BEGIN:VCALENDAR VERSION:2.0 PRODID:-//ISACA Greater Washington, D.C. Chapter - ECPv6.16.4.1//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-ORIGINAL-URL:https://isaca-gwdc.org X-WR-CALDESC:Events for ISACA Greater Washington, D.C. Chapter REFRESH-INTERVAL;VALUE=DURATION:PT1H X-Robots-Tag:noindex X-PUBLISHED-TTL:PT1H BEGIN:VTIMEZONE TZID:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20230312T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20231105T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20240310T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20241103T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20250309T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20251102T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20260308T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20261101T060000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID=America/New_York:20241205T083000 DTEND;TZID=America/New_York:20241205T123000 DTSTAMP:20241204T184000Z CREATED:20240817T194849Z LAST-MODIFIED:20241204T184000Z UID:32663-1733387400-1733401800@isaca-gwdc.org SUMMARY:Security and Risk Insights Conference DESCRIPTION:Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n\nNavigating the Future: A CISO’s Perspective on 2024 Security and Risk Priorities \nThe ISACA Greater Washington D.C. Chapter (GWDC) invites you to our Annual Security and Risk Insights Conference—a must-attend event for cybersecurity professionals and business leaders. This year’s seminar offers a comprehensive review of the most critical cybersecurity and risk trends from 2024 and provides actionable insights on where to focus your budget and training efforts for 2025. Whether you’re a CISO\, IT manager\, or business executive\, this conference equips you with the knowledge you need to prepare for the year ahead. \nWhy Attend? \n\n In-Depth Analysis of 2024 Trends: Understand the key developments that shaped the cybersecurity landscape in 2024.\n Future-Focused Strategies: Learn about emerging risks and opportunities in 2025\, helping you make informed decisions about budget allocations and training priorities.\n Expert Guidance: Hear from industry leaders like Ira Winkler\, Greg Carpenter\, and Gary Hayslip on how to navigate the evolving security environment.\n Practical Takeaways: Gain actionable insights that you can apply immediately to strengthen your organization’s security posture.\n\n \nRegistration closes on December 4\, 2024 @ 2pm. \nRegister Today! \n  \nAgenda \n\n\n08:30 AM – 09:30 AM \n\n\nYour Budget is a Horse’s A$$ \nPresenter: Ira Winkler (CYE Security) \nExplore the historical influence of horse-drawn carts on railcar dimensions and how it relates to rigid cybersecurity budgeting. Join this session to learn how to apply machine learning and other mathematical concepts to justify budget allocation\, optimize risk\, and design effective cybersecurity programs for limited resources. \n\n\n\n09:30 AM – 10:30 AM \n\n\nTeaching Information Warfare: Current and Future Adversarial Philosophy and Strategy by Greg Carpenter \nPresenter: Greg Carpenter (KnowledgeBridge) \nThis presentation provides a concise overview of the philosophy and teaching strategies employed in academic and government institutions to educate adversaries on information warfare techniques and procedures. The information has been collected from various sources\, including the Russian Ministry of Defense and the Peoples Liberation Army National Defense University. Most information has been collected from sources which are not publicly available. Participants will have a better understanding of what our adversaries’ strategic goals are and how to best identify and defend against them. \n\n\n\n10:30 AM – 11:30 AM \n\n\nGenAI & Security – Championing the use of GenAI within the Security Program \nPresenter: Gary Hayslip (SoftBank Investment Advisers) \nAs GenAI use becomes the norm\, what approach should CISOs take to effectively deploy these technologies and build resilient security programs? \n\n\n\n11:30 AM – 12:30 AM \n\n\nThe Growing Threat of Supply Chain Attacks \nPresenter: Erika Carrara (The Greenbrier Companies) \nSuccess: No longer accepting the unacceptable risks we inherit from our 3rd parties. Implementing stricter vendor risk management practices and improved software supply chain security\, reducing vulnerabilities introduced through third-party software. Challenging assumptions embedded in long accepted best practices. \nChallenge: Sophisticated supply chain attacks\, like SolarWinds and the CrowdStrike debacle\, exposed the fragility of software supply chains and the potential for widespread damage. These incidents underscored the challenge of securing complex systems\, where a single compromised component can infiltrate numerous others. The CrowdStrike incident prompted a reevaluation of allowing blanketed automated security updates\, revealing potential vulnerabilities introduced through this practice. These events highlight the need for a multi-layered security approach\, including rigorous vendor risk management\, continuous monitoring\, and robust incident response plans. \nView Erika’s Speaker Showcase for this Conference on the GWDC YouTube channel \n\n  \nPresenters \n\n\n \n\n\nIra Winkler\nField CISO @ CYE Security\nCISSP \nIra Winkler\, CISSP is the Field CISO for CYE Security\, former Chief Security Architect at Walmart\, and author of You Can Stop Stupid\, Security Awareness for Dummies\, and Advanced Persistent Security. He is considered one of the world’s most influential security professionals\, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations\, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them\, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations\, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association\, as well as several other prestigious industry awards. CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader. He was named 2021 Top Cybersecurity Leader by Security Magazine\, and most recently 2022 Cybersecurity Champion of the Year by the Cybersecurity Association of Maryland. \nIra is also author of the riveting\, entertaining\, and educational books\, Advanced Persistent Security\, Spies Among Us and Zen and the Art of Information Security. He also writes for a variety of online sites\, including RSA Conference\, DarkReading and ComputerWorld\, and for several other industry publications. \nMr. Winkler has been a keynote speaker at almost every major information security related event\, on 6 continents\, and has keynoted events in many diverse industries. He is frequently ranked among\, if not the\, top speakers at the events. \nMr. Winkler began his career at the National Security Agency\, where he served as an Intelligence and Computer Systems Analyst. He moved onto support other US and overseas government military and intelligence agencies. After leaving government service\, he went on to serve as President of the Internet Security Advisors Group\, Chief Security Strategist at HP Consulting\, and Director of Technology of the National Computer Security Association. He was also on the Graduate and Undergraduate faculties of the Johns Hopkins University and the University of Maryland. Mr. Winkler was previously elected the International President of the Information Systems Security Association\, which is a 10\,000+ member professional association. \nMr. Winkler has also written the book Corporate Espionage\, which has been described as the bible of the Information Security field\, and the bestselling Through the Eyes of the Enemy. Both books address the threats that companies face protecting their information. He has also written hundreds of professional and trade articles. He has been featured and frequently appears on TV on every continent. He has also been featured in magazines and newspapers including Forbes\, USA Today\, Wall Street Journal\, San Francisco Chronicle\, Washington Post\, Planet Internet\, and Business 2.0. \n \n\n\n\n \n\n\nGreg Carpenter\nChief Security Officer @ KnowledgeBridge International\nCISM\, Lean Six-Sigma Black Belt\, and ISO-9000 lead auditor \nDr. Gregory Carpenter serves as the Chief Security Officer at KnowledgeBridge International\, holds the title of Fellow of the Royal Society for the Arts in London\, and was named the National Security Agency’s Operations Officer of the Year. He is on the Board of Directors for ATNA Systems\, an advisor for RedSeer Security\, a Senior Advisor for ARIC\, Inc.\, and a Special Operations Medical Association member. Previously\, Dr. Carpenter has served on the International Board of Advisors for the Mackenzie Institute and as an advisor for EC-Council University\, Prior to his current role\, Dr. Carpenter held various senior military and civilian positions\, including Vice President for Cyber Operations\, Chief of Security Testing\, Chief Operations Officer\, Counterintelligence Division Chief\, Chief of Special Space Operations\, and Functional Team Lead for Electronic Warfare. \nDr. Carpenter is a co-author of Reverse Deception: Organized Cyber Threat Counterexploitation\, he is an international keynote speaker on adversarial psychology\, techniques\, and deception. He has worked projects with the UN\, INTERPOL\, and several domestic and international law enforcement and intelligence agencies. \nHe is a retired U.S. Army officer who served 27 years. He holds a Bachelor of Science\, a Master of Science\, and a Doctorate in Public Health. His professional qualifications include Certified Information Security Manager\, Lean Six-Sigma Black Belt\, and ISO-9000 lead auditor. \n \n\n\n\n \n\n\nGary Hayslip\nGlobal CISO @ Softbank Investment Advisors \nWith over 20 years of IT\, cybersecurity\, and risk management experience\, Gary Hayslip has established a reputation as a skilled communicator\, author\, board director\, and keynote speaker. Currently\, as Global CISO\, he advises Softbank Investment Advisers (SBIA) executive leadership on protecting critical information resources and overseeing enterprise cybersecurity strategy. Hayslip co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs\, volumes 1 and 2\, which enable CISOs to expand their business and leadership expertise. Hayslip’s previous executive roles include multiple CISO\, CIO\, Deputy Director of IT and Chief Privacy Officer for the US Navy (active duty)\, the US Navy (Civil Service)\, the City of San Diego\, California\, and Webroot Software. \n \n\n\n\n  \n\n\nErika Carrara\nVP\, Chief Technology & Security Officer @ The Greenbrier Companies \nErika Carrara is a highly strategic and visible executive at Greenbrier Companies\, serving as the Chief Technology & Security Officer. With a career focus on being a security-minded technologist\, Erika is a business enabler who thrives on innovation and solving complex problems. Her deep understanding of both security and infrastructure\, coupled with her alignment with the SRE methodology\, allows her to create a more reliable\, secure\, and efficient IT environment. \nErika’s leadership philosophy centers on the power of thought\, emphasizing that we become what we think about. She believes in continuous learning\, serving others\, and embracing individuality. Her foundational principles include defining one’s desires\, setting clear goals\, and viewing failure as a learning opportunity. As a leader\, Erika is committed to empowering her team\, fostering collaboration\, and inspiring growth. She expects her team to embrace challenges\, think critically\, communicate openly\, and strive for excellence. \n \n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about current and future trends in the cybersecurity and risk governance space. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/security-and-risk-insights-conference-2024/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/08/conference-security-insights-2024.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20241206T180000 DTEND;TZID=America/New_York:20241206T200000 DTSTAMP:20241204T012054Z CREATED:20241126T124743Z LAST-MODIFIED:20241204T012054Z UID:33248-1733508000-1733515200@isaca-gwdc.org SUMMARY:GWDC Maryland Holiday Party DESCRIPTION:Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n\nISACA GWDC welcomes members to join us for our annual holiday get together. Come enjoy drinks (2 drink tickets) and small eats stay for the raffle where we will be giving away ISACA GWDC merch. \nThis event is for GWDC Members only and a guest (optional).  There is no charge to attend this social; however\, since space is limited in the venue\, we ask that you register only if you will attend. \nCapacity for this event has been reached. However\, those interested can add their names to the waitlist. Those on the waitlist can still attend the event; however\, drink tickets may not be available. \nRegistration closes on December 5\, 2024 @ 2pm \nRegister Today! \n  \nVenue Information \n \nWorld of Beer (Bethesda)\n7200 Wisconsin Ave\nBethesda\, MD 20814 \nParking Information\nThere are a number of parking garages in the area. Metered street parking is also available. \nNearest Metro\nWorld of Beer is within walking distance of the Bethesda Metro station (Red Line). \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  URL:https://isaca-gwdc.org/event/holiday-party-maryland-2024/ CATEGORIES:Social Events ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/11/social-holiday-party.png ORGANIZER;CN="Mike Howard":MAILTO:itadmin2@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20241214T190000 DTEND;TZID=America/New_York:20241214T210000 DTSTAMP:20241209T031254Z CREATED:20241126T124728Z LAST-MODIFIED:20241209T031254Z UID:33255-1734202800-1734210000@isaca-gwdc.org SUMMARY:GWDC Virginia Holiday Party DESCRIPTION:Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n\nISACA GWDC welcomes members to join us for our annual holiday get together. Come enjoy drinks (2 drink tickets) and small eats stay for the raffle where we will be giving away ISACA GWDC merch. \nThis event is for GWDC Members only and a guest (optional).  There is no charge to attend this social; however\, since space is limited in the venue\, we ask that you register only if you will attend. \nWe have reached the capacity for this event and are no longer accepting additions to the waitlist. \n  \nVenue Information \n \nBronson Bierhall (Arlington)\n4100 Fairfax Dr\nArlington\, VA 22203 \nParking Information\nThere are a number of parking garages in the area\, including the Ballston Public Parking Garage ($1 for first 3 hours). Metered street parking is also available. \nNearest Metro\nBronson Bierhall is located near the Ballston MU Metro Station (Orange and Silver lines). \n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  URL:https://isaca-gwdc.org/event/gwdc-virginia-holiday-party/ CATEGORIES:Social Events ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/11/social-holiday-party.png ORGANIZER;CN="Mike Howard":MAILTO:itadmin2@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250116T083000 DTEND;TZID=America/New_York:20250116T123000 DTSTAMP:20250109T164216Z CREATED:20241119T015248Z LAST-MODIFIED:20250109T164216Z UID:33210-1737016200-1737030600@isaca-gwdc.org SUMMARY:IT Audit Conference DESCRIPTION:The GWDC’s Annual IT Audit Conference is a must-attend virtual event for IT Auditor\, IT professionals\, and cybersecurity enthusiasts. Scheduled for January 16\, 2025\, from 8:30 am to 12:30 pm EST\, this highly anticipated conference provides a platform to explore cutting-edge topics in IT auditing and cybersecurity. Key sessions include strategies for preventing cloud incidents from escalating into breaches\, implementing robust security controls\, and addressing cloud misconfigurations. Attendees will gain valuable insights from industry experts\, ensuring they stay ahead in the rapidly evolving IT landscape. With the opportunity to earn up to 4 Continuing Professional Education (CPE) credits\, this event is an excellent investment in professional growth and expertise. \nWhether you are a seasoned IT auditor or new to the field\, this conference is tailored to meet diverse professional needs. Registration is affordably priced at $10 for GWDC members and $30 for non-members\, making it accessible to a wide audience. The convenience of a virtual format allows participants from across the globe to join without travel constraints. Don’t miss the chance to network with like-minded professionals\, engage with thought leaders\, and enhance your skill set. Registration closes on January 15\, 2025\, at 2:00 pm\, so secure your spot today and take a significant step toward advancing your IT audit capabilities. \nRegistration closes on January 15th @ 2pm. \nRegister Today! \n  \nConference Overview \n\nJanuary 16 \nThe conference will be held on January 16\, 2025 from \n8:30 am to 12:30 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe workshop will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $10 \nThe fee for GWDC Members is $10 for the conference.\nThe fee for all other registrants is $30 for the conference. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 4 CPEs \nAttendees can earn up to 4 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nSpeaker Insights Showcase \nThe GWDC Media Relations team works with Conference speakers to share insights into their IT journey as well as their topic for the conference in the “Speaker Insights Showcase” series. Below are the videos for three of this month’s speakers. \nYou can view the full Speaker Insights Showcase series on our YouTube channel. \n \n  \n\n \n  \n\n \n  \n\n\n\n  \n  \nAgenda \n \n\n08:30 AM – 09:30 AM \n\n\nPrevent Cloud Incidents from Becoming Cloud Breaches \nPresenter: Brandon Evans (On-Brand Technologies LLC) \nThe number of cloud security breaches in the headlines have been staggering lately. It seems like a week cannot go by without a massive amount of sensitive data being leaked from either AWS\, Azure\, or Google Cloud. \nOne example that would be funny if it were not so sad is the September 2023 incident where the Microsoft AI team leaked 38TB of sensitive data\, including employee workstation backups and 30\,000 internal Teams messages\, due to a misconfigured storage configuration. How is the industry failing to use the clouds properly\, let alone Microsoft\, the extremely mature company who created Azure in the first place? \nJoin Brandon as he shares his analysis on this trend. He will discuss the unique challenges of protecting the cloud\, why the cloud providers are unable to solve these problems alone\, why multicloud makes matters even more difficult\, and how your organization can take practical measures to mitigate the impact of cloud incidents. The presentation will include case studies of real breaches that were made much worse due to a lack of defense-in-depth. Learn how to prevent real attacks with controls that matter. \n\n \n\n09:30 AM – 10:30 AM \n\n\nMaking Controls Work for You \nPresenter: Valecia Stocchetti (Center for Internet Security) \nHave you ever been in the position of implementing and/or auditing against a set of controls? For one framework or multiple frameworks? It can become exhausting chasing down people for evidence\, fulfilling hundreds of evidence requests\, or worse\, falling behind and not being able to keep up with challenging deadlines. And that’s the key word in all of this…CONTROL. However\, in this talk\, we are going to discuss the context of not just any control\, but the CIS Critical Security Controls\, a set of prescriptive\, prioritized\, and simplified best practices that you can use to strengthen your cybersecurity posture. Through implementation of the Controls\, an organization is able to demonstrate a commitment to strengthening their cybersecurity posture\, but also working their way toward aligning with other frameworks in the world of security and compliance – frameworks such as NIST 800-53\, ISO 27001\, PCI DSS\, HIPAA\, and more. \nThere are two sets of challenges this talk will address and one has to do with frameworks. Any given organization may need to comply with one or more frameworks\, depending on the industry they are in. There’s no one “golden” approach to take when implementing these controls. One thing is for certain though\, less is more in this scenario. Most frameworks have overlap and therefore\, controls can be “mapped” from one framework to another to alleviate the pressure of assessing against each individual framework\, which can quickly add up to hundreds and hundreds of controls. To go one step further\, CIS helps alleviate this mapping process by providing users with mappings to over 25 security and compliance frameworks\, along with the tools that help to streamline the mapping process. \nThe second challenge has to do with tooling. During an assessment\, organizations may face challenges keeping information straight. This includes evidence\, the implementation status of a control\, who is responsible for a control\, and so on. Even with an external audit team\, internal tools are still needed for the work that is involved before the external audit. Additionally\, an organization may want to adopt a continuous compliance methodology\, where audits don’t just happen once a year\, but at various points throughout the year. A tool is needed to keep this information in one space. CIS has tools and resources available to help alleviate this burden\, through their CIS Controls Self-Assessment Tool (CSAT)\, which helps them track and prioritize their implementation of the CIS Controls. \nJoin us for this invigorating talk that will not just highlight the challenges\, but also offer solutions! \n\n \n\n10:30 AM – 11:30 AM \n\n\nUsing Cloud Security Posture Management (CSPM) Solutions to Mitigate Cloud Misconfigurations \nPresenter: Michael Ratemo (Cyber Security Simplified) \nThe rapid adoption of cloud technology by organizations has led to a shift towards both single and multi-cloud environments. Unfortunately\, this shift has also resulted in cloud misconfigurations\, which are one of the top risks associated in the cloud. Cloud misconfiguration refers to any errors or gaps in the security measures of a cloud environment. \nWe will begin by discussing the root causes of cloud misconfigurations. The primary cause is human error followed by poor governance. Additionally\, the lack of knowledge and skills in cloud technology is a key factor resulting in misconfigurations. Another challenge is system complexity\, as there are numerous cloud services with distinct implementations and nuances. \nWe will then review case studies of organizations that have suffered data breaches due to cloud misconfigurations\, such as Capital One in 2019\, eBay in 2014\, and World Wrestling Entertainment (WWE) in 2017. These case studies will emphasize the importance of proper cloud security controls and measures. \nWe will then walk through built-in tools provided by AWS\, Microsoft Azure\, and Google Cloud\, that cyber professionals can leverage to mitigate security risks in the cloud. These tools are also known as Cloud Security Posture Management (CSPM) solutions. \nCloud Security Posture Management tools are automated solutions designed to identify misconfiguration issues and compliance risks in the cloud so that they can be remediated\, reducing the risk of successful breaches. We will explore AWS Security Hub\, Microsoft Defender for Cloud\, and Google Security Command Center\, and review how each tool can be used to gain visibility into the current security posture of each respective cloud. Furthermore\, we will emphasize how these tools can be applied to determine alignment with relevant regulatory compliance standards and industry-standard benchmarks\, as well as identify threats and potential security weaknesses. \nThe Key Takeaways from this session are: \n\nMost cloud breaches are due to misconfigurations or human errors.\nDo not rely on your Cloud Service Provider to secure your data (Understand the Shared Responsibility model).\nYou cannot protect what you do not have visibility into (CSPM solutions can help).\nCloud security should begin with implementation of Cloud Governance.\n\n\n \n\n11:30 AM – 12:30 AM \n\n\n“I ran a data science livestream every day for 100 days. Here’s what I learned about the future of data science in your organization” \nPresenter: Dennis Salguerna (Data Science With Dennis) \nI have been fortunate to build a global community of data science enthusiasts and have more than 15\,000 followers on social media. I also run what I believe to be the world’s first daily data science stream. In this presentation\, I want to discuss the meta-themes that have emerged during this period. There are fundamental risks that exist in how data science is currently executed; people understand the How (development tools\, processing power\, etc.) but not the Why or When (methodology). There is also an emerging risk in the level of creativity that will be required in future data science development work. Finally\, I will present a framework that your organization can use to address these risks and be better prepared for the changing landscape of data science. \n\n  \nPresenters \n \n\n \n\n\nBrandon Evans\nOwner and InfoSec Consultant @ On-Brand Technologies LLC \nBrandon is the owner and an InfoSec Consultant at On-Brand Technologies LLC\, a consultancy helping organizations secure their applications and other workloads in multi cloud environments\, specializing in AWS\, Azure\, and Google Cloud. Prior to starting his consultancy\, Brandon led the secure development training program at Zoom Video Communications. He began his career as a Software Engineer\, where he worked on both the core product of a startup\, later acquired by a Fortune 500 organization\, and on various products spanning a multi-billion dollar enterprise. \nBrandon is lead author for SANS Institute course SEC510: Cloud Security Controls and Mitigations a contributor to SEC540: Cloud Security and DevSecOps Automation\, host of Cloud Ace podcast\, Season 1\, an analyst for the SANS Multicloud Survey\, a multi-year RSA Conference presenter\, and participates in bug bounties\, such as when he found a critical vulnerability in Microsoft Defender for Cloud. \n \n\n \n\n \n\n\nValecia Stocchetti\nSenior Cybersecurity Engineer @ the Center for Internet Security\, Inc. (CIS®)\nGCFE\, GCFA\, GSEC \nValecia Stocchetti is a Senior Cybersecurity Engineer at the Center for Internet Security\, Inc. (CIS®). As a member of the CIS Critical Security Controls team\, she has led multiple projects including: the CIS Cost of Cyber Defense for IG1\, CIS Community Defense Model (CDM) v2.0\, CIS Risk Assessment Method (CIS RAM) v2.1\, as well as multiple Living off the Land (LotL) guides. Stocchetti was also one of the principal authors of the Blueprint for Ransomware Defense. \nPrior to joining the CIS Controls team\, she led the Cyber Incident Response Team (CIRT) at the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®). While managing CIRT\, Stocchetti spearheaded multiple forensic investigations and incident response engagements for the MS-ISAC and EI-ISAC’s state\, local\, tribal\, and territorial (SLTT) community. Stocchetti was also the Information Security Audit Manager at CIS where she evaluated and managed the control implementation within CIS and measured compliance to various standards and best practices. Stocchetti came to CIS from the eCommerce field where she worked complex financial fraud cases. She holds multiple certifications\, including GIAC Certified Forensic Examiner (GCFE)\, GIAC Certified Forensic Analyst (GCFA)\, and GIAC Security Essentials Certification (GSEC). \nWhile she enjoys all things InfoSec\, Stocchetti particularly finds the cybercrime and espionage fields fascinating\, which is what prompted her career choice. Stocchetti earned her Bachelor of Science degree in Digital Forensics from the University at Albany\, State University of New York\, as well as her Master of Science degree in Information Security at Champlain College. \n \n\n \n\n \n\n\nMichael Ratemo \nMichael Ratemo is a Principal Security Consultant at Cyber Security Simplified\, a boutique security firm that provides Cloud Security and Cyber Security solutions. He speaks security in a language businesses can understand and has built a career advising organizations on effective security strategies. \nMichael is a thought leader in the field of Cyber Security\, and the author of the LinkedIn Learning Courses; “Cloud Security and Audit Foundations in AWS\, Microsoft Azure\, and Google Cloud\,” and “Building and Auditing a Cyber Security Program.” In addition\, Michael is the co-author of the “Cloud Auditing Best Practices” book. \nFinally\, Michael is a speaker and trainer at major industry events including RSA Conference\, Cloud Security Alliance\, and Stronger Conference. \nMichael gives back to the community by providing mentorship and guidance to future security practitioners. \n \n\n \n\n \n\n\nDennis Salguero \nPrincipal @ Data Science With Dennis \nDennis Salguero has been a technology professional for more than 20 years. He has worked for companies such as Citi\, IBM\, Ticketmaster\, and Caesars Entertainment. He is also a Top Data Science Voice on LinkedIn and has more than 15\,000 followers on social media. \nIn his free time\, he enjoys playing poker\, golf\, and traveling the world. He has visited 6 continents and only Antarctica remains as the final continent to visit. \n \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about current and future trends in the IT Audit space. \n  \nCPE-Related Details \n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/it-audit-conference-2025/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/11/conference_itaudit.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250123T083000 DTEND;TZID=America/New_York:20250124T123000 DTSTAMP:20250122T172105Z CREATED:20241105T120254Z LAST-MODIFIED:20250122T172105Z UID:33189-1737621000-1737721800@isaca-gwdc.org SUMMARY:NIST Cybersecurity Framework (CSF) v2 Workshop DESCRIPTION:This two-day workshop offers participants a deep dive into the complexities and nuances of the NIST Cybersecurity Framework requirements. \nDesigned to be comprehensive and practical\, this workshop is tailored to equip attendees with the knowledge and skills necessary to proficiently implement and adhere to each requirement within the NIST CSF.  Each of the NIST CSF Functions will walk through the function\, category and subcategory; providing the students with the thorough understanding of the people\, processes\, and technology in addition to the use cases and case studies within each of the six CSF Functions. \nUpon conclusion of this workshop\, participants will possess actionable insights to enhance their organization’s cybersecurity posture.  This workshop is intended for anyone interesting in gaining a deeper understanding of NIST CSV v2. \nPrerequisites \nParticipants will need to have a fundamental grasp of cybersecurity concepts and terminology.  Familiarity with fundamental IT concepts\, technologies\, services\, capabilities and practices is highly recommended and desired. \nRegistration closes on January 22nd @ 5 pm \nRegister Today! \n  \nWorkshop Overview \n\nJanuary 23 and 24 \nThe workshop will be held on January 23 and 24\, 2025 from 8:30 am to 12:30 pm on both days. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe workshop will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $299 \nThe fee for GWDC Members is $299 for the workshop.\nThe fee for all other registrants is $399 for the workshop. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 8 CPEs \nAttendees can earn up to 8 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \nDay 1: Understanding NIST CSF and Core Functions \n\nSession 1: NIST Primer & Refresher\nSession 2: CSF Governance Function\nSession 3: CSF Identify Function\nSession 4: CSF Protect Function\nSession 5: CSF Detect Function\n\nDay 2: Implementing and Adhering to NIST CSF \n\nSession 6: CSF Respond Function\nSession 7: CSF Recover Function\nSession 8: Continuous Improvement & Compliance\nSession 9: Future-proofing\nSession 10: Wrap-up and Beyond\n\nSession Skeleton \n\nEach session will reference previous session to identify the relationships between functions.