) solutions. She also has experience with independent audits and assessments of information technology (IT) controls in connection with laws\, regulations\, and policies in both government and commercial sectors. She has led clients through all phases of technology implementations\, including solution selection\, business requirements capture\, gap analysis\, redesigning business processes\, designing customizations for gap-fit\, solution testing\, user training\, and post go-live support. She is a Certified Scrum Master (CSM) and has used both Agile and Waterfall implementation methodologies. \n\n\n \n\n\nDr. Farrokh Alemi\nProfessor & Researcher @ George Mason University \nDr. Farrokh Alemi was trained as an operations researcher and industrial engineer and has worked in both academia and health industry. He maintains patents on (1) sentiment analysis\, (2) measurement of episodes of illness and (3) personalized medicine. He has more than 125 peer reviewed publications in journals such as Health Services Research\, Medical Care\, eClinicalMedicine and Palliative Medicine. His research focuses on causal analysis of massive data available in electronic health records. His publications have contributed to predictive medicine\, precision medicine\, comparative effectiveness of medications\, sentiment analysis\, natural language processing\, as well as other models and trajectories. \nAlemi maintains a decision aid for selection of antidepressants at http://MeAgainMeds.com. Alemi is the author of Multi-Morbidity index\, used in management of polypharmacy patients. In addition\, Alemi was a pioneer in online management of patients and has provided Congressional testimony on role of Internet in health delivery. He is the author of a book on decision analysis and another on policy systems and a third on application of process improvement to personal health. A fourth book\, on causal statistical analysis\, was published in 2020. \n\n\n \n\n\nRodney Snyder\nPartner @ Guidehouse \nRodney is a partner at Guidehouse within our Cyber Security Practice and leads our Supply Chain Risk Management (SCRM)\, Open Source Intelligence (OSINT)\, and Cyber Threats work. This includes leveraging the enormous and fast-growing universe of worldwide\, publicly available. information\, such as cyber\, corporate\, SCRM\, financial\, geolocational\, and open-source data to which data science and analytic tools can be applied. Before joining Guidehouse\, Rodney was a consultant with PwC Public Sector and\, prior to that\, served a full career in the US government\, including as a chief of station in the Middle East\, CIA chief of staff under two directors\, special assistant to the President at the White House\, and assistant commissioner at US Customs and Border Protection. He helped stand up the National Counterterrorism Center and began his career as a presidential management intern and an analyst. \n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about recent topics in the IT modernization space. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/summer-seminar-itmodernization/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/07/summer-seminar-itmodernization-2023.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230727T083000 DTEND;TZID=America/New_York:20230727T123000 DTSTAMP:20240911T155506Z CREATED:20230715T152313Z LAST-MODIFIED:20240911T155506Z UID:30664-1690446600-1690461000@isaca-gwdc.org SUMMARY:Summer Seminar - Cybersecurity DESCRIPTION:Organizations face complex cybersecurity challenges and need to prepare in addressing current and future cybersecurity risks\, protection of operations and sensitive data\, and compliance with regulatory requirements. Join ISACA Greater Washington DC and Guidehouse for this summer seminar and don’t miss this opportunity to stay ahead of the curve and empower your organization to mitigate cybersecurity risks effectively. \nInformation security program managers\, cybersecurity managers and professionals\, IT audit professionals\, business executives\, students or professionals interested in learning about enhancing cybersecurity posture of organizations should attend this event. \nRegistration closes on July 26\, 2023 @ 8pm.   This is a free virtual event. \nRegister Today! \n  \nEvent Sponsor \nThe GWDC is once again pleased to partner with our Platinum Sponsor Guidehouse on another series of summer seminars. \n \n  \nAgenda \n\n8:30 AM – 9:30 AM \n\n\nAsset Intelligence and Understanding Cyber Risk \nPresenter: Amanda Kane (Guidehouse) \nThe proliferation of technology in today’s digital climate has led to an increase in digital assets\, creating more complexity and risks for organizations in securing networks and protecting data. Many organizations struggle with fragmented asset management and outdated legacy systems as the link between asset intelligence and cyber resilience is often underestimated due to the rapid pace of technological advancements. \nIn this presentation\, Amanda Kane will emphasize the need for an entity-wide shift in thinking\, sophisticated tools for identity and access management\, proactive asset management\, and the right combination of technology and processes to improve asset intelligence and increase resilience against cyber threats. \n\n\n9:30 AM – 10:30 AM \n\n\nNIST SP 800-216 – Federal Vulnerability Disclosure Guidelines \nPresenter: Dr. Kim Schaffer (NIST) \nBy establishing a vetted reporting structure\, federal agencies can focus on mitigating and remediating vulnerabilities in their systems. NIST SP 800-216\, Recommendations for Federal Vulnerability Disclosure Guidelines\, describes the policies and procedures for receiving vulnerability reports\, assessing them\, communicating with stakeholders\, and releasing advisories. The guidelines build upon ISO/IEC 30111 and ISO/IEC 29147 to cover the multitude of systems used by the Federal Government. In this presentation\, Kim Schaffer will highlight the requirements of the IOT Cybersecurity Improvement Act of 2020\, the process of adopting ISO/IEC standards for the Federal Government\, and the steps to take for implementation. \n\n\n10:30 AM – 11:30 AM \n\n\nCybersecurity: Challenges and Regulatory Trends in the Financial Services Industry \nPresenters: Prasun Howli (Guidehouse) and Tracy Angulo (Guidehouse) \nThe compliance requirements for the ever-changing cybersecurity landscape are increasing and becoming a focal point of interest in the cybersecurity world. As a counter measure to the rising cybersecurity regulations\, the adoption of best practices becomes crucial in developing a robust cybersecurity program\, and strategies for safeguarding your organizations’ critical assets. \nIn this presentation\, Prasun Howli and Alma Angotti will explore the latest trends and challenges in cybersecurity\, with a special focus on two crucial regulatory frameworks: the NYDFS (New York Department of Financial Services) cybersecurity regulations and the SEC (Securities and Exchange Commission) proposed rule. \n\n\n11:30 AM – 12:30 PM \n\n\nPrivileged Identity and Digital Risk Assessment Playbooks \nPresenter: Dr. Kenneth Myers (GSA) \nPrivileged users are unique user types that perform various security-related duties. As such\, privileged accounts are most likely to be targeted by cybercriminals or abused by malicious insiders. Unwanted behavior or compromised privileged accounts are responsible for the most high-profile federal and private security breaches. It is a critical Identity\, Credential\, and Access Management (ICAM) capability to secure privileged access. \nIn addition\, digital identity represents each individual engaged in an online transaction. However\, an individual’s real-life identity may not be known when used to access a digital service. Identity proofing helps establish that the individual is who they claim to be. Digital authentication provides reasonable risk based assurances that the individual accessing the application is the same individual who previously accessed the service. \nIn this presentation\, Dr. Kenneth Myers of the GSA will discuss the Privileged Identity Playbook and Digital Risk Assessment Playbook. \n  \n\n  \nPresenters \nAmanda Kane Partner\, Guidehouse \nAmanda Kane leads the Identity and Access Management (IAM) offering within the Advanced Solutions Cybersecurity Solutions Team at Guidehouse. Amanda works with clients so that the right people\, have the right access\, to the right resources\, for the right reasons. By taking an identity-centric approach\, Amanda works supports clients in establishing IAM strategies\, creating IAM solution roadmaps\, and implementing IAM technical solutions in the areas of: identity governance\, credentialing solutions\, privileged access management\, logical access control systems\, and physical access control systems. \nDr. Kim Schaffer\nNational Institute of Standards and Technology \nDr. Schaffer is a cybersecurity specialist in the Information Technology Laboratory at the National Institute of Standards and Technology. Formerly a Laboratory Director of a cryptographic security test lab\, Dr. Schaffer joined NIST in 2009 where he has been developing and integrating NIST and ISO/IEC cybersecurity standards. He has over 30 years of experience in cybersecurity\, is a Certified Information Systems Security Professional\, and holds a Doctor of Science in Information Assurance. \nPrasun K. Howli\nDirector\, Guidehouse \nPrasun K Howli is a Director within Banking\, Insurance & Capital Markets practice at Guidehouse. He has over 15 years of experience in advising and working with leading financial institutions. His experience has allowed him to manage some of the large and complex digital transformation\, data privacy\, cybersecurity\, credit reporting and third-party risk management engagements delivering strategic operational improvements. He is experienced in leading alliances with technology vendors and system integrators delivering complex strategic digital transformation engagements with cross functional teams. \nHe led several cybersecurity and technology risk engagements using various frameworks\, standards and regulatory requirements. He also led several data privacy engagements\, digital transformation\, payments and technology enablement engagements delivering strategic operational improvements. \nTracy Angulo\nDirector\, Guidehouse \nTracy Angulo is a Director in the Financial Crime\, Fraud\, & Investigative Services (“FFI”) practice at Guidehouse. She is an accomplished attorney\, Certified Fraud Examiner (“CFE”)\, and Certified Anti-Money Laundering Specialist (“CAMS”) with over 20+ years expertise in administrative law and investigations\, the last 15 in securities law and regulation\, financial crime compliance\, anti-money laundering (“AML”) compliance and financial fraud investigations. At Guidehouse\, Ms. Angulo has provided a wide compilation of financial crimes compliance and financial compliance services including projects for domestic and global financial institutions. \nPrior to joining the private sector\, Ms. Angulo served as a Principal Attorney Investigator in FINRA’s Enforcement Department for over six years and served as an Institutional Integrity Officer at the World Bank Group as a lead investigator in a variety of complex\, high-profile fraud and corruption investigations. \nDr. Kenneth Myers\nGeneral Services Administration \nKenneth Myers is the Director of the Identity Assurance and Trusted Access Division with the General Services Administration Office of Government-wide Policy. He advises and coordinates government-wide cybersecurity policies and collaborates with federal executive branch agencies on implementation guidance. As an identity professional\, he has experience working with various public and private organizations on digital identity\, PKI\, security management\, and governance challenges. He is a former active duty Marine and received his Doctorate of Science in Cybersecurity from Marymount University. \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about recent topics in the cybersecurity space. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2023-summer-seminar-cybersecurity/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/07/summer-seminar-cybersecurity-2023.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230622T170000 DTEND;TZID=America/New_York:20230622T190000 DTSTAMP:20230509T174243Z CREATED:20230503T005341Z LAST-MODIFIED:20230509T174243Z UID:30566-1687453200-1687460400@isaca-gwdc.org SUMMARY:Networking Event following the 2023 Annual Meeting DESCRIPTION:The ISACA GWDC is hosting a networking event following the 2023 Annual Meeting.  The networking event will be from 5:00 to 7:00 PM at the Hilton McLean Tysons Corner.  Members do not have to attend the conference to attend this networking event.  This is a free event and an RSVP is required to attend. \nRegistration closes on June 21\, 2023 @ 5 pm.  \nRSVP Today! \n  \n\nEvent Sponsorship \nIf your organization is interested in being a sponsor for this event\, please contact Adnan Sijercic\, Outreach Director\, for details on sponsorship opportunities.  (Go to the Contact Us page select “Sponsorship” under “I have a question about”) \n\n  \nVenue Information \nHilton McLean Tysons Corner\n7920 Jones Branch Drive\nMcLean\, Virginia 22102\n \nHotel Website | Phone Number: (703) 847-5000 \nParking Information\nThe hotel offers complimentary parking (Ballroom Entrance / South Parking location). \nNearest Metro\nThe hotel offers free shuttle pick up service from Tysons Corner Metro Station.   To arrange a pickup\, call the hotel at 703-847-5000. \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \n  URL:https://isaca-gwdc.org/event/2023-annual-meeting-networking/ LOCATION:Hilton McLean Tysons Corner\, 7920 Jones Branch Drive\, McLean\, VA\, 22102\, United States CATEGORIES:Social Events END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230622T093000 DTEND;TZID=America/New_York:20230622T170000 DTSTAMP:20240912T105351Z CREATED:20230503T004052Z LAST-MODIFIED:20240912T105351Z UID:30547-1687426200-1687453200@isaca-gwdc.org SUMMARY:2023 Annual Meeting DESCRIPTION:The ISACA® GWDC Annual Meeting is the Chapter’s premium event for the year. The AGM provides training and networking opportunities for all attendees and the opportunity for GWDC members to learn about the Chapter’s health\, achievements\, plans\, and other important matters. Presentations and panels focus on emerging technologies\, risk vectors\, mitigation strategies\, and governance trends. Topics are aimed equally at participants focused on the Government and Private sectors. All our sessions are designed to increase your understanding of current topics and hone your professional skills by learning directly from leading practitioner in their fields. \nThis is an in-person event that will be held at the Hilton McLean Tysons Corner.  IT executives\, management and operations staff\, risk management leaders and professionals\, IT auditors\, cybersecurity professionals\, students or anyone interested in learning more about this topic should attend this event. \nFor the convenience of all our members\, we will make the Chapter’s business session\, the Annual General Meeting (AGM) of the Membership\, available to them on-line. \nAfter the Annual Meeting there will be a networking event in the same venue.  A separate RSVP is required for this event.   \nRegistration closes on June 21\, 2023 @ 5 pm.  \nRegister Today! \n  \n\nEvent Sponsorship \nIf your organization is interested in being a sponsor for this event\, please contact Adnan Sijercic\, Outreach Director\, for details on sponsorship opportunities.  (Go to the Contact Us page select “Sponsorship” under “I have a question about”) \n\n  \nAgenda \n\n\n09:30 AM – 09:40 AM \n\n\nOpening Remarks \n  \n  \n\n\n09:40 AM – 10:30 AM \n\n\nIT System and Security Audit \nPresenter: Clemon Joseph (Deloitte) \nDefining an IT Auditor; Distinguishing the roles/responsibilities between government clients and private sector contractors; and Leveraging technology for Information Systems \n\n\n10:30 AM – 11:20 AM \n\n\nThe Power of Collaboration: ISACA Chapters Building the Industry Through Partnership \nPresenter: Virginia “Ginger” Spitzer (One In Tech) \nThrough a robust Scholarship Program\, ISACA’s Foundation One In Tech provides academic awards through a collaborative model offering US-Based Academic Scholarships and International Academic Scholarships. Within those categories\, we provide awards in partnership with ISACA Chapters\, corporations\, academic institutes\, and other non-profits. The Chapters are the most powerful in impacting their own cities and communities.  \nISACA has approximately 220 chapters around the world\, representing nearly 165 countries. ISACA chapters are uniquely positioned to build the workforce on a global scope. In addition\, corporations are also positioned to build the future workforce that will meet the increasing need for cyber professionals. Together with ISACA’s Foundation\, Chapters can have maximized impact through the Academic Scholarship Program. This presentation outlines the specifics of this powerful collaborative effort. \n\n\n11:20 AM – 12:10 PM \n\n\nThe Banking Crisis: A Failure of Risk Governance \nPresenter: Masood Aziz (BlockFi) \nThe banking crisis has unearthed deep structural shortcomings in both risk governance and lack of adequate regulatory supervision by the financial authorities. The impact\, influence and content of technological advances in banking makes it so that today’s banking is no longer your grandfather’s bank. Advanced payment systems\, the ubiquity of social media and new communication means\, and everyone having a smart phone in their pockets have all come to us so fast that regulators are having challenges keeping up. At the same time\, innovative bank executives\, left unchecked have found ways of increasing their own compensation at the expense of creating systemic risks and costing the public. Our systems of safety and soundness\, including the role of bank board of directors is in question once again. Who is in charge of looking after the interests of customers\, stakeholders\, the public at large\, and the community the organization operates within? Should we count on the CEO\, the Board\, the Internal Auditors\, the External Independent Auditors\, or the Regulatory Agencies? It turns out that all of these parties failed. How can effective Risk Governance be one such solution to help alleviate these failures in the future? \n\n\n12:10 PM – 12:40 PM \n\n\nLunch and Annual Membership Meeting \n(Zoom is only available to GWDC members who cannot attend the conference) \n\n\n12:40 PM – 01:30 PM \n\n\nRisk Management -> Painting the Bridge \nPresenter: Anthony Johnson (Delve Risk) \nDriving organizational change is hard but when you’re trying to change how a company thinks about risk…Well sometimes that’s a bridge too far. The bigger the organization\, the bigger the bridge that needs to be painted. In this discussion we’ll look at how risk management can be optimized and performed to maximize outcomes for even the largest of organizations. We’ll talk about what “painting the bridge” means\, and discuss suggestions for how to measure success when the bridge always seems to keep getting longer while you’re driving down it! \n\n\n01:30 PM – 02:20 PM \n\n\nRethinking Cybersecurity \nPresenter: Eugene H. Spafford (Purdue University) \nWe have been developing and practicing cybersecurity for over 60 years. However\, despite that history\, we still face massive failures and losses. Every year\, there seems to be dozens of new companies and products\, yet none really solve the problems\, which seem to multiply at a faster rate than the solutions available. Perhaps we have been making some incorrect assumptions about the nature of the problem — and the parties involved.  \nIn this talk\, I will discuss some insights gathered from 45 years in the field as both a practitioner and educator. In particular\, I will discuss some of the missteps and misconceptions that have contributed to our problems\, not least of which is the canard “The user is the weakest link.” With a shift in how we think about our goals and approaches we may be able to make more progress in defending our systems. \n\n\n02:20 PM – 02:30 PM \n\n\nCoffee Break \n  \n  \n\n\n02:30 PM – 03:20 PM \n\n\nAutomotive Cybersecurity & Data Management Platform for Connected Vehicles \nPresenter: Haim Kantor (Upstream Security) \nThe Automotive industry is rapidly expanding into a vast smart mobility ecosystem\, introducing new levels of cyber sophistication and attack vectors. \nHaim Kantor\, Upstream’s VP North America will discuss strategies to detect and mitigate critical automotive cyber security risks and vulnerabilities to help automotive and smart mobility stakeholders ensure trust and safety. \nKey topics and takeaways: \n\n Gain insight into the latest automotive and smart mobility cybersecurity trends\n Deep dive into the new threat actors\, motivations and impact\n Learn about increases in API-related incidents and the rise in EV charging infrastructure cyber attacks\n Get a glimpse into the threats lurking in the deep and dark web\n\n\n\n03:20 PM – 04:10 PM \n\n\nBuilding Value in a World of Change \nPresenter: Douglas W. Webster (TFC Consulting) \nEveryone will agree that we seek to deliver value in our work efforts\, but seldom do we explicitly define what we mean by “value”. This in turn leads to an inability to explicitly manage value delivery. This session will provide a universally valid and actionable definition of value\, explain how every attendee has a role in value delivery\, and discuss overcoming of impediments to the delivery of maximum value. \n\n\n04:10 PM – 05:00 PM \n\n\nHow to lead\, brand and network as an introverted cybersecurity pro: differentiate yourself\, make an impact and drive change without changing your personality \nPresenter: Prachee Kale (Think.Design.Cyber) \nThe presentation educates introverted techies and entrepreneurs to: \n\n Understand why introverts are critical for advancing cybersecurity today and tomorrow. \n Be seen\, heard\, and respected as an introvert. Learn how to transmute introversion from a limitation into a superpower. \n Dispel myths and biases about introverts vs. extroverts and\, how it affects leadership\, driving change\, self-promotion\, branding\, and networking. \n Develop connections and build relationships that serve you and others. \n Overcome fears and blocks so you can lead diverse\, high performing teams and drive org change. \n Learn how to invite and apply diverse perspectives to achieve outcomes\, even those you may disagree with. \n Practical tips for different types of interactions – how to prepare (before and after). From 1:1s\, small group meetings (15-20 people)\, executive committees\, happy hours to formal events or conferences (15+ people).