\nEach session will cover and define the function\, categories and sub-categories\nEach session will include Practical Insights & Takeaways\nEach session will provide example use cases\nEach session will provide example roles\nEach session will provide example processes\nEach session will provide example technology\nEach session will include a case study\nEach session will summarize that session\nEach session will have an Open Forum Q&A\n\n  \nInstructor \n\n \n\n\nEdward McCabe\nThe Rubicon Advisory Group\nCISM | CRISC | CGEIT | CDPSE | COBIT | ISO/IEC 27K1 ISMS LI | SABSA \nA business focused information security professional\, Edward is an active practitioner\, mentor\, and instructor with over three decades of experience supporting Fortune 100 companies\, various domestic state\, federal and foreign government agencies. Industries supported include Financial Services\, Defense Industrial Base\, Retail\, Electric Power Transmission & Distribution\, Hospitality\, Legal Services\, Payment Processing\, Health Care\, Construction\, Insurance\, Technology\, Aviation\, Manufacturing\, and Media. \nEdward specializes in Enterprise Governance\, Risk Management\, Compliance\, Incident Response\, Threat Intelligence Program Management\, Enterprise Security Architecture\, and Advanced Adversarial Attack & Penetration Testing. \nEdward is often invited to present and speak on a variety of topics including Social Engineering\, Incident Response & Digital Forensics\, Threat Intelligence Analysis & Management\, Practical Security Data Visualization\, Advanced Attack & Penetration Testing\, IT Audit Development\, Enterprise Governance & Risk Management\, and Adopting Information Security as part of Corporate Culture. \nVenues have included: the ISACA Computer Audit\, Control and Security (CACS) Summit\, ISACA Cyber Security Nexus (CSX)\, ISACA Atlanta Geek Week\, Central Ohio Information Security Summit\, various Security BSides\, (ISC) 2 eSymposium on Threat Intelligence\, the Health Information Management Summit\, Data Management (DAMA) International\, CircleCityCon\, DerbyCon\, Louisville’s Annual InfoSec Summit\, and HackRedCon. Edward receives invitations to speak with specific industries and organizations around the globe. \nA veteran of the United States Navy\, Edward holds various professional certifications including the Governance of Enterprise Information Technology (CGEIT)\, Risk and Information Systems Controls (CRISC)\, Information Security Manager (CISM)\, Data Privacy Solutions Engineer (CDPSE) and COBIT\, in addition to being an ISO/IEC 27001 Lead Implementer\, SABSA/Chartered Architect\, and a former Qualified Security Assessor (QSA) for the Payment Card Industry. \nEdward is an accredited instructor for ISACA’s CISM\, CRISC\, CGEIT\, CDPSE and COBIT certifications and the co‐author for the CGEIT\, CRISC\, CISM and the soon to be released Certified Cybersecurity Operations Analyst (in Beta) certification bodies of knowledge and the lead for ISACA’s Ransomware Readiness Audit Program and Blueprint for Ransomware Defense. Additionally\, Edward develops and delivers custom trainings on a wide range of courses from Analysis of Competing Hypotheses to Zero Trust. \nEdward enjoys spending time with his family in Brandenburg\, KY where you will often find him relaxing by the fire pit\, sitting on the balcony\, smoking various meats or contemplating how restoring their historic Queen Anne home is the embodiment and personification of the Information Security industry. \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 8 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \nTo gain a practical understanding of how to effectively implement and adhere to these requirements \nUse of the practical insights\, takeaways\, use cases and case studies should sufficiently give those who meet the prerequisites the ability to meet the desired learning objectives \n  \nCPE-Related Details \n\nPrerequisites: Participants will need to have a fundamental grasp of cybersecurity concepts and terminology. Familiarity with fundamental IT concepts\, technologies\, services\, capabilities and practices is highly recommended and desired.\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method: Group Internet Based\nField of Study: Information Technology – Technical URL:https://isaca-gwdc.org/event/nist-csf-v2-workshop/ LOCATION:Virtual Event CATEGORIES:Special Seminars ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/11/seminar-csf-v2.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250220T083000 DTEND;TZID=America/New_York:20250220T123000 DTSTAMP:20250222T191604Z CREATED:20241231T173905Z LAST-MODIFIED:20250222T191604Z UID:33349-1740040200-1740054600@isaca-gwdc.org SUMMARY:Artificial Intelligence Conference DESCRIPTION:Artificial intelligence (AI) is reshaping the landscape of IT audit and cybersecurity\, offering unprecedented opportunities and challenges for professionals in the field. This conference brings together thought leaders\, innovators\, and practitioners to explore how AI is transforming the way organizations secure their systems\, manage risks\, and navigate regulatory requirements. \nWhether you’re an IT auditor\, cybersecurity professional\, or business leader\, this conference equips you with the knowledge and tools to harness the power of AI while addressing its unique risks. Prepare to lead your organization into the future with confidence\, innovation\, and resilience. \nRegistration closes on February 19th @ 8pm. \nRegister Today! \n  \nConference Overview \n\nFebruary 20 \nThe conference will be held on February 20\, 2025 from \n8:30 am to 12:30 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe conference will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $10 \nThe fee for GWDC Members is $10 for the conference.\nThe fee for all other registrants is $30 for the conference. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 4 CPEs \nAttendees can earn up to 4 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nSpeaker Insights Showcase \nThe GWDC Media Relations team works with Conference speakers to share insights into their IT journey as well as their topic for the conference in the “Speaker Insights Showcase” series. Below are the videos for three of this month’s speakers. \nYou can view the full Speaker Insights Showcase series on our YouTube channel. \n \n  \n\n \n  \n\nAgenda \n \n\n08:30 AM – 09:30 AM \n\n\nMITRE ATLAS: Actionable Tools for AI Security & Assurance \nPresenter: Dr. Christina Liaghati (MITRE) \nMITRE ATLAS (atlas.mitre.org) is a public knowledge base of adversary tactics and techniques based on real-world attack observations and realistic demonstrations from artificial intelligence (AI) red teams and security groups. \nThis capabilities overview will include the latest MITRE ATLAS community driven and open sourced efforts focused on capturing and sharing cross community data on real world AI incidents\, expanding the community’s data on vulnerabilities that can arise when using open-source AI models or data\, especially for vulnerabilities that fall outside of the scope of CVE/CWE\, and developing mitigations to defend against these AI security threats and vulnerabilities. \n\n \n\n09:30 AM – 10:30 AM \n\n\nEthics of Artifical Intelligence \nPresenter: Diana Burley (American University) \nAI and other emerging technologies both empower innovation and expose societal vulnerabilities. The policies that guide their deployment and use determine\, to a large extent\, the role that these innovations play in society. As such\, the policies\, and the policymakers who shape them\, are powerful arbiters of future human welfare. How then\, do we extend the “responsible” principles we promote with the technology developers to the policies and policymakers who shape societal standards? \n\n \n\n10:30 AM – 11:30 AM \n\n\nAI Trends and Deploying Systems Securely at Scale \nPresenter: Henrik Balle (AWS) \nThis presentation explores the latest generative AI trends and cloud-native approaches to deploying enterprise-ready generative AI solutions at scale\, highlighting advances in and the advantages of managed services alongside comprehensive security controls. We examine how modern cloud infrastructure enables organizations to build innovative generative AI solutions while maintaining security\, data privacy and regulatory compliance. Key focus areas include flexible model deployment options\, knowledge bases\, AI agents\, integrated governance tools\, and scalable architecture that helps enterprises minimize risks while maximizing AI innovation. \n\n \n\n11:30 AM – 12:30 AM \n\n\nUnpacking Generative AI Applications: Navigating Security Risks \nPresenter: Ahmed Abugharbia (SANS) \nGenerative AI (GenAI) is no longer a future possibility—it’s a present reality transforming industries at an unprecedented pace. As organizations embrace GenAI to drive innovation and gain competitive advantages\, they must also navigate the significant risks it introduces. In this talk\, we will demystify the core components of GenAI applications and examine the critical security challenges they pose. \n\n  \nPresenters \n \n\n \n\n\nDr. Christina Liaghati\nTrustworthy & Secure AI Department Manager and MITRE ATLAS Lead @ MITRE \nWorking across a collaborative global community of industry\, government\, and academia\, Dr. Liaghati leads MITRE’s Trustworthy & Secure AI Department and MITRE ATLAS\, where she passionately drives research and developments in trustworthy and secure AI for everyone working to leverage AI-enabled systems. Leading her department of 50+ scientist and engineers and serving the community with the not-for-profit\, objective\, MITRE perspective\, she is dedicated to working together to create and openly share actionable tools\, capabilities\, data\, and frameworks for trustworthy and secure AI like ATLAS\, an ATT&CK-style framework of the threats and vulnerabilities of AI-enabled systems. \nAs Dr. Liaghati has worked across the community to improve the common understanding of AI security concerns\, her work quickly started overlapping with broader AI assurance concerns\, which includes AI equitability\, interpretability\, reliability\, robustness\, safety\, and needs for privacy enhancement. As a result of this expansion beyond AI security into more of these elements of trustworthy AI and AI assurance\, her current focus under ATLAS and across the international community is to build a protected mechanism for increased knowledge and incident sharing across government and industry in both AI security and the broader areas of AI assurance. \nDr. Liaghati also chairs the NATO Science and Technology Organization Research Task Group on the AI Assurance and Security\, focused on fostering an enduring collaborative community of NATO organizations and industry partners\, leveraging the Science and Technology Organization to shape future interoperable capability developments in AI security and assurance. \n \n\n \n\n \n\n\nDr. Diana Burley\nVice Provost for Research and Innovation @ American University \nDr. Diana L. Burley is a global cybersecurity expert with more than 30 years of experience driving digital transformation\, implementing cybersecurity workforce initiatives\, and promoting an equitable global technology community. Diana is currently Vice Provost for Research and Innovation at American University where she also leads the Khan Cyber & Economic Security Institute and serves as a member of the faculty. As both the university’s chief research officer and chief innovation officer\, Diana oversees the university-wide R&D portfolio\, research partnerships\, and strategic initiatives to catalyze discovery. She advises government officials and regularly offers thought leadership at executive forums. Her board service includes the Cyber Future Foundation and the Global Cyber Security Advisory Group\, and she has been honored by GET Cities\, Executive Women’s Forum\, SC Magazine\, ACM\, and others for her leadership in building the global cybersecurity workforce. She earned her Ph.D. from Carnegie Mellon University. \n \n\n \n\n \n\n\nHenrik Balle\nPrincipal Solutions Architect @ AWS \nHenrik Balle is a Principal Solutions Architect at AWS supporting federal civilian customers\, and he helps them achieve their mission through architecting and implementing innovative solutions at scale. He works closely with customers on a range of topics from AI/ML to security and governance at scale\, and he holds both AWS Security and Machine Learning Specialty certifications. In his spare time\, he loves road biking\, motorcycling\, or you might find him working on yet another home improvement project. \n \n\n\n \n\n\nAhmed Abugharbia\nSANS Certified Instructor and Founder of Cyberdojo\nGIAC GSEC and GPEN\, AWS Certified DevOps Engineer Professional\, AWS Certified Solutions Architect Associate\, CEH\, JNCIS-FWV\, JNCIA-IDP\, and CCNA \nAhmed Abugharbia is a SANS Certified Instructor and founder of Cyberdojo\, focusing on GenAI and Cloud Security. With over 17 years of experience in security\, Ahmed has worked and led projects in cloud security\, network and application security\, as well as incident handling. He is the author of SEC545: GenAI and LLM Application Security™ and an instructor for SEC540: Cloud Security and DevSecOps Automation™ \nFor over a decade Ahmed has been providing training in various capacities. Starting with mentoring new team members at work to providing training to clients on various security topics\, teaching them about hacking concepts and the possible effects on their infrastructure. His first interaction with SANS was in 2013 when he took both SEC401: SANS Security Essentials and SEC560: Network Penetration Testing and Ethical Hacking\, earning both the GSEC and GPEN certificates. By that point at his career\, he had taken many classes\, exams\, and attended many seminars but felt none of which came close to how practical and comprehensive the SANS courses were. A few years later\, after realizing he wanted teaching to be an integral part of his career\, SANS was his first choice. He is also a faculty member of the SANS Technology Institute\, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. \nAhmed holds a bachelor’s degree in Computer Science along with a myriad of professional certifications including: GIAC GSEC and GPEN\, AWS Certified DevOps Engineer Professional\, AWS Certified Solutions Architect Associate\, CEH\, JNCIS-FWV\, JNCIA-IDP\, and CCNA. He’s fluent in both English and Arabic and when not in front of a computer screen\, he is practicing Brazilian Jiu Jitsu\, which he describes as a form of martial arts that is all about solving technical problems. \n \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about current and future trends in the IT Audit space. \n  \nCPE-Related Details \n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/artificial-intelligence-conference/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/12/conference-ai-2025.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250222T083000 DTEND;TZID=America/New_York:20250222T170000 DTSTAMP:20250105T200652Z CREATED:20250105T180347Z LAST-MODIFIED:20250105T200652Z UID:33438-1740213000-1740243600@isaca-gwdc.org SUMMARY:IT Risk Fundamentals Review Course DESCRIPTION:Every organization experience risk. ISACA’s IT Risk Fundamentals Certificate is perfect for anyone wanting to learn about information and technology (I&T)-related risk. Our IT Risk Fundamentals course covers the fundamentals of risk management; from identifying and prioritizing risk to responding and communicating the risk to management.  \nThis course covers the six critical functions of the IT Risk Fundamentals Certificate: Risk Intro and Overview\, Risk Governance and Management\, Risk Identification\, Risk Assessment and Analysis\, Risk Response\, and Risk Monitoring.  \nThis course is intended for anyone wanting to strengthen their understanding of the IT risk management life cycle as well as those students preparing for the IT Risk Fundamentals exam.  No prior knowledge required!  This course will teach you the fundamentals of IT Risk Management. \nRegistration closes on February 21 @ 3pm. \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Overview \n\nFebruary 22 & March 1 \nThe course will be held on February 22 and March 1\, 2025 (Saturdays) from 8:30 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $350 \nThe fee for GWDC Members is $350 for the course.\nThe fee for all other registrants is $600 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 14 CPEs \nAttendees can earn up to 14 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \nThe course will cover the following six critical IT Risks functions: \n\nDomain 1 – Risk Introduction and Overview (5%): We start by setting a strong foundation and understanding of risk. In this domain we will cover fundamental concepts of IT risk management. We will discuss how risks links to business functions\, the importance of the three lines of defense and the role of IT controls.\nDomain 2 – Risk Governance and Management (15%): We will explain the structure of risk governance and management and how it’s used to set a direction for a business. We will discuss risk appetite\, risk tolerance\, and risk capacity and introduce the risk management cycle.\nDomain 3 – Risk Identification (20%): Risk identification is the process of spotting and documenting the risks a business faces. It is crucial because only identified risks can be assessed and responded to. In this domain we will talk about assets\, threats\, and vulnerabilities and how we can use them to identify risk.\nDomain 4 – Risk Assessment and Analysis (25%): After identifying risk\, the next step is to understand its impact on the business. In this domain\, we will discuss the different approaches to risk assessments\, how to use risk registers to document risks\, and the importance of risk aggregation.\nDomain 5 – Risk Response (15%): After risk has been identified and assessed\, decisions need to be made about the appropriate risk response. In this domain we will discuss risk response strategies\, control design and implementation and other response approaches.\nDomain 6 – Risk Monitoring\, Reporting and Communication (20%): The monitoring and reporting of risk play an important role in the risk management process. Indicators for risk and performance should be considered carefully and chosen deliberately\, based on their alignment with enterprise goals. Because of the changing nature of risk and associated controls\, ongoing monitoring and reporting are essential steps in the risk management process.\n\nThe instructor will provide a copy of the presentation materials (PDF) to online attendees\, along with additional materials prepared by instructor to support the course. \n  \nInstructor \n\n \n\n\nRamona Ratiu\nCybersecurity | Board Advisor | Adjunct Professor | Mentor | SheLeadsTech Ambassador\nMS\, CISM\, GSTRT\, GCCC \nRamona Ratiu is a seasoned cybersecurity professional with a focus on effective risk planning and cyber resilience strategies. Currently serving at Zurich Insurance Group\, she spearheads transformative cybersecurity projects to build on the organizational resilience. With a background encompassing information security\, governance\, audit\, risk management\, and compliance\, Ms. Ratiu has honed her expertise in developing and implementing technical and procedural solutions. These solutions facilitate stakeholders in achieving and sustaining compliance across various standards efficiently. \nEquipped with a bachelor’s degree in finance and a Master of Science in Information Security and Compliance from DePaul University\, Ms. Ratiu holds several prestigious certifications\, including Certified Information Systems Manager (CISM)\, Certified Information Systems Auditor (CISA)\, GIAC GCCC and GSTRT. \nIndustry engagements: Teaching Certifications Review Courses (7+ years): As an APMG Accredited Trainer\, Ramona Ratiu has instructed CISM and IT Risk Fundamentals courses for the ISACA Chicago Chapter. \nGlobal Teaching Engagements (2022-2023): Ramona extended her expertise globally\, teaching IT Risk courses to students in Sri Lanka\, UK\, Romania\, and underrepresented students from Africa through the CyberGirls program. \nShe serves as an Adjunct Professor at DePaul University\, lecturing students on IT Risk Management principles. \nMentorship and Leadership Roles: Ramona served as President of the ISACA Chicago chapter for 2 consecutive terms (4 years). She acts as a mentor for the Chicago GROW mentorship program and serves as a Professional mentor for the TechWomen program focused on Emerging Leaders. \nAdditionally\, she founded the “SheLeadsTech with… Expertise” program\, dedicated to increasing women’s representation in technology leadership roles. Ramona also serves as a Global SheLeadsTech Ambassador. \nAdvocacy and Awards: Ramona’s dedication to the ISACA Chicago Chapter led to significant achievements\, including the 2020 J Wayne Snipes Best Chapter Award and the 2021 Innovative Chapter Award for the #CollectiveResilience program. She was honored with the 2022 Outstanding Chapter Leader award and the 2023 Inspirational Leadership Award for her inspiring work\, education\, mentorship\, and guidance to advance current and future generations of technologists and advocating for women worldwide. In 2024\, she led the SheLeadsTech Chicago program to win the Innovative Award for Education. She has received the 2024 Excellence in Leadership Award for Best Faculty Advisor\, by DePaul University. \nRecent Publications: Ramona continues to contribute to the industry’s knowledge base with articles and publications such as “Blueprint for Ransomware Preparations and Defense\,” “Strengthening Collaboration for Cyber Resilience\,” “Securing the Future: Enhancing Cybersecurity in 2024 and beyond\,” and “Applying Zero Trust principles” – published by ISACA. \nMs. Ratiu’s extensive experience and qualifications position her as a key figure in the realm of cybersecurity\, driving resilience and preparedness within organizations. \n \n\n  \nIT Risk Fundamentals Certificate Exam \n \nThe exam is be offered via Computer-Based Testing (CBT). \nRegistration and administration of the exam is handled by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \nFor full details on this certificate\, visit the ISACA’s CET Cloud Fundamentals Certificate page. \n  \nExam Preparation \nFor students who wish to take the IT Risk Fundamentals exam\, it is highly recommended that the prospective candidates should purchase the official study guide. \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 14 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org. \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\nLearning Objective: After completing the course\, students will be prepared to sit for the CET exam.\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/it-risk-fundamentals-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/01/review_course_itrisk.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250227T083000 DTEND;TZID=America/New_York:20250227T170000 DTSTAMP:20250211T171553Z CREATED:20250105T181625Z LAST-MODIFIED:20250211T171553Z UID:33491-1740645000-1740675600@isaca-gwdc.org SUMMARY:Generative AI for Cyber Auditors Workshop DESCRIPTION:This intensive one-day virtual workshop\, “Generative AI for Cyber Auditors\,” scheduled for February 27th\, 2025\, will provide participants with a comprehensive understanding of how generative AI can be incorporated into the audit process to enhance efficiency and accuracy. The workshop will cover the use of AI tools for data analysis and compliance verification\, with practical exercises to ensure participants can apply these techniques effectively.  \nRegistration closes on February 26 @ 3pm.  \nRegister Today! \n  \nCourse Overview \n\nFebruary 27 \nThe workshop will be held on February 27 from 8:30 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Teams. \nPrior to the event\, participants must install the Teams app on their respective devices. Participants using the web-based Teams or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $125 \nThe fee for GWDC Members is $125 for the course.\nThe fee for all other registrants is $200 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 7 CPEs \nAttendees can earn up to 7 CPEs for this event. \nParticipants must respond to all the poll questions via the Teams polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \nModule 1: Overview of Generative AI \n\nDefinition and significance of generative AI.\nKey concepts and technologies involved.\nApplications of generative AI in various fields\, with a focus on auditing.\n\nModule 2: Generative AI in the Audit Process \n\nRole of AI in modern auditing.\nBenefits of using generative AI for cyber auditors.\nKey areas of application within the audit process.\n\nModule 3: Incorporating AI Tools into Auditing \n\nOverview of AI tools available for auditing.\nHow to select and implement the right AI tools.\nBenefits of AI tools in improving audit accuracy and efficiency.\n\nModule 4: Data Analysis with Generative AI \n\nTechniques for using AI in data analysis.\nExamples of AI models used for analyzing audit data.\nComparative benefits over traditional data analysis methods.\n\nModule 5: Compliance Verification Using AI \n\nHow AI can streamline compliance verification.\nReal-world examples of AI-driven compliance checks.\nBenefits of AI in ensuring thorough and accurate compliance.\n\nModule 6: Practical Exercise: AI for Data Analysis \n\nSetting up practical exercises for AI-based data analysis.\nInstructions and expectations for participants.\nDiscussion of outcomes and insights gained.\n\nModule 7: Practical Exercise: AI for Compliance Verification \n\nDesigning practical exercises for AI-driven compliance checks.\nStep-by-step guide for participants.\nDebrief and analysis of the exercise results.\n\nModule 8: Ethical and Regulatory Considerations \n\nEthical challenges in using AI for auditing.\nBalancing innovation with ethical considerations.\nOverview of current and future regulations impacting AI in auditing.\n\nModule 9: Future Trends in Generative AI and Auditing \n\nEmerging trends in generative AI relevant to auditing.\nImpact of these trends on the audit process.\nPreparing for future AI advancements in auditing.\n\n  \nInstructor \n\n \n\n\nJim Wiggins\nCISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim Wiggins is a seasoned IT and cybersecurity expert with over 28 years of industry experience\, 23 of which have been dedicated to information security. He is the Founder and CEO of Securible\, LLC\, a Washington\, DC-based cybersecurity training and consulting firm specializing in practical\, forward-thinking solutions. Through Securible\, Jim has championed innovative approaches to address emerging threats\, ensure regulatory compliance\, and harness the power of Artificial Intelligence in IT audit\, cybersecurity\, governance and privacy. \nIn addition to his leadership at Securible\, Jim also serves as the Founder and CEO of the Federal IT Security Institute (FITSI)\, a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI provides role-based cybersecurity certifications designed to fortify the U.S. federal cybersecurity workforce. \nRecognized as a Federal 100 award recipient in 2019 and the Federal Information Systems Security Educators’ Association (FISSEA) “Educator of the Year” in 2011\, Jim is widely respected for his commitment to elevating cybersecurity education. In the rapidly evolving arena of Artificial Intelligence (AI)\, Jim has directly trained well over 1\,000 IT and cyber professionals on generative AI fundamentals through intensive sessions with the Department of the Interior’s University\, the Defense Information Systems Agency (DISA)\, the National Risk Management Center (NRMC) within CISA\, and the Greater Washington DC Chapter of ISACA. He leverages AI-driven tools such as ChatGPT\, Gemini\, Dalle\, Midjourney\, and Copilot to translate complex concepts into practical\, governance-focused applications. \nBelow is the list of credentials Jim currently holds: \n\n\n\nCybersecurity: CISM\, CISA\, CRISC\, CDPSE\, CISSP\, ISSEP\, CGRC (CAP)\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and FITSP-M.\nInformation Technology: MCITP\, MCSE: Security\, MCSE: Messaging\, MCSA\, MCDST\, Server+\, Network+\, A+.\nProject Management: PMP (Project Management Professional).\nEducation: ICE-CCP (I.C.E. Certified Credentialing Professional).\n\n\n\nJim is currently working on a Master’s Degree in Education from George Washington University with a concentration in Assessment\, Testing\, and Measurement (sometimes called psychometrics). \n\n \n\n  \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \n\nUnderstand the foundational concepts of generative AI and its relevance in the auditing process.\nExplore the applications of AI tools in enhancing audit efficiency and accuracy.\nLearn how to utilize AI for data analysis and compliance verification.\nEngage in practical exercises to apply AI techniques in real-world audit scenarios.\nDevelop strategies for integrating generative AI into existing audit frameworks.\n\nCPE-Related Details \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/gen-ai-for-cyber-auditors-workshop/ LOCATION:Virtual Event CATEGORIES:Workshop ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/01/workshop_gen_ai_cyber_auditors.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250307T083000 DTEND;TZID=America/New_York:20250307T140000 DTSTAMP:20250217T141813Z CREATED:20250105T182614Z LAST-MODIFIED:20250217T141813Z UID:33502-1741336200-1741356000@isaca-gwdc.org SUMMARY:PowerShell® Workshop: Basics DESCRIPTION:Auditors and IT professionals work with large amounts of data\, requiring the need for a variety of tools to help them obtain\, review\, analyze\, and/or export this data. One of the most versatile (and free) tools for working with data is PowerShell®\, which is included with the Windows OS. While designed as a systems administration tool\, it also has powerful capabilities that auditors and IT professionals can use to greatly improve project outcomes and efficiency.  \nThis one-day hands-on virtual workshop is designed for students who want to learn how to use PowerShell in performing audits or data analysis projects. The core skills in working with PowerShell to analyze data are learning how to load data into PowerShell\, reformat/analyze it\, and export it to one or more files. This workshop covers these core skills through lessons and hands-on exercises. PowerShell\, while designed for systems administrators to automate their administration duties\, has data handling and analysis capabilities that auditors and IT professionals can use in accomplishing their projects. \nThis workshop is an excellent opportunity for those who are new to PowerShell to learn about this powerful tool. It’s also a great opportunity for those familiar with PowerShell to refresh and practice their skills. \nRegistration closes on March 6 @ 3pm. \nRegister Today! \n  \nCourse Overview \n\nMarch 7 \nThe workshop will be held on March 27 from 8:30 am to 2:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Teams or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $100 \nThe fee for GWDC Members is $100 for the course.\nThe fee for all other registrants is $150 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 6 CPEs \nAttendees can earn up to 6 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n\nCourse Introduction\nBasics of using PowerShell\nHands-on Practice on common use cases\, including:\n\nThe basic layout of a typical PowerShell script for auditors\nCombining multiple CSV files of the same layout into a single CSV file.\nCollecting\, modifying\, and saving data from XML files.\nCollecting\, modifying\, and saving data from Windows Logs.\nCollecting\, modifying\, and saving data from a Windows Server.\nCollecting\, modifying\, and saving data from Active Directory.