\n\n\n  \n  \nPresenters \n\n \n\n\nClemon Joseph\nProject Delivery Manager @ Deloitte\nCDFM \nMr. Clemon Joseph currently serves as a Project Delivery Manager at Deloitte with over 17 years of professional experience. He is an Information Technology (IT) and financial audit readiness leader with experience providing cross-functional support to both private and public sector clients. He serves as a technology consultant with the ability to lead teams to assess internal controls of business processes and to deliver training on emerging technologies that adds value to organizations. \n \n\n\n \n\n\nVirginia “Ginger” Spitzer\nExecutive Director @ One In Tech\, an ISACA Foundation \nVirginia “Ginger” Spitzer joined One In Tech\, an ISACA Foundation in November 2019 as the Foundation’s inaugural Executive Director. With a focus of building ISACA’s new Foundation\, One In Tech\, Ginger launched the start-up phase of the Foundation that engages members\, chapters\, organizations and other nonprofits\, corporations\, and the public in supporting the Foundation’s mission. As part of ISACA’s leadership team\, Ginger ensured the Foundation’s work aligned within the strong culture and community of ISACA and offers innovative\, relevant global programming. OIT works to building trust\, care\, confidence\, and career engagement in the digital space for students\, educators\, professionals\, and businesses.  \nGinger brings 25-plus years of non-profit leadership experience in fundraising; foundation start-ups; program development\, operational strategies\, and innovative collaborative models. Much of her extensive career experience has focused on missions working toward equity\, equality\, access\, and awareness within underserved communities. She has specialized in areas of youth development\, education\, and social justice and has led organizations with local\, national\, and global service.  \nBuilding ISACA’s Foundation One In Tech through ISACA chapter and membership engagement is the key focus for Ginger’s work in 2023 and beyond. \n \n\n\n \n\n\nMasood S. Aziz\nHead of Enterprise Risk Management (former) @ BlockFi Inc. \nMasood is a risk management leader\, adviser & guide to executives and board of directors. He has been a Chief Risk Officer\, and Head of Risk Management for PIMCO’s Investment Operations\, when Bill Gross (the “Kind of Bonds”) & Mohamed El-Erianthe managed over $1.9 billion aum and run the world’s largest fixed-income investment management firm. Head of Enterprise Risk Management at BlockFi\, the leading blockchain & Digital Asset fintech. Head of Operational Risk & Compliance at State Street\, the world’s largest custody bank. \nIn working with boards and the C-Suite\, Masood has been a leading expert in establishing the risk governance infrastructure\, including the board and executive level risk and audit committees. He has helped align and integrate risk management within organizational strategies\, and to assure execution\, and profitability. He has defined & established the risk appetite both at the corporate & operational levels\, created committee charters and led the implementation of policy & procedures\, and risk cultures firm-wide. \nMasood was head of service & solution delivery at the Big-4 KPMG & BearingPoint consulting firms\, and run his own consulting firm to support C-Suite & board risk management and operational effectiveness. He has led complex client initiatives\, and managed teams of experts to lead solutions helping clients optimize financial and operational information\, to create growth and profitability\, to manage risk capital\, and address regulatory challenges. \nMasood is an expert in creating and implementing risk systems and technology\, including along blockchain technology solutions. He has led projects to implement systems such as Chase Cooper\, Wolters Kluwer\, QRM\, BondEdge\, Kamakura Risk Manager (KRM). Masood has also created\, designed and implemented an in-house\, proprietary\, risk analytics\, simulation and reporting system. \nMasood is a member of the Directors and Chief Risk Officer Group (DCRO)\, and on the risk leadership group at the Professional Risk Managers’ International Association (PRMIA). He is a frequent speaker and lecturer\, including on TV & radio\, and has published articles and books. He has an MBA from Thunderbird School of Global Management\, a Bachelor of Science degree from Southern Illinois University and has obtained the French Baccalaureat from Paris\, France. \n \n\n\n \n\n\nAnthony Johnson\nManaging Partner @ Delve Risk \nAnthony Johnson is a Managing Partner at Delve Risk\, where he leads a practice focused on driving technology and risk management transformation on behalf of their clients. He brings extensive technical and executive leadership experience to the practice while also serving as a technology advisor to a number of software solution providers. Anthony is a graduate of Indiana University\, where he received a Masters of Business Administration (MBA) and of Regis University where he received a BS in Computer Information Systems.  \nThroughout his career\, Anthony has led some of the largest Cybersecurity programs in the world as the Chief Information Security Officer\, dealing with highly complex multi-national regulatory requirements and ever evolving sophisticated threats. He has driven dramatic program transformations across hundreds of people\, with budgets in the hundreds of millions of dollars; emphasizing the expansion of analytics\, secure from the start architecture\, incident response and cloud first security approaches to shatter expectations of what is possible with “classic corporate teams”. He leads with a people first mentality and is a coach to existing CISO’s around the world\, helping to translate complicated technology issues into actionable strategic plans that align with the corporate and Board objectives.  \nAnthony is a global speaker on the topic of cyber security and enterprise risk\, an active technology evangelist/advisor to emerging and startup companies and has multiple patents in progress related to both risk management and blockchain.  \nPrior to joining Delve Risk\, he served as the Global CISO and Managing Director for multiple Fortune 100 companies\, including Fannie Mae ($120bn) and the Corporate & Investment Bank (CIB) at J.P. Morgan Chase & Company ($35bn).  \nHis other passions include advancing the discussion on diversity and inclusion in the workforce and creating channels for disadvantaged youth to enter the technology field. He lives in the Washington D.C. metropolitan area with his wife and daughter. \n \n\n\n \n\n\nEugene H. Spafford\nProfessor of Computer Sciences @ Purdue University \n\nEugene H. Spafford is a professor of Computer Sciences at Purdue University. He is also the founder and Executive Director Emeritus of the Center for Education and Research in Information Assurance and Security. He has been working in computing as a student\, researcher\, consultant\, and professor for 45 years. Some of his work is at the foundation of current security practice\, including intrusion detection\, incident response\, firewalls\, integrity management\, and forensic investigation. His most recent work has been in cyber security policy\, forensics\, and future threats. He has also been a pioneer in education\, including starting and heading the oldest degree-granting cybersecurity program.\n\nDr. Spafford has been recognized with significant honors from various organizations. These include being elected as a Fellow of the American Academy of Arts and Sciences (AAA&S)\, and the Association for the Advancement of Science (AAAS); a Life Fellow of the ACM\, the IEEE\, and the (ISC)^2; a Life Distinguished Fellow of the ISSA; and a member of the Cyber Security Hall of Fame — the only person to ever hold all these distinctions. \nAmong many other activities\, he is vice-chair of ACM Publications Ethics & Plagiarism Committee\, is editor-in-chief of the journal Computers & Security\, serves on the Board of Directors of the Computing Research Association\, and as a member of the National Security Advisory Board for Sandia Laboratories. More information may be found at https://spaf.cerias.purdue.edu/narrate.html. \n \n\n\n \n\n\nHaim Kantor\nVice President\, North America @ Upstream Security \nHaim leads Upstream’s North America team and business. Haim is an executive Sales and Marketing professional with more than 20 years of experience\, with an unbroken record of success leading sales and marketing strategies to increase revenue. Prior to joining Upstream\, Haim led sales for companies such as Driivz\, Netcracker Technology\, Amdocs and Comverse. \n \n\n\n \n\n\nDouglas W. Webster\nPrincipal @ TFC Consulting\nCGEIT \nThe Honorable Doug Webster is a Principal with TFC Consulting. \nHe is a retired Air Force officer with a subsequent quarter century both working in and consulting to the federal government. He has served as Director of Risk Management at USAID and Deputy Director of the DoD Business Transformation Agency.  As a Senate-confirmed Presidential appointee\, he has served as CFO of both the Department of Labor and the Department of Education. \nHe is pioneer in Enterprise Risk Management in the federal government\, having introduced the topic to the White House in 2008\, established the first federal interest group in ERM that same year\, led the founding of the founding of the Association for Federal Enterprise Risk Management (AFERM) in 2011\, and developed and taught the inaugural ERM course for George Washington University. \nDr. Webster has co-authored or co-edited four books\, including Chasing Change: Building Organizational Capacity in a Turbulent Environment (2009)\, Managing Risk and Performance: A Guide for Government Decision Makers (2014)\, and Value Based Management in Government (2020).  He is an elected Fellow of the National Academy of Public Administration\, and holds the ISACA CGEIT certification. \n \n\n\n \n\n\nPrachee Kale\nCEO/Co-founder @ Think.Design.Cyber\nExecutive Fellow @ CyberTheory Institute \nPrachee Kale helps introverted techies and entrepreneurs become high impact leaders by transforming their introversion into a superpower that drives change and creates networks that generate returns. Her unique service offerings bust the blocks\, myths and biases of branding\, leadership and networking as introverts vs. extroverts. She has combined her personal experiences and a successful 17-year corporate career in 1) business strategy\, 2) technology & cybersecurity\, 3) equity & inclusion and\, 4) executive coaching to develop her four-step method so her clients have a clear path to transform their fears\, blocks and limits into accelerants.  \nShe is the CEO/Co-founder of Think.Design.Cyber (https://www.thinkdesigncyber.com/)\, TDC LeadersHub (https://www.tdcleadershub.com/) and a Founding Executive Fellow at CyberTheory Institute. Prachee has a Masters Degree in Bioinformatics from George Washington University where she helped her introvert classmates defend their theses\, wrote distributed computing code\, experimented on HIV viruses\, and did PCR tests (yep\, those).  \nPrachee speaks on topics of empowering introverts\, cybersecurity and gender diversity at global conferences\, summits\, and podcasts. She makes meaningful connections with her audience and leaves them with a positive growth mindset\, actionable steps and impact they remember.  \nWhen she’s not working\, Prachee loves to solo travel\, sail\, host dinners. She is a total foodie and will surely whip up something delicious whenever you visit! \nFun facts: Prachee loves boats but is afraid of swimming in open waters\, she was once called a ‘pit-bull’ and ‘passionate’ woman during the same meeting! And\, her sister is a total introvert but a successful Bollywood movie director. \n \n\n  \nVenue Information \nHilton McLean Tysons Corner\n7920 Jones Branch Drive\nMcLean\, Virginia 22102\n \nHotel Website | Phone Number: (703) 847-5000 \nParking Information\nThe hotel offers complimentary parking (Ballroom Entrance / South Parking location). \nNearest Metro\nThe hotel offers free shuttle pick up service from Tysons Corner Metro Station.   To arrange a pickup\, call the hotel at 703-847-5000. \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this event\, attendees will increase their understanding of current topics and honed their professional skills by learning directly from leading practitioner in their fields.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method: Live\, in-person\n Field of Study: Information Technology – Technical URL:https://isaca-gwdc.org/event/2023-annual-meeting/ LOCATION:Hilton McLean Tysons Corner\, 7920 Jones Branch Drive\, McLean\, VA\, 22102\, United States CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/04/annual_meeting_2023-e1682897030340.png ORGANIZER;CN="Yehuda Schmidt (Annual Meeting Questions)":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230518T083000 DTEND;TZID=America/New_York:20230518T133000 DTSTAMP:20230517T174821Z CREATED:20230510T011310Z LAST-MODIFIED:20230517T174821Z UID:30586-1684398600-1684416600@isaca-gwdc.org SUMMARY:Risk Management and Governance DESCRIPTION:The ISACA Greater Washington DC (GWDC) is proud to host our annual Risk Management and Governance conference. This conference is part of our monthly conference series. \nIT professionals\, IT advisory or audit professionals\, business executives\, students or professionals interested in learning more about IT Audit should attend this event. \nRegistration closes on May 17\, 2023 @ 12pm.  \nRegister Today! \n  \nAgenda \n\n08:30 AM – 09:30 AM \n\n\nA Cybersecurity Management Operating System (MOS) \nPresenter: Allan Alford (Allan Alford Consulting) \n\n\n09:30 AM – 10:30 AM \n\n\nCybersecurity Working with the C-Suite and the Tech Leadership to Bring About Results \nPresenter: Scott Rubin (KPMG) \nIn any business or government agency\, the leaders seek to achieve their mission objectives and not get caught up in technical details. Threats from malicious cyber actors and sometimes careless employees can disable or destroy entire electronic information and SCADA systems. While the inclination to learn more about cyber-based threats and environmental losses to availability are at perhaps an all-time high in C-Suites and with Federal Government agency directors\, there is precious little time to waste in enabling smart and useful cybersecurity programs in our workplaces. We can help these leaders by being the bridge between the technical underpinnings that support their mission objectives\, and the technical workforces that spend their time enabling and defending those systems. This topic is for managers and executives that find themselves either too technical or too aligned with the business operations to make all of the necessary connections that lead to effective cybersecurity outcomes. \n\n\n10:30 AM – 11:30 AM \n\n\nData Governance and IT Governance \nPresenter: David Cole \nKnowing your data and how it resides in IT systems assists in developing governance and monitoring of data. \n\n\n11:30 AM – 12:30 PM \n\n\nHow Security Teams Are Failing to Protect Users from 3rd Party Tracking and How to Stop It \nPresenter: Mike Landeck (NTT Data) \nWhile there is significant time and investments made by the CISO and Privacy offices to assure that user data is not leaked from the network\, users’ data- often their most sensitive- is being leaked to third-parties by the myriad of analytics tools that are added to web applications even after they have passed their security testing and privacy impact assessments\, thus creating a blind spot for those who are actually responsible for security and privacy. \nThis talk will provide information to privacy and security professionals on how to identify third-party tracking code that has been added to their applications\, how to assess the severity of the issue\, and how to articulate the problem to their leadership. \n\n\n12:30 PM – 01:30 PM \n\n\nCloud Computing System Implementations: Risk & Governance Audit Considerations \nPresenter: John Heath (KPMG) \nOrganizations are increasingly moving financial systems to cloud environments\, which raises potential risk and governance concerns\, particularly with respect to financial statement audits. During this session the speaker will provide a brief overview of cloud computing followed by risk considerations with respect to cloud migrations addressing areas of project governance\, user security\, data migration\, and control integration. \n\n  \nPresenters \n\n \n\n\nAllan Alford\nPresident & CISO\, Allan Alford Consulting \nWith twenty+ years in information security\, Allan has served as CISO five times in five industries\, with a strong history in technology\, manufacturing\, telecommunications\, litigation\, education\, cybersecurity and more – at companies ranging from 5 to 50\,000 employees. \nAllan parlayed an IT career into a product security career and then ultimately fused the two disciplines. This unique background means that Allan approaches the CISO role with a highly business-aligned focus and an understanding of an organization’s greater goals\, drivers\, methods\, and practices. Allan seeks at all turns to positively impact the top and bottom lines. \nAllan holds a Master of Information Systems & Security and a Bachelor of Liberal Arts with a focus on Leadership. \nAllan gives back to the security community via The Cyber Ranch Podcast\, by authoring articles\, speaking at conferences and teaching. \n\n\n \n\n\nScott Rubin\nDirector\, FED CIO Advisory @ KMPG \nScott Rubin is a Director at KPMG where he leads consulting programs that span the systems engineering spectrum from specific operational capabilities to the enterprise. Scott’s professional career began in the United States Air Force working with electronic cryptographic communication systems. After his military service\, Scott would serve on the staff at the Defense Advanced Research Projects Agency (DARPA) as their inaugural Chief of Information Security\, where he was responsible for the Agency’s operational cyber mission. His career progression spans from working inside of discreet-component TTL and CMOS systems up to designing and deploying large-scale interconnected information system environments in the cloud. \nScott is also an Adjunct Lecturer in Georgetown University’s School of Continuing Studies\, teaching graduate courses in Cybersecurity Risk Management and the Applied Intelligence program. Before Scott came to Georgetown\, he was an Adjunct Professor/Lecturer at George Washington University in the graduate Cybersecurity Policy and Compliance track. \nScott provides instruction across the Cybersecurity and Intelligence landscapes\, from policy and management concepts and practices as well as the complex technical aspects that exist in networked systems. Scott’s instructional coursework experience includes: \n\n \n\n Auditing\, Monitoring\, and Intrusion Detection for Information Security Managers\n Management of Information and Systems Security\n Managing the Protection of Information Assets and Systems\n Cybercrime for Information Security Managers\n Advanced Analytic Techniques in Intelligence\n Cybersecurity Governance Frameworks\n\n\n\nScott brings over 30 years of professional experience into the classroom environment\, from the leading edges of the Department of Defense\, to federally funded research and development programs in the Intelligence Community\, and across the commercial consulting industry. Scott ties in real-world examples and modern technical and managerial challenges to broaden the course experience. \nWhen Scott is outside of the classroom or not consulting with clients\, he is an active father to his kids Cassandra\, Oliver\, and Miriam\, and doing all he can to keep up with his wife of twenty years\, Brigitta. A graduate from George Washington University with a Master of Engineering in Cybersecurity Policy and Compliance\, Scott keeps active in hobbies that helped launch his career\, including the restoration of classic arcade pinball machine and video games. \n  \n\n\n  \n\n\nDavid Cole\nOwner @ SysAudits.com\nCPA\, CISA\, CRISC \nMr. Cole has an extensive and diverse leadership and management experience covering IT security\, cyber assessments\, regulatory assessments\, IT audits\, and IT operations support. Mr. Cole is currently the owner of SysAudits.com. \nMr. Cole held numerous Director of IS Audit positions at: \n\n U.S. House of Representatives Office of Inspector General\n Department of Education\, Office of Inspector General\n Smithsonian Office of Inspector General\n\nLeadership included: \n\n Regulatory assessments (ITAR\, FISMA\, and HIPPA) of company and government IT operations\, contract compliance\, outsourced data centers\, and IAAS\, PAAS\, and SAAS cloud operations\n Drafted national cybersecurity policy for the National Industrial Security Program (NISP) under the Director of National Intelligence\n C-Suite presentations and Congressional testimony\n Technical testing and training – pentesting\, disaster recovery\, and others\n Forensic and technical support to Federal Agent cybercrimes investigations\n\nMr. Cole held numerous IT Operations positions: \n\n Chief Information Officer\, Defense Security Service (DSS): Executive leadership and management oversight for all IT operations to include multiple datacenters\, systems engineering\, application development\, cybersecurity\, IT policy\, budget and resource planning. Responsible for a $100 million+ annual IT budget and 150+ technical staff supporting 70+ locations.\n Director Designated Approving Authority\, DSS – CISO for cleared industry with responsibility for certification and accreditation under the NISP of 40\,000+ information systems at 14\,000+ locations.