\nCollecting\, modifying\, and saving data from websites.\n\n\n\n\nRecap and PowerShell resources\n\n  \nAdditional Course Details \nHands-on Lab Exercises \nEach student will be provided access to a Windows Server to use during the course. The server will be hosted on the Azure Lab Services platform. \nThe server will be accessed using Windows Remote Desktop. Therefore\, on the course dates\, students will need to use a Windows-based computer that permits use of the Remote Desktop protocol. \nAn email will be sent to each student this evening with instructions on accessing the virtual server. Students are encouraged to register and follow the instructions to access the virtual server prior to the start of the seminar. \nEach lesson in the course has practice commands to use during the lesson and practice exercise to reinforce lesson concepts.  All lesson materials will be pre-loaded onto each student’s virtual server. \n  \nMaterials Provided During the Seminar \nEach student attending the seminar will be provided: \n\nPresentation materials\nPowerShell scripts for each lesson\nAccess to the virtual server for up to 10 hours after the course ends for additional practice\nLink to the seminar recording\, good for 30 days after the seminar\n\n  \nInstructor \n\n \n\n\nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 30 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 20+ years\, most of the time as Internet/Communications Director. Mike is currently the Information Technology Director\, where he manages the chapter’s website and IT environment. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 6 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \nAfter completing this course\, students will have skills to use PowerShell in the performance of their audits and projects. Specifically\, students will be able to: \n\nImport data from several types of data sources into PowerShell.\nAnalyze data in PowerShell through comparing data and summarizing it.\nReorder data and change its format.\nExport data into CSV and Text files.\nCreate a basic PowerShell script to import\, analyze\, and export data.\n\n  \nCPE-Related Details \n\nPrerequisites: Students should be familiar with using Windows and using CSV files. Basic familiarity with PowerShell or other programming languages is beneficial.\nAdvance Preparation: The instructor will provide materials in advance of the course. The instructor will also provide credentials to access a virtual server several days in advance of the course. Students should log onto the server and share any issues with the instructor in advance of the course.\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/powershell-workshop-basics-spring2025/ LOCATION:Virtual Event CATEGORIES:Workshop ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/01/workshop_powershell_basics.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250310T083000 DTEND;TZID=America/New_York:20250313T170000 DTSTAMP:20250228T124458Z CREATED:20250127T142948Z LAST-MODIFIED:20250228T124458Z UID:33589-1741595400-1741885200@isaca-gwdc.org SUMMARY:Certified Information System Auditor® (CISA®) Review Course (Weekday Sessions) DESCRIPTION:CISA Review Course – Weekday Sessions \nThe ISACA Greater Washington\, D.C. Chapter (GWDC) is hosting an intensive 4-day virtual review course for the Certified Information Systems Auditor® (CISA®) Exam. This course is designed to provide practical guidance on preparing for the CISA exam and will cover the essential job practice areas as defined by ISACA® Global.  \nThis event is ideal for professionals planning to sit for the CISA exam. Attendees are encouraged to prepare in advance to maximize the benefits of the course. \nRegistration closes on March 9 @ 12pm.  \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Overview \n\nMarch 10 – 13 \nThe course will be held on March 10 – 13\, 2025 from 9:00 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Teams. \nPrior to the event\, participants must install the Teams app on their respective devices. The instructor will send out the Teams link closer to the course start. \n\n\nGWDC Member Fee – $500 \nThe fee for GWDC Members is $500 for the course.\nThe fee for all other registrants is $1\,000 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 32 CPEs \nAttendees can earn up to 32 CPEs for this event. \nParticipants must respond to all the poll questions via the Teams polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \nPlease note\, these are estimates as some domains (especially Domains 4 and 5) may span multiple days. \n\nDay 1: 18% Domain 1 – Information Systems Auditing Process & 18% Domain 2 – Governance & Management of IT\nDay 2: 12% Domain 3 – Information Systems Acquisition\, Development & Implementation\nDay 3: 26% Domain 4 – Information Systems Operations & Business Resilience\nDay 4: 26% Domain 5 – Protection of Information Assets\n\n  \nExam Resources \nStudy Recommendations \nThe instructor highly recommends that students purchase the CISA Review Manual and the CISA Review Questions\, Answers\, and Explanations Database – 12 Month ahead of the course date. Below are the study materials available for purchase from the ISACA Bookstore: \n\nCISA Review Manual\nCISA Review Questions\, Answers & Explanations Manual\nCISA Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISA page as part of their study program.  \n  \nInstructor \n\n \n\n\nJim Wiggins\nCISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim has over 28 years of direct experience in the design\, operation\, management\, and auditing of information technology systems\, with the past 23 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses aimed at federal and government contracting clients. \nToday\, Jim is the Founder and Principal of Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, RMF\, Security+\, and other courses requested by Securible’s clients. Currently\, he provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI offers a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501(c)(3) public charity that focuses on cyber education and serves as the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation operates the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at: https://www.fitsifoundation.org. \nIn 2020\, Jim launched a TV show on cybersecurity called “Cybersecurity Today\,” which can be viewed in the Washington\, DC area. Episodes can also be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW named Jim to the “Federal 100” for his tireless efforts to promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make on the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n \n\n  \nMore Information on CISA \n \nRegistration for the CISA exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CISA and Exam Registration \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 32 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\nLearning Objective: After completing the course\, students will be prepared to sit for the CISA exam.\nPrerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/certified-information-system-auditor-cisa-review-course-weekday-sessions-2025/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/08/review_course_CISA.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250317T090000 DTEND;TZID=America/New_York:20250319T170000 DTSTAMP:20250105T200851Z CREATED:20250105T183650Z LAST-MODIFIED:20250105T200851Z UID:33483-1742202000-1742403600@isaca-gwdc.org SUMMARY:Certified in Risk and Information Systems Controls™ (CRISC®) Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certified in Risk and Information Systems Controls™ (CRISC®).  This review course will provide practical advice on preparing for the CRISC exam and specific instruction regarding the job practice areas addressed by CRISC as defined by ISACA® Global. \nThis event is intended for anyone sitting for the CRISC Exam. Students are expected to have prepared for the exam prior to attending the course. \nRegistration closes on March 16 @ 3 pm. \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Overview \n\nMarch 17 – 19 \nThe course will be held on March 17 – 19 from 9:00 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Teams. \nPrior to the event\, participants must install the Team app on their respective devices. Participants using the web-based Teams or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $550 \nThe fee for GWDC Members is $550 for the course.\nThe fee for all other registrants is $800 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 21 CPEs \nAttendees can earn up to 21 CPEs for this event. \nParticipants must respond to all the poll questions via the Teams polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n\nDay 1 \n\n\nIntroduction \nGovernance (Domain 1) \n\n\nDay 2 \n\n\nIT Risk Assessment (Domain 2) \nRisk Response and Reporting (Domain 3) \n\n\nDay 3 \n\n\nInformation Technology and Security (Domain 4) \nPractice Tests \n\n  \nCourse Materials and Exam Resources \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CRISC exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CRISC Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CRISC Review Manual and the CRISC Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\nCRISC Review Manual\nCRISC Review Questions\, Answers & Explanations Manual\nCRISC Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CRISC page as part of their study program.  \n  \nInstructor \n\n \n\n\nJim Wiggins\nCISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim has over 28 years of direct experience in the design\, operation\, management\, and auditing of information technology systems\, with the past 23 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses aimed at federal and government contracting clients. \nToday\, Jim is the Founder and Principal of Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, RMF\, Security+\, and other courses requested by Securible’s clients. Currently\, he provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI offers a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501(c)(3) public charity that focuses on cyber education and serves as the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation operates the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at: https://www.fitsifoundation.org. \nIn 2020\, Jim launched a TV show on cybersecurity called “Cybersecurity Today\,” which can be viewed in the Washington\, DC area. Episodes can also be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW named Jim to the “Federal 100” for his tireless efforts to promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make on the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n \n\n  \nMore Information on CISM \n \nRegistration for the CRISC exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CRISC and Exam Registration \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details \n\nLearning Objective: After completing the course\, students will be prepared to sit for the CRISC exam.\nPrerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/crisc-review-course-spring2025/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/01/review_course_crisc.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250319T080000 DTEND;TZID=America/New_York:20250319T173000 DTSTAMP:20250311T230146Z CREATED:20250105T185012Z LAST-MODIFIED:20250311T230146Z UID:33454-1742371200-1742405400@isaca-gwdc.org SUMMARY:Cybersecurity Audit Certificate Review Course DESCRIPTION:It’s not just the high cost to an organization in the event of a breach\, but the inevitability of an attack that makes cybersecurity critical. With the increasing number of cyberthreats\, it is becoming critical for the audit plan in every organization to include cybersecurity. As a result\, auditors are increasingly being required to audit cybersecurity processes\, policies and tools to provide assurance that their enterprise has appropriate controls in place. Vulnerabilities in cybersecurity can pose serious risks to the entire organization—making the need for IT auditors well-versed in cybersecurity audit greater than ever. \nISACA’s Cybersecurity Audit Certificate Program provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits. It provides security professionals with an understanding of the audit process\, and IT risk professionals with an understanding of cyber-related risk and mitigating controls. \nThis course is intended for anyone wanting to strengthen their cybersecurity audit skills as well as those students preparing for the Cybersecurity Audit Certificate exam. \nRegistration closes on March 18 @ 3pm. \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Overview \n\nMarch 19 \nThe course will be held on March 19\, 2025 from \n8:00 am to 5:30 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $125 \nThe fee for GWDC Members is $125 for the course.\nThe fee for all other registrants is $200 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 9 CPEs \nAttendees can earn up to 9 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \nThe course cover the following domains for the Cybersecurity Audit Certificate: \n\nSecurity Frameworks & Best Practices\nThreat Assessment & Management\nAuthorization Processes & Governance\nAsset\, Configuration\, Change & Patch Management Practices\nEnterprise Identity & Information Access Management\nCyber & Legal Regulatory Requirements\n\n  \nInstructor \n\n \n\n\nSushila Nair\nCISSP\, GIAC GSTRT\, GSNA GDSA\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair is the CEO of Cybernetic LLC and former Vice President of Capgemini’s North American Cybersecurity practice\, where she played a crucial role in driving secure digital transformation on a global scale. With over 30 years of experience in computing infrastructure\, business\, and security risk analysis\, Sushila has established herself as a leading authority in the cybersecurity domain. Her career highlights include serving as Vice President responsible for global security offers at NTT DATA Services\, a decade of leading her own IT and cybersecurity company across major UK cities\, and serving as a Chief Information Security Officer (CISO) and trusted advisor to boards\, where she honed her expertise in protecting organizations from evolving digital threats. Recognized through the top cybersecurity leader award by Security Magazine\, Sushila’s influence in the industry is undeniable. \nAn esteemed thought leader\, Sushila has shared her insights on prestigious platforms such as RSA Conference and ISACA’s global events. Her active participation in ISACA’s global emerging trends working group and her leadership as President of ISACA’s Greater Washington\, D.C. Chapter underscore her dedication to advancing the field of cybersecurity. In 2024\, her commitment to nurturing the next generation of cybersecurity professionals and promoting diversity in the industry was honored with the prestigious ISACA Technology for Humanity Award. \n \n\n  \nCybersecurity Audit Certificate Exam \n \nThe exam is be offered via Computer-Based Testing (CBT). \nRegistration and administration of the exam is handled by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \nFor full details on this certificate\, visit the ISACA’s Cybersecurity Audit Certificate page. \n  \nExam Preparation \nFor students who wish to take the Cybersecurity Audit Certificate exam\, it is highly recommended that the prospective candidates should purchase the official study guide. \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 9 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org. \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives: \nBy the end of this course you will be able to: \n\nDefine the roles and responsibilities of a cybersecurity auditor\nUnderstand security frameworks to identify best practices\nAssess the threats with the help of vulnerability management tools\nExplain all aspects of cybersecurity governance\nManage enterprise identity and information access\nRecall the definitions of cybersecurity processes and components related to cybersecurity operations\nDefine threat and vulnerability management\nBuild and deploy secure authorization processes\nDescribe the concepts of firewall\, wireless and network security technologies in reducing the risk of cyber attack\n\n  \nCPE-Related Details \n\nPrerequisites and Advance Preparation: While not required\, professionals who possess a fundamental understanding of cybersecurity concepts and prior audit experience will be best positioned to succeed in this course and the Cybersecurity Audit Certificate Exam.\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/cybersecurity-audit-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/01/review_course_cyberaudit.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250320T083000 DTEND;TZID=America/New_York:20250320T123000 DTSTAMP:20250319T125528Z CREATED:20241231T183229Z LAST-MODIFIED:20250319T125528Z UID:33353-1742459400-1742473800@isaca-gwdc.org SUMMARY:SheLeadsTech - Celebrating Women in Technology DESCRIPTION:In celebration of Women’s Month this March\, this SheLeadsTech Conference brings together IT audit and cybersecurity professionals to celebrate the contributions of women leaders in the field while fostering inclusivity and collaboration for all. This unique event is designed for both men and women\, offering sessions that highlight innovation\, leadership\, and strategies to excel in the rapidly evolving tech landscape. \nFeaturing an all-female lineup of inspiring speakers\, this conference provides an opportunity to: \n\nGain actionable insights from industry leaders driving change in IT audit and cybersecurity\nExplore cutting-edge solutions and strategies to address today’s most pressing challenges\nBuild connections in an inclusive environment that champions diversity and collaboration\nCelebrate the achievements of women while engaging in meaningful discussions about empowering the next generation of leaders\n\nWhether you’re an IT auditor\, IT/Cyber professional\, or business leader\, join us for a day of inspiration\, education\, and connection as we celebrate Women’s Month and explore how diverse perspectives strengthen the future of technology and leadership. Together\, we can lead\, innovate\, and thrive. \nRegistration closes on March 19th @ 2pm. \nRegister Today! \n  \nConference Overview \n\nMarch 20 \nThe conference will be held on March 20\, 2025 from \n8:30 am to 12:30 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe conference will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $10 \nThe fee for GWDC Members is $10 for the conference.\nThe fee for all other registrants is $30 for the conference. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 4 CPEs \nAttendees can earn up to 4 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nSpeaker Insights Showcase \nThe GWDC Media Relations team works with Conference speakers to share insights into their IT journey as well as their topic for the conference in the “Speaker Insights Showcase” series. Below are the videos for three of this month’s speakers. \nYou can view the full Speaker Insights Showcase series on our YouTube channel. \n \n  \n\n \n  \n\nAgenda \n \n\n08:30 AM – 09:30 AM \n\n\nAccelerate Your Tech Mastery: Leveraging Generative AI to Empower Women in STEM \nPresenter: Sujatha Dantuluri (AWS) \nIn the rapidly evolving technology industry\, the pace of change and the emergence of transformative innovations\, such as generative AI\, have created a pressing need for continuous upskilling and reskilling. This is especially true for women in STEM fields\, who often face unique challenges in accessing the resources and support necessary to keep their skills sharp and stay ahead of the curve. \nThis session will explore how women in tech can leverage the capabilities of Amazon Bedrock\, a comprehensive generative AI platform\, to accelerate their technical upskilling and drive innovation. Through interactive demonstrations and real-world case studies\, attendees will learn how to leverage Bedrock’s advanced language models\, multimodal capabilities\, and customization features to tackle complex challenges\, automate repetitive tasks\, and unlock new levels of creativity and problem-solving. \n\n \n\n09:30 AM – 10:30 AM \n\n\nThe Power of Partnerships \nPresenter: Marcelle Lee (Equinix) \nIn my role as lead for cyber threat research at Equinix\, I am responsible for intelligence sharing partnerships. In this talk\, I will discuss how to establish\, maintain\, and grow these crucial relationships. I will also share practical tips on starting an intelligence sharing program and highlight some success stories that demonstrate the value of collaboration in enhancing cybersecurity. \n\n \n\n10:30 AM – 11:30 AM \n\n\nFireside Chat – Leadership & Talent Development: Breaking Barriers and Building Future-Ready Skills \nPresenters: Emily Lewis Pinnell (Tential Solutions) and Sushila Nair (Cybernetic) and Avneet Sabharwal (GWDC Programs Director) \nJoin us for an engaging fireside chat as part of the ISACA Greater Washington DC SheLeadsTech initiative\, where we will explore the evolving landscape of leadership and talent development. In an era of rapid technological advancements\, organizations are seeking professionals who can blend technical expertise with strategic leadership\, risk management\, and business acumen. \nThis conversation will delve into the most in-demand skills in cybersecurity and IT governance\, from cloud security and AI risk management to regulatory compliance and zero-trust architectures. We’ll discuss practical strategies for upskilling\, career progression\, and overcoming the ‘pink ceiling’—the invisible barriers that often hinder women from reaching leadership roles. \nThrough real-world insights and success stories\, our speakers will address mentorship\, executive presence\, and building influence. Whether you are an emerging leader or an experienced professional looking to advance\, this session will provide actionable strategies to help you future-proof your career\, navigate workplace challenges\, and step into leadership with confidence. \nDon’t miss this opportunity to gain industry insights\, and be part of the conversation shaping the future of leadership in IT audit and cybersecurity. \n\n \n\n11:30 AM – 12:30 AM \n\n\nPioneering Change Through Bold Innovation \nPresenter: Gurmeet Kaur (Agilious) \nThe United Nations finds that in 2022\, only 17% of inventors holding international patents were women\, while 83% were men. To achieve innovation and progress\, it’s necessary to challenge the status quo\, think outside the box\, and break established rules. \nJoin our speaker\, Gurmeet Kaur\, as she walks us through how to navigate barriers\, believe in your idea even when facing challenges\, and persevere against the bias that holds us back. \n\n  \nPresenters \n \n\n  \n  \n  \n\n\nSujatha Dantuluri\nSenior Solutions Architect on the US Federal Civilian team @ AWS \nSujatha Dantuluri is a Senior Solutions Architect on the US Federal Civilian team at AWS. With over 20 years of experience supporting both commercial and government customers\, she is a trusted advisor in building and architecting mission-critical solutions. An active public speaker\, Sujatha also contributes to IEEE standards. Additionally\, she serves as a mentor for women in within and outside the AWS. Sujatha is an active participant in initiatives that enable and empower women in the industry. \n \n\n \n\n \n\n\nMarcelle Lee\nPrincipal Information Security Engineer | Team Lead\, Cyber Threat Research @ Equinix \nMarcelle is a principal information security engineer at Equinix\, the world’s largest digital infrastructure company\, where she oversees the cyber threat research team. She has more than ten years of experience in cybersecurity\, specializing in cyber threat analysis\, research\, and reporting\, identification of tactics\, techniques and procedures (TTPs)\, campaign tracking\, threat hunting\, network traffic analysis\, intrusion analysis\, digital forensics\, malware analysis\, and technical writing. Before embarking on her cyber career\, Marcelle had years of experience leading operations and projects for a variety of organizations. \nMarcelle is also a passionate educator and a published author\, teaching digital forensics and cybersecurity courses at University of Maryland. She is a recognized community leader\, presenting technical talks and training\, providing mentoring\, and volunteering on numerous boards and committees. She is driven by the mission of advancing and empowering people in the field of cybersecurity. \nIf you are looking for a key for a CTF challenge it is “diversity.” \n \n\n \n\n \n\n\nEmily Lewis Pinnell\nSenior Vice President\, Professional Services @ Tential Solutions \nI have worked with hundreds of customers in managing Data\, Cloud and AI initiatives. In building innovative professional services teams\, I focus on the pairing technical expertise with a focus on the impact to people and process. \nI love building and making a tangible impact. With a focus on strategic growth\, I’ve achieved significant success in delivering compelling and tangible results. I am demonstrably committed to optimizing organizational systems\, performance—and the bottom line. \nI effectively lead and empower top-performing global teams. With excellent communication and interpersonal skills\, I easily build productive relationships with diverse groups of key stakeholders\, shareholders\, clients\, and colleagues at all levels. \n \n\n\n \n\n\nSushila Nair\nCEO of Cybernetic LLC\nCISSP\, GIAC GSTRT\, GSNA GDSA\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair is the CEO of Cybernetic LLC and former Vice President of Capgemini’s North American Cybersecurity practice\, where she played a crucial role in driving secure digital transformation on a global scale. With over 30 years of experience in computing infrastructure\, business\, and security risk analysis\, Sushila has established herself as a leading authority in the cybersecurity domain. Her career highlights include serving as Vice President responsible for global security offers at NTT DATA Services\, a decade of leading her own IT and cybersecurity company across major UK cities\, and serving as a Chief Information Security Officer (CISO) and trusted advisor to boards\, where she honed her expertise in protecting organizations from evolving digital threats. Recognized through the top cybersecurity leader award by Security Magazine\, Sushila’s influence in the industry is undeniable. \nAn esteemed thought leader\, Sushila has shared her insights on prestigious platforms such as RSA Conference and ISACA’s global events. Her active participation in ISACA’s global emerging trends working group and her leadership as President of ISACA’s Greater Washington\, D.C. Chapter underscore her dedication to advancing the field of cybersecurity. In 2024\, her commitment to nurturing the next generation of cybersecurity professionals and promoting diversity in the industry was honored with the prestigious ISACA Technology for Humanity Award. \n \n\n\n \n\n\nAvneet Sabharwal\nIT Audit Manager and GWDC Programs Director\nCISA\, CMMC-AB Registered Practioner \nAvneet Sabharwal is an experienced IT Auditor with nearly a decade of expertise across various industries\, including consulting\, finance\, and telecommunications. She has worked extensively on SOX\, SOC 1\, and FSA audits. In her current role\, Avneet is an Internal Audit Manager at a financial planning firm\, focusing on information systems and data analytics. \nAvneet holds a Master’s degree in Information Systems and Technology and an MBA from the George Washington School of Business. She is also certified as a CISA and a CMMC-AB Registered Practitioner. \nIn addition to her professional role\, Avneet serves as the Director of Virtual Conferences on the ISACA GWDC chapter Board\, where she is responsible for planning\, organizing\, and hosting monthly conferences. \nIn her free time\, Avneet enjoys traveling and exploring new places with her family\, reading thriller novels\, and\, recently\, delving into the art of prompting. \n \n\n \n\n \n\n\nGurmeet Kaur\nChief Product & Experience Officer @ Agilious \nGurmeet is a product and design leader with passion for designing and delivering extraordinary user experiences. Gurmeet’s expertise is in driving user engagement by planning\, designing and delivering digital products that meet end user needs. She brings 25+ years of experience leading successful transformations across the private and non-profit sectors. Gurmeet is building Agilous’s strategy and design practices to ensure all applications and products we build are based on customer data and deliver clear value to the enterprise (private or public sector) and their end users. \nGurmeet joined Agilious from Capital One\, where she built a Developer Experience team from the ground up and delivered the long term vision for Capital One Developer Experience. Gurmeet has led the product transformation at AARP’s for-profit sector and doubled member engagement on the benefits’ app. In her tenure at Marriott she served as the digital lead for all acquisitions\, successfully integrating multiple brands into the digital Marriott platforms\, including The Ritz-Carlton\, Starwood\, Gaylord\, MOXY\, Atlantis\, Protea\, and AC hotels. \nGurmeet is a Gallup certified coach with deep expertise in building high-performing teams by leveraging collective skills\, diverse perspectives\, and complementary expertise. She is also the published author of Empathy & Arrogance: The Paradox of Digital Products\, a compilation of lessons learned over two decades of building digital products. \n \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about current and future trends in emerging technology. \n  \nCPE-Related Details \n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/emerging-technology-conference-2025/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/12/conference-emergingtech-sheleadstech.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250325T083000 DTEND;TZID=America/New_York:20250327T170000 DTSTAMP:20250106T011852Z CREATED:20250105T190836Z LAST-MODIFIED:20250106T011852Z UID:33464-1742891400-1743094800@isaca-gwdc.org SUMMARY:Certificate of Cloud Auditing Knowledge (CCAK™) Review Course DESCRIPTION:The CCAK review course is designed to cover the following five core areas of focus: Cloud governance\, Cloud compliance\, Cloud auditing\, Cloud assurance\, and CSA tools. The course will provide knowledge on cloud security assessment methods and techniques\, and will assist students in updating their expertise in cloud and hybrid security auditing. CCAK is a joint project by Cloud Security Alliance® and ISACA®. The CCAK is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical education for cloud IT auditing. \nThis course is intended for anyone sitting for the CCAK Exam. Students are expected to have prepared for the exam prior to attending the course. \nRegistration closes on March 24 @ 3pm. \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Overview \n\nMarch 25 – 27 \nThe course will be held on March 25 – 27 from 8:30 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $500 \nThe fee for GWDC Members is $500 for the course.\nThe fee for all other registrants is $700 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 24 CPEs \nAttendees can earn up to 24 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nCourse Modules \n\nModule 1 \n\n\nCloud Governance \n\nOverview of governance\nCloud assurance\nCloud governance frameworks\nCloud risk management\nCloud governance tools\n\n\n\nModule 2 \n\n\nCloud Compliance Program \n\nDesigning a cloud compliance program\nBuilding a cloud compliance program\nLegal and regulatory requirements\nStandards and security frameworks\nIdentifying controls and measuring effectiveness\nCSA certification\, attestation and validation\n\n\n\nModule 3 \n\n\nCCM and CAIQ Goals\, Objectives and Structure \n\nCCM\nCAIQ\nRelationship to standards: mappings and gap analysis\nTransition from CCM V3.0.1 to CCM V4\n\n\n\nModule 4 \n\n\nA Threat Analysis Methodology for Cloud Using CCM \n\nDefinitions and purpose\nAttack details and impacts\nMitigating controls and metrics\nUse case\n\n\n\nModule 5 \n\n\nEvaluating a Cloud Compliance Program \n\nEvaluation approach\nA governance perspective\nLegal\, regulatory and standards perspectives\nRisk perspectives\nServices changes implications\nThe need for continuous assurance/continuous compliance\n\n\n\nModule 6 \n\n\nCloud Auditing \n\nAudit characteristics\, criteria & principles\nAuditing standards for cloud computing\nAuditing an on-premises environment vs. cloud\nDifferences in assessing cloud services and cloud delivery models\nCloud audit building\, planning and execution\n\n\n\nModule 7 \n\n\nCCM: Auditing Controls \n\nCCM audit scoping guidance\nCCM risk evaluation guide\nCCM audit workbook\nCCM an auditing example\n\n\n\nModule 8 \n\n\nContinuous Assurance and Compliance \n\nDevOps and DevSecOps\nAuditing CI/CD pipelines\nDevSecOps automation and maturity\n\n\n\nModule 9 \n\n\nSTAR Program \n\nStandard for security and privacy\nOpen Certification Framework\nSTAR Registry\nSTAR Level 1\nSTAR Level 2\nSTAR Level 3\n\n\n  \nInstructor \n\n \n\n\nSushila Nair\nCISSP\, GIAC GSTRT\, GSNA GDSA\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair is the CEO of Cybernetic LLC and former Vice President of Capgemini’s North American Cybersecurity practice\, where she played a crucial role in driving secure digital transformation on a global scale. With over 30 years of experience in computing infrastructure\, business\, and security risk analysis\, Sushila has established herself as a leading authority in the cybersecurity domain. Her career highlights include serving as Vice President responsible for global security offers at NTT DATA Services\, a decade of leading her own IT and cybersecurity company across major UK cities\, and serving as a Chief Information Security Officer (CISO) and trusted advisor to boards\, where she honed her expertise in protecting organizations from evolving digital threats. Recognized through the top cybersecurity leader award by Security Magazine\, Sushila’s influence in the industry is undeniable. \nAn esteemed thought leader\, Sushila has shared her insights on prestigious platforms such as RSA Conference and ISACA’s global events. Her active participation in ISACA’s global emerging trends working group and her leadership as President of ISACA’s Greater Washington\, D.C. Chapter underscore her dedication to advancing the field of cybersecurity. In 2024\, her commitment to nurturing the next generation of cybersecurity professionals and promoting diversity in the industry was honored with the prestigious ISACA Technology for Humanity Award. \n \n\n  \nCCAK Information and Resources \n  \n \nThe CCAK exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CCAK exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CCAK and Exam Registration \n  \nCCAK Exam Preparation \nStudents who wish to take the exam should purchase the exam study guide here. The Q&A database is purchased here and is helpful for the exam revision. \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 24 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \n\nDemonstrate key concepts of cloud governance and the role of assurance\, transparency and accountability in the cloud.\nExplain cloud risk management and the application of cloud governance tools.\nDevise the designing\, building and evaluating of a cloud compliance program based on laws\, regulations and regulatory standards.\nApply control objectives\, technical and process controls\, security metrics and relate them to cloud control frameworks\, certification\, attestation and authorizations.\nDefine and illustrate how to use the CSA Cloud Control Matrix and the CSA Top Threat Analysis Methodology.\nBuild and execute an audit plan that addresses cloud concerns by utilizing the Cloud Control Matrix.\nDiscuss the impact of continuous assurance and auditing\, cloud automation\, native development and integration models on auditing and compliance .\nDescribe the role of the CSA STAR Program.\n\n  \nCPE-Related Details \n\nPrerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/certificate-of-cloud-auditing-knowledge-ccak-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/08/review_course_ccak-1.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250327T080000 DTEND;TZID=America/New_York:20250327T170000 DTSTAMP:20250217T145159Z CREATED:20250217T145159Z LAST-MODIFIED:20250217T145159Z UID:33626-1743062400-1743094800@isaca-gwdc.org SUMMARY:IT Fraud Conference - ACFE DC & ISACA GWDC (in-person) DESCRIPTION:IT Fraud Conference – ACFE DC & ISACA GWDC (in-person) \nIncidents of information technology being maliciously exploited reduce confidence and trust in the attacked organization’s security and operations.  In November 2024\, the Global Anti-Scam Alliance noted that scammers siphoned more than $1 trillion globally in the past 12 months.  In addition\, Recorded Future’s Annual Payment Fraud Intelligence Report noted that 269 million card data and 1.9 million stolen bank checks were posted on the dark web in 2024. Join the Washington Metropolitan Association of Certified Fraud Examiners (ACFE DC) and ISACA Greater Washington DC (ISACA GWDC) in their 2025 IT Fraud Conference. \nDate: March 27\, 2025 (Thursday); 0800-1700 ET (up to 8 NASBA CPEs) \nLocation: 1801 K St. NW Washington\, DC 20036 (KPMG Conference Rooms) \nBreakfast and Lunch included. \nTo view the event agenda\, topics\, and presenters\, as well as register\, please visit the ACFE DC website. \n\nPlease Note:  All registrations\, questions\, communications\, and CPE issuance are handled by the ACFE DC. \n\n  \nGWDC Members can register on the ACFE website for $100 using a discount code.  Email us using the Registration Questions Contact Form to receive the discount code. \nRegister on the ACFE DC website using the link below (registration details are at the bottom of the page). \nRegister Today! \n  URL:https://isaca-gwdc.org/event/acfe-fraud-conference-2025/ LOCATION:1801 K Street. NW\, 1801 K. Street NW\, Washington\, D.C.\, DC\, 20036\, United States CATEGORIES:Special Event ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2020/09/Screen-Shot-2020-10-01-at-9.06.01-AM.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250327T083000 DTEND;TZID=America/New_York:20250327T170000 DTSTAMP:20250105T201022Z CREATED:20250105T191755Z LAST-MODIFIED:20250105T201022Z UID:33495-1743064200-1743094800@isaca-gwdc.org SUMMARY:NIST Privacy Framework Workshop DESCRIPTION:This intensive one-day virtual workshop\, “NIST Privacy Framework\,” scheduled for Thursday\, March 27th\, 2025\, will provide participants with a thorough understanding of how to manage privacy risks and protect individual privacy while achieving organizational objectives. The workshop will cover strategies for implementing privacy practices that align with regulatory requirements. Participants will gain valuable insights and practical knowledge to enhance their organization’s privacy management capabilities. The workshop offers 7 Continuing Professional Education (CPE) credits. \nRegistration closes on March 26 @ 3pm.  \nRegister Today! \n  \nCourse Overview \n\nMarch 27 \nThe workshop will be held on March 27 from 8:30 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Teams. \nPrior to the event\, participants must install the Teams app on their respective devices. Participants using the web-based Teams or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $125 \nThe fee for GWDC Members is $125 for the course.\nThe fee for all other registrants is $200 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 7 CPEs \nAttendees can earn up to 7 CPEs for this event. \nParticipants must respond to all the poll questions via the Teams polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \nModule 0: Course Overview and Introduction \n\nIntroduction and Course Overview\nParticipant Introductions\nWhat is the NIST Privacy Framework?\nCourse Schedule\nCourse Format\nLearning Objectives\nExpected Outcomes\nStudent Prerequisites\nCourse Logistics\nRecap\n\nModule 1: Introduction to Privacy and Risk Management \n\nDefining Privacy in the Modern Digital Landscape\nChallenges in Managing Privacy Risks\nEnterprise Risk Management Overview\nThe Role of Privacy in Organizational Goals\nEvolution of Privacy Frameworks\nData Processing Ecosystem Overview\nEthical Decision-Making and Privacy\nKey Stakeholders in Privacy Risk Management\nPrivacy Risk vs. Compliance Risk\nBuilding a Privacy-Driven Culture\nCase Study\nQuiz\n\nModule 2: Core Components of the Privacy Framework \n\nOverview of the Privacy Framework Core\nIdentify-P Function\nGovern-P Function\nControl-P Function\nCommunicate-P Function\nProtect-P Function\nCategories and Subcategories: Structuring Privacy Activities\nLinking Privacy to the Cybersecurity Framework\nGranularity in Privacy Risk Management\nThe Importance of Subcategory Customization\nCase Study\nQuiz\n\nModule 3: Building and Using Profiles \n\nWhat Are Privacy Profiles?\nCurrent vs. Target Profiles\nRole of Profiles in Organizational Privacy\nSteps to Develop a Privacy Profile\nPrioritizing Outcomes and Activities\nUsing Profiles for Self-Assessment\nAligning Profiles with Business Needs\nComparing Multiple Profiles Across Roles\nIntegrating Profiles in Organizational Strategy\nProfiles as a Communication Tool\nCase Study\nQuiz\n\nModule 4: Implementation Tiers and Organizational Maturity \n\nOverview of Implementation Tiers\nPartial Tier: Foundational Privacy Management\nRisk-Informed Tier: Evolving Awareness\nRepeatable Tier: Formalized Practices\nAdaptive Tier: Continuous Improvement\nCriteria for Assessing Maturity Levels\nProgression Through Tiers\nLinking Tiers to Organizational Goals\nCollaboration and Communication for Tiers\nRealizing Privacy Maturity Benefits\nCase Study\nQuiz\n\nModule 5: Privacy Risk Assessment and Mitigation \n\nDefining Privacy Risk Factors\nProblematic Data Actions and Their Impacts\nSteps in Privacy Risk Assessment\nRisk Models for Privacy Management\nLikelihood and Impact Analysis\nResponding to Privacy Risks\nRisk Mitigation Strategies\nUsing Privacy Risk Assessment Methodology (PRAM)\nBalancing Risk Tolerance and Resources\nImplementing Risk Assessment Outcomes\nCase Study\nQuiz\n\nModule 6: Governance and Accountability \n\nImportance of Governance in Privacy\nDeveloping Organizational Privacy Values\nEstablishing Roles and Responsibilities\nPolicies for Privacy Risk Management\nTraining and Awareness Initiatives\nMonitoring and Reviewing Privacy Policies\nStrengthening Cross-Functional Collaboration\nAccountability Across Ecosystem Stakeholders\nEmbedding Privacy in Decision-Making\nReporting on Privacy Metrics and Progress\nCase Study\nQuiz\n\nModule 7: Integrating Privacy into the System Development Lifecycle (SDLC) \n\nAligning Privacy with SDLC Phases\nPlanning for Privacy from the Start\nPrivacy in Design and Build Phases\nDeploying Privacy-Centric Solutions\nOperating with Privacy Safeguards\nDecommissioning with Privacy in Mind\nPrivacy Engineering Objectives Explained\nPredictability\, Manageability\, and Disassociability\nLeveraging SDLC Artifacts for Privacy\nPractical Integration Techniques\nCase Study\nQuiz\n\nModule 8: Engaging in the Data Processing Ecosystem \n\nUnderstanding Ecosystem Roles\nPrivacy in the Data Processing Ecosystem\nIdentifying Stakeholders and Relationships\nPrivacy Requirements Communication\nContracts and Governance in the Ecosystem\nManaging Interdependencies\nUsing Interoperability Frameworks\nAssessing Ecosystem Risk\nAligning Ecosystem Roles with Privacy Goals\nEcosystem-Wide Collaboration and Innovation\nCase Study\nQuiz\n\n  \nInstructor \n\n \n\n\nJim Wiggins\nCISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim has over 28 years of direct experience in the design\, operation\, management\, and auditing of information technology systems\, with the past 23 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses aimed at federal and government contracting clients. \nToday\, Jim is the Founder and Principal of Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, RMF\, Security+\, and other courses requested by Securible’s clients. Currently\, he provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI offers a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501(c)(3) public charity that focuses on cyber education and serves as the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation operates the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at: https://www.fitsifoundation.org. \nIn 2020\, Jim launched a TV show on cybersecurity called “Cybersecurity Today\,” which can be viewed in the Washington\, DC area. Episodes can also be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW named Jim to the “Federal 100” for his tireless efforts to promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make on the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \n\nUnderstand the foundational components and structure of the NIST Privacy Framework.\nGain knowledge of privacy risk management and its importance in protecting individual privacy.\nLearn strategies for aligning privacy practices with organizational objectives and regulatory requirements.\nDevelop skills to implement the framework in real-world scenarios effectively.\nApply the framework through practical exercises to address privacy challenges and enhance management capabilities.\n\nCPE-Related Details \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/nist-privacy-framework-workshop/ LOCATION:Virtual Event CATEGORIES:Workshop ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/01/workshop_nist_privacy_framework.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250411T083000 DTEND;TZID=America/New_York:20250411T140000 DTSTAMP:20250402T005806Z CREATED:20250105T192645Z LAST-MODIFIED:20250402T005806Z UID:33506-1744360200-1744380000@isaca-gwdc.org SUMMARY:PowerShell® Workshop: Active Directory DESCRIPTION:Auditors performing audits of Windows systems inevitably need to obtain information from Active Directory®\, Microsoft’s platform for providing directory services to Windows and other devices. Whether it’s data on user accounts\, computer accounts\, group membership\, or configurations in group policy objects\, Active Directory is often a critical data source for Windows system audits. \nWhile Active Directory graphic user interfaces can be used to obtain this information\, they are often not efficient to use and some information isn’t easy to find and download. This often results in administrators needing to provide data or screenshots. \nPowerShell® provides a better method of obtaining information from Active Directory. As a Microsoft product\, PowerShell has a variety of commands for working with Active Directory. These include commands to obtain data on Active Directory objects\, such as users\, computers\, groups\, and group policy objects. Using simple PowerShell scripting capabilities\, auditors can develop scripts to efficiently collect data from Active Directory and perform audit tests on this data. \nThis one-day workshop will cover the PowerShell commands needed to obtain user\, computer\, group\, and group policy object data from Active Directory. The course will also cover basic audit tests that can be performed using PowerShell on Active Directory objects.  Attendees will be provided access to a virtual server to practice commands and perform hands-on exercises. \nAuditors and security professionals who audit Active Directory will benefit from attending this course. \nThis course builds on the concepts presented in the PowerShell® Basics Workshop. \nRegistration closes on April 10 @ 3pm. \nRegister Today! \n  \nCourse Overview \n\nApril 11 \nThe workshop will be held on April 11 from 8:30 am to 2:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Teams or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $100 \nThe fee for GWDC Members is $100 for the course.\nThe fee for all other registrants is $150 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 6 CPEs \nAttendees can earn up to 7 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n\nBasics of Using PowerShell\nOverview of PowerShell’s Active Directory and Group Policy modules\nHands-on Practice on use cases for collecting data for and auditing:\n\nUsers\nComputers\nGroups and Group Memberships\nAD Organizational units\nGroup Policy Objects\n\n\nRecap and PowerShell resources\n\n  \nAdditional Course Details \nHands-on Lab Exercises \nEach student will be provided access to a Windows Server to use during the course. The server will be hosted on the Azure Lab Services platform. \nThe server will be accessed using Windows Remote Desktop. Therefore\, on the course dates\, students will need to use a Windows-based computer that permits use of the Remote Desktop protocol. \nAn email will be sent to each student this evening with instructions on accessing the virtual server. Students are encouraged to register and follow the instructions to access the virtual server prior to the start of the seminar. \nEach lesson in the course has practice commands to use during the lesson and practice exercise to reinforce lesson concepts.  All lesson materials will be pre-loaded onto each student’s virtual server. \n  \nMaterials Provided During the Seminar \nEach student attending the seminar will be provided: \n\nPresentation materials\nPowerShell scripts for each lesson\nAccess to the virtual server for up to 10 hours after the course ends for additional practice\nLink to the seminar recording\, good for 30 days after the seminar\n\n  \nInstructor \n\n \n\n\nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 30 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 20+ years\, most of the time as Internet/Communications Director. Mike is currently the Information Technology Director\, where he manages the chapter’s website and IT environment. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 6 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter completing this course\, students will have basic skills to use PowerShell to obtain\, view\, and export data from Active Directory.  \n  \nCPE-Related Details \n\nPrerequisites: Students should be familiar with using PowerShell and working with Active Directory.\nAdvance Preparation: The instructor will provide materials in advance of the course. The instructor will also provide credentials to access a virtual server several days in advance of the course. Students should log onto the server and share any issues with the instructor in advance of the course.\nProgram Knowledge Level: Intermediate\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/powershell-workshop-active-directory/ LOCATION:Virtual Event CATEGORIES:Workshop ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/01/workshop_powershell_active_directory.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250412T083000 DTEND;TZID=America/New_York:20250412T163000 DTSTAMP:20250115T222759Z CREATED:20250105T193823Z LAST-MODIFIED:20250115T222759Z UID:33471-1744446600-1744475400@isaca-gwdc.org SUMMARY:Certified Information Security Manager® (CISM®) Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certified Information Security Manager® (CISM) Exam. The CISM® review course will provide practical advice on preparing for the CISM exam and specific instruction regarding the job practice areas addressed by CISM as defined by ISACA® Global. \nThis event is ideal for professionals planning to sit for the CISM exam. Attendees are encouraged to prepare in advance to maximize the benefits of the course. \nRegistration closes on April 11 @ 3 pm. \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Overview \n\nApril 12\, 19\, & 26 \nThe course will be held on April 12\, 19 & 26 (Saturdays) from 8:30 am to 4:30 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Teams. \nPrior to the event\, participants must install the Team app on their respective devices. Participants using the web-based Teams or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $450 \nThe fee for GWDC Members is $450 for the course.\nThe fee for all other registrants is $800 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 21 CPEs \nAttendees can earn up to 21 CPEs for this event. \nParticipants must respond to all the poll questions via the Teams polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n\n  \nAgenda \n\nDay 1 \n\n\nModule 1 – Information Security Governance \nModule 2 – Information Security Risk Management \n\n\nDay 2 \n\n\nModule 3 – Information Security Program \nModule 4 – Incident Management \n\n\nDay 3 \n\n\nModule 5 – Exam Preparation Strategies \n\n  \nCourse Materials and Exam Resources \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISM exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISM Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISM Review Manual and the CISM Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CISM Review Manual\n CISM Review Questions\, Answers & Explanations Manual\n CISM Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISM page as part of their study program.  \n  \nInstructor \n\n \n\n\nJim Wiggins\nCISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim has over 28 years of direct experience in the design\, operation\, management\, and auditing of information technology systems\, with the past 23 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses aimed at federal and government contracting clients. \nToday\, Jim is the Founder and Principal of Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, RMF\, Security+\, and other courses requested by Securible’s clients. Currently\, he provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI offers a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501(c)(3) public charity that focuses on cyber education and serves as the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation operates the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at: https://www.fitsifoundation.org. \nIn 2020\, Jim launched a TV show on cybersecurity called “Cybersecurity Today\,” which can be viewed in the Washington\, DC area. Episodes can also be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW named Jim to the “Federal 100” for his tireless efforts to promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make on the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n \n\n  \nMore Information on CISM \n \nRegistration for the CISM exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CISM and Exam Registration \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CISM exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/cism-review-course-spring2025/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/08/review_course_cism-1.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250417T144500 DTEND;TZID=America/New_York:20250417T170000 DTSTAMP:20250423T144400Z CREATED:20241231T201037Z LAST-MODIFIED:20250423T144400Z UID:33393-1744901100-1744909200@isaca-gwdc.org SUMMARY:FISMA and Risk Management Framework Panel Discussion DESCRIPTION:To protect federal information and systems\, the Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies to develop\, document\, and implement information security programs. The Annual FISMA Conference provides a useful update to IT Auditors and the Federal IT community on the current landscape and efforts to comply with FISMA. Come hear perspectives from senior federal executives who play key roles in FISMA compliance efforts. During this session\, you will learn about recent changes to the FISMA metrics\, and the opportunities and challenges agencies face in complying with FISMA. \nRegistration closes on April 16th @ 2pm. \nRegister Today! \n  \nEvent Sponsor \n  \n \nSikich is a Chicago-based global company specializing in technology-enabled professional services. With more than 1\,900 employees\, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies. From corporations and not-for-profits to state and local governments and federal agencies\, Sikich clients utilize a broad spectrum of services and products to help them improve performance and achieve long-term\, strategic goals. As a full-service provider to Federal government agencies\, we provide financial management advisory and assurance services\, such as: \n\nAssisting the U.S. Defense Industrial Base (DIB) sector in enhancing its cybersecurity posture within the multi-tier supply chain to ensure compliance with Cybersecurity Maturity Model Certification (CMMC) requirements.\nConducting CFO Act engagements on behalf of more than three dozen federal CFOs and Offices of Inspectors General (OIGs) in the Executive and Legislative Branches.\nConducting FISMA audits and other custom IT and cybersecurity performance audits. Our testing includes evaluations of access controls\, configuration and change management\, systems development life cycle including audits of Agile and Waterfall implementations\, disaster recovery and contingency planning\, and overall governance and security frameworks.\nSupporting agencies adhere to the processes outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series and conducting Security Assessment and Authorization (SA&A) activities.\n\n  \nConference Overview \n\nApril 17 \nThe conference will be held on April 17\, 2025 from \n2:45 pm to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe event will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $5 \nThe fee for GWDC Members is $5 for the conference.\nThe fee for all other registrants is $15 for the conference. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 2 CPEs \nAttendees can earn up to 2 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n \n\n2:45 PM – 2:55 PM \n\n\nOpening Remarks and Housekeeping \n  \n\n \n\n3:00 PM – 4:50 PM \n\n\n2025 Panel Discussion on FISMA and Risk Management Framework \nModerator: \n\nSarah Mirzakhani\nPrincipal @ Sikich\n\nPanelists: \n\nJennifer Franks\nDirector\, Center for Enhanced Cybersecurity @ US Government Accountability Office (GAO)\nMark Canter\nChief Information Security Officer (CISO) and Director of the Information Security Division at the U.S. Government Accountability Office (GAO)\nDr. Ron Ross\nChief Executive Officer @ RONROSSECURE\, LLC\nFormer Fellow @ the National Institute of Standards and Technology\n\n\n\n4:50 PM – 5:00 PM \n\n\nClosing Remarks \n\n  \n  \nModerator \n\n \n\n\nSarah Mirzakhani\nPrincipal @ Sikich \nCISA \nSarah Mirzakhani\, CISA\, is a principal with over 20 years of experience in information technology audit/information assurance and information security solutions. Sarah serves federal agencies with varied\, complex IT systems and environments. Her experience includes leading information technology internal control reviews and security audits\, such as the Federal Information Security Modernization Act (FISMA) and overseeing vulnerability assessments and penetration testing. \nSarah is also skilled in conducting and leading system and organization controls/SSAE18 audits and readiness assessments\, regulatory compliance reviews\, and system implementation reviews for not-for-profit\, commercial\, and governmental entities. She has extensive knowledge of the National Institute of Standards and Technology (NIST)\, Federal Information Processing Standards (FIPS)\, and Office of Management and Budget (OMB). \nShe provides services in areas\, such as IT and Cybersecurity Audits\, FISMA Audit Services\, and Performance Audits/p> \nSarah holds a Bachelor of Science in Business Administration\, Management Information Systems\, West Virginia University\, and is a Certified Information Systems Auditor (CISA). She is affiliated with the Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA). \n \n\n  \nPanelists \n\n \n\n\nJennifer Franks\nDirector\, Center for Enhanced Cybersecurity\nActing Director\, Analytics Foundry\nUS Government Accountability Office (GAO) \nJennifer Franks directs the Center for Enhanced Cybersecurity within GAO’s Information Technology and Cybersecurity team. She oversees reviews that primarily focus on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality\, integrity\, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices. In addition\, she leads reviews in the areas of IT management and operations\, financial management\, healthcare and public health IT\, data protection\, and privacy. \nFurther\, Jennifer serves as the Acting Director of the Analytics Foundry; a dedicated cloud computing environment that manages GAO’s complex analytical functions. \nJennifer earned a master’s degree in information security policy and management from Carnegie Mellon University and earned a bachelor’s degree in computer information systems from Hampton University. \n \n\n\n \n\n\nMark Canter\nChief Information Security Officer (CISO) and Director of the Information Security Division at the U.S. Government Accountability Office (GAO) \nMark Canter is the CISO and Director of the Information Security Division at GAO. In his capacity\, he oversees policy and governance\, information assurance and compliance\, and security operations. Prior to assuming this role\, he served as Assistant Director in the Information Technology and Cybersecurity (ITC) team at GAO. His portfolio included a diverse set of engagements on topics of financial and information systems internal control auditing\, cybersecurity\, emerging technologies such as blockchains\, AI\, and safeguarding/privacy of information. In addition\, he has authored various compliance and auditing tools and published several common vulnerabilities and exploits. \n\n\n \n\n\nDr. Ron Ross\nChief Executive Officer @ RONROSSECURE\, LLC\nFormer Fellow @ the National Institute of Standards and Technology \nRon Ross the Chief Executive Officer at RONROSSECURE\, LLC\, a cybersecurity advisory company and a Fellow at Dartmouth College. His focus areas include computer and information security\, systems security engineering\, trustworthy computing\, high assurance systems\, and security risk management. Dr. Ross currently supports the Dartmouth Institute for Security\, Technology\, and Society conducting applied research in secure systems engineering. A former Fellow at the National Institute of Standards and Technology\, Dr. Ross led the NIST Systems Security Engineering and FISMA Implementation Projects which included the development of cybersecurity standards and guidance for the federal government\, contractors\, and United States critical infrastructure. He also supported the State Department in its international outreach program for cybersecurity and critical infrastructure protection and led the Joint Task Force\, an interagency group with members from the Department of Defense\, Intelligence Community\, and Civil agencies. Dr. Ross served as the Director of the National Information Assurance Partnership\, a joint activity of NIST and the National Security Agency. During his twenty-year military career\, Dr. Ross served as a White House aide and senior technical advisor to the United States Army. He has lectured at colleges and universities throughout the United States and delivered the Commencement address at The George Washington University (School of Engineering). \nDr. Ross has authored numerous publications on risk management\, cybersecurity\, systems security engineering\, and system resiliency. These include: FIPS 199 (security categorization)\, FIPS 200 (security requirements)\, SP 800-30 (risk assessments)\,  SP 800-37 (risk management framework)\, SP 800-39 (enterprise risk management)\, SP 800-53 (security and privacy controls)\,  SP 800-53A (security and privacy control assessments)\, SP 800-53B (security and privacy control baselines)\, SP 800-128 (security configuration management)\, SP 800-160\, Vol. 1 (systems security engineering)\, SP 800-160\, Vol. 2 (cyber resiliency engineering)\, SP 800-171 (protection of controlled unclassified information)\, SP 800-171A (security assessments)\, SP 800-172 (enhanced security requirements)\, and SP 800-172A (enhanced security requirement assessments). \nDr. Ross has received many public and private sector awards including the Presidential Rank Award\, Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement\, Michael V. Hayden Lifetime Achievement Award\, Department of Defense Superior Service Medal\, National Security Agency Scientific Achievement Award\, Department of Commerce Gold and Silver Medal Awards\, Applied Computer Security Distinguished Practitioner Award\, GCN Government Executive of the Year Award\, Vanguard Chairman’s Award\, Institute for Critical Infrastructure Technology Pioneer Award\, Information Week’s Government CIO 50 Award\, Billington Cybersecurity Leadership Award\, Office of Director National Intelligence Partnership Award\, ISACA National Capital Area Conyers Award\, ISACA Joseph J. Wasserman Award\, AFFIRM President’s Award\, Symantec Cyber 7 Award\, Government Technology Research Alliance Award\, SC Magazine’s Cyber Security Luminaries Award\, (ISC)2 Lynn F. McNulty Tribute Award\, American Bar Association Science and Technology Special Recognition Award\, 1105 Media Gov30 Award\, and CES Government Technology Leadership Award. He has also been recognized three-times as one of the Top 10 Influencers in Government IT Security and is a five-time recipient of the Federal 100 award for leadership and technical contributions to federal government cybersecurity projects. Dr. Ross has been inducted into the National Cyber Security Hall of Fame\, selected as an (ISC)2 Fellow\, and inducted into the Information Systems Security Association Hall of Fame receiving its highest honor of Distinguished Fellow. \nDr. Ross holds a Bachelor of Science degree in Engineering from the United States Military Academy at West Point. He also holds Masters and Ph.D. degrees in Computer Science from the United States Naval Postgraduate School with a concentration in artificial intelligence and robotics. He was commissioned as a Second Lieutenant in the United States Army\, served as a Mechanized Infantry and Army Acquisition Corp officer\, completed Airborne training\, and retired with the rank of Lieutenant Colonel. \n \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \n  \nCPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about current and future trends in the IT Audit space. \n  \nCPE-Related Details \n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/fisma-rmf-panel-2025/ LOCATION:Virtual Event CATEGORIES:Panels ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/12/panel-fisma.