\n\n  \n\n\n  \n\n\nMike Landeck\nDirector of Security Consulting @ NTT Data \nMike Landeck led the security implementation and then operationalized two of the Country’s largest cloud-based healthcare IT projects. Mike has been responsible for the overall security of systems with financial transactions of over $4 billion per month\, as well security programs regulated by HIPAA\, SOX\, PCI\, FISMA (NIST 800-53) the IRS and FedRAMP. \nMike is a frequent conference speaker and workshop presenter focusing on such topics as software security testing and security program management. \n  \n\n\n \n\n\nJohn Heath\nDirector\, Audit\, Technology Assurance @ KPMG LLP \nJohn Heath is an IT director in KPMG’s Federal practice and has more than 17 years of experience providing audit and advisory services to the Federal Government\, commercial organizations\, and not-for-profit organizations. His career has mainly focused on IT support for financial statement audits and system and organization control (SOC) examinations. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 5 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this conference\, attendees will have a better understanding of current trends and practices in risk management and governance.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/risk-conference-2023/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/05/risk_conference_2023.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230506T083000 DTEND;TZID=America/New_York:20230506T170000 DTSTAMP:20230306T010046Z CREATED:20221226T182057Z LAST-MODIFIED:20230306T010046Z UID:29795-1683361800-1683392400@isaca-gwdc.org SUMMARY:Certificate of Cloud Auditing Knowledge (CCAK™) Spring 2023 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certificate of Cloud Auditing Knowledge (CCAK™).  The dates of the CCAK review course are three consecutive Saturdays: May 6\, 13\, and 20\, 2023 from 8:30 am to 5:00 PM. \nThe CCAK course is designed to cover the following five core areas of focus: Cloud governance\, Cloud compliance\, Cloud auditing\, Cloud assurance\, and CSA tools. The course will provide knowledge on cloud security assessment methods and techniques\, and will assist students in updating their expertise in cloud and hybrid security auditing. CCAK is a joint project by Cloud Security Alliance® and ISACA®. The CCAK is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical education for cloud IT auditing. \nPlease take a moment to hear from the instructor\, Sushila Nair\, about the benefits of the CCAK certification and how the review course will help you prepare for the CCAK exam.   \n \nThis event is intended for anyone sitting for the CCAK Exam. Students are expected to have prepared for the exam prior to attending the course. \nRegistration closes on May 4\, 2023 @ 5pm.  \nRegister Today! \n  \n\nEarly-Bird Discount \nThose who register by April 6\, 2023 save $50 off the price of the course.   \nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Modules \n\nModule 1 \n\n\nCloud Governance \n\n Overview of governance\n Cloud assurance\n Cloud governance frameworks\n Cloud risk management\n Cloud governance tools\n\n\n\nModule 2 \n\n\nCloud Compliance Program \n\n Designing a cloud compliance program\n Building a cloud compliance program\n Legal and regulatory requirements\n Standards and security frameworks\n Identifying controls and measuring effectiveness\n CSA certification\, attestation and validation\n\n\n\nModule 3 \n\n\nCCM and CAIQ Goals\, Objectives and Structure \n\n CCM\n CAIQ\n Relationship to standards: mappings and gap analysis\n Transition from CCM V3.0.1 to CCM V4\n\n\n\nModule 4 \n\n\nA Threat Analysis Methodology for Cloud Using CCM \n\n Definitions and purpose\n Attack details and impacts\n Mitigating controls and metrics\n Use case\n\n\n\nModule 5 \n\n\nEvaluating a Cloud Compliance Program \n\n Evaluation approach\n A governance perspective\n Legal\, regulatory and standards perspectives\n Risk perspectives\n Services changes implications\n The need for continuous assurance/continuous compliance\n\n\n\nModule 6 \n\n\nCloud Auditing \n\n Audit characteristics\, criteria & principles\n Auditing standards for cloud computing\n Auditing an on-premises environment vs. cloud\n Differences in assessing cloud services and cloud delivery models\n Cloud audit building\, planning and execution\n\n\n\nModule 7 \n\n\nCCM: Auditing Controls \n\n CCM audit scoping guidance\n CCM risk evaluation guide\n CCM audit workbook\n CCM an auditing example\n\n\n\nModule 8 \n\n\nContinuous Assurance and Compliance \n\n DevOps and DevSecOps\n Auditing CI/CD pipelines\n DevSecOps automation and maturity\n\n\n\nModule 9 \n\n\nSTAR Program \n\n Standard for security and privacy\n Open Certification Framework\n STAR Registry\n STAR Level 1\n STAR Level 2\n STAR Level 3\n\n\n  \nCCAK Information and Resources \nAbout the CCAK \nThe CCAK exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CCAK exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CCAK and Exam Registration \n  \nCCAK Exam Preparation \nStudents who wish to take the exam should purchase the exam study guide here. The Q&A database is purchased here and is helpful for the exam revision. \n  \nInstructor \n\n \n\n\nSushila Nair\nCISSP\, GIAC GSTRT\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair. CISSP\, GIAC GSTRT\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK\, is Capgemini’s Vice President\, North American Cybersecurity practice. Capgemini is a global leader in providing secure digital transformation for our clients. Sushila has most recently served as the Vice President for cybersecurity offers at NTT Data Services and has held the role of a CISO for 10 years. Sushila has over 30 years of experience in computing infrastructure\, business and security risk analysis\, preventing credit card fraud\, and served as a legal expert witness. Sushila has been featured in global technical events including RSA\, Segurinfo and ISACA’s global conferences\, co-authored books and is regularly quoted in the press. She plays an active role in supporting best practices and skills development within the cybersecurity community through her work with ISACA and CSA. \nSushila is part of the ISACA global emerging trends working group and vice president of ISACA Greater Washington\, D.C. Chapter. Sushila Nair was named by IT Security Guru as one of the Most Inspiring Women in Cyber 2022! \n \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \n\n Demonstrate key concepts of cloud governance and the role of assurance\, transparency and accountability in the cloud.\n Explain cloud risk management and the application of cloud governance tools.\n Devise the designing\, building and evaluating of a cloud compliance program based on laws\, regulations and regulatory standards.\n Apply control objectives\, technical and process controls\, security metrics and relate them to cloud control frameworks\, certification\, attestation and authorisations.\n Define and illustrate how to use the CSA Cloud Control Matrix and the CSA Top Threat Analysis Methodology.\n Build and execute an audit plan that addresses cloud concerns by utilising the Cloud Control Matrix.\n Discuss the impact of continuous assurance and auditing\, cloud automation\, native development and integration models on auditing and compliance .\n Describe the role of the CSA STAR Program.\n\n  \nCPE-Related Details \n\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/ccak-review-course-spring2023/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2022/12/ccak_spring_2023-e1676941319779.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230428T093000 DTEND;TZID=America/New_York:20230428T170000 DTSTAMP:20230416T144416Z CREATED:20221220T162012Z LAST-MODIFIED:20230416T144416Z UID:29780-1682674200-1682701200@isaca-gwdc.org SUMMARY:Seminar - Introduction to Auditing with PowerShell Part 2: Working with Data and Scripting DESCRIPTION:This one-day virtual seminar is designed for students to expand their skills in using PowerShell® to perform audits. This course explores two fundamental aspects of using PowerShell: working with data and scripting.  PowerShell has vast capabilities for working with a variety of data and auditors can use these capabilities to analyze\, organize\, and export data to meet their audit objectives and requirements.  Scripting allows auditors to further use these capabilities to process large amounts of data in a repeatable and efficient manner.  This is especially useful if auditors routinely need to perform the same analysis.  While built for systems administrators\, auditors can use PowerShell’s capabilities to write effective and repeatable scripts for use in their audits that can save time\, increase testing populations\, and lead to better audit results! \nThis seminar is for any Auditor\, IT Auditor\, or Cybersecurity professional who want to incorporate PowerShell into their toolkits for accomplishing audits and projects. \nRegistration closes on April 27 @ 12pm.  Capacity is limited to 30 registrants.  \nRegister Today! \n  \n\nRelated Seminar \nThis seminar builds on the concepts taught in the Introduction to Auditing with PowerShell Part 1: Overview and Basic Commands seminar. \n\n  \nAgenda \n\nMorning Topics \n\n\nWorking with data in PowerShell \nHands-on practice in Working with Data \n\n\nAfternoon Topics \n\n\nScripting Basics \nHands-on practices for Scripting Basics \nTroubleshooting Scripts \nHands-on exercise \nReview and recap \n\n  \nInstructor \n\n \n\n\nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 28 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 17+ years\, most of the time as Internet/Communications Director. Mike is currently the Associate Director for Web Development\, where he manages the chapter’s website. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter completing this course\, students will have skills to work with data in PowerShell and develop PowerShell scripts. \n  \nCPE-Related Details \n\n Prerequisites: Students should have a basic understanding of PowerShell. The ISACA GWDC course Introduction to Auditing with PowerShell Part 1: Overview and Basic Commands satisfies this prerequisite.\n Advance Preparation: The instructor will provide materials in advance of the course that should be saved to the student’s computer. Students can follow along with the instructor in executing PowerShell commands during the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/powershell/ LOCATION:Virtual Event CATEGORIES:Special Seminars ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2022/12/ps_seminar-e1678063263304.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230422T090000 DTEND;TZID=America/New_York:20230422T170000 DTSTAMP:20230306T010329Z CREATED:20221220T140840Z LAST-MODIFIED:20230306T010329Z UID:29746-1682154000-1682182800@isaca-gwdc.org SUMMARY:CRISC Spring 2023 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certified in Risk and Information Systems Controls™ (CRISC®).  This review course will provide practical advice on preparing for the CRISC exam and specific instruction regarding the job practice areas addressed by CRISC as defined by ISACA® Global. The dates of this course are three (3) consecutive Saturdays: April 22\, 29\, May 6\, 2023 from 9 am to 5 pm Eastern. \nPlease take a moment to hear from the instructor\, Jim Wiggins\, about the course and how it will help you prepare for the CRISC exam.  Jim has over 20 years of cybersecurity experience and is an ISACA accredited instructor. \n \nThis event is intended for anyone sitting for the CRISC Exam. Students are expected to have prepared for the exam prior to attending the course. \nRegistration closes on April 21 @ 5pm.  \nRegister Today! \n  \n\nEarly-Bird Discount \nThose who register by March 21\, 2023 save $50 off the price of the course.   \nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nAgenda \n\nDay 1 \n\n\nIntroduction \nGovernance (Domain 1) \n\n\nDay 2 \n\n\nIT Risk Assessment (Domain 2) \nRisk Response and Reporting (Domain 3) \n\n\nDay 3 \n\n\nInformation Technology and Security (Domain 4) \nPractice Tests \n\n  \nCourse Materials and Exam Resources \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CRISC exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CRISC Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CRISC Review Manual and the CRISC Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CRISC Review Manual\n CRISC Review Questions\, Answers & Explanations Manual\n CRISC Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CRISC page as part of their study program.  \n  \nInstructor \n\n \n\n\nJim Wiggins \nJim has over 25 years of direct experience in the design\, operations\, management\, and auditing of information technology systems\, with the past 20 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and state government contracting clients. \nToday\, Jim is the Founder and Principal at Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, C&A\, Security+\, and other courses requested by Securible’s clients. Today with Securible\, Jim provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Agency (CISA) inside of the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501c6 non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024. FITSI provides a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501c3 public charity that focuses on cyber education and is the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation runs the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at http://www.fitsifoundation.org. \nIn 2020\, Jim started a TV show around cybersecurity. This show is called “Cybersecurity Today” and can be viewed in the Washington\, DC area. Also\, episodes can be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n\n  \nVirtual Meeting Information \n\n This event will be presented online through Microsoft Teams.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CRISC exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/crisc/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2022/12/crisc_spring_2023-e1676941024183.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230414T093000 DTEND;TZID=America/New_York:20230414T170000 DTSTAMP:20230329T184017Z CREATED:20221220T161345Z LAST-MODIFIED:20230329T184017Z UID:29776-1681464600-1681491600@isaca-gwdc.org SUMMARY:Seminar - Introduction to Auditing with PowerShell Part 1: Overview and Basic Commands DESCRIPTION:This one-day virtual seminar is designed for students who want to learn different ways that PowerShell® can be used in performing audits. Students will learn the basics of PowerShell\, including commands to import\, view\, summarize\, and export data. Students will also be taught how PowerShell can be used to obtain data from Windows Event Logs\, Active Directory\, Azure Active Directory\, and other data sources. \nThis seminar is for any Auditor\, IT Auditor\, or Cybersecurity professional who want to incorporate PowerShell into their toolkits for accomplishing audits and projects. \nRegistration closes on April 13\, 2023 @ 12pm.  Capacity is limited to 30 registrants. \nCapacity for this event has been reached.  We are considering a second session for the seminar this spring.  If you’re interested\, click the registration button below   and add your name to the waitlist. \nRegister Today! \n  \n\nRelated Seminar \nIf this topic interests you\, the chapter is also offering an Introduction to Auditing with PowerShell Part 2: Objects and Scripting seminar. \n\n  \nAgenda \n\nMorning Topics \n\n\nOverview of PowerShell \nBasics of Using PowerShell Commands \nPowerShell Commands to Import\, Summarize\, View\, and Export CSV Data \n\n\nAfternoon Topics \n\n\nOverview of Using PowerShell to Import Data from XML and Text Files \nOverview of Using PowerShell to Import Data from Windows Event Logs \nOverview of Using PowerShell to Import Data Word and Excel Files \nOverview of Using PowerShell to Import Data from Active Directory \nOverview of Using PowerShell to Import Data from Azure Active Directory \nPractical Exercises \n\n  \nInstructor \n\n \n\n\nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 28 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 17+ years\, most of the time as Internet/Communications Director. Mike is currently the Associate Director for Web Development\, where he manages the chapter’s website. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter completing this course\, students will have skills to use PowerShell to import\, summarize\, and output data. Students will also have an awareness of potential data sources that PowerShell can be used with. \n  \nCPE-Related Details \n\n Prerequisites: Students should be familiar with using Windows and using CSV files.\n Advance Preparation: The instructor will provide materials in advance of the course that should be saved to the student’s computer. Students can follow along with the instructor in executing PowerShell commands during the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/seminar-introduction-to-auditing-with-powershell-part-1-spring2023/ LOCATION:Virtual Event CATEGORIES:Special Seminars ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2022/12/ps_seminar-e1678063263304.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230413T144500 DTEND;TZID=America/New_York:20230413T170000 DTSTAMP:20230403T134555Z CREATED:20230218T155631Z LAST-MODIFIED:20230403T134555Z UID:30042-1681397100-1681405200@isaca-gwdc.org SUMMARY:2023 Annual FISMA and Risk Management Framework Panel Discussion DESCRIPTION:The 2023 Annual FISMA Conference provides a useful update to IT Auditors on the current landscape of efforts to comply with the Federal Information Security Modernization Act of 2014 (FISMA). Come hear perspectives from senior federal executives from the Office of the National Cyber Director\, National Institute of Standards and Technology\, and the United States Department of Justice who play key roles in FISMA compliance efforts. During this session\, we will learn about recent changes to the FISMA metrics\, and the opportunities and challenges agencies face in complying with FISMA. \nIT advisory or audit professionals that serve or support the Public Sector should attend this event. \nRegistration closes on April 12\, 2023 @ 12pm.   This is a free virtual event for GWDC Members. \nRegister Today! \n  \nEvent Sponsor \nThe ISACA Greater Washington D.C. Chapter is proud to have Cotton\, A Sikich Company as the sponsor for this annual event.  \n \nFounded in 1981\, Cotton is a certified public accounting firm headquartered in historic Old Town Alexandria\, Virginia. Cotton has focused our practice on providing services predominantly for governmental agencies and programs\, and we have continued to expand both our client base and our range of services. Today\, Cotton provides a full range of audit\, accounting\, IT\, and management consulting services. In 2022\, Cotton was acquired by Sikich LLP\, a global company specializing in technology-enabled professional services. With more than 1\,500 employees\, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies and ranks as one of the largest CPA firms in the United States. From corporations and not-for-profits to state and local governments and federal agencies\, Sikich clients utilize a broad spectrum of services and products to help them improve performance and achieve long-term\, strategic goals. \n  \nAgenda \n\n2:45 PM – 2:55 PM \n\n\nOpening Remarks \n\n\n3:00 PM – 4:50 PM \n\n\nPanel Discussion: 2023 Annual FISMA and Risk Management Framework \nModerator: \n\n Yehuda Schmidt\nCPA\, CISA\, CRISC\, CGEIT\nSr. Manager\, Cotton\, A Sikich Company\n\nPanelists: \n\n Melinda Rogers\nDeputy Assistant Attorney General Chief Information Officer\, United States Department of Justice\n Victoria Yan Pillitteri\nCISSP\nFederal Information Security Modernization Act (FISMA) Implementation Project Lead\n Lisa N. Barr\nDirector of Federal Cybersecurity\, Office of the National Cyber Director\n\n\n\n4:55 PM – 5:00 PM \n\n\nClosing Remarks \n\n  \nModerator \n\n \n\n\nYehuda Schmidt\nSr. Manager\, Cotton\, A Sikich Company \nCPA\, CISA\, CRISC\, CGEIT \nYehuda Schmidt joined Cotton\, A Sikich Company in January 2015. Yehuda has 30 years’ experience in assisting federal government agencies with finance\, accounting\, business process improvement\, information technology (IT) internal controls\, and program management. He has extensive experience in managing reviews of internal controls over financial reporting\, operational controls\, and risk management in compliance with Office of Management and Budget (OMB) Circular A-123. Yehuda is leading client’s IT risk assessments in compliance with NIST SP 800-37\, and IT assessment in compliance with NIST SP 800-53. \nYehuda holds an MBA in Finance and Entrepreneurship\, and B.Sc. in Accounting and Economics from the Hebrew University of Jerusalem\, Israel. He is a Certified Public Accountant (CPA)\, a Certified Information Systems Auditor (CISA)\, a Certified Risk and Information Systems (CRISC)\, and Certified Governance of Enterprise IT (CGEIT). \n\n  \nPanelists \n\n \n\n\nMelinda Rogers\nDeputy Assistant Attorney General Chief Information Officer\, United States Department of Justice \nMelinda Rogers was designated as Deputy Assistant Attorney General for Information Resource Management in September 2020. Prior to her designation\, she served as Deputy Chief Information Officer (CIO)\, and earlier she was the Department’s Chief Information Security Officer (CISO). In her role as CIO\, Ms. Rogers is responsible for overseeing the Department’s $3.4 billion Information Technology (IT) investment portfolio\, providing strategic direction to DOJ Components\, and directly supporting mission operations through IT service delivery. Additionally\, within Ms. Rogers’ purview is the Department’s Cybersecurity Program\, which proactively monitors and mitigates risks associated with the management\, security\, and acquisition of DOJ technology assets. Ms. Rogers also has extensive experience in the banking and financial services sector in private industry\, where she was most recently Equifax’s Assistant Vice President for Fraud Prevention and Identity Verification Solutions. \nMs. Rogers received her MBA from Emory University in Atlanta and is an alumna of George Mason University. \n\n\n \n\n\nVictoria Yan Pillitteri\nFederal Information Security Modernization Act (FISMA) Implementation Project Lead\, National Institute of Standards and Technology\nCISSP \nVictoria Yan Pillitteri is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and also leads the Federal Information Security Modernization Act (FISMA) Implementation Project\, supervising a team of technical and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing cybersecurity risk in the federal government\, and associated stakeholder outreach and public-private coordination/collaboration efforts. She serves as the lead of the Joint Task Force working group\, a partnership with Department of Defense\, the Intelligence Community and Civilian Agencies to develop a unified security framework to protect USG from cyberattacks and is co-chair of the Federal Cybersecurity and Privacy Professionals Forum hosted NIST. \nShe previously worked on development of the Cybersecurity Framework and Privacy Framework\, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs\, served on the board of directors of the Smart Grid Interoperability Panel\, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security\, including SP 800-12\, 800-37\, 800-53\, 800-82\, 800-171\, 800-171A\, 800-171B\, 800-137A\, 1108 and IR 7628. \nVictoria holds a B.S. in Electrical Engineering from the University of Maryland\, a M.S in Computer Science\, with a concentration in Information Assurance\, from the George Washington University\, completed the Key Executive Leadership Program at American University\, and is a Certified Information Systems Security Professional (CISSP). She has completed a Senior Executive Service Candidate Development Program (SES CDP) and is SES certified. \n\n\n \n\n\nLisa N. Barr\nDirector of Federal Cybersecurity\, Office of the National Cyber Director \nLisa Barr has over 20 years’ experience in the public and private sector leading and directing projects in Cybersecurity\, IT Strategic Planning and Risk Management. Lisa is the first Director for Federal Cybersecurity within the Office of National Cyber Director. She leads federal cybersecurity initiatives and efforts that focus on creating cohesion across the federal enterprise and reducing the burden on federal agencies. Within these 20 years\, she spent 13 years with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA). She has held numerous trusted leadership positions covering cybersecurity policy\, supply chain cybersecurity\, federal cybersecurity governance\, and critical infrastructure resilience. Lisa served a one-year rotational assignment to the OMB Office of the Federal CIO as a Senior Advisor and program lead for the Federal Acquisition Security Council. Previous to her federal service\, Lisa spent several years in the private sector focusing on IT and cyber strategic planning and program management. \nLisa holds a Master’s degree in National Security and Resource Strategy; has received an Executive Chief Information Security Officer certification through Carnegie Mellon; and is a Certified Information Security Manager. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about recent changes to the FISMA metrics and the opportunities and challenges agencies face in complying with FISMA. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2023-fisma-panel/ LOCATION:Virtual Event CATEGORIES:Panels ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/02/fisma_panel_2023-e1676941581180.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230329T170000 DTEND;TZID=America/New_York:20230329T190000 DTSTAMP:20230306T010721Z CREATED:20230221T002234Z LAST-MODIFIED:20230306T010721Z UID:30352-1680109200-1680116400@isaca-gwdc.org SUMMARY:Networking Event following the 2023 Women in Technology and Leadership Conference DESCRIPTION:The ISACA GWDC is hosting a networking event following the Women in Technology and Leadership Conference 2023.  The networking event will be from 5:00 to 7:00 PM at the Hilton McLean Tysons Corner.  Members do not have to attend the conference to attend this networking event.  This is a free event and an RSVP is required to attend. \nRegistration closes on March 28\, 2023 @ 5 pm.  \nRSVP Today! \n  \n\nEvent Sponsorship \nIf your organization is interested in being a sponsor for this event\, please contact Bonita Patillo\, Special Events Director\, for details on sponsorship opportunities.  (Go to the Contact Us page select “Special Events” under “I have a question about”) \n\n  \nVenue Information \nHilton McLean Tysons Corner\n7920 Jones Branch Drive\nMcLean\, Virginia 22102\n \nHotel Website | Phone Number: (703) 847-5000 \nParking Information\nThe hotel offers complimentary parking (Ballroom Entrance / South Parking location). \nNearest Metro\nThe hotel offers free shuttle pick up service from Tysons Corner Metro Station.   To arrange a pickup\, call the hotel at 703-847-5000. \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \n  URL:https://isaca-gwdc.org/event/2023-womenintech-networking/ LOCATION:Hilton McLean Tysons Corner\, 7920 Jones Branch Drive\, McLean\, VA\, 22102\, United States CATEGORIES:Social Events END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230329T100000 DTEND;TZID=America/New_York:20230329T170000 DTSTAMP:20230329T103407Z CREATED:20230221T002151Z LAST-MODIFIED:20230329T103407Z UID:30350-1680084000-1680109200@isaca-gwdc.org SUMMARY:Women in Technology and Leadership Conference 2023 DESCRIPTION:The ISACA GWDC Chapter is proud to host our 2023 Women in Technology and Leadership Conference. This conference is our premier annual event centered around the experience of women in technology and leadership positions. Our technology enrichment topics will focus on awareness and strategies around Cybersecurity\, Data Privacy\, and Technology Leadership.  Specific leadership focus areas include how to pursue IT and Cybersecurity roles in the organization\, discuss if the glass ceiling is too low\, and how women and advocates may support women’s career paths in technology. Our speakers are top leaders and experts in the technology field\, ready to share their experiences\, insights\, and tips for succeeding in a rapidly evolving industry. Attendees will have the opportunity to learn about the latest trends and challenges\, connect with like-minded professionals\, and engage in thought-provoking discussions. \nThis is an in-person event that will be held at the Hilton McLean Tysons Corner. IT executives\, management and operations staff\, risk management leaders and professionals\, IT auditors\, cybersecurity professionals\, students or anyone interested in learning more about this topic should attend this event. \nThere will be a free networking session after this event.   A separate RSVP is required to attend the networking session.  \nRegistration closes on March 28\, 2023 @ 5 pm.  \nRegister Today! \n  \n\nEvent Sponsorship \nIf your organization is interested in being a sponsor for this event\, please contact Bonita Patillo\, Special Events Director\, for details on sponsorship opportunities.  (Go to the Contact Us page select “Special Events” under “I have a question about”) \n\n  \nAgenda \n\n10:00 AM – 11:00 AM \n\n\nNever Trust\, Always Verify: The Zero Trust Approach to Cybersecurity \nPresenter: Sushila Nair (Capgemini) \nZero Trust is a cybersecurity model that assumes that all resources and services\, both internal and external\, are not inherently trustworthy\, and therefore require strict access control and continuous verification. It’s a departure from traditional perimeter-based security models\, which assume that everything inside the network is safe by default. \nThis presentation will cover the key principles of Zero Trust\, including the principle of never trusting\, always verifying\, the importance of strong identity and access management\, and the need for continuous monitoring and analysis of all network activity. We will also discuss the various components of a Zero Trust architecture and how it differs from traditional security models. \nAdditionally\, the presentation will provide an overview of the steps required to implement a Zero Trust architecture\, the benefits of Zero Trust\, and how Zero Trust can help organizations meet regulatory and compliance requirements. We will also discuss how auditors can assess the effectiveness of a Zero Trust architecture. \nBy the end of this presentation\, attendees will understand the importance of implementing a Zero Trust architecture and how it can help improve their organization’s cybersecurity posture. They will have a solid understanding of the key principles\, architecture\, and benefits of Zero Trust\, as well as how to implement it and how to assess its effectiveness. Overall\, the goal is to provide attendees with the knowledge and tools they need to take the first steps toward a Zero Trust architecture. \n\n\n11:00 AM – 12:00 PM \n\n\nTaking an Identity-centric Approach to Zero Trust \nPresenter: Christine Owen (Guidehouse) \n“Identity is the new perimeter” is being repeated over and over again\, because it’s true! A viable Zero Trust Architectures requires a mature\, enterprise-wide IAM program so an organization can understand who is accessing its resources. Christine will discuss the different IAM tools necessary\, and how they interact together to create the foundation of Zero Trust. \n\n\n12:00 PM – 01:00 PM \n\n\nLunch \n\n\n01:00 PM – 02:00 PM \n\n\nData Governance \nPresenter: Cortney Worthy (Zoom) and La-Nay Grant (Cisco) \nDuring this session\, Cortney will cover the following topics: \n\n Understanding the difference between Data Governance\, Data Privacy and Data Security and why it matters to your organization.\n Why a Data Governance Framework is Foundational to an Organization’s Data Security Strategy? And what Role does Identify Management play In Data Governance?\n\n\n\n\n02:00 PM – 03:00 PM \n\n\nResilience in an Era of Disruption \nPresenter: Terry Grafenstine (Citi) \nWe are living in a world where pandemics\, social unrest\, cyber-attacks\, and geo-political tensions are becoming the norm. To survive in this era of disruption\, organizations must shift from a traditional Business Continuity/Disaster Recovery (BCDR) model to Enterprise Resilience. In this session\, attendees will learn about: \n\n Impacts of Disruption\n Regulatory Focus on Resilience\n The differences between BCDR and Enterprise Resilience\n Key considerations in an Enterprise Resilience Model\n\n\n\n03:00 PM – 04:00 PM \n\n\nCrack the Cybersecurity Career Code – CISO’s guide to different career paths in cybersecurity \nPresenter: Ruchi Shewaramani (WA Health Benefit Exchange) \nDo you aspire to join cybersecurity? Already in cybersecurity and aiming to be a CISO? Did you know you do “not” have to be highly technical to excel in cybersecurity? \nIn this session\, Ruchi Shewaramani will present the various career paths to enter and excel in the highly sought after domain of cybersecurity. She will break some popular myths about cybersecurity. You will hear in depth on the various career opportunities across the fields of Application Security\, Identity & Access Management\, Cloud Security and Governance\, Risk and Compliance. \n\n\n04:00 PM – 05:00 PM \n\n\nPanel Discussion \nPanelists: Cortney Worthy (Zoom)\, Sarah Abedin (BreaktheTide)\, K. Casey Watkins (FTI Consulting\, Inc.)\, and Whitney Singletary \nDuring this session\, panelists will discuss the following questions: \n\n Is the glass ceiling still too short?\n How to better support and mentor women in technology.\n\n\n\n05:00 PM – 07:00 PM \n\n\nNetworking Social \nImmediately following this event\, the GWDC will host a networking event. A separate RSVP is required for the networking event. \n\n  \nPresenters \n\n \n\n\nSushila Nair\n Vice President – North American Cybersecurity Practice at Capgemini\nCISSP\, GIAC GSTRT\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair is Capgemini’s Vice President\, North American Cybersecurity practice. Capgemini is a global leader in providing secure digital transformation for our clients. Sushila has most recently served as the Vice President for cybersecurity offers at NTT Data Services and has held the role of a CISO for 10 years. Sushila has over 30 years of experience in computing infrastructure\, business and security risk analysis\, preventing credit card fraud\, and served as a legal expert witness. Sushila has been featured in global technical events including RSA\, Segurinfo and ISACA’s global conferences\, co-authored books and is regularly quoted in the press. She plays an active role in supporting best practices and skills development within the cybersecurity community through her work with ISACA and CSA. \nSushila is part of the ISACA global emerging trends working group and vice president of ISACA Greater Washington\, D.C. Chapter. Sushila Nair was named by IT Security Guru as one of the Most Inspiring Women in Cyber 2022! \n \n\n\n \n\n\nChristine Owen\nDirector at Guidehouse \nChristine C. Owen is a recovering attorney who found solace as the Zero Trust Lead at Guidehouse. She is interested in securing people\, things\, applications\, devices\, and the cloud taking an identity-centric approach. Christine oversees and manages client engagements to provide enterprise IAM and Zero Trust solutions. \nChristine learned IAM principles while consulting for an IAM program that encompassed the entire Federal government. She then moved into a sandbox\, teaching First Responders how to secure their systems; her work resulted in the ICAM Educational Series\, published on the DHS S&T website. In her downtime\, Christine enjoys bourbon\, her grumpy Westie\, and chatting about IAM with anyone who will listen. \n \n\n\n \n\n\nCortney Worthy\nLeader of Data Governance & Compliance at Zoom Video Communications \nCortney Worthy is a passionate Data Governance & Management executive with 14+ years experience. A Mississippi native\, Cortney relocated to the DC Metro area after obtaining a degree in Finance from the University of Memphis and started a career in government consulting. She has successfully led the stand up of several Chief Data Offices across multiple government agencies to include the Department of Defense\, Department of State\, and United States Citizenship and Immigration Services. Cortney currently serves as the Leader of Data Governance & Compliance at Zoom Video Communications where she leads the maturation of data governance capabilities. Cortney’s self-proclaimed super power is her ability to “build relationships of influence to lead organizations to data driven insights with governance as a foundation”. When she’s not working tirelessly to ensure your data is safe and secure\, she serves as a Girl Scout Leader mentoring the next female generation of developers\, engineers\, data scientists\, and leaders. You can also find her making her way up the charts on the Peloton leader board! \n \n\n\n \n\n\nRuchi Shewaramani\nChief Information Security Officer at WA Health Benefit Exchange \nRuchi Shewaramani is a cyber security executive with 15+ years of experience in Information Technology Security\, Identity and Access Management (IAM)\, Governance\, Risk and Compliance (GRC) across Healthcare\, Education and Financial institutions. She holds a Masters in Software Engineering from Seattle U. In the last decade\, she has managed the security program for various Health and Human Services Agencies in the District of Columbia (DC) and Washington state and successfully cleared numerous federal audits. She specializes in leading HealthCare agencies to secure their data\, be compliant with state/federal partners and provide digital trust to the citizens they serve. She is currently serving as the Chief Information Security Officer for WA Health Benefit Exchange and as a Board member for ISACA Greater Washington DC Chapter. \n  \n\n\n \n\n\nTerry Grafenstine\nChief Auditor\, Technology and Business Services at Citi\nCPA\, CISSP\, CISA\, CIA\, CRISC\, CGEIT\, CGAP \nTerry Grafenstine was appointed as the Chief Auditor for Technology and Business Services in November 2020. She is responsible for leading the Internal Audit teams covering technology infrastructure\, cyber\, resilience\, platforms and applications within businesses and functions\, and global business services. Terry joined Citi in April 2019 as the Chief Auditor of Cyber\, Third Party Risk Management\, and Business Continuity. \nTerry has over 25 years of experience in the internal auditing and information technology profession. Before joining Citi\, Terry was a Managing Director in Deloitte’s Risk and Financial Advisory practice where she provided strategic advisory services to Chief Audit Executives across all commercial industries and IT audit\, risk\, and governance advisory services to first line executives in the defense and national security space. Prior to joining Deloitte\, Terry served for eight years as the appointed Inspector General of the U.S. House of Representatives\, where she designed\, managed\, and delivered audit and investigative services\, including the annual financial statement audit and a comprehensive cyber assurance program. \nTerry has held numerous leadership roles to support the auditing\, accounting\, and information technology profession\, including as ISACA’s Global Chair (2017-2018) and as a member of the AICPA board of directors. She currently serves on both the IIA’s North American and Global Boards of Directors. Terry speaks globally on a wide range of subjects\, including cyber security\, internal auditing\, accounting standards\, resilience\, leadership\, and risk. In 2019\, the Institute of Internal Auditors (IIA) recognized Terry as one of the “Top Ten Audit Thought Leaders of the Decade” and inducted Terry into their Hall of Distinguished Audit Practitioners\, the highest honor given by the IIA’s North American board for the accomplishments and contributions made by individuals to advance the internal audit profession. She has received numerous awards and accolades\, including FedScoop’s “Golden Gov Federal Executive of the Year\,” the Greater Washington DC Society of CPAs “Government CPA Leader of the Year”\, the NY Metropolitan ISACA Chapter’s “Joseph J Wasserman Cyber and Governance Leader of the Year\,” and ISACAs “Common Body of Knowledge” and “Best International Conference Speaker of the Year” awards. \nTerry holds a bachelor’s degree in Accounting from Saint Joseph’s University and is a Certified Public Accountant (CPA)\, Certified Information Systems Security Professional (CISSP)\, Certified Information Systems Auditor (CISA)\, Certified Internal Auditor (CIA)\, Certified In Risk and Information Systems Control (CRISC)\, Certified in the Governance of Enterprise IT (CGEIT)\, and Certified Government Auditing Professional (CGAP). Terry has been with Citi IA for 4 years\, has 29 years of auditor experience and 2 years of non-auditor experience. \n \n\n\n \n\n\nSarah Abedin\nFounder and CEO of BreaktheTide\nCISA\, CGEIT\, CRISC\, CDPSE \nSarah Ahmad Abedin is the Founder and CEO of BreaktheTide\, a 501c(3) nonprofit organization in the United States. BreaktheTide (www.breakthetide.org) provides a fundraising platform for nonprofit organizations to help raise funds for empowering women\, children and underprivileged communities. She is a Board member of Sambhali U.S.\, a nonprofit organization in the United States. Sambhali U.S. is a volunteer organization for Girls and Women Empowerment in Jodhpur\, India. Sarah is also a Board member of Gultaz Memorial School and College in Doulatpur\, Chattogram\, Bangladesh. \nSarah is an Information Technology and Cybersecurity expert by profession with extensive management and leadership experience on a broad range of complex\, fast-paced environments in public and private sectors. She started her career as an IT Auditor for the State of Michigan Office of the Auditor General and over the next 30 years she has worked in various capacities for global companies like KPMG\, Financial Industry Regulatory Authority (FINRA)\, NASDAQ Stock Market\, IBM and others. Sarah specialized in IT Security\, Cybersecurity\, Enterprise Governance\, Risk\, Compliance and Privacy in addition to her audit experience (internal and external). Her expertise is in the US Federal Law (NIST\, FISMA\, FedRAMP\, US Data Privacy law\, SOX\, HIPAA)\, COBIT with an emphasis on Strategy\, Governance\, Risk\, Compliance\, Security and Privacy. \nSarah has always been passionate to work in the developmental areas for empowering girls and women.  She has been a mentor and a founding Advisory Council Member of ISACA’s SheLeadsTech (2017-1018). She was also the first Bangladeshi American President (2013-2016) of the Greater Washington DC (GWDC) Chapter of ISACA\, the largest chapter in the world. She was a Member of Privacy Advisory Group of ISACA (2020-2021) and Governance Committee of ISACA (2019-2020). She was an Expert Reviewer of COBIT 2019 Framework (Introduction & Methodology; Governance & Management Objectives). She started the annual Women in Leadership & Technology conference for GWDC in 2016 and hosed this event every year since 2016 to present. \nSarah was an Adjunct professor at the University of Maryland Global Campus (Fall 2012) and an Advisory Board Member of University of Maryland Global Campus\, Graduate School of Management and Technology (Financial Management & Accounting). \nSarah obtained her BBA in Accounting Information Systems from Eastern Michigan University and MBA in Electronic Business from Carey Business School of Johns Hopkins University. \n \n\n\n \n\n\nLa-Nay Grant\nData Governance Leader\, CISCO \nLa-Nay is a leader within Data Governance and has 15+ years of experience. She began her career as a Congressional Intern then led advanced Data Analytics efforts as a Federal Government employee. She is an Ex-Big Senior Manager that now works for Cisco. In her current role she creates policy and initiatives that ensures her organization is compliant with local and international rules and regulations. As well as moving data operations forward by creating robust and innovative solutions that increase business value. She is a big believer in understanding how users see\, process\, and execute on data from various angles to best effect change. \nLa-Nay is a lifelong East of the River Washingtonian. She is a proud HBCU graduate and an active alumni member. She has created and launched mentoring programs focusing on HBCU students and STEM based extracurricular programs for middle school students. She holds a BS in Information Science and Systems from Morgan State University and a MA in Forensic Psychology from Marymount University. \n \n\n\n \n\n\nK. Casey Watkins\nHead of Global Cybersecurity & Privacy\, FTI Consulting\, Inc. \nFor more than 15 years Casey Watkins has served as FTI Consulting’s Head of the Global Cybersecurity & Privacy (GCP) Division based in the Mclean\, VA office. \nMr. Watkins is an information security\, privacy and risk management professional\, executive\, researcher and cybersecurity change agent with many years of information technology and business leadership experience. He is responsible for maintaining FTI’s security and privacy standards and keeping the firm’s security and privacy program up to date. He has over 30 years professional experience in Information Technology and Management with experiences in IT Management\, Project/Program Management\, Network Engineering\, Systems development design\, analysis and implementation; Information Security and IT Audit for complex multi-national organizations and the Department of Defense having spent a combined total of 24 years active and reserve as an Officer in the United States Army. \n \n\n  \nVenue Information \nHilton McLean Tysons Corner\n7920 Jones Branch Drive\nMcLean\, Virginia 22102\n \nHotel Website | Phone Number: (703) 847-5000 \nParking Information\nThe hotel offers complimentary parking (Ballroom Entrance / South Parking location). \nNearest Metro\nThe hotel offers free shuttle pick up service from Tysons Corner Metro Station.   