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250519T084500 DTEND;TZID=America/New_York:20250519T170000 DTSTAMP:20250517T013723Z CREATED:20250106T021103Z LAST-MODIFIED:20250517T013723Z UID:33542-1747644300-1747674000@isaca-gwdc.org SUMMARY:Future Tech DC DESCRIPTION:<< Return to GWDC Events \n  \n \nFuture Tech DC\nMay 19\, 2025 from 8:45 AM to 5:00 PM\nGeorge Mason University\, Arlington VA Campus\n8 CPE\n$175 for Members of Partner Organizations\n$250 for All Other Registrants \n  \n  \n\n\n\nWelcome to Future Tech DC: AI\, Cybersecurity\, and Trust\nThe premier conference that explores the intersection of artificial intelligence\, cybersecurity\, and IT audit. \nJoin us in the heart of Washington\, D.C.\, where innovators\, industry leaders\, and technology enthusiasts converge to shape the future of the digital landscape. This event offers: \n\nInsightful Sessions: Prepare for the challenges of tomorrow\, by delving into the evolving cybersecurity threat landscape\, gaining insights into emerging technologies such as AI\, and discovering strategies for IT audit and cybersecurity professionals to build trust in a digital world.\nTailored Tracks: Choose from General\, Government\, and Workshop sessions\, including hands-on SANS demonstrations.\nNetworking & Professional Growth: Connect with peers\, earn 8 CPE credits\, and gain practical tools to secure your organization.\n\nWhat’s included with the registration fee in addition to conference attendance: Breakfast\, lunch\, parking at GMU Arlington campus \nWho Should Attend this Event?  IT / Cybersecurity professional\, cybersecurity student\, auditor\, CISO\, or business or government leader \nRegistration closed on May 16 @ 6pm.  There is no walk-up registration for this event. \nRegister Today! \n  \n\n\n\n  \nRegistration Bundles Available \n\nProfessional Bundles are available for businesses and organizations to purchase bundles of 10 registrations at the member rate. After purchase\, a discount code will be emailed. \nPurchase Professional Bundle \n\n\nStudent Bundles are available for colleges and universities to purchase bundles of 10 registrations for students at discounted student pricing. After purchase\, a discount code will be emailed. \nPurchase Student Bundle \n\n  \n\n\n\nPartner Organizations \nThis event wouldn’t be possible with the time and dedication of the following partner organizations present this event. These organizations are presented below in no order of significance: \n\n\n\n\n\n\n\n\n\n\n\n\n\nWorkshops Powered By: \n \n\n\nHosted By: \n \n\n  \nAgenda \nTailor your conference experience by choosing sessions in one of the three tracks.  Please note\, no advance selection is required for the General and Government Tracks. Registrants can attend the General and Government sessions on a first come basis on the day of the conference.  SANS Workshops will be selected during registration \nGovernment Track – Government Focus: Federal\, State\, and Local Perspectives\nDive into sessions tailored to the unique challenges and opportunities faced by government entities. Explore innovative strategies for securing critical infrastructure\, enhancing digital services\, and navigating regulatory landscapes at every level of government. \nGeneral Track – Visionary Leaders in AI\, Emerging Tech\, and Cybersecurity\nHear from globally recognized thought leaders who are driving change in artificial intelligence\, emerging technologies\, and cybersecurity. These inspirational talks will provide insights into the future of tech and its role in building a safer\, more innovative world. \nSANS Workshop Track – Practical Skills and Cutting-Edge Tools\nParticipate in interactive workshops and labs that bring theory to life. From building a machine learning network to detect anomalies\, to reverse engineering malware\, and identifying cloud misconfigurations\, these sessions offer practical\, real-world applications for staying ahead in an ever-evolving digital landscape.  Please note\, SANS workshops have a limited capacity. Sign up early to secure your spot before sessions reach capacity.  There is a limit of one SANS workshop per registrant. \n  \n\n\n\n Time\nGeneral Track\nGovernment Track\nSANS Workshop Track\nSpecial Activities\n\n\n08:00 AM – 08:45 AM\nBreakfast and Networking\n\n\n08:45 AM – 09:00 AM\nConference Introduction\n\n\n09:00 AM – 10:00 AM\nKeynote Speaker: Dave Hoelzer\, SANS Fellow\nReal World Hype-Free AI in the Cybersecurity Enterprise\n\n\n10:00 AM – 11:00 AM\nAsk Questions\nTerry Grafenstine (IIA and PenFed)\nCybersecurity for Artificial Intelligence\nJeffrey Eyink (DoD)\nPresented by SANS – Avoiding Data Disasters: Techniques to Identify and Address Cloud Storage Misconfigurations\nShaun McCullough (SANS and GitHub)\n\nCapture the Flag \nCheck-in \n10:00-10:30 \nAM \nCompetition \n10:30 AM – \n2:30 PM \nWinners \nAnnounced \n2:30 – 3:00 PM \n\n\n\n11:00 AM – 12:00 PM\nAdapt or Be Breached: Why Outdated Third-Party Risk Models are Failing SaaS\nVishal Chawla (BluOcean Cyber)\nThe NIST Risk Management Framework: More Than Just Compliance and an ATO\nVictoria Yan Pillitteri (NIST)\n\n\n12:00 PM – 01:00 PM\nLunch Keynote Speaker:  Sounil Yu (Knostic)\nWhat to Expect When You’re Expecting Your GenAI Baby\n\n\n01:00 PM – 02:00 PM\nExploring the Intersection of Cybersecurity and Artificial Intelligence\nDr. Kellep Charles (Capitol Technology University)\nEmerging Threats in Space\nFireside Chat with Renee Wynn (Former NASA CIO\, Axonius) and Dr. Diane Janosek (Janos LLC)\nPresented by SANS – Reverse Engineering Malware: A Hands-On Introduction\nAnuj Soni (Johns Hopkins University APL and SANS)\n\n\n02:00 PM – 03:00 PM\nMITRE ATLAS: Community Driven Tools for AI Security & Assurance\nDr. Christina Liaghati (MITRE)\nSecuring the Machine Mind: AI Risk Management in the Federal Enterprise\nDavid Branscome (Microsoft)\n\n\n03:00 PM – 04:00 PM\nIn the age of AI\, getting to the “who” is your biggest threat advantage\nRyan LaSalle (Nisos®)\nShifting Left Security Automation with Open Security Controls Assessment Language (OSCAL)\nDr. Michaela Iorga (NIST/ITL)\nPresented by SANS – Build a Machine Learning Neural Network for Anomaly Detection on Logs\nChristopher Crowley (SANS)\nIndustry Exchange\n\n\n04:00 PM – 05:00 PM\nAccelerating Innovation with AI Security & Responsibility\nAlexis Appollonia Robinson (Amazon)\nFireside Chat – Securing the Future: NIST NCCoE\, AI\, and Emerging Tech\nModerator: Jim Wiggins (Securible and FITSI)\nPanelists: Cherilyn Pascoe (NIST)\n\n\n05:00 PM – 06:00 PM\nConference Wrap-Up\n\n\n\n  \nClick the link below to view the agenda in a PDF along with the room numbers and floor Maps of GMU’s Van Metre Hall in the Mason Square Building. \nView Agenda PDF \n  \nKeynote Address \n\n09:00 AM – 10:00 AM \n\n\nReal World Hype-Free AI in the Cybersecurity Enterprise \nPresenter: Dave Hoelzer (SANS) \nEnterprises today are fixated on adopting AI solutions\, yet few have clearly defined the business problems they hope that AI will solve. What’s the reality of the applicability of AI to cybersecurity? What knowledge should someone with a GRC focus have to understand what vendors are selling and how this aligns with an enterprise’s controls? How can AI be leveraged to enhance a SOC or expand the threat-hunting capabilities of a security organization? David Hoelzer\, COO of a managed security provider and SANS fellow will answer these questions\, in addition to showing how his enterprise and his customers are leveraging machine learning and AI to identify previously unknown zero-day malware\, find compromised hosts at scale\, identify anomalous log entries without writing rules\, and more. These demonstrations will include clear explanations of how these solutions work that anyone with Python and TensorFlow or PyTorch knowledge can implement! \nView Dave’s Speaker Showcase video for this session \nLearning Objectives: \n\nHow AI and ML can be defined in a way that benefits the vendor\, not the enterprise\, and how to know what they’re saying.\nUnderstand how to articulate the role of AI/ML in a security operation/threat hunting operation in a way that is aligned with objectives.\nHave a better understanding of precisely what types of problems in security benefit from the application of AI/ML techniques.\n\n\n  \nKeynote Presenter \n\n \n\n\nDave Hoelzer\nSANS Fellow \nDavid Hoelzer\, a SANS Fellow and author of more than twenty days of SANS courseware\, is an expert in a variety of information security fields\, having served in most major roles in the IT and security industries over the past twenty-five years. Currently\, David serves as the principal examiner and director of research for Enclave Forensics\, a New York/Las Vegas based incident response and forensics company. He also serves as the chief information security officer for Cyber-Defense\, an open-source security software solution provider. David is the author of SANS SEC495: Leveraging LLMs: Building & Securing RAG\, Contextual RAG\, and Agentic RAG\, SANS SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals\, and a seasoned instructor and author for myriad other SANS courses. \n \n\n  \nLunch Keynote Address \n\n12:00 PM – 01:00 PM \n\n\nWhat to Expect When You’re Expecting Your GenAI Baby \nPresenter: Sounil Yu (Knostic) \nMany of us are scrambling to leverage GenAI\, but it’s hard to anticipate the risks\, challenges\, and controls. Using various mental models\, we can get a clearer understanding of what to expect in the next stages of the AI revolution and start building governance processes and security capabilities to get ahead of potential challenges. \nLearning Objectives: \n\nLearn about tools for thinking about AI-related problems\nApply these tools towards specific AI-related problems\nAnticipate future needs using these thinking tools\n\n\n  \nLunch Keynote Presenter \n\n \n\n\nSounil Yu\nCo-Founder and Chief AI Security Officer @ Knostic \nSounil Yu is the author and creator of the Cyber Defense Matrix and the DIE Triad\, which are reshaping approaches to cybersecurity. He’s a Board Member of the FAIR Institute; fellow at GMU Scalia Law School’s National Security Institute; guest lecturer at Carnegie Mellon; and advisor to many startups. Sounil is the co-founder and Chief AI Safety Officer at Knostic and previously served as the CISO at JupiterOne\, CISO-in-Residence at YL Ventures\, and Chief Security Scientist at Bank of America. Before BofA\, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security by Security Magazine\, Influencer of the Year by SC Awards\, and a Top 10 CISO by Black Unicorn Awards. He is a recipient of the SANS Lifetime Achievement Award and was inducted into the Cybersecurity Hall of Fame. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University. \n \n\n  \nGeneral Track Sessions \n\n10:00 AM – 11:00 AM \n\n\nAsk Questions \nPresenter: Terry Grafenstine (IIA and PenFed) \nJoin Terry Grafenstine\, Chair of the Global Board of Directors\, 2024-2025\, for an inspiring session centered on her IIA Global Board Chair theme: “Ask Questions.” To provide strategic insights\, Internal Audit must help their organizations prepare for disruption. Disruption can be an opportunity\, like Artificial Intelligence\, or a threat\, such as Covid or cyber. While many disruptive technologies and events will push Internal Auditors out of their traditional comfort zones\, to avoid auditing these topics is to miss some of the greatest threat (and opportunities) our organizations face. Instead\, internal auditors should rely on an area where they are experts and ask questions about controls. She will explore how fostering a culture of curiosity can support organizational innovation while also creating a stronger control environment and building enterprise resilience. \nView Terry’s Speaker Showcase video for this session \nLearning Objectives: \n\nExplore how Internal Audit teams can help their organizations prepare for disruptions\, including disruptive technologies.\nUnderstand how relying on your expertise and asking questions can help prepare you for assessing controls in unfamiliar areas.\nLearn how being “curious” is critical for supporting innovation\, resilience\, and strengthening controls.\n\n\n\n11:00 AM – 12:00 PM \n\n\nAdapt or Be Breached: Why Outdated Third-Party Risk Models Are Failing SaaS Security \nPresenter: Vishal Chawla (BluOcean Cyber) \nYour annual third-party risk management (TPRM) checklist is a hacker’s favorite loophole. While you audit once\, attackers exploit SaaS misconfigurations daily. Legacy TPRM frameworks can’t track live configuration drifts\, data sprawl\, data exfiltration\, shadow APIs\, or “Snowflake-style” breaches. We’ll dissect how TPRM models fail—and equip you with continuous monitoring\, zero-trust SaaS governance\, and proactive threat defenses. Evolve or be breached. Your move. \nView Vishal’s Speaker Showcase video for this session \nLearning Objectives: \n\n“97% of Third-Party SaaS Breaches Start Where Vendor Audits End” Why paper-based vendor reviews fail—and how continuous SaaS threat detection closes the gap.\n“Snowflake’s 243-Day Breach Window: Why Compliance ≠ Security” Unpacking the preventable Snowflake breach and how real-time SaaS monitoring slashes detection time by 90%.\n“90 Days to Modern TPRM: From Annual Audits to Always-On SaaS Defense” A proven roadmap to harden critical third-party SaaS apps\, automate controls\, and turn compliance into an advantage.\n\n\n\n01:00 PM – 02:00 PM \n\n\nExploring the Intersection of Cybersecurity and Artificial Intelligence \nPresenter: Dr. Kellep Charles (Capitol Technology University) \nDominated by technological advancements\, Artificial Intelligence (AI) with cybersecurity stands out as a key component for the future of our digital defense. This talk will discuss the impact of AI on cybersecurity\, by examining the challenges\, opportunities\, and the role it plays in safeguarding our digital world. \nThe session will briefly discuss the historical roots of AI\, to its projected surge to $135 billion by 2030. The session will also discuss the relationship between AI and cybersecurity\, first by explaining how AI benefits the defense against cyber threats as well as examine the dark side of this technological alliance in cybersecurity. The presentation concludes by providing practical insights for staying secure in the AI-driven landscape. A call to action is issued to review and update cybersecurity practices\, incorporating best practices in password management\, data privacy\, and personal cybersecurity. In conclusion\, the presentation portrays the intersection of cybersecurity and AI as a dynamic and evolving landscape\, urging cybersecurity leaders to embrace AI’s potential\, understand its risks\, and adapt to ensure a secure and resilient digital world. \nLearning Objectives: \n\nExplore the challenges and opportunities of AI as it relates to safeguarding the digital world.\nUnderstand the impact of AI on cybersecurity including the benefits and the dark side.\nLearn practical insights for cybersecurity in the AI era.\n\n\n\n02:00 PM – 03:00 PM \n\n\nMITRE ATLAS: Community Driven Tools for AI Security & Assurance \nPresenter: Dr. Christina Liaghati (MITRE) \nMITRE ATLAS (atlas.mitre.org) is a public knowledge base of adversary tactics and techniques based on real-world attack observations and realistic demonstrations from artificial intelligence (AI) red teams and security groups. There are a growing number of vulnerabilities in AI-enabled systems as the incorporation of AI increases the attack surfaces of existing systems beyond those of traditional cyberattacks. We developed ATLAS to raise community awareness and readiness for these unique threats\, vulnerabilities\, and risks in the broader AI assurance landscape. \nChristina will speak to the latest MITRE ATLAS community efforts focused on capturing and sharing cross community data on real world AI incidents\, expanding the community’s data on vulnerabilities that can arise when using open-source AI models or data\, especially for vulnerabilities that fall outside of the scope of CVE/CWE\, and developing mitigations to defend against these AI security threats and vulnerabilities. \nView Christina’s Speaker Showcase video for this session \nLearning Objectives: \n\nLearn about the unique threats\, vulnerabilities\, and risks that AI poses.\nHear how the MITRE ATLAS community is engaging to provide real world data on the impact of AI on cybersecurity.\nExplore mitigations to defend against AI security threats and vulnerabilities.\n\n\n\n03:00 PM – 04:00 PM \n\n\nIn the age of AI\, getting to the “who” is your biggest threat advantage \nPresenter: Ryan LaSalle (Nisos®) \nAI is making the landscape less human. Yet people are both a significant enterprise vulnerability\, and the key to protecting your organization. And cyber’s remit is getting larger\, not smaller. As companies take on greater digital risk\, cybersecurity accountability extends to include protecting executives from physical harm\, keeping insider threats out\, and surfacing signs of employment fraud. It’s your job to stay a step ahead by detecting emerging threats online and to action quickly. Beyond the day to day compliance and cyber defense\, security teams need to grow with the business and tackle the emerging challenges to people presented by the innovative attacks powered by AI\, the fomenting discord targeting your people and brand\, and the new vulnerabilities and exploits to hiring and ways of working. Getting to the “who” behind these threats empowers you to take real-world action to move upstream from the techniques employed and address the people at the root of the campaign or attack. \nView Ryan’s Speaker Showcase video for this session \nLearning Objectives: \n\nBetter understand human risk threats and TTPs for executive protection\, employment fraud\, and insider threat.\nDevelop strategies on how getting to the “who” behind human risk threats can drive real-world consequences\, including shutting down the threat.\nLearn about practical ways you and your teams can detect and prevent human risk threats.\n\n\n\n04:00 PM – 05:00 PM \n\n\nAccelerating Innovation with AI Security & Responsibility \nPresenters: Alexis Appollonia Robinson (Amazon) \nFor innovation to thrive\, teams need the freedom to operate quickly. Yet many organizations slow development for governance with restrictive controls. In this session\, learn how to implement 100 controls that empower teams to ship rapidly without compromising reliability\, security\, or compliance. Additionally\, learn from AWS experts as we breakdown AWS’s Responsible AI Strategy and AWS Audit Manager’s generative AI framework. In this session\, explore how to incorporate controls as we build AI with AWS. \nLearning Objectives: \n\nUnderstand how to accelerate innovation by embedding security controls and responsible AI guardrails from day one.\nConsider AWS’s Responsible AI Strategy as a way to build trust while maintaining development velocity.\nImplement AWS Audit Manager’s Generative AI Framework to automate compliance and strengthen governance.\n\n\n  \nGeneral Track Presenters \n\n \n\n\nTerry Grafenstine\n2024–25 Chair of the Global Board of Directors of The Institute of Internal Auditors (IIA) and Chief Audit Executive with Pentagon Federal Credit Union (PenFed)\nCIA\, CPA\, CISSP\, CISA\, CRISC\, CGEIT\, CGAP \nTerry Grafenstine is the 2024–25 Chair of the Global Board of Directors of The Institute of Internal Auditors (IIA) and Chief Audit Executive with Pentagon Federal Credit Union (PenFed). She was recognized by The IIA as one of the “Top Ten Audit Thought Leaders of the Decade” and inducted into The IIA’s Hall of Distinguished Audit Practitioners. She has served on both the IIA’s North American and Global Boards of Directors. \nTerry has over 25 years of experience in the internal auditing and information technology profession. As CAE at PenFed\, Terry is responsible for leading internal audit teams covering all aspects of operations at the second largest federal credit union in the U.S. Prior to joining PenFed in May 2023\, Terry was the global chief auditor for Operations & Technology at Citi where she led audits covering technology\, cyber\, business continuity\, enterprise resilience\, and third party risk management across the 155 countries in which Citi operated. \nBefore joining Citi\, Terry was a Managing Director in Deloitte’s Risk and Financial Advisory practice\, where she provided strategic advisory services to Chief Audit Executives across all commercial industries and IT audit\, risk\, and governance advisory services to first line executives in the defense and national security space. Prior to joining Deloitte\, Terry served for eight years as the bi-partisan appointed Inspector General of the U.S. House of Representatives\, where she designed\, managed\, and delivered audit and investigative services\, including the annual financial statement audit and a comprehensive cyber assurance program. \nTerry has held numerous leadership roles to support the auditing\, accounting\, and information technology profession\, including serving as ISACA’s Global Chair (2017-2018) and a member of the AICPA board of directors (2014 – 2018). Terry speaks globally on a wide range of subjects\, including cyber security\, internal auditing\, accounting standards\, resilience\, leadership\, and risk. \nTerry earned a Bachelor’s degree in Accounting from Saint Joseph’s University. She is a Certified Internal Auditor (CIA)\, Certified Public Accountant (CPA)\, Certified Information Systems Security Professional (CISSP)\, Certified Information Systems Auditor (CISA)\, Certified In Risk and Information Systems Control (CRISC)\, Certified in the Governance of Enterprise IT (CGEIT)\, and Certified Government Auditing Professional (CGAP). \n \n\n\n \n\n\nVishal Chawla\nFounder & CEO BluOcean Cyber \nVishal brings 30 years of cybersecurity expertise\, combining his Big 4 experience as global cybersecurity leader and senior partner serving global fortune 100 clients in the financial services and healthcare industry. \nHe is now the founder and CEO of BluOcean Cyber (located in Northern Virginia)\, where he created RiskGPS\, a Cyber Risk Governance platform that helps companies dominate their competition by redefining cybersecurity as a critical strategic business asset. The groundbreaking approach revolutionizes cybersecurity for mid-sized companies by bridging the gap between technical cybersecurity measures and business mission-based objectives. By connecting specific actions to threats and business processes\, RiskGPS protects\, sustains\, and amplifies critical outcomes with verifiable ROI. Vishal’s work has been published in The Wall Street Journal\, NACD Directors\, RMA\, MIT Review\, and many other publications. \n \n\n\n \n\n\nDr. Kellep Charles\nDepartment Chair of Cybersecurity programs and Professor of Computer Science @ Capitol Technology University \nDr. Kellep Charles serves as Department Chair of Cybersecurity programs and Professor of Computer Science at Capitol Technology University. Dr. Charles’ research areas encompasses Digital Forensics\, Threat Detection\, OSINT\, Machine Learning and Malware Analysis. He completed his Doctorate in Cybersecurity at Capitol Technology University. He also holds a Master of Science in Telecommunication Management from the University of Maryland University College and a Bachelor of Science in Computer Science from North Carolina Agricultural and Technical State University. \nDr. Charles also worked as a government contractor in the Washington\, DC area as an information security analyst for over 25 years in the areas of incident response\, computer forensics\, security assessments\, malware analysis\, and security operations. \n \n\n\n \n\n\nDr. Christina Liaghati\nTrustworthy & Secure AI Department Manager and MITRE ATLAS Lead @ MITRE \nWorking across a collaborative global community of industry\, government\, and academia\, Dr. Liaghati leads MITRE’s Trustworthy & Secure AI Department and MITRE ATLAS\, where she passionately drives research and developments in trustworthy and secure AI for everyone working to leverage AI-enabled systems. Leading her department of 50+ scientist and engineers and serving the community with the not-for-profit\, objective\, MITRE perspective\, she is dedicated to working together to create and openly share actionable tools\, capabilities\, data\, and frameworks for trustworthy and secure AI like ATLAS\, an ATT&CK-style framework of the threats and vulnerabilities of AI-enabled systems. \nAs Dr. Liaghati has worked across the community to improve the common understanding of AI security concerns\, her work quickly started overlapping with broader AI assurance concerns\, which includes AI equitability\, interpretability\, reliability\, robustness\, safety\, and needs for privacy enhancement. As a result of this expansion beyond AI security into more of these elements of trustworthy AI and AI assurance\, her current focus under ATLAS and across the international community is to build a protected mechanism for increased knowledge and incident sharing across government and industry in both AI security and the broader areas of AI assurance. \nDr. Liaghati also chairs the NATO Science and Technology Organization Research Task Group on the AI Assurance and Security\, focused on fostering an enduring collaborative community of NATO organizations and industry partners\, leveraging the Science and Technology Organization to shape future interoperable capability developments in AI security and assurance. \n \n\n\n \n\n\nRyan LaSalle\nChief Executive Officer @ Nisos® \nRyan LaSalle is the Chief Executive Officer of Nisos®\, the Managed Intelligence Company®. For over 25 years\, Ryan has been a trusted advisor to business leaders and their boards within Fortune 500 and National Security organizations. His expertise has helped drive business growth\, secure and protect critical infrastructure\, and allow organizations to overcome unique business and technology challenges. Prior to joining Nisos\, Ryan was a senior executive and serial intrapreneur at Accenture\, leading one of the largest cybersecurity organizations in North America. During his tenure he spearheaded global enterprise through reinvention\, facilitated new revenue sources\, managed acquisitions\, and developed patented solutions spanning cybersecurity\, information management\, and analytics. Ryan has run high-growth cyber services organizations and led over 1\,600 people. He balances business acumen with technical expertise\, enabling Fortune 500 companies to articulate and implement action in the face of disruptive competition\, technologies\, and cyber risk. Ryan holds patents in human resource management\, knowledge discovery\, and establishing trust between entities online. He frequently speaks at international security conferences and has authored numerous articles on cybersecurity. \n \n\n\n \n\n\nAlexis Appollonia Robinson\nPrincipal Program Manager @ Amazon\nCISA\, PMP \nAlexis Appollonia Robinson is a Principal Program Manager for Amazon in the Washington\, DC area. For the past 15 years\, she has served buyers of the cloud\, retail sellers\, policy makers\, compliance organizations\, engineering leaders\, and security teams by developing and implementing security strategies\, collaborating for thought leadership\, solving problems\, building products\, and conducting cybersecurity\, engineering\, and financial assessments. She graduated with double Bachelors of Science degrees in Accounting and Information Systems from the Robert H. Smith School of Business at University of Maryland\, College Park and an Executive Masters of Business Administration (MBA) from the Quantic Program. She has worked at several companies including CGI Federal and Ernst & Young before finding her way to Amazon. She is a Certified Information Systems Auditor (CISA) and a Project Management Professional (PMP). \nAlexis is the former Co-Chair of EY’s Black Professional Network of Greater Washington\, an affinity group that hosts several networking events\, career development workshops\, partner and executive director relationship breakfasts and dinners\, and community service outreach programs within the Washington D.C. metropolitan area for over 150 members in the community. Through this effort\, she served on the Americas BPN Steering Committee as the Northeast Representative and Communications Lead. To continue her diversity initiatives at Amazon\, Alexis is currently on the Inclusiveness\, Diversity & Equity Counsel of AWS Security and involved with IDE Inclusive Recruiting. \nOn her free time\, she is playing video games\, watching “Only Murders in the Building”\, “Real Housewives of “\, “Demon Slayer”\, and “Abbott Elementary”. She lives with her husband and son in Maryland. \n \n\n  \nGovernment Track Sessions \n\n10:00 AM – 11:00 PM \n\n\nCybersecurity for Artificial Intelligence \nPresenter: Jeffrey Eyink (DoD) \nThis session offers attendees key insights into the converging worlds of AI and cybersecurity\, focusing on the unique challenges and opportunities presented by AI within the Department of Defense. The session promises a deep dive into the critical issues facing organizations deploying AI systems. \nAttendees will gain a clear understanding of the specific cybersecurity risks inherent in DoD’s AI systems. The presentation will unpack the complexities of authorizing these systems\, outlining the appropriate assessment approaches and explaining how to communicate these risks and mitigation strategies effectively to authorizing officials. This is crucial for ensuring that AI systems are deployed securely and responsibly. \nBeyond risk assessment\, the presentation will explore the development of tailored cybersecurity guidance for AI. This will address the specific security requirements for both the underlying infrastructure and the AI models themselves\, equipping attendees with the knowledge to navigate the evolving landscape of AI security. The session will also delve into the potential of leveraging AI to enhance cybersecurity practices. This includes exploring how AI can automate anomaly detection\, provide real-time threat intelligence\, and enable adaptive response mechanisms\, ultimately reducing human error and accelerating response times. \nFinally\, the presentation will shed light on the DoD’s ongoing efforts to modernize its assessment and authorization processes for AI systems. This includes collaborative initiatives between the offices of the DoD Chief Information Officer and the Chief Digital and AI Officer\, ensuring a unified and effective approach to AI cybersecurity. Attendees will also learn about planned updates to key DoD guidance\, such as M-24-10\, which addresses governance\, innovation\, and risk management for AI. This provides valuable insight into the future direction of AI cybersecurity within the DoD. In short\, this presentation offers a comprehensive overview of the challenges and opportunities at the intersection of AI and cybersecurity\, providing attendees with actionable insights and a glimpse into the future of secure AI implementation. \nLearning objectives: \n\nGain an understanding of the specific cybersecurity risks inherent in DoD’s AI systems.