To arrange a pickup\, call the hotel at 703-847-5000. \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 6 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this event\, attendees will have a better understanding of Women in Technology and Leadership current trends and practices.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method: Live\, in-person\n Field of Study: Information Technology – Technical URL:https://isaca-gwdc.org/event/women-in-tech-conference-2023/ LOCATION:Hilton McLean Tysons Corner\, 7920 Jones Branch Drive\, McLean\, VA\, 22102\, United States CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2023/02/women_in_technology_and_leadership_conference_2023-e1677425207400.png END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230325T083000 DTEND;TZID=America/New_York:20230325T170000 DTSTAMP:20230306T010503Z CREATED:20221220T141216Z LAST-MODIFIED:20230306T010503Z UID:29734-1679733000-1679763600@isaca-gwdc.org SUMMARY:CISA Spring 2023 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 4-day virtual review course for the Certified Information System Auditor® (CISA®) exam.  This review course will provide practical advice on preparing for the CISA exam and specific instruction regarding the job practice areas addressed by CISA as defined by ISACA® Global. The dates of this course are four (4) consecutive Saturdays: March 25; April 1\, 8\, and 15\, 2023 from 8:30 am to 5 pm Eastern. \nPlease take a moment to hear from one of the instructors\, Jim Wiggins\, about the course and how it will help you prepare for the CISA exam.  The instructors Jim Wiggins and Tyler Harding combined have over 40 years of audit\, IT\, and cybersecurity experience and are ISACA accredited instructors. \n \nThis event is intended for anyone sitting for the CISA Exam. Students are expected to have prepared for the exam prior to attending the course. \nRegistration closes on March 24\, 2023 @ 5pm.  \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nAgenda \n\nDay 1 \n\n\nModule 1 – The Process of Auditing Information Systems \nModule 2 – Governance and Management of IT \n\n\nDay 2 \n\n\nModule 3 – Information Systems Acquisition\, Development\, and Implementation \n\n\nDay 3 \n\n\nModule 4 – Information Systems Operations\, Maintenance\, and Support \n\n\nDay 4 \n\n\nModule 5 – Protection of Information Assets \n\n  \nCourse Materials and Exam Resources \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISA exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISA Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISA Review Manual and the CISA Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CISA Review Manual\n CISA Review Questions\, Answers & Explanations Manual\n CISA Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISA page as part of their study program.  \n  \nInstructors \n\n \n\n\nJim Wiggins \nJim has over 25 years of direct experience in the design\, operations\, management\, and auditing of information technology systems\, with the past 20 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and state government contracting clients. \nToday\, Jim is the Founder and Principal at Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, C&A\, Security+\, and other courses requested by Securible’s clients. Today with Securible\, Jim provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Agency (CISA) inside of the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501c6 non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024. FITSI provides a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501c3 public charity that focuses on cyber education and is the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation runs the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at http://www.fitsifoundation.org. \nIn 2020\, Jim started a TV show around cybersecurity. This show is called “Cybersecurity Today” and can be viewed in the Washington\, DC area. Also\, episodes can be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n\n\n \n\n\nTyler Harding \nSenior Manager\, Amazon Supply Chain \nCPA\, CISA\, CISM\, CISSP\, CAP\, GGEIT\, FITSP:A\, FITSP:M \nTyler Harding is a Senior Manager and leads a commercial and DoD compliance program at Amazon Supply Chain (supplychain.amazon.com). The Compliance team’s goal is to earn customer’s trust and maintain compliance with multiple information security certifications such as ISO 27001\, AICPA SOC 2\, HiTRUST\, and NIST SP 800-171. Prior to his role at Amazon Supply Chain\, Tyler was the DoD Security and Compliance Manager for AWS and led efforts to accredit AWS cloud services to Impact Levels 4 and 5 under DoD’s Cloud Computing Security Requirements Guide (CC SRG). \nBefore joining Amazon in 2019\, Tyler spent over 20+ years in public accounting firms such as PWC\, KPMG\, and Kearney & Company in their respective IT audit practices and led engagement teams through many SOC 1\, FISMA\, and financial statement audits. \nAs a recovering IT auditor\, Tyler now enjoys his Summers and Falls swimming\, cycling\, and playing an occasional round of golf! Tyler has also supported the ISACA Greater Washington D.C. Chapter for over 20 years by teaching CISA\, CISM\, and CGEIT review courses. \n\n  \nVirtual Meeting Information \n\n This event will be presented online through Microsoft Teams.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 32 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CISA exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/cisa-spring-2023-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2022/12/cisa_spring_2023-e1676940839164.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230318T083000 DTEND;TZID=America/New_York:20230318T163000 DTSTAMP:20230306T010538Z CREATED:20221220T141438Z LAST-MODIFIED:20230306T010538Z UID:29741-1679128200-1679157000@isaca-gwdc.org SUMMARY:CISM Spring 2023 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certified Information Security Manager® (CISM) Exam. The CISM® review course will provide practical advice on preparing for the CISM exam and specific instruction regarding the job practice areas addressed by CISM as defined by ISACA® Global. The dates of this course are three (3) consecutive Saturdays from March 18\, 25\, April 1\, 2023 from 8:30 am to 4:30pm Eastern. \nPlease take a moment to hear from the instructor\, Jim Wiggins\, about the course and how it will help you prepare for the CISM exam.  Jim has over 20 years of cybersecurity experience and is an ISACA accredited instructor. \n \nThis event is intended for anyone sitting for the CISM Exam. Students are expected to have prepared for the exam prior to attending the course. \nRegistration closes on March 17 @ 5pm. \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nAgenda \n\nDay 1 \n\n\nModule 1 – Information Security Governance \nModule 2 – Information Security Risk Management \n\n\nDay 2 \n\n\nModule 3 – Information Security Program \nModule 4 – Incident Management \n\n\nDay 3 \n\n\nModule 5 – Exam Preparation Strategies \n\n  \nCourse Materials and Exam Resources \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISM exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISM Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISM Review Manual and the CISM Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CISM Review Manual\n CISM Review Questions\, Answers & Explanations Manual\n CISM Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISM page as part of their study program.  \n  \nInstructor \n\n \n\n\nJim Wiggins \nJim has over 25 years of direct experience in the design\, operations\, management\, and auditing of information technology systems\, with the past 20 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and state government contracting clients. \nToday\, Jim is the Founder and Principal at Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, C&A\, Security+\, and other courses requested by Securible’s clients. Today with Securible\, Jim provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Agency (CISA) inside of the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501c6 non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024. FITSI provides a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501c3 public charity that focuses on cyber education and is the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation runs the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at http://www.fitsifoundation.org. \nIn 2020\, Jim started a TV show around cybersecurity. This show is called “Cybersecurity Today” and can be viewed in the Washington\, DC area. Also\, episodes can be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n\n  \nVirtual Meeting Information \n\n This event will be presented online through Microsoft Teams.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 24 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CISM exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/cism-spring-2023-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2022/12/cism_spring_2023-e1676940650358.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230223T083000 DTEND;TZID=America/New_York:20230223T123000 DTSTAMP:20230225T125653Z CREATED:20221220T153038Z LAST-MODIFIED:20230225T125653Z UID:29772-1677141000-1677155400@isaca-gwdc.org SUMMARY:IT Audit Conference 2023 DESCRIPTION:The ISACA Greater Washington DC (GWDC) is proud to host our annual IT Audit conference. This conference is part of our monthly conference series. \nIT professionals\, IT advisory or audit professionals\, business executives\, students or professionals interested in learning more about IT Audit should attend this event. \nRegistration closes on February 22\, 2023 @ 12pm.  \nRegister Today! \n  \nAgenda \n\n8:30 – 9:30 AM \n\n\nCost Estimating and Scheduling practices for IT modernization Projects \nPresenter: Stephen Gilbride (Library of Congress OIG) \nThis presentation will provide a brief discussion on auditing technical projects for success. Mr. Gilbride will share federal guidance (GAO) and practical experience in the use of Cost Estimating and Scheduling practices for IT modernization projects and programs \n\n\n9:30 – 10:30 AM \n\n\nIT Audit in NASA Environment \nPresenters: Scott Riggenbach (NASA OIG)\, Chris Reeves (NASA OIG)\, and Linda Hargrove (NASA OIG) \nThis presentation will discuss the process of various IT audit performed in NASA environment\, including Cybersecurity Readiness\, Insider Threat and Software Asset Management. \n\n\n10:30 – 11:30 AM \n\n\nIT Audit in Cloud Environments \nPresenters: Shar Qureshi (Deloitte) and Twinkle Patel (Deloitte) \nIn this session\, you will learn about the different types of cloud services and deployment models\, understand the cloud shared responsibility model\, recognize key risks and controls based on the cloud service type\, how to evaluate a SOC report\, and additional considerations from an audit perspective. \n\n\n11:30 AM – 12:30 PM \n\n\nThe value of an IT auditor when integrating controls during a systems implementation or modernization effort. \nPresenter: Geoffery (Geoff) Weber (KPMG) \nGetting controls “right” during systems implementation or modernization efforts is commonly less expensive than designing them post-implementation. Integrators have a tendency to focus on functionality topics rather than controls – perhaps spending more time on users desired business process requirements and screen designs\, for example\, than on security issues. Increasing demands of new regulations for access and security controls provide an opportunity for organizations installing or upgrading ERP systems to design and implement good controls from the onset. This enables the controls to be better monitored and sustained throughout the life of the system. Not doing so has proved expensive: “Going live” before appropriate internal controls are in place negatively impacts business performance and creates unnecessary costs to retrofit controls into the new system. This situation may also cause the organization to report significant control deficiencies and/or material weaknesses. The end result could be adverse audit opinions on the adequacy of their internal controls and financial statements. A proper IT audit lens and methodology that focuses on key control areas helps reduce the risk of failed control environment associated with these systems efforts. \n\n  \nPresenters \nStephen Gilbride\nDirector IT Audits\, the Library of Congress Office of the Inspector General\nCIA\, CISA\, CRISC\, CGFM\, CEH \nMr. Gilbride has been the Director of IT Audits for over 6 years at the Library of Congress Office of the Inspector General. Prior to that he has worked for Accenture Federal Services as a Senior Manager of Internal Audit\, Information Technology. He has also worked for Kearney & Company in the DC area as a Senior Manager of Information Technology Audits for Federal clients. \nMr. Gilbride has a technology engineering background\, having spent twenty years with Nortel Networks in various roles and living in multiple countries designing\, delivering\, and providing sales support for network hardware and software products. \n  \nScott Riggenbach\nAssistant Director IT Audits\, NASA Office Inspector General \nScott Riggenbach has been a member of the NASA Office Inspector General team for the last 17 years based at the Kennedy Space Center in Florida. Prior to that he started his career doing IT audits at Arthur Andersen in Atlanta\, GA and a small startup auditing firm in the DC area. Mr. Riggenbach is an Assistant Director within NASA OIG’s Mission Support Directorate and is responsible for leading the majority of the IT audits for the organization. Scott graduated from Ohio University in Athens\, Ohio and currently resides in Viera\, FL with his wife and two children. \n  \nChris Reeves\nIT Specialist\, NASA Office Inspector General \nChris Reeves has worked for the NASA OIG since 2007. Prior to joining the NASA OIG team Chris spent 10 years serving as an IT specialist in the US Navy. While in the Navy he was responsible for shipboard communications\, information systems administration\, and cyber hygiene. He served at the Space and Naval Warfare Information Technology Center\, the Defense Information Systems Agency\, and the USS Crommelin\, a guided missile frigate based in Pearl Harbor. Chris has led and been involved in a wide range of information technology audits while with the NASA OIG. He has a bachelors in Information Technology Management\, lives in Galveston\, TX and has two young daughters\, Reagan and Avery. \n  \nLinda Hargrove\nIT Specialist\, NASA Office Inspector General \nWith more than three decades of experience in the IT ecosystem\, Linda Hargrove has managed\, led\, and supported complex IT projects for major aerospace programs. Her entire career has been working in data and computing systems at Kennedy Space Center\, FL. Linda is proud to be working at NASA OIG —providing impactful IT oversight by strengthening cybersecurity. Over the years\, her work has garnered various awards\, including NASA’s coveted Space Flight Awareness Launch Honoree Award. Linda holds bachelor and master’s degrees\, with honors\, from Rollins College in Winter Park\, Florida and has taught ‘Computer Systems Analysis & Design’ and ‘Communicating with Technology’ at the collegiate level. \n  \nShar Qureshi\nSenior Manager\, Digital Controls – Cloud Risk\, Deloitte \nShar is a Senior Manager in Deloitte’s Risk and Financial Advisory Digital Controls – Cloud Risk offering. He has been working in financial services and the tech industry for over 19 years. For the past 6 years\, he has been giving all his attention to controls advisory\, assurance and security engagements focusing primarily on AWS. \nHe is a technologist and brings a unique combination of audit/assurance and deep technical understanding of cloud. He has provided guidance to many organizations cross-industry on matters related to governance\, risk management\, compliance and security as organizations navigate their digital transformation. \nHe is an invited speaker and has had the pleasure to present at AWS Re:Inforce\, industry roundtables\, conferences and workshops. He has facilitated numerous cloud audit related courses through many of Deloitte’s partnerships and alliances. He is responsible for leading the upskilling\, cloud fluency\, learning and development initiatives for Deloitte assurance specialists. \n  \nTwinkle Patel\nAdvisory Manager\, Deloitte \nTwinkle Patel is a Manager within Deloitte’s Risk and Financial Advisory Digital Controls – Cloud Risk Offering with over 5 years of experience specializing in Technology Risk. For the past 3 years\, she has been giving all her attention to performing cloud assessments and audits to help companies navigate the cloud environments securely and quickly\, specifically for the Microsoft Azure (Azure) cloud platform. \nPreviously\, Twinkle has worked on Assurance projects\, supporting external financial statement audits\, SOC1 engagements\, and audits in the federal government that are aligned to NIST 800-53 and 800-37. Currently\, she is working on internal audits and projects with a focus on IT security and cloud computing related technologies in the consumer and retail industry. \nIn addition to supporting financial audits\, Twinkle has focused on leveraging her knowledge of IT controls and risk to help serve companies in an advisory capacity\, specializing in risk and control assessments\, pre and post implementation reviews. Twinkle is also currently serving as the project manager on an internal audit project for another publicly listed retail and healthcare company. \n  \nGeoffery (Geoff) Weber\nPrincipal\, KPMG – Federal Practice \nGeoff Weber is a Principal in KPMG’s Federal Practice. His experience spans more than 30 years leading information technology audits and advisory services in the Federal Industry. He currently leads teams assessing technology controls and risks for Federal Audit and Advisory clients. This includes topics such as IT controls\, IT transformation\, ERP/GRC system advisory services\, technology integration\, information security and privacy\, and IT audit and assurance. Geoff began his career in 1991 as a member of the civil service at the Department of Defense and joined KPMG’s Federal Practice in 1998. He earned a BS in Accounting and an MBA from George Mason University and holds CISA and CISM certifications. \n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this conference\, attendees will have a better understanding of current trends and practices in IT Audit.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2023-it-audit-conference/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2022/12/it_audit_conference_2023-e1676940047519.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230209T163000 DTEND;TZID=America/New_York:20230209T180000 DTSTAMP:20230204T190214Z CREATED:20230123T192503Z LAST-MODIFIED:20230204T190214Z UID:29903-1675960200-1675965600@isaca-gwdc.org SUMMARY:Networking Event following the 2023 Diversity\, Equity and Inclusion Trends Special Event DESCRIPTION:The ISACA GWDC is hosting a networking event following the 2023 Diversity\, Equity and Inclusion Trends in Technology special event.  The networking event will be from 4:30 to 6:00 PM at the Hilton McLean Tysons Corner.  Members do not have to attend the DEI special event to attend this networking event.  This is a free event and an RSVP is required to attend. \nRegistration closes on February 8\, 2023 @ 5 pm.  \nRSVP Today! \n  \n\nEvent Sponsorship \nIf your organization is interested in being a sponsor for this event\, please contact Bonita Patillo\, Special Events Director\, for details on sponsorship opportunities.  (Go to the Contact Us page select “Special Events” under “I have a question about”)\n \n  \nVenue Information \nHilton McLean Tysons Corner\n7920 Jones Branch Drive\nMcLean\, Virginia 22102\n \nHotel Website | Phone Number: (703) 847-5000 \nParking Information\nThe hotel offers complimentary parking (Ballroom Entrance / South Parking location). \nNearest Metro\nThe hotel offers free shuttle pick up service from Tysons Corner Metro Station.   To arrange a pickup\, call the hotel at 703-847-5000. \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \n  URL:https://isaca-gwdc.org/event/2023-dei-networking-event/ LOCATION:Hilton McLean Tysons Corner\, 7920 Jones Branch Drive\, McLean\, VA\, 22102\, United States CATEGORIES:Social Events END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230209T110000 DTEND;TZID=America/New_York:20230209T163000 DTSTAMP:20230219T005206Z CREATED:20230123T192404Z LAST-MODIFIED:20230219T005206Z UID:29874-1675940400-1675960200@isaca-gwdc.org SUMMARY:2023 Diversity\, Equity and Inclusion Trends in Technology Special Event DESCRIPTION:ISACA GWDC is proud to host the 2023 Diversity\, Equity and Inclusion Trends in Technology event.  In this event we will focus on current trends in Diversity\, Equity and Inclusion (DEI) and learn how DEI initiatives contribute to organization culture\, help with effective governance\, and why DEI still matters.  This is an in-person event that will be held at the Hilton McLean Tysons Corner. \nIT Executives\, Management and Operations staff\, Risk management leaders and professionals\, IT Auditors\, Cybersecurity professionals\, students or anyone interested in learning more about how diversity\, equity and inclusion can improve individual’s careers and mission of the organization should attend this event. \nThere will be a free networking session after this event.   A separate RSVP is required to attend the networking session.  \nRegistration closes on February 8\, 2023 @ 5 pm.  \nRegister Today! \n  \n\nEvent Sponsorship \nIf your organization is interested in being a sponsor for this event\, please contact Bonita Patillo\, Special Events Director\, for details on sponsorship opportunities.  (Go to the Contact Us page select “Special Events” under “I have a question about”) \n\n  \nAgenda \n\n11:00 AM – 12:15 PM \n\n\nPanel Discussion #1 \nModerator:  Bonita Patillo (ISACA GWDC)  Current Panelists: Chris Ajiri (Zoom Communications)\, Jasmine Brennan (T. Row Price)\, Isabel Luo (ALM First)\, Diane Dempsey (BAE Systems) \nIn this panel\, the following topics will be discussed: \n\n Ways that DEI has been prioritized and tactical activities that have been implemented.\n Benefits to employees and organizations of DEI initiatives and a diverse workforce.\n Promoting DEI initiatives in hybrid work environments.\n Advice for individuals struggling to be their authentic self and how to strive for equity and inclusion in the workplace.\n\n\n\n12:15 PM – 1:00 PM \n\n\nLunch \nLunch is provided for this event. \n\n\n1:00 PM – 1:30 PM \n\n\nAttracting and Retaining Cyber Talent \nPresenter: Marcia Main (Upside) \nAttracting and retaining cyber talent\, the diverse way! Join us for this talk and explore 3 creative (and brave!) strategies that can help you overcome the current talent shortage and build stronger\, happier and more diverse teams. We will discuss: \n\n The need for [diverse] cybersecurity talent\n Why is it so hard to build diverse teams?\n Brave techniques to take diversity beyond just talk\n\n\n\n1:30 PM – 2:30 PM \n\n\nPanel Discussion #2 \nModerator:  Bonita Patillo (ISACA GWDC)  Current Panelists: Dr. Shelton Ricks (Fed Government)\, William E. Jones (VaBHMA)\, Mick Vollmer (ABNB FCU)\, Marcia Main (Upside)\, Britani Jones (The Hanover Insurance Group) \nIn this panel\, the following topics will be discussed: \n\n Promoting DEI initiatives with a reduced or eliminated budget.\n Ways organizations can make their employees feel valued.\n Potential impacts that organizations may have if they do not invest in a DEI program.\n Using the recruitment process help narrow the DEI gap.\n\n\n\n2:40 PM – 3:30 PM \n\n\nHacking Diversity: 3 Simple Steps to Excel as a Risk Leader \nPresenter: Vishal Chawla (BluOcean Digital) \nIn this presentation we will discuss: \n\n What are you really missing as an IT Risk leader if you don’t have a diverse team?\n How Inclusion may be the most important tool to be a successful Risk Leader?\n What are “three steps” you can take today to turn DEI as a business advantage for your Risk department and help your companies build trust with their customers!\n\n\n\n3:40 PM – 4:30 PM \n\n\nThe Impact and Importance of Supplier Diversity and Sustainable Procurement Strategies \nPresenter: Tomaneci Waller Day (T.Rowe Price) \nThis presentation will cover: \n\n Why Supply Chain DEI strategies are a business imperative for all companies\n Customer expectation and reputational risk\n Explore the evolving Environmental Social Governance (ESG) corporate commitments and how these strategies can impact the diverse local business community.\n\n\n\n4:30 PM – 6:00 PM \n\n\nNetworking Event \nImmediately following this event\, the GWDC will host a networking event.  A separate RSVP is required for the networking event. \n\n  \nPanelists and Presenters \n\n \n\n\nChris Ajiri\nData Governance Leader\, Zoom Communication \nChris is a Data Governance Leader at Zoom Communication where he reports to Zoom’s CIO\, he is a seasoned Enterprise Data Management expert with over 15 years in the Industry. Chris works closely with Product\, Privacy and Compliance teams to improve data scalability across the organization. \nChris has executed and implemented various Data Governance and Data Management initiatives. He has worked in the financial industry (Capital One Bank and Freddie Mac) where he spent the majority of his career in data risk management\, data operations\, data validation\, data audits and operational process improvements. In his past role at the Department of Homeland Security (DHS) prior to joining Zoom\, he designed data governance\, data standards and data quality capabilities; hence\, implementing operational and data driven solutions at the Office of the Chief Data Officer (OCDO). \nChris is also a part-time adjunct professor at the School of Information Sciences at the University of Maryland College. Chris earned his master’s degree in Technology management from Georgetown University in Washington DC and a bachelors in Computer Information Systems from the Business School at the University of Maryland College Park. \n\n  \n\n \n\n\nJasmine Brennan\nVP\, Head of DEI Americas\, T. Rowe Price \nJasmine Brennan is a member of T. Rowe Price’s Corporate Diversity\, Equity\, and Inclusion team\, and serves as the VP\, Head of DEI\, Americas. She has been with the firm since March of 2020 and in this role\, Jasmine leads the DEI strategic initiatives for the Americas\, oversees the firm’s global BRG program\, and partners closely with firm’s DEI advisory groups\, championing to accelerate progress and outcomes. \nPrior to joining T. Rowe Price\, Jasmine held a variety of DEI leadership roles across industrial distribution\, consumer product\, and human capital management industries. In her last role\, Jasmine led DEI and CSR at Aerotek\, an Allegis Group company. During her tenure\, Jasmine led a team with responsibility for inclusive leadership training and education\, DEI councils and employee resource group governance\, DEI client engagement and diversity talent programs\, and philanthropic giving and employee volunteerism. \nJasmine graduated from Canisius College with a Bachelor of Arts in Psychology. She received a Master of Science in HR Management from New York Institute of Technology and completed a Diversity Practitioner Certification at Cornell University. She is passionate about authenticity\, inclusion\, well-being and belonging\, and incorporates those areas into both her personal and professional life. \n  \n\n\n \n\n\nIsabel Luo\nManaging Director\, Quantitative Risk\, ALM First \nIsabel is a senior-level executive in the financial services industry with 15+ years of experience in statistical modeling\, capital markets\, and consumer lending. She brings a solid background in leveraging economic theory and statistical methods to identify and mitigate credit\, interest rate\, and liquidity risk. For the last two decades\, Isabel has been assisting financial institutions in quantitative research\, regulatory capital planning and stress testing (CCAR)\, model development and risk management. She designs and develops analytical processes to predict change of consumer behavior in economic cycles. She presents complex technical analysis to diverse audiences including board members\, C-suite executives\, investors\, and regulators. \nCurrently Isabel holds a Managing Director position in a financial advisory firm with $80B fixed- income investments under management. She assists clients in deploying machine learning algorithm in financial analysis and forecasts. Prior to that\, Isabel served as an expert advisor at NCUA (regulatory authority for credit unions)\, advising on how policy would impact the credit union industry. She assisted in drafting regulations and conducted complex research projects to mitigate and effectively manage market risk and liquidity risk. \nPrior to the appointment at NCUA\, Isabel was a Vice President/Managing Director in the nation’s second largest credit union. She was responsible for the annual capital plan submission to NCUA and the Board of Directors. She played a key role as a member of ALCO and financial risk management committees. In addition\, she managed a team of financial analysts\, data scientists\, and economists in model development and risk management. She devised a capital planning and stress testing framework\, which was recognized with the Best Use Case Award at QRM Balance Sheet Management Conference attended by 500 institutions in 2018. \nBetween 2010 and 2013\, Isabel was a senior risk manager of Freddie Mac’s credit risk management division\, where she oversaw analytics and advised on key policy issues including loan modification programs\, foreclosure improvement proposals\, servicer surveillance platform\, and GSE servicing standards implementation for nonperforming subprime mortgages. Isabel was on a team of six people who earned first place in the 2012 Rising Leaders Business Case Competition and Leadership in Action Award. \nPrior to joining Freddie Mac in 2010\, Isabel worked in private equity and financing subsidiaries of General Motors that originated and serviced non-prime mortgages. \nIsabel holds a Master of Business Administration (MBA) in Finance from University of Minnesota and a Bachelor of Science degree in Mathematical Statistics from Shanghai University of Finance and Economics. In 2021\, she was awarded a professional diploma in Machine Learning and Artificial Intelligence through the Columbia Engineering Executive Education Program. \n\n  \n\n\nDiane Dempsey\nDirector\, Small Business Programs for BAE Systems Intelligence & Security Sector. \nMs Dempsey has enjoyed an extensive career in the field of procurement\, subcontracts and supplier diversity. Currently she is the Director\, Small Business Programs for BAE Systems Intelligence & Security Sector. Ms Dempsey has also been a small business advocate for several prime contractors in the DC Metropolitan area. She serves on multiple boards and committees\, most recently served as the Chair\, Capital Region Minority Supplier Development Council Board of Directors. Additionally\, she has served as the TRIAD Industry Group Co-Chair since 2006. Her leadership and advocacy have been recognized with many awards\, including the National Veterans Small Business Coalition 2021 Prime Contractor – Advocate of the Year and U.S. Women’s Chamber of Commerce\, 2021 CEO Award. \nShe received her B.S. from Mary Washington College\, Certificate in Contracts & Procurement\, University of Virginia\, and Master’s Certificate in Procurement & Supply Chain Management\, MS and MBA from the University of Maryland. She is also a certified supplier diversity professional and instructor for the Alliance of Supplier Diversity Professionals. \n\n  \n\n\nMarcia Main\nChief Information Security Officer\, Upside \nMarcia Main currently serves as the Chief Information Security Officer (CISO) for Upside – an exciting retail technology company\, focused on driving value to all points of brick and mortar commerce. Coming from humble beginnings in her native country of Brazil\, she found a path to success in technology – starting as a software engineer and finding her true passion in security after moving to the U.S. She has over 20 years of diverse experience in technology & information security\, having recently led a large security team for Rally Health (at the time\, a non-integrated entity of UnitedHealth Group) and previously held leadership roles in information assurance & security with companies such as KPMG LLP\, FTI Consulting\, and Verizon. Marcia enjoys running\, reading\, and all things fashion – believing that dressing can instill self-confidence and be a wonderful outlet for creativity. She lives in Rockville\, Maryland with her husband Matthew Main and her cat Sophia. \n\n  \n\n\nWilliam E. Jones\nPresident and Founder\, Virginia Black History Month Association \nMr. William E. Jones\, USMC (retired) was born in Brooklyn\, New York and was raised in Baltimore\, Maryland where he enlisted in the Marine Corps in July 1981. During his 21-year tenure as a Marine\, he fulfilled various assignments to include supporting the Multi-National Peacekeeping Force in Beirut\, Lebanon and participating in Operation Desert Shield/Desert Storm. \nAs a government civilian\, Mr. Jones has worked with the U.S. Navy as an Engineering Technician as well as a Program Manager and Deputy Program Manager with the Defense Threat Reduction Agency (DTRA) for the Biological Combat Assessment System. He later held the position of Program Manager for DTRA’s Transformational Medical Technologies Program. He was later assigned as a Project Officer at Marine Corps Systems Command in Quantico\, Virginia. Today\, Mr. Jones is employed as a Program Manager with the Transportation Security Administration (TSA)\, Department of Homeland Defense (DHS) in Springfield\, Virginia. \nIn 2017\, Mr. Jones was selected to serve on the Board of Directors of the Gladys P. Todd Academy\, which tutored and mentored young high school students which provided college scholarships that allow them to graduate from community college before graduating from high school. Mr. Jones was also elected as the Vice-Chairman of the Marine Corps Systems Command’s Diversity Awareness Program. The program manages and oversees the celebrations for the eight Special Emphasis Programs recognized by the Department of Defense. \nMr. Jones’ impressive and extensive educational background includes graduating from the U.S. Army Chemical School and Parachute School. He holds a Bachelor of Science in Psychology with a minor in Behavioral Science from the University of Maryland. He is also a graduate of the Whiting School of Engineering at Johns Hopkins University\, with a Master of Science in Systems Engineering. In 2016\, Mr. Jones furthered his graduate studies at the University of Maryland\, graduating with a Master of Business Administration (MBA). \nHis decorations include: the Meritorious Service Medal\, the Navy Commendation Medal 2nd award\, the Marine Expeditionary Medal\, the National Defense Medal\, the Southwest Asia Service Medal\, the Marine Corps Recruiting Ribbon\, the Kuwait Liberation Medal\, and the U.S. Army Parachute Wings. \nIn 2004\, he was selected for the Department of Defense “2005 Today’s Military” ad campaign\, which published his picture and personal story in magazines like Ebony\, Money\, The Smithsonian\, Sports Illustrated\, and many more. In 2009\, he was also appointed to the Spotsylvania County Board of Directors for Minority Affairs Committee\, which ensures the fair and equal hiring for local county positions. Mr. Jones hobbies include volunteering as the Head Elder at the Fredericksburg Seventh-Day Adventist Church where he currently worships\, as well as serving as Founder/President of the Virginia Black History Month Association. \n  \n\n\n \n\n\nDr. Shelton Ricks\nDeputy Director for Enterprise Leadership and Management\, Federal Government \nShelton is a lifelong learner\, professor\, researcher\, and leadership enthusiast\, steeped in interest in organizational leadership. He has made his mark in the field of social science research\, the study of societies\, and the relationships among individuals within those societies. \nDr. Ricks is currently the Deputy Director for Enterprise Leadership and Management in the Federal Government and has traveled the world in many capacities sharing the importance of leadership and followership\, soft-skill development\, the impact of diversity\, equity\, inclusion\, and accountability (DEIA) and the power of using data analytics to support initiatives. Shelton has worked previously for Verizon\, Northrop Grumman\, Federal Express\, Norfolk Public Schools\, The City of Newport News\, and Bank of America\, and as an entrepreneur for Shelton LR and Associates. \nAdditionally\, Shelton has endured a decade of service\, molding business-minded individuals as a professor at Kellogg Graduate School at Northwestern University\, DeVry University\, Keller Graduate School of Management\, and Eastern Gateway Community College. \nConcerning building respect across differences\, Shelton currently serves on the board of directors for ACCESS VR\, a virtual reality immersive learning company in Northern Virginia; one of the key missions is to increase felt anxieties of diversity and inclusion experiences through immersive learning experiences. Dr. Ricks wrote a whitepaper\, Presence and Immersive Technology Adoption (PiTA): Exploratory Research -Simulation Soft-Skill Development Exploring Use Cases in Virtual Reality\, which he will present at the Interservice/Industry Training Simulation Education Conference (I/ITSEC) in December 2023. The findings highlighted incremental gains from pre and post-assessments concerning comfort levels with discussing diversity and inclusion training and felt anxiety. \nFurthermore\, Shelton has partnered with Kari Heistad at Culture Coach International on several key initiatives to build tools that allow increases in cultural competency. He also is a committee member for the Virginia Black History Month Annual Gala (VaBHMA) and a facilitator for the Intelligence Community Harriet Tubman Leadership Ethos Ride. Shelton holds a Bachelor’s degree in Critical Thinking and Assessment\, a Master’s degree in Business Administration with a concentration in Human Resource Management\, and a doctorate in Management/Organizational Leadership. \nDr. Ricks has been married for over 20 years and has three children. He moonlights as a music director during his free time. \n\n  \n\n \n\n\nMick Vollmer\nChief Information Officer\, ABNB Federal Credit Union\nMBA\, MSIT \nMick Vollmer is married with 2 children and has been a resident of Hampton Roads\, VA for 30 years. He is currently the Chief Information Officer for ABNB Federal Credit Union in Chesapeake\, VA. Mick’s previous lives include Vice President of Cyber and Cloud Security Risk Management at Fifth Third Bank based in Cincinnati; Executive Vice President for Technology Innovation at Towne Bank headquartered in  Suffolk\, VA; Chief Information Officer and Chief Technology Officer for The City of Virginia Beach; and Executive Director and Information Security Officer at ValueOptions\, FHC Health Systems\, headquartered in Northern Virginia. \nMick earned his MBA and a Masters Degree in Information Technology from the University of Maryland. Mick earned a Bachelor of Science degree from Old Dominion University\, and a degree in Engineering from Tidewater Community College. \nMick is a graduate of LEAD Hampton Roads\, LEAD Virginia and the University of Virginia’s Sorensen Institute for Political Leadership. His industry certifications include ISACA GIAC\, ISC 2 CISSP\, Cloud Security Alliance CCSK\, Cloud+\, ITIL v3 and Federal Chief Information Officer Certificate from the US General Services Agency. \nMick’s honors and recognition include a US Patent\, Virginia Governor’s Technology Innovation Award\, Gartner’s Security Innovation Award and Public Technology Institute’s Technology Innovation Award. \n\n  \n\n \n\n\nBritani Jones\nProgram Manager of Inclusion\, Diversity\, Equity\, The Hanover Insurance Group \nBritani Jones (she/her) is the Program Manager of Inclusion\, Diversity\, Equity at The Hanover Insurance Group. In this role\, Britani is one of our IDE subject matter experts\, sharing her perspective\, insights and knowledge to help us build and sustain a more equitable and inclusive work environment that supports our entire employee population. She reports to Haydee Santana\, AVP of Inclusion\, Diversity\, Equity. \nBritani joined The Hanover in December 2019 as a Small Commercial Sales Manager and was chair of the Community Committee for the Kinship Village Business Resource Group. She is a member of the Big I Diversity Council. \nBritani has been in the insurance industry for nearly 15 years\, and prior to joining The Hanover\, she held various marketing and underwriting roles with national and large regional carriers\, including Nationwide\, State Farm and Erie Insurance.  \nIn her personal life\, Britani is active in her district’s school board\, advocating for equitable educational programs and she previously sat on the board of a local parent-led community organization that aims to bring equitable policies and practices to the county in which she and her family reside. \nBritani resides in the DC Metro area with her husband\, Bryan\, and their two sons\, Jace and Logan. \n\n  \n\n\nVishal Chawla\nFounder & CEO\, BluOcean Digital \nVishal is the founder and CEO of BluOcean Digital – a firm obsessed with igniting people’s creativity to invent solutions that protect the trust of companies\, their customers\, and communities by delivering outcome-based consulting services and technology-enabled cybersecurity and privacy solutions. \nWith over 25 years of diversified experience serving clients in the U.S. and internationally in the financial services\, technology\, and media industries\, Vishal has also served as the Senior Partner for PwC Cybersecurity practice\, Global Cybersecurity and Risk Consulting leader at Grant Thornton\, and Senior Partner for Deloitte Cybersecurity practice. \nHe specializes in assisting clients with aligning their cybersecurity & privacy strategies and programs with their Business Strategies\, Digital Transformation program\, and Innovation agenda. Vishal has extensive experience operationalizing risk-led global Cyber & Privacy Risk Management strategies to help clients achieve Customer Trust\, Innovation\, and agility in their business operations\, Operational Resilience\, and Regulatory compliance throughout their digital transformation journey. \nHe has been published or quoted in numerous publications and is a frequent contributor to industry events. Vishal frequently writes for publications such as the WSJ\, MIT magazine\, Risk & Compliance magazine\, RMA Journal\, ISACA\, and Compliance week. He is a frequent speaker on strategic risk\, operational risk\, and Cyber risk at various conferences. \nVishal is certified information systems and security professional (CISSP) living in Great Falls\, Virginia. Vishal is the proud father of two children and is passionate about spending time with his family\, exercising\, Indian music\, cricket enthusiast\, and reading. \n\n  \n\n \n\n\nTomaneci Waller Day\nSupplier Diversity Senior Manager\, T. Rowe Price \nTomaneci brings over a decade of experience in diversity and inclusion program oversight\, structure\, and operations. She began her passion and commitment for diversity\, equity\, and inclusion as the Small Local Minority Business Enterprise\, Outreach Coordinator for the Washington Suburban Sanitary Commission (WSSC) in Laurel Maryland. She later spent ten years with Freddie Mac\, in McLean Virginia\, progressively holding more responsible leadership roles in supplier diversity programming\, including Director of Employees & Suppliers Inclusion and Diversity. As lead for Supplier Diversity for Freddie Mac\, she designed and executed several corporate-wide strategies that delivered a consistent year-over-year increase in employee and supplier diversity metrics and creating The Supplier Academy\, Freddie Mac’s first diverse supplier development program. \nIn 2021 Tomaneci joined T. Rowe Price as the Supplier Diversity Sr. Manager\, responsible for standing up the supplier diversity strategy and driving the leadership\, planning\, organization\, implementation of the T. Rowe Price corporate commitment to supply chain diversity inclusion and sustainable procurement. Tomaneci works to forge partnerships with key stakeholders to advocate for the growth of diverse suppliers and enable supplier inclusion and utilization within contract categories and sourcing strategies. \nTomaneci holds a Bachelor of Arts from Norfolk State University\, a Master of Science from Virginia Commonwealth University\, and earn an executive certification in Diversity and Inclusion for Human Resources from Cornell University. \n\n  \nVenue Information \nHilton McLean Tysons Corner\n7920 Jones Branch Drive\nMcLean\, Virginia 22102\n \nHotel Website | Phone Number: (703) 847-5000 \nParking Information\nThe hotel offers complimentary parking (Ballroom Entrance / South Parking location). \nNearest Metro\nThe hotel offers free shuttle pick up service from Tysons Corner Metro Station.   To arrange a pickup\, call the hotel at 703-847-5000. \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 5 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this event\, attendees will have a better understanding of DEI current trends and practices.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method: Live\, in-person\n Field of Study: Personnel/Human Resources – Non-technical URL:https://isaca-gwdc.org/event/2023-diversity-equity-and-inclusion-trends-in-technology-special-event/ LOCATION:Hilton McLean Tysons Corner\, 7920 Jones Branch Drive\, McLean\, VA\, 22102\, United States CATEGORIES:Special Event END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230119T083000 DTEND;TZID=America/New_York:20230119T123000 DTSTAMP:20230127T234223Z CREATED:20221220T151918Z LAST-MODIFIED:20230127T234223Z UID:29769-1674117000-1674131400@isaca-gwdc.org SUMMARY:2023 Emerging Technology Conference DESCRIPTION:The ISACA Greater Washington DC (GWDC) is proud to host our annual Emerging Technology conference. This conference is part of our monthly conference series. \nIT professionals\, IT advisory or audit professionals\, business executives\, students or professionals interested in learning more about emerging technology should attend this event. \nRegistration closes on January 18\, 2023 @ 1pm.  \nRegister Today! \n  \nAgenda \n\n8:30 – 9:30 AM \n\n\nSecure Controls Framework (SCF): The Evolution of Integrated Controls Management (ICM) \nPresenters: Tom Cornelius (ComplianceForge) and David Driggers (HowToGRC) \nThe presentation will cover the past\, present and future of the SCF. This addresses the rise of the metaframework to address Integrated Controls Management (ICM) to address being both “secure and compliant” in an increasingly complex compliance environment. The presentation will also cover the SCF’s Conformity Assessment Program (CAP) that is going live in February to enable first and third-party assessments against tailored SCF control sets. \n\n\n9:30 – 10:30 AM \n\n\nBeyond the Hype of Mesh Architectures \nPresenter: Peter Illdefonso (Amazon Web Services) \nThe buzz of Mesh Architectures promises the zero-ETL\, native\, and seamless integrations for data systems. Cutting through the buzz\, companies are starting to launch services that will facilitate Mesh Architectures. Understanding the concepts of data\, networks\, and systems integrations will help companies build a strategy to maximize the value from these innovations. So far\, most Mesh concepts have been based on a significant amount of manual coding and tagging. Virtualized data catalogs\, zero-ETL connections\, and vendor managed networks will begin to remove the need for manual and error prone integrations. We will explore the constructs of Mesh and use examples from AWS to show how the concept of Mesh is becoming a reality. \n\n\n10:30 – 11:30 AM \n\n\nWarehouse Technology Transformation: A Case Study in Strategic Modernization \nPresenter: Robert Brian Marshal (KPMG) \nAs warehouses continue to transform at exponential rates regarding technology and data platforms\, implementation efforts can far exceed expectations when it comes to costs and results. By developing a strategy to modernize these platforms according to mission needs\, clients can set realistic expectations and procure appropriate systems and technology to realize potential results in the following areas: \n\n Improved data integrity through enhanced capture techniques\n Streamlined end-to-end business processes and warehouse operations with internal controls\n System-based transactional accuracy for inventory balances and financial reporting purposes\n Carbon-neutral initiatives to meet ESG objectives\n\nOver the past 5 years\, KPMG has helped the Marine Corps to implement technology initiatives at its Wilson Weapons Warehouse in Albany\, GA to establish a foundation on which to build on for future technology modernization and institute a commercial-level transformation in the Federal landscape. This case study will present the efforts to implement a modernization strategy to build that foundational element on which current 5G installation efforts are underway \n\n\n11:30 AM – 12:30 PM \n\n\nThe Modern Digital Workplace: Seven Trends that are Driving Change \nPresenter: Vishal Brown (NTT DATA) \nFactors like remote work\, the emergence of the gig workforce\, and the changing nature of work itself are forcing enterprises to rethink their employee experience. This is driving investment in systems and services that allow employees to stay connected to their business infrastructure and one another\, and support networks with greater resilience across more locations and devices. This talk will frame how we should think about the Modern Workplace and seven important trends shaping it\, and what that means to the design and delivery of workplace services that can lead to superior employee experiences. \n\n  \nPresenters \nTom Cornelius\nSenior Partner\, ComplianceForge \nTom Cornelius is the senior partner at ComplianceForge\, a firm that specializes in cybersecurity and privacy documentation. Tom is also the founder and contributor of the Secure Controls Framework (SCF). \n  \nDavid Driggers\nPartner\, HowToGRC \nDavid Driggers is a partner with HowToGRC\, an advisory firm specializing in implementation and operationalization of SCF-based Integrated Controls Management (ICM) solutions. In addition to being the President of the SCF Accreditation Body (SCF-AB)\, David is also the founder of CMMCplus and SCF Connect cybersecurity software products. \n  \nVishal Brown\nPortfolio Leader – Digital Workplace Services\, NTT DATA\, Inc. \nVishal is the Chief Evangelist and GTM Offering Leader for Digital Workplace Services at NTT DATA with over 20 years of industry experience. Focused on elevating the employee experience and their productivity\, I bring expertise of Modern Workplace technologies that leverage AI\, automation\, and machine learning to enable the Digital Workplace ecosystem. I have helped multiple Fortune 500 organizations design\, implement\, and manage human-centric digital workplace environments. \nHe has published several white papers\, articles\, and blogs and presented at executive industry forums and conferences\, including delivering keynote addresses for worldwide product launches. \n  \nRobert Brian Marshal\nDirector\, Federal Advisory Services\, KPMG \nRobert Brian Marshall is the Warehouse Modernization and Transformation Lead in KPMG’s Federal Advisory Services Practice. With a strong background in defense and commercial supply chain\, logistics\, and operations; his experience includes system design and implementation projects; distribution network strategy development and execution; and business process reengineering for commercial and federal clients. In addition\, he is an Air Force veteran with over 12 years’ experience directing large-scale operations in high-tempo environments. Brian can be found on LinkedIn and is a member of several veteran groups on the social platform. \n  \nPeter Illdefonso\nSolutions Architech\, Amazon Web Services \nPeter Ildefonso has been an Enterprise Solutions Architect for Amazon Web Services for 3 years. He is responsible for working across a large number of industries to identify business problems and working backwards to identify viable and scalable technical solutions. Peter has been helping customers plan and migrate critical workloads for more than 11 years with a recent focus on modern data systems prototyping to provide customers with the speed and scale needed for public facing solutions. He was previously a government cloud migration specialist\, developer\, and systems engineer and is a proud graduate of Clemson University. \n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this conference\, attendees will have a better understanding of current trends and practices in emerging technology.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2023-emerging-tech-conference/ LOCATION:Virtual Event CATEGORIES:Conferences ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221117T083000 DTEND;TZID=America/New_York:20221117T123000 DTSTAMP:20230129T162112Z CREATED:20221104T013010Z LAST-MODIFIED:20230129T162112Z UID:29646-1668673800-1668688200@isaca-gwdc.org SUMMARY:2022 IT Fraud Conference DESCRIPTION:The ISACA Greater Washington DC (GWDC) is proud to host our annual IT Fraud conference. This conference is part of our monthly events. \nFraud and cybersecurity professionals\, IT advisory or audit professionals\, business executives\, students or professionals interested in learning more about IT fraud should attend this event. \nRegistration closed on November 16\, 2022 @ 12 p.m. Participants can use the link below to access CPE Certificates\, feedback survey\, and presentations. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nAgenda \n\n8:30 AM – 9:30 AM \n\n\nStanch the Flow: Anatomy of Fraud in Government Programs \nPresenters: Linda Miller (Guidehouse) and Zachary Rosenfeld (Guidehouse) \nFraud in federal programs is getting bigger\, more complex and more ambitious than ever. Although the unprecedented public spending in the wake of the COVID-19 pandemic ‐ and the similarly unprecedented amount of taxpayer dollars lost to fraud ‐ have drawn more attention to this problem in recent years\, the government's fraud woes long predate the pandemic. The U.S. government needs to move with haste to systematically identify fraud risks that threaten its new benefit programs. If these agencies don't take proactive steps to prevent fraud now ‐ choosing instead to let law enforcement entities chase after fraudsters only after they've stolen program funds ‐ the U.S. government stands to lose several billion more in taxpayer dollars\, with dubious prospects for recovery. In this session\, Linda Miller of Guidehouse will provide insights on how to stanch the flow of money from vulnerable agencies. \n\n\n9:30 AM – 10:30 AM \n\n\nIdentity Theft and Tax Schemes \nPresenter: Anika Pompey (Internal Revenue Service (IRS)) \nAccording to the IRS\, “tax-related identity theft happens when someone steals your personal information to commit tax fraud. Your taxes can be affected if your Social Security number is used to file a fraudulent return or to claim a refund or credit.” During this session\, Anika Pompey will discuss identity theft and tax schemes\, how to identity and protect yourself against business and individual identity theft\, and steps to take if an individual or business becomes the victim of tax-related identity theft. In addition\, Anika Pompey will also discuss the 2022 Dirty Dozen Tax Schemes. \n\n\n10:30 AM – 11:30 AM \n\n\nHow does fraud happen via APIs? \nPresenter: Jeremy Synder (FireTail.io) \nIn this talk\, Jeremy Snyder will examine the causes of API data breaches and API abuse. He'll explain the main control factors\, and where to provide observability or instrumentation components to view the necessary data elements. In addition\, Jeremy will discuss best practices around API security\, and building API security into a development cycle or a security operations pro. \n\n\n11:30 AM – 12:30 PM \n\n\nAdversarial OSINT Reconnaissance \nPresenter: Kirby Plessas (Plessas Experts Network\, Inc.) \nFew realize how broadly Open Source Intelligence gathering can impact their organization's attack surface including its network\, metadata\, and personnel. Join Kirby Plessas for a rapid-fire\, hands-on\, live demonstration of the reconnaissance an adversary can commit against an organization using publicly available data. Scouring Google\, exploiting images\, and collecting critical data shared by and about individuals round out this attack planning demonstration that also points the way toward what should be done to secure your organization. \n\n  \nPresenters \nLinda Miller\nPartner\, Guidehouse \nLinda Miller is an expert in helping organizations identify and manage their risks to fraud. Linda is a former Olympian in the sport of rowing\, a dynamic speaker and a passionate advocate for diversity in the workplace. With the October 2022 acquisition of Grant Thornton\, she became a Partner at Guidehouse\, where she brings her Fraud & Financial Crimes expertise to a variety of government and private sector clients. In May 2020 Linda was appointed by the Chair of the Council of Inspectors General on Integrity and Efficiency to be the Deputy Director of the Pandemic Response Accountability Committee (PRAC). She held this role for one year\, helping to stand up the government's pandemic oversight function in a fully virtual setting in the midst of the pandemic. Linda also spent ten years at GAO\, where she led the development of GAO's Framework for Managing Fraud Risks in Federal Programs (GAO 15-593SP). This framework was codified in statute with the signing of the Fraud Reduction and Data Analytics Act which requires federal agencies to adhere to the leading practices contained within it. \n  \nZachary Rosenfeld\nManaging Consultant\, Guidehouse \nZachary Rosenfeld has more than 11 years' experience conducting evaluations and managing risk for federal programs in emergencies and complex contingency environments. He has delivered high profile evaluations\, performance audits\, white papers\, and briefings on international fraud and anti corruption\, including a first-of-its-kind evaluation commissioned by Congress to examine corruption in Afghanistan and the efficacy of the Afghan government's anti-corruption policies. At Guidehouse\, he leads teams responsible for conducting program evaluations and establishing effective\, proactive fraud risk management programs using maturity assessments\, fraud risk assessments\, and data analytics tools. His clients include the Department of State\, Federal Communications Commission\, and the Export-Import Bank of the United States. \n  \nAnika Pompey\nSenior Stakeholder Liaison\, Internal Revenue Service (IRS) \nAnika Pompey is a Senior Stakeholder Liaison with the Internal Revenue Service (IRS) in Washington\, DC. In this role\, she is responsible for performing outreach and establishing relationships with tax practitioners\, business and industry organizations\, and other audiences for the purpose of sharing information about IRS policies\, practices\, and procedures. Prior to becoming a Senior Stakeholder Liaison\, Anika held the position of Tax Compliance Officer (TCO). In this role\, she planned and conducted examinations of individual income tax returns. She was also responsible for educating taxpayers about tax law and tax-related accounting. Anika held the position of TCO for nine years before becoming the frontline manager of a TCO group. Anika has also held the position of Contact Representative where she was responsible for assisting customers with their tax accounts. Overall\, Anika's IRS career spans more than 15 years. \n  \nJeremy Synder\nFounder and CEO\, FireTail.io \nJeremy is the founder and CEO of FireTail.io. FireTail provides API security via code library\, and works with customers worldwide to keep APIs secure. Prior to FireTail\, Jeremy has worked at Rapid7\, DivvyCloud\, AWS and other companies. Jeremy has lived in 5 countries and speaks 5 languages. \n  \nKirby Plessas\nFounder and CEO\, Plessas Experts Network\, Inc. \nKirby Plessas is the founder and CEO of Plessas Experts Network\, Inc. (PEN)\, an Open Source Intelligence (OSINT) Internet technology and information extraction company specializing in training\, researching\, and consulting to meet the unique needs of diverse law enforcement\, government\, and private-sector organizations.\n \n\n \nMs. Plessas established herself as one of the foremost tradecraft experts in OSINT through a successful career as a member of the U.S. Military and as a Government Contractor prior to founding PEN in 2008. A service-disabled veteran\, Ms. Plessas began her career in Military Intelligence as an Arabic linguist supporting the Department of Defense and continued using her OSINT experience at the Defense Intelligence Agency. Acknowledged as an expert in her field\, in 2007 she was instrumental in the creation and institution of an innovation center for conducting Open Source Intelligence (OSINT). In great tribute to her long list of personal and corporate accomplishments in her field\, the Department of Homeland Security declared Ms. Plessas an OSINT Technical Expert (2010).\n \n\n \nThrough her work at PEN\, Kirby Plessas shares her love of innovative technology and OSINT expert skills by delivering hands-on training courses throughout the United States and internationally. \n  \nVirtual Meeting Information \n\nThis event will be presented through Zoom.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nThe ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant's inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org. \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter this conference\, attendees will have a better understanding of current trends and practices in identifying and addressing IT fraud. \n  \nCPE-Related Details \n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study: Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-it-fraud-conference/ LOCATION:Virtual Event CATEGORIES:Special Seminars ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221112T080000 DTEND;TZID=America/New_York:20221112T170000 DTSTAMP:20240911T150804Z CREATED:20220920T010249Z LAST-MODIFIED:20240911T150804Z UID:29509-1668240000-1668272400@isaca-gwdc.org SUMMARY:Certified in Emerging Technology (CET) Cloud Fundamentals Review Course DESCRIPTION:The GWDC is sponsoring an intensive one day virtual review course for the Certified in Emerging Technology™ (CET) Cloud Fundamentals Certificate.  The course will be held on November 12\, 2022 from 8:00 am to 5:00 PM. \nThis course covers characteristics\, components\, deployment models\, risks\, and business drivers of cloud computing. Learners gain insight into the principles and concepts of cloud computing\, services models\, cloud governance\, and an overview of critical cloud service considerations. The interactive\, self-guided format blends both knowledge and performance-based training components to provide a truly unique and dynamic learning experience that builds and reinforces the critical skills required to perform real-world technical tasks. \nThis event is intended for anyone sitting for the CET Cloud Fundamentals Certificate Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \nRegistration closed on November 11\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nAgenda \nModule 1 – Cloud Computing Models \n\n Cloud Components\n Cloud Service Implementation Considerations\n Cloud Deployment Models\n\nModule 2-Cloud Service Models \n\n Software as a Service\n Platform as a Service\n Solution Stacks\n Infrastructure as a Service\n\nModule 3-Cloud Governance \n\n Business Drivers to Cloud \n Risks Associated with cloud solutions\n Cloud Vendor Selection and Management\n Portability of Services\n\nModule 4-Cloud Service supports \n\n Distinguish between service implementation and support in the cloud\n Describe the testing and validation requirements for post-cloud implementation\n Articulate the special role that configuration management plays in cloud computing\n Identify resource management challenges with cloud computing implementations\n\n  \nAbout the CET \nThe Cat exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CET exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CET Cloud Fundamentals Certificate and Exam Registration \n  \nCCAK Exam Preparation \nFor students who wish to take the CET Cloud fundamentals exam\, it is highly recommended that the prospective candidates should purchase the official study guide and labs here as the exam includes hands on elements. \n  \nInstructor \n \nSushila Nair\nVice President\, Security Portfolio @ NTT DATA Services\, NTT DATA\, Inc.