\nExplore cybersecurity guidance specific to AI and how AI can enhance cybersecurity practices.\nLearn about the DoD’s efforts to modernize its assessment and authorization processes for AI systems.\n\n\n\n11:00 AM – 12:00 PM \n\n\nThe NIST Risk Management Framework: More Than Just Compliance and an ATO \nPresenter: Victoria Yan Pillitteri (NIST) \nDid you know the NIST Risk Management Framework (RMF) goes far beyond meeting compliance requirements and getting an ATO for your system? The NIST RMF provides a repeatable\, flexible and customizable approach to managing risk supported by a portfolio of technical implementation guidance and can be used by any size and type of organization. \nIn this session\, we’ll dispel common misnomers as you learn more about the NIST RMF and its supporting resources\, how it is designed to identify\, understand\, and manage cybersecurity\, privacy and cybersecurity supply chain risks and support organizational resilience\, and the path forward for NIST’s work in risk management. \nView Victoria’s Speaker Showcase video for this session \nLearning objectives: \n\nGain a deeper understanding of the NIST Risk Management Framework (RMF).\nLearn how the NIST RMF can be used by your organization manage risk.\nGain insights into what’s upcoming for risk management from NIST.\n\n\n\n01:00 PM – 02:00 PM \n\n\nEmerging Threats in Space \nPresenters: Fireside Chat with Renee Wynn (Former NASA CIO\, Axonius) and Dr. Diane Janosek (Janos LLC) \nWe rely on space every day! Emerging threats in space pose significant challenges to global security and technological infrastructure. These include the development of anti-satellite weapons (ASATs) that can disable critical satellites used for communication\, navigation\, and defense. Space debris from past missions and collisions increases the risk of damaging active satellites\, creating a cascade of potential disruptions. Additionally\, cyberattacks targeting satellite systems and ground control networks highlight the vulnerability of space-based assets to digital threats. As space becomes increasingly crowded and contested\, international cooperation and policy frameworks will be essential to mitigate risks and ensure the sustainable use of this vital domain. \nView Renee’s Speaker Showcase video for this session \nLearning objectives: \n\nLearn how space impacts your daily life\nLearn about the emerging threats in space and the impact that these risks can have on security and technology infrastructure\nExplore what’s needed to mitigate risk in space\n\n\n\n02:00 PM – 03:00 PM \n\n\nSecuring the Machine Mind: AI Risk Management in the Federal Enterprise \nPresenter: David Branscome (Microsoft) \nAI presents immense opportunity—and unprecedented risk. From data leakage and model drift to adversarial manipulation and opaque decision-making\, federal agencies must rethink how they apply traditional security and compliance principles to intelligent systems. This session delves into the evolving risk landscape of AI through a federal lens\, offering actionable insights into threat modeling\, continuous assurance\, and auditability. Learn how Microsoft is helping agencies implement AI securely by design\, leveraging tools like Azure OpenAI\, Purview\, and Security Copilot within a Zero Trust architecture. \nLearning objectives: \n\nApply a federal lens to the evolving risk landscape of AI.\nLearn actionable insights for threat modeling\, continuous assurance\, and auditability of AI.\nExplore how Microsoft can assist federal agencies with implementing AI securely by design.\n\n\n\n03:00 PM – 04:00 PM \n\n\nShifting Left Security Automation with Open Security Controls Assessment Language (OSCAL) \nPresenter: Dr. Michaela Iorga (NIST/ITL) \nThe exponential increase in the complexity of information systems has been a challenging task to date\, compelling organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. In an era of multiple competing regulatory frameworks which often trigger conflicting priorities\, opinions\, and claims\, security and privacy practitioners could miss vital actions while performing labor-intensive\, paper-based compliance work. NIST developed Open Security Controls Assessment Language (OSCAL) – a standard of standards that provides a normalized expression of security requirements across standards\, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions. Imagine a future where security documentation builds itself\, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation\, assessments\, and adjudication\, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more. \nLearning objectives: \n\nUnderstand the driving factors behind the creation of OSCAL\, a machine-readable representation of security control implementations and assessment.\nLearn how OSCAL can be used to modernize the approach to compliance to reduce manual processes and increase accuracy of compliance results.\nExplore how OSCAL can enable reciprocity among frameworks.\n\n\n\n04:00 PM – 05:00 PM \n\n\nFireside Chat – Securing the Future: NIST NCCoE\, AI\, and Emerging Tech \nModerator: Jim Wiggins (Securible and FITSI)\nPanelists: Cherilyn Pascoe (NIST) \nThe NIST National Cybersecurity Center of Excellence (NCCoE) is a collaborative hub where industry\, government\, and academic experts work together to tackle the nation’s most urgent cybersecurity issues of today and tomorrow. In this keynote\, NIST NCCoE Director Cherilyn Pascoe will delve into the center’s collaborative strategies and initiatives to solve security and privacy challenges associated with emerging technologies such as AI\, post-quantum cryptography\, and more. Join us for this engaging presentation to learn how organizations can leverage NIST guidance to effectively mitigate and manage risk\, discover future project considerations\, and explore areas for collaboration. \nLearning objectives: \n\nLearn how the NIST National Cybersecurity Center of Excellence (NCCoE) is developing collaborative strategies to solve the most pressing security and privacy challenges.\nExplore how organizations can leverage NIST guidance to mitigate and manage risk.\nDiscover NIST NCCoE focus areas going forward and potential collaboration opportunities.\n\n\n  \nGovernment Track Presenters \n\n \n\n\nJeffrey Eyink\nChief\, Cybersecurity Implementation Division Department of Defense Chief Information Officer\nPMP\, CISM \nJeffrey Eyink is a seasoned cybersecurity professional with extensive expertise in managing and implementing risk management framework\, cybersecurity policies\, and secure cloud adoption strategies within the Department of Defense (DoD). As the Chief of the Cybersecurity Implementation Division under the DoD Chief Information Officer\, he plays a pivotal role in safeguarding national security through robust cybersecurity measures. \nIn his current position\, Mr. Eyink chairs the Risk Management Framework Technical Advisory Group (RMF TAG)\, offering strategic guidance on risk management policies and framework. He serves as a Subject Matter Expert for the Authorizing Official Council\, Defense Security/Cybersecurity Authorization Working Group\, and the Information Security Risk Management Committee\, contributing critical insights into authorization processes\, security controls\, and risk assessments. Additionally\, as a technical representative for DoD to the Joint Authorization Board of FedRAMP\, he evaluates the security postures of cloud service providers\, enabling secure cloud adoption across the DoD. \nPrior to his current role\, Mr. Eyink served in several high-profile positions\, including Chief of Cybersecurity at the Program Executive Office\, Defense Healthcare Management Systems\, and Chief of the Assessment and Authorization Branch at the Defense Health Agency. In these roles\, he developed innovative strategies to streamline authorization processes\, implemented automation to enhance efficiency\, and led cross-agency teams to integrate cybersecurity requirements within complex systems. \nMr. Eyink holds a Master of Business Administration from William Carey College and a Bachelor of Arts in Business Administration from Saint Leo College. He has also earned advanced certifications in cybersecurity and IT project management from the National Defense University and Villanova University. A member of professional organizations such as the Project Management Institute (PMI) and ISACA\, he has achieved certifications including Project Management Professional (PMP) and Certified Information Security Manager (CISM). \n\n\n \n\n\nVictoria Yan Pillitteri\nSupervisory Computer Scientist and Security Engineering and Risk Management Group Manager @ the National Institute of Standards and Technology (NIST)\nCISSP \nVictoria Yan Pillitteri is a supervisory computer scientist and manager of the Security Engineering and Risk Management Group at the National Institute of Standards and Technology (NIST). The group conducts the research and development of the suite of risk management\, systems security engineering\, and cybersecurity risk analytics and measurement guidance used for managing cybersecurity risk. She is the co-author of multiple NIST publications that are foundational for cybersecurity risk management\, including the security and privacy controls\, control assessment procedures\, the Risk Management Framework\, and the CUI security requirements and assessment procedures (Special Publications (SP) 800-53\, SP 800-53A\, SP 800-53B\, 800-37\, 800-171\, and 800-171A). \nMs. Pillitteri holds a B.S. in Electrical Engineering from the University of Maryland\, a M.S. in Computer Science\, with a concentration in Information Assurance\, from the George Washington University\, completed the Key Executive Leadership Program at American University\, and is a Certified Information Systems Security Professional (CISSP). \n \n\n\n \n\n\nRenee Wynn\nFormer NASA Chief Information Officer and Board Member for Axonius \nRenee Wynn is a leader with over 30 years of experience in environmental policy\, global information technology and cybersecurity operations\, supply chain risk management\, and ESG. She led programs at the Environmental Protection Agency (EPA) and served as the CIO at an iconic agency\, National Aeronautics and Space Administration (NASA). \nRenee currently serves as an independent board member for Axonius\, a cybersecurity company\, and she is seeking additional Board roles. She serves on the Board of Advisors at MITRE\, Interos\, Dataminr\, Adobe\, and Level6 Cybersecurity. She serves as a Strategic Advisor at Attain Capital to their portfolio companies. \nTo continue a lifetime in service to others\, Renee serves on the Board at The Women’s Center\, a Virginia and Washington\, DC-based non-profit organization dedicated to improving the community’s mental health and well-being through counseling\, education\, support\, and advocacy. She also serves on the Board of the Virginia Tech – Applied Research Corporation (VT-ARC). Renee earned a bachelor’s degree in economics from DePauw University. \n \n\n\n \n\n\nDr. Diane Janosek\nCEO of Janos LLC \nDiane M. Janosek is the CEO of Janos LLC. Leveraging her law degree and PhD\, she focuses on the intersection of law\, policy\, and technology to provide advisory services on data policy\, cybersecurity law\, compliance\, governance\, leadership\, and privacy. Previously served as Defense Intelligence Senior Executive Service (SES) for 12 years\, to include leadership roles at the National Security Agency\, to include Commandant National Cryptologic University\, Deputy Director Compliance and Chief Information Security Officer. She also served as Chief Legal Officer for the Privacy and Civil Liberties Oversight Board\, and as Legal Counsel at both the White House and the Pentagon. \nDr. Janosek has published dozens of articles and is a multiple international award-winner. In addition to having a Juris Doctorate\, she has a Master’s in Strategic Intelligence\, a PhD in Cyber Leadership\, is admitted to the United States Supreme Court and is certified in information and network security (CISSP) and ethics and compliance (LPEC). She has been inducted into the Hall of Fame by the Information Systems Security Assoc Inter’l. Dr. Janosek is passionate about giving back and advocating for the global cyber community. \nLearn more at dianejanosek.com \n \n\n\n \n\n\nDavid Branscome\nGlobal Partner Solutions Architect for Security\, Compliance and Identity @ Microsoft \nDavid has been with Microsoft for 17 years in a variety of roles\, from Microsoft Consulting Services to Premier Field Engineer and most recently\, supporting the Microsoft partner organization. He has worked with dozens of state\, local and federal customers\, including supporting some of the largest Microsoft implementations in the federal space. \n \n\n\n \n\n\nDr. Michaela Iorga\nSupervisory Computer Scientist at the National Institute of Standards and Technology (NIST/ITL) \nDr. Michaela Iorga is a supervisory computer scientist at the National Institute of Standards and Technology (NIST/ITL). She serves as the Strategic Outreach Director for the Open Security Controls Assessment Language (OSCAL) program\, and as the senior security technical lead for cloud computing\, chairing the NIST Cloud Security and Forensics Working Groups. \nDr. Iorga\, a subject matter expert in cybersecurity\, risk assessment\, and information assurance\, collaborates with industry\, academia\, and other government stakeholders on developing and disseminating high-level\, vendor-neutral cybersecurity and forensics guidelines that meet national priorities and promote American innovation and industrial competitiveness. Dr. Iorga received her Ph.D. from the Duke University/ Pratt School of Engineering\, in North Carolina\, USA. \n \n\n\n \n\n\nJim Wiggins\nCISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim has over 28 years of direct experience in the design\, operation\, management\, and auditing of information technology systems\, with the past 23 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses aimed at federal and government contracting clients. \nToday\, Jim is the Founder and Principal of Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, RMF\, Security+\, and other courses requested by Securible’s clients. Currently\, he provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI offers a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501(c)(3) public charity that focuses on cyber education and serves as the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation operates the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at: https://www.fitsifoundation.org. \nIn 2020\, Jim launched a TV show on cybersecurity called “Cybersecurity Today\,” which can be viewed in the Washington\, DC area. Episodes can also be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW named Jim to the “Federal 100” for his tireless efforts to promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make on the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n \n\n\n \n\n\nCherilyn Pascoe\nDirector\, NIST NCCoE \nCherilyn Pascoe is the Director of the NIST National Cybersecurity Center of Excellence (NCCoE). She provides strategic direction and technical leadership for the NCCoE\, aligns the NCCoE’s work with the industry\, government\, and NIST priorities\, and builds relationships with key stakeholders. Prior to her role as Director of the NCCoE she served as the Senior Technology Policy Advisor\, advising NIST leadership on technology policy and strategy\, including cybersecurity\, privacy\, and artificial intelligence. She also led the NIST Cybersecurity Framework program and was a team member of the NIST AI Risk Management Framework. Prior to joining NIST in 2021\, she served more than a decade in staff leadership roles on the US Senate Committee on Commerce\, Science\, and Transportation. Most recently\, she served as Deputy Policy Director managing the Committee’s Space and Science Subcommittee\, which has jurisdiction over science\, technology\, standards\, and civil space policy. \n \n\n  \nSANS Workshop Track Sessions \n\n10:00 AM – 12:00 PM \n\n\nPresented by SANS – Avoiding Data Disasters: Techniques to Identify and Address Cloud Storage Misconfigurations \nPresenter: Shaun McCullough (SANS and GitHub) \nIt appears that every few months\, there’s news of yet another cloud breach stemming from a carelessly configured cloud storage solution. While this isn’t the default for most cloud vendors\, some users still manage to make their cloud data publicly accessible by going out of their way – sometimes to a significant extent. Whether it’s out of ignorance or convenience\, it doesn’t matter – this practice must come to an end. \nTo address this issue\, we’ve developed a workshop that equips attendees with various techniques and methods to identify and rectify cloud storage misconfigurations in their own cloud accounts. We’ll even demonstrate some ways to prevent these misconfigurations from happening in the first place. Although the chosen vendor for this workshop is AWS\, due to its Simple Storage Service (S3) being the one making headlines\, misconfigurations could occur in any cloud environment. Hence\, the techniques discussed in this workshop will be applicable to all cloud vendor environments\, including Azure\, Google Cloud Platform\, and Oracle. \nLearning objectives for this session: \n\nDiscover all-too-common cloud storage security deficiencies present as either insecure vendor defaults or careless mistakes\nCorrect these issues using a variety of means (e.g.\, cloud management console\, command line tools\, and Infrastructure-as-Code)\nLearn how to leverage command-line tools to deploy\, assess\, and secure cloud solutions\n\nSystem Requirements \nParticipants should bring a computer with the following requirements to participate in the workshop. It is critical that you back-up your system ahead of time. It is also strongly advised that you do not bring a system storing any sensitive data. Your system should meet these requirements: \n\nLaptop with a modern web browser\nAWS account with root access or an IAM user with Administrator Access permissions\nIf you need an AWS account\, you can create a free tier account with root access at https://aws.amazon.com/free/. The cost will be minimal (pennies) to complete the workshop\n\n\n\n01:00 PM – 03:00 PM \n\n\nPresented by SANS – Reverse Engineering Malware: A Hands-On Introduction \nPresenter: Anuj Soni (Johns Hopkins University APL and SANS) \nIn this interactive\, hands-on workshop\, participants will be introduced to the fundamentals of Windows executable malware analysis\, learning key techniques for dissecting and understanding malicious code. Through guided demonstrations and exercises\, attendees will explore static and dynamic analysis methods\, identify suspicious indicators\, and recognize common malware behaviors. \nWhether you’re new to reverse engineering or looking to sharpen your skills\, this practical workshop will equip you with the foundational tools needed to triage and analyze Windows malware with confidence. \nLearning Objectives: \n\nUnderstand the Malware Analysis Process\nAnalyze the PE File Structure (EXEs and DLLs)\nPerform Basic Static and Dynamic Analysis\n\nParticipants should bring a computer with the following requirements to participate in the workshop with the following requirements: \nSystem Requirements: \nBack up your system before class. Better yet\, use a system without any sensitive/critical data. \nMANDATORY SYSTEM HARDWARE REQUIREMENTS: \n\nCPU: 64-bit Intel i5/i7 (8th generation or newer)\, or AMD equivalent. A x64 bit\, 2.0+ GHz or newer processor is mandatory for this class.\nCRITICAL: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.\nBIOS settings must be set to enable virtualization technology\, such as “Intel-VTx” or “AMD-V” extensions. Be absolutely certain you can access your BIOS if it is password protected\, in case changes are necessary.\n16GB of RAM or more is required.\n200GB of free storage space or more is required.\nAt least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices\, so test your system with a USB drive before class.\nWireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.\n\nMANDATORY HOST CONFIGURATION AND SOFTWARE REQUIREMENTS \n\nYour host operating system must be the latest version of Windows 10\, Windows 11\, or macOS 10.15.x or newer.\nFully update your host operating system prior to the class to ensure you have the right drivers and patches installed.\nLinux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host\, you are solely responsible for configuring it to work with the course materials and/or VMs.\nLocal Administrator Access is required. (Yes\, this is absolutely required. Don’t let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course\, then you should make arrangements to bring a different laptop.\nYou should ensure that antivirus or endpoint protection software is disabled\, fully removed\, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.\nAny filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.\nDownload VMware Workstation Pro 17.5.X+ for Windows hosts or VMWare Fusion Pro 13.5.X+ for macOS hosts prior to class beginning. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro\, you can download a free 30-day trial copy from VMware.\nVMware will send you a time-limited serial number if you register for the trial at their website. This course requires a “Pro” version of VMware software. The “Player” versions are not sufficient.\nOn Windows hosts\, VMware products might not coexist with the Hyper-V hypervisor. For the best experience\, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V\, Device Guard\, and Credential Guard are contained in the setup documentation that accompanies your course materials.\nDownload and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.\n\n\n\n03:00 PM – 05:00 PM \n\n\nPresented by SANS – Build a Machine Learning Neural Network for Anomaly Detection on Logs \nPresenter: Christopher Crowley (SANS) \nGPTs (Generative Pretrained Transformers) based on Large Language Models are great for a lot of challenges. But they’re not trained to find outliers within your log data. \nIn this brief\, informative\, and useful session\, Christopher Crowley will discuss the concept of a variational autoencoder\, then show how you could implement this to train an autoencoder based on your logs. \nAfter training on your log information\, you would then implement the concept to look for outliers within your log data\, to surface weird things to analysts for review. The session will include theory\, a practical demonstration using a jupyter lab notebook\, python\, and tensorflow; and the material to enable you to build the neural network. Even if you’re not a programmer\, this session will enable understanding what’s possible in building your own machine learning neural network. \nView Christopher’s Speaker Showcase video for this session \nLearning Objectives: \n\nFundamental concepts associated with use of tensorflow\, a machine learning development library\nConcepts associated with deep learning and variational autoencoder\nObserve the data cleaning (extract\, transform\, load) and training of a deep learning neural network\n\nSystem Requirements \nParticipants should bring a computer with the following requirements to participate in the workshop. It is critical that you back-up your system ahead of time. It is also strongly advised that you do not bring a system storing any sensitive data. Your system should meet these requirements: \n\nModern 64-bit processor (ARM/AMD/Intel) running Linux (Ubuntu or similar recommended\, Linux kernel version 6 or higher)\, Windows 10 or later\, or MacOS 11.x or later\nA minimum of 16 GB RAM\n10 GB Free Hard Drive Space\nYour account must have the necessary rights to install Anaconda or Anaconda must be preinstalled.\n\n\n  \nSANS Workshop Presenters \n\n \n\n\nShaun McCullough\nCloud Security Engineer @ GitHub and SANS Instructor \nShaun spent 20+ years at the National Security Agency working in all aspects of cyber operations. A software engineer\, manager\, researcher\, and operations lead\, including as the technical director of the Blue\, Red\, and Hunt teams. Today\, Shaun is a staff level Cloud Security Engineer at GitHub focusing on cloud infrastructure. Shaun is also the lead author of SANS SEC541: Cloud Security Threat Detection\, which focuses on how attackers target cloud infrastructure and what security analysts\, SOC operators\, and detection engineers can do to protect their organizations. \n \n\n\n \n\n\nAnuj Soni\nReverse Engineer @ the Johns Hopkins University Applied Physics Laboratory (APL) and SANS Certified Instructor \nAnuj is a Reverse Engineer at the Johns Hopkins University Applied Physics Laboratory (APL)\, where he specializes in malware research and reverse engineering. He is a SANS Certified Instructor\, the author of FOR710: Advanced Code Analysis\, and co-author of FOR610: Malware Analysis Tools and Techniques. He also creates educational malware analysis content on YouTube to inspire others to dive into the field. When Anuj is away from his computer\, you’ll find him at the local gym\, or with his kids – which is also a workout. \n \n\n\n \n\n\nChristopher Crowley\nSANS Senior Instructor @ SANS Institute \nChristopher Crowley\, a SANS Senior Instructor\, has 25 years of industry experience managing and securing networks. He has authored numerous courses and is considered a leading expert in building an effective SOC. He currently works as an independent consultant in the Washington\, DC area focusing on effective computer network defense. His work experience includes penetration testing\, security operations\, incident response\, and forensic analysis. \n \n\n  \nSpecial Activities \n\n10:00 AM – 03:00 PM \n\n\nCapture the Flag (CTF) \nHosted By: Capitol Technology University \nCheckin: 10:00 AM – 10:30 PM \nActivity Overview: Test your cybersecurity skills and compete against fellow conference attendees in a live Capture the Flag (CTF) competition. The CTF will follow a Jeopardy-style format\, where individuals solve security challenges in cryptography\, web exploitation\, reverse engineering\, forensics\, and binary exploitation to name a few. If you think you’re up for the challenge\, we look forward to you joining us! \nNo advance registration required. \nSession Requirements: \n\nLaptop with a full operating system (Windows\, Mac\, Linux). Tablets\, chromebooks\, and kindles are not recommended.\n\n\n\n03:00 PM – 06:00 PM \n\n\nIndustry Exchange \nActivity Overview: Meet representatives from DC area companies. Use this time to network\, network\, network! \n\n  \nHost Organization \nThe Department of Information Sciences and Technology (IST) at George Mason University\, within the College of Engineering and Computing\, is dedicated to advancing knowledge and innovation in the fields of Artificial intelligence (AI)\, data science\, cybersecurity\, and application development. With a focus on hands-on learning\, cutting-edge research\, and interdisciplinary collaboration\, the department prepares students to tackle real-world challenges and lead in the rapidly evolving tech industry. As a host and co-sponsor of this conference\, IST supports the exchange of ideas and the development of the next generation of technology leaders. \n  \nVenue\, Parking\, and Transportation Information \n\n \n\n\nVenue Location \nGeorge Mason University (GMU) Arlington Campus \nThe event is in Van Metre Hall in the Mason Square Building\n3351 Fairfax Drive\, \nArlington\, VA 22201 \n  \n\n  \n\n \n\n\nParking \nVisitor parking is available in the Van Metre Hall (formerly Founders) Garage\, located directly beneath the school. To access the garage\, use the entrance located off of Kirkwood Drive\, in between Fairfax Drive and Washington Boulevard.  Please view the Mason Square parking map for additional information. \nParking is included in the registration fee for the event. \n\n  \n\n \n\n\nMetro \nThe nearest Metro station is the Ballston-MU station. \nIt is a 14-minute walk from the metro station to the GMU Campus \n  \n\n  \nSponsors \nThe GWDC thanks our sponsors and their support of the chapter and its members. \n \nConference Sponsor \n\n \nPlatinum Sponsor \n\n\n \nGold Sponsor \n\n\n \nGold Sponsor \n\n \nSilver Sponsor \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 8 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org. \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\nLearning Objective: After completing the course\, students will have a greater understanding of current trends and practices in AI\, Cybersecurity and Trust.\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Live\, In-Person\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/future-tech-dc/ LOCATION:George Mason University – Arlington\, 3351 Fairfax Drive\, Arlington\, VA\, 22201\, United States CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/01/Future-Tech-DC_600.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250602T083000 DTEND;TZID=America/New_York:20250602T170000 DTSTAMP:20250105T200101Z CREATED:20250105T200101Z LAST-MODIFIED:20250105T200101Z UID:33425-1748853000-1748883600@isaca-gwdc.org SUMMARY:CET Cloud Fundamentals Review Course DESCRIPTION:The GWDC will be hosting a one-day virtual course for the Certified in Emerging Technology™ (CET) Cloud Fundamentals Certificate on June 2 from 8:30 am to 5:00 PM. \nThis course covers characteristics\, components\, deployment models\, risks\, and business drivers of cloud computing. Learners gain insight into the principles and concepts of cloud computing\, services models\, cloud governance\, and an overview of critical cloud service considerations. The interactive\, self-guided format blends both knowledge and performance-based training components to provide a truly unique and dynamic learning experience that builds and reinforces the critical skills required to perform real-world technical tasks. \nIndividuals with little to zero years’ experience in cloud and those seeking to increase their knowledge and skills in Emerging Technology Topics should attend this event.  It’s also intended for anyone preparing for the CET Cloud fundamentals certificate exam. \nRegistration closes on June 1@ 3pm. \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Overview \n\nJune 2 \nThe course will be held on June 2\, 2025 from \n8:30 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $125 \nThe fee for GWDC Members is $125 for the course.