\nCISSP CISM CRISC CISA \nSushila Nair is certified by ISACA International to teach the CCAK Exam Review Course and specializes in cybersecurity\, risk\, and audit services. Sushila Nair is the current Vice President of the Greater Washington\, D.C. ISACA Chapter and has presented at CACS\, BrightTALK\, Seguruinfo and many other international events.  Sushila has taught review courses for the GWDC and ISACA Global. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented virtually.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 10 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \n\n Identify characteristics\, benefits\, deployments\, and components of cloud computing\n Evaluate cloud delivery models\, including SaaS\, PaaS\, and IaaS\n Define governance needs\, business drivers\, strategic value\, and risks associated with cloud computing\n Understand business model considerations for cloud computing\, including testing\, resource management\, data availability\, and business continuity\n\n  \nCPE-Related Details \n\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/cet-2022-fall-review/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221105T090000 DTEND;TZID=America/New_York:20221119T170000 DTSTAMP:20221122T190937Z CREATED:20220910T153631Z LAST-MODIFIED:20221122T190937Z UID:29452-1667638800-1668877200@isaca-gwdc.org SUMMARY:CRISC® Fall 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certified in Risk and Information Systems Controls™ (CRISC®).  This review course will provide practical advice on preparing for the CRISC exam and specific instruction regarding the job practice areas addressed by CRISC as defined by ISACA® Global. The dates of this course are three (3) consecutive Saturdays: November 5\, 12\, and 19\, 2022 from 9 am to 5 pm eastern. \nThis event is intended for anyone sitting for the CRISC Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \nRegistration closed on November 4\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nAgenda \nDay 1  \n\n Introduction\n Governance (Domain 1)\n\nDay 2 \n\n IT Risk Assessment (Domain 2)\n Risk Response and Reporting (Domain 3)\n\nDay 3  \n\n Information Technology and Security (Domain 4)\n Practice Tests\n\n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CRISC exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CRISC Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CRISC Review Manual and the CRISC Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CRISC Review Manual\n CRISC Review Questions\, Answers & Explanations Manual\n CRISC Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CRISC page as part of their study program.  \n  \nInstructor \n \nJim Wiggins\n \nJim has over 25 years direct experience in the design\, operations\, management\, and auditing of information technology systems\, with the past 20 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. \nToday\, Jim is the founder and executive director of the Federal IT Security Institute (FITSI). FITSI is a 501c6 non-profit\, certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024. FITSI provides a role-based IT security certification program targeted at the federal workforce. \nJim is also the executive director of the FITSI Foundation. The FITSI Foundation is 501c3 public charity that runs the Wounded Warrior Cyber Combat Academy (W2CCA). \nAdditionally\, Jim provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Agency (CISA) inside of the Department of Homeland Security (DHS). \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. \nIn 2019\, FCW Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \nJim holds the following IA/IT security certifications: CISSP\,ISSEP\, CISM\, CISA\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented virtually.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CRISC exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/crisc-fall-2022-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221104T093000 DTEND;TZID=America/New_York:20221104T170000 DTSTAMP:20221120T130726Z CREATED:20220910T164017Z LAST-MODIFIED:20221120T130726Z UID:29469-1667554200-1667581200@isaca-gwdc.org SUMMARY:Seminar - Introduction to Auditing with PowerShell® Part 2: Objects and Scripting DESCRIPTION:This one-day virtual seminar is designed for students to expand their skills in using PowerShell® to perform audits. This course explores two fundamental aspects of using PowerShell: objects and scripting.  PowerShell is built around the concept that data in PowerShell is an object of a specific type.  An object can be as simple as text or number or as complex as a collection of objects. Auditors need to understand this concept to unlock the information stored in different object types and the actions that can be taken.  PowerShell is also more than a series of commands; it is a scripting language complete with its own version or popular scripting features and syntax. While built for systems administrators\, auditors can also use key aspects of PowerShell’s scripting language to write effective and repeatable scripts for use in their audits. \nThis seminar is for any Auditor\, IT Auditor\, or Cybersecurity professional who want to incorporate PowerShell into their toolkits for accomplishing audits and projects. \nRegistration closed on November 3\, 2022 @ 12pm.  Capacity is limited to 30 registrants. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nRelated Seminar \nThis seminar builds on the concepts taught in the Introduction to Auditing with PowerShell Part 1: Overview and Basic Commands seminar. \n  \nSeminar Details \nSeminar Outline \n\n PowerShell refresher\n Understanding objects in PowerShell\n Object types and their properties and methods\n PowerShell scripting basics and best practices\n Tips for troubleshooting commands and scripts\n Practical Exercises\n\n  \nInstructor \n \nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 27 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 16+ years\, most of the time as Internet/Communications Director. Mike is currently the Associate Director for Web Development\, where he manages the chapter’s website. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter completing this course\, students will have skills to use objects in PowerShell and develop PowerShell scripts. \n\nAdditional CPE-Related Details \n\n Prerequisites: Students should have a basic understanding of PowerShell. The ISACA GWDC course Introduction to Auditing with PowerShell Part 1: Overview and Commands satisfies this prerequisite.\n Advance Preparation: The instructor will provide materials in advance of the course that should be saved to the student’s computer. Students can follow along with the instructor in executing PowerShell commands during the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-fall-seminar-auditing-powershell-p2/ LOCATION:Virtual Event CATEGORIES:Special Seminars ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221022T083000 DTEND;TZID=America/New_York:20221105T170000 DTSTAMP:20221120T130752Z CREATED:20220920T010310Z LAST-MODIFIED:20221120T130752Z UID:29505-1666427400-1667667600@isaca-gwdc.org SUMMARY:Certificate of Cloud Auditing Knowledge (CCAK™) Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certificate of Cloud Auditing Knowledge (CCAK™).  The dates of this course are three consecutive Saturdays: October 22\, 29\, and November 5\, 2022 from 8:30 am to 5:00 PM. \nThe CCAK course is designed to cover the following five core areas of focus: Cloud governance\, Cloud compliance\, Cloud auditing\, Cloud assurance\, and CSA tools. The course will provide knowledge on cloud security assessment methods and techniques\, and will assist students in updating their expertise in cloud and hybrid security auditing. CCAK is a joint project by Cloud Security Alliance® and ISACA®. The CCAK is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical education for cloud IT auditing. \nThis event is intended for anyone sitting for the CCAK Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \nRegistration closed on October 21\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nAgenda \nMODULE 1 – Cloud Governance \n\n Overview of governance\n Cloud assurance\n Cloud governance frameworks\n Cloud risk management\n Cloud governance tools\n\nMODULE 2 – Cloud Compliance Program \n\n Designing a cloud compliance program\n Building a cloud compliance program\n Legal and regulatory requirements\n Standards and security frameworks\n Identifying controls and measuring effectiveness\n CSA certification\, attestation and validation\n\nMODULE 3 – CCM and CAIQ Goals\, Objectives and Structure \n\n CCM\n CAIQ\n Relationship to standards: mappings and gap analysis\n Transition from CCM V3.0.1 to CCM V4\n\nMODULE 4 – A Threat Analysis Methodology for Cloud Using CCM \n\n Definitions and purpose\n Attack details and impacts\n Mitigating controls and metrics\n Use case\n\nMODULE 5 – Evaluating a Cloud Compliance Program \n\n Evaluation approach\n A governance perspective\n Legal\, regulatory and standards perspectives\n Risk perspectives\n Services changes implications\n The need for continuous assurance/continuous compliance\n\nMODULE 6 – Cloud Auditing \n\n Audit characteristics\, criteria & principles\n Auditing standards for cloud computing\n Auditing an on-premises environment vs. cloud\n Differences in assessing cloud services and cloud delivery models\n Cloud audit building\, planning and execution\n\nMODULE 7 – CCM: Auditing Controls \n\n CCM audit scoping guidance\n CCM risk evaluation guide\n CCM audit workbook\n CCM an auditing example\n\nMODULE 8 – Continuous Assurance and Compliance \n\n DevOps and DevSecOps\n Auditing CI/CD pipelines\n DevSecOps automation and maturity\n\nMODULE 9 – STAR Program \n\n Standard for security and privacy\n Open Certification Framework\n STAR Registry\n STAR Level 1\n STAR Level 2\n STAR Level 3\n\n  \nAbout the CCAK \nThe CCAK exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CCAK exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CCAK and Exam Registration \n  \nCCAK Exam Preparation \nStudents who wish to do the exam should purchase the exam study guide here. The Q&A database is purchased here and is helpful for the exam revision. \n  \nInstructor \n \nSushila Nair\nVice President\, Security Portfolio @ NTT DATA Services\, NTT DATA\, Inc.\nCISSP CISM CRISC CISA \nSushila Nair is certified by ISACA International to teach the CCAK Exam Review Course and specializes in cybersecurity\, risk\, and audit services. Sushila Nair is the current Vice President of the Greater Washington\, D.C. ISACA Chapter and has presented at CACS\, BrightTALK\, Seguruinfo and many other international events.  Sushila has taught review courses for the GWDC and ISACA Global. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented virtually.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \n\n Demonstrate key concepts of cloud governance and the role of assurance\, transparency and accountability in the cloud.\n Explain cloud risk management and the application of cloud governance tools.\n Devise the designing\, building and evaluating of a cloud compliance program based on laws\, regulations and regulatory standards.\n Apply control objectives\, technical and process controls\, security metrics and relate them to cloud control frameworks\, certification\, attestation and authorisations.\n Define and illustrate how to use the CSA Cloud Control Matrix and the CSA Top Threat Analysis Methodology.\n Build and execute an audit plan that addresses cloud concerns by utilising the Cloud Control Matrix.\n Discuss the impact of continuous assurance and auditing\, cloud automation\, native development and integration models on auditing and compliance .\n Describe the role of the CSA STAR Program.\n\n  \nCPE-Related Details \n\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/ccak-2022-fall-review/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221021T093000 DTEND;TZID=America/New_York:20221021T170000 DTSTAMP:20221120T130813Z CREATED:20220910T163238Z LAST-MODIFIED:20221120T130813Z UID:29463-1666344600-1666371600@isaca-gwdc.org SUMMARY:Seminar - Introduction to Auditing with PowerShell® Part 1: Overview and Basic Commands DESCRIPTION:This one-day virtual seminar is designed for students who want to learn different ways that PowerShell can be used in performing audits. Students will learn the basics of PowerShell\, including commands to import\, view\, summarize\, and export data. Students will also be taught how PowerShell can be used to obtain data from Windows Event Logs\, Active Directory\, Azure Active Directory\, and other data sources. \nThis seminar is for any Auditor\, IT Auditor\, or Cybersecurity professional who want to incorporate PowerShell into their toolkits for accomplishing audits and projects. \nRegistration closed on October 20\, 2022 @ 12pm. Capacity is limited to 30 registrants. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nRelated Seminar \nIf this topic interests you\, the chapter is also offering an Introduction to Auditing with PowerShell Part 2: Objects and Scripting seminar. \n  \nSeminar Details \nSeminar Outline \n\n Overview of PowerShell\n Basics of Using PowerShell Commands\n PowerShell Commands to Import\, Summarize\, View\, and Export CSV Data\n Overview of Using PowerShell to Import Data from XML and Text Files\n Overview of Using PowerShell to Import Data from Windows Event Logs\n Overview of Using PowerShell to Import Data Word and Excel Files\n Overview of Using PowerShell to Import Data from Active Directory\n Overview of Using PowerShell to Import Data from Azure Active Directory\n Practical Exercises\n\n  \nInstructor \n \nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 27 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 16+ years\, most of the time as Internet/Communications Director. Mike is currently the Associate Director for Web Development\, where he manages the chapter’s website. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter completing this course\, students will have skills to use PowerShell to import\, summarize\, and output data. Students will also have an awareness of potential data sources that PowerShell can be used with. \n\nAdditional CPE-Related Details \n\n Prerequisites: Students should be familiar with using Windows and using CSV files.\n Advance Preparation: The instructor will provide materials in advance of the course that should be saved to the student’s computer. Students can follow along with the instructor in executing PowerShell commands during the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-fall-seminar-auditing-powershell-p1/ LOCATION:Virtual Event CATEGORIES:Special Seminars ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221013T083000 DTEND;TZID=America/New_York:20221013T123000 DTSTAMP:20221120T130614Z CREATED:20221006T214024Z LAST-MODIFIED:20221120T130614Z UID:29607-1665649800-1665664200@isaca-gwdc.org SUMMARY:2022 Cybersecurity Conference DESCRIPTION:The ISACA Greater Washington DC (GWDC) is proud to host the 2022 Cybersecurity conference. This seminar is part of our monthly sessions and is centered around the various important Cybersecurity topics such as\, Zero Trust\, Ransomware\, Hunting threats in Active Directory and Auditing Cybersecurity. \nBusiness leaders and managers\, executives\, technologists\, professionals\,  and students\, interested in staying current in the field of cybersecurity should attend this conference. \nRegistration closed on October 12\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates\, feedback survey\, and presentations. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nConference Details \nAgenda \n8:30 – 9:30 Implement Zero Trust Principles in your Architecture \nPresenter: Adam Hesch (Amazon Web Services) \nZero trust has become a new industry buzzword\, but how do you actually implement it in your existing architecture today? In this session\, discover common architectural patterns for applications deployed on AWS and see how you can implement zero trust principles within them to improve your security outcomes. These examples will draw from common zero trust use cases (user\, device\, and system authentication and authorization) and technologies (software defined networks\, micro-segmentation\, policy enforcement points\, visibility\, and orchestration) to bring zero trust into your existing and future environments. \n  \n9:30 – 10:30 Threat Hunting with Windows Event Forwarding & MITRE ATTACK Framework \nPresenter: Gurvinder Singh \nIn this talk\, you will gain an overview of using Windows Event Forwarding (WEF) for incident detection\, with configuration and management workflows guidance. The talk will also provide an introduction to the MITRE ATT&CK Framework. \n  \n10:30 – 11:30 Bringing Active Directory back from Hell \nPresenter: Guido Grillenmeier \nThis session will cover what it’s like when your first gate of protection has already been broken through and you are trying to survive. The intruders are already in your network and have even compromised your Active Directory forest. It’s the story from a real-live IR-situation of how we recovered a middle-east company from an in-progress cyber-attack\, after their AD was already fully compromised. \n  \n11:30 – 12:30 Cybersecurity for Internal Auditors \nPresenter: Doug Murray & Raj Sawhney (Focal Point Data Risk) \nIn this presentation Doug Murray and Raj Sawhney provide IT Auditors and other IT Risk professionals guidance on how to conduct an effective Cybersecurity Audit. The IT Audit’s perspective as well as the CISO’s perspective is offered\, giving the attendees an opportunity to drive collaboration at their respective organizations. Tangible takeaways include how to apply the methodologies for Cybersecurity\, lessons learned from prior Cybersecurity reviews and the common pitfalls to avoid. The presentation is relevant for IT Risk professionals with limited knowledge of Cybersecurity or those with many years of experience looking to improve from practical experience. \n  \nPresenters \nAdam Hesch\nPrincipal Solutions Architect\, Amazon Web Services \nAdam is a Principal Solutions Architect supporting Federal Systems Integrators and Department of Defense customers with their migration to the cloud. He has spent the last year and a half working with federal customers on how to begin their Zero Trust journey on AWS and is currently the lead for the “Zero Trust Liftoff” team within AWS focused on helping customers meet federal zero trust related executive orders. \n  \nGurvinder Singh\nCyber Security & Privacy Leader\nCISSP\, CISA\, ITIL v3 \nGurvinder Singh is a Cybrary Instructor with Global Fortune 500 and 21 years of diversified industry experience. Gurvinder understands best practices\, information security architecture\, risk management\, compliance\, policy issues\, business continuity\, disaster recovery\, privacy\, governance\, prevention\, and countermeasure. Gurvinder has successfully communicated\, advised and managed global\, corporate-wide security issues and improved business processes. \n  \nGuido Grillenmeier\nChief Technologist @ Semperis \nGuido Grillenmeier is the Chief Technologist of Semperis. Based in Germany\, Guido has been a Microsoft MVP for Directory Services for 12 years. He spent 20+ years at HP/HPE as Chief Engineer. A frequent presenter at technology conferences and contributor to technical journals\, Guido is the co-author of Microsoft Windows Security Fundamentals. He’s helped various customers secure their Active Directory environments and supported their transition to Windows 10/m365 and Azure cloud services. \n  \nDoug Murray \nChief Information Security Officer (CISO)\, Global Cybersecurity\, Privacy and IT Audit Leader\nCISSP\, CISM\, CISA\, CRISC\, CDPSE \nAn experienced\, driven\, and accomplished Chief Information Security Officer and Leader\, with a wealth of experience while working for high-profile companies. Has extensive experience in information security\, data privacy\, IT risk\, and business continuity\, and is experienced in balancing strategic and execution requirements of enterprise information security programs which ensure confidentiality\, integrity\, and availability of data. A proven track record of success in transforming and maturing global information security organizations. \n  \nRaj Sawhney\nManaging Director\, IT and Internal Audit\, Cybersecurity and Business Process @ Focal Point Data Risk\nMSA\, MBA\, CISA\, CFE\, CCSIC\, CDPSE\, CIST\, CIMP\, CRISC\, CEH\, CISSP \nRaj Sawhney is a Managing Director in Focal Point Data Risk’s IT Audit and Advisory practice providing a variety of advisory solutions to companies in the Southern California region. Raj has led Internal Audit\, IT Audit and Cybersecurity engagements for large multi-national corporations utilizing a variety of industry best practices and domain specific guidance. Raj has Big-4 experience with KPMG and Deloitte Consulting\, and his international audit experience spans Germany\, China\, Singapore and India. Raj also brings a tremendous breadth and depth of IT Audit experience\, including SAP\, Oracle\, NetSuite\, Mainframe\, AS400\, PeopleSoft\, FiServ\, Unix\, Linux\, AWS and other cloud hosted applications. Raj has guided management in the remediation of significant issues around business process and I.T. including development of impactful audit reports\, SOX compliance and SOC certification programs. Raj is a regular speaker at audit & security conferences and completed his Masters in Computer Science and his M.B.A in Finance from UC Irvine. Raj also holds a CISA (Information Systems)\, CRISC (Risk and Controls)\, CIST (Information Security)\, CDPSE (Data Privacy)\, CCSK (Cloud security)\, CFE (Financial Fraud)\, and recently became a certified Cybersecurity Auditor. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this conference\, attendees will have a better understanding of current trends in cybersecurity such as Zero Trust\, Ransomware\, Identify hidden threats in Active Directory and risk and controls around cybersecurity.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-cybersecurity-conference/ LOCATION:Virtual Event CATEGORIES:Special Seminars ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT END:VCALENDAR