\nThe fee for all other registrants is $200 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 8 CPEs \nAttendees can earn up to 8 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \nModule 1 – Cloud Computing Models \n\nCloud Components\nCloud Service Implementation Considerations\nCloud Deployment Models\n\nModule 2 – Cloud Service Models \n\nSoftware as a Service\nPlatform as a Service\nSolution Stacks\nInfrastructure as a Service\n\nModule 3 – Cloud Governance \n\nBusiness Drivers to Cloud \nRisks Associated with cloud solutions\nCloud Vendor Selection and Management\nPortability of Services\n\nModule 4 – Cloud Service supports \n\nDistinguish between service implementation and support in the cloud\nDescribe the testing and validation requirements for post-cloud implementation\nArticulate the special role that configuration management plays in cloud computing\nIdentify resource management challenges with cloud computing implementations\n\n  \nInstructor \n\n \n\n\nSushila Nair\nCISSP\, GIAC GSTRT\, GSNA GDSA\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair is the CEO of Cybernetic LLC and former Vice President of Capgemini’s North American Cybersecurity practice\, where she played a crucial role in driving secure digital transformation on a global scale. With over 30 years of experience in computing infrastructure\, business\, and security risk analysis\, Sushila has established herself as a leading authority in the cybersecurity domain. Her career highlights include serving as Vice President responsible for global security offers at NTT DATA Services\, a decade of leading her own IT and cybersecurity company across major UK cities\, and serving as a Chief Information Security Officer (CISO) and trusted advisor to boards\, where she honed her expertise in protecting organizations from evolving digital threats. Recognized through the top cybersecurity leader award by Security Magazine\, Sushila’s influence in the industry is undeniable. \nAn esteemed thought leader\, Sushila has shared her insights on prestigious platforms such as RSA Conference and ISACA’s global events. Her active participation in ISACA’s global emerging trends working group and her leadership as President of ISACA’s Greater Washington\, D.C. Chapter underscore her dedication to advancing the field of cybersecurity. In 2024\, her commitment to nurturing the next generation of cybersecurity professionals and promoting diversity in the industry was honored with the prestigious ISACA Technology for Humanity Award. \n \n\n  \nCET Cloud Fundamentals Certificate Exam \nThe exam is be offered via Computer-Based Testing (CBT). \nRegistration and administration of the exam is handled by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \nFor full details on this certificate\, visit the ISACA’s CET Cloud Fundamentals Certificate page. \n  \nExam Preparation \nFor students who wish to take the CET- Cloud fundamentals exam\, it is highly recommended that the prospective candidates should purchase the official study guide and labs here as the exam includes hands on elements. \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 8 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org. \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\nLearning Objective: After completing the course\, students will be prepared to sit for the CET exam.\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/cet-cloud-fundamentals-spring2025/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/08/review_course_cet_cloud.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250607T083000 DTEND;TZID=America/New_York:20250607T170000 DTSTAMP:20250603T002247Z CREATED:20250105T194819Z LAST-MODIFIED:20250603T002247Z UID:33474-1749285000-1749315600@isaca-gwdc.org SUMMARY:Certified Information System Auditor® (CISA®) Review Course (Saturday Sessions) DESCRIPTION:CISA Review Course – Saturday Sessions \nThe ISACA Greater Washington\, D.C. Chapter (GWDC) is hosting an intensive 4-day virtual review course for the Certified Information Systems Auditor® (CISA®) Exam. This course is designed to provide practical guidance on preparing for the CISA exam and will cover the essential job practice areas as defined by ISACA® Global.  \nThis event is ideal for professionals planning to sit for the CISA exam. Attendees are encouraged to prepare in advance to maximize the benefits of the course. \nRegistration for this event has closed.  \nRegister Today! \n  \n\nRe-Take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \n\n  \nCourse Overview \n\nJune 7\, 14\, 21 & 28 \nThe course will be held on June 7\, 14\, 21\, & 28\, 2025 (Saturdays) from 8:30 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe course will be held using Teams. \nPrior to the event\, participants must install the Teams app on their respective devices. Participants using the web-based Teams or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $500 \nThe fee for GWDC Members is $500 for the course.\nThe fee for all other registrants is $1\,000 for the course. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 32 CPEs \nAttendees can earn up to 32 CPEs for this event. \nParticipants must respond to all the poll questions via the Teams polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \nPlease note\, these are estimates as some domains (especially Domains 4 and 5) may span multiple days. \n\nDay 1: 18% Domain 1 – Information Systems Auditing Process & 18% Domain 2 – Governance & Management of IT\nDay 2: 12% Domain 3 – Information Systems Acquisition\, Development & Implementation\nDay 3: 26% Domain 4 – Information Systems Operations & Business Resilience\nDay 4: 26% Domain 5 – Protection of Information Assets\n\n  \nCourse Materials and Exam Resources \nMaterials Provided During the Course \nParticipants will receive a Student Workbook\, including the presentations\, case study\, and quiz questions for each domain. Additional resources\, such as exam tips\, vocabulary lists\, and recommended readings\, will also be provided. \n  \nStudy Recommendations \nThe instructor highly recommends that students purchase the CISA Review Manual and the CISA Review Questions\, Answers\, and Explanations Database – 12 Month ahead of the course date. Below are the study materials available for purchase from the ISACA Bookstore: \n\nCISA Review Manual\nCISA Review Questions\, Answers & Explanations Manual\nCISA Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISA page as part of their study program.  \n  \nInstructors \n\n \n\n\nJim Wiggins\nCISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim has over 28 years of direct experience in the design\, operation\, management\, and auditing of information technology systems\, with the past 23 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses aimed at federal and government contracting clients. \nToday\, Jim is the Founder and Principal of Securible\, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible\, Jim has taught IT security certification courses such as CISSP\, CISM\, CISA\, Ethical Hacking\, RMF\, Security+\, and other courses requested by Securible’s clients. Currently\, he provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com. \nJim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI offers a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org. \nAdditionally\, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501(c)(3) public charity that focuses on cyber education and serves as the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation operates the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at: https://www.fitsifoundation.org. \nIn 2020\, Jim launched a TV show on cybersecurity called “Cybersecurity Today\,” which can be viewed in the Washington\, DC area. Episodes can also be streamed online at the following website: http://www.cybersecuritytoday.org. \nIn 2019\, FCW named Jim to the “Federal 100” for his tireless efforts to promote cybersecurity education across all branches of the federal government. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make on the federal workforce. \nJim holds the following IA/IT security certifications: CISSP\, ISSEP\, CISM\, CISA\, CRISC\, CDPSE\, CGRC\, CySA+\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n \n\n\n \n\n\nTyler Harding\nCPA\, CISA\, CISM\, CISSP\, CAP\, GGEIT\, FITSP:A\, FITSP:M \nTyler Harding is an Information Security and Compliance professional with over 25 years of experience. Currently\, Mr. Harding is a Sr. Technical Advisor on cybersecurity and cloud policy with the Department of Defense\, Office of the CIO. Prior to his role at DoD\, he has led security and privacy teams to achieve ISO 27001 certifications and clean SOC 2 attestation reports at Amazon.com. While with Amazon Web Services\, Tyler was the DoD Security and Compliance Manager and led efforts to accredit AWS cloud services to Impact Levels 4 and 5 under DoD’s Cloud Computing Security Requirements Guide (CC SRG). Before joining Amazon in 2019\, Tyler spent over 20+ years in public accounting firms such as PWC\, KPMG\, and Kearney & Company in their respective IT audit practices and led engagement teams through many SOC 1\, FISMA\, and financial statement audits. Tyler holds numerous certifications including his CPA\, CISA\, CISM\, CGEIT\, CISSP\, CGRC\, FITSP:A\, and FITSP:M. \nAs a recovering IT auditor\, Tyler now enjoys his summers and falls swimming\, cycling\, and playing an occasional round of golf! Tyler has also supported the ISACA Greater Washington D.C. Chapter for over 20 years by teaching CISA\, CISM\, and CGEIT review courses. \n\n  \nMore Information on CISA \n \nRegistration for the CISA exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CISA and Exam Registration \n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \nCPE Information \nEarn up to 32 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\nLearning Objective: After completing the course\, students will be prepared to sit for the CISA exam.\nPrerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/certified-information-system-auditor-cisa-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/08/review_course_CISA.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250612T120000 DTEND;TZID=America/New_York:20250612T130000 DTSTAMP:20250430T162134Z CREATED:20250427T171026Z LAST-MODIFIED:20250430T162134Z UID:33862-1749729600-1749733200@isaca-gwdc.org SUMMARY:2025 Annual General Meeting of the Chapter Membership DESCRIPTION:The ISACA® GWDC Annual General Meeting (AGM) is the Board of Directors’ annual meeting with the GWDC membership. During this year’s AGM\, the Board will provide a year in review for the chapter and present the annual Chapter Awards.  There is no CPE for this event. \nThis virtual meeting will on June 12\, 2025 from 12 – 1:00 pm.  All current GWDC members are invited to attend. Registration is required. An email will be sent to all Chapter Members with the registration link. If you did not receive the email\, contact us using the Registration Questions link below. \nRegistration closes on June 11\, 2025 @ 3pm.  \n  \nAdditional Information \nVirtual Meeting Information \n\nThis event will be presented through Zoom.\nPrior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. \n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. URL:https://isaca-gwdc.org/event/2025-annual-general-meeting-of-the-chapter-membership/ LOCATION:Virtual Event CATEGORIES:Annual Meeting ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/05/agm_2024_2.png ORGANIZER;CN="Mike Howard":MAILTO:itadmin2@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250625T123000 DTEND;TZID=America/New_York:20250625T133000 DTSTAMP:20250619T140551Z CREATED:20250608T134656Z LAST-MODIFIED:20250619T140551Z UID:34011-1750854600-1750858200@isaca-gwdc.org SUMMARY:Level Up Webinar - Reengineering Your Career in Times of Uncertainty: Exploring ISACA Professional Certifications DESCRIPTION:“Level Up: Elevate Your Brand with ISACA GWDC” is a free webinar series designed to help members and non-members in the tech space stand out in a competitive job market. These bite-sized\, actionable sessions focus on the skills that don’t always come with a certification—but make a big difference in landing the job or leadership role you want. \nWe’ll cover how to use AI to sharpen your interview game\, grow your executive presence\, understand which ISACA certifications best align with your career goals\, and how to tell your story in a way that resonates with recruiters and boards alike. \nAll sessions are short\, high-impact\, and recorded for later viewing on our YouTube channel. No CPEs—just insights to grow your brand\, expand your opportunities\, and take your career to the next level. \nRegistration closes on June 25th @ 12 PM. \nRegister Today! \n  \nWebinar Overview \n\nJune 25 \nThe webinar will be held on June 25\, 2025 from \n12:30 PM to 1:30 PM. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe workshop will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nComplimentary Attendance \nThere is no fee for this event. \nTo become a member and take advantage of the member rate for our other events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nNo CPEs \nNo CPEs are awarded for this event. \n  \n  \n  \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n \n\n12:30 PM – 01:30 PM \n\n\nReengineering Your Career in Times of Uncertainty: Exploring ISACA Professional Certifications \nPresenter: Dr. Sandra Fonseca \nWe are living in times of uncertainty and stress\, but it is during times of uncertainty where we can reinvent ourselves. The time is now to rethink our professional career and pursue alternative paths considering getting professional micro-credentials or professional certifications. During this session we will discuss strategies and tips to reengineer our careers\, and introduce you to ISACA Certifications\, from micro-credentials and professional certifications so that you can decide which one fits best to your professional goals. \n\n  \nPresenter \n \n\n \n\n\nDr. Sandra Fonseca \nDr. Sandra Fonseca is an Information Technology Professional with over 30 years of experience in the IT field industry\, 15 of them as Systems Security Manager\, Project Manager\, and later on as Data Architect at a federal agency in Washington\, D.C. Her academic career spans 28 years\, having taught in all modalities\, undergraduate and graduate on traditional brick and mortar classroom\, hybrid\, teleconference\, and online. She has also served as Program Director for IT and Cybersecurity Programs for an Online University in the US. Dr. Fonseca also works as instructional designer subject matter expert in course development\, oversees SME’s course contents\, and collaborates in program assessment mapping. Professional development and engagement in professional organizations is essential\, and has served for the board of directors for professional associations like ISACA\, ISSA\, PMI\, ACFE and ASQ. Currently she volunteers to the GWDC Chapter to the office of the secretary. Dr. Fonseca has a doctoral degree in business with a specialization in management information systems (DBA-MIS)\, and a second doctoral degree in education with a specialization in instructional design (EdD-ID). Her areas of Specialty are: IT\, Accounting\, Audit\, Project Management\, Operations Management\, and Quantitative Research Methods. \n\n\n \n\n\nSafia Kazi\nPrincipal\, Privacy Professional Practices @ ISACA\nAIGP\, CIPT \nSafia Kazi is a privacy professional practices principal at ISACA. In this role\, she focuses on the development of ISACA’s privacy-related resources\, including books\, white papers\, and review manuals. Kazi has worked at ISACA for more than a decade\, previously working on the ISACA Journal and developing the award-winning ISACA Podcast. \n\n  \nEvent Questions and Policies \n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. URL:https://isaca-gwdc.org/event/level-up-webinar-reengineering-your-career-in-times-of-uncertainty-exploring-isaca-professional-certifications/ LOCATION:Virtual Event CATEGORIES:Virtual Event ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/06/webinar_levelup.png END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250626T083000 DTEND;TZID=America/New_York:20250626T123000 DTSTAMP:20250625T181216Z CREATED:20241231T184338Z LAST-MODIFIED:20250625T181216Z UID:33380-1750926600-1750941000@isaca-gwdc.org SUMMARY:Risk Management Conference DESCRIPTION:Risk management is the cornerstone of effective governance and cybersecurity in an era defined by rapid technological innovation. The Risk Management Conference 2025 is designed to equip professionals in IT audit\, cybersecurity\, and governance with the tools and insights necessary to navigate complex risk landscapes. \nThis conference explores cutting-edge approaches to risk management\, with a focus on the NIST Risk Management Framework (RMF) and other industry-leading frameworks that empower organizations to identify\, assess\, and mitigate risks effectively. Attendees will gain actionable knowledge on: \n\nImplementing and tailoring risk management frameworks to align with organizational goals and compliance requirements\nAddressing the unique risks posed by emerging technologies such as artificial intelligence and cloud computing\nStrengthening governance structures to drive accountability and resilience\nPractical case studies showcasing successful risk management strategies in real-world scenarios\n\nWhether you’re focused on AI risks\, securing cloud environments\, or enhancing your organization’s governance practices\, this conference offers the expertise\, practical guidance\, and collaborative opportunities to advance your risk management strategies. Join us to gain the insights and frameworks you need to navigate today’s risks and prepare for tomorrow’s challenges. \nRegistration closes on June 25th @ 3pm. \nRegister Today! \n  \nConference Overview \n\nJune 26 \nThe conference will be held on June 26\, 2025 from \n8:30 am to 12:30 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe workshop will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $10 \nThe fee for GWDC Members is $10 for the conference.\nThe fee for all other registrants is $30 for the conference. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 4 CPEs \nAttendees can earn up to 4 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n \n\n08:30 AM – 09:30 AM \n\n\nCyber Risk Management in Practice: A Strategic Playbook for CISOs \nPresenter: Russell Eubanks (Cyverity\, SANS Institute) \nBalancing risk reduction with business enablement isn’t just a theory—it’s a challenge cybersecurity leaders face daily. Cyber Risk Management in Practice: A Strategic Playbook for CISOs is a presentation designed for CISOs\, cybersecurity executives\, and program managers who need more than frameworks—they need guidance they can act on. \nIn this session\, Russell Eubanks\, Principal Instructor at the SANS Institute and Managing Partner at Cyverity\, will discuss the practical elements of an effective cybersecurity risk management program. He’ll explain how to evaluate your current cybersecurity posture\, prioritize safeguard investments using a “good\, better\, best” model\, and close the gap between today’s risk realities and tomorrow’s security goals. \nAttendees will be introduced to a structured approach from the Cybersecurity Risk Foundation’s Governance and Risk Model (CRF-GRM)\, a proven methodology for turning cybersecurity strategy into repeatable action. You’ll leave with concrete steps to build a risk-informed roadmap\, embed cybersecurity into business decision-making\, and create a continuous improvement cycle. \nWhether strengthening your existing risk management program or building one from the ground up\, this webcast offers real-world techniques and strategic insight to help you make smarter\, more defensible decisions. \n\n \n\n09:30 AM – 10:30 AM \n\n\nBuilding Strong Governance for Accountability and Resilience \nPresenter: Elizabeth Dunsmoor (Shared Assessments) \nLearn how to strengthen governance structures to drive accountability and organizational resilience. The session will cover: \n\nGovernance Models – Overview of effective governance models and their key components\nAccountability Mechanisms – Strategies for establishing clear accountability and oversight\nResilience Building – Enhancing organizational resilience through robust governance practices\n\n\n \n\n10:30 AM – 11:30 AM \n\n\nA Fireside chat on “AI in the Crosshairs: Legal\, Risk and Cybersecurity Challenges in the Age of Generative AI” \nPresenters: Nick Lockett (ADL Solicitors) and Sushila Nair (Cybernetic LLC) \nArtificial Intelligence\, particularly Generative AI (GenAI)\, is reshaping industries with its innovative capabilities\, from content creation to complex decision-making. However\, with these advancements come significant cybersecurity and legal challenges. In this one-hour fireside chat\, a cybersecurity expert and a legal professional will dive into the complex interplay between AI technology and its risks. \nThe discussion will explore how GenAI is both a tool and a target in cybersecurity\, examining its role in threat detection as well as its misuse for creating deep fakes and automating cyberattacks. From a legal standpoint\, the conversation will delve into data privacy concerns\, intellectual property issues\, regulatory implications\, and ethical considerations surrounding AI use and development\, considering EU\,UK and US AI laws and Codes of Practice and how this impacts on competition in the AI field. Together\, the speakers will offer practical insights into securing AI-driven systems and ensuring compliance with emerging legal frameworks. \nThis engaging dialogue aims to provide actionable strategies for managing AI’s risks while embracing its potential\, catering to professionals navigating this transformative. \n\n \n\n11:30 AM – 12:30 AM \n\n\nRisk and Compliance: A Digital Transformation Journey – Day 0 to Day 5 \nPresenter: Bhargav Trivedi (Capital One) \nThis five-day journey guides organizations through a focused digital transformation of the risk and compliance functions. Starting with Day 0 alignment on vision and priorities\, the process quickly progresses to designing future-state models\, identifying digital enablers\, and integrating data-driven strategies. By Day 5\, organizations emerge with a clear roadmap and executive buy-in to implement agile\, tech-enabled risk and compliance capabilities. \n\n  \nPresenters \n\n \n\n\nRussell Eubanks\nManaging Partner @ Cyverity\nPrincipal Instructor at the SANS Institute \nRussell is a Principal Instructor at the SANS Institute and Managing Partner at Cyverity\, an information security consulting firm specializing in governance and fractional CISO. He is the former CIO and CISO of the Federal Reserve Bank of Atlanta. Russell has developed cybersecurity programs from the ground up and also led extensive cybersecurity teams. Russell actively seeks opportunities to add value to organizations and measurably increase their overall security posture. \n \n\n  \n \n\n \n\n\nElizabeth Dunsmoor\nThird-Party Risk Management (TPRM) Principal @ Shared Assessments \nElizabeth Dunsmoor is a Third-Party Risk Management (TPRM) Principal at Shared Assessments. With over 15 years of experience in the TPRM field\, Elizabeth has designed holistic TPRM programs and assessed risks across various sectors\, such as cybersecurity\, financial services\, manufacturing\, and healthcare. Elizabeth excels at transforming risk strategies into actionable frameworks\, partnering with procurement and corporate teams to strengthen risk resilience. She is also committed to developing cross-functional leadership within the risk management space. In her current role\, Elizabeth trains business leaders on third-party risk program requirements\, third-party capabilities\, and performance expectations. \nAbout Shared Assessments: In our global economy where third-party services are essential\, Shared Assessments is at the forefront of providing thought leadership\, standards\, and education to drive third-party risk assurance. \n \n\n \n\n \n\n\nNick Lockett\nFounding partner @ ADL Solicitors (London) \nNick Lockett\, founding partner of ADL Solicitors in London\, is a barrister and solicitor-advocate with over 30 years of experience in IT law\, including leading roles in top law firms\, Sidley & Austin (London) and McDermott Will\, Emery & Stanbrook (Brussels). Currently within Nick’s Advanced Technology practice\, Nick focuses on the legal and ethical implications of AI and founder of the Centre for Assessment of AI Risk & Opportunity (CAAIRO) and has a forthcoming book\, “Techsistential Risk: AI Law and Ethics\,” (due late 2025). Nick’s extensive experience allows him to navigate the complexities of AI governance\, ensuring compliance with evolving legal frameworks\, and addressing ethical considerations in technology deployment. \n \n\n\n \n\n\nSushila Nair\nCEO @ Cybernetic LLC\nCISSP\, GIAC GSTRT\, GSNA GDSA\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair is the CEO of Cybernetic LLC and former Vice President of Capgemini’s North American Cybersecurity practice\, where she played a crucial role in driving secure digital transformation on a global scale. With over 30 years of experience in computing infrastructure\, business\, and security risk analysis\, Sushila has established herself as a leading authority in the cybersecurity domain. Her career highlights include serving as Vice President responsible for global security offers at NTT DATA Services\, a decade of leading her own IT and cybersecurity company across major UK cities\, and serving as a Chief Information Security Officer (CISO) and trusted advisor to boards\, where she honed her expertise in protecting organizations from evolving digital threats. Recognized through the top cybersecurity leader award by Security Magazine\, Sushila’s influence in the industry is undeniable. \nAn esteemed thought leader\, Sushila has shared her insights on prestigious platforms such as public radio\, RSA Conference and ISACA’s global events. Her active participation in ISACA’s global emerging trends working group and her leadership as President of ISACA’s Greater Washington\, D.C. Chapter underscore her dedication to advancing the field of cybersecurity. In 2024\, her commitment to nurturing the next generation of cybersecurity professionals and promoting diversity in the industry was honored with the prestigious ISACA Technology for Humanity Award and Security Magazine’s Top Cybersecurity leader. \n \n\n \n\n \n\n\nBhargav Trivedi\nSenior Director of Software Engineering @ Capital One \nBhargav leads the Enterprise and Operational Risk Management Technology teams within Risk Tech. Over the past 6 years\, he has played a pivotal role in architecting and delivering technology solutions that support Capital One’s risk identification\, assessment\, control monitoring\, and issue management processes. Prior to this\, he spent 5 years in Commercial Bank Technology\, focusing on resilient\, scalable platforms. Bhargav is passionate about the intersection of risk and technology\, particularly in using AI\, automation\, and data analytics to strengthen risk posture\, enable proactive risk management\, and improve control effectiveness. He is a champion of building secure\, transparent systems that empower first and second-line risk teams to make timely\, risk-informed decisions. Bhargav is based in Richmond\, VA. Before joining Capital One\, he was a software architect at American Express\, supporting critical capabilities in the Business Travel division. His early career included roles at GE Commercial Finance and PNC Bank\, where he gained foundational experience in financial risk\, credit systems\, and data governance frameworks. Outside the office\, Bhargav enjoys playing chess\, spending time with his two young boys\, and keeping up with the latest in tech innovation through podcasts. His mission is not only to build software—but to lead the transformation of risk management through technology. \n \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about current and future trends in the IT Audit space. \n  \nCPE-Related Details \n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/risk-management-conference-2025/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2024/12/conference-risk-management.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250709T123000 DTEND;TZID=America/New_York:20250709T133000 DTSTAMP:20250608T140954Z CREATED:20250608T140954Z LAST-MODIFIED:20250608T140954Z UID:34022-1752064200-1752067800@isaca-gwdc.org SUMMARY:Level Up Webinar - GenAI Your Job Hunt: Smarter Ways to Land the Role You Want DESCRIPTION:“Level Up: Elevate Your Brand with ISACA GWDC” is a free webinar series designed to help members and non-members in the tech space stand out in a competitive job market. These bite-sized\, actionable sessions focus on the skills that don’t always come with a certification—but make a big difference in landing the job or leadership role you want. \nWe’ll cover how to use AI to sharpen your interview game\, grow your executive presence\, understand which ISACA certifications best align with your career goals\, and how to tell your story in a way that resonates with recruiters and boards alike. \nAll sessions are short\, high-impact\, and recorded for later viewing on our YouTube channel. No CPEs—just insights to grow your brand\, expand your opportunities\, and take your career to the next level. \nRegistration closes on July 9th @ 12 PM. \nRegister Today! \n  \nWebinar Overview \n\nJuly 9 \nThe webinar will be held on July 9\, 2025 from \n12:30 PM to 1:30 PM. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe workshop will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nComplimentary Attendance \nThere is no fee for this event. \nTo become a member and take advantage of the member rate for our other events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nNo CPEs \nNo CPEs are awarded for this event. \n  \n  \n  \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n \n\n12:30 PM – 01:30 PM \n\n\nGenAI Your Job Hunt: Smarter Ways to Land the Role You Want \nPresenter: Sushila Nair (Cybernetic LLC) \nIn today’s competitive job market\, standing out takes more than just a polished résumé—it takes strategy\, speed\, and insight. In this fast-paced session\, learn how to harness the power of Generative AI to elevate every part of your job search. From drafting custom cover letters to refining your LinkedIn profile\, preparing for interviews\, and tailoring your résumé to specific job descriptions\, AI can become your personal career coach. We’ll show you the do’s\, don’ts\, and real-world use cases so you can job search smarter—not harder. Whether you’re making a career pivot or just getting started\, this session will give you a competitive edge. \n\n  \nPresenter \n \n\n \n\n\nSushila Nair\nCEO of Cybernetic LLC\nCISSP\, GIAC GSTRT\, GSNA GDSA\, CISA\, CISM\, CRISC\, CDPSE\, CCSK\, CCAK \nSushila Nair is the CEO of Cybernetic LLC and former Vice President of Capgemini’s North American Cybersecurity practice\, where she played a crucial role in driving secure digital transformation on a global scale. With over 30 years of experience in computing infrastructure\, business\, and security risk analysis\, Sushila has established herself as a leading authority in the cybersecurity domain. Her career highlights include serving as Vice President responsible for global security offers at NTT DATA Services\, a decade of leading her own IT and cybersecurity company across major UK cities\, and serving as a Chief Information Security Officer (CISO) and trusted advisor to boards\, where she honed her expertise in protecting organizations from evolving digital threats. Recognized through the top cybersecurity leader award by Security Magazine\, Sushila’s influence in the industry is undeniable. \nAn esteemed thought leader\, Sushila has shared her insights on prestigious platforms such as RSA Conference and ISACA’s global events. Her active participation in ISACA’s global emerging trends working group and her leadership as President of ISACA’s Greater Washington\, D.C. Chapter underscore her dedication to advancing the field of cybersecurity. In 2024\, her commitment to nurturing the next generation of cybersecurity professionals and promoting diversity in the industry was honored with the prestigious ISACA Technology for Humanity Award. \n \n\n  \nEvent Questions and Policies \n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. URL:https://isaca-gwdc.org/event/level-up-webinar-genai-your-job-hunt-smarter-ways-to-land-the-role-you-want/ LOCATION:Virtual Event CATEGORIES:Virtual Event ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/06/webinar_levelup.png END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250716T123000 DTEND;TZID=America/New_York:20250716T133000 DTSTAMP:20250714T231410Z CREATED:20250608T140031Z LAST-MODIFIED:20250714T231410Z UID:34016-1752669000-1752672600@isaca-gwdc.org SUMMARY:Level Up Webinar - Your Career Story\, Rewritten: Resumes\, LinkedIn & Cover Letters That Work DESCRIPTION:“Level Up: Elevate Your Brand with ISACA GWDC” is a free webinar series designed to help members and non-members in the tech space stand out in a competitive job market. These bite-sized\, actionable sessions focus on the skills that don’t always come with a certification—but make a big difference in landing the job or leadership role you want. \nWe’ll cover how to use AI to sharpen your interview game\, grow your executive presence\, understand which ISACA certifications best align with your career goals\, and how to tell your story in a way that resonates with recruiters and boards alike. \nAll sessions are short\, high-impact\, and recorded for later viewing on our YouTube channel. No CPEs—just insights to grow your brand\, expand your opportunities\, and take your career to the next level. \nRegistration closes on July 16th @ 12 PM. \nRegister Today! \n  \nWebinar Overview \n\nJuly 16 \nThe webinar will be held on July 16\, 2025 from \n12:30 PM to 1:30 PM. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe workshop will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nComplimentary Attendance \nThere is no fee for this event. \nTo become a member and take advantage of the member rate for our other events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nNo CPEs \nNo CPEs are awarded for this event. \n  \n  \n  \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n \n\n12:30 PM – 01:30 PM \n\n\nTailoring your Professional Career: Competitive Resume Toolkit \nPresenter: Dr. Carmen I. Figueroa-Medina \nYour experience matters—but how you tell your career story is what opens doors. As more professionals navigate career transitions—especially those shifting from federal roles to the private sector—knowing how to translate your value in a way that resonates with today’s hiring managers is key. \nThis webinar will walk you through the three essential tools of a strong job search: a private-sector-ready resume\, an optimized LinkedIn profile\, and a cover letter that actually gets read. We’ll go over how to reframe government-focused language\, showcase your impact\, and present yourself as the high-performing\, results-oriented candidate employers are looking for. And while federal-to-private transitions are a key focus\, the strategies shared are useful for anyone ready to update their materials and stand out in a competitive job market. \nWhether you’re responding to workforce shifts or proactively planning your next move\, you’ll leave with clear\, actionable tips to confidently tell your story. \n\n  \nPresenter \n \n\n \n\n\nDr. Carmen I. Figueroa-Medina \nCarmen I. Figueroa-Medina has over Twenty (20) years of academic experience teaching human resources management in higher education with years of student career development\, leadership advising dedicated to SHRM Student Chapters (University of Puerto Rico\, Río Piedras Campus & University of Puerto Rico\, Mayaguez Campus). Fourteen (14) years of SHRM Volunteer Leader and HRM Diversity and Inclusion Advocate. 2016 Best Paper Award ABWIC Conference. SHRM Recognition on five (5) Outstanding Student Chapter Merit Awards and five (5) Superior Merit Award (2012-2022). Traumatic Brain Injury Advocate and Member of the Board of Directors of LSG Foundation. \n\n  \nEvent Questions and Policies \n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. URL:https://isaca-gwdc.org/event/level-up-webinar-your-career-story-rewritten-resumes-linkedin-cover-letters-that-work/ LOCATION:Virtual Event CATEGORIES:Virtual Event ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/06/webinar_levelup.png END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250730T123000 DTEND;TZID=America/New_York:20250730T133000 DTSTAMP:20250608T132709Z CREATED:20250608T132709Z LAST-MODIFIED:20250608T132709Z UID:33982-1753878600-1753882200@isaca-gwdc.org SUMMARY:Level Up Webinar - Realign Your Career for Clarity and Impact DESCRIPTION:“Level Up: Elevate Your Brand with ISACA GWDC” is a free webinar series designed to help members and non-members in the tech space stand out in a competitive job market. These bite-sized\, actionable sessions focus on the skills that don’t always come with a certification—but make a big difference in landing the job or leadership role you want. \nWe’ll cover how to use AI to sharpen your interview game\, grow your executive presence\, understand which ISACA certifications best align with your career goals\, and how to tell your story in a way that resonates with recruiters and boards alike. \nAll sessions are short\, high-impact\, and recorded for later viewing on our YouTube channel. No CPEs—just insights to grow your brand\, expand your opportunities\, and take your career to the next level. \nRegistration closes on July 30th @ 12 PM. \nRegister Today! \n  \nWebinar Overview \n\nJuly 30 \nThe webinar will be held on July 30\, 2025 from \n12:30 PM to 1:30 PM. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe workshop will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nComplimentary Attendance \nThere is no fee for this event. \nTo become a member and take advantage of the member rate for our other events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nNo CPEs \nNo CPEs are awarded for this event. \n  \n  \n  \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \nAgenda \n \n\n12:30 PM – 01:30 PM \n\n\nRealign Your Career for Clarity and Impact \nPresenter: Amy Krymkowski (Better Path Consulting) \nThis interactive workshop is designed for professionals who are feeling stuck or facing uncertainty in their careers. Using self-reflection and a powerful assessment tool\, participants will gain clarity on what’s helping or hindering their job satisfaction\, well-being\, and leadership effectiveness. Whether you’re navigating a job transition or looking to realign your current career path\, this workshop will help you uncover areas of misalignment and identify actionable steps to move forward with confidence and purpose. By the end of the session\, you’ll leave with clear insights and an action plan to improve both your professional and personal satisfaction as you take the next step in your career journey. \n\n  \nPresenter \n \n\n \n\n\nAmy Krymkowski\nCEO and Founder of Better Path Coaching \nAmy Krymkowski is the CEO and Founder of Better Path Coaching\, specializing in guiding accomplished midlife professionals through career transitions and transformations. The coaching approach is holistic and human-centered\, helping clients navigate change\, rediscover their purpose\, and build meaningful careers that align with both their values and aspirations. With a background in human resource management\, employee development\, and entrepreneurship\, Ms. Krymkowski bring a wealth of experience in leadership development and executive coaching. My journey has shaped my passion for empowering others to embrace new professional identities that align with their personal purpose and vision. \n \n\n  \nEvent Questions and Policies \n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. URL:https://isaca-gwdc.org/event/level-up-webinar-realign-your-career-for-clarity-and-impact/ LOCATION:Virtual Event CATEGORIES:Virtual Event ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/06/webinar_levelup.png END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20250925T083000 DTEND;TZID=America/New_York:20250925T123000 DTSTAMP:20250925T113911Z CREATED:20250819T023957Z LAST-MODIFIED:20250925T113911Z UID:34219-1758789000-1758803400@isaca-gwdc.org SUMMARY:Cloud Conference 2025 DESCRIPTION:  \n \n  \nSeptember 25\, 2025\nVirtual Event (Zoom)\nEarn up to 4 CPE\n$10 for GWDC Members\n$30 for Non-Members \n  \n  \n\n\n\nCloud Conference 2025 \nNext-Gen Cloud & Mobile Security: Mastering Compliance\, Addressing Emerging Risks\, API Protection\, and Cloud Trends \nIn a world where over 80% of organizational resources are now hosted in the cloud and more than 90% of internet traffic is API-based\, understanding and mitigating cybersecurity risks has never been more crucial. This virtual conference is tailored for cybersecurity professionals\, auditors\, and IT leaders who need to stay ahead of evolving threats and ensure robust security for their cloud environments. \nJoin us for an enlightening day of expert insights\, practical tips\, and actionable strategies that will empower you to enhance your cloud security posture. Our lineup of distinguished speakers will guide you through the complexities of continuous compliance\, API security\, and the latest cloud security trends. \nRegistration closes on September 24th @ 5PM. \nRegister Today! \n  \n\n\n\n  \nSponsorship Opportunities \nIf you are interested in sponsoring this event\, or sponsoring the chapter as an annual sponsor\, please visit our sponsorship page. \nSponsorship Info \n  \n\n\n\nEvent Details \n\nDate and Time \n\n\nThe conference will be held on September 25\, 2025 from 8:30 am to 12:30 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \n\n\nVirtual Event \n\n\nThe conference will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n  \n\n\nPricing \n\n\nThe fee for GWDC Members is $10 for the conference.\nThe fee for all other registrants is $30 for the conference. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \n\n\nEvent Policies \n\n\nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n  \n\n  \n\n\n\n  \nInterested in Speaking at a Chapter Event \nIf you are interested in speaking at an upcoming conference\, please visit the Call for Speakers page and complete the form. \nCall for Speakers \n  \n\n\n\nConference Agenda \nConference agendas may change due to schedule conflicts and other unexpected situations. If a previously published agenda has changed\, the changes will be noted. \n  \n \n\n08:30 AM – 09:30 AM \n\n\nStopping Breaches Before They Start with AI-Powered Cloud Security \nPresenter: Carley Simon (Microsoft) \nThis session will explore how artificial intelligence and automation are transforming cloud security and what that means for cyber and IT auditors. We will dive into real-world breach scenarios\, such as privilege escalation and lateral movement in hybrid cloud environments\, and show how AI can be used to detect misconfigurations\, flag anomalous behavior\, and enforce compliance at scale. Attendees will walk away with a framework for auditing AI-augmented cloud environments\, including key questions to ask\, controls to validate\, and red flags to watch for in environments using tools like Microsoft Defender for Cloud\, Purview\, and Entra Permissions Management. \n\n \n\n09:30 AM – 10:30 AM \n\n\nAI-Powered Enterprise Security Risk Posture Management (ESRPM) in the Cloud: From Compliance to Continuous Digital Trust \nPresenter: Lalit Ahluwalia (DigitalXForce & XForce Galaxy) \nAs cloud adoption accelerates\, enterprises face unprecedented complexity in securing multi-cloud environments while meeting compliance demands. Traditional GRC tools are static and reactive\, leaving organizations vulnerable to evolving threats and regulatory gaps. This session will explore how AI-powered Enterprise Security Risk Posture Management (ESRPM) transforms cloud security and compliance into a real-time\, automated\, and outcome-driven discipline. \nAttendees will learn how to: \n\nContinuously map cloud assets to risks and controls\nAutomate compliance testing and evidence collection\nQuantify security posture in business terms\nEstablish digital trust through AI-driven risk intelligence/li>\n\nThis session is ideal for CISOs\, cloud security leaders\, and risk executives seeking to shift from compliance checklists to measurable cyber resilience. \n\n \n\n10:30 AM – 11:30 AM \n\n\nThe Cloud Changes Everything: Why Your Compliance Strategy Doesn’t \nPresenters: Terrence Williams (SANS) \nStop fighting the cloud with on-premises thinking. While your organization burns budget on third party tools and platforms designed for data centers\, AWS\, Azure\, and Google Cloud offer services that can be strategically automated for continuous compliance that costs fractions of traditional tools—yet most enterprises don’t know these capabilities exist. \nThis session explores the compliance revolution happening in plain sight: native cloud services that automatically enforce NIST controls\, AI that predicts violations before they occur\, and abstraction layers that eliminate vendor lock-in across multi-cloud environments. We’ll talk about whether continuous compliance automation can replace periodic audits and examine what happens when you treat compliance as code instead of paperwork. \nThe cloud isn’t just different infrastructure—it’s a fundamentally different approach to security and governance. While third-party vendors exploit knowledge gaps with expensive “cloud-washing” of legacy tools\, cloud providers deliver genuine innovation through services you’re already paying for. Join us as we explore what’s possible when you leverage the cloud’s native intelligence instead of fighting against it. \n\n \n\n11:30 AM – 12:30 PM \n\n\nAbove the Clouds: Navigating Audit & Compliance in Cloud Services \nPresenter: John Heath (KPMG) \nThe presentation will cover basics of cloud computing types\, service delivery models\, and how an auditor’s consideration of logical access controls\, program change management controls\, and other controls may be influenced by an entity’s use of a cloud service provider to host its systems. \n\n  \n\n\n\n  \nShare this Event \nIf you are interested\, planning to attend\, or attending this event\, please share with your colleagues across your social media networks. \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \n  \n\n\n\nPresenters \nAt times presenters for a session may change due to schedule conflicts and other unexpected situations. If a previously presenter has been substituted\, the changes will be noted. \n  \n \n\n \n\n\nCarley Simon\nSenior Data Security Solutions Engineer & Microsoft Federal \nCarley Salmon is a Senior Data Security Solutions Engineer at Microsoft Federal\, where she empowers Department of Defense customers to meet stringent data security and compliance requirements. With a deep understanding of regulatory frameworks and Microsoft’s security portfolio\, Carley delivers technical demonstrations and strategic guidance that help defense organizations navigate complex cybersecurity landscapes. Her work is grounded in real-world experience\, having served as a Team Chief and founding assessor at the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC)\, where she led assessments aligned to DFARS Clause 252.204-7012 and NIST SP 800-171. \nAn Army veteran and former Blackhawk helicopter pilot\, Carley brings a unique dual perspective as both a warfighter and technologist. Her leadership in the USANG and her hands-on experience in cybersecurity assessments inform her mission-driven approach to securing sensitive information. Carley’s passion for data protection and her commitment to national defense make her a compelling voice in the federal cybersecurity community. \n  \n\n \n\n \n\n\nLalit Ahluwalia\nCEO & Founder DigitalXForce & XForce Galaxy \nLalit Ahluwalia is an award-winning cybersecurity executive\, and entrepreneur with over two decades of experience driving global security\, risk management\, and digital trust transformation. He is the CEO & Founder of “DigitalXForce” and “XForce Galaxy”\, his dream ventures committed to redefine the future of cybersecurity. \nLalit is an industry thought leader\, keynote speaker\, and pioneer in AI-powered Enterprise Security Risk Posture Management (ESRPM) and automated GRC solutions. He has led the North America Security practice for Accenture\, Global Cybersecurity practice at Wipro\, and diverse portfolio of security initiatives for Deloitte and PwC. \nLalit has been recognized at North Texas Top 500 Business Leaders by DCEO and awarded the 40 Under 40 by Business Journals and CIO-CTO – Excellence in Cyber Security award by Dallas Magazine for his contributions in the Cyber Security field. \n \n\n \n\n \n\n\nTerrence Williams\nCertified Instructor @ SANS \nWith a trident of expertise in Digital Forensics and Incident Response (DFIR)\, Computer Science\, and Cloud Environments\, Terrence approaches each class with the resounding belief that if individuals are not making those around them better\, then what are they doing? As an instructor\, Terrence’s commitment is to ensure that every encounter leaves individuals better equipped and empowered than before. This philosophy underscores his teaching approach\, emphasizing the transformative power of cybersecurity and the boundless possibilities that emerge with the right mindset. \nTerrence’s journey into cybersecurity wasn’t a deliberate choice; instead\, it was a path he navigated as a Marine. He found his roots and thrived in the ever-evolving game of chess that is cybersecurity. The constant challenge to stay ahead\, the perpetual growth\, and the desire to continuously learn are the driving forces behind Terrence’s commitment to this career. \nBeyond the technical realm\, Terrence’s interests and hobbies are as diverse as the winds that blow. Engaging in community efforts\, whether through international travel\, exploring new restaurants\, or discovering that hidden bourbon bar\, he finds joy in connecting with people from all walks of life. Coming from a background that limited his exposure to the world\, Terrence now embraces every opportunity to learn about it. \n \n\n \n\n \n\n\nJohn Heath\nDirector\, Audit\, Technology Assurance @ KPMG LLP \nJohn Heath is a Technology Assurance – Audit Director in KPMG’s Federal practice\, bringing over 20 years of expertise in audit and advisory services to the Federal Government\, commercial organizations\, and not-for-profit entities. His career has been predominantly centered on IT support for financial statement audits and System and Organization Control (SOC) examinations. From 2009 to 2011\, John expanded his global experience by delivering audit services for KPMG’s Swiss member firm in Geneva\, Switzerland. \nBeyond his client-facing responsibilities\, John supports various firm initiatives: \n\nNational Training Facilitator: Leading training initiatives to enhance team capabilities.\nRecruitment Support: Actively involved in recruiting top talent.\nTechnology Implementation Leader: Spearheading the rollout of Alteryx Designer for the Federal Technology Assurance – Audit practice.\nQuality Reviewer: Serving as a reviewer for the firm’s quality review program.\nCareer Advisory Leader: Previously Chaired the Career Advisory Board\, and recently joined the Executive Advisory Council for his alma mater’s business school.\n\nJohn holds a Bachelor of Science in Information Systems Management and International Business\, and a Bachelor of Arts in French from Salisbury University\, class of 2005. \n \n\n  \n\n\n\n  \nQuestions about this Event \n\n\nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n  \n\n\n\nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \n\nPoll Questions \n\n\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n  \n\n\nCPE Distribution and Evaluation Survey \n\n\nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \n\n\nLearning Objective \n\n\nAfter attending this event\, attendees will learn about current and future trends in the cloud security space. \n  \n\n\nCPE-Related Details \n\n\n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/cloud-conference-2025/ LOCATION:Virtual Event CATEGORIES:Conferences ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/08/cloud_2025.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20251018T090000 DTEND;TZID=America/New_York:20251018T170000 DTSTAMP:20251007T135312Z CREATED:20250830T025333Z LAST-MODIFIED:20251007T135312Z UID:34501-1760778000-1760806800@isaca-gwdc.org SUMMARY:NIST Privacy Framework Workshop 2025 DESCRIPTION:  \n \n  \nOctober 18\, 2025\nVirtual Event (Teams)\nEarn up to 7 CPE\n$125 for GWDC Members\n$200 for Non-Members \n  \n  \n\n\n\nNIST Privacy Framework Workshop \nThis intensive one-day virtual workshop\, “NIST Privacy Framework\,” scheduled for Saturday\, October 18th\, 2025\, will provide participants with a thorough understanding of how to manage privacy risks and protect individual privacy while achieving organizational objectives. The workshop will cover strategies for implementing privacy practices that align with regulatory requirements. Participants will gain valuable insights and practical knowledge to enhance their organization’s privacy management capabilities. The workshop offers 7 Continuing Professional Education (CPE) credits. \nRegistration closes on October 16 @ 5PM. \nRegister Today! \n  \n\n\n\n  \nMore about the NIST Privacy Framework \nThe NIST Privacy Framework (PF) is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. Visit the NIST website for resources and events related to the NIST Privacy Framework \nMore about the Framework \n  \n\n\n\nEvent Details \n\nDate and Time \n\n\nThe workshop will be held on October 18\, 2025 from 9:00 am to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \n\n\nVirtual Event \n\n\nThe workshop will be held using Microsoft Teams. \nPrior to the event\, the instructor will email all participants the Teams link for the course along with course materials \n  \n\n\nPricing \n\n\nThe fee for GWDC Members is $125 for the workshop.\nThe fee for all other registrants is $200 for the workshop. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \n\n\nEvent Policies \n\n\nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n  \n\n\n\n  \nComments from Prior Workshop Attendees \n“It was and is an excellent review of the NIST Privacy Framework 1.0 and how to use it. I also enjoyed listening to the questions of others and the instructor’s answers\, and the overall discussion that ensued. It was an excellent use of my time. Also\, the cost was reasonable\, as a member of the chapter.” – Harvey N \n“I thought this was a great class. I liked that active participation was encouraged and i really appreciated that Jim was willing to share so many materials with the class.” – Jessica C \n“Jim has an interactive presentation style that goes beyond the slides and brings the course material to life.” -Rich R. \n“The presentation slides were very informative and easy to read. Also\, the instructor’s continual active engagement of the attendees.” – Nathan P \n“The instructor was very knowledgeable about the NIST Privacy Framework and offered lots of examples for each module. I feel like I now know and understand the basics and purpose of the NIST Privacy Framework.” – Jacob L. \n  \n  \n\n\n\nCourse Outline \nModule 0: Course Overview and Introduction \n\nIntroduction and Course Overview\nParticipant Introductions\nWhat is the NIST Privacy Framework?\nCourse Schedule\nCourse Format\nLearning Objectives\nExpected Outcomes\nStudent Prerequisites\nCourse Logistics\nRecap\n\nModule 1: Introduction to Privacy and Risk Management \n\nDefining Privacy in the Modern Digital Landscape\nChallenges in Managing Privacy Risks\nEnterprise Risk Management Overview\nThe Role of Privacy in Organizational Goals\nEvolution of Privacy Frameworks\nData Processing Ecosystem Overview\nEthical Decision-Making and Privacy\nKey Stakeholders in Privacy Risk Management\nPrivacy Risk vs. Compliance Risk\nBuilding a Privacy-Driven Culture\nCase Study\nQuiz\n\nModule 2: Core Components of the Privacy Framework \n\nOverview of the Privacy Framework Core\nIdentify-P Function\nGovern-P Function\nControl-P Function\nCommunicate-P Function\nProtect-P Function\nCategories and Subcategories: Structuring Privacy Activities\nLinking Privacy to the Cybersecurity Framework\nGranularity in Privacy Risk Management\nThe Importance of Subcategory Customization\nCase Study\nQuiz\n\nModule 3: Building and Using Profiles \n\nWhat Are Privacy Profiles?\nCurrent vs. Target Profiles\nRole of Profiles in Organizational Privacy\nSteps to Develop a Privacy Profile\nPrioritizing Outcomes and Activities\nUsing Profiles for Self-Assessment\nAligning Profiles with Business Needs\nComparing Multiple Profiles Across Roles\nIntegrating Profiles in Organizational Strategy\nProfiles as a Communication Tool\nCase Study\nQuiz\n\nModule 4: Implementation Tiers and Organizational Maturity \n\nOverview of Implementation Tiers\nPartial Tier: Foundational Privacy Management\nRisk-Informed Tier: Evolving Awareness\nRepeatable Tier: Formalized Practices\nAdaptive Tier: Continuous Improvement\nCriteria for Assessing Maturity Levels\nProgression Through Tiers\nLinking Tiers to Organizational Goals\nCollaboration and Communication for Tiers\nRealizing Privacy Maturity Benefits\nCase Study\nQuiz\n\nModule 5: Privacy Risk Assessment and Mitigation \n\nDefining Privacy Risk Factors\nProblematic Data Actions and Their Impacts\nSteps in Privacy Risk Assessment\nRisk Models for Privacy Management\nLikelihood and Impact Analysis\nResponding to Privacy Risks\nRisk Mitigation Strategies\nUsing Privacy Risk Assessment Methodology (PRAM)\nBalancing Risk Tolerance and Resources\nImplementing Risk Assessment Outcomes\nCase Study\nQuiz\n\nModule 6: Governance and Accountability \n\nImportance of Governance in Privacy\nDeveloping Organizational Privacy Values\nEstablishing Roles and Responsibilities\nPolicies for Privacy Risk Management\nTraining and Awareness Initiatives\nMonitoring and Reviewing Privacy Policies\nStrengthening Cross-Functional Collaboration\nAccountability Across Ecosystem Stakeholders\nEmbedding Privacy in Decision-Making\nReporting on Privacy Metrics and Progress\nCase Study\nQuiz\n\nModule 7: Integrating Privacy into the System Development Lifecycle (SDLC) \n\nAligning Privacy with SDLC Phases\nPlanning for Privacy from the Start\nPrivacy in Design and Build Phases\nDeploying Privacy-Centric Solutions\nOperating with Privacy Safeguards\nDecommissioning with Privacy in Mind\nPrivacy Engineering Objectives Explained\nPredictability\, Manageability\, and Disassociability\nLeveraging SDLC Artifacts for Privacy\nPractical Integration Techniques\nCase Study\nQuiz\n\nModule 8: Engaging in the Data Processing Ecosystem \n\nUnderstanding Ecosystem Roles\nPrivacy in the Data Processing Ecosystem\nIdentifying Stakeholders and Relationships\nPrivacy Requirements Communication\nContracts and Governance in the Ecosystem\nManaging Interdependencies\nUsing Interoperability Frameworks\nAssessing Ecosystem Risk\nAligning Ecosystem Roles with Privacy Goals\nEcosystem-Wide Collaboration and Innovation\nCase Study\nQuiz\n\n  \n\n\n\n  \nShare this Event \nIf you are interested\, planning to attend\, or attending this event\, please share with your colleagues across your social media networks. \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n \n  \n  \n\n\n\nInstructor \n\n \n\n\nJim Wiggins\n AAISM\, AAIA\, AIGP\, CISM\, CISA\, CRISC\, CISSP\, ISSEP\, CGRC (CAP)\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, FITSP-M\, MCITP\, MCSE: Security\, MCSE: Messaging\, MCSA\, MCDST\, Server+\, Network+\, A+\, CDPSE\, PMP\, ICE-CCP\, DACUM Facilitator \nJim Wiggins is a seasoned IT and cybersecurity expert with over 29 years of industry experience\, 24 of which have been dedicated to information security – and\, more recently\, the last 3 years on artificial intelligence. He is the Founder and CEO of Securible\, LLC\, a Washington\, DC-based cybersecurity training and consulting firm specializing in practical\, forward-thinking solutions. Through Securible\, Jim has championed innovative approaches to address emerging threats\, ensure regulatory compliance\, and harness the power of Artificial Intelligence in IT audit\, cybersecurity\, governance and privacy. Throughout his distinguished career\, Jim has trained well over 20\,000 IT and cyber professionals\, underscoring his commitment to education and the advancement of the field. \nIn addition to his leadership at Securible\, Jim also serves as the Founder and CEO of the Federal IT Security Institute (FITSI)\, a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI provides role-based cybersecurity certifications designed to fortify the U.S. federal cybersecurity workforce. \nEnhancing his contributions to the cybersecurity community\, Jim hosts a TV show in the Washington\, DC area called Cybersecurity Today. The program offers expert insights\, in-depth analysis\, and the latest updates on cybersecurity trends and threats\, further establishing his role as a prominent thought leader in the industry. \nRecognized as a Federal 100 award recipient in 2019 and the Federal Information Systems Security Educators’ Association (FISSEA) “Educator of the Year” in 2011\, Jim is widely respected for his commitment to elevating cybersecurity education. \nIn the rapidly evolving arena of Artificial Intelligence (AI)\, Jim has directly trained well over 1\,000 IT and cyber professionals on generative AI fundamentals through intensive sessions with the Department of the Interior’s University\, the Defense Information Systems Agency (DISA)\, the National Risk Management Center (NRMC) within CISA\, and the Greater Washington DC Chapter of ISACA. He leverages AI-driven tools such as ChatGPT\, Gemini\, Dalle\, Midjourney\, and Copilot to translate complex concepts into practical\, governance-focused applications. \nJim holds numerous certifications\, including: \n\nArtificial Intelligence: AAISM\, AAIA\, AIGP\nCybersecurity: CISM\, CISA\, CRISC\, CISSP\, ISSEP\, CGRC (CAP)\, SCNA\, SCNP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and FITSP-M.\nInformation Technology: MCITP\, MCSE: Security\, MCSE: Messaging\, MCSA\, MCDST\, Server+\, Network+\, A+.\nPrivacy: CDPSE\, CIPP/US\nProject Management: PMP (Project Management Professional).\nEducation: ICE-CCP (I.C.E. Certified Credentialing Professional)\, DACUM Facilitator\n\nJim is currently finalizing a master’s degree in education from George Washington University with a concentration in Assessment\, Testing\, and Measurement. \n \n\n  \n\n\n\n  \nQuestions about this Event \n\n\nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n  \n\n\n\nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \n\nPoll Questions \n\n\nParticipants must respond to all the poll questions polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n  \n\n\nCPE Distribution and Evaluation Survey \n\n\nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \n\n\nLearning Objectives \n\n\n\nUnderstand the foundational components and structure of the NIST Privacy Framework.\nGain knowledge of privacy risk management and its importance in protecting individual privacy.\nLearn strategies for aligning privacy practices with organizational objectives and regulatory requirements.\nDevelop skills to implement the framework in real-world scenarios effectively.\nApply the framework through practical exercises to address privacy challenges and enhance management capabilities.\n\n  \n\n\nCPE-Related Details \n\n\n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/nist-privacy-framework-workshop-2025/ LOCATION:Virtual Event CATEGORIES:Workshop ATTACH;FMTTYPE=image/png:https://isaca-gwdc.org/wp-content/uploads/2025/08/nist_privacy_framework_workshop.png ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT END:VCALENDAR